Features:
1. Shell interface on remote system
2. Binds to TCP:23
Caveat:
1. Clear-text based application (credentials are transmitted in the clear)
2. By default, 'root' is NOT permitted access via telnet-server - /etc/securetty
Requirements:
1. xinetd - installed automatically via yum
Install Telnet Server:
1. yum -y install telnet-server
2. nano /etc/xinetd.d/telnet - change 'disable = yes' to 'disable = no'
3. service xinetd restart - effects changes
Tasks:
1. Connect to both systems from either system using 'telnet' client
a. telnet 192.168.75.199 - This will allocate a free pseudo-terminal, if the user authenticates successfully
Note: By default, telnet-server reads and dislplays the contents of: /etc/issue
Note: TCP|UDP ports are 16-bit based: 2**16, OR, 0-65535
Note: ptys are assigned sequentially, by default
2. Enable 'root' login via telnet
a. mv /etc/securetty /etc/securetty.disabled
Note: Wherever/whenever possible opt for SSH in place of Telnet Server
Saturday, August 13, 2011
LFTP
Features:
1. Sophisticated FTP client
2. Provides connectivity:
a. FTP
b. HTTP/HTTPS
c. SFTP(SSHv2)
3. Interactive and non-interactive client
4. Supports scripting
5. Reads system-wide (/etc/lftp.conf) and per-user config files (~/.lftprc)
6. Behaves like the BASH shell
a. Command history
b. Permits execution of background jobs. Use CTRL-Z to background.
c. Tab completion
7. Supports mirroring (forward and reverse) of content
8. Supports FTP retransmit/reconnect from where you left off
9. Supports bookmarks of sites
10. Supports escape to shell using '!command' e.g. '!bash'
11. Supports the execution of BASH programs '!command' e.g. '!ps -ef'
Usage:
1. lftp - enters interactive mode
a. 'set -a' - reveals all variables
2. lftp linuxcbt@192.168.75.199
3. mget -c - continues downloads
4. mput -c - continues uploads
5. lftp -u linuxcbt,abc123 sftp://192.168.75.199 - Connects to SFTP server
6. mirror -v mirror/ - mirrors a remote directory named 'mirror' to the local system
7. mirror -Rv mirror/ - Reverse mirror (puts) - items to remote server
1. Sophisticated FTP client
2. Provides connectivity:
a. FTP
b. HTTP/HTTPS
c. SFTP(SSHv2)
3. Interactive and non-interactive client
4. Supports scripting
5. Reads system-wide (/etc/lftp.conf) and per-user config files (~/.lftprc)
6. Behaves like the BASH shell
a. Command history
b. Permits execution of background jobs. Use CTRL-Z to background.
c. Tab completion
7. Supports mirroring (forward and reverse) of content
8. Supports FTP retransmit/reconnect from where you left off
9. Supports bookmarks of sites
10. Supports escape to shell using '!command' e.g. '!bash'
11. Supports the execution of BASH programs '!command' e.g. '!ps -ef'
Usage:
1. lftp - enters interactive mode
a. 'set -a' - reveals all variables
2. lftp linuxcbt@192.168.75.199
3. mget -c - continues downloads
4. mput -c - continues uploads
5. lftp -u linuxcbt,abc123 sftp://192.168.75.199 - Connects to SFTP server
6. mirror -v mirror/ - mirrors a remote directory named 'mirror' to the local system
7. mirror -Rv mirror/ - Reverse mirror (puts) - items to remote server
Very Secure File Transfer Protocol Daemon (VSFTPD
Features:
1. FTPD
2. Chroot jail
3. anonymous and local-user auth
4. Rate-limiting
Tasks:
1. Install 'vsftpd'
a. yum -y install vsftpd
2. Start the server
a. service vsftpd start
b. netstat -ntlp | grep 21
3. Configure service to start when system boots into multi-user runlevel
a. chkconfig vsftpd on
b. chkconfig --list vsftpd
4. Connect to the FTPD service:
a. Use web browser, which defaults to anonymous
b. Use standard FTP client, as anonymous
c. setsebool -P ftp_home_dir=1 - permits users access to their home directory
d. service vsftpd restart - for changes to take effect
5. Chroot jail local users & disable 'anonymous' access
a. chroot_local_user=YES - this jails users
b. service vsftpd restart - for changes to take effect
c. test connectivity as 'anonymous' and 'non-anonymous' users
6. Enable IPv6 listener:
a. listen_ipv6=YES - DO NOT USE WITH 'listen=YES(IPv4)'
