Linux and Devops solutions: 2015

Friday, 6 November 2015

Booting Process

Booting process has 6 stages.

1. BIOS

BIOS stands for Basic Input/Output System
Performs some system integrity checks
Searches, loads, and executes the boot loader program.
It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the boot sequence.
Once the boot loader program is detected and loaded into the memory, BIOS gives the control to it.
So, in simple terms BIOS loads and executes the MBR boot loader.

2. MBR
MBR stands for Master Boot Record.
It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda
MBR is less than 512 bytes in size. This has three components 1) primary boot loader info in 1st 446 bytes 2) partition table info in next 64 bytes 3) mbr validation check in last 2 bytes.
It contains information about GRUB (or LILO in old systems).
So, in simple terms MBR loads and executes the GRUB boot loader.

3. GRUB

GRUB stands for Grand Unified Bootloader.
GRUB version 0.97 , Ubuntu GRUB 2.0
If you have multiple kernel images installed on your system, you can choose which one to be executed.
GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.
GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand filesystem).
Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this). The following is sample grub.conf of CentOS.

#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-194.el5PAE)
          root (hd0,0)
          kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/
          initrd /boot/initrd-2.6.18-194.el5PAE.img

As you notice from the above info, it contains kernel and initrd image.
So, in simple terms GRUB just loads and executes Kernel and initrd images.

4. Kernel

Mounts the root file system as specified in the “root=” in grub.conf
Kernel executes the /sbin/init program
Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of 1. Do a ‘ps -ef | grep init’ and check the pid.
initrd stands for Initial RAM Disk.
initrd is used by kernel as temporary root file system until kernel is booted and the real root file system is mounted. It also contains necessary drivers compiled inside, which helps it to access the hard drive partitions, and other hardware.

5. Init

Looks at the /etc/inittab file to decide the Linux run level.
Following are the available run levels
- 0 – halt
- 1 – Single user mode
- 2 – Multiuser, without NFS
- 3 – Full multiuser mode
- 4 – unused
- 5 – X11
- 6 – reboot
Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.
Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
If you want to get into trouble, you can set the default run level to 0 or 6. Since you know what 0 and 6 means, probably you might not do that.
Typically you would set the default run level to either 3 or 5.

6. Runlevel programs

When the Linux system is booting up, you might see various services getting started. For example, it might say “starting sendmail …. OK”. Those are the runlevel programs, executed from the run level directory as defined by your run level.
Depending on your default init level setting, the system will execute the programs from one of the following directories.
- Run level 0 – /etc/rc.d/rc0.d/
- Run level 1 – /etc/rc.d/rc1.d/
- Run level 2 – /etc/rc.d/rc2.d/
- Run level 3 – /etc/rc.d/rc3.d/
- Run level 4 – /etc/rc.d/rc4.d/
- Run level 5 – /etc/rc.d/rc5.d/
- Run level 6 – /etc/rc.d/rc6.d/
Please note that there are also symbolic links available for these directory under /etc directly. So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.
Under the /etc/rc.d/rc*.d/ directories, you would see programs that start with S and K.
Programs starts with S are used during startup. S for startup.
Programs starts with K are used during shutdown. K for kill.
There are numbers right next to S and K in the program names. Those are the sequence number in which the programs should be started or killed.
For example, S12syslog is to start the syslog deamon, which has the sequence number of 12. S80sendmail is to start the sendmail daemon, which has the sequence number of 80. So, syslog program will be started before sendmail

Thursday, 5 November 2015

Virtual Box and Virtual Box Guest Additional

Oracle Virtual Box Installation

1) Install Virtual Box from following link https://www.virtualbox.org/

2) On virtual box we install OS , for this we need iso file.

