SUSE LINUX Advanced Administration ®
COURSE 3038
®
Novell Training Services SELF-STUDY WORKBOOK
Version 1
w w w. n o v e l l . c o m
Proprietary Statement
Trademarks
Copyright © 2004 Novell, Inc. All rights reserved.
Novell, Inc. has attempted to supply trademark information about company names, products, and services mentioned in this manual. The following list of trademarks was derived from various sources.
No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express prior consent of the publisher. This manual, and any portion thereof, may not be copied without the express written permission of Novell, Inc. Novell, Inc. 1800 South Novell Place Provo, UT 84606-2399
Disclaimer Novell, Inc. makes no representations or warranties with respect to the contents or use of this manual, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes in its content at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. makes no representations or warranties with respect to any NetWare software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of NetWare software at any time, without obligation to notify any person or entity of such changes. This Novell Training Manual is published solely to instruct students in the use of Novell networking software. Although third-party application software packages are used in Novell training courses, this is for demonstration purposes only and shall not constitute an endorsement of any of these software applications. Further, Novell, Inc. does not represent itself as having any particular expertise in these application software packages and any use by students of the same shall be done at the students’ own risk.
Software Piracy Throughout the world, unauthorized duplication of software is subject to both criminal and civil penalties. If you know of illegal copying of software, contact your local Software Antipiracy Hotline. For the Hotline number for your area, access Novell’s World Wide Web page at http://www.novell.com and look for the piracy page under “Programs.” Or, contact Novell’s anti-piracy headquarters in the U.S. at 800-PIRATES (7472837) or 801-861-7101.
Novell, Inc. Trademarks NetWare, the N-Design, and Novell are registered trademarks of Novell, Inc. in the United States and other countries. CNA, CDE, CNI, NAEC, and Novell Authorized Education Center are service marks and CNE is a registered service mark of Novell, Inc. in the United States and other countries. ConsoleOne, DirXML, and eDirectory are trademarks of Novell, Inc. GroupWise is a registered trademark of Novell, Inc. Hot Fix, and IPX is a trademark of Novell, Inc. NDS, Novell Directory Services, and NDPS are registered trademarks of Novell, Inc. NetWire is a registered service mark of Novell, Inc. in the United States and other countries. NLM and Novell Certificate Server are trademarks of Novell, Inc. Novell Client, Novell Cluster Services, and Novell Distributed Print Services are trademarks of Novell, Inc. ZENworks is a registered trademark of Novell, Inc.
Other Trademarks Adaptec is a registered trademark of Adaptec, Inc. AMD is a trademark of Advanced Micro Devices. AppleShare and AppleTalk are registered trademarks of Apple Computer, Inc. ARCserv is a registered trademark of Cheyenne Software, Inc. Btrieve is a registered trademark of Pervasive Software, Inc. EtherTalk is a registered trademark of Apple Computer, Inc. Java is a trademark or registered trademark of Sun Microsystems, Inc. in the United States and other countries. Linux is a registered trademark of Linus Torvalds. LocalTalk is a registered trademark of Apple Computer, Inc. Lotus Notes is a registered trademark of Lotus Development Corporation. Macintosh is a registered trademark of Apple Computer, Inc. Netscape Communicator is a trademark of Netscape Communications Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation. Pentium is a registered trademark of Intel Corporation. Solaris is a registered trademark of Sun Microsystems, Inc. The Norton AntiVirus is a trademark of Symantec Corporation. TokenTalk is a registered trademark of Apple Computer, Inc. Tru64 is a trademark of Digital Equipment Corp. UNIX is a registered trademark of the Open Group. WebSphere is a trademark of International Business Machines Corporation. Windows and Windows NT are registered trademarks of Microsoft Corporation.
Contents
Contents
SUSE LINUX Advanced Administration Self-Study Workbook
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-1 SLES 9 Server Setup Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2 Check Setup Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2 Install the SLES 9 VMware Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-3 Configure the SLES 9 VMware Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-4 Start the SLES 9 VMware Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-6 VMware Workstation Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-7
Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-8 SECTION 1
Install SLES 9 Exercise 1-1 Install SLES 9 from CD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Part I: Boot From the Installation Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Part II: Start the Installation Proposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Part III: Configure the Partitions for Your Hard Drive . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 Part IV: Add Compiler and Development Tools to the Software Selection . . . . . . . . . . 1-6 Part V: Start the Installation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Part VI: Set the root Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Part VII: Set Up the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Part VIII: Set Up Services and Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 Part IX: Configure Hardware Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 Part XI: (Optional) Update Your SLES 9 Server With YOU . . . . . . . . . . . . . . . . . . . . 1-10 Exercise 1-2 Configure the SLES 9 VMware Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14 Part I: Configure the SLES 9 Server with YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14 Part II: (Optional) Update Your SLES 9 Server With YOU . . . . . . . . . . . . . . . . . . . . 1-17
SECTION 2
Configure the Network Manually Exercise 2-1 Configure the Network Connection Manually. . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Part I: Note the Current Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Part II: Delete the Current Network Setup with YaST . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Part III: Configure the Network Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Part IV: Save the Network Connection to Interface and Hardware Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
TOC-1
SUSE LINUX Advanced Administration/Self-Study Workbook
SECTION 3
Configure Network Services Exercise 3-1 Configure a DNS server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Part I: Install BIND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Part II: Configure a DNS Master Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Exercise 3-2 Use the SLES 9 OpenLDAP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 Part I: Install GQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 Part II: Search the SLES 9 OpenLDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 Part III: Browse the SLES 9 OpenLDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 Part IV: Use an LDIF File to Add a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10 Exercise 3-3 Configure an Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 Part I: Install Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 Part II: Test the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13 Part III: Configure a Virtual Host for the Accounting Department . . . . . . . . . . . . . . . 3-14 Part IV: Configure User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16 Part V: Configure SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Exercise 3-4 Configure a File Server With Samba. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Part I: Install Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Part II: Configure a Share for the User Geeko . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Part III: Access the Share of the User Geeko With smbclient . . . . . . . . . . . . . . . . . . . 3-23 Part IV: Mount Geeko's Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
SECTION 4
Secure a SLES 9 Server Exercise 4-1 Change the PAM Configuration to Disable the Graphical Root Login. . . . . . . 4-2 Exercise 4-2 Use ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Part I: Configure the ACL of a Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Part II: Configure a Default ACL for a Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5 Part III: Delete an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 Exercise 4-3 (Optional) Subscribe to the SUSE Security Announcements . . . . . . . . . . . . . . 4-8
SECTION 5
Manage Backup and Recovery Exercise 5-1 Create Backup Files With tar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Part I: Create a Full Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Part II: Create an Incremental Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Exercise 5-2 Create Drive Images With dd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 Exercise 5-3 Create a Backup of a Home Directory With rsync . . . . . . . . . . . . . . . . . . . . . . 5-7 Part I: Perform a Local Backup With rsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 Part II: Perform a Remote Backup with rsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 Exercise 5-4 Configure a cron Job for Data Backups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9 Exercise 5-5 Boot to a Shell and Configure the GRUB Boot Loader . . . . . . . . . . . . . . . . . 5-10 Part I: Boot the Rescue System (Installed SLES 9 Servers Only) . . . . . . . . . . . . . . . . 5-10 Part II: Boot the Rescue System (SLES 9 VMware Servers Only) . . . . . . . . . . . . . . . 5-11 Part III: Edit and Test the GRUB Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12
TOC-2
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Contents
SECTION 6
Create Shell Scripts Exercise 6-1 Produce Output from a Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Exercise 6-2 Read User Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4 Exercise 6-3 Simple Operations with Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5 Exercise 6-4 Use Command Substitution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6 Exercise 6-5 Use Arithmetic Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7 Exercise 6-6 Use Variable Substitution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9 Exercise 6-7 Use the if Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10 Exercise 6-8 Use the case Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11 Exercise 6-9 Use the while and until Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12 Exercise 6-10 Use the for Loop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13 Exercise 6-11 Interrupt Loop Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14 Exercise 6-12 Use Shell Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15 Exercise 6-13 Use the getopts Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Exercise Answers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18 SECTION 7
Compile Software from Source Exercise 7-1 Compile a Simple C Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Exercise 7-2 Compile Software from a Source Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Part I: Compile a Source Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Part II: Run the Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
SECTION 8
Perform a Health Check and Performance Tuning Exercise 8-1 Analyze System Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Part I: Analyze Processor Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Part II: Analyze Memory Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3 Part III: Analyze Hard Disk Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4 Part IV: Analyze Memory Utilization From KDE System Guard . . . . . . . . . . . . . . . . . 8-5 Exercise 8-2 Reduce Resource Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7 Exercise 8-3 Tune an IDE Hard Drive With hdparm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9
SECTION 9
Manage Hardware and Component Changes Exercise 9-1 Trace How a Network Adapter Is Set Up With hwup and ifup. . . . . . . . . . . . . 9-2 Part I: Boot the System with Hot- and Coldplug Disabled . . . . . . . . . . . . . . . . . . . . . . . 9-2 Part II: Use hwup to Load a Driver Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 Part III: Use ifup to Set Up the Network Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
TOC-3
SUSE LINUX Advanced Administration/Self-Study Workbook
SECTION 10
Prepare for the Novell CLP Practicum
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1 Scenario 1
Install and Configure SLES 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2 SLES 9 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2 Post-Installation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3
TOC-4
Scenario 2
Configure a DNS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3
Scenario 3
Configure a Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4
Scenario 4
Configure a Samba File Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
SUSE LINUX Advanced Administration Self-Study Workbook
SUSE LINUX Advanced Administration Self-Study Workbook
This workbook is designed to help you practice the skills associated with Course 3038 (SUSE LINUX Advanced Administration) objectives outside of a classroom.