7. Restrict 'non-anonymous' user's transfer rate
a. local_max_rate=1000 - restricts connections to 1000/bps (1K/s)
1. FTPD
2. Chroot jail
3. anonymous and local-user auth
4. Rate-limiting
Tasks:
1. Install 'vsftpd'
a. yum -y install vsftpd
2. Start the server
a. service vsftpd start
b. netstat -ntlp | grep 21
3. Configure service to start when system boots into multi-user runlevel
a. chkconfig vsftpd on
b. chkconfig --list vsftpd
4. Connect to the FTPD service:
a. Use web browser, which defaults to anonymous
b. Use standard FTP client, as anonymous
c. setsebool -P ftp_home_dir=1 - permits users access to their home directory
d. service vsftpd restart - for changes to take effect
5. Chroot jail local users & disable 'anonymous' access
a. chroot_local_user=YES - this jails users
b. service vsftpd restart - for changes to take effect
c. test connectivity as 'anonymous' and 'non-anonymous' users
6. Enable IPv6 listener:
a. listen_ipv6=YES - DO NOT USE WITH 'listen=YES(IPv4)'
7. Restrict 'non-anonymous' user's transfer rate
a. local_max_rate=1000 - restricts connections to 1000/bps (1K/s)
Trivial File Transfer Protocol Daemon (TFTPD)
Features:
1. Fast, connectionless (UDP), file transfers
2. Often used to move files to and fro networked systems (VOIP Phones, PXE configurations, Router/Firewall/Switch configurations, etc.)
Note: Implemented as 2 components:
a. Client - tftp-*rpm
b. Server - tftp-server*
Tasks:
1. Install TFTP client
a. yum -y install tftp
2. Install TFTP server
a. yum -y install tftp-server
Note: this also install 'xinetd' dependency
3. Configure and start 'tftp' via 'xinetd'
a. /etc/xinetd.d/tftp - modify this file prior to starting 'TFTPD'
b. service xinetd start - to start XINETD
Note: TFTPD listens to UDP:69, by default
Note: use 'netstat -nulp | grep 69' to check if 'xinetd' is listening
4. Copy Cisco Router configuration to TFTP server
a. copy running-config tftp://192.168.75.199
b. setsebool -P tftpd_disable_trans=1 - disables SELinux for TFTPD
c. 'service xinetd restart' - restart XINETD
d. 'chmod 666 linuxcbtrouter1.config' - to permit TFTPD to write
5. Use 'tftp' client to download 'linuxcbtrouter1.config' file
a. tftp 192.168.75.199 -c get linuxcbtrouter1.config
b. tftp - enters interactive mode
Note: tftp client operates in both non-interactive and interactive modes
1. Fast, connectionless (UDP), file transfers
2. Often used to move files to and fro networked systems (VOIP Phones, PXE configurations, Router/Firewall/Switch configurations, etc.)
Note: Implemented as 2 components:
a. Client - tftp-*rpm
b. Server - tftp-server*
Tasks:
1. Install TFTP client
a. yum -y install tftp
2. Install TFTP server
a. yum -y install tftp-server
Note: this also install 'xinetd' dependency
3. Configure and start 'tftp' via 'xinetd'
a. /etc/xinetd.d/tftp - modify this file prior to starting 'TFTPD'
b. service xinetd start - to start XINETD
Note: TFTPD listens to UDP:69, by default
Note: use 'netstat -nulp | grep 69' to check if 'xinetd' is listening
4. Copy Cisco Router configuration to TFTP server
a. copy running-config tftp://192.168.75.199
b. setsebool -P tftpd_disable_trans=1 - disables SELinux for TFTPD
c. 'service xinetd restart' - restart XINETD
d. 'chmod 666 linuxcbtrouter1.config' - to permit TFTPD to write
5. Use 'tftp' client to download 'linuxcbtrouter1.config' file
a. tftp 192.168.75.199 -c get linuxcbtrouter1.config
b. tftp - enters interactive mode
Note: tftp client operates in both non-interactive and interactive modes
Network Time Protocol (NTP) Implementation
Features:
1. The ability to synch your system's clock
2. Also can be used to synch other clocks
3. Implemented as: 'ntp-4.2...rpm' package
4. Is hierarchial, using strata levels to denote time accuracy
/etc/ntp.conf - primary configuration
NTP Strata:
Features:
1. The ability to denote clock accuracy based on on stratum
2. With Stratum level 1 being the most accurate, as an NTP server at this level is connected to an external time service (GPS, Radio, etc.)
