Tuesday, September 24, 2013

List of Packages you need to install for RHCSA or RHCE exam

This is list of packages that you might need to install for the RHCSA/RHCE exam. All of these may not be needed - you need to figure out the ones that will help you finish the exam faster.
Please feel free to add any that you think need to be on this list!

After checking that the repository is working fine:
#yum install ....

Filesystem related:

1. gnome-disk-utility
2. system-config-lvm

SELinux related:

1. policycoreutils
2. policycoreutils-gui
3. policycoreutils-python
4. setroubleshoot*
//this one give you:
5. yum install star
//although not related to selinux in a direct way, some may argue, this is a cmd that 
you could end up needing if the exam requires you to archive data using star
VNC related:

1. tigervnc
2. tigervnc-server
3. vinagre

Kickstart related:

1. system-config-kickstart

Virtualization/KVM related:

1. kvm
2. libvirtd
3. virt-manager


Monday, September 23, 2013

Monday, September 2, 2013

A quick look at some basic networking commands



This command prints the information on the available network interfaces. You can use this command to look at the IP address that your interfaces are using, the subnet, broadcast address etc.
Sample output:
# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:AE:49:76 
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::20c:29ff:feae:4976/64 Scope:Link
          RX packets:19526 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3932 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1633624 (1.5 MiB)  TX bytes:564499 (551.2 KiB)

lo        Link encap:Local Loopback 
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1776 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1776 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:539420 (526.7 KiB)  TX bytes:539420 (526.7 KiB)

In the above example, the IP address of eth0 (the Ethernet interface) is
You can also use this command to manually assign an IP address to an interface:
#ifconfig eth0 netmask


This command can be used to show the current gateway address that the network is using. You can also use this command to manually assign a gateway to the interface of your choice.
Sample output:
# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface      *        U     0      0        0 eth0
default         UG    0      0        0 eth0

#route add default gw eth0


This command can be used to print the current hostname of the machine.
You can also use this command to change the hostname of the machine but the change is not permanent – it does not survive a reboot.
#hostname new_hostname

Another way of achieving above results:
#echo “new_hostname” >> /proc/sys/kernel/hostname

Changing the hostname permanently:

Change the hostname in the file /etc/sysconfig/network
Save the file with the new name and that'll do the job.


You can change/assign IP addresses to your Linux machine by changing the interface file manually. The file that holds that information is:
Eg. ifcfg-eth0
To see what the configuration is, run this command:
#cat /etc/sysconfig/network-scripts/ifcfg-eth0 (to see the IP configuration of eth0, in this case).
Sample output:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0

Some important attributes from this file:

DEVICE – this specifies the actual device, like eth0, eth1, lo etc.
ONBOOT – this tells the machine to activate the interface while its being turned on or leave it deactivated till its manually brought up by the user
BOOTPROTO – very important, this decides whether the  IP is manually assigned or is assigned dynamically by DHCP (change it to DHCP for that)
DNS1 – this defines the DNS that the machine is going to be using (in this example its using google’s DNS, which is free service provided by google)
Make sure you restart the network service everytime the config file is changed.
#service network restart



Creating Local Repositories

Step 1. Mount the source to the local system

Mount the source DVD/CD or ISO file to the local system using this cmd:
# mount –o loop /source-dvd.iso /media

Step 2. Copy the source to the local media.

# mkdir /localrepo
#cp –R /media/* /localrepo

Step 3. Create a repo file for the local repo:

#vi /etc/yum.repod/local.repo
This will open up a new blank file in vi editor. Include this text in the file and save it:

Step 4. Check the newly created reposiotry:

Running a quick update or installing a program from the repository is the fastest and best way of checking if its working fine.
# yum update
This cmd should update the repo database and you’ll see it coming back without any errors – this means the repo we just built is working fine.
# yum install java
If everything has been installed and configured correctly, this cmd should result in the installation of the latest (available) version of Java on your system.
All done!

Using Remote Repositories

Step 1. Find a repository that you would like to use

If you want to use a remote repository on a system that hasn’t got it enabled by default, it is possible to do so. You need to find out the specifics of that repository and then create a repo file to be used for that purpose.
For example, you can use a CentOS repo for a RHEL installation. It will work fine for most packages – some might not perform the way expected as this is a repo for a different repo, even if the source happens to be the same.

Step 2. Create the .repo file

For this example, we’ll create a CentOS repository
# vi /etc/yum.repos.d/centos.repo
Insert this text in the file and then save it:
name=CentOS $releasever - $basearch
Step 3. Check the repository
# yum install wget
If the repo is working fine, the program will be downloaded and installed on the system.
All done!



Creating Logical Volumes

Step 1. Create a physical volume.

Use this cmd to create a physical volume: pvcreate
# pvcreate /dev/sdb2
  Physical volume "/dev/sdb2" successfully created

Step 2. Create a Logical Volume Group.

