Network Tools and Terms

Posted by tollyrocks on Tuesday, February 16, 2010
0 comments


Networking Tools

arp

Address resolution protocol Type "arp -a" to display entries in the arp cache.
ifconfig

A command line tool used to configure a network interface. There is a man page available for this program.
ifdown

Shuts down a network interface
ifup

Starts a network interface such as eth0 or ppp0
ipchains

A tool used to administer firewall rules.
netconf

The Redhat GUI network configuration tool.
netconfig

Another network configuration tool which is usually run when the system is installed. Netconf is better.
netstat

Type "netstat -rn" to see the routing table. Type "netstat-in" to see the interface info.
nslookup

Used to test DNS configuration by querying DNS servers.
ping

A network tool used to sent ICMP test packets to other hosts to determine if they can respond or are reachable.
ripquery

A tool to query some routers for their routing table.
route

Typing "route -n" will show the routing table
tcpdump

A network sniffer tool used to dump headers of packets on a network interface.
traceroute

Sends data to a remote host to a port that doesn't exist with a TTL field at 1,2,etc to get the intermediate hosts to send back their addresses reporting errors. The destination will report an unreachable port error sending its address.

Networking terms

  • ARP - Address resolution protocol. Used to translate hardware addresses (ethernet ports) and IP addresses and vice versa. Uses broadcast messages for resolution.
  • BOOTP - A protocol used to allow client computers to get their IP address from a BOOTP server. DHCP supercedes, though does not replace this protocol.
  • DHCP - Dynamic Host Configuration Protocol, allows clients to get their IP addresses from a DHCP server. This system "leases" IP addresses to clients for limited periods of time. If the client has not used their IP address within the lease time, the IP address is free fro re-assignment.
  • ICMP - Internet Control Message Protocol. Part of the IP layer. Communicates error messages and other messages that require attention.
  • IGMP - Internet Group Management Protocol. Protocol used to manage multicasting through routers.
  • IP - Three kinds of IP addresses are unicast, broadcast and multicast.
  • MBONE - Used to refer to a network that supports multicasting.
  • NIS - Network information service, is a name service created by Sun Microsystems.
  • NFS - Network file sharing, allows two Unix style computers to mount and access part or all of a file system on a remote computer.
  • OSPF - Open Shortest Path First dynamic routing protocol intended as a replacement for RIP.
  • PPP - Point to point protocol is a serial protocol commonly used to connect using a modem to the internet
  • RARP - Reverse ARP, used for clients to determine their IP addresses.
  • RIP - Routing Information Protocol, used by almost all TCP/IP implementation to perform dynamic routing.
  • RPC - Remote procedure call is a set of function calls used by a client program to call functions in a remote server program.
  • SLIP - Serial line internet protocol
  • SMTP - Simple mail transport protocol, commonly uset as the mail message transport protocol.
  • SNMP - Simple network management protocol.
  • UDP - User Datagram Protocol, a transport layer protocol
  • UUCP - Unix to Unix copy is a protocol that allows Unix computers to exchange files. 

Basic Networking Setup

Posted by tollyrocks
0 comments

Required Information

To enable networking, you must configure your network interface card or cards with an IP address and netmask. The kernel must have support for your cards compiled in, either as modular support or direct support. If you don't have kernel support read the sections about the kernel and how to compile it. To set your cards up, do the following. In my example my network is 192.168.1.0, IP=192.168.1.100, broadcast=192.168.1.255, netmask=255.255.255.0, gateway-192.168.1.1, nameserver=192.168.1.10.
  1. Determine your machines IP address from your network administrator
  2. Your network mask. This determines which portion of the IP address specifies the subnetwork number and which portion specifies the host.
Class C (most networks) 255.255.255.0
Class B 255.255.0.0

  1. Your network address which is your IP address bit wise anded with the network mask.
Ex: IP: 192.168.1.100

Mask: 255.255.255.0

Net Addr:: 192.168.1.0
  1. Your broadcast address. Used to broadcast packets to every machine on your subnet.
Ex: IP: 192.168.1.100

Mask: 255.255.255.0

Net Addr: 192.168.1.255
  1. Your gateway address. The address of the machine that is your gateway to the outside world.
    In many cases: Ex: IP: 192.168.1.100 Gateway: 192.168.1.1
  2. Your nameserver address. Translates host names into IP addresses. 192.168.1.10

