Jimmy Linuxmaterial
Jimmy Linuxmaterial
Jimmy Linuxmaterial
………………………………………………….
Page 1
RED-HAT LINUX 6/7
Page 2
RED-HAT LINUX 6/7
2. What is a user?
In Linux user is one who uses the system.
Type of
Example User ID Group ID Home Directory Default Shell
User
Super User Root 0 0 /root /bin/bash
Normal users
Same as Same as
Sudo User with admin /home/<user name> /bin/bash
normal users normal users
privileges
Page 3
RED-HAT LINUX 6/7
Page 4
RED-HAT LINUX 6/7
.bash_logout, .bash_profile, .bashrc and .bash_history files will not be copied from /etc/skell directory.
So, we have to copied manually from /etc/skell directory.
19. What are the uses of .bash_logout, .bash_profile and .bashrc files?
.bash_logout : is a user's logout ending program file. It will execute first whenever the user is logout.
Page 5
RED-HAT LINUX 6/7
.bash_profile : is user's login startup program file. It will execute first whenever the user is login. It
consists the user's environmental variables.
.bashrc : This file is used to create the user's custom commands and to specify the umask values for
that user's only.
21. What is the command to check the user belongs to how many groups?
# groups <user name>
Page 6
RED-HAT LINUX 6/7
Page 7
RED-HAT LINUX 6/7
# sudo useradd <useradd> (The normal user raju can also add the users to the system)
* We can assign sudo permissions to 'n' no. of users by specifying names separated by
commas ( , ) or line by line.
* Instead of giving all permissions to normal user we can give only some commands.
Example : student ALL=/usr/sbin/useradd, /usr/sbin/usermod
raju ALL=NOPASSWD:/usr/sbin/useradd, /usr/sbin/usermod
* We can also apply to one group or groups as follows.
* First create the users, assign one group to those users and also assign the passwords for that users.
33. How to assign the password to normal user by him whenever first login to the system?
Whenever the user is created and that user is trying to login to the system, it will ask the password. If
the root user is not assign the password to that user, then that normal user can assign the password by his own
using the following commands.
# useradd <user name> (to create the user)
# passwd -S <user name> (to see the status of the password of that user. if root user is not
assigned the password then the password status is locked)
# passwd -d <user name> (then delete the password for that user)
# chage -d 0 <user name> (it will change the password age policy)
# su - <user name> (Try to switch to that user then it will display the following
message)
Newpassword : (type new password for that user)
Retype password : (retype the password again)
The other useful commands :
Page 8
RED-HAT LINUX 6/7
# w (this command gives the login user information like how many users currently login and full
information )
# who (to see users who are currently login and on which terminal they login)
# last (see the list of users who are login and logout since the /var/log/wtmp file was
created)
# lastb (to see the list of the users who tried as bad logins)
# lastreboot (to see all reboots since the log file was created)
# uptime (to see the information from how long the system is running, how many users login
and load average)
* The load average is from 1 sec : 5 secs : 15 secs
# df (to see the mounted partitions, their mount points and amount of disk space)
# du (to see the disk usage of the each file in bytes)
# uname -r (gives the current kernel version)
# last -x (It shows last shutdown date and time)
# last -x grep shutdown (only shutdown time shows ie., grep will filter the 'last -x' command)
* grep: It is used to search a word or sentence in file (ie., inside the file)
* find : It is used to search a command or file inside the system)
# cat /etc/shells or # chsh -l (to see how many shells that are supported by Linux)
/bin/sh -----> default shell for Unix
/bin/bash -----> default shell for Linux
/sbin/nologin -----> users cannot login shell
/bin/tcsh -----> c shell to write 'C++' language programs
/bin/csh -----> c shell to write 'C' language programs
# echo $SHELL (to see the current shell)
# chsh <user name> (to change the user's shell)
Changing shell for <user name> :
New shell : <type new shell for example /bin/sh to change the current shell>
New shell changed (But it will effect by restarting the server)
# date + %R (to display the time only)
# date + %x (to display the date only)
# history (to see the history of the commands)
#history -c (to clear the history)
# history -r (to recover the history)
* .bash_history is the hidden file to store the history of the user commands. By default history size is
1000.
# echo $HISTSIZE (to check the current history size)
# export HISTSIZE=500 (to change the current history size to 500 temporarily)
#export HISTTIMEFORMAT=" "%D" "%T" " (to display the date and time of each command
temporarily)
# vim /etc/bashrc (open this file go to last line and type as follows to make history i
size date & time formats permanently)
HISTSIZE=1000
HISTTIMEFORMAT=' %D %T '
(save and exit the file and to update the effects by #source /etc/bashrc command)
# ~<user name> (to go to users home directory)
# whatis <command> (to see the short description of that command)
# whereis <command> (to see the location of that command and location of the
I document of that command)
# reset (to refresh the terminal)
# whoami (to see the current user name)
# who am i (to see the current user with full details like login time and others)
# passwd <user name> (to change the password of the user)
Page 9
RED-HAT LINUX 6/7
# id (to see the current user name, user id, group name and group id, .... etc.,)
# id <user name> (to see the specified user name, user id, group name and group id)
# su (to switch to root user without root user home directory)
# su - (to switch to root user with root user home directory)
# su <user name) (to switch to the specified user without his home directory)
# su - <user name> (to switch to the specified user with his home directory)
# lspci (to list all the PCI slots present in the system)
# du -sh /etc/ (to see the size of the /etc on the disk in KBs or MBs)
# ls -l (to see the long listing of the files and directories)
d rwx rwx rwx . 2 root root 6 Dec 17 18:00 File name
d -----> type of file
rwx -----> owner permissions
rwx -----> group permissions
rwx -----> others permissions
. -----> No ACL permissions applied
root ----> owner of the file
root ----> group ownership
6 -----> size of the file
Dec 7 18:00 -----> Date and Time of the created or modified
File name -----> File name of that file
# ls -ld <directory name> (to see the long listing of the directories)
# stat <file name/directory name> (to see the statistics of the file or directory)
35. What are permission types available in Linux and their numeric representations?
There are mainly three types of permissions available in Linux and those are,
read ----- r ----- 4 null permission ------ 0
write ----- w ----- 2
execute ----- rx ----- 1
Permissions File Directory
r Read a file Ex. # cat <file name> Read a directory contents Ex. ls /dir
w Create, delete or modify the file contents Create, delete or modify the files in a directory
Not required for file. It is required only for
x Go to inside the directory Ex. # cd /dir
scripting files
Page 10
RED-HAT LINUX 6/7
Page 11
RED-HAT LINUX 6/7
Page 12
RED-HAT LINUX 6/7
(i) In an organization the whole work is divided into departments for easy maintenance and easy
administration.
(ii) For each department is also represented as group and that group having so many users to do
different works.
(iii) So, if we create one group and assign that group to all the users in that department, then we can
easily identify which user belongs to which group.
(iv) We can share files, directories and execute some programs to that group and also give permissions
to that group. So, each user of that group can easily share those directories and also can easily
access, execute or even write in those shared files and directories.
RHEL - 7 :
(i) Restart the system.
(ii) Using arrow keys select 1st line and press 'e' to edit.
(iii) Go to Linux 16 line press End key or Ctrl + e to go to the end of the line and give one space.
(iv) Then type as rd.break console=tty1 selinux=0
(v) Then press Ctrl + x to start the computer in single user mode.
(vi) After starting we get swith_root :/# prompt appears and then type as follows.
(vii) # mount -o remount, rw /sysroot and press Enter and then type as follows.
(viii) # chroot /sysroot press Enter.
(ix) Then sh - 4.2 # prompt appears and type as
(x) sh - 4.2 #passwd root
New password : XXXXXX
Retype password : XXXXXX
(xi) sh - 4.2 # exit
(xii) switch-root :/# exit
(xiii) Then the system starts and the desktop appears.
Page 13
RED-HAT LINUX 6/7
54. How to find the users who are login and how to kill them?
# fuser -cu (to see who are login)
#fuser -ck <user login name> (to kill the specified user)
Page 14
RED-HAT LINUX 6/7
59. What is the syntax to assign read and write permissions to particular user, group and other?
# setfacl -m u : <user name> : <permissions><file or directory>
# setfacl -m g : <user name> : <permissions><file or directory>
# setfacl -m o : <user name> : <permissions><file or directory>
60. What is the syntax to assign read and write permissions to particular user, group and other at a
time?
# setfacl -m u : <user name> : <permissions>, g : <user name> : <permissions>, o : <user name> :
<permissions><file or directory>
Useful commands :
# setfacl -x u : <user name><file or directory name> (to remove the ACL permissions from the user)
# setfacl -x g : <user name><file or directory name>(to remove the ACL permissions from group)
# setfacl -x o : <user name><file or directory name> (to remove the ACL permissions from other)
# setfacl -b <file or directory> (to remove all the ACL permissions on that file directory)
61. How will you lock a user, if he enters wrong password 3 times?
pam_tally.so module maintains a count of attempted accesses, can reset count on success, can deny
access if too many attempts fail. Edit /etc/pam.d/system-auth file, enter:
(i) # vi /etc/pam.d/system-auth
Modify as follows:
auth required pam_tally.so no_magic_root
account required pam_tally.so deny=3 no_magic_root lock_time=180
Where,
deny=3 : Deny access if tally for this user exceeds 3 times.
lock_time=180 : Always deny for 180 seconds after failed attempt. There is alsounlock_time=n option. It allow
access after n seconds after failed attempt. If this option is used the user will be locked out for the specified
amount of time after he exceeded his maximum allowed attempts. Otherwise the account is locked until the
lock is removed by a manual intervention of the system administrator.
magic_root : If the module is invoked by a user with uid=0 the counter is not incremented. The sys-admin
should use this for user launched services, like su, otherwise this argument should be omitted.
no_magic_root : Avoid root account locking, if the module is invoked by a user with uid=0
Save and close the file.
Page 15
RED-HAT LINUX 6/7
also to restrict the unlimited files in the file system. We can configure the disk quotas in ways. They
are,
(i) user quotas
(ii) group quotas
Steps to enable :
First check whether the quota package is installed or not by # rpm -qa |grep quota command.
If quota package is not Installed then install the quota package by # yum install quota* -y command.
# quotaon (to enable the quota)
# quotaoff (to disable the quota)
# edquota (to edit or modify the quota)
# repquota (to display or report the present quota)
# quotacheck (to create a quota database)
* quotas cab be applied on file systems only.
Page 16
RED-HAT LINUX 6/7
# edquota -p <user name 1><user name 2> (to apply user name 1 quotas to user name 2, ie., no
need to edit the quota editor for user name 2)
(ii) Update the quota on mount point by # mount -o remount, usrquota, grpquota <mount point>command.
(iii) Create the user quota database by # quotacheck -cug <mount point> command (where -c means
created the quota database
, -u means user quota and -g means group quota ).
(iv) Check whether the quota is applied or not by # mount command.
(v) Enable the quota by # quotaon <mount point> command.
(vi) Apply the user quota for a user by # edquota -g <group name><mount point> command.
File system blocks soft hard inodes soft
hard
/dev/sdb1 0 0 0 0 0
0
blocks -----> No. of blocks used (already)
soft -----> Warning limit
hard -----> Maximum limit
0 -----> Unlimited usage
inodes -----> No. of files created (already)
* Here we can specify the block level quota or file level quotas.
* group quota can be applicable to all the users of that specified group.
(save and exit the above quota editor)
Page 17
RED-HAT LINUX 6/7
1. What is partition?
A partition is a contiguous set of blocks on a drive that are treated as independent disk.
2. What is partitioning?
Partitioning means to divide a single hard drive into many logical drives.
Page 18
RED-HAT LINUX 6/7
Page 19
RED-HAT LINUX 6/7
# fdisk /dev/sdc
Command (m for help) :d (type d for delete the partition)
Partition number : (specify the partition number)
Command (m for help) : w (type w to write the changes into disk)
# partprobe/partx -a/kpartx /dev/sdc1(to update the partition table without restarting the system)
13. What is mounting and in how many types can we mount the partitions?
Attaching a parititon to a directory under root is known as mounting.
There two types of mountings in Linux/Unix.
❖ Temporary Mounting :
In a temporary mounting first we create a directory and mount the partition on that directory. But this type
mounting will last only till the system is up and once it is rebooted the mounting will be lost.
Example:# mount <options><device name><directory name (mount point)>
❖ Permanent Mounting :
In this also first we create the directory and open the /etc/fstab file and make an entry as below,
<device name><mount point><file system type><mount options><take a backup or not><fsck value>
Whenever the system reboots mount the partitions according to entries in /etc/fstab file. So, these type of
mountings are permanently even after the system is rebooted.
# mount -a to mount the partitions without reboot)
14. What are differences between the ext2, ext3, ext4 and xfs file systems?
S.No. Ext2 Ext3 Ext4
1. Stands for Second Stands for Third Extended Stands for Fourth
Extended file system. file system. Extended file system.
2. Does not having Supports Journaling Supports Journaling
Journaling feature. feature. feature.
3. Max. file size can be from Max. file size can be from Max. file size can be from
16 GB to 2 TB. 16 GB to 2 TB. 16 GB to 16 TB.
4. Max. file system size can Max. file system size can Max. file system size can
be from 2 TB to 32 TB be from 2 TB to 32 TB be from 2 TB to 1 EB
*1EB = 1024 Peta bytes.
16. The partitions are not mounting even though there are entries in /etc/fstab. How to solve this
problem?
First check any wrong entries are there in /etc/fstab file. If all are ok then unmount all the partitions by
executing the below command,
✓ # umount -a
Then mount again mount all the partitions by executing the below command,
✓ # mount -a
17. When trying to unmounting it is not unmounting, how to troubleshoot this one?
Some times directory reflects error while unmounting because,
(i) you are in the same directory and trying to unmount it, check with # pwdcommand.
Page 20
RED-HAT LINUX 6/7
(ii) some users are present or accessing the same directory and using the contents in it, check this with
✓ # fuser -cu <device name> (to check the users who are accessing that partition)
✓ # lsof <device name> (to check the files which are open in that mount point)
✓ # fuser -ck <opened file name with path> (to kill that opened files)
Now we can unmount that partition using # umount <mount point>
Page 21
RED-HAT LINUX 6/7
27. How to check the integrity of a file system or consistency of the file system?
# fsck <device or partition name>command we can check the integrity of the file system.
But before running the fsck command first unmount that partition and then run fsck command.
28. What is fsck check or what are the phases of the fsck?
(a) First it checks blocks and sizes of the file system
(b) Second it checks file system path names
(c) Third it checks file system connectivity
(d) Fourth it checks file system reference counts (nothing but inode numbers)
(e) Finally it checks file system occupied cylindrical groups
29. Why the file system should be unmount before running the fsck command?
If we run fsck on mounted file systems, it leaves the file systems in unusable state and also deletes the
data. So, before running the fsck command the file system should be unmounted.
31. How to extend the root file system which is not on LVM?
By using # gparted command we can extend the root partition, otherwise we cannot extend
the file systems which is not on LVM.
Page 22
RED-HAT LINUX 6/7
34. How to know which file system occupy more space and top 10 file systems?
# df -h <device or partition name> | sort -r | head -10
39. How to find how many disk are attached to the system?
# fdisk -l (to see how many disk are attached to the system)
42. How to create the file systems with the user specified superblock reserve space?
# mkfs.ext4 -m <no.><partition name> (to format the partition with <no.>% of reserve space to
superblock)
Whenever we format the file system, by default it reserve the 5% partition space for Superblock.
Important Commands :
Page 23
RED-HAT LINUX 6/7
✓ # fsck <partition name> (to check the consistency of the file system)
✓ # e2fsck <partition name> (to check the consistency of the file system in interactive mode)
✓ # e2fsck -p <partition name> (to check the consistency of the file system without interact mode)
✓ # mke2fs -n <partition name> (to see the superblock information)
✓ # mke2fs -t <file system type><partition name> (to format the partition in the specified filesys type)
✓ # mke2fs <partition name> (to format the partition in default ext2 file system type)
✓ # blockdev --getbs /dev/sdb1 (to check the block size of the /dev/sdb1 file system)
✓ # fsck <device or partition name> (to check and repair the file system)
Note: Before running this command first unmount that partition then run fsck command.
# umount -a (to unmount all the file systems except ( / ) root file system)
# mount -a (to mount all the file systems which are having entries in /etc/fstab file)
# fsck -A (to run fsck on all file systems)
# fsck -AR -y (to run fsck without asking any questions)
# fsck -AR -t ext3 -y (to run fsck on all ext3 file systems)
# fsck -AR -t no ext3 -y (to run fsck on all file systems except ext3 file systems)
# fsck -n /dev/sdb1 (to see the /dev/sdb1 file system report without running fsck)
# tune2fs -l /dev/sdb1 (to check whether the journaling is there or not)
# tune2fs -j /dev/sdb1 (to convert ext2 file system to ext3 file system)
# tune2fs -l /dev/sdb1 (to check whether the journaling is added or not)
# tune2fs -O ^has_journal /dev/sdb1 (to convert ext3 file system to ext2 file system)
# tune2fs -O dir_index, has_journal, unit_bg /dev/sdb1 (to convert ext2 file system to ext4 file system)
# tune2fs -O extents, dir_index, unit_bg /dev/sdb1 (to convert ext3 file system to ext4 file system)
# mount -o remount, rw /dev/sdb1 (to mount the partition with read and write permissions)
# mount -o remount, ro /dev/sdb1 (to mount the partition with read only permissions)
# mount < directory name> (to check whether this directory is mount/ normal directory)
# dump2fs <device or partition name> (to check the metadata of the partition and repair the metadata)
# fdisk -l (to list total hard disks attached to system and their partitions)
# fuser -cu <device or partition name> (to see the users who are accessing that file system)
# fuser -cK <device or partition name> (to kill the users processes who accessing the file systems)
Note: Even though we kill those users processes sometimes we cannot unmount those partitions, so if this
situation arises then first see the process id's of the user opened files by
# lsof <mount point>
# kill -9 <process id> killthose processesforcefully
# journalctl (It tracks all the log files between two different timings and by default saved in /run/log )
* /run/log is mounted on tmpfs file system. ie., if system is rebooted, the whole information in that location
will be deleted or erased.
* We can change the location of the /run/log to another like /var/log/journal by
# mkdir -p /var/log/journal (to make a directory in /var/log location)
# chown root : systemd-journal /var/log/journal (to change the group ownership of /var/log/journal)
# chmod g+s /var/log/journal (to set the sgid on /var/log/journal)
# killall -URS1 systemd-journald (It is necessary to kill old /run/log process and the location of journal
messages is changed to /var/log/journal)
# journalctl -n 5 (to display last five lines of all the log files)
# journalctl -p err (to display all the error messages)
# journalctl -f (to watch journalctl messages continuously)
# journalctl --since<today> or <yesterday> (to see all the journalctl messages since today or yesterday)
# journalctl --since "date" --until "date" (to see the journal messages between the specified two dates)
# journalctl -pid=1 (to see the pid=1 process name)
# auditctl (to see the audit report).
Page 24
RED-HAT LINUX 6/7
(vi) Create a mount point to mount the above created LVM file system by,
# mkdir /mnt/<directory name>
(vii) Mount the LVM on the above created mount point temporarily by,
# mount /dev/<volume group name>/<logical volume name><mount point>or
Mount the LVM on mount point permanently by,
# vim /etc/fstab
/dev/<VG name>/<LV name> /mnt/<directory> <file system type> defaults 0
0
Page 25
RED-HAT LINUX 6/7
Esc+:+wq!
# mount -a
# df -hT (to see the mounted partitions with file system types)
4. How to see the details of the Physical Volumes?
# pvs (displays all physical volumes with less details)
# pvdisplay (displays all physical volumes with more details)
# pvdisplay <physical volume name> (displays the details of the specified physical volume)
# pvscan (to scan all the physical volumes)
#pvscan <PV name> (to scan the specified physical volume)
5. How to see the details of the Volume Groups?
# vgs (displays all volume groups with less details)
# vgdisplay (displays all volume groups with more details)
# vgdisplay <VG name> (displays the specified volume group with more details)
# vgscan (to scan all the volume groups)
# vgscan <VG name> (to scan the specified volume group)
6. How to see the details of the Logical Volumes?
# lvs (displays all logical volumes with less details)
# lvdisplay (displays all logical volumes with more details)
# lvdisplay <LV name> (displays the specified logical volume details)
# lvscan (to scan all the logical volumes)
# lvscan <LV name> (to scan the specified logical volume)
7. How to extend the Volume Group?
Extending the volume group is actually adding a new physical volume to the volume group.
To extend the volume group we need to create a new partition using # fdisk command and make sure that it's
partition id should be 8e, save the changes and update the partition table by # partprobe
Create a physical volume on the newly created partition using # pvcreate command.
Add the partition to the volume group using # vgextend command
Example : # fdisk /dev/sdb
Command (m for help) : n
First cylinder : press Enter for default one
Last cylinder : +500M (create 500MB partition)
Command (m for help) : t (to change the partition id)
Select the partition : type the partition number
Specify the Hexa code : 8e
Command (m for help) : w (to save the changes)
# partprobe /dev/sdb1
# pvcreate /dev/sdb1
# vgextend <VG name> /dev/sdb1
# vgdisplay <VG name> (to check the size of the volume group)
8. How to extend the logical volume and update it's file system?
Sometimes the file system size may be full, so we need to increase the size of the logical volume to continue
adding the data in it.
The size of the logical volume can be increased online, no downtime required.
Check current size of the logical volume by # lvdisplay <LV name>and the size of the file system by # df -hT
command.
Increase the size of the logical volume by # lvextend or # lvresize commands.
Then finally update the file system by # resize2fs or # xfs_growfs commands.
Example : # df -hT
# lvextend -L +<size in MB></dev/vgname/lvname> or
# lvresize -L +<size in MB></dev/vgname/lvname>
# resize2fs </dev/vgname/lvname>
# lvdisplay </dev/vgname/lvname> (to check the size of the logical volume)
Page 26
RED-HAT LINUX 6/7
Page 27
RED-HAT LINUX 6/7
# mount -a
15. How to change the volume group name and other parameters?
# vgrename <existing volume group name><new volume group name> (to rename the volume
group)
Page 28
RED-HAT LINUX 6/7
By default, unlimited logical volumes can be created per volume group. But we can control this limit by
# vgchange -l <no.><volume group> (to limit max. no. of logical volumes to the specified
number)
Example : # vgchange -l 2 <vgname> (to limit max. 2 logical volumes cab be created in this
volume group)
# vgchange -p <no.><volume group> (to limit max. no. of physical volumes to the specified
number)
Example : # vgchange -p 2 <vgname> (to limit max. 2 physical volumes can be added to this
volume group)
# vgchange -s <block size in no.><volume group> (to change the block size of the volume
group)
Example : # vgchange -s 4 <vgname> (to change the volume group block size to 4MB)
16. How to change the logical volume name and other parameters?
# lvrename <existing lvname><new lvname> (to rename the logical volume)
# lvchange -pr <logical volume> (to put the logical volume into read only mode)
# lvs (to see the logical volume permissions)
# lvchange -prw <logical volume> (to put the logical volume into read and write mode)
20. What are the locations of the logical volume and volume groups?
# cd /etc/lvm/backup (the logical volumes backup location)
# cd /etc/lvm/archive (the volume groups backup location)
23. How to extend the logical volume to max. disk space and half of the disk space?
# lvextend -l +100% FREE <logical volume> (to extend the logical volume by adding the
volume group's total available space)
# lvextend -l 50% <vgname><lvname> (to extend the logical volume by adding the 50%
free space of the volume group)
24. How to check on which physical volume the data is writing in the logical volume?
# lvdisplay -m ( to check on which physical volume the data is currently writing from all
logical volumes)
# lvdisplay -m <lvname> (to check on which physical volume the data is writing from the
Page 29
RED-HAT LINUX 6/7
26. How to scan and detect the luns over the network?
# ls /sys/class/fc_host (to check the available fibre channels)
# echo "---" > /sys/class/scsi_host/<lun no.>/scan (to scan and detect the luns over the network)
29. How to mount the " .iso " image files in Linux?
# mount -t iso9660 /root/rhel6.iso /iso -o ro, loop (to mount the .iso image files)
# cdrecord /root/Desktop/rhel6.iso (to write the CD/DVD ROM. Before executing this
command put the empty CD/DVD into CD/DVD drive)
# eject (to eject the CD/DVD drive tray)
# eject -t (to insert and close the CD/DVD drive tray)
30. What is RAID? What is the use of the RAID and how many types of RAIDs available?
RAID stands for Redundant Array of Independent Disks.
It provides fault tolerance, load balancing using stripping, mirroring and parity concepts.
There are mainly two types of RAIDs available.
(i) Hardware RAID (Depends on vendors and also more expensive)
(ii) Software RAID (Does not depends on vendors and less expensive when compared to Hardware
RAID and also it is maintained by system administrator only.
31. How many types of software RAIDs available and their requirements?
(i) RAID - 0 ---- Stripping ---- Minimum 2 disks required
Page 30
RED-HAT LINUX 6/7
1
3
5
2
4
6
Disk - 1 Disk - 2
If the Disk - 1 is /dev/sdb and the Disk - 2 is /dev/sdc then,
# mdadm -Cv /dev/md0 -n 2 /dev/sdb /dev/sdc -l 0 (to create the RAID - 0 using disk - 1 and
disk - 2)
# cat /proc/mdstat (to check the RAID - 0 is created or not)
# mkfs.ext4 /dev/md0 (to create the ext4 file system on the RAID - 0)
# mkdir /mnt/raid0 (to create the RAID - 0 mount point)
# mount /dev/md0 /mnt/raid0 (to mount RAID - 0 on the mount point)
# mdadm -D /dev/md0 (to see the details of the RAID - 0 partition)
# mdadm /dev/md0 -f /dev/sdb (to failed the disk manually)
# mdadm /dev/md0 -r /dev/sdb (to remove the above failed disk)
# mdadm /dev/md0 -a /dev/sdd (to add the new disk in place of failed disk)
# umount /mnt/raid0 (to unmount the raid file system)
# mdadm --stop /dev/md0 (to stop the RAID - 0 volume)
# mdadm /dev/md0 --add /dev/sde (to add third disk to the RAID - 0 volume)
# mdadm --grow /dev/md0 --raid_device=3 (to grow the RAID - 0 file system)
Page 31
RED-HAT LINUX 6/7
1
2
3
4
5
6
1
2
3
4
5
6
Disk - 1 Disk - 2
If the Disk - 1 is /dev/sdb and the Disk - 2 is /dev/sdc then,
# mdadm -Cv /dev/md0 -n 2 /dev/sdb /dev/sdc -l 1 (to create the RAID - 1 using disk - 1 and
disk - 2)
# cat /proc/mdstat (to check the RAID - 1 is created or not)
# mkfs.ext4 /dev/md0 (to create the ext4 file system on the RAID - 1)
# mkdir /mnt/raid1 (to create the RAID - 1 mount point)
# mount /dev/md0 /mnt/raid1 (to mount RAID - 1 on the mount point)
# mdadm -D /dev/md0 (to see the details of the RAID - 1 partition)
# mdadm /dev/md0 -f /dev/sdb (to failed the disk manually)
# mdadm /dev/md0 -r /dev/sdb (to remove the above failed disk)
# mdadm /dev/md0 -a /dev/sdd (to add the new disk in place of failed disk)
# umount /mnt/raid1 (to unmount the raid file system)
# mdadm --stop /dev/md0 (to stop the RAID - 1 volume)
# mdadm /dev/md0 --add /dev/sde (to add third disk to the RAID - 1 volume)
# mdadm --grow /dev/md0 --raid_device=3 (to grow the RAID - 1 file system)
1
3+4
6
Page 32
RED-HAT LINUX 6/7
2
3
5+6
1+2
4
5
36. How will you troubleshoot if one of the eight disks failed in LVM?
First umount the file system and add the new disk with same size of the failed disk to the volume
group. Then move the data from failed physical volume to newly added physical volume and then
remove the failed physical volume from the volume group. And finally mount the file system.
38. How to inform the client and then troubleshoot if the disk is full?
First check which files are accessing more disk space by #du -h |sort - r command. if any temporary
and junk files are present remove them from the disk to make a room for new or updated data. Then
Page 33
RED-HAT LINUX 6/7
inform the actual situation to the client, take the permission from the client to get the lun
from storage and extend the file system by adding that lun to the LVM.
40. I have four disks each 1TB in RAID - (1+0). So, total how much disk space can I utilize in that RAID –
(1+0)? RAID - (1+0) means Mirroring + Stripping. It requires 4 disks, ie., 2 disks for mirroring and
remaining 2 disks for stripping. And 5 - 10% disk space is used for superblock information. So,
finally we can utilize 2TB - 2TB X 10% disk space in that RAID - (1+0).
41. If two disks failed in RAID - (1+0), can we recover the data?
The RAID - (1+0) requires minimum 4 disks and it uses Mirroring + Stripping. If one disk is failed we can
recover the data, but if two disks are failed we cannot recover the data.
42. How many types of disk space issues can we normally get?
(i) Disk is full.
(ii) Disk is failing or failed.
(iii) File system corrupted or crashed.