Use: www.ntp.org - to located public NTP clocks at various strata
Task:
1. Synch against internal NTP server
a. /etc/ntp.conf
a1. server 192.168.75.100
b. service ntpd start - this starts the 'ntpd' service
c. chkconfig ntpd on
d. ntpq -np - this queries the running 'ntpd' server
Note: NTP synchronization is hierarchical. Thus, if we synch against a stratum 3 clock, we become a stratum 4 clock
2. Prove that 'linuxcbtserv4' is indeed a stratum 4 clock
a. /etc/ntp.conf - of 'linuxcbtserv1'
a1. server 192.168.75.199
Note: Ideally, you should supply your: /etc/ntp.conf file with at least 3 clocks for:
1. Accuracy
2. Redundancy
1. The ability to synch your system's clock
2. Also can be used to synch other clocks
3. Implemented as: 'ntp-4.2...rpm' package
4. Is hierarchial, using strata levels to denote time accuracy
/etc/ntp.conf - primary configuration
NTP Strata:
Features:
1. The ability to denote clock accuracy based on on stratum
2. With Stratum level 1 being the most accurate, as an NTP server at this level is connected to an external time service (GPS, Radio, etc.)
Use: www.ntp.org - to located public NTP clocks at various strata
Task:
1. Synch against internal NTP server
a. /etc/ntp.conf
a1. server 192.168.75.100
b. service ntpd start - this starts the 'ntpd' service
c. chkconfig ntpd on
d. ntpq -np - this queries the running 'ntpd' server
Note: NTP synchronization is hierarchical. Thus, if we synch against a stratum 3 clock, we become a stratum 4 clock
2. Prove that 'linuxcbtserv4' is indeed a stratum 4 clock
a. /etc/ntp.conf - of 'linuxcbtserv1'
a1. server 192.168.75.199
Note: Ideally, you should supply your: /etc/ntp.conf file with at least 3 clocks for:
1. Accuracy
2. Redundancy
Runlevel Service Management Tools
Features:
1. The ability to indicate desired runlevels for services
2. Services are located in: /etc/init.d
/usr/sbin/ntsysv:
Usage:
1. ntsysv - manages services in the current run-level
2. ntsysv 35 - manages services for run-levels 3 & 5
Note: ntsysv nor chkconfig starts|stops services
Chkconfig Usage:
1. chkconfig --list ntpd - returns run-level environment for 'ntpd'
Note: items listed as 'off' have K (kill) scripts
Note: items listed as 'on' have S (start) scripts
2. chkconfig --level 3 ntpd off - creates a K(kill) script in run-level 3
3. chkconfig --level 35 ntpd off
4. chkconfig ntpd on - enables 'ntpd' in levels 2-5
5. chkconfig ntpd off - disables 'ntpd' in levels 0-6
Note: Use 'chkconfig' from the shell or a script
Note: Use 'ntsysv' from the shell in interactive mode
Note: When controlling services using 'chkconfig', reference the name of the service as it's specified in: /etc/init.d
system-config-services - GUI tool to manage services
1. The ability to indicate desired runlevels for services
2. Services are located in: /etc/init.d
/usr/sbin/ntsysv:
Usage:
1. ntsysv - manages services in the current run-level
2. ntsysv 35 - manages services for run-levels 3 & 5
Note: ntsysv nor chkconfig starts|stops services
Chkconfig Usage:
1. chkconfig --list ntpd - returns run-level environment for 'ntpd'
Note: items listed as 'off' have K (kill) scripts
Note: items listed as 'on' have S (start) scripts
2. chkconfig --level 3 ntpd off - creates a K(kill) script in run-level 3
3. chkconfig --level 35 ntpd off
4. chkconfig ntpd on - enables 'ntpd' in levels 2-5
5. chkconfig ntpd off - disables 'ntpd' in levels 0-6
Note: Use 'chkconfig' from the shell or a script
Note: Use 'ntsysv' from the shell in interactive mode
Note: When controlling services using 'chkconfig', reference the name of the service as it's specified in: /etc/init.d
