ssh
vi /etc/apt/sources.list
su
ssh username@ipaddress
eg : ssh root@172.16.247.143
实验一
fdisk /dev/sdb (create partitions)
mdadm --create /dev/md0 --level=raid0 --raid-devices=2 /dev/sdb1 /dev/sdc1 (create raid 0)
mkfs.ext3 /dev/md0 (create an ext3 filesystem on your RAID device)
mount /dev/md0 /mnt/ (mount it on /mnt)
find / -exec cp -R {} /mnt/ \; (copy files from the root filesystem to fill your new raid array with data.)
mdadm --detail /dev/md0 (show the current status of your RAID array)
umount /dev/md0 (umount your RAID array)
mdadm --stop /dev/md0 (stop /dev/md0)
cat /proc/mdstat (show running raid arrays)
/etc/init.d/mdadm-raid restart (restart the RAID service to automatically rebuild the array)
mdadm --stop /dev/md0 (stop your raid array)
rm /dev/sdc1 (delete the /dev/sdc1 special file)
/etc/init.d/mdadm-raid restart (restart the raid arrays)
mount /dev/md0 /mnt/ (mount /dev/md0)
mdadm --create /dev/md0 --level=raid1 --raid-device=2 /dev/sdb1 /dev/sdc1 (create a RAID1 array using your first two disks)
mdadm -f /dev/md0 /dev/sdc1 (simulate a hard disk fail on /dev/sdc1)
mdadm /dev/md0 --add /dev/sdd1 (add another disk to rebuild the array, add /dev/sdd1 to the array)
umount /mnt/ (umount the array)
mdadm --stop /dev/md0 (stop the array)
mdadm --zero-superblock /dev/sdb1) (erase used devices superblock.)
mdadm --create /dev/md0 --level=raid5 --raid-devices=3 /dev/sdb1 /dev/sdc1 /dev/sdd1 (create a RAID5 array using your first three disks)
df -h (show the size of your new filsystem)
hexdump /mnt/usr/sbin/groupadd (to read your files)
mdadm --remove /dev/md0 /dev/sdc1 (to remove /dev/sdc1 from /dev/md0)
mdadm --create /dev/md0 --level=raid --raid-devices=2 /dev/sdb1 /dev/sdc1 create a first RAID0 array out of your two first available disks)
mdadm --create /dev/md1 --level=raid0 --raid-devices=2 /dev/sdd1 /dev/sde1 (create a second (md1) RAID0 array from the remaining disks)
mdadm --create /dev/md2 --level=raid1 --raid-devices=2 /dev/md0 /dev/md1 (create a RAID1 out of the two RAID devices you've just created)
实验二
2.1
fdisk /dev/sdb (create a physical volume out of the first hard drive you've just added to the virtual machine)
pvcreate /dev/sdb1 (create a physica volume out of the partition you've just created)
pvdisplay (confirm the creation by listing the currently available physical volumes)
vgcreate storage /dev/sdb1 (put your new physical volume into a volume group named "storage")
vgdisplay (list all currently available volume groups to confirm your creation)
lvcreate -L 3GB -n movies storage (create a new logical volumes in the storage volume group , movies, size 3GB)
lvcreate -L 0.9GB -n music storage (create a new logical volumes in the storage volume group, music, size 0.9 GB)
apt-get install xfsprogs (install filesystem tools as needed)
mkfs.xfs /dev/storage/movies (create an XFS filesystem on the movies logical volume)
mkfs.ext3 /dev/storage/music (add an ext3 filesystem for the music lv)
mkdir /mnt/{movies, music}
mount /dev/storage/movies /mnt/movies/ (mount this filesystem to /mnt/movies)
mount /dev/storage/music /mnt/music/ (mount this filesystem to /mnt/music)
df -h (show available disk space on your filesystems)
2.2
umount /mnt/{movies,music}
e2fsck -f /dev/storage/music
resize2fs /dev/storage/music 100M
lvreduce -L 100M /dev/storage/music (shrink your lv music to 100M)
lvextend /dev/storage/movies /dev/sdf1 (extend your lv movies)
mount /dev/storage/movies /mnt/movies/(to mount your lv movies)
sfx_growfs /dev/dtorage/movies
lvextend -L +1GB /dev/storage/movies (extend lv movies to 4.9 GB(before it is 3.9GB))
lvextend -L +1GB /dev/storage/music (extend lv music to 1.1GB (before it is 0.1GB))
xfs_growfs /dev/storage/movies
e2fsck -f /dev/storage/music
resize2fs /dev/storage/music
lvcreate -L1GB -s -n movies-snapshot /dev/storage/movies (create a 1GB snapshot named movies-snapshot of the movies lv)
mkdir /mnt/snapshot
mount /dev/storage/movies /mnt/snapshot/ (mount your snapshot to /mnt/snapshot/)
tar -czf /dev/null /mnt/snapshot/ (do a full tar backup using the fastest tape writer ever: /dev/null)
umount /mnt/snapshot (unmount the now useless snapshot)
lvremove /dev/storage/movies-snapshot (delete the now useless snapshot)
Lab
3.1
cp /boot/initrd.img-2.6.32-5-686 . (copy the original initrd into your home directory)
file initrd.img-2.6.32-5-686 (see the filetype)
zcat initrd.img-2.6.32-5-686 > initrd.raw (unpack it in a dedicated working directory)
cpio -i < ../initrd.raw (copy file to ../initrd.raw file)
mkdir initrd (make directory)
sed -i 's/Loading, please wait/Loading Custom System, please wait/' init (open the init script with a text editor and modify the "Loading, please wait..." message. Replace it by "Loading Custom System, please wait>".)