Introduction The skills introduced in this workbook are critical for performing basic administrative tasks with SUSE LINUX, and are necessary for passing the Novell CLP (Certified Linux Professional) practicum. The exercises in this workbook are the same as those included in your Course 3038 SUSE LINUX Advanced Administration manual, but with modifications and notes to help you perform the exercises on a single computer without relying on an instructor or partner SLES 9 server.
x
Version 1
If you experience any problems using the SLES 9 3038 VMware Server DVD or the Self-Study Workbook, please email your questions or comments to
[email protected].
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook Intro-1
SUSE LINUX Advanced Administration/Self-Study Workbook
SLES 9 Server Setup Instructions Before starting the exercises in this workbook, you need to set up a SLES 9 server with the same configuration as that provided in the classroom. There are 2 solutions provided for you: ■
“Access the SLES 9 Server as a VMware Server” on Intro-2
■
“Install the SLES 9 Student Server With AutoYaST” on Intro-8
Access the SLES 9 Server as a VMware Server If you want to avoid dedicating a computer to a SLES 9 installation, you can use the SLES 9 VMware virtual server provided on the SLES 9 3038 VMware Server DVD. The following guides you through installing and using the SLES 9 VMware server: ■
Check Setup Prerequisites
■
Install the SLES 9 VMware Server
■
Configure the SLES 9 VMware Server
■
Start the SLES 9 VMware Server
■
VMware Workstation Tips
Check Setup Prerequisites
The following items are required to run the SLES 9 VMware server on your computer: Table Intro-1
Workbook Intro-2
Item
Requirement
Memory
256 MB RAM (minimum)
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
SUSE LINUX Advanced Administration Self-Study Workbook
Table Intro-1
Item
Requirement
Hard Drive Space
3 GB
DVD-ROM Drive
For reading the SLES 9 3038 VMware Server DVD and other CDs required for the exercises.
Software
VMware Workstation 4.5 or later (Windows or Linux)
SLES 9 3038 VMware Server DVD
Contains the SLES 9 VMware Server files for this course
Although you can run the SLES 9 VMware server with 256 MB of RAM, processing time for performing some Linux administration tasks (such as using YaST) can be significantly reduced by increasing memory for the VMware server. If you do not own a copy of VMware Workstation (or have a version earlier than 4.5), you can download and install a VMware Workstation 4.5 30-day evaluation copy from www.vmware.com.
Install the SLES 9 VMware Server
Once you have VMware Workstation 4.5 installed on your host computer, do the following to install the SLES 9 VMware server: 1.
Insert the SLES 9 3038 VMware Server DVD in your DVD-ROM drive.
2.
Copy the VMware server files on the DVD to a directory on your hard drive. We recommend creating a specific directory (such as /tmp/vmware/SLES9_3038) to store the files.
Version 1
3.
Start VMware Workstation 4.5.
4.
Select File > Open Virtual Machine.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook Intro-3
SUSE LINUX Advanced Administration/Self-Study Workbook
5.
Browse to and open the sles.vmx file. The SLES9_Server_3038 VMware server opens in VMware Workstation and is ready to start.
Configure the SLES 9 VMware Server
Before starting the SLES 9 server, do the following: 1.
Select VM > Settings (or Edit virtual machine settings). A Virtual Machine Settings - SLES9_Server_3038 dialog appears. From this dialog you can adjust the settings for several devices such as memory, floppy drive, and network adaptor before starting the virtual server.
2.
Check the following device settings: ❑
Memory. This memory setting indicates the amount of memory used by the SLES 9 virtual server on the host computer. Although you can run the SLES 9 virtual server with 256 MB of memory, we recommend increasing the amount (when possible) to increase the speed of certain administrative tasks (such as starting X Windows or using the GUI version of YaST).
❑
DVD/CD-ROM. This is the DVD drive on your host computer, and should be set as a physical drive. If you are running VMware Workstation on Windows, select the drive letter assigned to the DVD drive from the Device field drop-down list. If you are running VMware Workstation on Linux, enter the device name of the DVD drive (such as /dev/hda or /dev/cdrom). You can normally select the device name from the Device field drop-down list.
Workbook Intro-4
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
SUSE LINUX Advanced Administration Self-Study Workbook
❑
Floppy Drive. This is the floppy drive on your host computer. The default is set to “A:” for a Windows computer. If you are running VMware Workstation on Linux, change the setting to the device for the floppy drive (such as /dev/fd0).
❑
Network Adaptor. The “NAT” network connection default setting provides a VMware Workstation DHCP server for the SLES 9 server (which is configured to use DHCP). While you can select another setting (such as “Bridged”), these have not been tested and can cause problems completing the exercises. We recommend keeping the default “NAT” setting.
The rest of the settings should work properly to provide you with the access you need to devices for USB, sound, and mouse control. If not, return to this dialog to make the necessary adjustments to the settings. 3.
When you finish reviewing the virtual server configuration, save any changes and close the dialog by selecting OK. During the exercises, you use the Ctrl+Alt key combination to access features such as terminal consoles. VMware Workstation also uses this hot key combination to switch you out of the virtual server to the host machine.
4.
To change the VMware hot key configuration, select Edit > Preferences. A Preferences dialog appears.
5.
Select the Hot keys tab; then select the Ctrl-Shift-Alt option. Once you start the SLES 9 VMware server, you can press Ctrl+Shift+Alt to access the host machine, including the VMware Workstation menu options.
6.
Version 1
Save the change by selecting OK.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook Intro-5
SUSE LINUX Advanced Administration/Self-Study Workbook
Start the SLES 9 VMware Server
Do the following: 1.
Start the SLES 9 VMware server by selecting Power > Power On (or Start this virtual machine).
2.
The SLES 9 server starts booting.
3.
(Conditional) If you cannot see the entire SLES 9 window on your monitor, select the VMware Workstation full screen mode. After starting the SLES 9 services, a blank screen is displayed while the X Window GUI interface is loaded. Depending on the amount of memory allocated to the virtual server, loading the GUI interface can take almost a minute.
4.
Once the GUI login dialog appears (with Geeko Novell listed as a user), select VM > Install VMware Tools. The VMware Tools package enhances the graphics resolution and color depth capabilities of your virtual server. A Question dialog appears to confirm the installation.
5.
Install the VMware Tools package by selecting Install. The installation takes only a couple of seconds, but no “success” dialog is displayed to indicate that the package was installed. You can verify that the package was installed by displaying the VM menu. If there is a Cancel VMware Tools Install option listed, then the package was installed successfully.
Workbook Intro-6
6.
After the VMware Tools installation, click in the virtual server window to switch keyboard and mouse functionality from the host computer to the virtual server.
7.
From the GUI login dialog, log in to the KDE desktop as geeko with a password of N0v3ll.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
SUSE LINUX Advanced Administration Self-Study Workbook
You are ready to begin Exercise 1-2, which gives you additional steps for configuring your SLES 9 VMware server to work properly with the exercises in this workbook.
VMware Workstation Tips
Although we rely on your experience with VMware Workstation to complete the exercises in a virtual server environment, the following are some tips that can help you when using the SLES 9 virtual server:
Version 1
■
If you cannot use the keyboard to enter text, try selecting the virtual server window with the mouse or try pressing Shift-Tab.
■
If you need to adjust the SLES 9 virtual server resolution to fit the monitor on your host computer, follow the steps in Exercise 1-2 “Configure the SLES 9 VMware Server” on 1-14 to make the adjustment.
■
If you need to switch keyboard and mouse focus from the virtual server to the host computer, press Ctrl+Shift+Alt; then select the virtual window again to switch focus back.
■
If you want to save a copy of the SLES 9 virtual server before continuing on with an exercise or the next exercise, use the Snapshot feature (Snapshot > Save Snapshot).
■
Before powering off the SLES 9 virtual server, make sure you shut down the server to avoid any problems caused by not shutting down the server cleanly.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook Intro-7
SUSE LINUX Advanced Administration/Self-Study Workbook
Install the SLES 9 Student Server With AutoYaST If you want to install the SLES 9 student server on an available computer, following the steps for installing SLES 9 in Exercise 1-1. By installing SLES 9, you remove the existing operating system and all files on your hard drive. Before starting the installation, make sure you back up any important files you want to keep.
Scenario As system administrator for your Digital Airlines office, you have been tasked by the company to migrate several network services to SLES 9 servers over the next year. As part of the rollout plan, you would like to install SLES 9 on a prototype/staging server that you can use to do the following: ■
Become familiar with basic administrative tasks on the local host (such as providing user access and security)
■
Connect to the network to test a variety of services you will be migrating (such as file and print)
■
Provide limited access for training others in your office (such as the database group) who will be using or configuring these services
■
Test updating and remote administration of SLES 9
Once you complete this initial testing of services and administrative tasks, you will then be in a position to begin rolling out SLES 9 according to guidelines from Digital Airlines corporate headquarters.
Workbook Intro-8
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Install SLES 9
SECTION 1
Install SLES 9
In this section of the workbook, you do one of the following: ■
“Install SLES 9 from CD” on 1-2 If you plan on dedicating an entire computer to an installation of SLES 9, follow the steps in this exercise.