system-config-services - GUI tool to manage services
Kernel Upgrade
Features:
1. Provision of updated/patched kernel
Task:
1. Update the kernel
a. use 'uname -a' to reveal current version
b. use 'rpm -qa | grep -i kernel' - to reveal installed version
c. cat /etc/grub.conf -> /boot/grub/grub.conf - "" ""
2. Proper installation method is as follows:
a. 'rpm -ivh kernel*rpm' - install a separate version
Note: Install the following kernel packages if necessary:
a. kernel-devel* - if module compilation is necessary
b. kernel-headers* - if recompilation is necessary
Install:
a. rpm -ivh kernel-2.6.18-53.el5.i686.rpm
Note: This will update GRUB (/boot/grub/grub.conf)
Note: Will also place the new kernel in the /boot file system
Examine traces in:
a. /boot
b. /boot/grub/grub.conf
3. Remove traces of former kernel using 'rpm -e [--nodeps]'
a. kernel-2.6.18-8.el5 - removes older version
b. kernel-headers-2.6.18-8.el5 - force remove ignoring dependencies 'rpm -e --nodeps kernel-headers-2.6.18-8.el5'
c. kernel-devel-2.6.18-8.el5
4. Install new 'kernel-headers' and 'kernel-devel' packages using YUM:
a. yum -y install kernel-headers
b. yum -y install kernel-devel
5. Confirm that the 3 'kernel-*' packages are installed:
a. rpm -qa | grep kernel
Note: Removal of older kernel-* packages cleans up:
a. /boot
b. /boot/grub/grub.conf (menu.lst)
1. Provision of updated/patched kernel
Task:
1. Update the kernel
a. use 'uname -a' to reveal current version
b. use 'rpm -qa | grep -i kernel' - to reveal installed version
c. cat /etc/grub.conf -> /boot/grub/grub.conf - "" ""
2. Proper installation method is as follows:
a. 'rpm -ivh kernel*rpm' - install a separate version
Note: Install the following kernel packages if necessary:
a. kernel-devel* - if module compilation is necessary
b. kernel-headers* - if recompilation is necessary
Install:
a. rpm -ivh kernel-2.6.18-53.el5.i686.rpm
Note: This will update GRUB (/boot/grub/grub.conf)
Note: Will also place the new kernel in the /boot file system
Examine traces in:
a. /boot
b. /boot/grub/grub.conf
3. Remove traces of former kernel using 'rpm -e [--nodeps]'
a. kernel-2.6.18-8.el5 - removes older version
b. kernel-headers-2.6.18-8.el5 - force remove ignoring dependencies 'rpm -e --nodeps kernel-headers-2.6.18-8.el5'
c. kernel-devel-2.6.18-8.el5
4. Install new 'kernel-headers' and 'kernel-devel' packages using YUM:
a. yum -y install kernel-headers
b. yum -y install kernel-devel
5. Confirm that the 3 'kernel-*' packages are installed:
a. rpm -qa | grep kernel
Note: Removal of older kernel-* packages cleans up:
a. /boot
b. /boot/grub/grub.conf (menu.lst)
IPv6 Config
Features:
1. Auto-configured by default gateway (router)
2. fe80:: - link-local address (loopback/local subnet address)
3. 2002:: - 6to4 address, that can be configured based on IPv4 embedded address, using HEX notation
ping6 -I eth0 fe80::
traceroute6 - used to trace routes on IPv6 networks
1. Auto-configured by default gateway (router)
2. fe80:: - link-local address (loopback/local subnet address)
3. 2002:: - 6to4 address, that can be configured based on IPv4 embedded address, using HEX notation
ping6 -I eth0 fe80::
traceroute6 - used to trace routes on IPv6 networks
IPv4 Configuration & Network Settings
Network Support:
1. Boot system into a multi-user mode
2. /etc/modprobe.conf - contains alias and reference to module(s) to be loaded in order to provide networking
3. Linux decides if the interface is DHCP or static by viewing the contents of:
a. /etc/sysconfig/network - networking=yes|no, IPv6_Support, Default Gateway, etc.
