0% found this document useful (0 votes)
143 views122 pages

Rhce 134 Lab Manual - Adil-Sir

The document provides a comprehensive guide on Red Hat System Administration II (RH134), covering topics such as automating installations with Kickstart, using GREP for text searching, editing files with Vim, scheduling tasks with 'at' and 'crontab', managing process priorities, and controlling file access with Access Control Lists (ACLs). Each section includes command examples and explanations to facilitate understanding and practical application. The content is structured to assist users in efficiently managing and administering Red Hat Enterprise Linux systems.

Uploaded by

coxetom757
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
143 views122 pages

Rhce 134 Lab Manual - Adil-Sir

The document provides a comprehensive guide on Red Hat System Administration II (RH134), covering topics such as automating installations with Kickstart, using GREP for text searching, editing files with Vim, scheduling tasks with 'at' and 'crontab', managing process priorities, and controlling file access with Access Control Lists (ACLs). Each section includes command examples and explanations to facilitate understanding and practical application. The content is structured to assist users in efficiently managing and administering Red Hat Enterprise Linux systems.

Uploaded by

coxetom757
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 122

Red Hat System Administration II - RH134

1. Automate Installation With Kickstart


Automate The Installation Of Red Hat Enterprise Linux Systems With
Kickstart

What is a kickstart file Linux?


A kick start file is a simple text file that contains configuration
information for a Red Hat Enterprise Linux installation. The system
reads this configuration information at boot time and carries out the
installation process without any further input from you.
this help in
 Save Time
 Less Error
 Same System
 Less Man Power

Package, Time Zone, Partitions, Users, Language we don't have to


select anything if we want to install 1000 rhel system than its huge
task individual system may not be same to each other if we installing
1000 sys by manually so for that there is kick start system in this we
have to write auto answer kick start file so we do not need to do
anything

© 2022 M.Adil Allabaksh All Rights Reserved


1. Login as root user and ensure that local yum repo is properly
configured.
# Yum repolist

2. Now Install FTP Packages and edit the configuration file.


# Yum install ftp* vsftpd* -y

# vim /etc/vsftpd/vsftpd.conf
Search for [listen ipv6]
Listen=yes
#listen ipv6=NO

© 2022 M.Adil Allabaksh All Rights Reserved


3. Start the FTP Service.
# systemctl start vsftpd
# systemctl status vsftpd

4. Add vsftpd service in firewall and reload it.


# firewall-cmd --permanent --add-service=ftp

© 2022 M.Adil Allabaksh All Rights Reserved


# firewall-cmd --list-all
# firewall-cmd –reload

5. Go to /root directory make and required changes to set the


installation parameters in the kickstart file i.e. anaconda-ks.cfg
# cd /root
# vim anaconda-ks.cfg

6. Now, copy this kickstart file to public directory of ftp and change
the permissions.
# cp -r anaconda-ks.cfg /var/ftp/pub/
# chmod 777 anaconda-ks.cfg

© 2022 M.Adil Allabaksh All Rights Reserved


7. Now, create a new virtual machine.
Press the tab key on keyboard while it is
Booting up and write below mentioned text after giving one space next
To kernel line and press enter.
ks=ftp://192.168.254.132 /pub/anaconda-ks.cfg
(Here mention the IP address of your own machine on which you have started
the FTP service)

© 2022 M.Adil Allabaksh All Rights Reserved


8. Sit back relaxed, it will install the RHEL 8 itself in the machine.

© 2022 M.Adil Allabaksh All Rights Reserved


2. Use Regular Expressions With GREP
Write Regular Expressions That, When Partnered With Grep, Will
Allow You To Quickly Isolate Or Locate Content Within Text Files.

 GREP Stands for Global regular expression print


 Grep is an essential Linux and Unix command
 It is used to search text and strings in a given file.
 In other words, grep command searches the given file for lines
containing a match to the given strings or words.
 It is one of the most useful commands on Linux and Unix-like system
for developers and sysadmins.

#vim hat (file name is hat)

#grep linux hat

© 2022 M.Adil Allabaksh All Rights Reserved


#grep -i linux hat (i = ignore case sensitive)

#grep –iw linux hat (i=ignore case-senstive,w=only full word search)

#grep -v linux hat (v=invert/show all line do not have word linux)

#grep –iv linux hat

© 2022 M.Adil Allabaksh All Rights Reserved


#grep -A 2 Linux hat (Display 2 line below/after the “Linux” word)

#grep -B 2 Linux hat (Display 2 line above/before “Linux” word)

#grep -C 3 the hat (display 2 line below and above "Linux" word)

#grep -iwr linux* (to search word 'linux' in all the file or directory)

© 2022 M.Adil Allabaksh All Rights Reserved


3. Create And Edit Text Files With Vim
Introduce The Vim Text Editor, With Which You Can Open, Edit, And
Save Text Files.

Vim Text Editor:


 On Unix-like operating systems, vim, which stands for "Vi Improved", is a
text editor.
 It can be used for editing any kind of text and is especially suited for
editing
 Computer programs.

# vim file1

To enter in text editor press “i” key

© 2022 M.Adil Allabaksh All Rights Reserved


esc (go back to Command Mode)

:w (save in vim editor)

© 2022 M.Adil Allabaksh All Rights Reserved


:q! (save without making changes in vim editor)

© 2022 M.Adil Allabaksh All Rights Reserved


:wq (save and quit vim editor)

© 2022 M.Adil Allabaksh All Rights Reserved


x (delete a character)

© 2022 M.Adil Allabaksh All Rights Reserved


dd (delete a line)

dw (delete a word)

© 2022 M.Adil Allabaksh All Rights Reserved


yy (copy the line)
p (paste the line)

е (move to next word)

© 2022 M.Adil Allabaksh All Rights Reserved


r (replace a letter)

u (Undo)

© 2022 M.Adil Allabaksh All Rights Reserved


Ctrl+r (Redo)

/the (to find the word in file)

© 2022 M.Adil Allabaksh All Rights Reserved


4. Schedule Future Linux Tasks
Schedule Tasks To Automatically Execute In The Future

Set the TimeZone of Your Country


#timedatectl set-timezone Asia/Kolkata

At Schedule Task.
The at command is a Linux command-line utility used to schedule a job for
later execution. The utility reads commands from standard input and groups
them into an at job, which executes only once

1). To schedule a task to run in Linux two minutes from now, you can use the
"at" command.
#at now +2min

2. In Linux, "atq" and "at -l" are commands used to display the pending "at"
jobs in the system queue.
The "atq" command displays a list of all the pending "at" jobs for the current
user, along with their job ID numbers and scheduled execution times. For
example, if you run the "atq" command in the terminal, you might see output
like this:

© 2022 M.Adil Allabaksh All Rights Reserved


#atq or #at –l

3. If you want to schedule a task to run at 1:23 PM, you can use the "at"
command in Linux. Here's an example command you can use in the terminal:

#at 1:23pm

4. If you want to schedule a task to run at 1:28 PM on January 17, 2023, you
can use the "at" command in Linux. Here's an example command you can use
in the terminal:
# at 1:28pm 17 jan 2023