Configuration tools

There are many network configuration tools today. They are:
netconf

A GUI interactive interface available on Redhat 6.1
linuxconf

A GUI interactive interface available on Redhat 6.1 which includes netconf configuration.
netconfig

A GUI step by step interface
ifconfig

A text based program to configure the network interface. Type "man ifconfig" for info.
These programs will modify values in the following files:
  • /etc/sysconfig/network - Defines your network and some of its characteristics.
  • /etc/HOSTNAME - Shows the host name of this host. IF your name is "myhost" then that is exactly the text this file will contain.
  • /etc/resolv.conf - Specifies the domain to be searched for host names to connect to, the nameserver address, and the search order for the nameservers.
  • /etc/host.conf - Specifies the order nameservice looks to resolve names.
  • /etc/hosts - Shows addresses and names of local hosts.
  • /etc/networks - Provides a database of network names with network addresses similar to the /etc/hosts file. This file is not required for operation. 

Configuration and Diagnostic Tools

Posted by tollyrocks
0 comments


System and Network Configuration

  • linuxconf - A GUI interactive interface available on Redhat 6.0 or later which includes netconf configuration.
  • netconf - A GUI interactive interface available on Redhat 6.0 and later.
  • kbdconf - A Redhat Linux tool which configures the /etc/sysconfig/keyboard file which specifies the location of the keyboard map file. This is a GUI based tool.
  • mouseconfig - A Redhat Linux tool used to configure the /etc/sysconfig.mouse file. This is a GUI tool.
  • timeconfig - A Redhat Linux tool used to configure the /etc/sysconfig/clock file. This is a GUI tool used to set timezone and whether or not the clock is set to GMT time.
  • kernelcfg - A Redhat kernel configuration utility to be started from X.
  • stty - Used to configure and print the console devices.
  • setterm - Set terminal attributes.
  • vmstat - Report statistics on virtual memory.

X Configuration

  • XF86Setup - A newer X configuration program with a GUI interface which modifies the "/etc/X11/XF86Config" configuration file.
  • xf86config - An older X configuration program with a text based interface. It also modifies the "/etc/X11/XF86Config" configuration file.
  • Xconfigurator - The Redhat tool used during system setup to configure X.
  • SuperProbe - A program that probes the video card to determine its type for use with setting up X.
  • xvidtune - This program will test video modes on the fly without modification to your X configuration. Read the usr/X11R6/lib/X11/doc/VideoModes.doc file before running this program.

Library and kernel Dependency Management

Library management:
  • ldd - Used to determine shared libraries used by binary files. Type "ldd /bin/ls" to see the shared libraries used by the "ls" command.
  • ldconfig - Used to update links and cache for system use of the most recent runtime shared libraries.
Kernel Management:
  • lsmod - List currently installed kernel modules.
  • depmod - Creates a dependency file, "modules.dep" in the directory "/lib/modules/x.x.x", later used by modprobe to automatically load the relevant modules.
  • insmod - Installs a loadable kernel module into the running kernel.
  • rmmod - Unloads modules, Ex: rmmod ftape
  • modprobe - Used to load a module or set of modules. Loads all modules specified in the file "modules.dep".

General Diagnostic

System resources
  • free - Show system memory availability and usage
  • df - Show the amount of disk free space on each mounted filesystem.
  • du - Show disk usage
  • lspci - List PCI devices
  • pnpdump - Lists ISA PNP device resource information.
  • vmstat - Reports virtual memory statistics.
Other:
  • env - List the current environment variables.
  • printenv - Print a copy of the environment.
  • set - Shows how the environment is set up. This command can be very useful when debugging the environment.
  • runlevel - List the current and previous runlevel.
  • uname - Print system information. In my case, it prints "Linux".
  • dmesg - Show the last kernel messages printed during the last boot. 