■
“Configure the SLES 9 VMware Server” on 1-14 If you plan on using the SLES 9 VMware server provided on your SLES 9 3038 VMware Server DVD, follow the steps in this exercise. Make sure you follow the steps under “Access the SLES 9 Server as a VMware Server” on Intro-2 to set up and start the server before beginning this exercise.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 1-1
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 1-1
Install SLES 9 from CD YaST presents an installation proposal (automatically generated during installation) that you can accept to make installation simple and quick. However, you also need to understand the more advanced installation options available. By changing the following installation proposal options, you can install servers that meet a variety of needs: ■
Installation mode
■
Partitioning scheme
■
Software selection
■
Authentication method
■
Hardware setup
While you have already performed a basic installation from CD in SUSE LINUX Fundamentals (Course 3036), in this exercise you perform additional configuration tasks during installation by doing the following:
Workbook 1-2
■
Part I: Boot From the Installation Media
■
Part II: Start the Installation Proposal
■
Part III: Configure the Partitions for Your Hard Drive
■
Part IV: Add Compiler and Development Tools to the Software Selection
■
Part V: Start the Installation Process
■
Part VI: Set the root Password
■
Part VII: Set Up the Network
■
Part VIII: Set Up Services and Users
■
Part IX: Configure Hardware Devices
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Install SLES 9
■
Part XI: (Optional) Update Your SLES 9 Server With YOU
Part I: Boot From the Installation Media
Do the following: 1.
Turn on the computer.
2.
Insert SLES 9 CD 1 into the CD-ROM drive.
3.
Reboot the computer by selecting the Reset button or by pressing Ctrl+Alt+Del.
4.
(Conditional) If your computer does not boot from the CD-ROM drive, adjust the BIOS settings and reboot the computer.
5.
When the GRUB installation screen appears, select Installation with the arrow keys and press Enter.
Part II: Start the Installation Proposal
Do the following 1.
When YaST displays the Novell Software License Agreement, select I Agree.
2.
From the language selection dialog, select your language; then select Accept.
x
Although you can select any available language, the exercises in this manual are written for English US. 3.
(Conditional) If an installation mode dialog appears, select New installation; then select OK. An Installation Settings proposal dialog appears.
Version 1
4.
Scroll down to and select Keyboard layout.
5.
Select your keyboard layout; then select Accept.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 1-3
SUSE LINUX Advanced Administration/Self-Study Workbook
You are returned to the Installation Proposal dialog. 6.
Scroll down to and select Time zone.
7.
Select your region; then select your time zone.
8.
Make sure that the hardware clock is set to UTC; then select Accept.
Part III: Configure the Partitions for Your Hard Drive
Do the following: 1.
Change the partitioning settings by scrolling to and selecting Partitioning.
2.
Select Create custom partition setup; then select Next.
3.
Select Custom partitioning -- for experts; then select Next.
4.
Delete existing partitions: a.
From the Expert Partitioner dialog, check for any existing partitions in the partition list.
b.
If there are partitions, select the hard disk entry of the corresponding partitions (such as hda or hdc).
c.
Delete all existing partitions on the selected hard disk by selecting Delete.
d. When you are asked to confirm the deletion, select Yes. e.
5.
(Conditional) If there is more than one hard disk containing partitions in the system, repeat Steps b, c, and d until only the hard disk entries are left in the list.
Create a swap partition: a.
From the partition list, select the hard drive entry; then select Create. If you have more than one hard disk, select the larger disk.
b.
Workbook 1-4
Select Primary partition; then select OK.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Install SLES 9
c.
In the End field of the size settings enter +512M.
d. From the File system drop-down list, select Swap. e. 6.
Add the swap partition by selecting OK.
Create the root partition: a.
Select the same hard disk you used for the swap partition; then select Create.
b.
Select Primary partition; then select OK.
c.
In the End field of the size settings enter +6GB.
d. Make sure that the following options are set:
e. 7.
❑
Reiser should be selected from the File system drop-down list.
❑
/ should be selected from the Mount Point drop-down list.
Add the root partition by selecting OK.
Create a partition for the directory /srv (used in the Apache and Samba server exercises): a.
Select the same hard disk you used for the swap and root partitions; then select Create.
b.
Select Primary partition; then select OK. Leave the size settings as suggested by YaST. The last partition will use the rest of the available hard disk space.
c.
Make sure that the File system drop-down list is set to Reiser.
d. From the Mount Point drop-down list, select /srv. e. 8.
Version 1
Add the /srv partition by selecting OK.
Confirm the partitioning setup and return to the installation proposal by selecting Next.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 1-5
SUSE LINUX Advanced Administration/Self-Study Workbook
Part IV: Add Compiler and Development Tools to the Software Selection
Do the following: 1.
From the installation proposal dialog, scroll to and select Software.
2.
Select Detailed selection.
3.
In the list on the left side of the package selection dialog, select C/C++ Compiler and Tools.
4.
Return to the installation proposal by selecting Accept.
Part V: Start the Installation Process
Do the following: 1.
From the installation proposal, select Accept.
2.
From the confirmation dialog, select Yes, install. YaST asks you to change CDs during the installation process.
3.
Insert each requested CD and select OK.
Part VI: Set the root Password
Do the following: 1.
In the first field, enter novell.
2.
In the second field, enter novell.
3.
Continue by selecting Next. You are warned that the password is too simple.
4.
Continue by selecting Yes. You are warned that you are using only lowercase letters.
Workbook 1-6
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Install SLES 9
5.
Continue by selecting Yes.
Part VII: Set Up the Network
Do the following: 1.
From the Network Configuration proposal, select Network Interfaces.
2.
Do one of the following: ❑
If your network card appears in the Network cards to configure list, select Configure; then select the first detected network card and select Configure. or
❑
If your network card appears in the Already configured devices list, select Change; then select your network card and select Edit.
3.
Select Static address setup.
4.
In the IP Address field, enter 10.0.0.50.
5.
In the Subnet mask field, enter 255.255.255.0.
6.
Configure the host name and name server: a.
Select Host name and name server.
b.
Enter DA50.
c.
Enter a domain name of digitalairlines.com.
d. In the Name Server 1 field, enter the 10.0.0.254 of the name server. e. 7.
Version 1
Return to the Network setup dialog by selecting OK.
Configure routing: a.
Select Routing.
b.
In the Default Gateway field, enter 10.0.0.254.
c.
Return to the Network setup dialog by selecting OK.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 1-7
SUSE LINUX Advanced Administration/Self-Study Workbook
8.
Return to the Network Configuration dialog by selecting Next.
9.
Continue with the installation by selecting Finish; then select Next.
10. From the Test Internet Connection dialog, select No, Skip This
Test; then select Next.
Part VIII: Set Up Services and Users
Do the following: 1.
From the Service Configuration dialog, accept the default settings by selecting Next.
2.
For the authentication method, select LDAP; then select Next.
3.
Accept the defaults in the LDAP Client Configuration dialog by selecting Next.
4.
Add a user: a.
First Name: Geeko
b.
Last Name: Novell
c.
User Login: geeko
d. Password: N0v3ll (a zero; not an uppercase o) e.
Verify password: N0v3ll
f.
Create the user by selecting Next.
Part IX: Configure Hardware Devices
Do the following: 1.
From the Release Notes dialog, select Next.
2.
Adjust the monitor settings: a.
Workbook 1-8
Review the information displayed below the Graphics Cards entry of the Hardware Configuration proposal.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Install SLES 9
b.
Make sure that the monitor model, the resolution, and the refresh rate are appropriate for your hardware.
c.
(Conditional) If the settings are correct, select Next; then skip the following steps for monitor configuration and go to Step 4.
d. If the automatically generated settings are not appropriate, select Graphics Cards. e.
From the left side of the dialog, change the monitor model by expanding Desktop; then select Monitor.
f.
Select Change configuration.
g. From the next dialog, select Properties. h. From the left side, select your vendor; from the right side, select your model. i.
(Conditional) If your model is not in the list, select one of the generic LDC or VESA entries. (You can also enter the frequencies manually on the Frequencies page of the dialog).
j.
Continue by selecting OK.
k. Select Finish. l.
Change the color and resolution settings by selecting Color and Resolution on the left; then select Change configuration.
m. From the next dialog, select Properties. n. From the drop-down list, select your desired color resolution. o. From the Resolutions page, select your desired display resolution (deselect all other resolutions). p. Continue by selecting OK. q. Select Finish.
Version 1
r.
Finish the monitor setup by selecting Finalize.
s.
Test the new settings by selecting Test.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 1-9
SUSE LINUX Advanced Administration/Self-Study Workbook
t.
If the screen does not display properly, press Ctrl+Alt+Backspace, then repeat the above steps to adjust the selected settings.
u.
Adjust Size and Position.
v.
When you are finished, select Save; then select OK.
3.
From the Hardware Configuration dialog, select Next.
4.
Complete the installation process by selecting Finish.
5.
When the GUI login screen appears, log in to the KDE Desktop as geeko with a password of N0v3ll. You are ready to start Exercise 2-1.
Part XI: (Optional) Update Your SLES 9 Server With YOU
As a post-installation procedure, you want to make sure you have updated your installation with the latest patches available from Novell SUSE LINUX. For a production environment, you need to update through a YaST Online Update (YOU) server that you can access by purchasing the SLES 9 product.
x
If you do not have a registered copy of SLES 9, you can obtain a free 30-day serial/registration code for SLES 9 (www.novell.com/linux) to access the update support.
However, if you would like to try updating your SLES 9 server, you can install and update from a YOU (YaST Online Update) server on your SLES 9 server.
x
Workbook 1-10
Because the YOU update package used in this exercise is close to 400 MB (compressed), performing this exercise adds 700 Mbytes to the 2 GB reserved on your hard drive for the SLES 9 server.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Install SLES 9
To configure your SLES 9 server as a local YOU server, do the following: 1.