© 2022 M.Adil Allabaksh All Rights Reserved


5. atrm is a command used to remove or delete jobs scheduled with the at
command.
Here's how you can use atrm to remove a job:
 Open a terminal window.
 Type the command atq to view a list of jobs scheduled with the at
command.
 Note the job number of the job that you want to remove.
 Type the command atrm <job-number> to remove the job. Replace
<job-number> with the actual number of the job that you want to
remove.
 For example, if you want to remove job number 6, you would type atrm
6.
Note that if you have multiple jobs that you want to remove, you can list
multiple job numbers separated by spaces. For example, atrm 6 7 8 would
remove jobs 6, 7, and 8

# atrm 6

© 2022 M.Adil Allabaksh All Rights Reserved


Crontab Schedule Task.
Crontab is a UNIX command that creates a table or list of commands, each of
which is to be executed by the operating system (OS) at a specified time and
on a regular schedule. Crontab is used to create the crontab file (the list) and
later used to change the previously created crontab file.
Crontab is a command used in Unix-like operating systems to schedule and
automate recurring tasks. It allows users to specify a set of commands that
should be executed at specified intervals, such as daily, weekly, or monthly.
#vim /etc/crontab
 minutes[0-59]
 hour[0-23]
 day of moth[1-31]
 month[1-12] or jan feb
 day of week [0-6]

 1 2 3 4 5 user-name command to be execute

1. The "crontab -l" command is used to list the cron jobs for the current user.
When you run this command in the terminal, it will display a list of all the
scheduled jobs that have been set up for that user. The output will include the
timing information for each job, as well as the command or script that will be
executed.

© 2022 M.Adil Allabaksh All Rights Reserved


#crontab -l

2. The "crontab -e" command is used to edit the cron configuration file for the
current user. When you run this command in the terminal, it will open the
cron configuration file in the default text editor, which is usually Vi or Vim.
#crontab -e

Set for every minutes make a directory

NOW, CHECK CRONTAB SCHEDULE

#crontab -l

Check the schedule Jobs

© 2022 M.Adil Allabaksh All Rights Reserved


Set for every minutes make a directory
***** mkdir /harish

Set for 5 minutes past the hour make a directory

Set for Every 5 minutes make a directory

© 2022 M.Adil Allabaksh All Rights Reserved


Set for at 02:02 AM make a directory

We can Create a script for make directory and file then Set crontab schedule

Insert some task

Script is ready.

© 2022 M.Adil Allabaksh All Rights Reserved


Set script in Crontab

Every minutes script will be perform

3. "crontab -r" is used to remove or delete the user's crontab (i.e. the
scheduled tasks or commands that are set up to run automatically at specified
times).
When this command is executed, it will remove all the crontab entries for the
current user and it cannot be undone. Therefore, it is important to be cautious
when using this command as it will delete all the scheduled tasks set up for the
current user.
#crontab –r

© 2022 M.Adil Allabaksh All Rights Reserved


5. Manage Priority Of Linux Processes
Influence The Relative Priorities At Which Linux Processes Run
Main priority of Linux processes:
 By default Linux kernel consider all process equal important.
 Allocate the same amount of CPU time for each process
 Sometime you might want to increase or decrease the priority of certain
process to utilize more CPU time
Process:
 A process is a running program so any running program or a
command given to a Linux System is called a process
Priority of process:
 When talking about processes priority is all about managing
processor timing.
 PR is the process's actually priority, as viewed by the Linux Kernel.
 The priority of a process denote how much processor time allotted to
the process.
Nice and Renice command:
 Sometime we might want to increase or decrease the priority of certain
processes to utilize more CPU time.
 This is where the nice and renice command comes in help
 Nice command is used to run a process with a user defined priority
whereas
 Renice command changing the priority of an already running process.
 With the help of nice command you can set process priority.
 If you give a process higher priority, then kernel will allocate more CPU
time to that process.
 Whereas a Process start normally it get the default nice value 0
 If you start a process with nice command without any argument it, so it
gets the default NICE value of 10

© 2022 M.Adil Allabaksh All Rights Reserved


#nice gedit file2 & (if we start gedit so it gets default nice value of 10 )

 Here of 10 is the niceness or priority.

 Niceness value range is from -20 to 19.


 The negative value such as -20 gives higher priority to a process and
positive values such as 19 gives lower priority.
 Regular users are not allowed to start a process with higher priority.
 you need to be root user to launch any process with higher priority
 Linux gives equal time to all process some use more ram some use less
but we want some process to run first

pr=20 ni=0 default in (top command)

#top
Press R -------to renice
NI -20------0-------+19
High pr Low pr
pr 0-------20---------+39

© 2022 M.Adil Allabaksh All Rights Reserved


if we give -20 than that process will've high priority

© 2022 M.Adil Allabaksh All Rights Reserved


#ps -l
in above case PR start from 80
PR 60 99
NI -20 +19
High pr Low pr

#vim file21 & (run command in background and to get pid of vim
command)

© 2022 M.Adil Allabaksh All Rights Reserved


#nice -n [NI] [COMMAND] &
#nice -n -5 vim file21 &

# renice -n [NI] -p [PID]


#renice –n 5 4043

© 2022 M.Adil Allabaksh All Rights Reserved


6. Control Access To Files With Access Control Lists
(ACL)
Manage File Security Using POSIX Access Control Lists.

In Linux, Access Control Lists (ACLs) are used to provide more fine-grained
control over file and directory permissions. Traditionally, Linux file
permissions are controlled through a combination of three permission bits for
the file owner, group, and others. However, ACLs allow you to define
additional permissions for specific users or groups, which can be useful in
situations where the traditional permission model is not sufficient.
 ACLs are stored as extended attributes for files and directories, and can
be viewed and modified using the getfacl and setfacl commands,
respectively.
 The getfacl command displays the current ACL for a file or directory.
 While the setfacl command can be used to modify or set a new ACL.
 extra “+” sign after the permissions like -rw-rwx--+, this indicates there
are extra ACL permissions set which you can check by getfacl
command.
In Linux, there are two types of access control lists (ACLs) that can be set on
files and directories:

1. Access ACL
2. Default ACL

© 2022 M.Adil Allabaksh All Rights Reserved


BEFORE PERFORM ACL MAKE A DIRECTORY AND ADD
USER & GROUP

1. Access ACL: Access ACLs, also known as discretionary access control


lists (DACLs), are used to grant or deny permissions to specific users and
groups for a particular file or directory. Access ACLs are set using the
setfacl command with the -m option followed by a user or group
specification and the desired permissions. Access ACLs can also be viewed
using the getfacl command.

1. setfacl -m u:username:symbolic_value file-name


is used in Linux to modify file permissions for a specific user.
Here's what each part of the command means:
 "setfacl" is the command used to set Access Control Lists (ACLs) for
files and directories in Linux.
 "-m" is an option used to modify an existing ACL.
 "u:username" specifies the user for which the permissions are being
modified.
 "Symbolic value" is the new permission that is being set for the
specified user.
 "file-name" is the name of the file or directory for which the ACL is
being modified.