# vgcreate my_grp /dev/sdb2
  Volume group "my_grp" successfully created

Step 3. Create a Logical Volume:

# lvcreate -n my_vol -l 100%FREE my_grp
  Logical volume "my_vol" created

Step 4. Create a filesystem on the newly created Logical Volume:

First check if it has been created successfully by running this command –
# lvs
  LV     VG     Attr      LSize  Pool Origin Data%  Move Log Cpy%Sync Convert
  my_vol my_grp -wi-a---- 10.21g 
Now that you’ve confirmed that, create a file system on it:
# mkfs.ext3 /dev/my_grp/my_vol
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
670432 inodes, 2677760 blocks
133888 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2743074816
82 block groups
32768 blocks per group, 32768 fragments per group
8176 inodes per group
Superblock backups stored on blocks:
               32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208

Writing inode tables: done                           
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 28 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Step 5. Now you can go ahead and mount the system:

# mount /dev/my_grp/my_vol /kvm
Check if it has been mounted:
# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda3             16274852  10021100   5427028  65% /
tmpfs                   959328       228    959100   1% /dev/shm
/dev/sda1               297485     37250    244875  14% /boot
/dev/sda4             41280908   4004924  35179036  11% /kvm
/dev/sdb1             10088520    153596   9422456   2% /kvm2
/dev/sr0                989180    989180         0 100% /media/Oracle_Solaris-11_1-Live-X86
/dev/mapper/my_grp-my_vol                      10542696    157348   9849796   2% /kvm

Step 6. If you want to give a name to the new volume, do this:

# tune2fs -L logical_vol /dev/my_grp/my_vol
tune2fs 1.41.12 (17-May-2010)
Check if the label has been applied:
# dumpe2fs /dev/my_grp/my_vol | less
Filesystem volume name:   logical_vol
All done!




DAC: Discretionary Access Control

DAC has been used as a form of access control in linux to enforce some sort of security related to information contained on a machine running linux. In this form of access control, information is secured based on permissions. Files and directories have a set of permissions that control what users or groups can get access to them.

MAC: Mandatory Access Control

MAC is at the heart of SELinux. MAC enforces security on all information that is present on a machine running linux in the form of contexts, which are applied to each and every file/dir, user and process.


SELinux implements MAC by contexts. Every file, directory, process and user has a context assigned to it and the contexts control what they have access to.
There are three main components of SELinux:
1.      Subject: this is the process
2.      Object: this is the file
3.      Action: this is what a subject can do to an object


SELinux configuration file can be found in:
Sample file:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.

Changing SELinux Settings

Open the config file in a text editor.
Change SELINUX= to any of the following for desired mode:
SELINUX=enforcing (this the safest mode – SELinux is enforced)
SELINUX=permissive (in this mode, SELinux is not enforced, but all breaches are logged)
SELINUX=disabled (in this mode, SELinux is complete inactive – not recommended)

You need to restart the machine if changing from ‘enforcing’ to disabled’ or vice versa.

Some basic commands

This command prints basic information about the current status if SELinux on the machine.

Sample output:

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

This command can be used for printing the current mode of SELinux. It will come back and print either of the following:
This command can be used to change the mode to ‘enforcing’ or ‘permissive’ by using the values 1 or 0 respectively.
#setenforce 1 (this sets it to ‘enforcing’)
#setenforce 0 (this sets it to ‘permissive’)

Sunday, June 2, 2013

Linux: Log Files

Linux: Log Files

Daemon:             syslogd
sysklogd               this is the package that  installs syslogd
klogd                    this is the daemon that logs kernel messages only
/etc/syslog.conf                              config file for syslogd

This tool creates manual log entries
-i             records PID
-s            echos data to stderr and log file
Rotating log files
logrotate             tool for rotating log files
/etc/logrotate.conf         config file for logrotate
Watching logs
This is the most important cmd to see whats happening:

tail –f /var/log/messages

Linux: User and Group Management – Key Commands and Utilities

Managing Users

Adding Users

useradd - this cmd is used to add new user to the system

-d           specify home dir

-e           expiry date

-s            shell

-G           group

-u           UID

/etc/login.defs  - this file stores all the parameters for users

passwd [username]  - creates a password for the user

This modifies user's account
-m          used with -d, this moves contents of the current home dir to the new one specified
-U           unlocks password
-L            locks account
-l             changes username (usermod -l new_username old_username)

This command deals with account expiration
-m          sets the minimum time before a user can change password. Usage: -m 1 (1 day)
-M          sets the maximum time after which password needs to be changed
-d           sets the last day the password was changed (can be used to manipulate account info)
-I            sets number of inactive days allowed before password expires
-E           sets expiration date
-W          sets warndays – warn the user before the password expires

Deleting Accounts

This cmd is used to delete users from a system.
-r            remove all the files from home dir and mail spool
-f            force deletion of the account (when the user is logged in)
-h           get help

Managing groups

/etc/group - this file controls the group membership (also /etc/gshadow)