Insert your 3038 Course CD (the CD automounts).
2.
From a terminal window, and su to root (su -) with a password of novell.
3.
Unzip the tarball you-updates.tgz by entering the following (on one line): tar xzPvf /media/mount_point/exercises/section_1/you_updates.tgz where mount_point is the name of the directory for your cdrom drive (such as cdrom or cdrecorder). The tarball contains over 300 MB of update rpms for SLES 9 and takes 2 or more minutes to unpack.
4.
When the unpacking is complete, start YaST by selecting the YaST icon; then enter a password of novell and select OK.
5.
From the YaST Control Center, select Software > YOU Server Configuration. The YaST Online Update Server Configuration dialog appears. From this dialog you can configure and control the YOU server.
6.
Start the YOU server by selecting Start Server. A message appears indicating that the web server (Apache2) that distributes the updates to the YOU clients via HTTP is not installed.
7.
Install the Apache2 web server now by selecting Continue.
8.
Remove the 3038 Course CD and insert the requested SLES 9 Installation CD; then select OK. YaST begins installing and configuring the HTTP server. When the installation is complete, you are returned to the YaST Online Update Server Configuration dialog.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 1-11
SUSE LINUX Advanced Administration/Self-Study Workbook
The server status indicates that the server is running. 9.
Remove the SLES 9 Installation CD.
10. End the configuration by selecting Close.
After configuring the local YOU server, you are ready to update from the server by doing the following: 1.
From the YaST Control Center, select Software > Online Update.
2.
(Conditional) If you receive a warning message, select Ignore. The Welcome to YaST Online Update dialog appears.
3.
Select New Server. A Select Type of URL dialog appears.
4.
Select HTTP; then select OK. A Server and Directory dialog appears.
5.
Enter the following: ❑
Server Name: localhost
❑
Directory on Server: YOU
6.
When you finish, select OK.
7.
Continue by selecting Next. A dialog appears with all the available patches on from the YOU server.
8.
Update your server with all selected patches by selecting Accept.
9.
(Conditional) If a dialog is displayed for a particular patch, select Install Patch. A Patch Download and Installation dialog appears that keeps you updated on the progress. When the installation is complete, the number of patches that have been installed appears in the Progress Log window.
Workbook 1-12
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Install SLES 9
10. Select Remove Source Packages after Update. 11. Configure the system by selecting Finish.
Because you installed a new kernel, you need to reboot the server. 12. From the terminal window, enter reboot. 13. When the GUI login screen appears, log in as geeko with a
password of N0v3ll. (End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 1-13
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 1-2
Configure the SLES 9 VMware Server If you are using the SLES 9 3038 VMware server, instead of installing SLES 9, do the following: ■
Part I: Configure the SLES 9 Server with YaST
■
Part II: (Optional) Update Your SLES 9 Server With YOU
Part I: Configure the SLES 9 Server with YaST
After you install the SLES 9 3038 VMware server files on your computer and start the server, you still need to configure SLES 9 to to work properly with the exercises in the workbook. Do the following: 1.
Set the language by using YaST: Your SLES 9 server is configured to use US English. To check and change this setting with YaST, do the following: a.
From the KDE desktop, select the YaST icon; then enter a password of novell and select OK. The YaST Control Center appears.
b.
From the YaST Control Center, select System > Choose Language. A Language selection dialog appears.
c.
Select your language; then select Accept. You are returned to the YaST Control Center.
2.
Change the date and time settings by using YaST: Your SLES 9 server is configured to use Pacific Time (US). To check and change this setting with YaST, do the following: a.
Workbook 1-14
From the YaST Control Center, select System > Date and Time.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Install SLES 9
The Clock and Time Zone Configuration dialog appears.
3.
b.
Select your region and your time zone; then from the Hardware clock drop-down list, select UTC.
c.
When you finish, select Accept.
Do the following to configure your CD/DVD drive: a.
From the YaST Control Center, select Hardware > CD-ROM Drives. A CD/DVD device integration dialog appears with the VMware Virtual IDE CDROM Drive listed.
b.
Make sure the virtual drive is selected; then select Add. Notice that a mount point (such as /media/cdrom) is now listed for the virtual drive.
c. 4.
Configure the drive for your SLES 9 system by selecting Finish; then select OK.
Do the following to configure your network card: a.
From the YaST Control Center, select Network Devices > Network Card. A Network cards configuration dialog appears. Notice that the VMware virtual card (such as AMD PCnet Fast 79C971) is already configured.
b.
Below the Already configured devices list, select Change. A Network cards configuration overview list appears.
c.
Make sure the virtual network card is selected, then select Delete.
d. Save the configuration by selecting Finish. You are returned to the YaST Control Center. e.
Select Network Devices > Network Card. This time the virtual network card is listed under Network cards to configure.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 1-15
SUSE LINUX Advanced Administration/Self-Study Workbook
f.
Make sure the virtual network card is selected, then select Configure. A Network address setup dialog appears.
g. Select Static address setup. h. Enter the following: ❑
IP Address: 10.0.0.50.
❑
Subnet mask: 255.255.255.0.
i.
Select Host name and name server.
j.
Enter the following: ❑
Host Name: DA50.
❑
Domain Name: digitalairlines.com.
❑
Name Server 1: 10.0.0.254
❑
Domain Search 1: digitalairlines.com
k. Return to the Network setup dialog by selecting OK. l.
Select Routing.
m. In the Default Gateway field, enter 10.0.0.254. n. Return to the Network setup dialog by selecting OK. o. Return to the Network Configuration dialog by selecting Next. p. Save the configuration by selecting Finish. q. Open a terminal window; then su to root (su -) with a password of novell. r.
Check the network configuration by entering the following commands: ifconfig eth0 ip route show
s.
Close the YaST Control Center and the terminal window. You are ready to start Exercise 2-1.
Workbook 1-16
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Install SLES 9
Part II: (Optional) Update Your SLES 9 Server With YOU
As a post-installation procedure, you want to make sure you have updated your installation with the latest patches available from Novell SUSE LINUX. For a production environment, you need to update through a YaST Online Update (YOU) server that you can access by purchasing the SLES 9 product.
x
If you do not have a registered copy of SLES 9, you can obtain a free 30-day serial/registration code for SLES 9 (www.novell.com/linux) to access the update support.
However, if you would like to try updating your SLES 9 server, you can install and update from a YOU (YaST Online Update) server on your SLES 9 server.
x
Because the YOU update package used in this exercise is close to 400 MB (compressed), performing this exercise adds 700 Mbytes to the 2 GB reserved on your hard drive for the SLES 9 server.
To configure your SLES 9 server as a local YOU server, do the following: 1.
Insert your 3038 Course CD (the CD automounts).
2.
From a terminal window, and su to root (su -) with a password of novell.
3.
Unzip the tarball you-updates.tgz by entering the following (on one line): tar xzPvf /media/mount_point/exercises/section_1/you_updates.tgz where mount_point is the name of the directory for your cdrom drive (such as cdrom or cdrecorder).
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 1-17
SUSE LINUX Advanced Administration/Self-Study Workbook
The tarball contains over 300 MB of update rpms for SLES 9 and takes 2 or more minutes to unpack. 4.
When the unpacking is complete, start YaST by selecting the YaST icon; then enter a password of novell and select OK.
5.
From the YaST Control Center, select Software > YOU Server Configuration. The YaST Online Update Server Configuration dialog appears. From this dialog you can configure and control the YOU server.
6.
Start the YOU server by selecting Start Server. A message appears indicating that the web server (Apache2) that distributes the updates to the YOU clients via HTTP is not installed.
7.
Install the Apache2 web server now by selecting Continue.
8.
Remove the 3038 Course CD and insert the requested SLES 9 Installation CD; then select OK. YaST begins installing and configuring the HTTP server. When the installation is complete, you are returned to the YaST Online Update Server Configuration dialog. The server status indicates that the server is running.
9.
Remove the SLES 9 Installation CD.
10. End the configuration by selecting Close.
After configuring the local YOU server, you are ready to update from the server by doing the following: 1.
From the YaST Control Center, select Software > Online Update.
2.
(Conditional) If you receive a warning message, select Ignore. The Welcome to YaST Online Update dialog appears.
3.
Workbook 1-18
Select New Server.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Install SLES 9
A Select Type of URL dialog appears. 4.
Select HTTP; then select OK. A Server and Directory dialog appears.
5.
Enter the following: ❑
Server Name: localhost
❑
Directory on Server: YOU
6.
When you finish, select OK.
7.
Continue by selecting Next. A dialog appears with all the available patches on from the YOU server.
8.
Update your server with all selected patches by selecting Accept.
9.
(Conditional) If a dialog is displayed for a particular patch, select Install Patch. A Patch Download and Installation dialog appears that keeps you updated on the progress. When the installation is complete, the number of patches that have been installed appears in the Progress Log window.