b. /etc/sysconfig/network-scripts/ifcfg-eth0 - contains ifup, ifdown, and ifcfg-* scripts
c. /etc/init.d/network - main service
service network status - checks networking
system-config-network-* - network interface configuration
Note: Either update your net configuration manually from the shell, or using the 'system-config-network*' tools to avoid losing settings
/etc/resolv.conf - DNS configuration file
/etc/hosts - static list of hosts
IPv4 Aliases:
1. ifconfig eth0:1 192.168.75.11
2. ifconfig eth0:2 10.168.76.11
Note: To ensure that aliases persist do the following:
1. cp /etc/sysconfig/network-scripts/ifcfg-eth0 ./ifcfg-eth0:1
2. Modify ifcfg-eth0:1 to reflect aliased IP
Note: Aliases do NOT work with DHCP interfaces
ifconfig eth0:2 del 10.168.76.11 - removes the virtual interface
1. Boot system into a multi-user mode
2. /etc/modprobe.conf - contains alias and reference to module(s) to be loaded in order to provide networking
3. Linux decides if the interface is DHCP or static by viewing the contents of:
a. /etc/sysconfig/network - networking=yes|no, IPv6_Support, Default Gateway, etc.
b. /etc/sysconfig/network-scripts/ifcfg-eth0 - contains ifup, ifdown, and ifcfg-* scripts
c. /etc/init.d/network - main service
service network status - checks networking
system-config-network-* - network interface configuration
Note: Either update your net configuration manually from the shell, or using the 'system-config-network*' tools to avoid losing settings
/etc/resolv.conf - DNS configuration file
/etc/hosts - static list of hosts
IPv4 Aliases:
1. ifconfig eth0:1 192.168.75.11
2. ifconfig eth0:2 10.168.76.11
Note: To ensure that aliases persist do the following:
1. cp /etc/sysconfig/network-scripts/ifcfg-eth0 ./ifcfg-eth0:1
2. Modify ifcfg-eth0:1 to reflect aliased IP
Note: Aliases do NOT work with DHCP interfaces
ifconfig eth0:2 del 10.168.76.11 - removes the virtual interface
Commong Network Utilities
Features:
1. Useful for basic troubleshooting
PING:
Features:
1. ability to communicate with hosts using ICMP
a. PING sends ICMP echo-requests
b. PING expects to receive ICMP echo-replies
Task: PING some hosts and evaluate the output
1. ping localhost (127.0.0.1)
2. ping -c 3 localhost - sends 3 ICMP echo-requests
Note: 'ping localhost' performs name resolution using /etc/hosts
/etc/hosts stores static name-to-IP mappings
Note: 127.0.0.0/8 is fully-reserved to the loopback adapter of ALL IPv4 hosts
3. ping -c 3 192.168.75.199
4. ping -c 3 -i 3 192.168.75.199 - delays PINGs to 3 seconds apart
Note: PING defaults to a standard 1-second interval
Note: Firewall(s) may block ICMP traffic, causing PING to fail
TELNET:
Features:
1. Great for basic TCP port diagnosis
Task:
1. Connect to TCP ports on various hosts
a. telnet 192.168.75.100 22
b. telnet www.linuxcbt.com 80
NETSTAT:
Features:
1. Provides network connection information from /proc/net/*
Task:
1. Return useful information for various protocols
a. netstat
b. netstat -a - returns all protocols/sockets
c. netstat -ntlp - returns all TCP LISTENERS without name resolution
d. netstat -nulp - returns all UDP lISTENERS without name resolution
Note: netstat uses /etc/services to translate ports to names
Note: 0.0.0.0:514 - this means that Syslog will accept traffic to any of the defined IP addresses/interfaces on the system
e. netstat -ntp - returns established connections (sockets)
f. netstat -rn - returns the routing table
ARP:
Features:
1. Resolves layer-2 (OSI model) MAC addresses to layer-3 IP addresses
Task:
1. Examine MAC addresses using: ifconfig and arp
a. ifconfig - returns our local MAC addresses
Link encap:Ethernet HWaddr 00:02:B3:98:41:08
b. arp -a - returns MAC to IP mappings
Note: When 2 TCP/IP hosts communicate, ARP is performed to translate the IP address (v6/v4) to a MAC address.