© 2022 M.Adil Allabaksh All Rights Reserved


Before Implement ACL Permission

After Implement ACL Permission

# setfacl -m u:ritik:rwx private

Even you can give permission to group like this

© 2022 M.Adil Allabaksh All Rights Reserved


2. setfacl -x g:prajwal private
-x is used to remove a specific Access Control List (ACL) entry from a
file or directory in Linux.
Here's what each part of the command means:
 "setfacl" is the command used to set or modify ACLs for files and
directories in Linux.
 "-x" is an option used to remove an existing ACL entry.
 "g:prajwal" specifies the group for which the ACL entry is being
removed. In this case, it is the group named "prajwal".
 "private" is the name of the file or directory from which the ACL entry
is being removed
# setfacl -x g:prajwal private

© 2022 M.Adil Allabaksh All Rights Reserved


3. #setfacl -b private
is used to remove all Access Control Lists (ACLs) from a file or
directory in Linux.
Here's what each part of the command means:
 "setfacl" is the command used to set or modify ACLs for files and
directories in Linux.
 "-b" is an option used to remove all existing ACL entries for the
specified file or directory.
 "private/" is the name of the file or directory for which the ACLs are
being removed.
 This command will remove all ACL entries, including any default ACLs
that may have been set for the directory.
 If you want to remove only specific ACL entries, you should use the "-
x" option followed by the specific entry to be removed.

© 2022 M.Adil Allabaksh All Rights Reserved


4. #setfacl –Rm u:ritik:rwx private
In this particular command, "-R" option is used to apply the ACL
recursively on all files and directories under the "private" directory.
 The option "-m" is used to modify the existing ACL.
 The ACL being set here grants "ritik" user the permission of "rwx" i.e.
read, write and execute on the "private" directory.
 So, the complete command "setfacl -Rm u:ritik:rwx private" means to
set the ACL of the "private" directory and all of its subdirectories and
files to give "ritik" user the permission to read, write, and execute all
files and directories under "private

© 2022 M.Adil Allabaksh All Rights Reserved


 Before Implement Recessive ACL

# setfacl -Rm u:ritik:rwx private/

© 2022 M.Adil Allabaksh All Rights Reserved


2. Default ACL: Default ACLs are used to set default permissions for files
and directories that will be inherited by newly created files and directories
in the same directory. Default ACLs are set using the setfacl command
with the -d option followed by a user or group specification and the desired
permissions. Default ACLs can also be viewed using the getfacl command
with the -d option.

What Make Difference -R and -d In Setfacl?

 The "-R" option in "setfacl" stands for recursive. When used with
"setfacl", it applies the ACLs to all files and directories recursively in a
given directory.
 This means that the command will not only apply the ACL to the
specified directory, but also to all files and directories within that
directory.
 On the other hand, the "-d" option in "setfacl" stands for default.
When used with "setfacl", it sets a default ACL for a directory. This
means that any new files or directories created within that directory will
inherit the same ACL.

© 2022 M.Adil Allabaksh All Rights Reserved


Add default ACL
#setfacl -dm u:ritik:rwx private
In this particular command, "-d" option is used to set a default ACL for the
"private" directory. This means that any new files or directories created
under "private" will inherit the ACL set by this command.
 The option "-m" is used to modify the existing ACL.
 The ACL being set here grants "ritik" user the permission of "rwx" i.e.
read, write and execute on any new files or directories created under the
"private" directory.
 So, the complete command "setfacl -dm u:ritik:rwx private" means to
set the default ACL for the "private" directory to give "ritik" user the
permission to read, write, and execute any new files or directories
created under "private".
#setfacl -dm u:ritik:rwx private

© 2022 M.Adil Allabaksh All Rights Reserved


Remove Default ACL
The -k flag with setfacl is used to remove all extended ACL entries from a file
or directory.
#setfacl -k u:ritik:rwx private

© 2022 M.Adil Allabaksh All Rights Reserved


7. Manage Selinux Security
Manage The Security Enhanced Linux (Selinux) Behavior Of A System To
Keep It Secure In Case Of A Network Service Compromise

SELinux (Security-Enhanced Linux) is a Security Framework for Linux


operating systems that provides a Mandatory Access Control (MAC)
mechanism. Unlike traditional Unix-style Discretionary Access Control
(DAC), which relies on user-based permissions, SELinux uses a policy-based
approach to control access to system resources.

SELinux operates by assigning a security context to every object on the


system, including files, directories, processes, and network sockets. Each
security context has a set of rules associated with it that determine which
subjects (such as users, programs, or system services) are allowed to access
that object, and in what ways. By enforcing these rules, SELinux can prevent
many types of security exploits, such as buffer overflows, code injection, and
privilege escalation.

The NSA has had some involvement in the development of Linux, particularly
in the area of security. For example, the NSA developed a security-enhanced
version of Linux called SELinux (Security-Enhanced Linux), which adds
mandatory access controls to the standard Linux security model.

SELinux is now included in many popular Linux Distributions, such as Red


Hat Enterprise Linux and CentOS. In addition, the NSA has released several
other security-related tools and guides for Linux, including the Security-
Enhanced Linux User Guide, the Linux Security Hardening Guide, and the
NSA Security Configuration Recommendations for Linux.

© 2022 M.Adil Allabaksh All Rights Reserved


SELinux and Firewalld both provide security at different levels of
the Linux system.

While both SELinux and firewalld provide different types of security at


different levels of the system, they are complementary and can be used
together to provide a more comprehensive security solution for Linux systems.
For example, SELinux can be used to control access to system resources based
on the security context of the user or process, while firewalld can be used to
block unauthorized network traffic and protect against network-based
attacks. Together, these technologies can provide a multi-layered security
approach that can help protect a Linux system from a wide range of security
threats.

There are three main policy modes in SELinux, which are:

 Enforcing mode: In this mode, SELinux enforces the access control


policies defined by the system administrator. If a process tries to access
a resource that is not explicitly allowed by the policy, SELinux will deny
access and create an audit log entry. The system administrator is also
notified of the policy violation, so they can take corrective action.
 Permissive mode: In this mode, SELinux does not enforce the access
control policies, but it does log any policy violations that occur. The
system administrator can use these logs to identify potential policy
violations and make changes to the policy to ensure that the system is
secure.
 Disabled mode: In this mode, SELinux is completely turned off, and
no access control policies are enforced. This mode is not recommended
for production systems, as it leaves the system vulnerable to security
threats.

Note:- It is recommended to use enforcing mode in production environments


to provide the highest level of security protection.