(iv) O/S is not recognizing the remote luns when scanning, ...etc.,
Page 34
RED-HAT LINUX 6/7
(i) # locate
(ii) # find
Examples :
# find / -name <file name> (to search for file names in / directory)
# find / -name <file name> -type f (to find file names only)
# find / -name <directory name> -type d (to find directories with small letters only)
# find / -iname <file/directory name> -t d (to search for small or capital letter
files/directories)
#find / -empty (to search empty files or directories)
# find / -empty -type f (to search for empty files only)
# find / -empty -type d (to search for empty directories only)
# find / -name " *.mp3" (to search for .mp3 files only)
# find / -size 10M (to search for exact 10M size file/directories)
# find / -size -10M (to search for less than 10M size files/directories)
# find / -size +10M (to search for greater than 10M size files/directories)
# find / -user student (to search for student user files/directories)
# find / -group student (to search for student group files/directories)
# find / -user student -not -group student (to search for student user files and not student
group files)
# find / -user student -o -group student (to search for student user and student group
Page 35
RED-HAT LINUX 6/7
files/directories)
# find / -uid <uid no.> (to search for files/directories which belongs to the user
having the specified user id)
# find / -gid <gid no.> (to search for files/directories which belongs to the group
having the specified group id)
# find / -prem 755 (to search file/directories which are having the
permissions 755)
# find / -prem -755 (to search file/directories which are having the
permissions below 755 and also at least one match also)
# find / -mmin 20 (to search for files/directories which are modified within 20 minutes,
+20 ----> above 20 minutes and -20 -----> below 20 minutes)
# find / -mtime 2 (to search files/directories which are modified within 2 days)
# find / -name "*.mp3" -exec rm -rf { } \; (to search all .mp3 files and delete them)
# find / -name "*.mp3" -exec cp -a { } /ram \ ;(to search all mp3 files and copy them into /ram
directory)
# find / -user student -exec cp -a { } /ram \; (to search student user's files and directories and
copy them into /ram directory)
# find / -nouser -exec mv -a { } /home/ram \; (to search files/directories which are not
belongs to any user and move them into /home/ram directory)
# du -h / |sort -r |head -n 10 (to search 10 big size files in reverse order)
Page 36
RED-HAT LINUX 6/7
9. What is an IP address?
Every Computer will be assigned an IP address to identify each one to communicate in the network.
The IP address sub components are Classes of an IP address, Subnet masks and Gateway.
Classes of IP address :
The IP addresses are further divided into classes. The classes are A, B, C, D, E and the ranges are given
below.
Class Start End Default Subnet mask Classless Inter Domain Routing
Class A 0.0.0.0 127.255.255.255 255.0.0.0 /8
Class B 128.0.0.0 191.255.255.255 255.255.0.0 /16
Class C 192.0.0.0 223.255.255.255 255.255.255.0 /24
Class D 224.0.0.0 239.255.255.255
Class E 240.0.0.0 255.255.255.255
Page 37
RED-HAT LINUX 6/7
A Gateway is the network point that provides entrance into another network. On the internet a node
or stopping point can be either gateway node or a host (end point) node. Both the computers of internet
users and the computer that serve the pages to users are host nodes. The computer that control traffic
within your company's network or at our local internet service provider (ISP) are the gateway nodes.
14. What are important configuration files in network configuration?
# cat /etc/sysconfig/network (This file keeps the information about the hostname assigned to
the system and if we want to change the hostname permanently, we need to change
the hostname in this file)
# cat /etc/sysconfig/network-scripts/ (This directory keeps the configuration of network devices
connected to the system. Examples are ifcfg-eht0,
ifcfg-eth1, ifcfg-eth2, .....etc.,)
# cat /etc/hosts (This file is responsible for resolving hostname into IP address locally. ie., local DNS if
DNS
server is not available)
# cat /etc/resolve.conf (This file keeps the address of the DNS server to which the clients will be
accessing to resolve IP address to hostname
and hostname to IP address)
15. What are the differences between MAC and IP addresses?
MAC Address IP Address
It is a permanent address. So we cannot change this It is a temporary address. So, we can change this
address. address any no. of times.
It stands for Media Access Control Address. Internet Protocol address.
It is a physical address. It is a logical address.
It is two types.
IPV4 :(It is divided into 4 parts )
It is divided into 6 parts. --- . --- . --- . --- (each 8 bits. So, 8 X 4 = 32 bits
--- : --- : --- : --- : --- : --- (each 8 bits. So, 8 X 6 = 48 bits IPV6 : ( It is divided into 16 parts )
--- . --- . --- . --- . --- . --- . --- . --- . --- . --- . --- . --- . --- . --- .
--- . --- (each 8 bits. So, 8 X 16 = 128 bits.
ifconfig (to see the MAC address) # ifconfig (to see the IP address)
16. How many types of NIC cards available?
(a) eth0 (1st NIC card)
(b) eth1 (2nd NIC card)
(c) br0 (Bridge -----> used for communication from physical to virtual)
(d) lo (loopback device name and IP address is 127.0.0.1)
# ifconfig (to see all the NIC devices connected to the system)
17. How many types of cable connections available?
(i) Cross cable (to connect two systems directly)
(ii) Straight cable (to connect more systems with the help of switch)
# ethtool <device name> (to check the network cable is connected or not)
# miitool <device name> (It is also used to check the network cable but it will not supports
RHEL - 7 and only supports RHEL - 6 and it also works on physical system only not on
virtual system)
18. In how many ways we can configure the network?
There are two ways to configure the network.
(a) Static Network.
(b) Dynamic Network.
Static Network :
Page 38
RED-HAT LINUX 6/7
In this way we assign the IP address and hostname manually. Once we configure the IP address, it will
not change.
Dynamic Network :
In this way we assign the IP address and hostname dynamically. This means the IP address will change
at every boot.
19. How to assign the static IP address to the NIC card?
In RHEL - 6 :
# setup
(Move the cursor to Network configuration and press Enter key)
(Move the cursor to Device configuration and press Enter key)
(Select the NIC adapter ie., eth0 and press Enter key)
(Assign the above IP address and other details as per our requirements and move the cursor to "OK"
and press
Enter key)
(Move the cursor to "Save" to save the changes in device configuration and press Enter key)
(Once again move the cursor to "Save & Quit" button and press Enter key)
(Finally move the cursor to "Quit" button and press Enter key to quit the utility)
(Then restart the network service and check for the IP address by # service network restart
command)
(If the change is not reflected with the above service, then restart the network manager by
# service NetworkManager
restart command)
# ifconfig (to see the IP address of the NIC card)
# ping < IP address > (to check whether the IP is pinging or not)
In RHEL - 7 :
# nmcli connection show (to see all the network connections)
# nmcli device show (to see the network details if already configured manually or
dynamically)
# nmcli connection add con-name "System eth0" ifname eth0 type ethernet (to add the network
connection)
# nmcli connection modify "System eth0" ipv4.addresses ' < IP address >/< netmask >< gateway > '
ipv4.dns < dns server IP address > ipv4.dns-search < domain name> ipv4.method <static
or manually> (to assign IP address, gateway, dns, domain name and configure the network as
static or manually)
# nmcli connection up "System eth0" (to up the connection)
# systemctl restart network (to restart the network service)
# systemctl enable network (to enable the network service)
# ifconfig (to see the IP address of the NIC card)
# ping < IP address > (to check whether the IP is pinging or not)
20. What are the differences between RHEL - 6 and RHEL - 7 network configuration files?
RHEL - 6 RHEL - 7
/etc/sysconfig/network-scripts is the directory which /etc/sysconfig/network-scripts is the directory which
contains the NIC configuration information. contains the NIC configuration information.
/etc/sysconfig/network-scripts/ifcfg-<device name> is /etc/sysconfig/network-scripts/ifcfg-<device name> is
the file which contains the NIC configuration details. the file which contains the NIC configuration details.
/etc/resolve.conf is the file which contains DNS server IP /etc/resolve.conf is the file which contains DNS server IP
and domain name location. and domain name location.
/etc/sysconfig/network is the hostname configuration
/etc/hostname is the hostname configuration file.
file.
/etc/hosts is the file which contains the local DNS server /etc/hosts is the file which contains the local DNS server
IP address. IP address.
Page 39
RED-HAT LINUX 6/7
21. What are the differences between Dynamic and Static configuration information?
Dynamic configuration information Static configuration information
Device =<NIC device name> Device =<NIC device name>
HWADDR=02:8a:a6:30:45 HWADDR=02:8a:a6:30:45
Bootproto=DHCP Bootproto=none (means static network)
Onboot=yes (yes means whenever we restart the system
this connection will be activated and no means whenever Onboot=yes
we restart the system the connection will be deactivated)
Type=Ethernet Type=Ethernet
Userctl=yes/no ----> If it is yes all normal users can disable Userctl=yes/no ----> If it is yes all normal users can disable
the NIC card and If it is no except root user nobody can the NIC card and If it is no except root user nobody can
disable the NIC card. disable the NIC card.
RHEL - 7 :
# hostname <fully qualified domain name> (to set the hostname temporarily)
# hostnamectl set-hostname <fully qualified domain name> (to set the hostname permanently)
# systemctl restart network (to update the hostname in the
network)
# systemctl enable network (to enable the connection at
next reboot)
23. How to troubleshoot if the NIC is notworking?
(a) First check the NIC card is present or not by # ifconfig command.
(b) If present thencheck the status of the NIC card is enabled or disabledby click on System menu
on the status bar, then select Network Connections menu.
(c) Click on IPV4 settings tab, select the device eth0 or any other and select Enable button, then
Apply and OK.
(d)Open /etc/sysconfig/network-scripts/ifcfg-eth0 file check Userctl=yes or no. If it is yes make it as
no, then check Onboot= yes or no. If it is no make it as yes and save that file.
(e) If not present thencheck the status of the NIC card is enabled or disabled by click on System menu
on the status bar, then select Network Connections menu.
(f) Click on IPV4 settings tab, select the device eth0 or any other and select Enable button, then Apply
and OK.
(g) Using # setup (in RHEL - 6) or # nmcli (in RHEL - 7) commands assign the IP address to the
system and restart the network service by # service network restart (in RHEL - 6) or #
systemctl restart network (in RHEL - 7) commands and enable the service at next reboot by #
chkconfig network on (in RHEL - 6) or # systemctl enable network (in RHEL - 7) commands.
(h) Then up the connection by # ifconfig eth0 up (in RHEL - 6) or # nmcli connection up
<connection name> commands.
(i) Even though it is not working may be the fault in NIC card. If so, contact the hardware vendor by
taking the permissions from higher authorities.
24. What is bonding and how to configure bonding? (from RHEL - 6)
What is link aggregation or bridging or teaming and how to configure teaming? (from RHEL - 7)
Bonding or Teaming or Bridging:
Page 40
RED-HAT LINUX 6/7
Collection of multiple NIC cards and make them as single connection (virtual) NIC card is called
bonding.
It is nothing but backup of NIC cards.
In RHEL - 6 it is called as Bonding or Bridging.
In RHEL - 7 it is called as Teaming or Link aggregation.
There are 3 types of backup in Bonding or Teaming.
(a) Mode 0 -----> Round Robbin
(b) Mode 1 -----> Activebackup
(c) Mode 3 -----> Broadcasting
Mode 0 :
It provides load balancing and fault tolerance.
Data will be shared by both NIC cards in round robbin.
If one NIC card failed then another NIC card will be activated to communicate with the server
So, there is a load balancing and fault tolerance features.
Mode 1 :
Activebackup means only one NIC card is activated at a time and another one is in down state.
So, there is no load balancing.
But if one NIC card is failed then another NIC card will be activated automatically.
Mode 3 :
In this mode broadcasting is done.
In this the same data will be transferred through two NIC cards.
So there is no load balancing.
But if one NIC card is failed then second NIC card will be activated automatically.
So, all the 3 modes are supports only fault tolerance, but round robbin is the only one mode that
provides load balancing.
Requirements to configure :
(i) Minimum two NIC cards.
(ii) One IP address.
(iii) Connection type is bond (in RHEL - 6) and team (in RHEL - 7) not the ethernet type.
Here no need to assign the IP addresses for two NIC cards and we are giving only one IP
address to bond or team.
Bonding configuration : (in RHEL - 6)
(i) # vim /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
IP ADDR=<IP address>
TYPE=ethernet
NETMASK=255.225.225.0 or <IP address class netmask>
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
MASTER=yes
BONDING_OPTS="mode0 or mode1 or mode3 miimon=50" (Save and exit this file)
(ii) vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
MASTER=bond0
SLAVE=yes (Save and exit this file)
(iii) vim /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE=eth2
ONBOOT=yes
Page 41
RED-HAT LINUX 6/7
BOOTPROTO=none
USERCTL=no
MASTER=bond0
SLAVE=yes (Save and exit this file)
(iv) To add virtual NIC cards eth1 and eth2 :
# setup -----> Networking -----> Device configuration -----> New Device -----> eth1
Name : eth1
Device : eth1 (save and exit this setup)
# setup -----> Networking -----> Device configuration -----> New Device -----> eth2
Name : eth2
Device : eth2 (save and exit this setup)
(v) Adding bond0 connection :
# setup -----> Networking -----> Device configuration -----> New Device -----> bond0
Name : bond0
Device : bond0
IP address : <IP address>
Netmask : 255.255.255.0
Default gateway : <gateway IP address> (save and exit this setup)
# ifdown bond0
# ifdown eth1
# ifdown eth2
# ifup bond0
# service NetworkManager stop
# service network restart
# chkconfig network on
# service NetworkManager restart
# cat /proc/net/bonding/bond0 (to check the bonding
information)
# watch -n 1 cat /proc/net/bonding/bond0 (to check the bonding information for
every 1 minute)
# echo "eth1" > /sys/devices/virtual/net/bond0/bonding/active_slave (to put the eth1 NIC
in active state)
Teaming configuration :
(i) Add the team0 connection by
# nmcli connection add con-name team0 ifname team0 type team
config ' { "runner" : { "name" : "roundrobbin" or "activebackup" or
"broadcasting" }} '
(ii) Add the two NIC cards one by one to the above created connection by
# nmcli connection add con-name port1 ifname eth1 type team-slave master team0
# nmcli connection add con-name port2 ifname eth2 type team-slave master team0
(iii) Assign the static IP address to the team0 connection by
#nmcli connection modify team0 ipv4.addresses <IP address>/<netmask> ipv4.method
static
(iv) Up the connection by
# nmcli connection up team0
(v) To see the team0 connection up details by
# teamdctl team0 state
(vi) To check the connection communication by
# ping -I team0 <IP address>
(vii) To down the one NIC card in team0 by
# nmcli connection down port1
(viii) teamdctl team0 state (to check the team0 NIC card up or down details)
Page 42
RED-HAT LINUX 6/7
Page 43
RED-HAT LINUX 6/7
Page 44
RED-HAT LINUX 6/7
Page 45
RED-HAT LINUX 6/7
# nmcli device status (to display all NIC device connections statuses)
# nmcli connection modify <connection name> + ipv4.dns <secondary dns server IP> (to add a
secondary dns server IP to
the existing connection)
# netstat -ntulp (to check how many open ports are there in local
system)
# ss -ntulp ( " "
)
# nmap (to check how many open ports are there in
remote system)
# tracepath (it displays the routing information)
# miitool <NIC device name> (to check the network cable is connected or not)
# ethtool <NIC device name> ( " "
)
# ifconfig (to check the NIC card is enable or not)
# ifup <NIC device name> (to enable or up the NIC card)
#ifdown <NIC device name> (to disable or down the NIC card)
# route -n (to check the gateway)
# cat /etc/resolve.conf (to check the dns server information)
# cat /etc/sysconfig/network-scripts/ifcfg-<NIC device name> (to see the NIC device information)
# hostname or cat /etc/sysconfig/network (to check the hostname in RHEL - 6)
# hostnamectl status or cat /etc/hostname (to check the hostname in RHEL - 7)
# ping <IP address> (to check the connection communication)
# chkconfig --list (to list all the services which are running at boo
time in RHEL - 6 & 7)
# systemctl list-unit-files (to list all the processes which are running at boot time in
RHEL - 7)
# chkconfig --level <service name> (it will set the service at run level 3 when the system is
booting)
# service --status-all (to see the list of all the processes which are currently
running)
# ls /etc/init.d (is the location of all the services and deamons in RHEL -
6)
# ls /usr/lib/systemd/system (is the location of all the services and deamons in RHEL -
7)
# /etc/rc.local (is the last script to be run when the system is booting)
(If we enter as sshd stop at the last line of the script file then sshd will be stopped even
though that
sshd is enabled)
# service sshd status (to check the sshd status)
# service --service -all (to see the process ID of all the services)
# netstat -ntulp (to see all the services with port no., status, process ID
and all open ports in local system, routing table and NIC
device information)
-n -----> port no. (numeric no) -t ----->tcp protocol
-u -----> upd protocol -l -----> port is listening or
not
-p -----> display the process ID
# netstat -r (to see all routing table information)
# netstat -i (to see all the NIC cards information)
# nmap (to see the network mapping ie., open ports list on
remote system)
Page 46
RED-HAT LINUX 6/7
Note : By default this command will not available. So, first install the nmap package by # you install
nmap -y
# nmap <remote system IP address> (to see all the services which are running in the specified
remote system)
# nmap <remote IP 1><remote IP 2><remote IP 3> (to see the running services on specified remote
systems)
# nmap 172.25.0.11 - 50 (to see the running service on 172.25.0.11 to 172.25.0.50
systems)
# nmap -p 80 <remote IP> (to see the http port is running or not on specified remote system)
# nmap -p 80 - 90 <remote IP> (to see port no's 80 to 90 are running or not on remote systems)
# nmap -sp 172.25.0.0/24 (to see all the systems which are in upstate ie., 172.25.0.1,
172.25.0.2,
(where s -- scan & p -- ping) 172.25.0.3, ......upto 172.25.0.254
systems)
Open a file, write all the systems IP addresses, save & exit the file. Example has given below,
# vim coss
172.25.2.50
172.25.3.50
172.25.4.50 ....etc., (save and exit this file)
# nmap -iL coss (to scan all the IP addresses by reading the coss file)(where -i ---->
input, -L ----> list)
# nmap --iflist (to see all the routing table information in the network)
# nmap 172.25.0.10 - 20 --exclude 172.25.0.15 (to scan all the systems from 172.25.0.10 to
172.25.0.20 systems and excluding
172.25.0.15 system)
# nmcli connection show --active (to control the network connections)
# ip link (to check the network connection)
# ping -I eth1 <IP address> (to check the 2nd NIC card connection)
Page 47
RED-HAT LINUX 6/7
5. Managing SELinux
1. What is SELinux?
It is a one type of security that enhances the security that allows users and administrators more
control over which users and applications can access which resources, such as files, Standard Linux access
controls etc.,
It is mainly used to protect internal data (not from external data) from system services. In real time
SELinux is disabled and instead of this IP tables are used. It protects all the services, files and directories by
default if SELinux is enabled.
2. In how many ways we can implement the SELinux? Explain them.
We can implement the SELinux mainly in 2 modes.
(i) Enabled
(ii) Disabled (default mode)
Enabled :
Enabled means enabling the SELinux policy and this mode of SELinux is divided into two parts.
(a) Enforcing
(b) Permissive
Disabled :
Disabled means disabling the SELinux policy.
3. What is Enforcing mode in SELinux?
Enforcing means SELinux is on. It checks SELinux policy and stored a log. No can access the services by
default but we can change the policy whenever we needed.
4. What is Permissive mode in SELinux?
SELinux is on and it don't check SELinux policy and stored the log. Everybody can access the services by
default and we can also change the SELinux policy. It is also called as debugging mode or troubleshooting
mode. In this mode SELinux policies and rules are applied to subjects and objects but actions are not affected.
5. What is Disabled mode in SELinux?
SELinux is turned off and no warning and log messages will be generated and stored.
6. What are Booleans?
Booleans are variables that can either be set as true or false. Booleans enhance the effect of SELinux
policies implemented by the System Administrators. A policy may protects certain deamons or services by
applying various access control rules.
7. What is SELinux policy?
The SELinux policy is the set of rules that guide the SELinux security engine. It defines types for file
objects and domains for process. It uses roles to limit the domains that can be entered and the user identities to
specify the role that can be attained.
8. What are the required files for SELinux?
Page 48
RED-HAT LINUX 6/7
Page 49
RED-HAT LINUX 6/7
Page 50
RED-HAT LINUX 6/7
booted and the real root the file system is mounted. It also contains necessary drivers compiled inside
which helps it to access the hard drive partitions and other hardware.
init level :
In this init program reads the /etc/inittab file and put the system into specified run level. init
identifies the default run level from /etc/inittab file and we can change the this default run level
whenever we needed. We can find the default run level by # grep "initdefault" /etc/inittab command on
our system. Normally the
default run level in Linux is 3 in CLI (Command Line Interface) mode and 5 in GUI (Graphical User
Interface) mode.
Run Level Programs :
The following run levels are available in Linux systems.
0 -----> halt or shutdown the system
1 -----> Single user mode
2 -----> Multi user without NFS
3 -----> Full multi user mode but no GUI and only CLI mode
4 -----> Unused
5 -----> Full multi user mode with GUI (X11 system)
6 -----> reboot the system
Whenever we start the Linux system is booting we can see various services getting started. Those
services are located in different run levels programs executed from the run level directory as defined by
our default run level. Depending on our default init level setting, the system will execute the programs from
one of the following directories.
Run level 0 -----> /etc/rc.d/rc0.d
Run level 1 -----> /etc/rc.d/rc1.d
Run level 2 -----> /etc/rc.d/rc2.d
Run level 3 -----> /etc/rc.d/rc3.d
Run level 4 -----> /etc/rc.d/rc4.d
Run level 5 -----> /etc/rc.d/rc5.d
Run level 6 -----> /etc/rc.d/rc6.d
The above directories are also having symbolic links available for those directories under /etc/rc0.d,
/etc/rc1.d, ....etc., So, the /etc/rc0.d is linked to /etc/rc.d/rc0.d
Booting procedure in RHEL - 7:
Upto kernel the booting process is same as the above. /boot/grub2/grub.conf is the GRUB
configuration file in RHEL - 7. systemd is the initial process in RHEL - 7 and its process ID is 1.
linux16 read the root ( / ) file system and then initrd16process will mount the root ( / ) file system in
read & write mode and starts the systemdprocess. And the systemd process will read the /etc/fstab file and
mount all the file systems. Then it reads the file /etc/systemd/system/default.target file and brings
the system into the default run level according to the scripts the processes will start or stop.
2. How to check the current run level of the system?
# who -r (to see the present run level of the system)
3. How to change the default run level?
First open the /etc/inittab file by # vim /etc/inittab command and go to last line change the run
level number as we required and then reboot the system by # init 6 command. After rebooting the system
check the current run level by # who -r command.
4. How to start the graphical interface if the system is in run level 3 now?
# startx (it changes the run level 3 to 5 and reboots the system)
5. How to troubleshoot if the boot disk is not available?
(i) First check the hard disk is present in the system or not. If not present connect the hard disk
and restart the system.
(ii) If the hard disk is present, then go to BIOS and find the location of the hard disk.
(iii) Check the boot priority in the BIOS. If boot priority is not the hard disk then change it to hard disk
and restart the system.
Page 51
RED-HAT LINUX 6/7
(iv) Even though the system is not started then boot the system with CDROM in single user mode
and open the /boot/grub/grub.conf file and see the hard disk name and partition number.
Normally it should be /dev/hda1 (if the hard disk is IDE hard disk) or /dev/sda1 (if the
hard disk is SATA or SCSI). If the hard disk name and partition number is different instead of the
original then change them and reboot the system with hard disk.
(v)If the GRUB is corrupted then reboot the system with CDROM in single user mode and restore the
grub information from the recent backup and then restart the system with hard disk.
6. How to reboot the production server?
(i) In general the production servers will not be rebooted frequently because the end users will
suffer if the productions server are in down state. If any changes made to the system like grub,
selinux policy, default run level is changed and if kernel patches are applied the system reboot is
required.
(ii) If any inconsistency is root ( / ) file system, then take the business approval from higher
authorities,make a plan for proper scheduleand also inform to the different teams like
application team to stop the application, databaseteam to stop the databases, QC team to stop
the testing, monitoring people to ignore the alerts from thisserver and other teams if any and then
reboot the system withCDROM in single user mode and then run #fsck command on that file
system.
(iii) If O/S disk is corrupted or damaged then, reboot the system temporarily with the mirror
disk then fix that problem and again boot the system with original disk.
7. What is the difference between # reboot and # init 6 commands?
Both commands are used to restart or reboot the system.
# reboot command will not send the kill signals to the system and it will kill all the running processes
and services forcefully and then restart the system.
# init 6 command will send the kill signals to the system and it will stop all the processes and
services one by one and then restart the system.
8. What is console port and how to connect to the console port?
Console port is used to connect the system even though the system is not booted with the main O/S.
This port is used to connect the system for troubleshooting purpose only. We can connect the console
port as same as connect to systems LAN port and it is also having IP address, user name and password to
connect to the console.
There are different types of console ports for different types of servers. They are given below.
Server Name Name of the Console port Expansion name
DRAC ---> DELL Remote Access Controllers
DELL DRAC or i-DRAC i-DRAC ---> Integrated DELL Remote Access
Controllers
IBM Power series HMC Hardware Management Console
HP ILO Integrated Light Out
Page 52
RED-HAT LINUX 6/7
(viii) Even though there is a sufficient RAM may be swap space is not sufficient to run all the services
and applications then system get panic and may continuously reboots. If so, then
increasing the swap size may resolve this issue.
10. What is TCP handshaking?
The procedure that takes place between two TCP/IP nodes to establish a connection. Known as the
Synchronization, Synchronize-Acknowledgement and Acknowledgement handshake.
For example if computer A transmits a Synchronize packet to computer B, which sends back a
Synchronize- Acknowledge packet to compute A. Computer A then transmits an Acknowledge packet to
computer B and the connection is established. This whole above said process is called the TCP
handshaking.
11. How many links will be created when we create the directory?
Whenever we create any directory there are two links will be created.
12. What are the differences between run level 2 and run level 3?
Run Level 2 :
(i) It supports multiuser operations.
(ii) Multiple users can access the system.
(iii) All the system deamons will run except NFS and some other network service related
deamons.
(iv) So, without NFS we can use all other services.
Run Level 3 :
(i) It is also supports Multi user operations.
(ii) Multiple users can access the system.
(iii) All the system deamons including NFS and other network related service deamons will run.
(iv) So, we can avail all the services including NFS also.
13. Server running in single user mode, can you login remotely and how?
We can login to the system remotely in single user mode also but it is possible to connect to console
instead of LAN port through putty tool by giving IP address, user name and password. Then console port
appears and boot the system with CDROM in single user mode.
14. How to check the present kernel version?
# uname -r (it displays the present kernel version)
# uname -a (it displays the present kernel version with other details)
# cat /boot/grub/grub.conf (in this file also we can find the kernel version)
15. What is the command to see the system architecture?
# arch or # uname -m (both commands gives the architecture of the system)
16. How to check the version of the O/S ?
# cat /etc/redhat-release (gives the version of the O/S)
17. How to repair the corrupted boot loader and recover it?
This problems may be occur if the GRUB is corrupted. So, we have to recover the GRUB. Basically the
repairing of GRUB means installing the new grub on the existing one from RHEL - 6 DVD. The steps are
given below.
(i) Insert the RHEL - 6 DVD and make sure that system should boot from CD/DVD.
(ii) Boot the system in Rescue Installed System mode.
(iii) Select the language with which we want to continue and click on OK.
(iv) Select the Keyboard type as US and click OK.
(v) Select Local CD/DVD and click OK.
(vi) Move the cursor to NO to ignore the Networking.
(vii) Move the cursor to Continue tab to mount the root ( / ) from CD/DVD and press Enter key.
(viii) Now the root ( / ) file system is mounted on /mnt/sysimage, here click on OK and Press Enter to
continue.
(ix) Select the "shell Start shell" option and click on OK, then shell will be displayed on screen.
(xi) At shell prompt type as # chroot /mnt/sysimage command, press Enter.
(xii) Check the /boot partition by # fdisk -l command.
Page 53
RED-HAT LINUX 6/7
(xiii) Install the new grub on the boot device ie., may be /dev/sda2 by # grub-install <device
name> command (For example #
grub-install /dev/sda2).
(xiv) If it show no error reported that means we have successfully recovered the grub.
(xv) Then type # exit command and again type # exit or # reboot command to reboot the
system.
18. What are Modules or Kernel Modules? How to find the Kernel Modules?
The drivers is Linux system are known as Modules or Kernel Modules. These modules are assigned by
kernel depending on the hardware. Hardware can only be communicated and can work efficiently when the
proper module is loaded in the kernel. we can find the kernel modules by # ls /etc/lib/modules command.
All the kernel modules in the system will be ended with " .ko " extension. So, we can see all the
modules in the system by # find / -name *.ko command.
19. What other commands related to kernel modules?
# lsmod (to list all the currently loaded modules)
# lsmod |grep -i <module name> (to check whether the particular module is loaded or not)
# lsmod |grep -i fat (to check the fat module is loaded or not)
There might be a situation where our module is not working properly, in that case we have to remove
that module and re-install it again by,
# modprobe -r <module name> (to remove the specified module)
# modprobe -r fat (to remove the fat module)
# modprobe <module name> (to install or re-install the module)
# modprobe fat (to install or re-install the module)
# modinfo <module name> (to see the specified module information)
# uname (to see the which O/S is present in the system)
# uname -s (to see which O/S kernel is this either Linux or
Unix)
# rpm -qa kernel --last (to see the kernel installation date and time)
# rpm -qa kernel* (to see how many kernels are there in the
system)
# ls /proc (to see the kernel processes
information)
# ls /boot (to see the present kernel version
created time) # ls /etc/lib/modules (installed kernel module
drivers)
# ls /usr/src (kernel source code location)
# kudzu (to scan the new hardware in RHEL - 4)
# depmod (to scan the new hardware from RHEL -
5, 6 and 7)
# rmmod <module name> (to remove the specified module)
# insmod <module name> (to install the kernel module without dependency
modules)
20. How to see the run level?
# who -r (to see the current run level)
21. How to block the USB / CDROM driver?
# lsmod |grep -i usb (to see the USB module is loaded or not)
# mount (to check the USB is mounted or not)
# modprobe -r usb_storage (remove the USB module, if it is mounted it will
not remove)
# umount /<mount point> (to unmount the USB if it is mounted)
# vim /etc/modprobe.d/blocklist.conf (it will open the blocklist.conf file, then put an
entry of USB)
Page 54
RED-HAT LINUX 6/7
blocklist usb_storage (after type this save and exit this file)
22. What is " wait " and where it is stored?
(i) If there is not enough memory to run the process, then it will wait for free space in memory.