10. Select Remove Source Packages after Update. 11. Configure the system by selecting Finish.
Because you installed a new kernel, you need to reboot the server. 12. From the terminal window, enter reboot. 13. When the GUI login screen appears, log in as geeko with a
password of N0v3ll. (End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 1-19
SUSE LINUX Advanced Administration/Self-Study Workbook
Workbook 1-20
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure the Network Manually
SECTION 2
Configure the Network Manually
In this section of the workbook, you learn how to do the following: ■
“Configure the Network Connection Manually” on 2-2
Although almost every step of a network configuration is done for you when you use YaST, it´s sometimes useful to configure the network settings manually. For testing and troubleshooting, it can be much faster to change the network setup from the command line.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 2-1
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 2-1
Configure the Network Connection Manually In this exercise, you configure the network connection manually by doing the following: ■
Part I: Note the Current Network Configuration
■
Part II: Delete the Current Network Setup with YaST
■
Part III: Configure the Network Manually
■
Part IV: Save the Network Connection to Interface and Hardware Configuration Files
Part I: Note the Current Network Configuration
Do the following: 1.
Make sure you are logged in to the KDE Desktop as geeko with a password of N0v3ll.
2.
Open a terminal window and su (switch user) to root with a password of novell.
3.
Enter ifconfig eth0.
4.
Find the line starting with inet, and record the IP address, Broadcast address, and subnet mask displayed in that line: ❑
IP address:
❑
Broadcast address:
❑
Subnet mask:
5.
Enter ip route show.
6.
From the beginning of the first line, enter the route IP address: ❑
Workbook 2-2
Route IP address:
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure the Network Manually
7.
Find the line starting with default and record the gateway IP address of the gateway: ❑
Gateway IP address:
8.
Enter ip link show eth0.
9.
Find the line starting with link/ether and record the MAC address of the network card: ❑
MAC address:
10. Change to the /etc/sysconfig/hardware directory by entering the
following: cd /etc/sysconfig/hardware 11. Enter ls -al; then look for one of the following files (depending
on your hardware configuration): ❑
hwcfg-id-PCI_address or
❑
hwcfg-bus-pci-PCI_address
12. Record the name of the file:
13. Display the contents of the file by entering one of the following: ❑
cat hwcfg-id-PCI_address or
❑
cat hwcfg-bus-pci-PCI_address
14. Record the following parameters: ❑
MODULE=
❑
MODULE_OPTIONS=
❑
STARTMODE=
You use these parameters and the hwcfg filename in Part IV to manually create the file.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 2-3
SUSE LINUX Advanced Administration/Self-Study Workbook
Part II: Delete the Current Network Setup with YaST
Do the following: 1.
Start YaST and select Network Devices > Network Card.
2.
In the lower part of the dialog, select Change.
3.
Select the network card; then select Delete.
4.
Select Finish.
5.
From the terminal window (as root), make sure the file routes is removed by entering rm /etc/sysconfig/network/routes.
6.
Verify that the network connection is not working any more by entering ping 10.0.0.50.
Part III: Configure the Network Manually
Do the following: 1.
In the terminal window enter the following command: ip address add your_IP_address/24 brd + dev eth0
2.
To activate the network device, enter ip link set eth0 up.
3.
To set a route to the local network enter the following: ip route add route_IP_address/24 dev eth0
4.
To set the default route enter the following: ip route add default via gateway_IP_address
Part IV: Save the Network Connection to Interface and Hardware Configuration Files
Do the following: 1.
Workbook 2-4
From the terminal window, change to the directory /etc/sysconfig/network.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure the Network Manually
2.
Make a copy of the network configuration template by entering the following: cp ifcfg.template ifcfg-eth-id-MAC_address
3.
Open the copied file (ifcfg-eth-id-MAC_address) with the vi editor.
4.
Find the following options and enter the indicated values: ❑
STARTMODE='onboot'
❑
BOOTPROTO='static'
❑
IPADDR='your_IP_address/24'
❑
NETMASK=’your_subnet_mask’
❑
BROADCAST=’your_broadcast_address’
5.
Save the file and exit vi (:wq).
6.
Change to the directory /etc/sysconfig/hardware.
7.
Create one of the following files with vi: ❑
hwcfg-id-PCI_address or
❑
hwcfg-bus-pci-PCI_address
8.
Enter the parameters you recorded in the last step of Part I of this exercise.
9.
When you finish, save the file and exit the editor.
10. Change to the directory /etc/sysconfig/network. 11. Create a new file with vi called routes. 12. Add the following line to the file:
default default_gateway_IP_address - 13. Save the file and exit vi. 14. Reboot your system (init 6) and log in as geeko with a password
of N0v3ll.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 2-5
SUSE LINUX Advanced Administration/Self-Study Workbook
15. From a terminal window (as root), verify that the network
configuration is loaded correctly by entering the following commands: ifconfig eth0 ip route show 16. Close the terminal window. (End of Exercise)
Workbook 2-6
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure Network Services
SECTION 3
Configure Network Services
In this section of the workbook, you learn how to do the following: ■
“Configure a DNS server” on 3-2
■
“Use the SLES 9 OpenLDAP server” on 3-7
■
“Configure an Apache Web Server” on 3-12
■
“Configure a File Server With Samba.” on 3-21
In this section you learn how to install and configure four of the most popular Linux network services at the command line: ■
BIND
■
OpenLDAP
■
Apache
■
Samba
Because configuring the services can be very complex, this section covers only the basic functionality of the services. The configuration is covered at the command-line level to show you a more direct way to manipulate the behavior of the services.
x
The implementation of these services that you practice in the exercises prepares you deploy them in an internal network. However, you should make the services accessible from the Internet only if you know how to secure your network from external security threats by using technologies such as a firewall.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 3-1
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 3-1
Configure a DNS server In this exercise, you configure a DNS master server by doing the following: ■
Part I: Install BIND
■
Part II: Configure a DNS Master Server
This exercise is designed to work with network card settings such as the following: ■
IP Address: 10.0.0.50
■
Subnet mask: 255.255.255.0
■
Host name: DA50
■
Domain name: digitalairlines.com
Before starting this exercise, you can verify that these are your current settings by using the YaST Network Card module. If one or more of these settings is incorrect, change them before continuing with the Network Card module.
x
This exercise requires extensive typing to create your DNS files. To save you some time, the files digitalairlines.com.zone and 10.0.0.zone are included on your 3038 Course CD in the directory /exercises/section_3.
Part I: Install BIND
Do the following on both SLES 9 servers:
Workbook 3-2
1.
From the KDE menu, select System > YaST.
2.
Enter the root password and select OK.
3.
From the YaST Control Center, select Software > Install and Remove Software.
4.
From the filter drop-down menu, select Search.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure Network Services
5.
In the Search field, enter bind; then select Search.
6.
On the right, select the bind package.
7.
Select Accept; then insert the requested SLES 9 CD.
8.
When installation is complete, remove the CD and close the YaST Control Center.
Part II: Configure a DNS Master Server
Do the following: 1.
Open a terminal window and su to root.
2.
Open the file /etc/named.conf in a text editor.
3.
Scroll down and add the following 2 zone statements after the existing zone statements: zone “digitalairlines.com” in { type master; file “master/digitalairlines.com.zone”; }; zone “0.0.10.in-addr.arpa” in { type master; file “master/10.0.0.zone”; };
Version 1
4.
Save and close the file.
5.
Create a new file digitalairlines.com.zone in the directory /var/lib/named/master/.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 3-3
SUSE LINUX Advanced Administration/Self-Study Workbook
6.
Enter the following zone configuration in the file: $TTL 172800 digitalairlines.com. IN SOA your_FQHN. root.digitalairlines.com. ( serial_number 1D 2H 1W 3H ) digitalairlines.com. IN NS your_FQHN. da10 da11 da12
IN A 10.0.0.10 IN A 10.0.0.11 IN A 10.0.0.12
The SOA record (including root.digitalairlines.com.) must be on a single line. Replace your_FQHN in the SOA and NS records with da50.digitalairlines.com. Use the current date and “01” as the serial number (such as 2005071501). Make sure you include all periods where indicated.
Workbook 3-4
7.
Save and close the file.
8.
Create a new file 10.0.0.zone in the directory /var/lib/named/master/.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure Network Services
9.
Enter the following zone configuration in the file: $TTL 172800 0.0.10.in-addr.arpa. IN SOA your_FQHN. root.digitalairlines.com. ( serial_number 1D 2H 1W 3H ) IN NS your_FQHN. 10 11 12
IN PTR da10.digitalairlines.com. IN PTR da11.digitalairlines.com. IN PTR da12.digitalairlines.com.
The SOA record (including root.digitalairlines.com.) must be on a single line. Replace your_FQHN in the SOA and NS records with da50.digitalairlines.com. Use the current date and “01” as the serial number (such as 2005071501). Make sure you include all periods where indicated. 10. Save and close the file. 11. Open a second terminal window and su to root. 12. Enter the following command:
tail -f /var/log/messages 13. Switch to the first terminal window and start bind with the
following command: rcnamed start
x
Version 1
If there are errors in the file /etc/named, they are noted in the output (with specific references and line numbers). The named daemon will not start until these errors are fixed.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 3-5
SUSE LINUX Advanced Administration/Self-Study Workbook
14. From the second terminal window, watch the log output of bind
for any messages such as Unknown RR type or file not found. 15. If any errors occur, try to fix them and restart bind.
x
One solution is to edit the digitalairlines.com.zone file by replacing “digitalairlines.com. IN SOA...” with “@ IN SOA...” and to edit the 10.0.0.zone file by replacing “0.0.10.in-addr.arpa. IN SOA...” with “@ IN SOA...”. 16. From the first terminal window, start bind automatically when
the system is booted by entering the following: insserv named 17. Open the file /etc/resolv.conf in a text editor. 18. Delete all existing nameserver entries. 19. Add the following entry:
nameserver 10.0.0.50 20. Save and close the file. 21. Verify that your DNS master server works by entering the
following command: host da10.digitalairlines.com 22. Close the terminal windows.
x
For additional information and steps on setting up a DNS slave server, see Exercise 3-1 in your SUSE LINUX Advanced Administration manual.