© 2022 M.Adil Allabaksh All Rights Reserved


The ls -Z command is used to display SELinux security context information
for files and directories in a Linux system. The output of this command
displays file or directory name, ownership, permissions, and SELinux security
context information
The ls -Z command displays the SELinux security context information in the
format of user:role:type:level. For example, if you run the command ls -Z
/var/log, you might see output similar to the following:
user:role:type:level values for each file or directory are shown as
system_u:object_r: admin_home_t:s0.
 unconfined_u: the SELinux user associated with the file or directory
 object_r: the SELinux role associated with the file or directory
 admin_home_t: the SELinux type associated with the file or directory
 s0: the SELinux level associated with the file or directory
#ls –Z

The semanage port -l command is used to display the list of network port
definitions that are currently managed by SELinux in a Linux system. The
output of this command shows a list of port definitions with the following
information for each port:
 selinux_context: the SELinux security context associated with the port
 proto: the protocol (TCP or UDP) used by the port
 port: the port number or port range

© 2022 M.Adil Allabaksh All Rights Reserved


getenforce is a command used in Linux operating systems to retrieve the
current SELinux mode of the system. SELinux, or Security-Enhanced Linux,
is a security module that provides mandatory access control to the system.

When you run the getenforce command, it will return one of three possible
modes:
 Enforcing: SELinux is enabled and actively enforcing security policies.
 Permissive: SELinux is enabled, but it is not enforcing policies. Instead,
it will log policy violations for analysis.
 Disabled: SELinux is not enabled on the system.
#getenforce

© 2022 M.Adil Allabaksh All Rights Reserved


#setenforce
When you run the setenforce command, it allows you to set the SELinux mode
to one of two possible modes:
 Enforcing: SELinux is enabled and actively enforcing security policies.
 Permissive: SELinux is enabled, but it is not enforcing policies. Instead,
it will log policy violations for analysis.
To change the SELinux mode using setenforce, open a terminal window and
type setenforce <mode>, where <mode> is either Enforcing or Permissive.
Note that to use setenforce, you must have superuser privileges or be logged in
as the root user.
#setenforce permissive
#setenforce enforcing
#setenforce 0
#setenforce 1

© 2022 M.Adil Allabaksh All Rights Reserved


INSTALL HTTP SERVICES
#yum install http*

# cd /var/www/html
# ls
# vi index.html

© 2022 M.Adil Allabaksh All Rights Reserved


WRITE HTML CODE FOR SOME WEB PAGES

# firefox&

START HTTPD SERVICES


# systemctl status httpd
# systemctl start httpd
# systemctl status httpd

© 2022 M.Adil Allabaksh All Rights Reserved


Search http://localhost

Search 127.0.0.1

© 2022 M.Adil Allabaksh All Rights Reserved


Check IP address

Search ip addresses (192.16.199.142)

© 2022 M.Adil Allabaksh All Rights Reserved


Change Context
The command chcon -t default_t index.html is used to change the SELinux
security context of the index.html file to the default_t type.

SELinux security context labels are composed of three parts: user, role, and
type. The type field is the most commonly used in chcon command to change
the SELinux context of a file or directory.
In this case, the default_t type is a commonly used SELinux context type that
provides default security restrictions for most files on the system. By running
this command, you are changing the security context of the index.html file to
the default security context type.
# chcon -t default_t index.html
#ls -Z

Refresh the page, page will be not working because selinux is implement with
enforcing mode

© 2022 M.Adil Allabaksh All Rights Reserved


If we change Selinux mode
Enforcing mode to permissive mode.

Refresh the page, page will be working because selinux is implement with
permissive mode

#restorecon index.html

© 2022 M.Adil Allabaksh All Rights Reserved


8. Add Disks, Partitions, And File Systems To A Linux
System
Manage Simple Partitions And File Systems.
Data Storage can be categorized into various types based on different
criteria such as accessibility, volatility, and usage. Here are some common
Types of Data Storage:
1) Primary Storage: Volatile memory (e.g., RAM) used by the computer's
CPU for actively processed data.
2) Secondary Storage:
 Hard Disk Drives (HDD): Traditional magnetic storage devices.
 Solid State Drives (SSD): Use flash memory for faster data access.
 Hybrid Drives (SSHD): Combine features of HDDs and SSDs.
3) Tertiary Storage: Used for backup and archival purposes.
Examples include tape drives and optical storage (e.g., DVDs, Blu-ray).
4) Cloud Storage: Stores data on remote servers accessed over the internet.
Services like Google Drive, Dropbox, and Amazon S3.
5) Network-Attached Storage (NAS): Dedicated storage device connected
to a network for file-based data storage.
6) Storage Area Network (SAN): High-speed network connecting and
presenting shared storage to multiple servers.
7) Flash Drives: Portable storage devices using NAND-type flash memory
(USB drives or thumb drives).
8) Memory Cards: Removable cards used in cameras, smartphones, etc., to
expand storage.

In Linux, the terms "sector", "clustering", "tracks", and "cylinder" relate to


how data is organized and stored on a hard disk.

© 2022 M.Adil Allabaksh All Rights Reserved


 Sector is the smallest physical unit on a hard disk and is typically 512
bytes in size. Data is stored in blocks of sectors.
 Clustering refers to the allocation of data into groups of contiguous
sectors. Clusters are typically several sectors in size and are used to
improve data access times.
 Track is a concentric circle on the hard disk surface. All the sectors that
lie under the head in a particular position make up a track. Tracks are
used to organize data into rings around the disk.
 Cylinder is a set of tracks that are vertically above one another on the
disk. In other words, a cylinder is the collection of all tracks that can be
read at a single position of the head.
In summary, these terms relate to the physical organization of data on a hard
disk in Linux, and understanding them is important when working with disk
partitions, file systems, and disk utilities

© 2022 M.Adil Allabaksh All Rights Reserved


Type of Partition Methods:-
Master Boot Record (MBR) partitioning system is a method for
dividing a hard drive into multiple partitions. It is a legacy system that has
been used on PC-compatible computers since the 1980s.
 The MBR partitioning scheme is limited to a maximum of four primary
partitions, or three primary partitions and one extended partition. An
extended partition can be subdivided into logical partitions, which
behave like primary partitions.
 The MBR partitioning scheme is used to define the location of partitions
on the disk, as well as to specify which partition is bootable. The boot
loader code is also stored in the MBR, which is executed by the BIOS
during the boot process to load the operating system.
 One major limitation of the MBR partitioning system is that it only
supports up to 2 terabytes of disk space. It also does not support more
advanced features like GUID Partition Table (GPT) partitions, which
can be used to support larger disk sizes and more partitions.
GUID Partition Table (GPT) is a newer partitioning system that was
introduced in the late 1990s as part of the Unified Extensible Firmware
Interface (UEFI) specification. It is now the default partitioning scheme used
by most modern computers.
 Compared to the older Master Boot Record (MBR) partitioning scheme,
GPT supports larger disk sizes, more partitions, and more advanced
features. It can support disks larger than 2 terabytes and allows for up
to 128 partitions on a single disk.
 In addition to the increased partition capacity, GPT also provides better
data integrity and reliability by storing multiple copies of the partition
table throughout the disk, which helps to protect against data loss and
corruption.
 GPT also supports a unique partition identifier (GUID), which allows
operating systems to identify partitions and disk volumes more
accurately. This is particularly useful when working with multiple
operating systems on the same disk, as each operating system can have
its own unique identifier.