That process is called wait.
(ii) wait is stored in buffer like cache memory.
23. What is run level?
(i) Run level is nothing but to put the system in different levels to perform different
maintenance modes.
(ii) There are 7 run levels. Those are 0, 1, 2, 3, 4, 5 and 6.
(iii) The above levels are used to put the system in different stages to avail different services.
24. What is the default run level?
(i) When we boot the server the system automatically go to one particular run level. That run
level is called the default run level.
(ii) In Linux the default run level is 5 in GUI and 3 in CLI.
(iii) We can modify the default run level by put an entry in /etc/inittab file.
25. Which run level are you using?
Run level 3.
26. How to change the run level temporarily?
# init <run level no.> (to change the run level temporarily)
Example : # init 0 or init 1 or init 2 or init 3 or init 4 or init 5 or init 6
27. Can I mount on two disks alternatively when booting?
No it is not possible to mount on two disks alternatively when booting because we can specify only one
disk as boot disk but not two disks as booting disks in BIOS settings.
So, it is not possible to mount on two disks alternatively when booting.
7. Job Automation
1. What is Job scheduling?
The process of creating the jobs and make them occur on the system repeatedly hourly, daily, weekly,
monthly and yearly is called Job scheduling. In Linux and other Unix systems this process is handled by the cron
service or deamon called crondand atd is the at jobs deamon which can be used to schedule the tasks (also
called as jobs).
2. What is the importance of the job scheduling?
The importance of the job scheduling is that the critical tasks like backups, which the client usually
wants to be taken in nights, can easily performed without the intervention of the administrator by
Page 55
RED-HAT LINUX 6/7
scheduling a cron job. If the cron job is scheduled carefully then the backup will be taken at any given time of
the client and there will be no need for the administrator to remain back at nights to take the backup.
3. What are the differences between cron and at jobs?
cron job :
(i) cron jobs are scheduling jobs automatically at a particular time, day of the week, week of the
month and month of the year.
(ii) The job may be a file or file system.
(iii) We cannot get the information as a log file if the job was failed to execute ie., when it was
failed and where is was failed and also cannot execute automatically the failed jobs.
at job :
(i) at jobs are executes only once.
(ii) Here also we cannot get the information if the job is failed and it is also do not execute the
failed jobs automatically.
4. What are the important files related to cron and at jobs?
/etc/crontab -----> is the file which stores all the scheduled jobs.
/etc/cron.deny -----> is the file used to restrict the users from using cron jobs.
/etc/cron.allow -----> is used to allow only users whose names are mentioned in this file to use cron jobs
and this file does not exist by
default.
/etc/at.deny ----->same as cron.deny for restricting the users to use at jobs.
/etc/at.allow -----> same as cron.allow for allowing users to use at jobs.
(ii) Put the entries of the user names whom do we (ii) Put the entries of the user names whom do we
want to allow the cron jobs. want to deny the cron jobs.
Page 56
RED-HAT LINUX 6/7
(ii) Put the entries of the user names whom do we (ii) Put the entries of the user names whom do we
want to allow the at jobs. want to deny the at jobs.
Page 57
RED-HAT LINUX 6/7
Page 58
RED-HAT LINUX 6/7
# at 5PM Jan 13 2015 (to schedule the at job on 13th Jan 2015 at 5PM)
# at noon + 4days (to schedule the at job today and after 4
days)
# at midnight (to schedule the at job today midnight)
# at midnight + 4days (to schedule the at job today midnight and after
4 days)
# vim /etc/at.deny (to deny the at jobs for specified users)
# vim /etc/at.allow (to allow the at jobs for specified users)
* If both /etc/at.deny and /etc/at.allow files are deleted, except root user every user will be
deny to
execute at
jobs.
* Once scheduled the cron jobs, we can modify, edit that job any no. of times.
# cat /etc/crontab (to see the cron jobs list)
# crontab -lu <user name> (to list all the cron jobs of the specified user)
# crontab -eu <user name> (to create or edit the cron jobs)
# crontab -ru <user name> (to erase or remove the specified user's cron
jobs)
# crontab -r <job id> (to remove the specified cron jobs)
# vim /etc/cron.deny (to deny the cron jobs for specified users)
# vim /etc/cron.allow (to allow the cron jobs for specified users)
* If both files are remove or deleted, except root user all the users are deny to execute the cronjobs.
# crontab -eu raju
55 14 20 1 2 /usr/sbin/useradd gopal; usr/sbin/groupadd
team
(save & exit this crontab)
* This job executes the useradd and groupadd commands on Tuesday 20th Jan every year
Examples for crontab :
(i) 58 14,15 20-25 1 2,3,6 /usr/sbin/passwd
where 58 -----> 58 minutes
14,15 -----> 14 hours and 15 hours ( 14:58 and 15:58)
20-25 -----> dates 20, 21, 22. 23, 24 and 25
1 -----> January
2, 3, 6 -----> 2nd day, 3rd day and 6th day
(ii) 58 15 * * * <command>
where 58 -----> 58 minutes
15 -----> 15 hours (at 15:58)
* * * -----> every day
Page 59
RED-HAT LINUX 6/7
* If the system is scheduled for a job, but at that time the system is under down then anacron
command is
responsible for those pending jobs to be executed.
# cat /etc/anacron is the configuration file for anacron jobs.
# anacron (anacron is used to execute the pending cron jobs)
# vim /etc/rc.local (to execute the cron pending jobs automatically whenever the
system is rebooted)
* Open the above file and go to last line and type as, anacron then save and exit this file to execute
the pending jobs automatically whenever the system is rebooted.
Page 60
RED-HAT LINUX 6/7
SSh is protocol which facilitates secured communication between two systems using Client-Server
architecture and allows users to login to the server host systems remotely.
It is used to connect to remote system and perform administrative task or jobs. By default ssh takes
password authentication mechanism and its port no. is 22. Through ssh the data will be transferred in
encrypted format.
3. What is telnet?
Telnet is a mechanism to connect and to administrate the remote system from local system. This is the
oldest program which is available on most network capable operating systems. Accessing a remote shell
account through the telnet method is danger because in that everything that you send or receive over that
telnet session is visible in plain text on your local network and the local network of the machine you are
connecting to.
So, anyone can sniff the connection in-between can see our user name, password, email and other
messages that we read and command that we run. For these reasons we need a more sophisticated program
than telnet to connect to a remote host.
4. What are the differences between Telnet and SSH?
Telnet SSH
(a) Through telnet we can connect the remote (a) Through ssh also we can connect the remote
system, but any network hacker may see the system, but nobody can see the transferred data.
transferred data. And the telnet port no. is 23. And the ssh port no. is 22.
(b) Data will be transferred in non-encrypted format. (b) Data will be transferred in encrypted format.
(c) We cannot trust this telnet connection. (c) We can trust this ssh connection.
(d) We cannot give the trusting in telnet. (d) We can give the trusting in ssh.
(e) By snooping or sniffing technologies we can see (e) By snooping or sniffing technologies we cannot
the data like system or hostname, login name, see the data like system name or hostname, login
password and other data. name, password and other data.
So, there is no security. So, there is a security
(f) # telnet<IP address of the remote system> (f) # ssh<IP address of the remote system>
(provide login name and password) (provide login name and password)
5. In how many ways we can connect the remote host through ssh?
Through ssh we can connect the remote host by two methods.
(i) Command Line Interface (CLI).
Example : # ssh <IP address of the remote system> (provide login name and password)
(ii) Graphical User Interface (GUI).
Example : open VNS server window and provide remote hostname, login name and
password.
6. What are the requirements for ssh?
(i) Remote systems IP address.
(ii) Remote systems user name and password
(iii) A proper network ie., our local and remote systems should be in the same network.
(iv) Open ssh package to configure the ssh.
7. In how many ways we can connect the remote system?
(i) telnet (ii) ssh
(iii) rlogin (iv) rcp
(v) ftp (vi) scp
(vii) sftp (viii) tftp
Page 61
RED-HAT LINUX 6/7
Page 62
RED-HAT LINUX 6/7
(ii) Then restart the sshd service or deamon to effect the above modification by
# service sshd restart (to restart the sshd deamon or service
in RHEL - 6)
# systemctl restart sshd (to restart the sshd deamon or service in
RHEL - 7)
# chkconfig sshd on (to enable the sshd deamon at next
reboot in RHEL - 6)
# systemctl enable sshd (to enable the sshd deamon at next reboot in
RHEL - 7)
# service sshd reload (to reload the sshd deamon in RHEL - 6)
# systemctl reload sshd (to reload the sshd deamon in RHEL - 7)
(iii) # gedit (to open the gedit editor on remotely)
12. How to allow empty password through ssh?
(i) Open the ssh configuration file by # vim /etc/ssh/sshd_config
-----> go to line no. 65 in RHEL - 6 or
-----> go to line no. 77 in RHEL - 7 PermitEmptyPassword no
type as " yes " in place of " no " then save and exit this file.
* If it is yes, then the remote system will be allow the users with empty password ie.,
without password.
* If it is no, then the remote system will not be allow the users with empty passwords.
(ii) Then restart the sshd service or deamon to effect the above modifications by
# service sshd restart (to restart the sshd deamon or service
in RHEL - 6)
# systemctl restart sshd (to restart the sshd deamon or service in
RHEL - 7)
# chkconfig sshd on (to enable the sshd deamon at next
reboot in RHEL - 6)
# systemctl enable sshd (to enable the sshd deamon at next reboot in
RHEL - 7)
# service sshd reload (to reload the sshd deamon in RHEL - 6)
# systemctl reload sshd (to reload the sshd deamon in RHEL - 7)
(iii) Now, the users who are having empty passwords are also access the remote systems through ssh.
13. How to prevent the password authentication mechanism in ssh?
(i) Open the ssh configuration file by # vim /etc/ssh/sshd_config
-----> go to line no. 66 in RHEL - 6 or
-----> go to line no. 78 in RHEL - 7 PasswordAuthentication no
type as " no " in place of " yes " then save and exit this file.
* If it is yes, then the remote system will ask the password.
* If it is no, then the remote system will not ask any type of passwords.
(ii) Then restart the sshd service or deamon to effect the above modifications by
# service sshd restart (to restart the sshd deamon or service
in RHEL - 6)
# systemctl restart sshd (to restart the sshd deamon or service in
RHEL - 7)
# chkconfig sshd on (to enable the sshd deamon at next
reboot in RHEL - 6)
# systemctl enable sshd (to enable the sshd deamon at next reboot in
RHEL - 7)
# service sshd reload (to reload the sshd deamon in RHEL - 6)
# systemctl reload sshd (to reload the sshd deamon in RHEL - 7)
(iii) Now, we can access the remote systems through ssh without Password Authentication
mechanism.
Page 63
RED-HAT LINUX 6/7
14. How to allow or deny the uses or group to access the remote systems through ssh?
(i) If we want to allow or deny the particular users then go to last line of the ssh configuration
file and type as
DenyUsers <user 1><user 2><user3> ...etc., (these users will be denied the ssh service)
AllowUsers <student><user 4><user 5> ...etc., (these users will be allowed the ssh
service)
DenyGroup <group 1><group 2><group 3> ...etc., (these group users will be denied the
ssh service)
AllowGroup <group 1><group 2><group 3> ...etc., (these group users will be allowed the
ssh service)
(ii) Then restart the sshd service or deamon to effect the above modifications by
# service sshd restart (to restart the sshd deamon or service
in RHEL - 6)
# systemctl restart sshd (to restart the sshd deamon or service in
RHEL - 7)
# chkconfig sshd on (to enable the sshd deamon at next
reboot in RHEL - 6)
# systemctl enable sshd (to enable the sshd deamon at next reboot in
RHEL - 7)
# service sshd reload (to reload the sshd deamon in RHEL - 6)
# systemctl reload sshd (to reload the sshd deamon in RHEL - 7)
15. How allow the specified no. of users to access remote system at a time?
(i) Open the ssh configuration file by # vim /etc/ssh/sshd_config then go to MaxAuthTries
line and type as,
MaxAuthTries <no.> (type any numeric value equal to Max. users to allowat a time in
place of <no.>,
then save and exit this file)
(ii) Then restart the sshd service or deamon to effect the above modifications by
# service sshd restart (to restart the sshd deamon or service
in RHEL - 6)
# systemctl restart sshd (to restart the sshd deamon or service in
RHEL - 7)
# chkconfig sshd on (to enable the sshd deamon at next
reboot in RHEL - 6)
# systemctl enable sshd (to enable the sshd deamon at next reboot in
RHEL - 7)
# service sshd reload (to reload the sshd deamon in RHEL - 6)
# systemctl reload sshd (to reload the sshd deamon in RHEL - 7)
16. How to allow or deny the hosts or networks to use the ssh?
To deny IP addresses or hostnames :
(i) Open /etc/hosts.denyfile by # vim /etc/hosts.deny and go to last line and type as,
sshd: <IP address 1><IP address 2><IP address 3> ...etc., (to deny IP 1, IP 2, IP 3, ...etc.,)
sshd: <hostname 1><hostname 2><hostname 3> ...etc.,
sshd: *.example.com *.my133t.org ...etc., (to deny all the hosts from these domains)
sshd: 192.168.0. 172.25.0. ...etc., (to deny 192.168.0 and 172.25.0 networks)
sshd: ALL Except <hostname or IP address> (to deny all the hosts or IP addresses
except the specified one in that
network) and save & exit the file.
(ii) Then restart the sshd service or deamon to effect the above modifications by
# service sshd restart (to restart the sshd deamon or service
in RHEL - 6)
Page 64
RED-HAT LINUX 6/7
Page 65
RED-HAT LINUX 6/7
Page 66
RED-HAT LINUX 6/7
# ssh root@192.168.1.1 <command> (to run a command on remote host without login to that
system)
# ssh root@192.168.1.1 -X (to run GUI commands on the remote system because by default
the ssh is configured as command line
interface, X is capital)
# lastb (to see the login failed tries)
# last -x |grep shutdown (to see the date & time of the system's last
shutdown)
9. Memory Management (Swap)
1. What is swap?
Swap space in Linux is used when the amount of the Physical memory (RAM) is full. If the system
needs more memory resources and the RAM is full, inactive pages in the memory are moved from RAM to swap
space. It helps the machines which are having small amount RAM and it should not be considered a
replacement for more RAM. Swap is located on the hard disks which have slower access time than Physical
memory.
2. What is the recommended swap space?
Generally the recommended swap space is double the RAM size, but the following table shows actual
amount.
Apart from the below recommendation a basic rule is applied to create the swap partition.
* If the RAM size is less than or equal to 2 GB, then the size of the swap = 2 X RAM size.
* If the RAM size is more than 2 GB, then the size of the swap = 2 GB + RAM size.
Recommended Amount of Swap
Amount of RAM in the System
Space
4 GB or less Min. 2 GB
4 GB - 16 GB Min. 4 GB
16 GB - 64 GB Min. 8 GB
64 GB - 256 GB Min. 16 GB
256 GB - 512 GB Min. 32 GB
Page 67
RED-HAT LINUX 6/7
swap space. ie., swap space is allocated to that application. This allocation is called paging space or
page-out allocation.
(iii) paging will takes place in swap by blocks. First it will create the required no. of blocks in
swap space.
(iv) If RAM space cleared by older or other applications, then swap occupied data is transferred
from swap to RAM. This is called page-in. So, that much amount of space is unallocated in swap ie.,
removed the created blocks in swap.
6. How to create the swap partition?
# fdisk -l (to see the available disks in the system)
# fdisk /dev/sdb
Command (m for help) : n (to create a new partition)
First cylinder : (press Enter key)
Last cylinder : +2048M
Command (m or help) : t (to change the hex code)
Partition no. (1-2) : 2 (to change the partition number hex code)
Hex code : 82 (82 is the hex code for Linux swap)
Command (m for help) : w (write the changes to the disk)
# partprobe or # partprobe /dev/sdb (to update the partition table information)
# mkswap /dev/sdb2 (to convert the raw disk to swap file system)
# swapon /dev/sdb2 (to turn on the swap partition)
# vim /etc/fstab (to make the permanent mount of swap partition)
/dev/sdb2 swap swap defaults 0 0
(save and exit this file)
# mount -a (to mount all the partitions which are having entries in
/etc/fstab file)
# df -hT (will not show the swap size)
# free -m (to see the total RAM and swap size)
7. How to remove the swap partition?
# swapon -s (to see the swap partition names or disks)
# swapoff /dev/sdb2 (to turn off the swap space)
# vim /etc/fstab (open this file and remove the swap partition entry)
(after removing the swap partition save and exit this file)
# fdisk /dev/sdb (to delete the swap partition)
Command (m for help) : d (d for to delete the partition)
Partition no. (1-2) : 2
Command (m for help) : w (to write the changes into the disk)
# partprobe or # partprobe /dev/sdb
# free -m (to see the RAM as well as swap sizes)
8. In how many ways can we create the swap spaces?
(i) By creating a new swap partition on the disk. (separate swap partition)
(ii) By creating swap file.
9. How to create the swap space using the swap file?
Sometimes it is unable to create a swap partition because may be there is no disk space or may be
the partition limit is already exceeded. So, in these scenarios we have to create only the space file.
# dd if = /dev/zero of = /root/linuxswap bs = 1M count = 2048 (to create 2048MB empty file)
# du - /root/linuxswap (to see the linuxswap size)
# mkswap /root/linuxswap (to convert the existing file system to swap file
system)
# swapon /root/linuxswap (to turn on the swap file)
# vim /etc/fstab (to make a permanent mount of swap space)
/root/linuxswap swap swap defaults 0 0
(save and exit this file)
Page 68
RED-HAT LINUX 6/7
# mount -a (to mount all the partitions which are having entries in
/etc/fstab file)
# df -hT (will not show the swap size)
# free -m (to see the total RAM and swap size)
10. What is virtual memory?
The combination of Physical memory (RAM) and swap space is called the virtual memory.
So, Virtual memory = Physical memory (RAM) + swap space.
Other useful commands :
# swap -s (to see how many swap partitions are there and with
their names)
# swapon -a (to turn on all the swap partitions)
# swapoff -a (to turn off all the swap partitions)
# cat /etc/mtab (to see the current and temporary mount points)
# mountpoint <directory or mount point> (to check the specified directory is a normal directory
or a
mount point)
# df -ih (to check how many inode numbers are available in the mounted partitions)
11. What happens when the /usr is full?
(i) Users cannot login to the system.
(ii) If already login users not able to execute any command.
12. What happens when memory ie., pagein space is full?
(i) The new applications cannot load due to lack of memory.
(ii) So, users cannot login to the application and cannot access the applications features.
(iii) So, if we increase the swap memory to the required size then the problem will be solved.
13. How to restore the data and upgrade your O/S ?
(i) We can restore the data from backup by, tar, cpio, dd, net backup or other tools.
(ii) If it is in mirror, we can sync the data from mirrored disk.
(iii) We can upgrade the O/S in two ways.
(a) Online :
The O/S is upgraded from previous to present while the system is running. It is risky and
takes long time.
(b) Offline :
First take backup of all the system and then remove previous O/S and install the present
O/S and restore the backup from backup disks or tapes. So, it is very easy and non-risky
job.
Page 69
RED-HAT LINUX 6/7
1. What is software?
Software is a collection of programs to perform some tasks or manage systems, applications,
databases ,...etc.,
2. What is package and package management?
Package is nothing but a software to perform some tasks. Software is the basic of any O/S allowing to
install and use different utilities.
Package management means installing, updating, querying, repairing and removing packages. In
Linux there are two tools to perform package management.
rpm -----> redhat package manager and yum -----> yellowdog updater modifier.
3. What is rpm?
rpm is a package managing system (collection of tools to manage software packages). rpm is a
powerful and most popular open source tool used for software management for installing, uninstalling
(removing), verifying, querying and updating software packages. It is installed under /var/lib/rpm database
directory. It deals with .rpm files, which contains the actual information about the packages. The rpm log
messages will be stored in /var/log/yum.log file.
4. What are the draw backs of rpm?
(i) rpm cannot resolve the dependency. It means, if we want to install any software, first the
dependency packages should be installed.
(ii) There is no configuration file for rpm.
5. What are the basic modes of rpm commands?
(i) Install -----> used to install rpm packages.
(ii) Update -----> used to updated the packages.
(iii) Troubleshooting -----> used to repair the packages.
(iv) Remove -----> used to remove or uninstall the packages.
(v) Querying -----> used to query (gather information) on packages.
6. How many types of packages are available in Linux?
(i) x86_64.rpm -----> 64 bit package and can be install on 64 bit O/S only.
(ii) x86.rpm -----> 32 bit package and can be install on 32 bit or 64 bit O/S only.
(iii) i 386.rpm -----> 32 bit package and can be install on 32 bit or 64 bit O/S only.
(iv) i 486.rpm -----> " "
(v) i 586.rpm -----> " "
(vi) i 686.rpm -----> 64 bit package and can be install on 64 bit O/S only.
(vii) noarch.rpm -----> no-architecture and can be install on either 32 bit or 64 bit O/S.
7. What is the syntax of rpm command with full options?
# rpm <options><package name>
The options are, -i -----> install
-v -----> verbose
-h -----> progress in hash codes ( in % )
-qi -----> query information about the package
-ql -----> list all package related files.
-qd ----> query about the document of the package
-qc -----> displays the configuration files for that package
-qa -----> query on all installed packages
-V -----> (capital V) to verify the package for repair that package
-R -----> list all dependent packages
--force -----> install the package forcefully
--nodeps -----> install the package without dependency (do not check the
dependencies)
--last -----> all installed packages with date and time
Other useful rpm commands :
# rpm -ivh <package name> (to install the package)
# rpm -qa (to list all installed packages)
Page 70
RED-HAT LINUX 6/7
# rpm -qa <package name> (to check whether the package is installed or
not)
# rpm -qa |wc -l (to count how many packages already
installed)
# rpm -qa --last | less (to check last installed packages)
# rpmquery -qa (to list all the installed packages)
# rpm -qa |grep -i <package name> (to check the specified package is installed or
not)
# rpm -ivh --test <package name> (to check the package consistency)
* If the installation status shows 100%, then the package is in good condition or consistent. But while
showing
the hash progress if it shows any error, then the package is in inconsistent state.
# rpm -ivh finger* (to install the finger package)
# rpm -qa finger (to check whether the package is
installed or not)
# finger <user name> (to check whether the installed package is
working or not)
# rpm -e <package name> (to erase or remove or uninstall the package)
# rpm -evv <package name> (to remove the package in verbose mode)
# rpm --test -ivh (to test the package before installing ie., whether
the
package is suitable or not)
# rpm -qi <package name> (to see the details or information on the installed
package)
# rpm -ql <package name> (to list all package related files)
# rpm -qlc <package name> (to list all the configuration files of that package)
# rpm -qd <package name> (to list all the document files of that package)
# rpm -ivh <package name> --force (to install the package forcefully)
# rpm -qR <package name> (to list the dependencies of that package)
# rpm -qip <package full name> (to display the package information before
installation)
# which <command name> (to display the location of that command)
# rpm -qf <location of the command> (to check the package name for that command)
# rpm -V <package name> (to verify that package, ie., 100% package is
there or not, if any files missed in that package, those
are displayed as a list)
# rpm -ivh <package name> --replacepkgs (to replace the missed files in that package)
# rpm -qp --changelog <package name> (displays all the changed logs like lat time, when
the package
is installed, .....etc.,)
# rpm -qp --scripts <package name> (to see the package installation scripts)
# rpm -K <package full name> (to see the package key)
# rpm -Uvh <package name> (to update the package)
* Update is over write the old version of the package. If any problems in new package, we cannot
solve those issues. So, the better one is install that package as a fresh one (not update option).
* Update will look first the package is available in that system or not. If it is available, it will update
that package otherwise it will install as fresh package.
# rpm -qRp <package name> (to check the dependency packages of that package
before install)
# rpm -ivh <package name> --nodeps (to install the package without dependent
packages)
8. What is yum and explain the yum?
Page 71
RED-HAT LINUX 6/7
yum stands for yellow dog updater modified. yum is a package management application for
computers running on Linux O/S.yum is a standard method of managing the installation and removal of
software. It is from RHEL - 5 onwards. Packages are downloaded from collections called repositories, which
may be online, on a network and or on installation media. yum is a front end tool for rpm. It is used to resolve
the dependency which cannot be done by rpm. The yum command has access the repository where the
packages are available and can install, update/upgrade, remove and query the packages automatically.
9. What are the important files that are related to yum?
/etc/yum.conf -----> is the yum configuration file.
/etc/yum.repos.d -----> is the directory which contains the yum repository configuration file.
/etc/yum.repos.d/xxxxx.repo ------> is the yum repository configuration file.
/var/lib/yum -----> is the directory which contains the yum databases.
/var/log/yum.log -----> is the file which stores the yum log messages.
10. How setup the yum server?
(i) Insert the RHEL DVD, goto that directory and install the vsftpd package by # rpm -ivh
vsftpd*
(ii) Goto /var/ftp/pub directory and create rhel6 directory by # mkdir rhel6
(iii) Goto DVD mounted directory and copy all the DVD content into /var/ftp/pub/rhel
directory by
# cp -rvpf /media/DVD/ /var/ftp/pub/rhel6
(iv) Restart the vsftpd service by # service vsftpd restart command.
(v) Then enable the vsftpd service by # chkconfig vsftpd on command.
(vi) Goto /etc/yum.repos.d directory and create one yum repository file by # vim linux.repo
command.
(vii) In the above file the contents are as below,
[linux] (Linux repo id)
name=yum repo server (yum server name)
baseurl=file:///var/ftp/pub/rhel6 or baseurl=ftp://<IP address of the
system>/pub/rhel6
gpgcheck=0 (0 means while installing it will not ask
any signature keys of yum packages, If it is 1, then it will ask the signature keys
while installing the packages)
enabled=1 (if multiple repositories are there, then
enable this only)
(save and exit this file)
(viii) # yum clean all (to clean the old one update the new repository)
(ix) # yum repolist (it displays no. of packages in that
repository)
11. How to setup the yum client?
(i) Goto /etc/yum.repos.d directory and create the repository file by # vim linux.repo
(ii) Type the entries as below,
[linux] (Linux repo id)
name=yum repo client (yum repo client)
baseurl=ftp or http://<IP address of the server>/pub/rhel6
gpgcheck=0 (0 means while installing it will not ask
any signature keys of yum packages, If it is 1, then it will ask the signature keys
while installing the packages)
enabled=1 (if multiple repositories are there, then enable this only)
(save and exit)
(iii) # yum clean all (to clean the old one update the new repository)
(iv) # yum repolist (it displays no. of packages in that
repository)
12. How to configure the yum repository to deny some packages to be installed?
Page 72
RED-HAT LINUX 6/7
(i) To configure the yum tool the yum configuration file is /etc/yum.conf
(ii) To deny some packages, open the yum configuration file by # vim /etc/yum.conf
command.
(iii) Gotolast line and type as, exclude=*(all) kernel* ftp* then save and exit this file.
(iv) Then kernel* and ftp* packages will be denied when we trying to install those packages.
13. How to change the yum repository default location?
(i) Open yum configuration file by # vim /etc/yum.conf command.
(ii) Goto last line and type as, repository=<yum repository new location with full path> then
save and exit this file.
(iii) Then the yum repository new location will be changed from old one new one.
14. How to change the yum log file default location?
(i) Open the yum configuration file by # vim /etc/yum.conf command.
(ii) Goto last line and type as, log=<yum log file new location with full path> then save and
exit this file.
(iii) Then the default log location is changed from /var/log/yum.log file to new location.
15. How to configure the yum to restrict the architecture (64 bit or 32 bit) etc.,?
(i) Open the yum configuration file by # vim /etc/yum.conf command.
(ii) Goto last line and type as, exactarch=1 then save and exit this file.
(iii) 1 means first it installs 64 bit packages and if it is 0 then 32 bit packages will be installed.
(iv) Open the yum configuration file by # vim /etc/yum.conf command.
(v) Goto last line and type as, cachedir=<download new location> then save and exit this
file.
(vi) Then whenever we install the packages the downloaded location will be the new location.
(vii) Open the yum configuration file by # vim /etc/yum.conf command.
(viii) Goto last line and type as, assumeyes=1 then save and exit this file.
(ix) Whenever we install any package using yum then no need to mention -y option if assumeyes=1
and if assumeyes=0 then we have to mention -y option when we install the package.
16. What is O/S patch and how to add those patches on production servers or how to upgrade the
kernel?
(i) O/S patch is nothing but update the new kernel. Normally O/S patch is software that contains
some programs to fix the bugs in O/S ie., in kernel.
(ii) If our server is registered and configured in RedHat network, then we will get the information
about that updated kernel s information and then download that kernel updations.
(iii) Every O/S patch is supplied with a document about pre-requisites to apply that patch.
(iv) Check the pre-requisites, space requirements and others. if all are ok,
(v) Then we take the business approval and make CRQ's (Change requests).
(vi) Then the project manager will initiate the mail thread ie., sending the mail or messages to various
teams who are dealing with that server.
(vii) We get the response from different teams which are involving in this process.
(a) For example Monitoring team to ignore alerts from that server if the system hangs or
rebooted.
(b) DBA team if database stopped or crashed or system failed.
(c) Application team if the application effects while patching.
(viii) If the server is in cluster, then move the service group and resources to another systems manually
called switch over.
(ix) Inform the Application team to stop the application and database team to stop the
database.
(x) If the server is in cluster there is no need of reboot (no down time) else down time needed to
reboot.