Using PAM

Posted by tollyrocks
1 comments

PAM stands for Pluggable Authentication Modules. PAM is a library, used to control the function of various applications that have the capability to use the PAM libraries. PAM is based on a series of library modules, some of which depend on configuration files. Locations of PAM configuration files and library modules are:

  • All PAM applications are configured in the directory "/etc/pam.d" or in a file "/etc/pam.conf".
  • The library modules are normally stored in the directory "/lib/security".
  • The configuration files are located in the directory "/etc/security".
To configure PAM, on systems already set up for it, you would need to edit the files for the service you want to modify in the "/etc/pam.d" directory, and modify the appropriate configuration file in the directory "/etc/security". This page will explain how to set up the configuration files and how to configure the modules so applications can use them.

The PAM configuration files

PAM is controlled a main configuration file( /etc/pam.conf) or control directory (/etc/pam.d). Some PAM module's behavior is controlled with configuration files (in /etc/security)as listed below:
  • access.conf - Login access control. Used for the pam_access.so library.
  • group.conf - Group membership control. Used for the pam_group.so library.
  • limits.conf - Set system resource limits. Used for the pam_limits.so library.
  • pam_env - Control ability to change environment variables. Used for the pam_env.so library.
  • time - Allows time restrictions to be applied to services and user privileges. Used for the pam_time.so library.

The main pam.conf file or the /etc/pam.d files

The configuration for PAM is normally in the /etc/pam.d directory which has a file for each PAM controlled application. This file or directory is used to control the behavior of applications that use the PAM modules. Some examples of PAM controlled applications are login, samba, and shutdown. PAM is controlled using the configuration file /etc/pam.conf or the configuration directory, but not both. The directory structure control has precedence. A general configuration line in one of the PAM application configuration file has the following form:
module-type   control-flag   module-path   arguments
If the /etc/pam.conf file is used to control PAM rather than the /etc/pam.d directory structure, the pam.conf lines are the same except they have an additional parameter at the start which is "service-name". The various parameters on each line are:
  1. service-name(not in directory files) - The type of service such as rlogin or ftp.
  2. module-type - The type name of the PAM module used which are
    1. auth - Authenticates the user to be sure they are who they claim to be, usually asking a password then checking it, and setting credentials like as group memberships or kerberos tickets.
    2. account - Check to see if the authentication is allowed based on available system resources such as the maximum number of users or the location of the user. Access could be denied if the account has expired or the user is not allowed to log in at this time of day.
    3. password - Used to set passwords. Typically, there is one module for each auth module-type.
    4. session - Used to make it possible for a user to use their account once they have been authenticated. This module does things that need to be done for the user before or after they can be given service such as logging of information concerning the opening or closing of some data exchange with a user, or mounting directories. This module may make the user's mailbox available.
  3. control-flag
    1. required - The success of the module is required for the module-type facility to succeed. Failure of this module will not be apparent to the user until all of the remaining modules (of the same module-type) have been executed
    2. requisite - If the module returns a failure, control is directly returned to the application. The return value is that associated with the first required or requisite module to fail. This flag can be used to protect against the possibility of a user getting the opportunity to enter a password over an unsafe medium.
    3. sufficient - If this module succeeds and no previous required module has failed, no more `stacked' modules of this type are invoked. This means subsequent required modules are not invoked. A failure of this module is not deemed as fatal to satisfying the application that this module-type has succeeded.
    4. optional - This module is not critical to the success or failure of the user's application for service. In the absence of any definite successes or failures of previous or subsequent stacked modules this module will determine the nature of the response to the application.
  4. module-path - The path and filename of the PAM library used to control the function.
  5. arguments - Arguments are optional and vary from module to module.
My "/etc/pam.d/rlogin" file looks like this:
#%PAM-1.0
auth       required    /lib/security/pam_securetty.so
auth       required    /lib/security/pam_pwdb.so shadow nullok
auth       required    /lib/security/pam_nologin.so
account    required    /lib/security/pam_pwdb.so
password   required    /lib/security/pam_cracklib.so
password   required    /lib/security/pam_pwdb.so nullok use_authtok md5 shadow
session    required    /lib/security/pam_pwdb.so
session    optional    /lib/security/pam_console.so

Managing Users

Posted by tollyrocks
0 comments

Commands for managing users:

  • adduser(8) - Command used to add user accounts.
  • chage (1) - Used to change the time the user's password will expire.
  • chfn(1) - Change a user's finger information
  • chsh(1) - Change a user's shell.
  • chgrp (1) - Changes the group ownership of files.
  • chown (1) - Change the owner of file(s ) to another user.
  • gpasswd (1) - Used to administer the /etc/group file.
  • groupadd (8) - Create a new group.
  • grpconv (8) - Creates /etc/gshadow from the file /etc/group which converts to shadow passwords.
  • grpunconv (8)- Uses the files /etc/passwd and /etc/shadow to create /etc/passwd, then deletes /etc/shadow which converts from shadow passwords.
  • groupdel (8) - Delete a group
  • groupmod (8) - Modify a group
  • groups (1) - print the groups a user is in
  • grpck (8) - Verify the integrity of group files.
  • id(1) - Print group or user ID numbers for the specified user.
  • newgrp(1) - Allows a user to log in to a new group.
  • newusers (8) - Update and create new users in batch form.
  • nologin (5) - Prevent non-root users from logging onto the system.
  • passwd (1) - Used to update a user's password. The command "passwd username" will set the password for the given user.
  • pwconv (8) - Used to create the file /etc/shadow from the file /etc/passwd to convert to shadow passwords.
  • pwunconv (8) - Uses the files /etc/passwd and /etc/shadow to create /etc/passwd, then deletes /etc/shadow to convert from shadow passwords.
  • su (1) - run a shell with substitute user and group IDs
  • useradd (8) - Create a new user or update default new user information
  • userdel (8) - Delete a user account and their files from the system. The command "userdel -r newuser" will remove the user and deletes their home directory.
  • usermod (8) - Modify a user account.
Other useful commands/examples:
find / -user username -ls

Gives a list of all files owned by username.
chown -R myuser /home/myuser

Changes ownership of all files in mysuer home directory to myuser.
chmod +s filename

Sets the uid

Files

  • /etc/passwd - Where the user's name, and other pertinent information are stored. This includes the password unless your system is using shadow passwords.
  • /etc/shadow - Where the user's password is stored if you are using shadow passwords.
  • /etc/group - Where group names are stored.
  • /etc/aliases - Where the user's name is matched to a nickname for e-mail.
  • /etc/sudoers - A list of users with special privileges along with the commands they can execute.

File Formats

Note group ID numbers start at 100 and user ID numbers start at 500. The file /etc/group gives groups

The /etc/passwd file:
username:password:uid:gid:gecos:homedir:shell
Gecos contains information about the user, including the real name. Shell is the name and path of the user's default shell program.
The /etc/group file:
groupname:password:gid:members
If the entry "bigclown:*: mark,george" is in the group file, the users mark and george are members of the bigclown group.

Examples

To add a user, while logged in as root, type "adduser username".
To set a user password, while logged in as root or the user that will be changed, type "passwd username". If "passwd" is typed, the password will be changed for the user, you are logged in as.
To remove a user, while logged in as root, type "userdel -r username". This will remove the user's home directory. You can delete the user without the "-r" option and delete the user's home directory manually. If the group the user was in, is no longer needed, you may delete it by editing the "/etc/group" file.
The file "/etc/aliases" is where the user's real name is matched to their user name for e-mail accounts. Add users to this file in the form:
Firstname,Lastname:username
Then update the database by typing "newaliases".

User Process Accounting

Process accounting is supported by new kernels. To use this feature, you'll need to get the acct-1.3.73.tar.gz package or later. The package contains some programs used to manage users. The following commands are useful for user accounting:
  • ac(1) - Print statistics about users' connect time.
  • accton (8) - Turn on accounting of processes. To turn it on type "accton /var/log/pacct".
  • last(1) - Shows a list of users who have logged in.
  • lastb(1) - Shows failed login attempts. This command requires the file /var/log/btmp to exist in order to work. Type "touch /var/log/btmp" to begin logging to this file.
  • lastcomm (1) - Display information about previous commands in reverse order. Works only if process accounting is on.
  • sa(8) - Generates a summary of information about users' processes that are stored in the /var/log/pacct file.
  • utmpdump(1) - Used for debugging.
  • who(1) - Find out what users are logged onto the system.