© 2022 M.Adil Allabaksh All Rights Reserved


GPT Partions System Vs MBR Partitons System
The main differences between the GUID Partition Table (GPT) partitioning
system and the Master Boot Record (MBR) partitioning system are:

 Capacity: GPT supports disk sizes of up to 9.4 zettabytes (ZB), whereas


MBR is limited to 2 terabytes (TB).
 Partitioning: GPT supports up to 128 partitions, while MBR only
supports four primary partitions or three primary partitions and one
extended partition.
 Booting: MBR stores the boot loader code in the first sector of the disk,
whereas GPT stores the boot loader code in a separate EFI System
Partition (ESP).
 Data Integrity: GPT stores multiple copies of the partition table
throughout the disk, providing greater data integrity and reliability
compared to MBR, which only stores one copy of the partition table.
 Compatibility: GPT requires a system with a Unified Extensible
Firmware Interface (UEFI), while MBR can be used with both BIOS
and UEFI systems.

Overall, GPT is a more advanced and modern partitioning system compared


to MBR, providing greater capacity, partitioning flexibility, data integrity,
and compatibility with modern systems. However, MBR is still widely used in
legacy systems and can be a more practical option for smaller disk sizes and
simpler partitioning needs.

© 2022 M.Adil Allabaksh All Rights Reserved


File System Format Types:-
ext1, ext2, ext3, ext4, xfs, ntfs, fat32, and exfat are all file system types used in
various operating systems.
 ext1: The first extended file system was developed in 1992 for the Linux
kernel. It supports file and directory permissions but has limited
support for larger file systems, and it's not used widely anymore.
 ext2: The second extended file system was developed in 1993 and
became the default file system for Linux. It's an improvement over ext1
with added support for larger file systems and faster performance.
 ext3: This file system is an extension of ext2 with journaling support
added. It was designed to address the data loss issues associated with
ext2. It's a reliable and stable file system and is still widely used in many
Linux distributions.
 ext4: This file system is an improvement over ext3 and was introduced
in 2008. It provides support for larger file systems, faster performance,
and improved data reliability. It also includes support for journal
checksums, delayed allocation, and faster file system checks.
 xfs: This is a high-performance journaling file system developed by
Silicon Graphics in 1993. It's known for its scalability, high-
performance, and support for large file systems. It's commonly used for
storage systems and big data applications.
 ntfs: The New Technology File System is used by the Windows
operating system. It supports file and directory permissions, journaling,
and encryption. It's commonly used for storing files on removable
storage devices like USB drives.
 fat32: The File Allocation Table is an old file system that was first
introduced in the 1980s. It's commonly used on removable storage
devices like USB drives, SD cards, and older hard drives. It has a
maximum file size of 4 GB and is not commonly used anymore.
 exfat: The Extended File Allocation Table is an updated version of FAT
and is used on removable storage devices like USB drives and SD cards.
It supports larger file sizes than FAT32, has faster performance, and
supports journaling.
Each file system has its advantages and disadvantages, and the choice of file
system depends on the specific use case and requirement.

© 2022 M.Adil Allabaksh All Rights Reserved


LET'S START PRACTICAL SESSION
lsblk command to display information about all available block devices,
including hard disk

STEP TO ADD DISK


STEP : 1

STEP : 2

© 2022 M.Adil Allabaksh All Rights Reserved


STEP : 3

STEP : 4

© 2022 M.Adil Allabaksh All Rights Reserved


STEP : 5

STEP : 6

© 2022 M.Adil Allabaksh All Rights Reserved


IF NOT SHOWING ADDED DISK THEN REBOOT YOU SYSTEM
#INIT 6

AFTER REBOOT YOU SYSTEM YOU WILL GET ONE DISK (sda)

© 2022 M.Adil Allabaksh All Rights Reserved


FDISK
fdisk is a command-line utility used in Linux and other Unix-like operating
systems to manage disk partitions on hard drives or other storage devices. The
fdisk command allows users to create, delete, resize, and modify partitions on
a disk, as well as to view information about existing partitions.
Some common fdisk commands and options include:
 fdisk -l: List information about all disks and partitions currently
connected to the system.

 fdisk /dev/sda: Start the fdisk utility and specify the target disk /dev/sda
for partition management.
o p: Print the current partition table for the selected disk.
o n: Create a new partition on the selected disk.
o d: Delete a partition from the selected disk.
o t: Change the partition type of an existing partition.
o w: Write the current partition table to disk and exit fdisk.
o q: Quit fdisk without saving any changes.
It's important to be cautious when using fdisk, as modifying the partition
table can potentially result in data loss or corruption. Before making any
changes to the partition.

© 2022 M.Adil Allabaksh All Rights Reserved


#fdisk /dev/sda

p: Print the current partition table for the selected disk

n: Create a new partition on the selected disk.

© 2022 M.Adil Allabaksh All Rights Reserved


p: Print the current partition table for the selected disk

Let assume we create 4 primary p-artitions


Then you cannot able to create new partition

© 2022 M.Adil Allabaksh All Rights Reserved


Delete the partition
d : Delete a partition from the selected disk.

First create 3 primary partition and create 1 extended partition

© 2022 M.Adil Allabaksh All Rights Reserved


Now we are going to create 10 gb partition

#partprobe
Partprobe is a command in Linux used to inform the kernel of partition table
changes on a hard disk. When new partitions are created or existing partitions
are resized, the partition table on the disk is updated, but the kernel may not
be aware of these changes until the system is rebooted or the disk is re-
scanned.

© 2022 M.Adil Allabaksh All Rights Reserved


The mkfs command is used to create a file system on a disk partition
#mkfs.ext4 /dev/sda1

resize2fs is a command used to resize the ext2, ext3, or ext4 file system on a
disk partition. It is used to expand or shrink the file system on a partition
when the underlying partition has been resized
#resize2fs /dev/sda1

© 2022 M.Adil Allabaksh All Rights Reserved


Mount command is used to attach a file system to a directory in the file system
hierarchy. This makes the contents of the file system accessible to the system
and users.
mount [options] <source> <directory>

Make a directory and mount


#mkdir /Second_partition
#mount /dev/sda1 /Second_partition

© 2022 M.Adil Allabaksh All Rights Reserved


Permanent mount:-
/etc/fstab is a system configuration file that contains information about file
systems that are automatically mounted at system startup.
<file system device> <mount point> <file system type> <mount
options> <dump> <fsck>
Where:
 <file system device> is the device file or network location of the file system.
 <mount point> is the directory in the file system hierarchy where the file
system will be attached.
 <file system type> is the type of file system, such as ext4, xfs, or nfs.
 <mount options> are the options to be used when mounting the file
system, such as read-only or noexec.
 <dump> is used by the dump command to determine which file systems
need to be backed up. A value of 0 means the file system should not be
backed up.
 <fsck> is used by the fsck command to determine the order in which file
systems should be checked at startup. A value of 0 means the file system
should not be checked.
Enter the entering for mount detail in /dev/fstab

Enter the Enteries in /etc/fstab,


© 2022 M.Adil Allabaksh All Rights Reserved
/dev/sda1 /Second_partition ext4 defaults 0 0

mount -a is a command in Linux and Unix-based operating systems that


mounts all file systems listed in the /etc/fstab configuration file that have the
auto option set.
#mount -a

© 2022 M.Adil Allabaksh All Rights Reserved


9. Manage Logical Volume Management (LVM) Storage
Manage Logical Volumes From The Command Line.

LVM stands for Logical Volume Manager.