/etc/passwd - this file contains info on the user's primary group (also /etc/shadow)

newgrp - this cmd is used for changing current group to a different one

chgrp - this cmd is used to change the group of a file or dir

First 100 GIDs and UIDs (0-99) are reserved for system use (generally)

0 UID/GID belongs to root - always


Adding groups

This cmd adds a new group to the system.
-g           specifies a GID
-r            creates a system group
-f            forces creation


Modifying groups

This cmd modifies a group.
-g           specify a new group ID for an existing group
-n           specify a new group name for an existing group
This cmd sets a password for the group
-a           add a user to the group                  usage:   -a user group
-d           delete a user from the group        usage:   -d user group
-R           configures a group to not allow the cmd newgrp
-r            removes the password from a group
-A           specify group admin


Deleting groups

This cmd deletes a group


Saturday, June 1, 2013

X Window System on Linux

X server options:

1. XFree86 -------------------------------------commonly used till 2004
2. Xorg-X11 ------------------------------------used in most system today
3. Accelerated-X --------------------------------commercial version (not used much)

Configuring X:

Using configuration utilities is the best way to configure X for linux.
Available Utilities:
1. X Server: 
                                   XFree86 -configure (should get you: /root/XF86Config.new)
                                   Xorg -configure (should get you: /root/xorg.conf.new)

2. Distro-tools:
                                   RedHat - Display Settings tool (cmd: system-config-display)
                                   SuSE - YaST

3. xf86fg and xorgcfg:
                                   no longer supported

Config files:
                                   xorg.conf (/etc/X11/xorg.conf)
                                   XF86Config-4 or XF86Config (/etc/X11/XF86Config)

Shutting down X:
                                   RedHat: telinit 3
                                   /etc/init.d/xdm stop
                                   dm could be gdm, kdm, mdm ---------------whatever your distro uses.

Starting X: 
                                   telinit 5 (RHEL)
                                   /etc/init.d/xdm start (Debian)

Config Options for X:

Loading Modules

Section "Module"
Load "------"
Load "------"

Loads all the modules listed in this section.

Loading Keyboard

Section "InputDevice"
Identifier "Keyboard0"
Driver "----"
Option "-----" "----"

Loading the Mouse

Section "InputDevice"
Identifier "Mouse0"
Driver "----"
Option "-----" "----"

Loading the monitor

Section "Monitor"
Identifier "Monitor0"
ModelName -------------- could be anything
HorizSync ---------------- horizontal refresh rate in kHz
VertRefresh -------------- vertical refresh rate in kHz
Modeline ----------------- resolution

Loading the video card

X sends data to the monitor INDIRECTLY through the video card.

Drivers are found in: /usr/X11R6/lib/modules/drivers


Saturday, May 18, 2013

Compile a new kernel in Linux

I did this on OpenSuSE 12.3

Its very easy, if you get everything right - just remember two things:

1. You won't get everything  right the first time
2. The 'make rpm' part takes hours, so plan your day accordingly

Very important: 
You need to get these packages installed successfully before you do anything.
1. GCC (On SuSE - do this: zypper install gcc)
2. ncurses (do this: zypper install ncurses)
3. rpm-build (again do this: zypper install rpm-build)

On fedora/redhat(if you're on RHN) replace zypper with 'yum'

-> Download the kernel from www.kernel.org
Make sure you get a 'not-too-old' kernel, as very old kernel have problems with the latest version of gcc and you'll end up with a lot o errors.

-> copy the kernel to /usr/src amd untar the kernel here.

-> link the kernel symbolically to /usr/src/linux by doing this:

ln -s linux-3.0.1 linux

once you've done this - cd /usr/src/linux

-> run this cmd: make mrproper

-> run this cmd: cp /boot/config-`uname -r` ./.config

-> run this cmd: make menuconfig

A menu will pop-up at this point. In this menu, scroll down to 'Load an alternate config file' and press enter.

Here, '.config' would be highlighted - select this option and save.

Back on the main menu, select General Setup and press enter. Look for 'append to kernel release' here and enter. You can type whatever yo want here and that will be added to the kernel name once it's built.

Save and exit.

-> run this cmd: make rpm
-> go have lunch and dinner with friends and come back

-> hopefully, you should have 2 rpm file now:

one under /usr/src/packages/SRPMS - with the name that you gave it
(mine is /usr/src/packages/SRPMS/kernel-3.0.1_1.1_veenux-1.src.rpm

and another under /usr/src/packages/RPMS/x86_64
(mine is /usr/src/packages/RPMS/x86_64/kernel-3.0.3_1.1_veenux-1.x86_64.rpm

Also, you'll find the headers rpm here, dont worry too much about that at this time.

-> now we create a ramdisk by:
# mkinitrd

Now, we need to load this kernel into the BootLoader and we're set!

Fire up Yast by # yast
->  go to Boot Loader
My SuSE is on Grub2 so all you have to do is go into Boot Loader options and change the selection of default kernel to the one you've built (it should be there in the dropdown) and save and exit.

Restart the machine and it'll load your kernel.