Note: If a one or more routers separate the communicating hosts, then the MAC address of the default router's (gateway's) interface is stored by each client
1. Useful for basic troubleshooting
PING:
Features:
1. ability to communicate with hosts using ICMP
a. PING sends ICMP echo-requests
b. PING expects to receive ICMP echo-replies
Task: PING some hosts and evaluate the output
1. ping localhost (127.0.0.1)
2. ping -c 3 localhost - sends 3 ICMP echo-requests
Note: 'ping localhost' performs name resolution using /etc/hosts
/etc/hosts stores static name-to-IP mappings
Note: 127.0.0.0/8 is fully-reserved to the loopback adapter of ALL IPv4 hosts
3. ping -c 3 192.168.75.199
4. ping -c 3 -i 3 192.168.75.199 - delays PINGs to 3 seconds apart
Note: PING defaults to a standard 1-second interval
Note: Firewall(s) may block ICMP traffic, causing PING to fail
TELNET:
Features:
1. Great for basic TCP port diagnosis
Task:
1. Connect to TCP ports on various hosts
a. telnet 192.168.75.100 22
b. telnet www.linuxcbt.com 80
NETSTAT:
Features:
1. Provides network connection information from /proc/net/*
Task:
1. Return useful information for various protocols
a. netstat
b. netstat -a - returns all protocols/sockets
c. netstat -ntlp - returns all TCP LISTENERS without name resolution
d. netstat -nulp - returns all UDP lISTENERS without name resolution
Note: netstat uses /etc/services to translate ports to names
Note: 0.0.0.0:514 - this means that Syslog will accept traffic to any of the defined IP addresses/interfaces on the system
e. netstat -ntp - returns established connections (sockets)
f. netstat -rn - returns the routing table
ARP:
Features:
1. Resolves layer-2 (OSI model) MAC addresses to layer-3 IP addresses
Task:
1. Examine MAC addresses using: ifconfig and arp
a. ifconfig - returns our local MAC addresses
Link encap:Ethernet HWaddr 00:02:B3:98:41:08
b. arp -a - returns MAC to IP mappings
Note: When 2 TCP/IP hosts communicate, ARP is performed to translate the IP address (v6/v4) to a MAC address.
Note: If a one or more routers separate the communicating hosts, then the MAC address of the default router's (gateway's) interface is stored by each client
Log Rotation
Features:
1. Rotation of logs based on criteria
a. size
b. age (daily, weekly, monthly)
2. Compression
3. Maintain logs for a defined period
/etc/logrotate.conf - primary (global) config file for all logs
-can be overriden by context-sensitive files. i.e. apache
run 'man logrotate'
/etc/logrotate.d - directory for logs to be rotated
-httpd - used to rotate Apache logs
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
endscript
}
Task: Setup rotation rule for Cisco log
1. Create entry in: /etc/logrotate.d based on /etc/logrotate.d/syslog
2. Modified the entry to rotate based on new criteria
3. Rotated using: 'logrotate /etc/logrotate.conf'
Note: Force using: 'logrotatate -f /etc/logrotate.conf'
1. Rotation of logs based on criteria
a. size
b. age (daily, weekly, monthly)
2. Compression
3. Maintain logs for a defined period
/etc/logrotate.conf - primary (global) config file for all logs
-can be overriden by context-sensitive files. i.e. apache
run 'man logrotate'
/etc/logrotate.d - directory for logs to be rotated
-httpd - used to rotate Apache logs
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
endscript
}
Task: Setup rotation rule for Cisco log
1. Create entry in: /etc/logrotate.d based on /etc/logrotate.d/syslog
2. Modified the entry to rotate based on new criteria
3. Rotated using: 'logrotate /etc/logrotate.conf'
Note: Force using: 'logrotatate -f /etc/logrotate.conf'
SysLogD
Features:
1. Handles logging
2. Unix Domain Sockets (/dev/log)
3. Internet Sockets (UDP:514)
4. Ability to log to local and remote targets
Implented as 'sysklogd' package
Primary configuration file: /etc/syslog.conf
Standard syslog.conf file contains:
1. Rules
a.facilities -> applications/daemons/network device/etc.