 It is a system that allows you to manage storage devices and disks on a
Linux system in a flexible and dynamic way.
 With LVM, you can create virtual storage volumes that span multiple
physical storage devices, which can be expanded or shrunk as needed.
 This allows for easy management of storage without having to worry
about the underlying physical disks and their partitions.
 Overall, LVM provides a powerful and flexible way to manage storage
on Linux systems, making it easier to manage and scale storage as
needed.
LVM functions by layering abstractions on top of physical storage devices.
The basic layers that LVM uses, starting with the most primitive, are:
 Physical Volumes (pv): The LVM utility prefix for physical volumes is
pv.... This physically blocks devices or other disk-like devices (for
example, other devices created by device mapper, like RAID arrays)
and are used by LVM as the raw building material for higher levels of
abstraction. Physical volumes are regular storage devices. LVM writes a
header to the device to allocate it for management.
 Volume Groups (vg): The LVM utility prefix for volume groups is vg....
LVM combines physical volumes into storage pools known as volume
groups. Volume groups abstract the characteristics of the underlying
devices and function as a unified logical device with combined storage
capacity of the component physical volumes.
 Logical Volumes (lv): The LVM utility prefix for logical volumes is lv...,
generic LVM utilities might begin with lvm.... A volume group can be
sliced up into any number of logical volumes. Logical volumes are
functionally equivalent to partitions on a physical disk, but with much
more flexibility. Logical volumes are the primary component that users
and applications will interact with.

© 2022 M.Adil Allabaksh All Rights Reserved


In Logical Volume Manager (LVM), You Can Perform The Following
Operations To Manage Logical Volumes:
 Create: To create a logical volume, you first need to create a physical
volume (PV) from a storage device, then create a volume group (VG) by
combining multiple physical volumes, and finally create a logical
volume (LV) from the volume group using the lvcreate command
 Extend: To extend a logical volume, you can use the lvextend command
to increase its size. This operation requires that there is free space
available in the volume group that the logical volume belongs to.
 Reduce: To reduce a logical volume, you can use the lvreduce command
to decrease its size. This operation requires that the logical volume is
not in use and that you have backed up any important data before
proceeding.
 Remove: To remove a logical volume, you can use the lvremove
command. This operation will delete the logical volume and its data.
Before performing this operation, you should make sure that you have
backed up any important data that is stored on the logical volume.
Overall, these operations provide great flexibility in managing logical volumes
in LVM, allowing you to adjust the size of logical volumes as needed and
remove them when they are no longer required.

© 2022 M.Adil Allabaksh All Rights Reserved


CREATE A LVM PARTITION:
#lsblk
#fdisk /dev/sda
p: Print the current partition table for the selected disk

n: Create a new partition on the selected disk

© 2022 M.Adil Allabaksh All Rights Reserved


t: Change the partition type of an existing partition.
l: list all code for change partition type

8e: hexa code linux lvm type

w: Write the current partition table to disk and exit fdisk.

© 2022 M.Adil Allabaksh All Rights Reserved


#lsblk

# partx /dev/sda
# pvs
# pvcreate /dev/sda1
# pvs

# vgs
# vgcreate new_vg1 /dev/sda1
# vgs

© 2022 M.Adil Allabaksh All Rights Reserved


# lvs
# lvcreate -L +5G -n new_lv1 new_vg1
# lvs

# mkfs.ext4 /dev/new_vg1/new_lv1
# resize2fs /dev/new_vg1/new_lv1

# mkdir /lvmpartitions
# mount /dev/new_vg1/new_lv1 /lvmpartitions/
# df -h
# df -Th

© 2022 M.Adil Allabaksh All Rights Reserved


© 2022 M.Adil Allabaksh All Rights Reserved
EXTEND A LVM PARTITION:
1. Extend by using vg Storage
2. Extend by using pv Storage

1. Extend by using vg Storage


CHECK VG HAVING STORAGE LEFT OR NOT
#df –h
#pvs
#vgs
#lvs

IF VG HAVING STORAGE LEFT AND UTILIZE IT.


#vgs
#lvextend –L +4.995G /dev/new_vg1/new_lv1
#resize2fs /dev/new_vg1/new_lv1
#df -h

© 2022 M.Adil Allabaksh All Rights Reserved


© 2022 M.Adil Allabaksh All Rights Reserved
2. Extend by using pv Storage
ADD ONE DISK IN PV THEN EXTEND THAT IN VG, THEN UTILIZES
IN LV
# df -h
# pvs
# vgs
# lvs

# lsblk
# fdisk /dev/sda
 n: for new partition
 t:for change partition type
 8e is type of lvm
 w:for save the changes

© 2022 M.Adil Allabaksh All Rights Reserved


# lsblk
# pvs
# pvcreate /dev/sda2
# pvs

© 2022 M.Adil Allabaksh All Rights Reserved


# pvs
# vgs
# vgextend new_vg1 /dev/sda2
# vgs

# lvs
# lvextend -L +9.995G /dev/new_vg1/new_lv1
# lvs

© 2022 M.Adil Allabaksh All Rights Reserved


# df- h
# lvs
# df -h
# resize2fs /dev/new_vg1/new_lv1
# df -h

© 2022 M.Adil Allabaksh All Rights Reserved


REDUCE A LVM PARTITION:
BEFORE PERFORM REDUCE IN LVM TAKE A BACKUP OF DATA

# df -h
# lvs
# df –h

# e2fsck -yf /dev/new_vg1/new_lv1


# resize2fs /dev/new_vg1/new_lv1

© 2022 M.Adil Allabaksh All Rights Reserved


"e2fsck -yf /dev/new_vg1/new_lv1" is used to check and repair the file system
on the logical volume "/dev/new_vg1/new_lv1". Here's what each of the
options mean:
 "e2fsck": This is the command to check and repair an ext2, ext3, or ext4
file system.
 "-y": This option automatically answers "yes" to any prompts that
e2fsck might display, which allows the command to fix any errors it
finds without requiring manual intervention.
 "-f": This option forces e2fsck to check the file system even if it appears
to be clean.
The logical volume "/dev/new_vg1/new_lv1" is specified as the target for
e2fsck. This is a logical volume within the volume group "new_vg1". The "-
yf" options indicate that any errors found during the check should be
automatically repaired, and that e2fsck should force the check even if it
appears to be unnecessary.
# lvreduce -L -15G /dev/new_vg1/new_lv1
# lvs
# vgs
# pvs