(End of Exercise)
Workbook 3-6
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure Network Services
Exercise 3-2
Use the SLES 9 OpenLDAP server In this exercise, you use the OpenLDAP server by doing the following: ■
Part I: Install GQ
■
Part II: Search the SLES 9 OpenLDAP Server
■
Part III: Browse the SLES 9 OpenLDAP Server
■
Part IV: Use an LDIF File to Add a User
Part I: Install GQ
Do the following: 1.
From the KDE menu, select System > YaST.
2.
Enter the root password and select OK.
3.
From the YaST Control Center, select Software > Install and Remove Software.
4.
From the filter drop down menu, select Search.
5.
In the Search field, enter gq; then select Search.
6.
On the right, select the gq package.
7.
Install the GQ application by selecting Accept.
8.
Insert the requested SLES 9 CD.
9.
When the installation is complete, close the YaST Control Center and remove the CD.
Part II: Search the SLES 9 OpenLDAP Server
Do the following: 1.
Version 1
From the KDE menu, select System > GQ LDAP Client.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 3-7
SUSE LINUX Advanced Administration/Self-Study Workbook
2.
Make sure that the Search tab is selected.
3.
In the left search field, enter uid=geeko.
4.
In the right search field, enter dc=digitalairlines,dc=com.
5.
Select Find. A result line appears.
6.
Double-click the result line. The LDAP entry for the user geeko is displayed.
7.
Scroll down and verify that you cannot see the userPassword entry for geeko.
8.
Select Close.
9.
From the menu bar, select File > Preferences.
10. From the configuration dialog, select the Servers tab. 11. Select the entry localhost; then select Edit. 12. From the server dialog, select Details. 13. In the Bind DN field enter the following:
cn=Administrator,dc=digitalairlines,dc=com 14. Close the server dialog by selecting OK. 15. Close the configuration dialog by selecting OK. 16. Make sure that the search fields still contain the previously
entered query. 17. Select Find. 18. When prompted for a password, enter novell; then select OK. 19. Double-click the result line. 20. Make sure that you can see the userPassword entry for geeko.
Notice that access to the password is not granted to anonymous users, but to the authenticated administrator.
Workbook 3-8
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure Network Services
21. When you finish, select Close.
Part III: Browse the SLES 9 OpenLDAP Server
Do the following: 1.
From the GQ application, select Browse.
2.
On the left, expand localhost.
3.
Expand dc=digitalairlines,dc=com.
4.
Expand people. All users of the system are displayed. At the moment, this only includes geeko.
5.
Select geeko. The user information for geeko appears on the right.
6.
Version 1
Close the GQ window.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 3-9
SUSE LINUX Advanced Administration/Self-Study Workbook
Part IV: Use an LDIF File to Add a User
Do the following: 1.
With a text editor, create a file named tux.ldif in the directory /tmp with the following content. dn:uid=tux,ou=people,dc=digitalairlines,dc=com objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson cn: Tux Penguin gidNumber: 100 givenName: Tux homeDirectory: /home/tux loginShell: /bin/bash shadowInactive: -1 shadowLastChange: 12609 shadowMax: 99999 shadowMin: 0 shadowWarning: 7 sn: Penguin uid: tux userPassword: {crypt}GpyJ3/OQgLxZE uidNumber: 1010
x
You can also copy the LDIF file tux.ldif from the directory /exercises/section_3 from your 3038 Course CD to the directory /tmp. 2.
Save the file and close the text editor.
3.
From a terminal window (as root), add the user tux by entering the following (all on one line): ldapadd -x -D “cn=Administrator,dc=digitalairlines,dc=com” -W -f /tmp/tux.ldif
Workbook 3-10
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure Network Services
4.
x
When prompted for a password, enter novell. If you are unsuccessful at authenticating as Administrator, try closing the terminal window and opening a new terminal window. Repeat steps 3 and 4. You do not have to be root to enter the ldapadd command; however, you need to be root for the commands that follow.
5.
Create the home directory for the user tux by entering the following: cp -a /etc/skel/ /home/tux
6.
Adjust the file system permissions by entering the following commands: chown -R tux:users /home/tux/
7.
Log out as root by entering exit.
8.
Switch to the user tux by entering the following: su - tux
9.
Log in to the tux user account by entering a password of Novell.
10. Log out as tux by pressing Ctrl+D. 11. Close the terminal window. (End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 3-11
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 3-3
Configure an Apache Web Server In this exercise, you configure an Apache web server by doing the following:
x
■
Part I: Install Apache
■
Part II: Test the Installation
■
Part III: Configure a Virtual Host for the Accounting Department
■
Part IV: Configure User Authentication
■
Part V: Configure SSL
The file accounting.conf you create in this exercise can be difficult to modify properly. To help you understand what needs to be changed and where parameters are placed, the file is available on your 3038 Course CD in the directory /exercises/section_3.
Part I: Install Apache
Do the following:
Workbook 3-12
1.
From the KDE start menu, select System > YaST; then enter a password of novell and select OK.
2.
From the YaST Control Center, select Software > Install and Remove Software.
3.
From the filter drop-down menu, select Search.
4.
In the Search field, enter apache; then select Search.
5.
On the right side, select the following packages. ❑
apache2
❑
apache2-example-pages
❑
apache2-prefork
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure Network Services
x
If you installed a YOU server in one of the exercises in Section 1, the apache2 and apache2-prefork packages are already installed. All you need to do is select the apache2-examples-pages package. 6.
Select Accept.
7.
(Conditional) If YaST displays package dependencies, confirm by selecting Continue.
8.
When prompted, insert the requested SLES 9 CDs in the drive.
9.
When installation is complete, close the YaST Control Center and remove the CD.
10. Open a terminal window and su to root. 11. To start Apache at boot time, enter the following:
insserv apache2 12. To start the Apache daemon, enter the following:
rcapache2 start
Part II: Test the Installation
Do the following: 1.
From the KDE menu, select Internet > Web Browser.
2.
In the address bar of the web browser, enter the following: http://localhost If the Apache example page appears, the web server has been installed and started correctly.
3.
Version 1
(Conditional) If you are having problems displaying the page, you need to rename the file /srv/www/htdocs/index.html.en to /srv/www/htdocs/index.html.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 3-13
SUSE LINUX Advanced Administration/Self-Study Workbook
Part III: Configure a Virtual Host for the Accounting Department
Do the following: 1.
From the terminal window (as root), create a directory for the virtual host by entering the following: mkdir /srv/www/accounting
2.
Adjust the file system permissions by entering the following: chown wwwrun /srv/www/accounting/
3.
In the new directory, create a file index.html with the following content: Accounting Intranet Server Accounting Intranet Under construction.
x
This file is also available on your 3038 Course CD in the directory /exercises/section_3.
4.
Adjust the file system permissions of the file by entering the following: chown wwwrun index.html
5.
Change to the directory /etc/apache2/vhosts.d/ by entering the following: cd /etc/apache2/vhosts.d/
Workbook 3-14
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure Network Services
6.
Copy the virtual host template file by entering the following: cp vhost.template accounting.conf
7.
Open the file accounting.conf in a text editor and make the following changes: ServerName accounting.da.com DocumentRoot /srv/www/accounting ErrorLog /var/log/apache2/accounting.da.com-error_log CustomLog /var/log/apache2/accounting.da.com-access_log combined UseCanonicalName On ScriptAlias /cgi-bin/ “/srv/www/cgi-bin” AllowOverride None Options +ExecCGI -Includes Order allow,deny Allow from all AllowOverride None Options Indexes FollowSymLinks Order allow,deny Allow from all
8.
For testing purposes, append “accounting.da.com” to the line “127.0.0.1” in the file /etc/hosts: 127.0.0.1
9.
localhost accounting.da.com
Test the syntax of your configuration file by entering the following: apache2ctl configtest
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 3-15
SUSE LINUX Advanced Administration/Self-Study Workbook
10. Reload Apache by entering the following:
rcapache2 reload 11. From the Konqueror browser, access the virtual host by entering
the following: http://accounting.da.com The accounting intranet page is displayed. 12. Close the Konqueror browser.
Part IV: Configure User Authentication
Do the following: 1.
From the terminal window (as root), create the file htpasswd and add the user geeko to it by entering the following: htpasswd2 -c /etc/apache2/htpasswd geeko
2.
When prompted for a password, enter novell (twice).
3.
Open the virtual host configuration file /etc/apache2/vhosts.d/accounting.conf in a text editor.
4.
Find the following directory directive:
5.
Within this directory block, add the following lines: AuthType Basic AuthName “Accounting Intranet” AuthUserFile /etc/apache2/htpasswd Require user geeko
6.
Check the syntax of the configuration file by entering the following command: apache2ctl configtest
Workbook 3-16
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure Network Services
7.
Reload the Apache server by entering the following: rcapache2 reload
8.
Open the Konqueror browser; then enter the following: http://accounting.da.com A password dialog appears.
9.
Enter a user name of geeko and a password of novell.
10. Access the protected web site by selecting OK.
Part V: Configure SSL
Do the following: 1.
From the terminal window (as root), create the file random by entering the following: cat /dev/random > /tmp/random
2.
Press some keys on the keyboard to generate random events which help to create the file.
3.