find | cpio -o --format=newc > ../initrd-new.cpio (rebuild a compressed cpio initrd in your home directory)
cp initrd-new.cpio.gz /boot/initrd.img-2.6.32-5-686 (replace the original initrd by your custom one)
3.2
runlevel (show the current runlevel)
ls /etc/rc2.d/S* (list services started in the current runlevel)
update-rc.d exim4 disable 2 (disable the exim4 service)
init 3 (change your runlevel to 3)
runlevel (show the current runlevel)
pgrep -l exim4 (check if exim4 is running)
init 2 (switch back to runlevel 2)
runlevel (show the current runlevel)
update-rc.d exim4 enable 2 (re-enable exim4 in runlevel 2)
3.3
grep initdefault /etc/inittab (show the default runlevel)
sed -i 's/id:2:initdefault:id:6:initdefault:/' /etc/inittab (change the default runlevel to 6)
reboot (reboot your system,your system keeps on rebooting endlessly)
Lab
4.1
groupadd -r wheel (add group)
edit /etc/pam.d/su and add the following line :
auth required pam_wheel.so group=wheel
gpasswd -a supinfo wheel (add supinfo to the wheel group)
add the following line to /etc/pam.d/su before the previous one :
auth sufficient pam_wheel.so group=root trust
gpasswd -a supinfo root
4.2
edit /tec/pam.d/common-password and add the following line before all others :
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
4.3
grep -niH nologin /etc/pam.d/* (find the name of a PAM module which is responsible of preventing users to open sessions if the /etc/nologin exists.)
Disallow non-root login when /etc/nologin exists.
grep -niH moth /etc/pam.d/* (to see which PAM module displays the content of /et/motd)
recommened book :
Network Security with OpenSSL
Apache2 pocket reference
Running Linux
DNS and BIND
Essential System Administration pocket reference
Managing NFS and NIS
Using Samba
Pro Linux System Administration
Expert Network Time Protocol
MySQL Cookbook
LDAP/OpenLDAP
Kerberos The Definitive Guide
post :for creation
pup :for update
init lab SOE
root password
init 0123456
init=0 --> init=/bin/ssh
pam.d pam.conf
apache create virtual host website
raid 0
raid 1
raid 5
lvresize = lvextend = lvreduce
lvreduce can have an argument as your Physical Volume but not lvextend
lvresize => growing
info any_command
Lab
5.1
mkdir -p certificate-authority/{private,certs,newcerts,crl} (create a certificate-authority directory in your home, create 4 subdirectories : private, certs, newcerts, crl.)