# mkfs.ext4 /dev/new_vg1/new_lv1
# resize2fs /dev/new_vg1/new_lv1

© 2022 M.Adil Allabaksh All Rights Reserved


# df -h

# df -h
# mount /dev/new_vg1/new_lv1 /lvmpartitions/
# df -h

© 2022 M.Adil Allabaksh All Rights Reserved


REMOVE A LVM PARTITION:
# pvs
# vgs
# lvs

# df -h
# umount /lvmpartitions/
# df -h

# e2fsck -yf /dev/new_vg1/new_lv1


# resize2fs /dev/new_vg1/new_lv1

© 2022 M.Adil Allabaksh All Rights Reserved


# lvs
# lvremove /dev/new_vg1/new_lv1
# lvs

# vgs
# vgremove new_vg1
# vgs

© 2022 M.Adil Allabaksh All Rights Reserved


# pvs
# pvremove /dev/sda1 /dev/sda2
# pvs

# lsblk

© 2022 M.Adil Allabaksh All Rights Reserved


10. Access Networked Attached Storage with Network
File System (NFS)
Access (secure) NFS shares
NFS is Stand for Network File System
 NFS (Network File System) is a protocol used in Linux and other Unix-
like operating systems for sharing files and directories over a network.
 It allows a system to share directories and files with other systems on
the same network as if they were on the local file system.
 NFS is based on the client-server model, where a server shares its
resources with one or more clients.
 The NFS server exports directories to clients that request them, and the
clients mount the exported directories to access the shared files.
 NFS is commonly used in Linux environments to share files between
servers, workstations, and other devices. It offers advantages such as
centralized management, simplified backup and disaster recovery, and
improved collaboration.
 However, it also has some security considerations, and care must be
taken to ensure that shared directories are properly secured.

BEFORE PERFORM NFS YOU NEED


 Two OS Machine
 Check the Connectivity between OS
 Check the yum repository

© 2022 M.Adil Allabaksh All Rights Reserved


STEP 1: SET HOSTNAME TWO OS
SERVER SIDE:
# hostnamectl set-hostname Server
# hostnamectl

© 2022 M.Adil Allabaksh All Rights Reserved


PERFORM SAME THING ON CLIENT SIDE:
# hostnamectl set-hostname Client
# hostnamectl

© 2022 M.Adil Allabaksh All Rights Reserved


STEP 2: CHECK IP ADDRESS OF OS CONNECTIVITY
PING CLIENT IP ADDRESS FROM SERVER SIDE
# ifconfig
# ping 192.168.199.141

PING SERVER IP ADDRESS FROM CLIENT SIDE


# ifconfig
# ping 192.168.199.142

© 2022 M.Adil Allabaksh All Rights Reserved


STEP 3: CHECK YUM REPOSITORY
SERVER SIDE:
# yum repolist all

CLIENT SIDE:
# yum repolist all

STEP 4: PERFORM ALL NFS CONFIGURATION IN SERVER


SIDE
# yum install nfs* -y

© 2022 M.Adil Allabaksh All Rights Reserved


# ls /
# mkdir /nfs_share
# ls /
# chmod 777 /nfs_share/
# ls /

# systemctl status nfs-utils.service


# systemctl start nfs-utils.service
# systemctl status nfs-utils.service

# systemctl status nfs-server.service


# systemctl start nfs-server.service
# systemctl status nfs-server.service

© 2022 M.Adil Allabaksh All Rights Reserved


# vi /etc/exports

# vi /etc/exports
# cat /etc/exports
# exportfs -rv

© 2022 M.Adil Allabaksh All Rights Reserved


# firewall-cmd --list-all
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=rpc-bind
# firewall-cmd --permanent --add-service=mountd

# firewall-cmd --reload
# firewall-cmd --list-all

© 2022 M.Adil Allabaksh All Rights Reserved


STEP 5: PERFORM ALL NFS CONFIGURATION IN CLIENT
SIDE
# ls /
# mkdir /nfs_accept
# ls /

# showmount -e 192.168.199.142
# df -h

# mount -t nfs 192.168.199.142:/nfs_share /nfs_accept/


# df -h

© 2022 M.Adil Allabaksh All Rights Reserved


STEP 6: SHARE OR CREATE SOME FILE OR DIRECTORY
FROM CLIENT SIDE TO SERVER SIDE

#cd /nfs_accept/
# ls
# mkdir success
# ll

© 2022 M.Adil Allabaksh All Rights Reserved


11. Access networked storage with SMB
Mount and unmount SMB file systems.
Samba is an open-source software suite that allows file and print sharing
between Windows and Linux/Unix systems. It provides file and printer
services to Windows clients through the SMB/CIFS protocol.

 File and printer sharing: Samba allows users to share files and printers
with other computers on the network.
 Domain controller: Samba can act as a domain controller and provide
authentication and authorization services to clients.
 Active Directory integration: Samba can integrate with Microsoft's
Active Directory and provide a variety of services, including domain
authentication, group policy, and directory services.
 Security: Samba provides various security features, such as user-level
and share-level access controls, encryption, and auditing

BEFORE PERFORM SAMBA YOU NEED


 Two OS Machine (One Linux OS And One Windows OS)
 Check the Connectivity between OS
 Check the yum repository In Server Side

© 2022 M.Adil Allabaksh All Rights Reserved


STEP 1: CHECK IP ADDRESS OF OS CONNECTIVITY
PING CLIENT IP ADDRESS FROM SERVER SIDE
# ifconfig

Window Side IP Address:

# ping 192.168.0.179

© 2022 M.Adil Allabaksh All Rights Reserved


STEP 2: PERFORM ALL SAMBA CONFIGURATION FROM
SERVER SIDE
# mkdir /samba_share
#ls /
# chmod 777 /samba_share/
# ls /

# ls -Z /

# chcon -t samba_share_t /samba_share/


# ls -Z /

© 2022 M.Adil Allabaksh All Rights Reserved


# yum install samba*

# systemctl status smb.service


# systemctl start smb.service
# systemctl status smb.service

© 2022 M.Adil Allabaksh All Rights Reserved


# systemctl status smb.service

# useradd prajwal
# passwd prajwal

# smbpasswd -a prajwal

© 2022 M.Adil Allabaksh All Rights Reserved


# vi /etc/samba/smb.conf

[samba_share]
path=/samba_share
host allow=192.168.0.179
valid users=prajwal
write list=prajwal
browseable=yes

© 2022 M.Adil Allabaksh All Rights Reserved


# systemctl restart smb.service

# systemctl restart smb.service


# firewall-cmd --list-all
# firewall-cmd --permanent --add-service=samba
# firewall-cmd --reload

# firewall-cmd --list-all

© 2022 M.Adil Allabaksh All Rights Reserved


STEP 3: PERFORM ALL SAMBA CONFIGURATION FROM
CLIENT SIDE (WINDOW SIDE)

© 2022 M.Adil Allabaksh All Rights Reserved


© 2022 M.Adil Allabaksh All Rights Reserved
STEP 4: SHARE OR CREATE SOME FILE OR DIRECTORY
FROM LINUX OS TO WINDOW OS
# cd /samba_share/
# ls
# mkdir harry{1..100}