(xi) Check the root disk is in normal file system or VxVM.
(xii) If mirror disk is there, split the mirror disk from original disk and boot in single user mode and add
the patch by # rpm -ivh <patch name> command.
Page 73
RED-HAT LINUX 6/7
(xiii) Then reboot the system and won't attach the mirror disk to avoid any unexpected situations or
problems and put that server under test upto 1week or 10 days depending on the company's policy.
(xiv) After the test period, if there is no problems raised then attach the system in live mode and also
with mirror disk to sync the data to update the system.
(xv) Then we inform the Application, Database, Monitoring and other teams who are dealing with
that server to test application, database, monitoring and others see the status.
(xvi) Then finally close the issue or CRQ.
17. After installation of package or patch if the package or patch is removed then what will happened?
(i) If kernel patch is removed, then the system will hang and for others there is no effect.
(ii) If package is removed then the application that belongs to that removed package will effect.
18. After applying the patch need to reboot the system or not?
(i) If the patch is kernel patch or clustered patch then only the system reboot is required.
(ii) If the patch is normal patch then there is no need of the reboot required.
19. If the package is not installing. How to troubleshoot?
(i) Check the package pre-requisites to install the package.
(ii) If pre-requisites are not matched with our system, then the package will not be installed i.e.,
O/S compatibility to install that package.
(iii) If there is no sufficient space in the system, the package will not be installed.
(iv) If the package is not properly downloaded, then the package will not be installed.
20. If the patch is not applied successfully what will you do?
(i) Check whether the patch is installed properly or not by # rpm -qa <patch name>
command.
(ii) Check the /var/log/yum.log file to verify or see why the patch is not successfully installed.
(iii) If any possible to resolved those issues, resolve and remove that patch with # rpm -e
<patch name> command.
(iv) If any reboots required to effect, then reboot the system.
(v) Again add that patch by # rpm -ivh <patch name> command.
(vi) Then check the patch by # rpm -qa <patch name> command
Other useful yum commands :
# yum repoinfo (to list all the information on all the repositories)
# yum repoinfo <repo id> (to list all the information on specified
repository)
# yum install <package name> -y (to download and install the package and y
means yes)
# yum install <package name> -d (to download the package)
# yum erase or remove <package name> -y (to remove or uninstall the package and y
means yes)
# yum list installed (to display the list of all installed
packages)
# yum list available (to list all the available packages to be installed)
# yum list all | less (to list all the installed and not installed
packages)
# yum search <package name> (to search a particular package is available or
not)
# yum info <package name> (to display the information on that package)
# yum update <package name> (if the update version of the specified package is
available, then
update that package)
# yum update all (to update all the packages nothing but whole system
will be updated)
Page 74
RED-HAT LINUX 6/7
# yum downgrade <package name>(to revert back ie., go back to previous version of that package if
new version is not working
properly)
# yum history (to display the yum history)
# yum history info < id > (to display the information of that history id)
# yum history undo < id > (to remove that history id)
# yum history undo < id > (to redo the above removed history id)
# yum grouplist (to display the list of group packages)
# yum groupinstall <package name> (to install the group package)
# yum install@<group package name> (to install the group package in another way)
# yum groupinfo <group package name> (to display the group package information)
# yum grouplist hidden (to list all the group packages names including
installed or not installed and
hidden group packages)
# yum-config-manager disablerepo=<repo id> (to disable the yum repository. So, we cannot
install any package
from the repository)
# yum clean all (to clear the history, if we disable the repository id, then we have to clean the
history, then only it will
disable the repository)
# yumdownloader <package name> (to download the package from the repository,
and the downloaded location is the present
working directory)
# man yum.conf (to see the manual pages on yum configuration
file)
# yum-config-manager --add-repo=http://content.example.com/rhel7.0/x86_64/dvd (then the
yum repository will be created automatically with .repo file also. And this works
only in RHEL - 7)
# subscription-manager register --username=<user name> --password=<password> (to register
our product with RHN--Redhat Network. The user name and passwords will be provided by the Redhat
when we purchase the software)
# subscription-manager unregister --username=<user name> --password=<password> (to
unregister our product with RHN--Redhat Network. The user name and passwords will be provided by the
Redhat when we purchase the software)
Page 75
RED-HAT LINUX 6/7
In information technology, a backup or the process of backing up is making copies of data which may
be used to restore the original after an event of data loss. Backup has two distinct purposes.
The primary purpose is to recover data after its loss due to deletion or corruption. Data loss is very
common in IT industry.
The second purpose of backup is to recover data from an earlier time.
Backup is the most important job of a system administrator, as a system admin it is our duty to take
backup of the data every day. Most companies have gone out of the market because of poor backup planning
or policy.
2. What is recovery or restore?
Copying files from any removable media to local disk is called recovery or restore. Backup will be
helped in hardware failure or software failure or system crashed.
3. What are the backup tools available in the IT industry?
Platform Backup Tools
Windows ntbackup
Linux tar, cpio, dd, dump, restore
3rd party Veritas netbackup, Amanda and Tivoli
4. What is tar and Explain it or how to take a backup using tar?
Archiving means collection of files and directories and to make a single file nothing but compression.
tar means tape archiving. It is an archive file. By using tar command we can take a backup of files and
directories. It cannot support file systems backup and also not support for large files more than 80GB. tar will
not skip any single file including bad blocks also.
Full syntax of tar :
# tar <options><destination file name with path><source file or directory with path>
The options are, -c -----> create
-v -----> verbose
-f -----> file name
-t -----> listing
-tv ----> long listing
-x -----> extract
-w ---->interactive
-C -----> specific location (Capital C)
-u -----> update means adding new contents to the existing tar file
--update -----> " "
--delete -----> deletes the contents from the tar file
-p ----> preserve the old permissions of the files/directories when
extracting the tar file
-z ----> gzip (gun zip) compression
-j ----> bzip2 (bun zip) compression
-J ----> xz compression (from RHEL - 7)
Examples:
# tar -cvf /root/etc.tar /etc/* (to copy all the files and directories from /etc and make
a single file and place in
the /root/etc.tar file)
# tar -tvf /root/etc/tar (to long listing the contents of the /root/etc.tar
file)
# tar -xvf /root/etc.tar -C /root1/ (to extract and copy the files in /root1/
location)
# tar -xf /root/etc.tar (to list the contents of the tar file)
Page 76
RED-HAT LINUX 6/7
# tar -f /root/etc.tar --update or -u <file name or directory> (to add the new contents to the
existing
tar file)
# tar -f /root/etc.tar --delete <file name or directory> (to delete the file from the tar)
# tar -u /root/etc.tar /var (to add the /var contents into the /root/etc.tar file)
# tar -cvf mytar.tar / --xattrs (to archive the contents along with SELinux and ACL
permissions)
# du -h /root/etc.tar (to see the size of the tar compressed file)
5. What are the compressing & uncompressing tools available for tar and explain them?
Compressing Tools Uncompressing Tools
# gzip (.gz) # gunzip
# bzip2 (.bz2) # bunzip2
# xz (RHEL - 7) # unxz
# gzip <tar file name> (to compress the size of the tar file and the output file is
.tar.gz)
# gunzip < .gz compressed file name> (to uncompress the compressed tar file and the output is
.tar only)
# bzip2 <tar file name> (to compress the size of the tar file and the output is
.tar.bz2)
# bunzip2 < .bz2 compressed file name> (to uncompress the compressed file and the output is
.tar only)
6. What is scp, rsyncand how to use it?
scp means secure copy. ie., ssh + cp = scp which is used to copy the files/directories into remote
system.
scp will copy files/directories into remote system blindly ie., if the file already exits, it will over write
that file.
So, scp will take more time to copy when compared to # rsync tool.
# scp <file name><user name>@ <IP address of the remote system>:<location to be copied>
# scp anaconda* root@192.168.1.1:/root (to copy anaconda file into /root of the remote system)
# scp -r /etc/ root@192.168.1.1:/raju (to copy /etc/ directory into /raju of remote
system)
#scp -av /raju root@192.168.1.1:/root (to copy /raju into /root of the remote system)
# scp -r root@192.168.1.1 :/etc /home (to copy /etc of the remote system into /home of the
local
system)
rsync is also used to copy files/directories into remote systems. rsync tool will compare the new files
or directories and copy only the changed or modified contents of the files into remote system. So, it takes less
time to copy when compared to # scp tool.
# rsync -av root@192.168.1.1:/etc /home (to copy /etc directory changed contents into
/home)
rsync options are, -a -----> all (copy the file with all permissions except SELinux and ACL
permissions)
-aA -----> synchronize ACL permissions
-aAx ----> synchronize ACL and SELinux permissions also.
7. What is cpio and how to take a backup and restore using cpio?
cpio means copy input and output. It supports any size of the file system. It skips the bad blocks also.
Syntax of cpio with full options :
# ls <source file name> |cpio <options>><destination file name> (to take a backup of the source
directory and stored the backup into
destination directory)
The options are, -t -----> to list the cpio contents
-i -----> to restore the cpio backup
Page 77
RED-HAT LINUX 6/7
Page 78
RED-HAT LINUX 6/7
# dump -2uvf /opt/full.dump /coss (to take a backup modified files from the last
incremental level -1
backup)
The syntax for restore :
# restore <options><dump backup file> (to restore the backup contents if that data is lost)
The options are, -f -----> used to specify the dump or backup file
-C -----> used to compare the dump file with original file
-v -----> verbose
-e -----> exclude the inode number
-i -----> restore in interactive mode
The commands in interactive mode are,
restore> ls -----> list the files and directories in the backup file
restore> add ----> add the files from dump file to current working directory
restore> cd -----> change the directory
restore> pwd ---> displays the present working directory
restore> extract ----> extract the files from the dump file
restore> quit ---> to quit from the interactive mode
# restore -tf /opt/full.dump (to list the dump file contents)
# restore -rf /opt/full.dump (to restore the dump file contents)
10. How many types of backup available?
There are mainly three types of backups available.
(i) Full backup (Entire file system backup)
(ii) Incremental backup (backup from the last full backup or incremental backup)
(iii) Cumulative or differential backup (backup from last full backup or cumulative backup)
11. What is the difference between incremental and differential backup?
Incremental backup :
Taking a backup from the last full backup or last incremental backup
Differential backup :
Taking a backup from last full backup or last cumulative or differential backup
12. Which file will update when backing up with dump command?
/etc/dumpdates file will be updated when backing up with dump command.
13. What are the dump devices?
(i) Tape drives
(ii) Disks (local disks)
(iii) Luns (network disks)
14. What is snap shot?
(i) The point - in - time copy of the file system is called the snap shot.
(ii) It provides online backup solution of the file system.
(iii) We can take a backup while the file system is mounted and it is in multi-user mode.
(iv) It occupied only as much disk space as the file system ie., being captured.
(v) We can also create backup, delete, query temporary (read-only) snap shots using fssnap
command.
15. What are the differences between tar and cpio commands?
(i) By tar we can take backup upto 80GB size of file systems , but using cpio there is no limit.
(ii) In tar the backup is in archive format ie., in compressed state, but in cpio there is no
compression.
(iii) In both the types only the whole backup is possible.
16. How to take a backup on production servers?
(i) Normally in backup environment we have 3 servers.
(a) Master server (production servers -- 1 or 2 no's).
(b) Media server (backup server -- 1 or 2 no's).
(c) Client server (Normal system)
Page 79
RED-HAT LINUX 6/7
Page 80
RED-HAT LINUX 6/7
(c) # service command is used to start or stop the (c) # systemctl is the command to start or stop
services temporarily and # chkconfig is used the services temporarily or next booting
to start or stop the services at next booting time. time.
(c) It will take more time to the system and (c) It will take less time to start the system and
services. services when compared to RHEL - 6.
(d) It will start the services one by one. (d) It will start the services parallel not one by one.
Page 81
RED-HAT LINUX 6/7
Many services are required to run all the time however many can be turned off for both security
reasons as running unnecessary services opens more doors into our computer but also for performance
reasons. It may take much difference but our computer should boot slightly faster with less services it has to
start on boot.
So, one of the technique to start the system fast and maintain to improve security is turn off the
unneeded services.
6. What are masking and unmasking the services?
Masking the services means hiding the services and unmasking the services means unhiding the
services. The masking and unmasking are the new commands in RHEL - 7. If any two similar services (for
example ntp and chrony) are there in a system, we cannot start the two services at a time. In these scenarios
we go for mask and unmask commands.
# systemctl mask sshd (to hide the sshd service temporarily ie., we cannot start
the services
when we mask any service)
# systemctl unmask sshd (to unhide the sshd service ie., we can start the
service again)
* we can also use RHEL - 6 commands like as, # service and # chkconfig , but these two commands
will
internally call the # systemctl commands only. So, in RHEL - 7 # systemctl command is the
recommended
one.
# systemctl --failed --type=service (to check all the failed services)
# systemctl --failed --type=process (to check all the failed processes)
* In RHEL - 6 service names ends with 'd' only, but in RHEL - 7 the service names ends with d.service
and these
are all text files only. So, in RHEL - 7 we can open and see all the system services and read their contents.
# ps (to see the active process in the system)
# top (It will show a dynamic real-time view of a running system. ie., a summary of
processes or threads currently managed
by the Linux kernel)
# kill (It sends the specified signal to the specified process or process group)
# pkill (It will send the specified signal to each process instead of listing them on standard
output)
# pstree (to show all the running processes as a tree structure. The tree is rooted either pid
or init)
# nice (to run a program with modified scheduling priority ie., it runs the process with an
adjustable niceness)
# renice (to alter the scheduling priority of one or more running processes)
# pgrep (to list the process id's which matches with the pgrep argument)
RHEL - 6 commands :
# service <service name> status (to check the status of the service)
# service <service name> start (to start the service)
# service <service name> stop (to stop the service)
# service <service name> reload (to reload the service)
# service <service name> restart (to restart the service)
* These above commands will change the service statuses temporarily. So if we want to change
statuses of the
process automatically from next boot onwards we have to enable those services as given below.
# chkconfig --list (to check the availability of the services in
different run levels)
Page 82
RED-HAT LINUX 6/7
# chkconfig --list <service name> (to check the availability of the service in
different run levels)
# chkconfig <service name> on (to make the service available after restart)
# chkconfig <service name> off (to make the service unavailable after next boot)
# chkconfig --level <1-6><service name><on/off> (to make the service available or unavailable on
the
particular run level)
# chkconfig --level 5 vsftpd on (to make the vsftpd service available on run level 5)
# chkconfig --level 345 vsftpd on (to make the vsftpd service available on run levels 3, 4
and 5)
RHEL - 7 commands :
# systemctl status <service name> (to check the status of the service)
# systemctl start <service name> (to start the service)
# systemctl stop <service name>(to stop the service)
# systemctl reload <service name> (to reload the service)
# systemctl restart <service name> (to restart the service)
* These above commands will change the service statuses temporarily. So if we want to change
statuses of the
process automatically from next boot onwards we have to enable those services as given below.
# systemctl enable <service name> (to make the service available at next boot)
# systemctl disable <service name> (to make the service unavailable at next boot)
# grep <string name><file name> (to display the specified string in that file)
# grep -n <string name><file name> (to display the string with line no's)
# grep -e <string name 1> -e <string 2><file name> (to display 2 or multiple strings in that
file)
# grep -o <string name><file name> (to display only that string in that file not whole the text
of that file)
# grep -v <string name><file name> (to display all the strings except the specified one)
# grep ^ this coss (to display the line which is starting with the
specified string)
Page 83
RED-HAT LINUX 6/7
Page 84
RED-HAT LINUX 6/7
Page 85
RED-HAT LINUX 6/7
3. SIGQUIT -----> to quit the process from keyboard (nothing but Ctrl + l)
9. SIGKILL -----> to kill the process forcefully (nothing but unblockable)
15. SIGTERM -----> wait for completing the process and then terminate (terminate gracefully)
18. SIGCONT -----> to continue or resume the process if it is stopped
19. SIGSTOP -----> to terminate the process (If it is not stopped the process we cannot continue
or resume that process by Ctrl +
c or Ctrl + z)
20. SIGHTSTP ----> to stop the process (nothing but Ctrl + z)
* But the most commonly used signals are 1, 9, 15 and 20.
* The default signal is 15 (gracefully) when we not specified any signal.
# kill - <signal><process ID> (to kill the specified process using kill signal)
# kill -9 1291 (to kill the process which has the PID as 1291)
* If we not specified the signal no. then the default signal 15 will effect.
# kill 1291 (to kill the process 1291 with default signal)
# pkill -u <user name> (to kill all the processes of the specified user)
# pkill -u raju (to kill all the processes of the user raju)
# pkill -9 firefox (to kill the firefox process)
7. How many process states are there?
There are six process states and they are,
(i) Running process (the process which is in running state and is indicated by " r " ).
(ii) Sleeping process (the process which is in sleeping state and is indicated by " s " )
(iii) Waiting process (the process which is in waiting state and is indicated by " w " ).
(iv) Stopping process (the process which is in stopping state and is indicated by " T " ).
(v) Orphan process (the process which is running without parent process and is indicated by " o " ).
(vi) Zombie process (the process which is running without child process and is indicated by " Z " ).
8. What is Orphan process?
The processes which are running without parent processes are called Orphan processes. Sometimes
parent process closed without knowing the child processes. But the child processes are running at that time.
These child processes are called Orphan processes.
9. What is Zombie process?
When we start parent process, it will start some child processes. After some time the child processes
will died because of not knowing the parent processes. These parent processes (which are running without
child processes) are called Zambie processes. These are also called as defaunct processes.
10. How to set the priority for a process?
Processes priority means managing processor time. The processor or CPU will perform multiple tasks
at the same time. Sometimes we can have enough room to take on multiple projects and sometimes we can
only focus on one thing at a time. Other times something important pops up and we want to devote all of our
energy into solving that problem while putting less important tasks on the back burner.
In Linux we can set guidelines for the CPU to follow when it is looking at all the tasks it has to do.
These guidelines are called niceness or nice value. The Linux niceness scale goes from -20 to 19. The lower
the number the more priority that task gets. If the niceness value is higher number like 19 the task will be set
to the lowest priority and the CPU will process it whenever it gets a chance. The default nice value is 0 (zero).
By using this scale we can allocate our CPU resources more appropriately. Lower priority programs
that are not important can be set to a higher nice value, while the higher priority programs like deamons and
services can be set to receive more of the CPU's focus. We can even give a specific user a lower nice value for
all his/her processes so we can limit their ability to slow down the computer's core services.
There are two options to reduce/increase the value of a process. We can either do it using the nice
or renice commands.
Examples :
# nice -n <nice value range from -20 to 19><command> (to set a priority to a process before
starting it)
Page 86
RED-HAT LINUX 6/7
# nice -n 5 cat > raju (to set the medium priority to cat
command)
# ps -elf (to check the nice value for
that command)
* To reschedule the nice value of existing process, first check the PID of that process by # ps -elf
command
and then change the niceness of that command by # renice <nice value (-20 to 19)>< PID > command.
# renice 10 1560 (to reschedule the PID
1560)
11. What is top command and what it shows?
top is a command to see the processes states and statuses information continuously until we quit by
pressing " q ". By default top command will refresh the data for every 3 seconds.
When we need to see the running processes on our Linux in real time, the top command will be very
useful. Besides the running processes the top command also displays other information like free memory both
physical and swap.
The first line shows the current time, "up 1 day" shows how long the system has been up for, "3
user" how many users login, "load average : 0.01, 0.00, 0.23" the load average of the system 1, 5 and
15 minutes.
The second line shows the no of processes and their current states.
The third line shows CPU utilization details like % of the users processes, % of the system processes,
% of available CPU and % of CPU waiting time for I/O (input and output).
The fourth and fifth lines shows the total physical memory in the system, used physical memory,
free physical memory, buffered physical memory, the total swap memory in the system, used swap memory,
free swap memory and cached swap memory, ... etc.,
From sixth line onwards the fields are as follows.
PID Process ID
USER Owner of the process ie., which user executed that process
PR Dynamic Priority
NI Nice value, also known as base value
VIRT Virtual size of the task includes the size of processes executable binary
RES The size of RAM currently consumed by the task and not included the swap portion
SHR Shared memory area by two or more tasks
S Task Status
% CPU The % of CPU time dedicated to run the task and it is dynamically changed
% MEM The % of memory currently consumed by the task
TIME+ The total CPU time the task has been used since it started. + sign means it is displayed
with hundredth of a second granularity. By default, TIME/TIME+ does not account
the CPU time used by the task's dead children
COMMAND Showing program name or process name.
* While running the top command, just press the following keys woks and the output will be stored in
real time.
1 -----> 2nd CPU information Shift + > -----> Page up
h ----->Help Shift + < -----> Page down
Enter -----> Refresh immediately n -----> Number of tasks
k -----> Kill the process u -----> user processes
M -----> Sort by memory usage P -----> Sort by CPU usage
Page 87
RED-HAT LINUX 6/7
Page 88
RED-HAT LINUX 6/7
The sosreport command has a modular structure and allows the user to enable and disable modules
and specify module options via the command line. To list available modules (plug-ins) use the
following command:
# sosreport -l
To turn off a module include it in a comma-separated list of modules passed to the -n/–skip-
plugins option. For instance to disable both the kvmand amd modules:
# sosreport -n kvm,amd
Individual modules may provide additional options that may be specified via the -k option. For
example on Red Hat Enterprise Linux 5 installations the sos rpm module collects "rpm -Va" output by default.
As this may be time-consuming the behaviour may be disabled via:
# sosreport -k rpm.rpmva=off
16. What is the command to see the complete information on virtual memory?
# vmstat is the command to the complete information on virtual memory like no of processes,
memory usage, paging memory, block I/O (input /output), traps, disk and CPU activity.
# vmstat 2 10 (It will give the report for every 2 seconds upto 10 times)
The fields are, r -----> how many waiting processes
b -----> how many processes are busy
swapd -----> how much virtual memory used
free -----> how much memory is freely available
buffer -----> how much temporary memory using
caching -----> how much caching still using
swapin -----> how much data transferred from RAM to swap
swapout ---> how much data transferred from swap to RAM
bi -----> how much block input
bo -----> how much block output
system in ---> the no. of interrupts
system cs ---> the no. of contexts changed
# vmstat -a (to see the active and inactive processes)
# vmstat -d (to see the statistics of the disk used)
# cat /proc/meminfo (to see the present memory information)
17. What is the command to see the I/O statistics?
# iostat (to see the Input and Output statistics in the Linux system)
* This command is used to monitoring the system input and output statistics and processes
transfer rate.
* It is also used to monitor how many kilo bytes read per second and how many kilo bytes
read and write, shows CPU load average statistics since the last reboot in first line and most current
data is shown in the second line.
18. How many CPUs are there in the system?
# cat /proc/cpuinfo command will show no. of CPUs, no. of cores, no. of threads, no. of sockets
and the CPU architecture, ...etc., information.
# nproc command will give the no. of CPUs present in the system.
# lscpu command will give the information the architecture of the CPU (x86_64 or x86_32), no. of
cores, no. of threads, no. of sockets, cache memory sizes (L 1, L 2, L 3, ...etc) , CPU speed and the
vendor of the CPU.
19. How to send the processor into offline?
# ls -l /sys/devices/system/cpu is the command to see the no. of processors present in the
system.
# echo 0 > /sys/devices/system/cpu/cpu4/online is the command to send the CPU4 into offline.
# grep "processor" /proc/cpuinfo or # cat /sys/devices/system/cpu/offline are the command
to see the processor status whether offline.
20. How to send the processor into online?
Page 89
RED-HAT LINUX 6/7
Page 90
RED-HAT LINUX 6/7
Before using the SAR utility first we should install the SAR utility package by # yum install sysstat*
-y command.
Examples :
# sar 2 10 (It will give the system report for every 2 seconds upto
10 times)
Page 91
RED-HAT LINUX 6/7
# sar -p 2 10 (to see the CPU utilization for every 2 seconds upto
10 times)
# sar -p ALL -f /var/log/sa/sa25 (to check the CPU utilization on 25th day of the
current month)
# sar -p ALL -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 (to check the CPU utilization on
10th day of the current month from 7:00 to 15:00 hrs. where -s means
start time -e end time)
# sar -r 2 10 (to see the memory utilization for every 2 seconds upto
10 times)
# sar -r -f /var/log/sa/sa14 (to check the memory utilization on 14th day of the
current month)
# sar -r -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 (to check the memory utilization on
10th day of the current month from 7:00 to 15:00 hrs. where -s means
start time -e end time)
# sar -S 2 10 (to see the swap utilization for every 2 seconds upto
10 times)
# sar -S -f /var/log/sa/sa25 (to check the swap utilization on 25th day of the
current month)
# sar -S -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 (to check the swap utilization on 10th
day of the current month from 7:00 to 15:00 hrs. where -s means
start time -e end time)
# sar -q 2 10 (to see the load average for every 2 seconds upto
10 times)
# sar -q -f /var/log/sa/sa14 (to check the load average on 14th day of the
current month)
# sar -q -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 (to check the load average on 10th day
of the current month from 7:00 to 15:00 hrs. where -s means start
time -e end time)
# sar -B 2 10 (to see the paging information for every 2 seconds upto
10 times)
# sar -d 2 10 (to see the disk usage for every 2 seconds upto
10 times)
# sar -m 2 10 (to see the power management for every 2 seconds upto
10 times)
# sar -b 2 10 (to see the disk input and output statistics for every 2 seconds upto
10 times)
29. What are the port no. for different services?
The Port no. list :
FTP (For data transfer) 20 HTTP 80
FTP (For connection) 21 POP3 110
SSH 22 NTP 123
Telnet 23 LDAP 389
Send Mail or Postfix 25 Log Server 514
DNS 53 HTTPS 443
DHCP (For Server) 67 LDAPS (LDAP + SSL) 636
DHCP (For Client) 68 NFS 2049
TFTP (Trivial File transfer) 69 Squid 3128
Page 92
RED-HAT LINUX 6/7
* Ping is not used any port number. It is used ICMP (Internet Control Message Protocol) only.
Other useful commands :
# uptime (to see from how long the system is running and also gives the load average report)
* The load average is having 3 fields. 1 - present status, 2 - 5 minutes back and 3 - 15 minutes
back.
# iostat 5 2 (to monitor the input and output statistics for every 5 seconds upto
10 times)
# nproc (to check how many processors (CPUs) are there in
the system)
# top 1 (to see the no. processors (CPUs) are there in
the system)
# iptraf (to monitor the TCP or network traffic statistics in graphical
mode)
* Before using this command install the iptraf package by # yum install iptraf* -y command.
# iftraf -ng -f eth0 (to see the IP traffic statistics in
graphical mode)
# lscpu (to see the no. of CPUs present in the
system)
# lsusb (to see the no. of USB devices present in the
system)
# lsblk (to see all the partitions or block devices
information)
# cat /etc/redhat-release (to see the RHEL
version of system)
# dmidecode (to see the complete hardware information of
the system)
# dmidecode -t memory (to see the memory
information of the system)
# dmidecode -t bios (to see the system's bios
information)
# dmidecode -t system (to see the system's
information)
# dmidecode -t processor to see the processor's (CPU's) information of
the system)
# dmidecode -t 1 (to check the System's Serial No.
information)
# dmidecode -t 4 (to see the processor's (CPU's)
information)
# dmidecode -t 16 (to check the Max. RAM capacity of
the system)
# dmidecode -t 17 (to check how much RAM the
system is using)
# pidstat (to monitoring the individual tasks currently being managed by the
Linux kernel)
# nfsiostat (to monitor the NFS input
and output statistics)
Page 93
RED-HAT LINUX 6/7
Page 94
RED-HAT LINUX 6/7
Once an incoming request is received, the data requested or uploaded by the client computer is
transferred through a separate port 22 and referred as Data Port. At this point, depending on the Active or
Passive mode of the FTP connection, the port number used for the Data Transfer Varies.
3. What is Active FTP?
In Active FTP connection, the connection is initiated by the Client, and the data connection is initiated
by the Server. And as the server actively establishes the data connection with the client, hence it is called the
Active FTP. Here the client opens up a port higher than 1024 and it connects to the server through port 21.
Then the server opens its port 20 to establish a data connection.
4. What is Passive FTP?
In Passive FTP connection, both command and data connections are established by the client. In this
the server acts as entirely passive, that's why it is called the Passive FTP. Here the server listens for incoming
requested connections from client through port 21 and the client also initiates the data connection at port 20.
5. What is the main difference between the Active FTP and Passive FTP?
The main difference between the Active FTP and the Passive FTP is based on who initiates the data
connection between the server and the client. If the data connection is initiated by the server, that is called
Active FTP and if the data connection is initiated by the client, that is called Passive FTP.
6. What is the profile for FTP server?
(i) It is used for uploading and downloading the files and directories cannot be downloaded.
(ii) The FTP server packageis vsftpd.
(iii) The FTP client packages are ftp and lftp.
(iv) The FTP server deamon is vsftpd (Very Secure FTP deamon)
(v) The FTP scripting file is /etc/initd/vsftpd
(vi)Port numbers 20 for data connection and 21 for FTP command connection.
(vii) The document root for FTP is /var/ftp
(viii) The FTP home directory is /var/ftp
(ix) The FTP configuration files are,
(a) /etc/vsftpd/vsftpd.conf
(b) /etc/vsftpd/user_list
(c) /etc/vsftpd/ftpuser
(d) /etc/pam.d/vsftpd
7. How to configure the FTP server?
(i) Install the FTP package by # yum install vsftpd* -y command.
(ii) Goto FTP document root directory and create some files by # cd /var/ftp/pub
# touch f(1..10}
(iii) Restart the FTP service or deamon by # service vsftpd restart command in RHEL - 6.
# systemctl restart vsftpd command in RHEL - 7.
(iv) Make the FTP service or deamon enable even after reboot the server by
# chkconfig vsftpd on command in RHEL - 6 and # systemctl enable vsftpd command
in RHEL - 7.