touch index.txt (create a blank index.txt)
echo "01" > serial (create serial file with "01" as content(without double quotes))
cp /etc/ssl/openssl.cnf ca-config (copy the default OpenSSL configuration file to ~/certificate-authority/ca-config)
5.2
openssl req -new -x509 -extensions v3_ca -nodes -keyout private/ca.key -out certs/ca.crt -config ca-config (create a new x509 certificate authority using the openssl command)
5.3
openssl req -new -nodes -keyout private/webserver.key -out webserver.csr -config ca-config (use openssl to create a csr for a webserver. the key will be stored in ~/certificate-authority/private/webserver.key and the request in ~/certificate-authority/webserver.csr)
openssl req -new -keyout private/john-smith.key -out john-smith.csr -config ca-config (use openssl to create a certificate to be used to authenticate a VPN user. the key will be written to ~/certificate-authority/private/john-smith.key and the request in ~/certificate-authority/john-smith.csr)
openssl ca -config ca-config -policy policy_anything -out certs/webserver.crt -infiles websever.csr (use the openssl ca command to sign off the webserver request. the final certificate should be stored in ~/certificate-authority/certs/webserver.crt)
openssl ca -config ca-config -policy policy_anything -out certs/john-smith.crt -infiles john-smith.csr (use the openssl ca command to sign off the second request. the final certificate should be stored in ~/certificate-authority/certs/john-smith.crt)
rm *.csr (remove the now useless certificate signining requests.)
5.4
openssl x509 -in certs/webserver.crt -noout -text (do a text dump the webserver.crt certificate.)
openssl x509 -in certs/john-smith.crt -subject -issuer -startdate -endate -noout (show the following informations from the john-smith.crt certificate : subject, issuer, startdate, enddate)
openssl verify -CAfile certs/ca.crt certs/john-smith.crt (verify the validity of the john-smith.crt certificate against your certification authority.)
5.5
openssl ca -revoke certs/john-smith.crt -config ca-config (revoke John Smith's certificate.)
openssl ca -gencrl -out crl/revoked.crl -config ca-config (to generate the certificate revokation list in ~/certificate-authority/crl/revoked.crl.)
Lab
6.1
mkdir /var/www/{www.site1.com,www.site2.com}
echo "<html><body>Welcome on site1.com</body></html>" > /var/www/www.site1.com/index.html
echo "<html><body>Welcome on site2.com</body></html>" > /var/www/www.site2.com/index.html
mkdit /var/log/apache2/{www.site1.com,ww.site2.com}
create the /etc/apache2/sites-available/www.site1.com file
create the /etc/apache2/sites-available/www.site2.com file
a2ensite www.site1.com (enable website)
a2ensite www.site2.com (enable website)
/etc/init.d/apache2 restart (restart the service)
curl www.site1.com (query your server)
curl www.site2.com (query your server)
6.2
mkdir /var/www/www.site1.com/restricted
touch /var/www/www.site1.com/restricted/{movie1.avi,movie2.avi}
mkdir /etc/apache2/users
htpasswd -bc /etc/apache2/users/site1.passwd john qwerty
htpasswd -b /etc/apache2/users/site1.passwd sarah secret
htpasswd -b /etc/apache2/users/site1.passwd bob password
/etc/init.d/apache2 restart (restart the service)
cd /var/lib/apt
ls
cd lists/
ls
rm -rf *
cd ~
info coreutils 'ls invocation'
cp -avr certificate-authority /home/supinfo/certificate/authority
This is one of the problem faced by many person’s“what if i lost the root password”First thing that comes in mind is “use single user mode” but the answer is NO.
coz debian takes the system security to one more level up and by default ask’s for the root password.
so the BIG QUESTION IS HOW TO proceed further
follow these steps
1) on grub-boot prompt.
press “e” to enter edit mode
2) then press downarrow to reach the line that starts with “kernel “
press “e” again
3) at the end of this line type in “init=/bin/sh” or “/bin/bash”
4) then press enter to make that change and press “b” to boot
in a few seconds you will be on your “#” prompt
5) only one step left
“mount -o remount rw /”
this step is necessary coz in this case root file system is mounted as read only.
6) finally type “passwd” and you get the screen to change the password
and then type in “init 6? or “reboot”
NOTE FOR TECHNICAL USERS
those who are looking for the technical details, the main work is the init command that we passed as an argument to kernel, it told kernel to specifically run the command specified in parameter instead of working on normal routine.
TRICK = if you have any program you wish to run instead of this then you can do that too using init command only.
init 0
init 6 (restart)
cd /etc/rc
cd /etc/rc0.d/
ls
cd /etc/rc1.d/
ls
cd /etc/rc6.d/
ls
/etc/inittab (to set level)
BIOS :
Bootloader :
Kernel :
init :
rc :
file (to see the filetype)
zcat file.gz > test.txt (to see the file.gz and put the content to test.txt)
cpio ()
sed (to replace the content )
pgrep (to see if a progress is ongoing)
auth required pam_wheel.so group=wheel