3)Virtual box Guest Additions for linux

for this we need following packages, Better to configure yum

yum install dkms binutils gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-devel

4) mount Under Devices -> Install Guest Additional

mount -t iso9660 /dev/sr0 /media

5) run ./VirtualboxRun.sh

Incase any errors /var/log/vboxadd-install.log

For RHEL 7 we need to install different Guest additional Plugins

Sunday, 25 October 2015

Network Configuration Commands

ifconfig: lists all currently active network adapters.

ex: ifconfig -a

ifconfig eth0 192.168.0.3

options:

up/down : Activates/Deactivates specific adapter.

netmask address: subnet

ifup/ifdown

ifup eth0

route

route add default gw 192.168.122.1

route add -net 192.168.1000.0 netmask 255.255.255.0 dev eth1

netstat -r network connectivity information

netstat -atunp

arps Diagnostic tool

arp

Secure Shell (SSH)

Secure Shell ssh

What Is SSH?
One essential tool to master as a system administrator is SSH.
SSH, or Secure Shell, is a protocol used to securely log onto remote systems. It is the most common way to access remote Linux and Unix-like servers, such as VPS instances.
Syntax.
ssh remote_host

If your username is different on the remote system, you can specify it by using this syntax:
ssh remote_username@remote_host

Once you have connected to the server, you will probably be asked to verify your identity by providing a password.

SSH Service

[root@rhel6 ssh]# service sshd status
openssh-daemon (pid 1116) is running...
[root@rhel6 ssh]#

How To Configure SSH
When you change the configuration of SSH, you are changing the settings of the sshd server.
In RHEL, the main sshd configuration file is located at /etc/ssh/sshd_config.
Back up the current version of this file before editing:
sudo cp /etc/ssh/sshd_config{,.bak}

Open it with a text editor:
vim /etc/ssh/sshd_config

You will want to leave most of the options in this file alone. However, there are a few you may want to take a look at:
Port 22

The port declaration specifies which port the sshd server will listen on for connections. By default, this is 22.
It may be a good idea to change this to a non-standard port to help obscure your server from random port scans. If you do change your port, we will show you how to connect to the new port later on.
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key

The host keys declarations specify where to look for global host keys. We will discuss what a host key is later.
SyslogFacility AUTH
LogLevel INFO

These two items indicate the level of logging that should occur.
If you are having difficulties with SSH, increasing the amount of logging may be a good way to discover what the issue is.
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

These parameters specify some of the login information.
LoginGraceTime specifies how many seconds to keep the connection alive without successfully logging in.
It may be a good idea to set this time just a little bit higher than the amount of time it takes you to log in normally.
PermitRootLogin selects whether root is allowed to log in.
In most cases, this should be changed to "no" when you have created user account that has access to elevated privileges (through su or sudo) and can log in through ssh.
strictModes is a safety guard that will refuse a login attempt if the authentication files are readable by everyone.
This prevents login attempts when the configuration files are not secure.
X11Forwarding yes
X11DisplayOffset 10

These parameters configure an ability called X11 Forwarding. This allows you to view a remote system's graphical user interface (GUI) on the local system.
This option must be enabled on the server and given with the client during connection with the "-X" option.
If you changed any settings in this file, make sure you restart your sshd server to implement your modifications:
sudo service ssh restart

You should thoroughly test your changes to ensure that they operate in the way you expect.
It may be a good idea to have a few sessions active when you are making changes. This will allow you to revert the configuration if necessary.
If you run into problems, remember that you can log in through the Console Access button on your droplet page.
How To Log Into SSH with Keys
While it is helpful to be able to log in to a remote system using passwords, it's often a better idea to set upkey-based authentication.
How Does Key-based Authentication Work?
Key-based authentication works by creating a pair of keys: a private key and a public key.
The private key is located on the client machine and is secured and kept secret.
The public key can be given to anyone or placed on any server you wish to access.
When you attempt to connect using a key-pair, the server will use the public key to create a message for the client computer that can only be read with the private key.
The client computer then sends the appropriate response back to the server and the server will know that the client is legitimate.
This entire process is done in the background automatically after you set up keys.
How To Create SSH Keys
SSH keys should be generated on the computer you wish to log in from. This is usually your local computer.
Enter the following into the command line:
ssh-keygen -t rsa

Press enter to accept the defaults. Your keys will be created at ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa.
Change into the .ssh directory by typing:
cd ~/.ssh