b. levels -> Importance of message
Range: 0-7
7 = emergency (less information)
6 = alert
5 = critical
4 = error
3 = warning
2 = notice
1 = info
0 = debug (more information)
2. Targets
a. file - /var/log/messages
b. tty - /dev/console
c. remote hosts - @IP_ADDR_of_REMOTE_HOST
'*' = catchall/wildcard to mean any facility or level
'.none' = exclusion rule
'man syslog.conf' to learn about the support facilities.levels
Task:
1. Enable UDP logging for remote Cisco gateway (192.168.75.1)
a. netstat -nul | grep 514 - reveals UDP:514 listener
b. nano /etc/sysconfig/syslog
b1. 'SYSLOGD_OPTIONS="-r"'
c. restart syslog and confirm UDP:514 listener
c1. confirm using 'netstat -nul | grep 514'
d. Configure the router using facility 'local0' and level 'info'
e. configure /etc/syslog.conf to accept 'local0.info'
f. restart or reload 'syslog'
1. Handles logging
2. Unix Domain Sockets (/dev/log)
3. Internet Sockets (UDP:514)
4. Ability to log to local and remote targets
Implented as 'sysklogd' package
Primary configuration file: /etc/syslog.conf
Standard syslog.conf file contains:
1. Rules
a.facilities -> applications/daemons/network device/etc.
b. levels -> Importance of message
Range: 0-7
7 = emergency (less information)
6 = alert
5 = critical
4 = error
3 = warning
2 = notice
1 = info
0 = debug (more information)
2. Targets
a. file - /var/log/messages
b. tty - /dev/console
c. remote hosts - @IP_ADDR_of_REMOTE_HOST
'*' = catchall/wildcard to mean any facility or level
'.none' = exclusion rule
'man syslog.conf' to learn about the support facilities.levels
Task:
1. Enable UDP logging for remote Cisco gateway (192.168.75.1)
a. netstat -nul | grep 514 - reveals UDP:514 listener
b. nano /etc/sysconfig/syslog
b1. 'SYSLOGD_OPTIONS="-r"'
c. restart syslog and confirm UDP:514 listener
c1. confirm using 'netstat -nul | grep 514'
d. Configure the router using facility 'local0' and level 'info'
e. configure /etc/syslog.conf to accept 'local0.info'
f. restart or reload 'syslog'
CRON
Features:
1. Scheduler
2. Rules (Cron entries) are based on times:
a. minute (0-59)
b. hour (0-23)
c. day of the month (1-31)
d. month (1-12)
e. day of the week (Sun,Mon,Tue, etc. OR 0-7)
f. command to execute (shell, perl, php, etc.)
3. Wakes up every minute in search of programs to execute
4. Reads cron entries from multiple files
5. Maintains per-user and system-wide (/etc/crontab) schedules
/etc:
cron.d/
cron.deny - denies cron execution by user
cron.monthly/ - runs jobs monthly
cron.weekly/ - runs jobs weekly
cron.daily/ - runs jobs daily
cron.hourly/ - runs jobs hourly
crontab - contains system-wide schedules
Note: '*' wildcard in a time column means to run for all values
Per-user Crontabs:
Stored in: /var/spool/cron
Task:
1. Create a cron entry for the user 'student1'
a. su student1
b. crontab -e
c. create an entry, minus the name of the user
Note: 'crontab -l' - enumerates per-user cron entries
System-wide Crontab:
Stored in: /etc/crontab
Task:
1. Create a cron entry in: /etc/crontab
Note: 'crontab -l -u username' - enumerates per-user cron entries
1. Scheduler
2. Rules (Cron entries) are based on times:
a. minute (0-59)
b. hour (0-23)
c. day of the month (1-31)
d. month (1-12)
e. day of the week (Sun,Mon,Tue, etc. OR 0-7)
f. command to execute (shell, perl, php, etc.)
3. Wakes up every minute in search of programs to execute
4. Reads cron entries from multiple files
5. Maintains per-user and system-wide (/etc/crontab) schedules
/etc:
cron.d/
cron.deny - denies cron execution by user
cron.monthly/ - runs jobs monthly
cron.weekly/ - runs jobs weekly
cron.daily/ - runs jobs daily
cron.hourly/ - runs jobs hourly
crontab - contains system-wide schedules
Note: '*' wildcard in a time column means to run for all values
Per-user Crontabs:
Stored in: /var/spool/cron
Task:
1. Create a cron entry for the user 'student1'
a. su student1
b. crontab -e
c. create an entry, minus the name of the user
Note: 'crontab -l' - enumerates per-user cron entries
System-wide Crontab:
Stored in: /etc/crontab
Task:
1. Create a cron entry in: /etc/crontab
Note: 'crontab -l -u username' - enumerates per-user cron entries
Subscribe to:
Posts (Atom)