Files that hold accounting information

  • /var/log/wtmp - Stores information about all logins and logouts.
  • /var/run/utmp - Stores information about who is currently on the system and is used by the who command.
  • /var/log/btmp - Used to store information about failed logins.
The /var/log/wtmp file, contains the following information:
  • Type of Login
  • Process ID of login process
  • The device name of the tty used
  • The init ID or abbreviated ttyname
  • User Name
  • Hostname for remote login
  • Exit Status of a process
  • The session ID
  • The time entry was made
  • IP address of remote host
See the man page for wtmp(5) for more information.
The ability to set quotas limits a user's disk storage by setting:
  1. The number of inodes the user or group may use.
  2. The number of disk blocks a user or group may use.
This limits user's ability to use up all system resources. It only works on ext2 filesystems. Quotas must be set for each filesystem that the user may use. The kernel must have quota support compiled in.

User Quotas

The ability to set quotas limits a user's disk storage by setting:
  1. The number of inodes the user or group may use.
  2. The number of disk blocks a user or group may use.
This limits the user's ability to use up all system resources. It only works on ext2 filesystems. Quotas must be set for each filesystem that the user may use. The kernel must have quota support compiled in.
Commands used to set quotas and limits are:
  • edquota(8) - Used to edit user or group quotas. This program uses the vi editor to edit the quota.user and quota.group files. If the environment variable EDITOR is set to emacs, the emacs editor will be used. Type "export EDITOR=emacs" to set that variable.
  • quota(1) - Display users' limits and current disk usage.
  • quotaoff(8) - Turns system quotas off.
  • quotaon(8) - Turn system quotas on.
  • quotacheck(8) - Used to check a filesystem for usage, and update the quota.user file.
  • repquota(8) - Lists a summary of quota information on filesystems.
  • ulimit - A bash builtin command for setting the processes a user can run. The command "ulimit -n 9000" will set the limit on open files to 9000.
Files:
  • /etc/mtab
  • quota.user - Resides on the filesystem quotas are being set on.
  • quota.group
Read the Quota mini howto for more information. Here's roughly what is needed to enable and set quotas:
  1. In your startup scripts, you should use the quotacheck and quotaon commands to start quota checking at system startup. Read the "How Linux Works" or the "Linux Startup Manual" for more information on startup scripts. This is already setup properly in most current versions of Linux.
  2. In the /etc/fstab file, add the mount options "usrquota" and "grpquota". You only need "grpquota" if you are going to set group quotas also. An example entry: 
3.  /dev/hda2       /    ext2    defaults,usrquota,grpquota       1       1
  1. Issue the following commands, where "fs" is the name of the filesystem where quotas are to be set. The first two commands create the quota files, and the second two commands keep users from accessing those files. 
5.  touch /fs/quota.user
6.  touch /fs/quota.group
7.  chmod 600 /fs/quota.user
8.  chmod 600 /fs/quota.group
  1. If you use emacs rather than vi to edit files, type "export EDITOR=emacs". You may want to add this command to your shell startup script such as $HOME/.bash_profile.
  2. Type "edquota username" to edit the quota file. You get a screen like this: 
11.Quotas for user george:
12./dev/hda2: blocks in use: 10672, limits (soft = 0, hard = 0)
13.              inodes in use: 1856, limits (soft = 0, hard = 0)
14./dev/hda3: blocks in use: 0, limits (soft = 0, hard = 0)
15.              inodes in use: 0, limits (soft = 0, hard = 0)
Enter the limits you want to set and save the file. The soft limits are those that may be exceeded for limited periods of time, and the hard limits may not be exceeded.

Process Control

Posted by tollyrocks
0 comments

Tools for working with processes

  • accton - Turns process accounting on and off. Uses the file /var/log/pacct. To turn it on type "accton /var/log/pacct". Use the command with no arguments to turn it off.
  • kill - Kill a process by number
  • killall - Send a signal to a process by name
  • lastcomm (1) - Display information about previous commands in reverse order. Works only if process accounting is on.
  • nice - Set process priority of new processes.
  • ps(1) - Used to report the status of one or more processes.
  • pstree(1) - Display the tree of running processes.
  • renice(8) - Can be used to change the process priority of a currently running process.
  • sa(8) - Generates a summary of information about users' processes that are stored in the /var/log/pacct file.
  • skill - Report process status.
  • snice - Report process status.
  • top - Displays the processes that are using the most CPU resources.