Look at the permissions of the files:
ls -l

-rw-r--r-- 1 demo demo 807 Sep 9 22:15 authorized_keys
-rw------- 1 demo demo 1679 Sep 9 23:13 id_rsa
-rw-r--r-- 1 demo demo 396 Sep 9 23:13 id_rsa.pub

As you can see, the id_rsa file is readable and writable only to the owner. This is how it should be to keep it secret.
The id_rsa.pub file, however, can be shared and has permissions appropriate for this activity.
How To Transfer Your Public Key to the Server
You can copy the public key to the remote server by issuing this command:
ssh-copy-id remote_host

This will start an SSH session, which you will need to authenticate with your password.
After you enter your password, it will copy your public key to the server's authorized keys file, which will allow you to log in without the password next time.
Client-Side Options
There are a number of optional flags that you can select when connecting through SSH.
Some of these may be necessary to match the settings in the remote host's sshd file.
For instance, you if you changed the port number in your sshd configuration, you will need to match that port on the client-side by typing:
ssh -p port_number remote_host

If you only wish to execute a single command on a remote system, you can specify it after the host like so:
ssh remote_host command_to_run

You will connect to the remote machine, authenticate, and the command will be executed.
As we said before, if X11 forwarding is enabled on both computers, you can access that functionality by typing:
ssh -X remote_host

Providing you have the appropriate tools on your computer, GUI programs that you use on the remote system will now open their window on your local system.

Sunday, 7 June 2015

Crontab Configuration

Scheduling the jobs usung "at" and "cron" :

cron: job runs multiple times
at: jobs runs only onetime.

cron:
syntax: crontab options
-e (edit/add (uses vi editor))
-l (list the jobs)
-r (remove all the jobs)

syntax: crontab -e
crontab -u user-name -e ( as root to configure a cron job for a specific user)

mins hrs dayofmonth month dayofweek task
0-59 0-23 1-31 1-12 0-6 cmd

ex:
45 08 * * * backup.sh
0 0 * * * script1.sh
*/5 * * * * mon02.sh
0 * * * * script2.sh
0 2 * * * automation.sh

00 8,18 * * * /sbin/reboot

30 9,17 10,20 * * /bin/rm -rf /tmp/*
00 9,17 * * 6 /bin/rm -rf /tmp/*

NOTE: crontab is a binary command, all normail users are having access permission on crontab

which crontab

1. user listed in /etc/cron.deny are not allowed to use crontab
2. user's listed in /etc/cron.allow are only allowed to use crontab and /etc/cron.deny file is ignored.

cron jobs are managed by the service "crond"

chkconfig --list crond ; service crond status ( Before RHEL7)
chkconfig crond on ; service crond restart ( Before RHEL7)

systemctl enable crond ; systemctl restart crond (RHEL7)

cron logs are available in, /var/log/cron
croh jobs are stored in, /var/spool/cron/$USERNAME

task:
1. configure a cron job as root , it runs daily at 5:30PM and executes /bin/rm -rf /tmp/*

2. configure a cron job as student , it runs daily at 12:30AM and executes /bin/echo hello

3. restrict "user1" user, to perform cron jobs ( create user1 for checking )

------------------------------------------------------------------
at: syntax: at options
now
now+10min
now+1day
5:00pm or 17:00
5:00am
23:59 12/31/2013

ex: at 23:59 12/31/2013
at> cmd
at> ctrl+d(to quit)

atq ... to list at jobs
atrm jobid .. to remove jobs
at -c jobid ( to see job details )

chkconfig --list atd
service atd status

"at" is a binary command, all normail users are having access permission on "at"

which at

1. user listed in /etc/at.deny are not allowed to use "at"
2. user's listed in /etc/at.allow are only allowed to use "at" and /etc/at.deny file is ignored.

task:
1. configure a at job as root , it runs at 31st December 2020 at 23:59 and executes /bin/echo hi
2. configure a at job as root , it runs today at 2:30AM and executes /bin/echo hello