Stop the process after about 15 seconds by pressing Ctrl+C.
4.
Generate a server key by entering the following (on one line): openssl genrsa -des3 -out /tmp/accounting.key -rand /tmp/random 1024
5.
When prompted for a pass phrase, enter novell (twice).
6.
Sign the key by entering the following (on one line): openssl req -new -x509 -key /tmp/accounting.key -out /tmp/accounting.crt
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 3-17
SUSE LINUX Advanced Administration/Self-Study Workbook
7.
Table 3-1
8.
When prompted for a pass phrase, enter novell; then enter the following information: Option
Value
Country Name
US
State or Province Name
Utah
Locality Name
Provo
Organization Name
Digital Airlines
Organizational Unit Name
Accounting
Common Name
accounting.da.com
Email Address
[email protected]
Copy the files by entering the following commands: cp /tmp/accounting.key /etc/apache2/ssl.key/ cp /tmp/accounting.crt /etc/apache2/ssl.crt/
9.
Delete the temporary files by entering the following: rm /tmp/accounting*
10. Adjust the file system permissions by entering the following
commands: chmod 400 /etc/apache2/ssl.key/accounting.key chmod 400 /etc/apache2/ssl.crt/accounting.crt 11. Open the file /etc/apache2/vhosts.d/accounting.conf in a text
editor, and change the following lines: to and
Workbook 3-18
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure Network Services
ServerName accounting.da.com to ServerName accounting.da.com:443 12. Add the following lines after the ServerName directive:
SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+ LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/accounting.crt SSLCertificateKeyFile /etc/apache2/ssl.key/accounting.key The lines starting with SSLCipherSuite, ALL:, and LOW: should be on one line.
x
These lines are available in the file servername in the directory /exercises/section_3 on your 3038 Course CD. 13. Save and close the file. 14. Open the file /etc/sysconfig/apache2 in a text editor, and change
the following lines: APACHE_SERVER_FLAGS=”SSL” APACHE_START_TIMEOUT=”10” 15. Save and close the file. 16. From the terminal window, check the syntax of the configuration
file by entering the following: apache2ctl configtest 17. Restart Apache by entering the following:
rcapache2 restart 18. When prompted for the pass phrase, enter novell.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 3-19
SUSE LINUX Advanced Administration/Self-Study Workbook
19. As the pass phrase has to be entered every time the server starts,
you can prevent the server from being started automatically at boot by entering the following: insserv -r apache2 20. From the Konqueror browser, enter the following:
https://accounting.da.com/ As the certificate used in this exercises is self-signed, the browser displays a warning. 21. In the warning dialogs, select Continue and Forever to view the
web site. 22. In the login dialog, enter a username of geeko with a password of
novell. 23. After the page displays, close the Konqueror browser and all
other open windows. (End of Exercise)
Workbook 3-20
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure Network Services
Exercise 3-4
Configure a File Server With Samba. In this exercise, you configure a file server with Samba by doing the following: ■
Part I: Install Samba
■
Part II: Configure a Share for the User Geeko
■
Part III: Access the Share of the User Geeko With smbclient
■
Part IV: Mount Geeko's Share
Part I: Install Samba
Do the following: 1.
From the KDE start menu, select System > YaST.
2.
When prompted for the root password, enter novell; then select OK.
3.
From the YaST Control Center, select Software > Install and Remove Software.
4.
From the filter drop-down menu, select Search.
5.
In the search field, enter samba; then select Search.
6.
On the right, select the following packages:
7.
❑
samba
❑
samba-client (if not already selected)
Install the selected packages by selecting Accept.
Part II: Configure a Share for the User Geeko
Do the following:
Version 1
1.
From a terminal window, su to root.
2.
Change to the directory /etc/samba.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 3-21
SUSE LINUX Advanced Administration/Self-Study Workbook
3.
Save the default Samba configuration file by entering the following: mv smb.conf smb.save
4.
Create the file smb.conf with a text editor.
5.
Add the following lines to the configuration file: [global] workgroup = Accounting netbios name = Fileserver_DA50 security = user [geeko-dir] comment = Geeko Directory path = /srv/samba/geeko valid users = geeko read only = no
x
This file is available on your 3038 Course CD in the directory /exercises/section_3. You will need to change “Fileserver_your_hostname” to “Fileserver_DA50” before using the file. 6.
Save and close the file.
7.
Create the directory to export by entering the following commands: mkdir /srv/samba/ mkdir /srv/samba/geeko
8.
Create a test file in the directory by entering the following: touch /srv/samba/geeko/my_file
9.
Adjust the directory permissions by entering the following commands: chown geeko /srv/samba/geeko chown geeko /srv/samba/geeko/my_file
Workbook 3-22
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Configure Network Services
10. Add geeko to the file smbpasswd file by entering the following:
smbpasswd -a geeko 11. When prompted for a password, enter novell (twice). 12. Check the syntax of the configuration file by entering the
following: testparm 13. Start the Samba servers by entering the following commands:
rcsmb start rcnmb start
Part III: Access the Share of the User Geeko With smbclient
Do the following: 1.
Open a terminal window as a normal user.
2.
Access Geeko's share by entering the following: smbclient -U geeko //localhost/geeko-dir
3.
When prompted for a password, enter novell.
4.
Display all available commands of smbclient by entering the following: help
5.
List the content of the share by entering the following: ls
6.
Copy the file my_file to the current directory by entering the following: get my_file
Version 1
7.
Exit smbclient by pressing Ctrl+D.
8.
Verify that the file my_file has been copied to the current directory by entering ls.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 3-23
SUSE LINUX Advanced Administration/Self-Study Workbook
Part IV: Mount Geeko's Share
Do the following: 1.
From the terminal window, su to root.
2.
Mount geeko's share in the directory /mnt by entering the following: mount -t smbfs -o username=geeko,password=novell //localhost/geeko-dir /mnt
3.
Display the content of the mounted share by entering the following: ls /mnt/ You should see the file my_file.
4.
Umount the share by entering the following: umount /mnt
5.
Close all open terminal windows.
(End of Exercise)
Workbook 3-24
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Secure a SLES 9 Server
SECTION 4
Secure a SLES 9 Server
In this section of the workbook, you learn how to do the following: ■
“Change the PAM Configuration to Disable the Graphical Root Login” on 4-2
■
“Use ACLs” on 4-4
■
“(Optional) Subscribe to the SUSE Security Announcements” on 4-8
Given the number of press reports about attacks on computers, it is not surprising that computer security is being taken more seriously. Despite the increased interest in security not all administrators and decision makers understand what security IT means and why this is important to them. Without the appropriate knowledge you cannot recognize and understand security-critical issues in complex IT infrastructures. This section covers details about local security. Local security covers every threat that can be caused by users of the local system. This section does not cover topics that belong to the area of network security. Topics such as firewalls and packet filtering are beyond the scope of this course.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 4-1
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 4-1
Change the PAM Configuration to Disable the Graphical Root Login In this exercise, you change the PAM configuration by doing the following: 1.
Log out of the KDE desktop environment.
2.
When the KDM login screen appears, log in with the following: ❑
Username: root
❑
Password: novell
Notice that you can log in as root without a root entry in the login screen. 3.
Log out again from the KDE desktop environment.
4.
Log in as geeko with a password of N0v3ll.
5.
Open a terminal window and su to root.
6.
Open the file /etc/pam.d/xdm in a text editor.
7.
Add the following as the second line of the file: auth
required
pam_securetty.so
8.
Save and close the file.
9.
Log out and try to log in as root user at the KDM login screen again. The root login is denied.
10. Log in as geeko again.
x
If you cannot log in as geeko, restart the X server by pressing Ctrl+Alt+Backspace and try again. You might also need to reboot your server. 11. Open a terminal window and su to root.
Workbook 4-2
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Secure a SLES 9 Server
12. Open the file /etc/pam.d/xdm in a text editor and remove or
comment out the following line (the line you added): auth
required
pam_securetty.so
13. Save and close the file. 14. Log out and try to log in as root at the KDM login screen again.
You can now log in as root.
x
If you cannot log in as root, restart the X-server using Ctrl+Alt+Backspace and try again. 15. Log out of the KDE desktop environment and log back in as
geeko. (End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 4-3
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 4-2
Use ACLs In this exercise, you practice using ACLs by doing the following: ■
Part I: Configure the ACL of a Directory
■
Part II: Configure a Default ACL for a Directory
■
Part III: Delete an ACL
Part I: Configure the ACL of a Directory
Do the following: 1.
Open a terminal window and su to root.
2.
Change to the directory /tmp by entering the following: cd /tmp
3.
Create a test directory by entering the following: mkdir acl_test
4.
Limit the file system permissions for the directory by entering the following: chmod 700 acl_test
5.
Open a second terminal window as the user geeko.
6.
Try changing to the test directory by entering the following: cd /tmp/acl_test/ The command fails because geeko (who is not the owner of the directory) has no permission to read the directory.
7.
Switch to the root terminal.
8.
Display the minimum ACL of the directory by entering the following: getfacl acl_test
Workbook 4-4
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Secure a SLES 9 Server
9.
Add an extended ACL by entering the following: setfacl -m u:geeko:rwx acl_test/
10. Switch to the geeko terminal and try to access the directory again
by entering the following: cd /tmp/acl_test Because of the extended ACL, you can view the directory. 11. Switch to the root terminal and display the extended ACL of the
directory by entering the following: getfacl /tmp/acl_test/
Part II: Configure a Default ACL for a Directory
Do the following: 1.