(v) Add the FTP service to the IP tables (RHEL - 6) and Firewalld (RHEL - 7).
RHEL - 6 :
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --deport 21 -j ACCEPT
# iptables -A OUTPUT -m state --state NEW -m tcp -p tcp --deport 21 -j
ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --deport 20 -j ACCEPT
# iptables -A OUTPUT -m state --state NEW -m tcp -p tcp --deport 20 -j
ACCEPT
RHEL - 7 :
# firewall-cmd --permanent -add-service=ftp command in RHEL - 7.
# firewall-cmd --complete-reload command in RHEL - 7.
8. How to configure the FTP client and how to connect the ftp server?
(i) Go to the client machine and install the FTP and Lftp packages.
Page 95
RED-HAT LINUX 6/7
Page 96
RED-HAT LINUX 6/7
Page 97
RED-HAT LINUX 6/7
(vi) # getsebool -a | grep ftp (to check the SELinux Boolean of the root home
directory)
(vii) # setsebool -p ftp_home_dir on (to change the Boolean of the root
home directory)
* Now go to client system and try to login the FTP server as root user. Here we can access the FTP
server.
16. What are the difference between FTP and LFTP servers?
(i)The user name and password are required to access the FTP server but LFTP does not requires
passwords.
(ii) In ftp>prompt the " Tab " key will not work but in lftp> prompt the " Tab " key will work
as usual.
Other useful FTP Commands :
# ftp 172.25.9.11 (to access the FTP server provide FTP user
name and password)
ftp > ls (to see all the files and directories in FTP root
directory)
ftp > !ls (to see the local nothing present working
directory files)
ftp > pwd (to see the FTP present working
directory)
ftp > !pwd (to see the local file system's present
working directory)
ftp > get <file name> (to download the specified file)
ftp > mget <file 1><file 2><file3> (to download multiple files at a time)
ftp > cd /var/ftp/pub/upload (to move to upload directory)
ftp > put <file name> (to upload the specified file into the FTP upload
directory)
ftp > lcd /root/Downloads (to change to the local /root/Download
directory)
ftp > help (to get the help about FTP commands)
ftp > bye or quit (to quit or exit from the FTP server)
# lftp 172.25.9.11 (to access the LFTP server without
asking any passwords)
Page 98
RED-HAT LINUX 6/7
Page 99
RED-HAT LINUX 6/7
This method is used to mount the NFS share by using the Autofs service. Autofs uses the automount
daemon to manage our mount points by only mounting them dynamically when they are accessed.
Autofs consults the master map configuration file /etc/auto.master to determine which mount points
are defined. It then starts an automount process with the appropriate parameters for each mount point.
Each line in the master map defines a mount point and a separate map file that defines the file systems
to be mounted under this mount point. For example, the /etc/auto.misc file might define mount points in
the /mnt directory; this relationship would be defined in the /etc/auto.master file.
Each entry in auto.master has three fields. The first field is the mount point. The second field is the
location of the map file, and the third field is optional. The third field can contain information such as a
timeout value.
For example, to mount the directory /product on the remote machine server9.example.com at the
mount point /mnt/nfs on your machine, add the following line to auto.master:
/mnt /etc/auto.misc --timeout 60
Next, add the following line to /etc/auto.misc:
nfs -rw server9.example.com:/product
The first field in /etc/auto.misc is the name of the /mnt subdirectory. This subdirectory is created
dynamically by automount. It should not actually exist on the client machine. The second field contains
mount options such asrw for read and write access. The third field is the location of the NFS export
including the hostname and directory.
The directory /mnt must be exits on the local file system. There should be no sub directories on the
local file system.
To start the autofs service, at a shell prompt, type the following command:
# servive autofs restart
To view the active mount points, type the following command at a shell prompt:
# service autofs status
If you modify the /etc/auto.master configuration file while autofs is running, you must tell the
automount daemon(s) to reload by typing the following command at a shell prompt:
# service autofs reload
7. How to configure NFS server?
(i) First install the NFS package by # yum install nfs* -y command.
(ii) Create the NFS shared directory on server system by # mkdir /public command.
(iii) Modify the permissions of the /public directory by # chmod 777 /public command. (These
permissions may be changed
depend on it's requirement)
(iv) Modify the SELinux context of the /public directory if SELinux is enabled by executing the below
command. # chcon -t public_content_t /public
(v) create some files in the /public directory by # touch f{1..10} command.
(vi) Open the file NFS configuration file and put an entry of the NFS shared information by # vim
/etc/exports command and type as an entry like <shared directory name><to whom to export the
shared directory> (<permissions>, sync)
For example,
# vim /etc/exports
/public *.example.com (ro/rw, sync) (save
and exit the file)
* Where *.example.com means the shared directory can be exported to all the systems of
the example.com domain.
* Permissions like ro (read only) or rw (read & write) and sync means the data will
always be synced.
/public desktop9.example.com (rw, sync) (to export the /public to desktop 5
system only)
/public *.example.com (ro, sync) (export to the entire example.com domain
with read only)
Page 100
RED-HAT LINUX 6/7
rw read/write permissions
ro read-only permissions
(vii) Export the above shared directory to the defined client systems by # exportfs -rv command.
(viii) Restart the NFS services by following the commands in RHEL - 6 and RHEL - 7.
# service rpcbind restart (to restart the rpcbind service
in RHEL - 6)
# service nfs restart (to restart the
NFS service in RHEL - 6)
# systemctl restart nfs-server (to restart the NFS service
in RHEL - 7)
(ix) Make the NFS service permanently boot at next boot time onwards as follows.
# chkconfig rpcbind on (to on the rpcbind service
in RHEL - 6)
# chkconfig nfs on (to on the nfs
service in RHEL - 6)
# systemctl enable nfs-server (to enable the
nfs-server in RHEL - 7)
(x) Export the NFS shared directory as follows.
# exportfs -rv
(xi) Enable the NFS service to the IP tables and Firewall in RHEL - 6 and RHEL - 7 as follows.
In RHEL - 6 :
(i) # setup
(a) Select Firewall Configuration.
(b) Select Customize ( Make sure firewall option remain selected ).
(c) Select NFS4 ( by pressing spacebar once ).
(d) Select Forward and press Enter.
(e) Select eth0 and Select Close button and press Enter.
(f) Select ok and press Enter.
(g) Select Yes and press Enter.
(h) Select Quit and press Enter.
(ii) Now open/etc/sysconfig/iptables file and add the following rules under the rule for port
2049 and save file.
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
Page 101
RED-HAT LINUX 6/7
In RHEL - 7 :
# firewall-cmd --permanent -add-service=nfs (to enable the nfs
service at firewall)
# firewall-cmd --permanent -add-service=mountd (to enable
the mountd service at firewall)
# firewall-cmd --permanent -add-service=rpc-bind (to enable
the rpc-bind service at firewall)
# firewall-cmd --complete-reload (to reload the firewall)
8. What are requirements for NFS client?
(i) NFS server IP address or hostname.
(ii) Check the NFS shared name.
(iii) Create the local mount point.
(iv) Mount the NFS shared name on the local mount point.
(v) Go to mount point (local mount point) and access the NFS shared data.
9. How to access the NFS shared directory from the client?
(i) On Client system, install the nfs-utils package by # yum install nfs-utils* -y
command.
(ii) Check the exported NFS shared directory by # showmount -e <IP address or hostname
of the server>
Example : # showmount -e 172.25.9.11 or # showmount -e
server9.example.com
(iii) Create one mount point to mount the NFS shared directory by # mkdir /<mount point>
command.
Example : # mkdir /mnt/nfs
(iv) Mount the NFS shared directory on the above created mount point.
# mount <IP address or server hostname> : <NFS shared directory><mount
point>
Example : # mount 172.25.9.11:/public /mnt/nfs or
# mount server9.example.com:/public /mnt/nfs
* These are temporary mount only. ie., If the system is rebooted these are unmounted automatically
and we have to mount again after the system is rebooted.
Page 102
RED-HAT LINUX 6/7
(v) So, if we want to mount it permanently, then open /etc/fstab file and put an entry of the
mount point.
# vim /etc/fstab (to open the file)
<IP address or server hostname> : <shared name><mount point><file system>
defaults 0 0
Example : 172.25.9.11:/public /mnt/nfs nfs defaults 0 0 ( or )
server9.example.com:/public /mnt/nfs nfs defaults 0 0
(save and exit the file)
(vi) Mount all the mount points as mentioned in the above /etc/fstab file by # mount -a
command.
(vii) # df -hT command is used to check all the mounted partitions with file system types.
10. Why root user cannot create the files in the NFS shared directory and how to make him to create
the files?
The root user normally has all the permissions, but in NFS root user is also becomes as a normal
user. So, the root user having no permissions to create the files on the NFS shared directory.
The root user becomes as nfsnobodyuser and group also nfsnobody due to root_squash
permission is there by default. So, if we want to make the root user to create file on the NFS shared directory,
then go to server side and open the /etc/exports file and type as below,
<shared name> <domain name or systems names>(permissions, sync, no_root_squash)
Example : /public *.example.com(rw, sync, no_root_squash)
(save and exit the file)
# exportfs -rv (to export the shared directory)
# service nfs restart (to restart the NFS service in RHEL - 6)
# systemctl restart nfs-server (to restart the NFS service in RHEL - 7)
11. What are the disadvantages of the direct or manual mounting?
(i) Manual mounting means, we have to mount manually, so it creates so many problems. For
example if NFS service is not available then, # df -hT command will hang.
(ii) If the NFS server is down while booting the client, the client will not boot because it searches
for NFS mount point as an entry in /etc/fstab file.
(iii) Another disadvantage of manual mounting is it consumes more memory and CPU resources on
the client system.
So, to overcome the above problems normally indirect or automount is used using Autofs tool.
12. What is secure NFS server and explain it?
Secure NFS server means NFS server with Kerberos security. It is used to protect the NFS exports.
Kerbebors is a authentication tool to protect the NFS server shares. It uses the krb5p method to protect by
authentication mechanism and encrypt the data while communication.
For this one key file is required and this should be stored in each and every client which are accessing
the nfs secure directory. Then only Kerberos security will be available. This key file should be stored in
/etc/krb5.keytab file. For example the following command will download and store the keytab.
# wget http://classroom.example.com/pub/keytabs/server9.keytab -O /etc/krb5.keytab (where O
is capital)
13. How to configure the secure NFS server?
(i) Install the NFS package.
# yum install nfs* -y
(ii) Create a directory to share through NFS server.
# mkdir /securenfs
(iii) Modify the permissions of shared directory.
# chmod 777 /securenfs
(iv)Change the SELinux context of the directory if the SELinux is enabled.
# chcon -t public_content_t /securenfs
(v) Open the NFS configuration file and put an entry of the shared directory.
# vim /etc/exports
Page 103
RED-HAT LINUX 6/7
/securenfs *.example.com(rw,sec=krb5p)
(save and exit the file)
(vi)Download the keytab and store it in /etc/krb5.keytb file.
# wget http://classroom.example.com/pub/keytabs/server9.keytab -O
/etc/krb5.keytab
(vii)Export the shared the directory.
# exportfs -rv
(viii) Restart and enable the NFS services in RHEL - 6 and RHEL - 7.
# service nfs restart (restart the NFS
service in RHEL - 6)
# service nfs-secure-server restart (restart the secure NFS service in
RHEL - 6)
# chkconfig nfs on (enable the NFS
service in RHEL - 6)
# systemctl restart nfs-server (restart
the NFS service in RHEL - 7)
# systemctl restart nfs-secure-server (restart the secure
NFS service in RHEL - 7)
(ix) Enable the IPtables or firewall to allow NFS servicein RHEL - 6 and RHEL - 7 as follows.
In RHEL - 6 :
(i) # setup
(a) Select Firewall Configuration.
(b) Select Customize ( Make sure firewall option remain selected ).
(c) Select NFS4 ( by pressing spacebar once ).
(d) Select Forward and press Enter.
(e) Select eth0 and Select Close button and press Enter.
(f) Select ok and press Enter.
(g) Select Yes and press Enter.
(h) Select Quit and press Enter.
(ii) Now open /etc/sysconfig/iptables file and add the following rules under the rule for
port 2049 and save file.
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT
(iii) Restart the IP tables service by # service iptables restart command.
(iv) Make the IP tables service as permanent from next boot onwards as follows.
# chkconfig iptables on
In RHEL - 7 :
# firewall-cmd --permanent -add-service=nfs (to enable the nfs
service at firewall)
# firewall-cmd --permanent -add-service=mountd (to enable
the mountd service at firewall)
# firewall-cmd --permanent -add-service=rpc-bind (to enable
the rpc-bind service at firewall)
# firewall-cmd --complete-reload (to reload the firewall)
Page 104
RED-HAT LINUX 6/7
16. How to add the LDAP user shared directory and how the LDAP user access that directory on client?
(i) Create a sub-directory in /securenfs directory.
# mkdir /securenfs/secure
(ii) Change the ownership of the above sub directory to LDAP user.
# chown ldapuser9 /securenfs/secure
(iii) Assign the full permissions on that directory to LDAP user.
# setfacl -m u : ldapuser9 : rwx /securenfs/secure
(iv) Change the SELinux context of that directory if SELinux is enabled.
# chcon -t public_content_t /securenfs/secure
(v) Re-export the secure NFS shared directory.
# exportfs -rv
(vi) Restart the NFS services.
# service nfs restart (restart the NFS
service In RHEL - 6)
# service nfs-secure-server restart (restart the secure NFS service
In RHEL - 6)
# systemctl restart nfs (restart the NFS
service In RHEL - 7)
Page 105
RED-HAT LINUX 6/7
Page 106
RED-HAT LINUX 6/7
(vi) Network may be failed on both server and client or any one system.
(vii) May be server and client are not in the same domain or not pinging.
(viii) The server may be in hung or shutdown state.
20. What is Autofs ?
Autofs is service that can automatically mount the shared directory on demand and will automatically
unmount the shared directory if it is not accessed within the specified timeout period. The default timeout
period is 5 minutes or we can specify the timeout period in /etc/auto.master file.
21. What are the advantages of the Autofs?
(i) Shares are accessed automatically and transparently when a user tries to access any files or
directories under the designated mount point of the remote file system to be mounted.
(ii) Booting time is significantly reduced because no mounting is done at boot time.
(iii) Network access and efficiency are improved by reducing the number of permanently active mount
points.
(iv) Failed mount requests can be reduced by designating alternate servers as the source of a file
system.
(v) Users do not need to have root privilegesto mount or unmount the mount point.
(vi) We can reduce the CPU and memory utilizations because autofs will not mount permanently.
(vii) We can also reduce hard disk utilization because permanent mount points occupies the hard disk
space.
22. What are the minimum requirements for Autofs?
(i) autofs package.
(ii) autofs deamon.
(iii) One shared directory.
(iv) One mount point.
(v) Two configuration files are,
(a) /etc/auto.master
(b) /etc/auto.misc
23. How to configure Autofs?
(i) Install the autofs package by # yum install autofs* -y command.
(ii) Open /etc/auto.master file by # vim /etc/auto.master and at last type as below.
< Client's local mount point> /etc/auto.misc --timeout=60
Example :
/mnt /etc/auto.misc
(save and exit this file)
( * Where timeout=60 means, if the directory is not used for 60 seconds then the shared
directory is unmounted automatically. And the default is 5 minutes.)
(iii) Open /etc/auto.misc file by # vim /etc/auto.misc and types as below.
< Client temporary mount point >-<permissions><IP address or hostname of the server> :
<shared
name>
Example :
nfs -ro (or) -rw classroom.example.com:/public (save and
exit this file)
( * where -ro means read-only and -rw means read-write)
(iv) Restart the autofs service in RHEL -6 and RHEL - 7.
# service autofs restart (restart the autofs service in
RHEL - 6)
# chkconfig autofs on (enable the autofs service at next
boot in RHEL - 6)
# systemctl restart autofs (restart the autofs
service in RHEL - 7)
Page 107
RED-HAT LINUX 6/7
Page 108
RED-HAT LINUX 6/7
Page 109
RED-HAT LINUX 6/7
Page 110
RED-HAT LINUX 6/7
Page 111
RED-HAT LINUX 6/7
printable = no
(printing is not available)
= yes
(printing is available)
write list = raju (to give the
write permission to user raju)
= + <group name> (to give the
write permission to the group)
valid users = raju, u2 or @group 1, @group 2 (to give the
authentication to the users or groups)
hosts allow = IP 1 or IP 2 or host 1 or host2 or <host network ID> or <host
network ID> (to share the
directory to IP 1 or IP 2 or host 1 or host2)
work group = <windows work group name> (to share the directory
to the windows work group)
create mask = 644 (the files created by samba
users with 644 permission)
directory mask = 744 or 755 (the directories created by samba users with
744 or 755 permissions)
(save and exit the configuration file)
(viii) Verify the configuration file for syntax errors by # testparm command.
(ix) Restart the samba deamons in RHEL - 6 and RHEL - 7.
# service smbd nmbd restart (to restart
the samba services in RHEL - 6)
# chkconfig smbd nmbd on (to enable the samba
services at next boot in RHEL - 6)
# systemctl restart smb nmb (to restart
the samba services in RHEL - 7)
# systemctl enable smb nmb (to enable the samba
services at next boot in RHEL - 7)
(x) Add the samba service to IP tables and Firewall.
# setup (then select Firewall configuration option to add the service to IP
tables in RHEL - 6)
# service iptables restart (to restart the
IP tables in RHEL - 6)
# firewall-cmd --permanent --add-service=samba (to add the samba service to
firewall in RHEL - 7) # firewall-cmd --complete-reload
(to reload the firewall in RHEL - 7)
6. How to access the samba share directory at client side?
(i) Install client side samba packages by # yum install samba-client* cifs-utils -y
command.
(ii) Check the samba shared directory names from client side.
# smbclient -L //<host name or IP address of the server> (then it will ask
password, here don't enter any
password because it does not require any password)
Example :# smbclient -L //server9.example.com or 172.25.9.11
(iii) connect the samba server with user credentials and access the samba shared directory.
# smbclient //<host name or IP address of the server>/<shared directory name>
-U <samba user name>(Where U is Capital Letter and we have to enter
the user's samba password)
Example : # smbclient //server9.example.com/samba -U raju (then smb :/>
prompt appears)
Page 112
RED-HAT LINUX 6/7
Page 113
RED-HAT LINUX 6/7
Page 114
RED-HAT LINUX 6/7
Page 115
RED-HAT LINUX 6/7
Page 116
RED-HAT LINUX 6/7
Page 117
RED-HAT LINUX 6/7
# vim /etc/hosts (open this file and go to last line and type as below in
RHEL - 6 only)
<IP address> <fully qualified domain name> <hostname>
172.25.9.11 server9.example.com server9 (for example of the
above syntax)
# vim /etc/sysconfig/network (open this file and go to last line and type as below in
RHEL - 6 only)
HOSTNAME=<fully qualified domain name>
HOSTNAME=server9.example.com (for example of the above
syntax)
(ii) Open the DNS main configuration file by # vim /etc/named.conf command.
* Go to line number 11 and edit this line as below.
listen-on port 53 { 127.0.0.1; <server IP address>; };
Example : listen-on port 53 {127.0.0.1; 172.25.9.11; };
* Go to line number 17 and edit this line as below.
allow-query { localhost; <Network ID>/<netmask>; };
Example : allow-query {localhost; 172.25.9.0/24; };
(save and exit this file)
(iii) Open the DNS zone reference file by # vim /etc/named.rfc1912.zones command
* Go to line number 19 and copy 5 lines and paste them at last of the file.
zone "<domain name>" IN {
type-master;
file "<forward lookup zone file name>";
allow-update { none; };
};
Example : zone "example.com" IN {
type-master;
file "named.forward";
allow-update { none; };
};
* Go to line number 31 and copy 5 lines and paste them at last of the file.
zone "<Three octets of the DNS server IP address> . in . addr . arpa" IN {
type-master;
file "<reverse lookup zone file name>";
allow-update { none; };
};
Example : zone "9.25.172 . in . addr . arpa" IN {
type-master;
file "named.reverse";
allow-update { none; };
};
(save and exit this file)
(iv) Copy /var/named/named.localhost file to /var/named/named.forward and edit as follows.
# cp -p /var/named/named.localhost /var/named/named.forward
# vim /var/named/named.forward
* Go to line number 2 and edit as follows.
@ IN SOA <DNS server fully qualified domain name> . com root . <domain
name> . {
* Go to line number 8 and edit as follows.
NS <DNS server fully qualified domain name> .
A <DNS server IP address>
<DNS server fully qualified domain name> IN A <DNS server IP address>
Page 118
RED-HAT LINUX 6/7
Page 119
RED-HAT LINUX 6/7
Page 120
RED-HAT LINUX 6/7
Page 121
RED-HAT LINUX 6/7
# host client9.example.com
# host 172.25.9.10
(viii) Check the resolution with nslookup command.
# nslookup <hostname> (to check the
resolution with hostname)
# nslookup <IP address> (to check the
resolution with IP address)
Example :
# nslookup server9.example.com
# nslookup 172.25.9.11
# nslookup client9.example.com
# nslookup 172.25.9.10
9. How to configure the Secondary DNS server?
(i) Install the packages bind, caching-name for RHEL - 6 &bind, cashing-name and
unbound for RHEL - 7.
# yum install bind* caching-name* -y (to install the DNS packages
for RHEL - 6)
# yum install bind* caching-name* unbound* -y (to install the DNS
packages for RHEL - 7)
(ii) Change the hostname by adding fully qualified domain name and make it permanent.
# hostname <fully qualified domain name> (to change the
hostname in RHEL - 6)
# hostname server6.example.com (example for setting hostname temporarily in
RHEL - 6)
# hostnamectl set <fully qualified domain name> (to change the hostname in
RHEL - 7)
# hostnamectl set server6.example.com (example for setting hostname temporarily in
RHEL - 7)
# vim /etc/hosts (open this file and go to last line and type as below in
RHEL - 6 only)
<IP address> <fully qualified domain name> <hostname>
172.25.6.11 server6.example.com server6 (for example of the
above syntax)
# vim /etc/sysconfig/network (open this file and go to last line and type as below in
RHEL - 6 only)
HOSTNAME=<fully qualified domain name>
HOSTNAME=server6.example.com (for example of the above
syntax)
(ii) Open the DNS main configuration file by # vim /etc/named.conf command.
* Go to line number 11 and edit this line as below.
listen-on port 53 { 127.0.0.1; <server IP address>; };
Example : listen-on port 53 {127.0.0.1; 172.25.6.11; };
* Go to line number 17 and edit this line as below.
allow-query { localhost; <Network ID>/<netmask>; };
Example : allow-query {localhost; 172.25.6.0/24; };
(save and exit this file)
(iii) Open the DNS zone reference file by # vim /etc/named.rfc1912.zones command
* Go to line number 19 and copy 5 lines and paste them at last of the file.
zone "<domain name>" IN {
type-slave;
file "slaves/<forward lookup zone file name>";
master { <Primary DNS server IP address; };
Page 122
RED-HAT LINUX 6/7
};
Example : zone "example.com" IN {
type-slave;
file "slaves/named.forward";
master { 172.25.9.11; };
};
* Go to line number 31 and copy 5 lines and paste them at last of the file.
zone "<Three octets of the DNS server IP address> . in . addr . arpa" IN {
type-slave;
file "slaves/<reverse lookup zone file name>";
master { <Primary DNS server IP address; };
};
Example : zone "9.25.172 . in . addr . arpa" IN {
type-slave;
file "slaves/named.reverse";
master { 172.25.9.11; };
};
(save and exit this file)
(iv) Copy /var/named/slaves/named.localhost to /var/named/slaves/named.forward and edit as
follows.
# mkdir /var/named/slaves
# cp -p /var/named/slaves/named.localhost /var/named/slaves/named.forward
# vim /var/named/slaves/named.forward
* Go to line number 2 and edit as follows.
@ IN SOA <secondary DNS server fully qualified domain name> . com root
. <domain name> . {
* Go to line number 8 and edit as follows.
NS <DNS server fully qualified domain name> .
A <DNS server IP address>
<secondary DNS server fully qualified domain name> IN A <secondary DNS server
IP address>
<DNS server fully qualified domain name> IN A <DNS server IP address>
<Client 1 fully qualified domain name> IN A <Client 1 IP address>
<Client 2 fully qualified domain name> IN A <Client 2 IP address>
<Client 3 fully qualified domain name> IN A <Client 3 IP address>
www IN CNAME <DNS server fully qualified domain name>
Example : The line number 2 should be edited as follows.
@ IN SOA server6.example.com. root.example.com. {
The line number 8 should be edited as follows.
NS server6.example.com.
A 172.25.6.11
server6.example.com. IN A 172.25.6.11
server9.example.com. IN A 172.25.9.11
client9.example.com. IN A 172.25.9.10
client10.example.com. IN A 172.25.9.12
client11.example.com. IN A 172.25.9.13
www IN CNAME server6.example.com. (save and
exit this file)
(v) Copy /var/named/slaves/named.empty file to /var/named/slaves/named.reverse and edit
as follows.
# cp -p /var/named/slaves/named.empty /var/named/slaves/named.reverse
# vim /var/named/slaves/named.reverse
Page 123
RED-HAT LINUX 6/7
Page 124
RED-HAT LINUX 6/7
Example :
search example.com
nameserver 172.25.9.11
nameserver 172.25.6.11
(save and exit this file)
(x) Restart the DNS server deamons.
# service named restart (to restart the deamon in RHEL - 6)
# chkconfig named on (to enable the deamon at next
boot time in RHEL - 6)
# systemctl restart named unbound (to restart the deamons in RHEL -
7)
# systemctl enable named unbound (to enable the deamons at next
boot time in RHEL -7)
(xi) Add the DNS service to the IP tables and Firewall.
# setup (then select the Firewall configuration option and add
DNS in RHEL - 6)
# service iptables restart (to restart the IP tables in RHEL - 6)
# service iptables save (to save the IP tables in RHEL -
6)
# firewall-cmd --permanent --add-service=dns (to add the DNS service to firewall in
RHEL - 7)
# firewall-cmd --complete-reload (to reload the firewall in RHEL - 7)
(xi) Check whether the DNS is resolving or not.
# dig <DNS server fully qualified name> (to check the resolving from hostname to
IP address)
# dig -x <DNS server IP address> (to check the resolving from IP
address to hostname)
Example : # dig server6.example.com
# dig -x 172.25.6.11
(xii) Check the resolution with ping test.
# ping -c3 <secondary DNS server fully qualified domain name>(to check the ping test
with hostname)
# ping -c3 <IP address of the secondary DNS server> (to check the ping test with IP
address)
Example :
# ping -c3 server6.example.com
# ping -c3 172.25.6.11
(xiii) Check the resolution with host command.
# host <hostname> (to check the
resolution with hostname)
# host <IP address> (to check the
resolution with IP address)
Example :
# host server6.example.com
# host 172.25.6.11
(xiv) Check the resolution with nslookup command.
# nslookup <hostname> (to check the
resolution with hostname)
# nslookup <IP address> (to check the
resolution with IP address)
Example :
# nslookup server6.example.com
Page 125
RED-HAT LINUX 6/7
# nslookup 172.25.6.11
Page 126
RED-HAT LINUX 6/7
packet with that address information. The server also configures the client's DNS servers, WINS servers,
NTP serves and sometimes other services also.
(iv) Then the Client sends a REQUEST or DHCP REQUEST packet, letting the server know that
it intends to use the address.
(v) Then the server sends an ACK or DHCP ACK packet, conforming that the client has been
given a lease on the address for a server specified period of time.
3. What is the disadvantage to assign the Static IP address?
When a system uses a static IP address, It means that the system is manually configured to use a
specific IP address. One problem with static assignment, which can result from user error or inattention to
detail, occurs when two systems are configured with the same IP address. This creates a conflict that results
in loss of service. Using DHCP to dynamically assign IP addresses to avoid these conflicts.
4. What is the profile of DHCP?
Package : dhcp*
Script file : /etc/init.d/dhcpd
Configuration file : /etc/dhcp/dhcpd.conf
Deamon : dhcpd
Port numbers : 67 (dhcp server) and 68 (dhcp client)
Log messages : /var/log/messages
Page 127
RED-HAT LINUX 6/7
Page 128
RED-HAT LINUX 6/7
Page 129
RED-HAT LINUX 6/7
the results back to the browser. If it cannot locate the file, the server sends an error message to
the client.
(v) Then the browser translates the data it has been given into HTML and displays the results to
the user.
4. In how many ways can we host the websites?
IP based Web Hosting :
IP based web hosting is usedIP address or hostname web hosting.
Name based Web Hosting :
Hosting the multiple websites using single IP address.
Port based Web Hosting :
Web hosting using another port number ie., other than the default port number.
User based Web Hosting :
We can host the Web sites using the user name and password.
Page 130
RED-HAT LINUX 6/7
<Directory "/var/www/html">
AllowOverride none
Require All Granted
</Directory>
(save and exit this file)
Example :
# vim /etc/httpd/conf.d/ip.conf (create the
configuration file)
<VirtualHost 172.25.9.11:80>
ServerAdmin root@server9.example.com
ServerName server9.example.com
DocumentRoot /var/www/html
</VirtualHost>
<Directory "/var/www/html">
AllowOverride none
Require All Granted
</Directory>
(h) Go to document root directory and create the index.html file.
# cd /var/www/html
# vim index.html
<html>
<H1>
This is IP based Web Hosting
</H1>
</html>
(save and exit this file)
(i) Restart the web server deamon.