Checking running processes

While logged in as root, type "ps -ax |more" or "ps -aux |more". You will get a list of all processes running on your computer. You will see the process id (PID), process status (STAT) various statistics, and the command name. You can kill a process by typing "kill" and the PID number right afterwards similar to the line below.
kill 1721
You can also stop and restart processes by sending them various signals as in the below examples:
kill -STOP 1721

Stops (suspends) process 1721 by sending the STOP signal to the process. This process will still be on the task list. The process can't catch or ignore the STOP signal.
kill -CONT 1721

Continue process 1721 causing it to resume. The CONT signal is sent to the process.
kill -TERM 1721

Terminates process 1721 by sending the TERM signal to the process. This process will no longer show up on the task list if it is actually terminated. Process terminated cannot be continued. The TERM signal can be caught so TERM is not guaranteed to kill the process.
kill -HUP 1721

Stops, then restarts process 1721. This is usually done when a process is not working properly or the configuration files for that process have been changed. This command sends the HUP signal to the process which means hangup. This signal can be caught by the process.
killall -HUP myprint

Restarts any process with the name "myprint".
kill -TERM myprint

Terminates any process with the name "myprint".

Setting up and doing process control

The examples in this section use the "yes" command as an easy method for an example of a program that runs continually. The "yes" command outputs the string "y" until it is killed or stopped. When the output is ported to the /dev/null (null device or bit bucket), the output is basically dumped. Therefore this command is harmless, but is a good demonstration. To put the process in the background, append an "&" character to the end of the command as shown below.
yes > /dev/null &
The system will respond with a job number and process ID or PID similar to:
[1] 10419
Either number can be used to refer to the job. The "jobs" command can be used to check the job. When the command is entered the system will respond with a list of running jobs similar to the following:
[1]+ Running yes >/dev/null &
The job can be killed using the process ID or the job number. Either
kill %1
or:
kill 10419

Stopping and restarting jobs

Another way to put a job into the background is to
  1. Start the job normally like:
yes > /dev/null
The prompt does not come back.
  1. Use the key to stop the job.
  2. Use the command "bg" or "bg %1" where 1 is the job number to put the process in the background. The system reports the job number when you stop the job.
    Before the last step, the job was suspended. The "fg" command could have been used to bring the job into the foreground rather than using the "bg" command to put it in the background. If the job is running in the foreground, you can type &@60Ctrl-C> to terminate the process.

Killing or Reconfiguring a Daemon without Restarting

killall -1 inetd

Restarts inetd by sending signal number 1 which is the hangup signal.
killall -HUP inetd

Causes the daemon to reload its config file by sending the hangup signal. The difference between this example and the previous one is the signal is called by name here rather than number.
To make changes to inetd:
  1. Reconfigure /etc/inetd.conf
  2. Restart inetd by sending it the hangup signal
The easy way to reset a service that was started via the rc script files during system startup:
  1. Find the file for the service, you want to start. For example find the file for the print daemon "lpd". These files should typically be in the directory "/etc/rc.d/init.d". The file name in this case is "lpd". (Note this is a script file, that starts the daemon, not the actual binary daemon file).
  2. Go to that subdirectory "cd /etc/rc.d/init.d" and type "./lpd restart".
  3. You should get output to the screen that indicates this service has been shut down and then started.

Setting process priority

In Linux, processes have a priority number between -20 and 19. The value of -20 is the highest, and 19 is the lowest priority. Process priority can be set with the nice(1) command and changed using the renice(8) command. To set a process to have the highest priority find the process ID number using the ps command. If your process name is "myprog" type:
ps -ax |grep myprog
You should get something like:
756 tty1 S 0:00 myprog
The first number on the line is your process ID. Enter the command:
renice -20 756
This will set your process (PID=756) to priority of -20. Modify the process ID number for that of your program running on your system. You can use the nice command to determine the default priority of new processes by typing "nice" on the command line. If you want to start a process with a specific priority, use the nice(1) command when you invoke the process.

Setting limits on the number of processes that can run


The command "ulimit" is used to limit the number of processes users can run along with available system resources. All processes which will be started from the shell (bash in many cases), will have the same resource limits. See the bash manual page for more information. To set the limits for daemons which are running at boot time add ulimit command to boot scripts.

The command "ulimit -a" reports the current limits.