© 2022 M.Adil Allabaksh All Rights Reserved


# rmdir harry{1..100}
# touch potter.txt

© 2022 M.Adil Allabaksh All Rights Reserved


12. Control and troubleshoot the Red Hat Enterprise
Linux boot process Limit network communication with
firewall
Configure a basic firewall.
A Firewall is a software or hardware component that controls incoming and
outgoing network traffic based on a set of predefined security rules.
 In Linux, a firewall is often used to protect the system from
unauthorized access and to restrict network traffic to only what is
necessary for the system to function properly.
 The most commonly used firewall in Linux is the Netfilter firewall,
which is also known as iptables. It is a built-in firewall feature in the
Linux kernel that provides packet filtering, network address translation
(NAT), and packet mangling.
 Iptables is a command-line tool that allows system administrators to
create rules that determine which traffic should be allowed or blocked
based on various criteria, such as the source and destination IP
addresses, port numbers, and protocol types.
 Another popular firewall solution in Linux is the Uncomplicated
Firewall (UFW), which is a user-friendly front-end for iptables.
 It allows administrators to configure iptables rules using a simplified
syntax and provides predefined profiles for common services such as
HTTP, FTP, and SSH.
 In addition to these built-in firewalls, there are also third-party firewall
solutions available for Linux, such as FirewallD and Shorewall, that
provide more advanced features such as application-level filtering and
connection tracking.
 Overall, a firewall in Linux is an essential security tool that can help
protect your system and data from unauthorized access and malicious
attacks.

© 2022 M.Adil Allabaksh All Rights Reserved


FIREWALL ZONES
There is no standard or universal set of 11 firewall zones. The number of
zones and their names can vary depending on the firewall solution and the
specific needs of the system.
That being said, some firewall solutions might offer 11 predefined zones or
allow the creation of 11 custom zones. Here are some possible examples of 11
firewall zones:
 Block: This zone could be used to block all incoming and outgoing
traffic.
 Allow: This zone could be used to allow all incoming and outgoing
traffic.
 Public: This zone could be used for public-facing interfaces, such as a
Wi-Fi hotspot or a public server.
 Private: This zone could be used for private network interfaces, such as
a home or office network.
 Internal: This zone could be used for internal network interfaces, such
as a LAN or a VPN.
 External: This zone could be used for external network interfaces, such
as a modem or a router.
 DMZ: This zone could be used for a demilitarized zone that separates a
public network from a private network.
 Insecure: This zone could be used for insecure network interfaces, such
as a Wi-Fi network with no encryption.
 Secure: This zone could be used for secure network interfaces, such as a
wired Ethernet network with encryption.
 Wireless: This zone could be used for wireless network interfaces, such
as a Wi-Fi network.
 VPN: This zone could be used for virtual private network (VPN)
connections.
Again, this is just an example of 11 possible firewall zones. The actual number
and names of the zones can vary depending on the specific needs of the system
and the firewall solution being used.

© 2022 M.Adil Allabaksh All Rights Reserved


Again, this is just an example of 11 possible firewall zones. The actual number
and names of the zones can vary depending on the specific needs of the system
and the firewall solution being used.

To Check your all Firewall Zones

# firewall-cmd --list-all-zones

© 2022 M.Adil Allabaksh All Rights Reserved


HOW TO CHANGE INTERFACE IN FIREWALLD
# firewall-cmd --get-active-zone
# firewall-cmd --zone=public --remove-interface=ens160
# firewall-cmd --get-active-zone

# firewall-cmd --get-active-zone
# firewall-cmd --zone=public --add-interface=ens160
# firewall-cmd --get-active-zone

# firewall-cmd --zone=trusted --list-interface


# firewall-cmd --zone=public --remove-interface=ens160
# firewall-cmd --zone=trusted --add-interface=ens160
# firewall-cmd --zone=trusted --list-interface

© 2022 M.Adil Allabaksh All Rights Reserved


# firewall-cmd --zone=trusted --list-interface
# firewall-cmd --zone=trusted --remove-interface=ens160
# firewall-cmd --zone=public --add-interface=ens160
# firewall-cmd --zone=public --list-all

© 2022 M.Adil Allabaksh All Rights Reserved


Target
A target in firewalld is a predefined firewall policy that defines a set of rules
to allow or block traffic for a specific network zone. A zone is a network
interface or set of interfaces with specific network characteristics, such as a
trusted, public, or DMZ network.
"reject target" in a firewall is a rule that instructs the firewall to drop
incoming network traffic and send a response back to the sender indicating
that the connection was refused.
 This is different from a "deny" or "drop" rule, which simply discards
the incoming traffic without sending any response to the sender.
 The use of a "reject" rule can provide additional security by informing
potential attackers that their connection attempts are being actively
blocked, and may deter them from further attempts.
 It's worth noting that the terminology can vary somewhat depending on
the specific firewall software being used. For example, some firewalls
may use the term "block" instead of "reject".
 There are several target options available in firewalld, including
ACCEPT, DROP, REJECT, QUEUE, RETURN, MASQUERADE, and
REDIRECT. Each target defines a different firewall behavior for the
corresponding rule or policy.

© 2022 M.Adil Allabaksh All Rights Reserved


HOW TO CHANGE TARGET IN FIREWALLD
# firewall-cmd --zone=public --list-all
# firewall-cmd --permanent --get-target
# firewall-cmd --permanent --set-target=REJECT
# firewall-cmd --permanent --get-target

# firewall-cmd --reload
# firewall-cmd --zone=public --list-all

© 2022 M.Adil Allabaksh All Rights Reserved


# firewall-cmd --permanent --set-target=default
# firewall-cmd --reload
# firewall-cmd --zone=public --list-all
# firewall-cmd --permanent --get-target

© 2022 M.Adil Allabaksh All Rights Reserved


HOW TO REMOVE SERVICES IN FIREWALLD

# firewall-cmd --list-all
# firewall-cmd --permanent --remove-service=cockpit

# firewall-cmd --reload
# firewall-cmd --list-all

© 2022 M.Adil Allabaksh All Rights Reserved


HOW TO ADD SERVICES IN FIREWALLD
# firewall-cmd --permanent --add-service=cockpit
# firewall-cmd --reload
# firewall-cmd --list-all

IF SERVICE OR PORTS NUMBER IS ALREADY ADDED THEN


THAT SHOW YOU THIS TYPE OF WARNING IN FIREWALLD
# firewall-cmd --permanent --add-service=cockpit
# firewall-cmd --list-all

© 2022 M.Adil Allabaksh All Rights Reserved


HOW TO ADD SERVICES PORT NUMBER IN FIREWALLD

# firewall-cmd --list-all

# firewall-cmd --permanent --add-port=9090/tcp


# firewall-cmd --permanent --add-port=9090/udp
# firewall-cmd –reload
# firewall-cmd --list-all

© 2022 M.Adil Allabaksh All Rights Reserved


HOW TO REMOVE SERVICES PORT NUMBER IN
FIREWALLD

# firewall-cmd --permanent --remove-port={9090/tcp,9090/udp}


# firewall-cmd --list-all

# firewall-cmd --reload
# firewall-cmd --list-all

© 2022 M.Adil Allabaksh All Rights Reserved

You might also like