# service httpd start (to start the webserver
deamon in RHEL - 6)
# chkconfig httpd on (to enable the service at
next boot in RHEL - 6)
# systemctl restart httpd (to start the webserver deamon in
RHEL - 7)
# systemctl enable httpd (to enable the service at next boot in
RHEL - 7)
Page 131
RED-HAT LINUX 6/7
<Directory "/var/www/virtual">
AllowOverride none
Require All Granted
</Directory>
(save and exit this file)
Example :
# vim /etc/httpd/conf.d/virtual.conf (create
the configuration file)
<VirtualHost 172.25.9.11:80>
ServerAdmin root@server9.example.com
ServerName www9.example.com
DocumentRoot /var/www/virtual
</VirtualHost>
<Directory "/var/www/virtual">
AllowOverride none
Require All Granted
</Directory>
(d) Go to named based virtual directory and create the index.html file.
# cd /var/www/virtual
# vim index.html
<html>
<H1>
This is Name based Web Hosting
Page 132
RED-HAT LINUX 6/7
</H1>
</html>
(save and exit this file)
(e) Restart the web server deamon.
# service httpd start (to start the webserver
deamon in RHEL - 6)
# chkconfig httpd on (to enable the service at
next boot in RHEL - 6)
# systemctl restart httpd (to start the webserver deamon in
RHEL - 7)
# systemctl enable httpd (to enable the service at next boot in
RHEL - 7)
(f) Add the service to the IP tables and firewall.
In RHEL - 6 :
# iptables -A INPUT -i eth0 -p tcp -m tcp --deport 80 -j ACCEPT
# iptables -A OUTPUT -i eth0 -p tcp -m tcp --deport 80 -j ACCEPT
# service iptables save
# service iptables restart
In RHEL - 7 :
# firewall-cmd --permanent --add-service=http
# firewall-cmd --complete-reload
(g) Go to client system, open the firefox browser and type as http://www9.example.com in
address bar and check the index page is displayed or not.
(h) We can also access the website using elinks CLI tool.
# yum install elinks* -y (install the
elinks package)
# elinks --dump www9.example.com (access the
index page)
10. How to configure the port based web hosting?
(a) Make a directory for port based hosting.
# mkdir /var/www/port
(b) Go to the configuration file directory by # cd /etc/httpd/conf.d
(c) Create the configuration for port based hosting.
# vim /etc/httpd/conf.d/port.conf
<VirtualHost <IP address of the web server> : 8999>
ServerAdmin root@<hostname of the web server>
ServerName <port based hostname of the web server>
DocumentRoot /var/www/port
</VirtualHost>
<Directory "/var/www/port">
AllowOverride none
Require All Granted
</Directory>
(save and exit this file)
Example :
# vim /etc/httpd/conf.d/virtual.conf (create
the configuration file)
<VirtualHost 172.25.9.11:8999>
ServerAdmin root@server9.example.com
ServerName port9.example.com
DocumentRoot /var/www/port
Page 133
RED-HAT LINUX 6/7
</VirtualHost>
<Directory "/var/www/port">
AllowOverride none
Require All Granted
</Directory>
(d) Go to port based virtual directory and create the index.html file.
# cd /var/www/port
# vim index.html
<html>
<H1>
This is Port based Web Hosting
</H1>
</html>
(save and exit this file)
(e) Generally port based web hosting requires DNS server. So, we can solve this problem by the
following way.
For that open the /etc/hosts file enter the server name and IP addresses on both
server and client.
# vim /etc/hosts
172.25.9.11 port5.example.com
(save and exit this file)
(f) By default the web server runs on port number 80. If we want to configure on deferent port
number, we have to add the port number in the main configuration file.
# vim /etc/httpd/conf/httpd.conf
* Go to Listen : 80 line and open new line below this line and type as,
Listen : 8999
(save and exit this file)
(g) By default SELinux will allow 80 and 8080 port numbers only for webserver. If we use
different port numbers other than 80 or 8080 then execute the following command.
# semanage port -a -t http_port_t -p tcp 8999
(h) Restart the web server deamon.
# service httpd start (to start the webserver
deamon in RHEL - 6)
# chkconfig httpd on (to enable the service at
next boot in RHEL - 6)
# systemctl restart httpd (to start the webserver deamon in
RHEL - 7)
# systemctl enable httpd (to enable the service at next boot in
RHEL - 7)
(i) Add the service to the IP tables and firewall.
In RHEL - 6 :
# iptables -A INPUT -i eth0 -p tcp -m tcp --deport 8999 -j ACCEPT
# iptables -A OUTPUT -i eth0 -p tcp -m tcp --deport 8999 -j ACCEPT
# service iptables save
# service iptables restart
In RHEL - 7 :
# firewall-cmd --permanent --add-service=http
# firewall-cmd --permanent -add-port=8999/tcp
# firewall-cmd --complete-reload
(j) Go to client system, open the firefox browser and type as http://port9.example.com in
address bar and check the index page is displayed or not.
Page 134
RED-HAT LINUX 6/7
(k) We can also access the website using elinks CLI tool.
# yum install elinks* -y (install the
elinks package)
# elinks --dump port9.example.com (access the
index page)
11. How to configure user authentication based web hosting?
It will ask user name and password to access this website. So, we have to provide http password.
(f) Go to the configuration file directory by # cd /etc/httpd/conf.d
(g) Create the configuration for user authentication based hosting.
# vim /etc/httpd/conf.d/userbase.conf
<VirtualHost <IP address of the web server> : 80>
ServerAdmin root@<hostname of the web server>
ServerName <hostname of the web server>
DocumentRoot /var/www/html
</VirtualHost>
<Directory "/var/www/html">
AllowOverride none
Require All Granted
AuthType Basic
AuthName "This site is protected"
AuthUserFile /etc/httpd/pass
Require User <user name>
</Directory>
(save and exit this file)
Example :
# vim /etc/httpd/conf.d/userbase.conf (create the
configuration file)
<VirtualHost 172.25.9.11:80>
ServerAdmin root@server9.example.com
ServerName server9.example.com
DocumentRoot /var/www/html
</VirtualHost>
<Directory "/var/www/html">
AllowOverride none
Require All Granted
AuthType Basic
AuthName "This site is protected"
AuthUserFile /etc/httpd/pass
Require User raju
</Directory>
(h) Go to document root directory and create the index.html file.
# cd /var/www/html
# vim index.html
<html>
<H1>
This is User Authentication based Web Hosting
</H1>
</html>
(save and exit this file)
(i) Restart the web server deamon.
Page 135
RED-HAT LINUX 6/7
<Directory "/var/www/html">
AllowOverride none
Require All Granted
Order Allow, Deny
Allow from 172.25.9.0 or 172.25.0 (allows 172.25.9 network or 172.25 network to
access the websites)
Deny from .my133t.org (deny all the systems of *.my133t.org domain to access the
websites)
</Directory>
13. How to Redirect the website?
Page 136
RED-HAT LINUX 6/7
<Directory "/var/www/html">
AllowOverride none
Require All Granted
</Directory>
(save and exit this file)
(c) Go to document root directory and create the index.html file.
# cd /var/www/html
# vim index.html
<html>
<H1>
This is Redirect based Web Hosting
</H1>
</html>
(save and exit this file)
(d) Restart the web server deamon.
# service httpd start (to start the webserver
deamon in RHEL - 6)
# chkconfig httpd on (to enable the service at
next boot in RHEL - 6)
# systemctl restart httpd (to start the webserver deamon in
RHEL - 7)
# systemctl enable httpd (to enable the service at next boot in
RHEL - 7)
(e) Add the service to the IP tables and firewall.
In RHEL - 6 :
# iptables -A INPUT -i eth0 -p tcp -m tcp --deport 80 -j ACCEPT
# iptables -A OUTPUT -i eth0 -p tcp -m tcp --deport 80 -j ACCEPT
# service iptables save
# service iptables restart
In RHEL - 7 :
# firewall-cmd --permanent --add-service=http
# firewall-cmd --complete-reload
(f) Go to client system, open the firefox browser and type as http://server9.example.com in
address bar and check the redirection google web page is displayed or not.
(g) We can also access the website using elinks CLI tool.
# yum install elinks* -y (install the
elinks package)
# elinks --dump server9.example.com (access the
index page)
Page 137
RED-HAT LINUX 6/7
<Directory "/var/www/html/private">
AllowOverride none
Require All Granted
</Directory>
(save and exit this file)
(c) Create private directory in /var/www/html.
# mkdir /var/www/html/private
(c) Go to document root private directory and create the index.html file.
# cd /var/www/html/private
# vim index.html
<html>
<H1>
This is Alias based Web Hosting
</H1>
</html>
(save and exit this file)
(d) Restart the web server deamon.
# service httpd start (to start the webserver
deamon in RHEL - 6)
# chkconfig httpd on (to enable the service at
next boot in RHEL - 6)
# systemctl restart httpd (to start the webserver deamon in
RHEL - 7)
# systemctl enable httpd (to enable the service at next boot in
RHEL - 7)
(e) Add the service to the IP tables and firewall.
In RHEL - 6 :
# iptables -A INPUT -i eth0 -p tcp -m tcp --deport 80 -j ACCEPT
# iptables -A OUTPUT -i eth0 -p tcp -m tcp --deport 80 -j ACCEPT
# service iptables save
# service iptables restart
In RHEL - 7 :
# firewall-cmd --permanent --add-service=http
# firewall-cmd --complete-reload
(f) Go to client system, open the firefox browser and type as
http://server9.example.com/privae in address bar and check the private or alias based web page is
displayed or not.
(g) We can also access the website using elinks CLI tool.
# yum install elinks* -y (install the
elinks package)
Page 138
RED-HAT LINUX 6/7
<Directory "/var/www/html/confidential">
AllowOverride none
Require All Granted
</Directory>
(save and exit this file)
(c) Create confidentialdirectory in /var/www/html.
# mkdir /var/www/html/confidential
(c) Go to confidential directory and create the index.html file.
# cd /var/www/html/confidential
# vim index.html
<html>
<H1>
This is Alias based Web Hosting
</H1>
</html>
(save and exit this file)
(d) Restart the web server deamon.
# service httpd start (to start the webserver
deamon in RHEL - 6)
# chkconfig httpd on (to enable the service at
next boot in RHEL - 6)
# systemctl restart httpd (to start the webserver deamon in
RHEL - 7)
# systemctl enable httpd (to enable the service at next boot in
RHEL - 7)
(e) Add the service to the IP tables and firewall.
In RHEL - 6 :
# iptables -A INPUT -i eth0 -p tcp -m tcp --deport 80 -j ACCEPT
# iptables -A OUTPUT -i eth0 -p tcp -m tcp --deport 80 -j ACCEPT
# service iptables save
# service iptables restart
In RHEL - 7 :
# firewall-cmd --permanent --add-service=http
# firewall-cmd --complete-reload
(f) Go to client system, open the firefox browser and type as
http://server9.example.com/confidential in address bar and check the directory based web page is
displayed or not.
(g) We can also access the website using elinks CLI tool.
# yum install elinks* -y (install the
elinks package)
Page 139
RED-HAT LINUX 6/7
<Directory "/var/www/html">
AllowOverride none
Require All Granted
</Directory>
(save and exit this file)
(iii) Go to document root directory by # cd /var/www/html command.
(iv) # vim userpage.html
<html>
<H1>
This is userpage as home page web hosting
</H1>
</html>
(save and exit this file)
(d) Restart the web server deamon.
# service httpd start (to start the webserver
deamon in RHEL - 6)
# chkconfig httpd on (to enable the service at
next boot in RHEL - 6)
# systemctl restart httpd (to start the webserver deamon in
RHEL - 7)
# systemctl enable httpd (to enable the service at next boot in
RHEL - 7)
(e) Add the service to the IP tables and firewall.
In RHEL - 6 :
# iptables -A INPUT -i eth0 -p tcp -m tcp --deport 80 -j ACCEPT
# iptables -A OUTPUT -i eth0 -p tcp -m tcp --deport 80 -j ACCEPT
# service iptables save
# service iptables restart
In RHEL - 7 :
# firewall-cmd --permanent --add-service=http
# firewall-cmd --complete-reload
(f) Go to client system, open the firefox browser and type as http://server9.example.com
in address bar and check the user defined web page is displayed or not.
(g) We can also access the website using elinks CLI tool.
# yum install elinks* -y (install the
elinks package)
Page 140
RED-HAT LINUX 6/7
Page 141
RED-HAT LINUX 6/7
Page 142
RED-HAT LINUX 6/7
Page 143
RED-HAT LINUX 6/7
MTA stands for Mail Transfer Agent. It is used to transfer the messages and mails between
senders and recipients. Exchange, Qmail, Sendmail, Postfix, ....etc., are the examples for MTAs.
SMTP:
SMTP stands for Simple Mail Transfer Protocol. It is used to transfer the messages and mails
between the MTAs.
MDA :
MDA stands for Mail Delivery Agent. It is a computer software component that is responsible for
the delivery of e-mail messages to a local recipient's mailbox. Within the Internet mail architecture, local
message delivery is achieved through a process of handling messages from the message transfer agent, and
storing mail into the recipient's environment (typically a mailbox).
MRA :
MRA stands for Mail Retrieval Agent. It is a computer application that retrieves or fetches e-
mail from a remote mail server and works with a mail delivery agent to deliver mail to a local or remote email
mailbox. MRAs may be external applications by themselves or be built into a bigger application like an MUA.
Significant examples of standalone MRAs include fetchmail, getmail and retchmail.
4. What is the profile of mail server?
Package : sendmail (in RHEL - 5, 6 and 7) or postfix (in RHEL - 6 and 7).
Configuration file : /etc/postfix/main.cf, /etc/dovecot/dovecot.conf
Log file : /var/log/mail.log
User's mails location : /var/spool/mail/<user name>
root user's mail location : /var/spool/mail/root
Deamons : postfix
Port number : 25
5. How to configure the mail server?
The pre-requisite for mail server is DNS. ie., Domain Naming System should be configured first.
(i) Check the hostname of the server by # hostname command.
(ii) Install the mail server package by # yum install postfix* dovecot* -y command.
(iii) Open the mail configuration file and at last type as below.
# vim /etc/postfix/main.cf
myhostname = server9.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = $myhostname, localhost
mydestination = $myhostname, localhost.$localdomain, localhost, $mydomain
home_mailbox = Maildir /
(save and exit this file)
(iv) Open the another configuration file and at last type as below.
# vim /etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp
(save and exit this file)
(v) Restart the mail server services.
# service postfix restart (to restart the postfix
deamon in RHEL - 6)
# service dovecot restart (to restart the dovecot
deamon in RHEL - 6)
# chkconfig postfix on (to enable the postfix deamon
at next boot in RHEL - 6)
# chkconfig dovecot on (to enable the dovecot deamon at next
boot in RHEL - 6)
# systemctl restart postfix doveco0t (to restart the postfix and
dovecot deamons in RHEL - 6)
Page 144
RED-HAT LINUX 6/7
Page 145
RED-HAT LINUX 6/7
* To send a mail to the local system, no need to configure the mail server.
* To send a mail to the remote system, then only we have to configure the mail server.
# mail raju@server9.example.com (to send the mail to the raju user of the
server9)
type the message whatever you want (press Ctrl + d to exit and send the
mail)
# su - raju (to switch to the raju user)
$ mail (to check the mails of the raju user)
N abcd
N efgh
N ijkl
N mnop (there are four mails in the
mail box)
& 1 (to read the 1st mail)
* If the mail is new one then 'N' letter is appears before the mail. If it is already seen then
there is no letter before the mail.
* press 'q' to quit the mail utility.
# mail or mutt -s " hello " <user name1><user name2><user name3>
type the matter whatever you want (press Ctrl + d to exit and send the
mail to 3 users)
$ mail (to see all the mail in the mail box)
&<type the mail number> (to read the specified mail by it's number)
& r (to send the replay mail to that user)
& p (to send the mail to the printer for
printing)
& w (to write the contents of the mail into a file, ie., save the contents of the mail ina file)
& q (to quit the mail box)
& d (to delete the mail)
& d <mail number> (to delete the specified mail by it's
number)
& d 1-20 (to delete the mails from 1 to
20 numbers)
# mail -s "hello" <user name>@<servername> . <domain name> (to send the mail to the
remote system)
# mailq (to see the mails in the queue)
* If the mail server is not configured or not running, then the sent mails will be in the queue.
# mail -s "hello" <user name1><user name2><<File name> (send the mail with attached
file to
the 2 users)
# postfixcheck (to verify the mail configuration file for
syntax errors)
Page 146
RED-HAT LINUX 6/7
Page 147
RED-HAT LINUX 6/7
Deamons : tgtd (for RHEL-6) and target (for RHEL-7 server) and iscsi,
iscsid (for RHEL-7)
Port number : 3260
5. How to configure the iSCSI server?
(i) Create one partition and create the LVM with that partition.
# fdisk <device name>
: n (new partition) ---> Enter ---> Enter ---> Enter ---> +<size in MB/GB/TB> ---> w
(write the changes into the disk)
# partprobe (to write the changes
into the partition table)
# pvcreate <disk partition name> (to create the physical volume)
# vgcreate <physical volume name> (to create the volume
group)
# lvcreate -s <extent size> -n <logical volume name><vg name> (to create the logical
volume)
(ii) Install the iSCSI package by # yum install scsi-target-utils -y command in RHEL - 6 or
Install the iSCSI package by # yum install target* -y command in RHEL - 7.
(iii) Start the iSCSI deamon and enable the deamon at next boot time.
# service tgtd restart (to start the iSCSI
deamon in RHEL - 6)
# chkconfig tgtd on (to enable the iSCSI deamon at next
boot in RHEL - 6)
# systemctl start target (to start the target deamon in
RHEL - 7)
# systemctl enable target (to enable the target deamon at next
boot in RHEL - 7)
(iv) Configure the iSCSI storage.
In RHEL - 6 :
#vi /etc/tgt/targets.conf
default-driver iscsi
<target iqn.2015-06.com.example:server9.target1>
backing-store <iSCSI partition name>
write-cache off
</target>
In RHEL - 7 :
# targetcli (to get the configuration window and displays "/>"
prompt appears)
/> ls (to see the
configuration contents)
/> /backstores/block create <block storage name><the above created volume name>
(create the
block storage)
/> /iscsi create iqn.2015-06.com.example:server9 (to create the lun number not the
lun name)
/> /iscsi/iqn.2015-06.com.example:server9/tpg1/acls create iqn.2015-
06.com.example:server9 (to
create the alias name for client side lun number)
/> /iscsi/iqn.2015-06.com.example:server9/tpg1/luns create /backstores/block/<block
storage name>
(to create the lun using the
block storage device)
/> /iscsi/iqn.2015-06.com.example:server9/tpg1/portals create <IP address of the server>
Page 148
RED-HAT LINUX 6/7
(to allot the above created lun to the IP address and port
number, ie., 3260)
/> saveconfig (to save the iSCSI configuration into the
configuration file)
/> exit (to exit from the
configuration window)
(v) Restart the iSCSI deamons after the configuration of iSCSI or target.
# service tgtd restart (to start the iSCSI
deamon in RHEL - 6)
# chkconfig tgtd on (to enable the iSCSI deamon at next
boot in RHEL - 6)
# systemctl restart target (to start the target
deamon in RHEL - 7)
# systemctl enable target (to enable the target deamon at next
boot in RHEL - 7)
(vi) # tgt-admin --show (to check the iSCSI configuration in RHEL - 6)
(vii) Add the iSCSI service and port number to the IP tables and firewall.
In RHEL - 6 :
# iptables-I INPUT -p tcp-m tcp --dport3260 -jACCEPT
# iptables-O OUTPUT -p tcp-m tcp --dport3260 -jACCEPT
# service iptables save
# service iptables restart
In RHEL - 7 :
# firewall-cmd --permanent --add-port=3260/tcp
# firewall-cmd --complete-reload
6. How to configure the iSCSI client?
(i) Install iscsi-initiator-utils package on the client by # yum install iscsi-initiator-utils* -y command
in RHEL-6.
Install the iSCSI packages by # yum install iscsi-utils* -y command in RHEL - 7.
(ii) Discover the target LUN’s exported by server using following command. It will provide iqn
name with of LUN associated with given ip address.
# iscsiadm -m discovery -t sendtargets -p <IP address of the server> (in
RHEL - 6)
# iscsiadm --mode discoverydb --type sendtargets --portals <IP address of the server)
(in RHEL - 7)
(iii) Open the iscsi initiator file and put an entry of the above discovered lun number in RHEL - 7
only.
# vim /etc/iscsi/initiatorname.iscsi (go to last
line and type as below)
Initiatorname=iqn.2015-06.com.example:server9 (save and
exit this file)
(iv) Restart and enable the iSCSI client side deamons.
# service iscsi restart (to restart the iscsi client
deamon in RHEL - 6)
# chkconfig iscsi on (to enable the iscsi client deamon at
next boot in RHEL - 6)
# systemctl restart iscsid iscsi (to restart the iscsi client
deamons in RHEL - 7)
# systemctl enable iscsid iscsi (to enable the iscsi client deamons at next
boot in RHEL - 7)
(v) To connect iSCSI target we can use following command , we need to mention server ip and
iqn name.
Page 149
RED-HAT LINUX 6/7
In RHEL - 6 :
# iscsiadm -m node -T iqn.2015-06.com.example:server9.target1–p <IP address of the
server>login
In RHEL - 7 :
# iscsiadm --mode node --targetname iqn.2015-06.com.example:server9 --portal <IP
address of the
server> : 3260 --login
(vi) Check the new remote disk name by # fdisk -l command.
(vii) Create the required size partition using # fdisk, # partprobe commands.
(viii) Create the required type of file systems by # mkfs.ext4 <above created partition name>
command.
(ix) Create a mount point for the above file system by # mkdir /mnt/iscsi command.
(x) Open the /etc/fstab file and put en entry of the above file system information.
# vim /etc/fstab
<partition name> or <UUID> /mnt/iscsi ext4 _netdev 0 0 (save and
exit this file)
(xi) Mount the all the partitions which are having entries in /etc/fstab file by # mount -a
command.
(xii) Check all the mounted file systems by # df -hT command.
(xiii) To disconnect iSCSI target we can use following commands. Don't forget that logout from the
target.
In RHEL - 6 :
# iscsiadm -m node -T iqn.2015-06.com.example:server9.target1–p <IP address of the
server>logout
In RHEL - 7 :
# iscsiadm --mode node --targetname iqn.2015-06.com.example:server9 --portal <IP
address of the
server> : 3260 --logout
(xiv) Restart the client system by # init 6 command.
(xv) After reboot check the remote file system by # df -hT command.
Page 150
RED-HAT LINUX 6/7
Page 151
RED-HAT LINUX 6/7
Page 152
RED-HAT LINUX 6/7
name>="<value>";
Example : mysql or mariadb > update mydetails name="bangaram" where name='raju';
8. How to delete the table from the database?
mysql or mariadb > drop table <table name>;
Example : mysql or mariadb > drop table mydetails;
9. How to connect the remote database from our system?
# mysql -u root -h <host name> -p (here we have to enter the
password)
Example : # mysql -u root -h server9.example.com -p
(If the database is configured as localhost database, then server will not allow remote database
connections and Permission denied message will be displayed on the screen)
10. How to add mysqld service to IPtables and mariadb service to firewall?
In RHEL - 6 :
# iptables -A INPUT -i eth0 -p tcp -m tcp --deport 3306 -j ACCEPT
# iptables -A OUTPUT -i eth0 -p tcp -m tcp --deport 3306 -j ACCEPT
# service iptables save
# service iptables restart
# chkconfig iptables on
In RHEL - 7 :
# firewall-cmd --permanent --add-port=3306
# firewall-cmd --complete-reload
Page 153
RED-HAT LINUX 6/7
setting up a log server, you can filter and consolidate logs from different hosts and devices into a single
location, so that you can view and archive important log messages more easily.
On most Linux distributions, rsyslog is the standard syslog daemon that comes pre-installed.
Configured in a client/server architecture, rsyslog can play both roles; as a syslog server rsyslog can gather
logs from other devices, and as a syslog client, rsyslog can transmit its internal logs to a remote syslog server.
When logs are collected with syslog mechanism, three important things must be taken into
consideration:
Facility level: what type of processes to monitor
Severity (priority) level: what type of log messages to collect
Destination: where to send or record log messages
2. What is the profile of log server?
This is also called as rsyslog server. The requirements are given below.
(i) Package : rsyslog*
(ii) Deamon : rsyslog
(iii) Port No. : 514
(iv) Configuration file : /etc/rsyslog.conf
3. How to configure the log server?
(i) Install rsyslog package by # yum install rsyslog* -y command.
(ii) Open the log server configuration and file and edit as per requirements.
# vim /etc/rsyslog.conf
Go to line no. : 15 & 16 and uncomment on those lines. (save and
exit this file)
(iii) Restart the log server deamon in RHEL - 6 and RHEL - 7.
# service rsyslog restart (to restart the log server deamon in
RHEL - 6)
# chkconfig rsyslog on (to enable the log server deamon at next boot in
RHEL - 6)
# systemctl restart rsyslog (to restart the log server
deamon in RHEL - 7)
# systemctl enable rsyslog (to enable the log server deamon at
next boot in RHEL - 7)
(iv) Verify whether the log server is listening or not.
# netstat -ntulp | grep 514
(v) Add the log server service to IPtables.
# iptables -A INPUT -p tcp -m tcp --deport 514 -j ACCEPT (to add the incoming
port no. to
Iptables in RHEL - 6)
# iptables -A INPUT -p udp -m udp --deport 514 -j ACCEPT (to add the
incoming port no. to
Iptables in RHEL - 6)
# iptables -A OUTPUT -p tcp -m tcp --deport 514 -j ACCEPT (to add the
outgoing port no. to
Iptables in RHEL - 6)
# iptables -A OUTPUT -p udp -m udp --deport 514 -j ACCEPT (to add
the outgoing port no. to
Iptables in RHEL - 6)
# firewall-cmd --permanent -add-port=514/tcp (to add the 514 tcp port no. to
the firewall)
# firewall-cmd --permanent -add-port=514/udp (to add the 514 udp port no. to
the firewall)
# firewall-cmd --complete-reload (to reload the firewall
configuration)
Page 154
RED-HAT LINUX 6/7
4. How to configure the client system to send log messages to the log server?
(i) Open the log server configuration file by # vim /etc/rsyslog.conf command.
(ii) Go to line no. 90 and type as below.
*.*@<log server IP address> : 514
Example : *.* @172.25.9.11:514 (save and
exit this file)
(iii) Restart the log server deamons in RHEL - 6 and RHEL - 7.
# service rsyslog restart (to restart the log server deamon in
RHEL - 6)
# chkconfig rsyslog on (to enable the log server deamon at next boot in
RHEL - 6)
# systemctl restart rsyslog (to restart the log server
deamon in RHEL - 7)
# systemctl enable rsyslog (to enable the log server deamon at
next boot in RHEL - 7)
* Then all the log messages are stored in /var/log/secure location.
* To monitor all the messages on the server by # tailf /var/log/secure command.
* Open the /etc/rsyslog.conf file and type as below to store all the client's log messages in
remote log server only.
# vim /etc/rsyslog.conf
*.* /var/log/secure
(save and exit this file)
* Then restart the log server deamons in RHEL - 6 and RHEL - 7.
# service rsyslog restart (to restart the log server deamon in
RHEL - 6)
# systemctl restart rsyslog (to restart the log server
deamon in RHEL - 7)
5. What is log file?
Log file is file that contains messages about that system, including the kernel, services and
applications running on it, ....etc., There are different log files for different information. These files are very
useful when trying to troubleshoot a problem with systems.
Almost all log messages are stored in /var/log directory. Only root user can read these log
messages. We can use less or more commands to read these log files. The messages will be generated only
when rsyslog service is running, otherwise the log messages will not be generated.
The different types of log files and their locations :
/var/log/messages -----> System and general messages and DHCP log messages.
/var/log/authlog -----> Authentication log messages.
/var/log/secure -----> Security and authentication and user log messages.
/var/log/maillog -----> Mail server log messages.
/var/log/cron -----> Cron jobs log messages.
/var/log/boot.log -----> All booting log messages.
/var/log/httpd -----> All Apache web server log messages.
/var/log/mysqld.log -----> Mysql database server log messages.
/var/log/utmp or /var/log/wtmp -----> All the user's login messages.
/var/log/Qmail -----> Qmail log messages.
/var/log/kernel.log -----> All kernel related log messages.
/var/log/samba -----> All samba server log messages.
/var/log/anakonda.log -----> Linux installation log messages.
/var/log/lastlog -----> Recent login information for all users.
# lastlog (to see the log messages of the above
log file)
Page 155
RED-HAT LINUX 6/7
/var/log/yum.log -----> All package installation log messages generated by # yum or # rpm
commands.
/var/log/cups -----> All printer and printing related log messages.
/var/log/ntpstat -----> All ntp server and services log messages.
/var/log/spooler -----> Mail, printer and cron jobs spooling messages.
/var/log/sssd -----> System security service deamon log messages.
/var/log/audit.log -----> SELinux log messages.
# dmesg (to see the boot log messages)
# tailf or # tail -f /var/log/secure (to check or watch the log files
continuously)
# vim /etc/rsyslog.conf (we can change the log messages default
destinations)
* Whenever we change the contents of the /etc/rsyslog.conf file, then we have to restart the
rsyslog service.
* There are 7 types of priority messages. We can change the default destination of those log files.
For that
open rsyslog server configuration file and we have enter the rules as follows.
# vim /etc/rsyslog.conf
<priority type> . <priority name> <new destination of the log files> (save and exit this
file)
# logger <type any text> (to send that text into /var/log/messages files and to
test whether logging
service is running or not)
# logrotate (to create the log files with datewise)
* Generally in log messages the fields are,
Date & Time : From which system : command name or change : Execution of the
command
# yum install tmpwatch -y (to install the tmpwatchpackage to execute the below
command)
# tmpwatch (to monitor the /tmp directory)
# logwatch (to monitor the log messages)
# yum install watch -y (to install the watch package to execute the below command)
# watch <command> (to watch the specified command results continuously)
# mkdir mode=755 /ram (to give the permissions to the directory while creating
that directory)
# journalctl (it tracks all the log files between two different timings and save
by default
in /run/log location)
* /run/log is mounted on tmpfs file system ie., if the system is rebooted the whole information in
that
location will be deleted or erased.
Page 156
RED-HAT LINUX 6/7
Page 157
RED-HAT LINUX 6/7
DROP means server receives the FTP requests from the specified IP address and drop the request
without sending any acknowledgement.
ACCEPT :
ACCEPT means server receives the FTP requests from the specified IP address and allow that
system for FTP services.
5. What is the configuration file of IP tables and what are the options available in IP tables
command?
/etc/sysconfig/iptables is the configuration file of IP tables.
# iptables <options><chain> firewall-rule (to execute
the IP tables)
The options are as follows.
-A -----> Add or append the rule.
-p -----> Indicates the protocol for that rule (tcp, udp, icmp, ....etc.;).
-s -----> Indicates the source of the packet (IP address, Network ID or Hostname).
-d ----->Indicates the destination of the packet.
-j -----> 'Jump to target' indicates the interface through which the incoming packets are
coming through the INPUT , FORWARD and PREROOTING chain.
-o -----> 'Output Interface' indicates the interface through which the outgoing packets are
sent through the INPUT, FORWARD and PREROOTING chain.
-sport or -source-port -----> Source port for -p tcp or -p udp.
-dport or -destination-port -----> Destination port for -p tcp or -p udp.
6. How to allow a ping from outside to inside and inside to outside?
# iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
# iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
# iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
# iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
7. In how many ways can we protect the network?
There are 4 ways to protect the network.
(i) SELinux
(ii) IP tables
(iii) Firewalld
(iv) TCP wrappers
IP tables and firewalld both are used to protect our systems services from outside. But we can use
only one way at a time.
8. How to configure the firewalld?
(i) Install the firewalld package by # yum install firewalld* -y command.
(ii) Check whether the firewalld package is installed or not by # rpm -qa firewalld
command.
(iii) Check the status of the firewalld by executing the below commands.
# systemctl status firewalld or # firewall-cmd --status
Examples of IP tables commands :
# service iptables status (to check the IP
tables status)
# service iptables start (to start the
IP tables)
# service iptables stop (to stop the
IP tables)
# service iptables restart (to restart
the IP tables)
# service iptables save (to save the iptable rules
permanently)
Page 158
RED-HAT LINUX 6/7
Page 159
RED-HAT LINUX 6/7
Page 160
RED-HAT LINUX 6/7
Page 161
RED-HAT LINUX 6/7
# ldd /usr/sbin/sshd (to display all the loaded modules of the sshd
service)
# ldd /usr/sbin/sshd | grep -i libwrap.so (to check whether libwrap.so module is loaded or not)
To configure the TCPWRAPPER :
(i) Open /etc/hosts.deny or /etc/hosts.allow file by # vim /etc/hosts.deny or hosts.allow
commands.
* The above files are to be edited or modified to enable or disable the tcpwrapper services the
users.
# vim /etc/hosts.deny (Go to last line and type as below)
sshd : 172.25.9.11 or system9.example.com (to deny the specified host or
hostname)
sshd : ALL (to deny all the
clients)
sshd : ALL EXCEPT *.eample.com (to deny all the clients except
all the systems of
example.com domain)
(ii) save and exit this file.
(iii) Open /etc/hosts.allow by # vim /etc/hosts.allow command and go to last line and type as
below.
sshd : 172.25.9.11 172.25.6.11 (to allow 2
systems only)
(iv) save and exit this file.
* If the client system's entry is there in both /etc/hosts.deny and /etc/hosts.allow files, then the
TCPWRAPPER will look /etc/hosts.allow file first. Then it will look /etc/hosts.deny file. If there is an
entry in both the files, then it will allow the system because based on the above rule first it will read
/etc/hosts.allow file and allow the system. It won't read the /etc/hosts.deny file.
26. Virtualization
1. What is virtualization?
Virtualization allows multiple operating system instances to run concurrently on a single computer;it is
a means of separating hardware from a single operating system. Each “guest” OS is managed bya
Virtual Machine Monitor (VMM), also known as a hypervisor. Because the virtualization system sitsbetween
the guest and the hardware, it can control the guests’ use of CPU, memory, and storage,even allowing
a guest OS to migrate from one machine to another.
2. What are types of virtualizations available in Linux?
RHEL - 5 : RHEL - 6 & 7 :
xen kvm
Page 162
RED-HAT LINUX 6/7
64 bit 64 bit
VT-Enabled VT-Enabled
Intel/AMD Intel/AMD
2 GB RAM 2 GB RAM
6 GB Hard disk 6 GB Hard disk
3. What are the packages of virtualization and how to install the packages?
(i) qemu (It is used to provide user level KVM virtualization and disk image also)
(ii) virt (It is used to provide virtualization software)
(iii) libvirt (It is used to provide the libraries for virtualization software)
(iv) python (This package provides the host and server libraries for interacting with Hypervisor
and
Host system)
# yum install qemu* virt* libvirt* python* -y (to install the
virtualization softwares)
4. How to start the virtualization manager and how to create a new virtual machine?
(i) Go to Applications -----> System Tools -----> Virtual Machine Manager
(ii) Vitual Machine Manager is used to check and displays the available virtual machines. It is
also used to create the new virtual machines.
(iii) To create a new virtual machine first click on monitor icon, then enter the virtual machine
name, Select Local and Select Forward.
(iv) Click on Browse Local, Select the guest O/S " . iso " image file and Select Forward.
5. What are the packages of Virtualization Hypervisor and how to install the packages?
(i) "virtualization hypervisor" (provides the foundation to host virtual machines includes
the libvirt and
qemu- kvm package)
(ii) "virtualization client" (provides the support to install and manage virtual
machines includes virsh, virt-install, virt-manager, virt-
top and virt-viewer packages)
(iii) "virtualization tools" (provides tools for offline management of virtual machines
includes the
libguestfs package)
(iv) "virtualization platform" (provides an interface to access and control virtual machines
includes the libvirt, libvirt-client and
virt-who packages)
Installation of Virtualization Hypervisor :
# yum group install "virtualization hypervisor" "virtualization client" "virtualization tools"
"virtualization platform" -y
Page 163
RED-HAT LINUX 6/7
(vii) To see the list of all available storage pool volumes by # virsh vol-list <pool name>
command.
Page 164
RED-HAT LINUX 6/7
(4) Hardware related issues like adding disks, NIC cards, processor replacement, memory
replacement, increase memory and power supply replacement, ....etc.,
(5) Network related issues like providing networking, setting NIC card parameters,
troubleshooting issues.
(6) Some internal backups.
(7) O/S patching and package administration whenever needed using rpm and yum.
(8) I also supports process related issues like memory utilization full (90%), CPU
utilization full (90%) and file system full, ...etc.,
(9) I also support for system troubleshooting issues like system not responding, node
down, starting and stopping services and deamons.
(b) Coming to Veritas Volume Manager : (from the last 1 year)
(1) We get requests from production, database, Q A people like creating volumes, file
system creation, increase and (or) decrease the volume sizes, provide permissions, redundancy, put
the volume into cluster to provide high availability,
(2) sometimes destroy or remove the volumes, backup and restore whenever necessary,
(3) We also get some troubleshooting issues like volume not started, volume not
accessible, file system crashed, mount point deleted, disks failed, volume manager
deamons are not working, configuration files missed, crashed, disk groups not deporting
and not importing, volume started but users are unable to access file systems on those
volumes,...etc.,
(c) Coming to Veritas Cluster : (from 6 months)
(1) We get requests like node adding, resource adding, service group adding, adding
service groups and resources to existing service groups, mount points adding, adding
NIC cars, IP addresses, adding volumes, disk groups, freezing and unfreezing
services groups and also get some troubleshooting issues like cluster not running, if
resources faulted then restart the service groups, communication failed between two
systems, Gab is not running, llt not running, and configuration files main.cf
crashed or missed and resources are not started, ... etc.
(d) I also write small scripts to perform internal routine jobs, document preparation,
handover mails checking, how many tickets issued, how many tickets solved and how many
jobs pending, ....etc.,
(e) I also supports in application deployment, database deployment and others.
3. What are the tools you are using?
(i) netstat, vmstat, iostat, nmap and top for performance monitoring tools.
(ii) cron and at for job scheduling.
(iii) Remedy tool for ticketing system.
(iv) Veritas Netbackup, Tivoli, .... etc., for backing purpose
(v) Outlook for internal mailing.
4. What are the storage boxes using?
2
(i) NetApps, VMC, Clarian and EMC .
(ii) Emulex, Qlogic (HBA cards).
5. What are the Applications are you using?
(i) Databases (Oracle 10g, 11g and Mysql).
(ii) Oracle Applications like ERP packages (Oracle 11i and 12).
(iii) SAP applications.
(iv) Datawarehousing, ....etc.,
6. What is your company hierarchy?
Me -----> Team Lead or Tech Lead -----> Manager -----> Delivery Manager -----> Asia head
7. What level are you supporting?
Linux Administrator as Level 2.
8. What are your shift timings?
General shift -----> 09:00 - 18:00 hrs.
Page 165
RED-HAT LINUX 6/7
Shifts : One shift from USA and two shifts from India operations upto last 2 months and now all the
operations are from India only and data centre operations from USA only.
1 st shift from 07:00 - 15:00 hrs, 2 nd shift from 15:00 - 23:00 hrs, 3 rd shift from 21:00 -
07:00 hrs.
9. What is your team size?
Total 18 members. For each shift 5 members each and 3 members on weekly off.
10. What about tickets issues and tickets frequency?
(i) 7 - 8 tickets daily and Max. 10 per day.
In those 85 - 90% are CPU utilization full, memory full, file system full, login problems and
sometimes node down issues.
(ii) General tickets severity - 3, severity - 2, severity - 1.
We are not resolved severity level - 1 tickets.
(iii) Incidents :
Severity level - 1 should be solved within 1 hour (Immediate).
Severity level - 2 should be solved within 6 hours.
Severity level - 1 should be solved within 24 hours.
Severity level - 1 should be solved within 2 days.
Request priority ----> High, medium and low
11. What is your notice period?
25 - 30 days.
12. Any Mail ids?
Internal mail id (mails won't come from outside and go to outside).
13. Are you contract or permanent? And why are you changing?
Permanent in XXXXXXXXXXX Pvt limited. I am looking the company which provides high availability
on cloud, virtualization and storage environments to enhance my knowledge and better career growth.
14. What are the projects are you dealing?
(i) Databases.
(ii) Banking.
(iii) Finance.
(iv) Logistics.
(v) Hotel and Tourism, .....etc.,
15. How many servers are you handling?
Total 600 systems.
200 physical systems and remaining 400 systems are in virtualization environment.
10 for Application 20 for Quality &
550 for Linux 10 for Windows 10 under transition
Development Internal Testing
16. What is your environment?
(i) Development upto 10 servers
(ii) Quality Assurance or Quality testing upto 20 servers.
(iii) User Authentication (U A) upto 10 servers.
(iv) Production upto 550 servers.
(v) Under building 10.
17. How to handover the shift?
* Mail to reliever.
* Direct to reliever.
18. Can you contact the data centre?
(i) It depends on the severity.
(ii) If the situation is emergency, then we will call the data centre by phone.
(iii) If the situation is non - emergency then we will mail to the data centre people.
19. What is server hardening?
(i) To checking our system is reaching to standards required by the organization.
(ii) That is minimum password length, minimum size of root partition.
Page 166
RED-HAT LINUX 6/7
(iii) Minimum free space and password expiry and all other security standards.
20. What are decommission and recommission?
(i) Normally servers should be changed every 5 - 6 years because of performance degradation as per
standards of the company.
(ii) Decommission means the process of removing the old system from the production
environment and Recommission means the process of putting the new system into the
production environment.
(iii) We are not dedicated for decommission. We do decommission along with our routine work.
(iv) Login as root though console.
(v) First inform or raise the ticket to monitoring team to ignore the alerts.
(vi)Stop the application and databases.
(vii) Stop the cluster and Volume Manager.
(viii) Unmount the file system.
(ix) After that we should put the system for one week.
(x) We will inform or raise the ticket to the network team to release the ports belonging to that
system.
(xi) Finally we inform to the data centre people to remove the cables from that system.
21. Explain backup and what is your backup policy?
(i) Backup means taking a copy of the existing system and restore when the system is formatted or
crashed.
(ii) In backup environment normally we have 3 servers.
(a) Master Server (1 or 2 systems).
(b) Media Server (1 or 2 systems).
(c) Client Server (1 or 2 systems).
(iii) In our organization we used to take the backup in Media Server.
(iv) Backup fails means production server may down or media server may be in down, file system may
not be available or backup tool port number may be blocked.
(v) Backup can be taken in 3 types.
(a) Application Backup (Application people will take).
(b) File system (O/S) backup (System Administrators will take).
(c) Database backup (Database Administrators will take).
(vi) Backup is automated though crontab or separate backup tools like Veritas Net backup and Tivoli,
....etc.,
(vii) The crontab will not inform the failed backup. But Veritas Net backup and Tivoli tools will send
messages about backup fails and why the backup is failed because these tools will generate
the failed backup log files.
(viii) If any files are open in the production server, the backup may be failed. So, check any files opened
or not by # lsof or # fuser -cv <file system> commands.
(ix) Sometimes the script in Veritas Net backup or Tivoli tools may be corrupted or not running, then
restore those scripts from backup or we need manually deport & import and take backup.
(x) Sometimes backup failed due to backup port no. 13782 may be not working or in blocked state. It
can be checked by # netstat -ntulp | grep 13782 command.
(xi) If the media server and production server are not in the same domain, then backup may be failed.
(ie., production server domain name may be changed but no intimation to backup team
about that change, so media server is in another domain).
Backup Procedure :
(i) Deport the disk group on production server.
(ii) Import the disk group on backup (media) server.
(iii) Join the disk group with media server.
(iv) Sync the data with production server.
(v) Take the backup.
(vi) split the disk group from media server.
Page 167
RED-HAT LINUX 6/7
Page 168
RED-HAT LINUX 6/7
(e) Sometimes if heavy applications are running and not to kill (ie., business applications), then if any
spare processor is available or other low load CPUs available then move those heavy
application processes to those CPUs.
(d) If CPUs are also not available then if the system supports another CPU then inform to the data
centre people or CPU vendor to purchase new CPU though Business approval and move some
processes to the newly purchased CPUs.
24. How to troubleshoot when the system is slow?
(a) System slow means the end users response is slow.
(b) Check the Application file system, CPU utilization, memory utilization and O/S file system
utilization.
(c) If all are ok, then check network statistics and interfaces whether the interfaces are running in full
duplex mode or half duplex mode and check whether the packets are missing. If all are ok from our
side then,
(d) Inform to network team and other respective teams to solve this issue.
25. How to troubleshoot if the node is down?
(a) Check pinging the system. If pinging, then check whether the system is in single user mode or
not.
(b) If the system is in single user mode then put the system in multi user mode ie., default run
level by confirming with our team whether system is under maintenance or not.
(c) Check in which run level the system is running. If it is in init 1 it will not be able to ping. If it is
in init s then it will ping.
(d) In this situation also if it is not pinging then try to login through console port. If not possible
then inform to data centres people to hard boot the system.
(d) If connected through console port then we may get the console prompt.
26. How to troubleshoot if the memory utilization full?
(a) Check how much memory is installed in the system by # dmidecode -t memory command.
(b) Check the memory utilization by # vmstat -v command.
(c) Normally application or heavy backups utilize more memory. So, inform to application team
or backup team or other teams which team is utilizing the more memory to reduce the processes by
killing them or pause them.
(d) Try to kill or disable or stop the unnecessary services.
(e) If all the ways are not possible then inform to team lead or tech lead or manager to increase
the memory (swap space). If it is also not possible then taking higher authority's permissions to
increase the physical memory. For those we contact the server vendor and co-ordinate
with them through data centre people to increase the RAM size.
27. How to replace the failed hard disk?
(a) Check whether the disk is failed or not by # iostat -En | grep -i hard/soft command.
(b) If hard errors are above 20 then we will go for replacement of the disk.
(c) If the disk is from SAN people then we will inform to them about the replacement of the disk.
If it is internal disk then we raise the CRQ to replace the disk.
(d) For this we will considered two things.
(i) whether the system is within the warranty.
(ii) without warranty.
(e) We will directly call to the toll free no. of the system vendor and raise the ticket. They will
issue the case no. This is the no. we have to mention in all correspondences to vendor
regarding this issue.
(f) If it is having warranty they asks rack no. system no. and other details and replace the hard
disk with co- ordinate of the data centre people.
(g) If it is not having warranty, we have to solve the problem by our own or re-agreement to
extend the warranty and solve that problem.
28. How to replace the processor?
(a) Check the processor's status using # lscpu or # dmidecode -t processor commands.
Page 169
RED-HAT LINUX 6/7
Page 170
RED-HAT LINUX 6/7
An 'Incident' is any event which is not part of the standard operation of the service and which causes
or may cause, an interruption or a reduction of the quality of the service.
The objective of Incident Management is to restore normal operations as quickly as possible with the
least possible impact on either the business or the user, at a cost-effective price.
Inputs for Incident Management mostly come from users, but can have other sources as well like
management Information or Detection Systems. The outputs of the process are RFC’s (Requests for
Changes), resolved and closed Incidents, management information and communication to the customer.
Page 171
RED-HAT LINUX 6/7
This will show 5 consecutive output each with a time interval of 1 sec for all the ethernet devices
40. What is Linux Kernel?
It acts as an interpreter between Linux OS and its hardware. It is the fundamental component of Linux
OS and contains hardware drivers for the devices installed on the system. The kernel is a part of the system
which loads first and it stays on the memory.
41. What are the main parameters effect on server performance?
The one of the most important task of any Linux Admin includes performance monitoring which
includes a parameter "Load Average" or "CPU Load".
42. What is load average?
Load Average is the value which represents the load on your system for a specific period of time. Also
it can be considered the ratio of the number of active tasks to the number of available CPUs.
43. How to check?
We can use either top or uptime command to view the output of the load average as shown below.
# uptime
00:07:00 up 4 days, 6:14, 1 user, load average: 0.11, 0.14, 0.09
# top
top - 00:07:12 up 4 days, 6:15, 1 user, load average: 0.09, 0.13, 0.09
44. What are the three values?
As you can see three values representing the load average column. These show the load on your
system over a significant period of time (one or current, five and fifteen minutes averages).
45. How do you know your system has a high load?
The most important question as in most cases I have seen how do you determine your system has high
load.
Does a high value represents high load average and that your system requires attention?
What is the threshold value for load average?
How can we conclude if the load average value is good or bad?
A Central Processing Unit in earlier days used to be having only one processor and the core concept
was not their in those days. But with the advancement in technology and the urge of higher speed to meet up
demands of IT industry multiple processor were integrated in the same CPU making it multi-processor.
However increasing the no. of processor did increased the working speed of many tasks and
performance but it also leads to increase in size, complexity and heat issues. So, in order to continue
improvement of performance the core concept was introduced.
Instead of having two CPUs and a motherboard capable of hosting them, two CPUS are taken together
and combined to form a dual core processor which will utilize an individual socket using less power and
size capable of performing the same amount of task as dual processor CPU.
Bottom Line is that Load value depends on the no. of cores in your machine. For example a dual core is
relevant to 2 processor or 2 cores and quad core is relevant to 4 processor or four cores as the maximum value
for load.
46. How do I check the no. of cores on my Linux system?
The information which you see under /proc/cpuinfo can be confusing at times. If you run the below
command
# less /proc/cpuinfo | grep processor
processor :0
processor :1
processor :2
processor :3
processor :4
processor :5
So as per the above command my system has 16 processors in it. However it really has 8 processors
with hyper threading enabled. The hyper threading presents 2 logical CPUs to the operating system for
each actual core so it effectively doubles the no. of logical CPU in your system.
Page 172
RED-HAT LINUX 6/7
Page 173
RED-HAT LINUX 6/7
Page 174
RED-HAT LINUX 6/7
On a virtual server running VMware you can run the below command to verify :
# lspci | grep -i vmware
00:0f.0 VGA compatible controller: VMware SVGA II Adapter
51. How to find the bit size of your linux machine?
# uname -m
i686
# uname -m
x86_64
If we get i386, i586 and i686 that signifies your machine is 32-bit but if we
getx86_64 or ia64 then your machine will be 64-bit.
# getconf LONG_BIT
32
# getconf LONG_BIT
64 (Here we get an output of bit size either 32 or 64)
52. How can you add a banner or login message in Linux?
By editing these two files
/etc/issue
/etc/motd
53. What is the difference between normal kernel and kernel-PAE?
kernel in 32 bit machine supports max of 4 GB RAM, whereas
kernel PAE in 32 bit linux machine supports till 64 GB RAM
54. Tell me the command to find all the commands in your linux machine having only 2 words like ls, cp,
cd etc.
# find /bin /sbin/usr/bin /usr/sbin -name ?? -type f
55. Which file is generally used to configure kickstart?
anaconda.cfg
56. Which log file will you check for all authentication related messages?
/var/log/secure
57. What is the command used to find the process responsible for a particular running file?
# fuser filename
# lsof filename
58. What is the command to take remote of any Linux machine?
# rdesktop
59. What are the three values shown in load average section of top command?
It shows the current, 5 min back and 15 min back load average value.
60. How to check all the process running by a particular user?
# ps -u<username>
61. What is an orphan process?
An orphan process is a process that is still executing, but whose parent has died.
62. What is a defunct process?
These are also termed as zombie process. These are those process who have completed their execution
but still has an entry in the process table. When a process ends, all of the memory and resources associated
with it are de-allocated so they can be used by other processes.After the zombie is removed, its process
identifier (PID) and entry in the process table can then be reused.
Zombies can be identified in the output from the Unix ps command by the presence of a "Z" in the
"STAT" column
63. How do you limit maximum connections in your apache server?
Change the below parameter value inside httpd.conf
MaxClients 256
64. Which command do you use to download a file from ftp or http website using CLI?
# wget path_to_the_file
Page 175
RED-HAT LINUX 6/7
65. What is the default port for ssh? How will you change it to some other random port no.?
SSH port no. by default is 22. To change the default port no. we need make required changes inside
sshd_config file in the below mentioned line
#Port 22 (Uncomment the above line and define the new port no)
Restart the services for changes to take effect.
66. What is the difference between A record and CNAME record in DNS?
A record :
It is the Address records also known as host records
Points to the IP address reflecting the domain
Used for forward lookup of any domain name
For example:
Our website is configured on 50.63.202.15 IP so the A record of my domain name will point towards
that IP.
Every time a query for golinuxhub.com is made the internet will lookup for contents stored on the
machine with 50.63.202.15 this IP.
CNAME Record :
It is short abbreviation for Canonical Name
Provides an alias name for same hostname
Helps create subdomains
NOTE: You cannot create a CNAME record for the domain name itself (it should be done with A record)
For example:
golinuxhub.com is a domain name whereas www.golinuxhub.com is a sub domain name.
Page 176
RED-HAT LINUX 6/7
(d) Type the Root password and Re-type the same to confirm the root password.
(e) Select the Target Architecture (x86_64 or 32 bit)
(iv) Installation Method is the second option.
(a) Installation Method. (Select any one
option)
(1) Perform New Installation
(2) Upgrade an existing installation
(b) Installation Source. (Select any
one option)
(1) CD-ROM/DVD
(2) NFS
(3) FTP
(4) HTTP
(5) Hard Drive
(v) Boot Loader options is the next option in kickstart configuration.
(a) Select Install New Boot Loader option.
(vi) Partition Information is the next option.
(a) Master Boot Record (Select any
one option)
(1) Create Master Boot Record
(2) Do not create Master Boot Record
(b) Partitions (Select any
one option)
(1) Remove all existing partitions
(2) Remove existing Linux partitions
(3) Preserve existing partitions
(c) Disk Label (Select any
one option)
(1) Initialize the disk label
(2) Do not initialize the disk label
(d) Select Add button and select Mount point, File system type and Sizes to create the
partitions.
(vii) Network Configuration is the next option.
(a) Select Add Network Device to add the NIC device, configure the IP address either
DHCP or Static and select enable the NIC at boot time or not.
(viii) Authentication is the next option.
Select the authentication mechanism like Shadow passwords, NIS, LDAP or Kerberos...
etc.,
(ix) Firewall Configuration is the next option.
Select whether activate the SELinux or not, Security Level and Firewall Information.
(x) Display Configuration is the next option.
Select the display configuration of the O/S either GUI or CLI mode.
(xi) Package Selection is the next option.
Select the required packages for installation. (we cannot select the
packages in RHEL - 7)
(xii) and (xiii) Pre-Installation Scripts and Post-Installation Scripts are the last options.
If we have any Pre-installation or Post-installation scripts, then we have to specify the
locations of those.
(xiv) Save this fie by select the Save option in File menu.
(xv) Exit from the Kickstart Configuration window by select the Quit option in File menu.
(xvi) Open the kickstart file and the default kickstart file at time by the following command.
# vim -O <kickstart file><anaconda file>
Page 177
RED-HAT LINUX 6/7
Go to package section in anaconda file, copy the select the packages and paste them in
the kickstart file.
(xvii) Check the kickstart file for syntax errors by # ksvalidator <kickstart file> command.
(xviii) Install the webserver package by # yum install httpd* -y command.
(xix) Copy the kickstart file in Document Root of the webserver and preserver the permissions.
# cp -p <kickstart file> /var/www/html/
(xx) Restart the webserver deamons in RHEL - 6 and RHEL - 7.
# service httpd restart (to restart the webserver deamon in RHEL - 6)
# chkconfig httpd on (to enable the webserver deamon at
next boot in RHEL - 6)
# systemctl restart httpd (to restart the webserver deamon in RHEL - 7)
# systemctl enable httpd (to enable the webserver deamon at next boot
in RHEL - 7)
(xxi) Add the webserver service to IPtables and Firewall.
In RHEL - 6 :
# setup
Select Firewall configuration -----> Select HTTP and HTTPS to the firewall
# service iptables save
# service iptables restart
# chkconfig iptables on
In RHEL - 7 :
# firewall-cmd --permanent --add-service=http
# firewall-cmd --permanent --add-service=https
# firewall-cmd --complete-reload
4. How to install on client system using kickstart file?
(i) Boot the client system using RHEL - 6 DVD and press Esc key.
(ii) Then it prompts us boot : screen.
(iii) Type the following information about the kickstart file, its server and also assign some IP
address to the client system to communicate with kickstart server.
boot : linux ip=< IP address to the client> netmask=<netmask of that IP> ks=ftp://< IP
address of the kickstart server>/<kickstart file name with full path>
(press Enter key)
* Then the installation will continue by taking the installation information from the kickstart
file.
5. In how many ways can we install RedHat Linux through network?
(i) FTP
(ii) NFS
(iii) HTTP
(iv) PXE
6. How to install RedHat Linux though FTP?
(i) First configure the FTP server and copy the entire RedHat Linux DVD in that FTP document
root directory.
(ii) Installation of Linux through network requires one boot.iso image or RHEL DVD.
To make a DVD/Pendrive bootable using boot.iso image :
(a) Download the boot.iso image from redhat website.
# cdrecord /root/boot.iso (/root/boot.iso is the path of
boot.iso image)
(b) Copy the boot.iso image into DVD or pendrive.
# dd if=/root/boot.iso of=/dev/sdb1 (/dev/sdb1 is the address of the USB
or pendrive)
(iii) Boot the system with the above created boot.iso image and press Esc key to get the boot :
prompt.
Page 178
RED-HAT LINUX 6/7
Page 179
RED-HAT LINUX 6/7
Page 180
RED-HAT LINUX 6/7
Page 181
RED-HAT LINUX 6/7
# vim /etc/xinetd.d/tft
* Go to disable=yes line and make it as no (save and
exit this file)
# cp -rvpf /media/RHEL6/isolinux/*.* /var/lib/tftpboot
# mkdir /var/lib/tftpboot/pxelinux.cfg
# cp /var/lib/tftpboot/isolinux.cfg /var/lib/ftfpboot/pxelinux.cfg/default
# cp -rvpf /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot
# service xinetd restart
# chkconfig xinetd on
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --deport 69 -j ACCEPT
# iptables -A OUTPUT -m state --state NEW -m tcp -p tcp --deport 69 -j
ACCEPT
(i) Create the kickstart file
# yum install system-config-kickstart -y
# system-config-kickstart (create a kickstart file and save it in /var/ftp/pub
directory)
# ksvalidator /var/ftp/pub/ks.cfg
(j) Specify the kickstart file location in pxelinux.cfg file.
# vim /var/lib/tftpboot/pxelinux.cfg/default
* Go to line 19 and edit the lines as below.
menu label ^ PXE SERVER
menu default
kernel vmlinuz
append initrd=initrd.img linux ks=ftp://172.25.9.11/pub/ks.cfg (save and
exit this file)
(k) Restart all the services once again.
# service network restart
# chkconfig network on
# service vsftpd restart
# chkconfig vsftpd on
# service dhcpd restart
# chkconfig dhcpd on
# service xinetd restart
# chkconfig xinetd on
Page 182
RED-HAT LINUX 6/7
Page 183
RED-HAT LINUX 6/7
(i) Bring the disk from O/S to Veritas Volume Manager control using the Veritas Advanced
Management tool, # vxdiskadm command (It gives (displays) options for easy
administration of Veritas Volume Manager).
(ii) Select 2nd option ie., Encapsulation because to preserve the existing data present in the disk
and reboot the system to effect Encapsulation and modify the /etc/sysconfig file. While
Encapsulating, it asks disk name and disk group (root disk name and rootdg).
(iii) Backup the / (root), /etc/sysconfig directories.
(iv) Take another disk and initialize it by # vxdisksetup -i <mirrored root disk name> command.
(v) Add the above initialized disk to the volume group ie., roodg by
# vxdg -g <rootdg> adddisk mirrordisk=<mirrored root disk name>
(vi) vxmirror -v -g <rootdg><original disk name><mirrored root disk name> (disk level
mirroring)
(vii) For individual mirroring, # vxassist -g <rootdg> mirror <volume name> or
# vxrootmirr -g <rootdg><volume name> command.
(i) Switchover is the manual task. (i) But, Failover is a automatic task.
(ii) We can switchover service groups from online (ii) But, the failover will failover the service group to
cluster node to offline cluster node incase of the other node when Veritas Cluster heartbeat
power outage, hardware failure, schedule linkdown, damaged, broken because of some
shutdown and reboot. disaster or system hung.
7. Which the main configuration file for VCS (Veritas Cluster) and where it is stored?
' main.cf ' is the main configuration file for VCS and it is located in /etc/VRTSvcs/conf/config
directory.
8. What is the public region and private region?
when we bring the disk from O/S control to Volume Manager control in any format (either CDS,
simple or sliced), the disk is logically divided into two parts.
(a) Private region :
It contains Veritas configuration information like disk type and name, disk group name,
groupid and configdb. The default size is 2048 KB.
(b) Public region :
It contains the actual user's data like applications, databases and others.
9. There are five disks on VxVM (Veritas Volume Manager) and all are failed. What are the steps
you follow to get those disks into online?
(i) Check the list of disks in Volume manager control by # vxdisk list command.
(ii) If the above disks are not present, then bring them O/S control to VxVM control by
# vxdisksetup -i <disk names> (if data is not on those disk) or execute
# vxdiskadm command and select 2nd option ie., encapsulation method if the disks
having the data.
(iii) Even though If it is not possible, then check the disks are available at O/S level by # fdisk -
l command.
(a) If the disks are available, execute the above command once again.
(b) If the disks are not available then recognize them by scanning the hardware.
(iv) Even though if it is not possible, then reboot the system and follow the steps (i) and (ii).
Page 184
RED-HAT LINUX 6/7
10. What is the basic difference between private disk group and shared disk group?
Private disk group :
The disk group is only visible for the host on which we have created it. If the host is a part of the
cluster, the private disk group will not be visible to the other cluster nodes.
Shared disk group :
The disk group is sharable and visible to the other cluster nodes.
11. How will you create private disk group and shared disk group?
# vxdg init <disk group name><disk media name>=<O/S disk name> (to create the
private disk group)
# vxdg -s init <disk group name><disk media name>=<O/S disk name>(to create the shared disk
group)
12. How will you add new disk to the existing disk group?
we can do this in two ways.
(i) Run # vxdiskadm command, which will open menu driven program to do various disk
operations. Select add disk option and give disk group name and disk name.
(ii) # vxdg -g <disk group name> adddisk <disk media name>=<O/S disk name>
Example: # vxdg -g appsdg adddisk disk02=/dev/sdb
13. How will you grow or shrink the volume/file system? What is the meaning of grow by, grow to,
shrink by and shrink to options?
(i) We can grow the volume/file system by,
# vxassist -g appsdg growby or growto 100GB appsvol (or)
# vxresize -g appsdg +100GB appsvol alloc = <disk name>
(ii) We can shrink the volume/file system by,
# vxassist -g appsdg shrinkby 20GB appsvol
# vxassist -g appsdg shrinkto 20GB appsvol (or)
# vxresize -g appsdg -10GB appsvol (to shrink by the size 10GB)
# vxresize -g appsdg 10GB appsvol (to shrink to the size 10GB)
Meanings :
growby :
This will be used to grow the file system by adding new size to the existing file system.
growto :
This will be used to grow the file system upto the specified new size. This will not be added
the new size to the existing one.
shrinkby :
This will be used to shrink the file system by reducing the new size from the existing file
system size.
shrinkto :
This will be used to shrink the file system upto the specified new size. This will not be reduced
the file system new size from the existing one.
14. If vxdisk list command gives you disk status as " error ". What are the steps you follow to make
respective disk online?
This issue is mainly because of fabric disconnection. So, execute # vxdisk scandisks command.
Otherwise unsetup the disks using # /etc/vx/bin/vxdiskunsetup and setup the disks again using
# /etc/vx/bin/vxdisksetup command.
Note :/etc/vx/bin/vxdiskunsetup will remove the private region from the disk and destroy the data. So,
backup the data before using this command.
Page 185
RED-HAT LINUX 6/7
18. Define LLT and GAB. What are the commands to create them?
LLT :
(i) LLT means Low Latency Transport protocol
(ii) It monitor the kernel to kernel communication.
(iii) It maintain and distribute the network traffic within the cluster.
(iv) It uses heartbeat between the interfaces.
GAB :
(i) GAB means Global Atomic Broadcasting.
(ii) It maintain and distribute the configuration information of the cluster.
(iii) It uses heartbeat between the disks.
Commands :
# gabconfig -a (to check the status of the GAB, ie., GAB
is running or not)
If port ' a ' is listening, means GAB is running, otherwise GAB is not running.
If port ' b ' is listening, means I/O fencing is enabled, otherwise I/O fencing is
disabled.
If port ' h ' is listening means had deamon is working, otherwise had deamon is
not working.
# gabconfig -c n 2 (to start the GAB in 2 systems in the cluster,
where 2 is seed no.)
# gabconfig -u (to stop the GAB)
# cat /etc/gabtab (to see the GAB configuration information and
the it contains as, )
gabconfig -c n x (where x is a no. ie., 1, 2, 3, ....etc.,)
# lltconfig -a (to see the status of the llt)
# lltconfig -c (to start the llt)
# lltconfig -u (to stop the llt)
# lltstat -nvv (to see the traffic status between the interfaces)
# llttab -a (to see the cluster ID)
# haclus -display (to see all the information on the cluster)
# cat /etc/llttab (to see the llt configuration and the entries are as,)
Cluster ID, host ID, interface MAC address, ...etc.,
# cat /etc/llthosts (to see the no. of nodes present in the cluster)
19. How to check the status of the Veritas Cluster?
# hastatus -summary
20. Which command is used to check the syntax of the main.cf?
# hacf -verify /etc/VRTSvcs/conf/config
21. How will you check the status of the individual resources of Veritas Cluster (VCS)?
# hares -state <resource name>
22. What is the use of # hagrp command?
# hagrp command is used doing administrative actions on service groups like, on-line service group,
off-line service group and switch, ...etc.,
23. How to switch over the service group?
# hagrp -switch <System A><System B>
Page 186
RED-HAT LINUX 6/7
Page 187
RED-HAT LINUX 6/7
Page 188
RED-HAT LINUX 6/7
(iii) If the resources are faulted, then restart the service groups and moving service groups from
one node to another.
(iv) Cluster is not running.
(v) Communication failed between two nodes.
(vi) GAB and LLT are not running.
(vii) Resource not started.
(viii) main.cf and types.cf files corrupted.
(ix) I/O fencing (a locking mechanism to avoid the split brain issue) is not enabled (at disk
level / SAN level).
(x) And the locks are,
(a) engine.lock
(b) ha.lock
(c) agent.lock
39. What are the statuses of a service group?
(i) online
(ii) offline
(iii) partial
* If the non-critical resource is failed, then the status of the service group may be in partial
status.
* If the critical resource is failed, then the status of the service group may be in offline
status.
40. How to move the service group from one node to another node manually?
(i) Stop the application.
(ii) Stop the database.
(iii) Unmount the file system.
(iv) Stop the volume.
(v) Deport the disk group.
(vi) Import the disk group.
(vii) Start the volume.
(viii) Mount the file system.
(ix) Start the database.
(x) Start the application.
41. How to rename a disk group in VxVM in stepwise?
(i) Stop the application.
(ii) Stop the database.
(iii) Unmount the file system.
(iv) Stop the volume.
(v) Deport the disk group.
(vi) Rename the disk group.
(vii) Import the disk group.
(ix) Start the volume.
(x) Mount the file system.
(xi) Start the database.
(xii) Start the application.
42. How to create a volume with 4 disks?
(i) Bring the disks to O/S control by scanning the Luns using the following the command,
# echo "---" > /sys/class/scsi_host/< lun no. >/scan (to scan the lun no.)
(ii) Bring those disk from O/S control to VxVM control.
(a) If we want to preserve the data, then bring the disks to VxVM control using
encapsulation method by
# vxdiskadm (here we get the options to do this and select 2nd option ie.,
Encapsulation)
Page 189
RED-HAT LINUX 6/7
(b) If we don't want to preserve the data, then bring the disks to VxVM control using
initialization method by # vxdisksetup -i <disk 1 name> (for example #
vxdisksetup -i /dev/sda)
# vxdisksetup -i <disk 2 name> (for example # vxdisksetup -i
/dev/sdb)
# vxdisksetup -i <disk 3 name> (for example # vxdisksetup -i
/dev/sdc)
# vxdisksetup -i <disk 4 name> (for example # vxdisksetup -i
/dev/sdd)
# vxdisk list (to see VxVM controlled disks)
(iii) Create a disk group.
# vxdg init <diskgroup name> disk01=/dev/sda (for example diskgroup name as
appsdg)
(iv) Adding remaining three disks to the above disk group.
# vxdg -g appsdg adddisk disk02=/dev/sdb
# vxdg -g appsdg adddisk disk02=/dev/sdc
# vxdg -g appsdg adddisk disk02=/dev/sdd
#vxdg list <diskgroup name> (to see all the disks belongs to that diskgroup for
example appsdg)
(v) Create the Volume (for the requested size and requested layout).
# vxassist -g appsdg make <volume name><size> (for example volume name is
appsvol and
size in TB/GB ... etc)
(vi) Create a file system on that volume.
# mkfs -F vxfs /dev/vx/rdsk/appsdg/appsvol
(vii) Create the mount point and provide the requested permissions to that mount point.
# mkdir /mnt/apps
(viii) Start the volume.
# vxvol -g appsdg start appsvol
(ix) Mount the file system on the above mount point.
# mount -F vxfs -o <options like rw, re> /dev/vx/dsk/appsdg/appsvol
(where rw means read-write and re means read-only)
(x) Put the entry into the "/etc/fstab" file for permanent mount.
* If the volume is created for cluster, don't put the entry in /etc/fstab file.
(xi) And finally send the mail to client or requested person
43. What is the difference between Global Cluster and Local Cluster? Have you configured the Global
Cluster?
Local Cluster :
If all the nodes in a Cluster are placed in a same location, that Cluster is called Local Cluster.
Global Cluster :
If all the nodes in a Cluster are placed in different Geological locations, that Cluster is called Global
Cluster. The main advantage of global cluster is high availability when Natural Calamities or disasters
occurs.
Page 190
RED-HAT LINUX 6/7
# hastop -sys <system or node name> (to stop the specified system or node in the Cluster)
45. What is the Service group and Resource?
Service group :
(i) A collection or group of physical and logical resources is called the Service group.
(ii) Moving service group from one system to another system means, moving resources from one
system to another system.
Resources :
(i) It is a software or hardware components like, diskgroup, volume, IP address, mount point
are software resources and disk, NIC cards are hardware resources.
(ii) The value of resource is known as Attribute.
Example : (a) System list is attribute of a System A or System B.
(b) Auto start is the attribute of System.
Resource Attribute Value
NIC IP address 192.168.1.1
Diskgroup diskgroup name appsdg
Disk disk name disk01
Interface Interface name eth0
Attributes :
# hagrp -modify appssg system list={ sys A0, sys B0} (to add sys A and sys B attributes to
service group)
# hagrp -modify appssg autostart list={ sys A} (to start the sys A attributes
automatically)
# hagrp -modify appssg enabled 1 or 0 (1 means start and 0 means not to start
automatically)
(iii) Creating resources and adding them to the service group and specify their attributes.
For file system :
(a) /mnt/apps (the mount point)
(b) /appsvol (the volume name)
(c) /appsdg (the disk group)
Page 191
RED-HAT LINUX 6/7
# hares -add dg-apps diskgroup appssg (to add the diskgroup resource
to a service group)
(where dg-apps is resource name, diskgroup is a keyword and appssg is a service
group name)
# hares -modify dg-apps diskgroup appsdg (to add the diskgroup attribute to a
service group)
# hares -modify dg-apps enable 1 (to enable the resource)
# hares -add dg-volume volume appssg (to add the volume resource to
a service group)
# hares -modify dg-volume volume appsvol (to add the volume attribute to a service
group)
# hares -modify dg-volume diskgroup appsdg (to add the diskgroup to the volume)
# hares -modify dg-volume enable 1 (to enable the volume resource)
# hares -modify dg-volume critical 1 (to make the resource as critical)
# hares -add dg-mnt mount appssg (to add the mount point resource to a
service group)
# hares -modify dg-mnt blockdevice=/dev/vx/rdsk/appsdg/appsvol (to add the block
device resource
to a service group)
# hares -modify dg-mnt fstype=vxfs (to add the mount point attributes to a
service group)
# hares -modify dg-mnt mount=/mnt/apps (to add the mount point
directory attribute to a
service group)
# hares -modify dg-mnt fsckopt=% y or %n (to add the fsck attribute either yes or
no to
service group)
(iv) Create links between the above diskgroup, volume and mount point resources.
# hares -link parent-res child-res
# hares -link dg-appdg dg-volume
# hares -link dg-volume dg-mnt
47. What is meant by freezing and unfreezing a service group with persistent and evacuate options?
Freezing :
If we want to apply patches to the system in a cluster, then we have to freeze the service group
because first stop the service group, if it is critical, the service group will move automatically to another
system in Cluster. So, we don't want to move the service group from one system to another system,
we have to freeze the service group.
Unfreeze :
After completing the task, the service group should be unfreezed because, if the is crashed or down
and the resources are critical, then the service group cannot move from system 1 to system 2 due to
freezed the service group and results in not available of application. If unfreezed the service group after
maintenance, the service group can move from system 1 to system 2. So, if system 1 failed, the
system2 is available and application also available.
Persistent option :
If the service group is freezed with persistent option, then we can stop or down or restart the
system. So, there is no loss of data and after restarted the system, the service group is remains in
freezed state only.
Example : # hasys -freeze -persistent <system name>
# hasys -unfreeze -persistent <system name>
Evacuate :
Page 192
RED-HAT LINUX 6/7
If this option is used in freezed service group system, if the system down or restarted the persisted
information is evacuated, ie., before freeze all the service groups should be moved from system 1
to another system 2.
48. What are the layouts are available in VxVM and how they will work and how to configure?
(i) There are 5 layouts available in VxVM. They are RAID-0, RAID-1, RAID-5, RAID-0+1 and
RAID-1+0.
RAID-0 :
We can configure RAID-0 in two ways.
(a) Stripped (default).
(b) Concatenation.
Stripped :
(i) In this minimum two disks required to configure.
(ii) In this the data will write on both the disks parallelly. ie., one line in one disk and 2nd line on
2nd disk, ...etc.,
(iii) In this the data writing speed is fast.
(iv) In this there is no redundancy for data.
Concatenation :
(i) In this minimum one disk is required to configure.
(ii) In this the data will write in first disk and after filling of first disk then it will write on 2nd disk.
(iii) In this the data writing speed is less.
(iv) In this also there is no redundancy for data.
RAID-1 :
(I) It is nothing but mirroring.
(ii) In this minimum 4 disks are required to configure.
(iii) In this same data will be written on disk1 and disk 3, disk 2 and disk4.
(iv) If disk 1 failed, then we can recover the data from disk3 and if disk 2 failed, then we can
recover the data from disk 4. So, there is no data loss or we can minimize the data loss.
(v) In this half of the disk space may be wasted.
RAID-5 :
(i) It is nothing but stripped with distributed parity.
(ii) In this minimum 3 disks required to configure.
(iii) In this one line will write on disk 1 and 2nd line write on disk 2 and the parity bit will write
on disk3. The parity bit will write on 3 disk simultaneously. If disk 1 failed then we can recover the
data from disk2 and parity bit from disk 3. So, in this data will be more secured.
(iv) In this disk utilization is more when compared to RAID-1, ie., 1/3 rd of disk space may be
wasted.
(v) This RAID-5 will be configured for critical applications like Banking, Financial, SAX and
Insurance...etc., because the data must be more secured.
Creating a volume with layout :
# vxassist -g <diskgroup name> make <volume name><size in GB/TB> layout=<mirror/raid
5/raid 1>
Example : # vxassist -g appsdg make appsvol 50GB layout=raid 5 (the default is RAID-5
in VxVM)
Logs :
* If the layout is mirror, then log is DRL.
* If the layout is RAID-5, then the log is RAID-5 log.
* The main purpose of the log is fast recovery operation.
* We have to specify whether the log is required or not in all types of layouts except RAID-5
because the logging is default in RAID-5.
* If we want to configure RAID-5 without logging then,
# vxassist -g <diskgroup name> make <volume name> 50GB, nolog layout=raid 5
Page 193
RED-HAT LINUX 6/7
Page 194
RED-HAT LINUX 6/7
License :
(i) All the licenses are stored in /etc/vx/licenses directory and we can take backup of this
directory and restore it back, if we need reinstall the server.
(ii) Removing VxVM package will not remove the installed license.
(iii) To install license # vxlicinst command is used.
(iv) To see the VxVM license information by # vxlicrep command.
(v) To remove the VxVM license by # vxkeyless set NONE command.
(vi)The license packages are installed in /opt/VRTSvlic/bin/vxlicrep directory.
(vii) The license keys are stored in /etc/vx/licenses/lic directory.
(viii) We can see the licenses by executing the below commands,
# cat /etc/vx/licenses/lic/key or
# cat /opt/VRTSvlic/bin/vxlicrep | grep "License key"
(ix) To see the features of license key by # vxdctl license command.
Version :
(i) We are using VxVM6.2 version.
(ii) to know the version of VxVM by # rpm -qa VRTSvxvm command.
54. What are the available formats to take the control of disks from O/S to veritas in VxVM?
We can take the control of disks from O/S to veritas in 3 formats.
(i) CDS (Cross platform Data Sharing and the default format in VxVM).
(ii) Sliced.
(iii) Simple.
(i) CDS :
(a) We can share the data between different Unix flavours.
Page 195
RED-HAT LINUX 6/7
(b) The private and public both regions are available in 7th partition.
(c) The entire space is in 7th partition.
(d) So, there is a chance to loss the data because, if the disk is failed ie., partition 7 is
corrupted or damaged then the data may be lost.
(e) This is the default in veritas volume manager.
(ii) Sliced :
(a) It is always used for root disk only.
(b) In this format we cannot share the data between different Unix flavours. Normally sliced
is used for root disk and cds is used for data.
(c) Private region is available at 4th partition and public region is available at 3rd partition.
(d) So, if public region is failed, we can recover the data from private region ie., minimizing
the data loss.
(iii) Simple :
(a) This format is not using widely now because, it is available in old VxVM 3.5
(b) In this private and public regions are available at 3rd partition.
Specifying the format while setup :
# vxdisksetup -i /dev/sda (to setup the disk and this is default format ie., CDS
format)
# vxdisksetup -i /dev/sdb format =<sliced / simple> (to specify sliced or
simple format)
55. In how many ways can we manage VxVM?
(I) Command line tool.
(ii) GUI (vea tool)
(iii) # vxdiskadm command (it gives the options to manage the disks)
30. RedHat Cluster
1. How can you define a cluster and what are its basic types?
A cluster is two or more computers (called nodes or members) that work together to perform a task.
There are four major types of clusters:
Storage
High availability
Load balancing
High performance
2. What is Storage Cluster?
Storage clusters provide a consistent file system image across servers in a cluster, allowing the servers to
simultaneously read and write to a single shared file system.
A storage cluster simplifies storage administration by limiting the installation and patching of applications to
one file system.
The High Availability Add-On provides storage clustering in conjunction with Red Hat GFS2
3. What is High Availability Cluster?
High availability clusters provide highly available services by eliminating single points of failureand by failing
over services from one cluster node to another in case a node becomes inoperative.
Typically, services in a high availability cluster read and write data (via read-write mounted file systems).
A high availability cluster must maintain data integrity as one cluster node takes over control of a service from
another cluster node.
Node failures in a high availability cluster are not visible from clients outside the cluster.
High availability clusters are sometimes referred to as failover clusters.
4. What is Load Balancing Cluster?
Load-balancing clusters dispatch network service requests to multiple cluster nodes to balance the request load
among the cluster nodes.
Load balancing provides cost-effective scalability because you can match the number of nodes according to
load requirements. If a node in a load-balancing cluster becomes inoperative, the load-balancing software
detects the failure and redirects requests to other cluster nodes.
Page 196
RED-HAT LINUX 6/7
Node failures in a load-balancing cluster are not visible from clients outside the cluster.
Load balancing is available with the Load Balancer Add-On.
5. What is a High Performance Cluster?
High-performance clusters use cluster nodes to perform concurrent calculations.
A high-performance cluster allows applications to work in parallel, therefore enhancing the performance of the
applications.
High performance clusters are also referred to as computational clusters or grid computing.
6. How many nodes are supported in Red hat 6 Cluster?
A cluster configured with qdiskd supports a maximum of 16 nodes. The reason for the limit is because
of scalability; increasing the node count increases the amount of synchronous I/O contention on the
shared quorum disk device.
7. What is the minimum size of the Quorum Disk?
The minimum size of the block device is 10 Megabytes.
8. What is the order in which you will start the Red Hat Cluster services?
In Red Hat 4 :
# service ccsd start
# service cman start
# service fenced start
service clvmd start (If CLVM has been used to create clustered volumes)
# service gfs start
# service rgmanager start
In RedHat 5 :
# service cman start
# service clvmd start
# service gfs start
# service rgmanager start
In Red Hat 6 :
# service cman start
# service clvmd start
# service gfs2 start
# service rgmanager start
9. What is the order to stop the Red Hat Cluster services?
In Red Hat 4 :
# service rgmanager stop
# service gfs stop
# service clvmd stop
# service fenced stop
# service cmanstop
# service ccsd stop
In Red Hat 5 :
# service rgmanager stop
# servicegfsstop
# service clvmd stop
# servicecman stop
In Red Hat 6 :
# service rgmanagerstop
# service gfs2 stop
# service clvmdstop
# service cman stop
10. What are the performance enhancements in GFS2 as compared to GFS?
Better performance for heavy usage in a single directory
Page 197
RED-HAT LINUX 6/7
Page 198
RED-HAT LINUX 6/7
So suppose in above case I have assigned 1 vote to qdisk so even after 2 nodes stops communicating
with 3rd node, the cluster would have 2 votes (1 qdisk + 1 from 3rd node) which is still more than half
of vote count for a 3 node cluster. Now both the inactive nodes would be fenced and your 3rd node
would be still up and running being a part of the cluster.
15. What is rgmanager in Red Hat Cluster and its use?
This is a service termed as Resource Group Manager
RGManager manages and provides failover capabilities for collections of cluster resources called services,
resource groups, or resource trees
it allows administrators to define, configure, and monitor cluster services. In the event of a node failure,
rgmanager will relocate the clustered service to another node with minimal service disruption.
16. What is luci and ricci in Red Hat Cluster?
luci is the server component of the Conga administration utility
Conga is an integrated set of software components that provides centralized configuration and management of
Red Hat clusters and storage
luci is a server that runs on one computer and communicates with multiple clusters and computers via ricci
Page 199
RED-HAT LINUX 6/7
independently. Because of the communication error, the two partial-clusters would overwrite areas of the disk
and corrupt the file system.
With quorum rules enforced, only one of the partial clusters can use the shared storage, thus protecting data
integrity.
Quorum doesn't prevent split-brain situations, but it does decide who is dominant and allowed to function in
the cluster.
quorum can be determined by a combination of communicating messages via Ethernet and through a quorum
disk.
22. What are Tie-breakers in Red Hat Cluster?
Tie-breakers are additional heuristics that allow a cluster partition to decide whether or not it is quorate in the
event of an even-split - prior to fencing.
With such a tie-breaker, nodes not only monitor each other, but also an upstream router that is on the same
path as cluster communications. If the two nodes lose contact with each other, the one that wins is the one that
can still ping the upstream router.That is why, even when using tie-breakers, it is important to ensure that
fencing is configured correctly.
CMAN has no internal tie-breakers for various reasons. However, tie-breakers can be implemented using the
API.
23. What is fencing in Red Hat Cluster?
Fencing is the disconnection of a node from the cluster's shared storage.
Fencing cuts off I/O from shared storage, thus ensuring data integrity.
The cluster infrastructure performs fencing through the fence daemon, fenced.
When CMAN determines that a node has failed, it communicates to other cluster-infrastructure components
that the node has failed.
fenced, when notified of the failure, fences the failed node.
24. What are the various types of fencing supported by High Availability Add On?
Power fencing — A fencing method that uses a power controller to power off an inoperable node.
storage fencing — A fencing method that disables the Fibre Channel port that connects storage to an
inoperable node.
Other fencing — Several other fencing methods that disable I/O or power of an inoperable node,
including IBM Bladecenters, PAP, DRAC/MC, HP ILO, IPMI, IBM RSA II, and others.
25. What are the lock states in Red Hat Cluster?
A lock state indicates the current status of a lock request. A lock is always in one of three states:
Granted — The lock request succeeded and attained the requested mode.
Converting — A client attempted to change the lock mode and the new mode is incompatible with an
existing lock.
Blocked — The request for a new lock could not be granted because conflicting locks exist.
A lock's state is determined by its requested mode and the modes of the other locks on the same
resource.
26. What is DLM lock model?
DLM is a short abbreviation for Distributed Lock Manager.
A lock manager is a traffic cop who controls access to resources in the cluster, such as access to a GFS file
system.
GFS2 uses locks from the lock manager to synchronize access to file system metadata (on shared storage)
CLVM uses locks from the lock manager to synchronize updates to LVM volumes and volume groups (also on
shared storage)
In addition, rgmanager uses DLM to synchronize service states.
without a lock manager, there would be no control over access to your shared storage, and the nodes in the
cluster would corrupt each other's data.
Page 200
RED-HAT LINUX 6/7
Page 201
RED-HAT LINUX 6/7
line which must of us skip. Well before taking you to that part let me explain you the various system
related features which are shown by top command.
NOTE: You can enable or disable the marked blue line by pressing "l" once top is running.
top - 17:51:07 up 1 day, 2:56, 27 users, load average: 5.33, 29.71, 28.33
Tasks: 1470 total, 1 running, 1469 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.1%sy, 0.0%ni, 99.9%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 264114424k total, 253006956k used, 11107468k free, 66964k buffers
Swap: 33554424k total, 3260k used, 33551164k free, 245826024k cached
Explanation: This line tells you about the uptime of your system along with load average value.
NOTE: You can enable/disable the marked blue line by pressing "t".
top - 17:51:07 up 1 day, 2:56, 27 users, load average: 5.33, 29.71, 28.33
Tasks: 1470 total, 1 running, 1469 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.1%sy, 0.0%ni, 99.9%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 264114424k total, 253006956k used, 11107468k free, 66964k buffers
Swap: 33554424k total, 3260k used, 33551164k free, 245826024k cached
Explanation: This line gives us a brief detail of all the tasks running/sleeping/stopped currently in the
system along with the CPU Usage
Value Meaning
us user cpu time (or) % CPU time spent in user space
sy system cpu time (or) % CPU time spent in kernel space
ni user nice cpu time (or) % CPU time spent on low priority processes
id idle cpu time (or) % CPU time spent idle
wa io wait cpu time (or) % CPU time spent in wait (on disk)
hi hardware irq (or) % CPU time spent servicing/handling hardware interrupts
si software irq (or) % CPU time spent servicing/handling software interrupts
steal time - - % CPU time in involuntary wait by virtual cpu while hypervisor is servicing another
st
processor (or) % CPU time stolen from a virtual machine
NOTE: You can enable/disable the marked blue line by pressing "m".
top - 17:51:07 up 1 day, 2:56, 27 users, load average: 5.33, 29.71, 28.33
Tasks: 1470 total, 1 running, 1469 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.1%sy, 0.0%ni, 99.9%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 264114424k total, 253006956k used, 11107468k free, 66964k buffers
Swap: 33554424k total, 3260k used, 33551164k free, 245826024k cached
Explanation: The next line shows your memory(RAM and swap) usage and capacity.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
COMMAND
13916 stmprd 18 0 903m 129m 9936 S 51.4 0.1 3:07.01 java
13921 stmprd 18 0 901m 128m 9936 S 49.8 0.0 3:02.92 java
13825 stmprd 18 0 951m 190m 9932 S 49.5 0.1 3:07.13 java
13856 stmprd 20 0 978m 197m 9936 S 49.2 0.1 3:05.89 java
13853 stmprd 18 0 921m 150m 9932 S 48.5 0.1 3:09.14 java
13875 stmprd 18 0 907m 132m 9940 S 48.5 0.1 3:09.49 java
13937 stmprd 25 0 926m 165m 9936 S 48.2 0.1 3:10.31 java
13919 stmprd 18 0 917m 153m 9936 S 47.5 0.1 3:05.92 java
13879 stmprd 25 0 921m 160m 9936 S 47.2 0.1 3:08.43 java
13908 stmprd 25 0 901m 131m 9932 S 47.2 0.1 3:12.23 java
Page 202
RED-HAT LINUX 6/7
Page 203
RED-HAT LINUX 6/7
Page 204
RED-HAT LINUX 6/7
Page 205
RED-HAT LINUX 6/7
Page 206
RED-HAT LINUX 6/7
Page 207
RED-HAT LINUX 6/7
Page 208
RED-HAT LINUX 6/7
Page 209
RED-HAT LINUX 6/7
Page 210