From the root terminal window, change to the directory acl_test by entering the following: cd /tmp/acl_test
2.
Create a file by entering the following: touch without_default_acl
3.
Display the ACL of the new file by entering the following: getfacl without_default_acl As there is no default ACL for the parent directory, the new file does not have an extended ACL either.
4.
Set a default ACL for the directory acl_test by entering the following: setfacl -d -m u:geeko:rw /tmp/acl_test/
5.
Create another test file by entering the following: touch with_default_acl
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 4-5
SUSE LINUX Advanced Administration/Self-Study Workbook
6.
Display the ACL of the new file by entering the following: getfacl with_default_acl As this file was created after the default ACL of the parent directory was set, the new file inherited the ACL.
Part III: Delete an ACL
Do the following: 1.
From the root terminal window, remove the ACL by entering the following: setfacl -x u:geeko with_default_acl
2.
Display the ACL again by entering the following: getfacl with_default_acl As you can see, the ACL for the user geeko has been removed. If there were ACLs for other users, they would remain unaffected.
3.
View the file attributes of with_default_acl by entering the following: ls -l with_default_acl There are still extended attributes (such as the mask “+”) in the output.
4.
Remove all ACLs by entering the following: setfacl -b with_default_acl
5.
Display the ACL again by entering the following commands: getfacl with_default_acl ls -l with_default_acl Notice that the ACL has been removed.
Workbook 4-6
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Secure a SLES 9 Server
6.
Close all terminal windows.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 4-7
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 4-3
(Optional) Subscribe to the SUSE Security Announcements In this exercise, you subscribe to the SUSE security mailing list. This means that Novell/SUSE will inform you by email about current security issues of SUSE Linux Products. If you don't want to receive these messages, skip this exercise.
x
Because your SLES 9 server does not have Internet access, you will need to perform this exercise from a computer with Internet access.
Do the following: 1.
In the address bar of a web browser, enter the following: http://www.suse.com/us/business/mailinglists.html
2.
Scroll down to the entry suse-security-announce; then select the check box for that entry.
3.
Scroll down to the bottom of that page and in the email address field enter your email address.
4.
Subscribe to the list by selecting OK.
5.
Close the web browser window.
(End of Exercise)
Workbook 4-8
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Manage Backup and Recovery
SECTION 5
Manage Backup and Recovery
In this section of the workbook, you learn how to do the following: ■
“Create Backup Files With tar” on 5-2
■
“Create Drive Images With dd” on 5-5
■
“Create a Backup of a Home Directory With rsync” on 5-7
■
“Configure a cron Job for Data Backups” on 5-9
■
“Boot to a Shell and Configure the GRUB Boot Loader” on 5-10
Even the best security measures cannot guarantee that data will never be lost. There is always the possibility that ■
A hard disk failure will fail, destroying data on the affected disk.
■
Users will delete files by accident.
■
A virus will delete important files on a desktop computer.
■
A notebook will be lost or destroyed.
■
An attacker will delete data on a server.
■
Natural influences like thunderstorms will destroy storage systems.
It is very important to ensure that you have a reliable backup of important data. In this section you learn how to use the standard UNIX backup tools tar, rsync, and dd, and how to configure the GRUB boot loader.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 5-1
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 5-1
Create Backup Files With tar In this exercise, you use tar to do the following:
x
■
Part I: Create a Full Backup
■
Part II: Create an Incremental Backup
In this exercise, you copy backup files to the directory /tmp. This is only done to demonstrate using backup methods. You should never make an actual backup to the directory /tmp.
Part I: Create a Full Backup
Do the following: 1.
Open a terminal window and su to root.
2.
Change to the directory /srv/www by entering the following: cd /srv/www/
3.
Create a tar archive of the directory htdocs by entering the following: tar czf /tmp/htdocs.tar.gz htdocs
4.
Delete the directory htdocs by entering the following: rm -r htdocs
5.
Copy the backup archive to the directory /srv/www by entering the following: cp /tmp/htdocs.tar.gz /srv/www
6.
Restore the directory htdocs by entering the following: tar xzf htdocs.tar.gz
7.
Workbook 5-2
View the content of the restored directory by entering ls htdocs.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Manage Backup and Recovery
Part II: Create an Incremental Backup
Do the following: 1.
From the root terminal window, change to the directory /srv/www by entering the following: cd /srv/www
2.
Create a full backup by entering the following command: tar czv -g /tmp/snapshot_file -f /tmp/htdocs_full.tar.gz htdocs
3.
Create a new file in the directory htdocs by entering the following: touch htdocs/incremental.html
4.
Perform an incremental backup by entering the following command: tar czv -g /tmp/snapshot_file -f /tmp/htdocs_incremental.tar.gz htdocs Note that tar backs up the file incrementally.
5.
View the content of the incremented backup file by entering the following: tar -tzf /tmp/htdocs_incremental.tar.gz
6.
Remove the directory htdocs by entering the following: rm -r htdocs
7.
Start restoring the directory by unpacking the backup by entering the following: tar xzf /tmp/htdocs_full.tar.gz
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 5-3
SUSE LINUX Advanced Administration/Self-Study Workbook
8.
Unpack the incremental backup by entering the following command: tar xzf /tmp/htdocs_incremental.tar.gz
(End of Exercise)
Workbook 5-4
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Manage Backup and Recovery
Exercise 5-2
Create Drive Images With dd In this exercise, you use dd to create a drive image by doing the following: 1.
From a root terminal window, display the content of the file /etc/fstab by entering the following: cat /etc/fstab
2.
Find an entry such as /media/dvd, /media/cdrom, or /media/cdrecorder and note the corresponding device name (listed in the first column of the output).
3.
Insert the 3038 Course CD in the CD or DVD drive.
4.
Copy an image of the CD to the hard disk by entering the following command: dd if=/dev/device_name of=/tmp/course_cd.iso Because of the size of the 3038 Course CD, copying can take over 3 minutes.
5.
When the copy process is complete, mount the image file by entering the following command: mount -o loop /tmp/course_cd.iso /mnt/
6.
Change to the directory /mnt/ by entering cd /mnt.
7.
Display the content of the image file by entering ls.
8.
Change to the directory /media/device_name and enter ls. Note that the content of the image file is identical to the original media.
9.
Change to your home directory and unmount the image file by entering the following commands: cd umount /mnt
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 5-5
SUSE LINUX Advanced Administration/Self-Study Workbook
10. Delete the image file by entering the following:
rm /tmp/course_cd.iso (End of Exercise)
Workbook 5-6
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Manage Backup and Recovery
Exercise 5-3
Create a Backup of a Home Directory With rsync In this exercise, you do the following: ■
Part I: Perform a Local Backup With rsync
■
Part II: Perform a Remote Backup with rsync
Part I: Perform a Local Backup With rsync
Do the following: 1.
Open a terminal window and su to root.
2.
Create a test backup directory by entering the following: mkdir /tmp/rsync_test
3.
Copy geeko's home directory to the backup directory by entering the following: rsync -av /home/geeko /tmp/rsync_test
4.
Open another terminal window as user geeko.
5.
Create a new file by entering the following: touch new_file
6.
Switch to the root terminal window and enter the same rsync command again: rsync -av /home/geeko /tmp/rsync_test Notice that rsync transfers only the new file and the corresponding directory.
Part II: Perform a Remote Backup with rsync
This part of the exercise is designed to demonstrate performing a remote backup with rsync.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 5-7
SUSE LINUX Advanced Administration/Self-Study Workbook
However, because you only have one SLES 9 server available, you will be remotely synching to your own server using your IP address. Do the following: 1.
From the root terminal window, perform a remote backup of your geeko home directory by entering the following command: rsync -ave ssh
[email protected]:/home/geeko /tmp/rsync_test
2.
When a connection message appears, continue by entering yes; then enter a password of novell.
3.
Create a new file in the geeko home directory by entering the following: touch new_file2
4.
Enter the rsync command again: rsync -ave ssh
[email protected]:/home/geeko /tmp/rsync_test Notice that only the new file is copied by rsync.
5.
Clean up the backup directory by entering the following: rm -r /tmp/rsync_test/*
6.
Close all terminal windows.
(End of Exercise)
Workbook 5-8
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Manage Backup and Recovery
Exercise 5-4
Configure a cron Job for Data Backups In this exercise, you use cron for data backup by doing the following: 1.
Open a terminal window and su to root.
2.
Change to the directory /usr/local/bin/ by entering the following: cd /usr/local/bin
3.
Create the file home_backup.sh in the directory and enter the following commands in the file: #!/bin/bash rsync -av /home/geeko /tmp/rsync_test
4.
Save the file and close the editor.
5.
Make the file executable by entering the following: chmod 744 home_backup.sh
6.
Open the file /etc/crontab in the crontab editor by entering crontab -e.
7.
Add the following at the end of the file: 30 15 * * * root /usr/local/bin/home_backup.sh
8.
Check after 3:30 pm (or tomorrow) to see if the backup has been completed by entering the following: ls /tmp/rsync_test
9.
(Optional) Try changing the time of the backup job.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 5-9
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 5-5
Boot to a Shell and Configure the GRUB Boot Loader Your SLES 9 system is corrupted and no longer booting. To access the file system and configure the GRUB boot loader with an option to boot to runlevel 3, you do the following:
x
■
Part I: Boot the Rescue System (Installed SLES 9 Servers Only)
■
Part II: Boot the Rescue System (SLES 9 VMware Servers Only)
■
Part III: Edit and Test the GRUB Configuration File
This exercise demonstrates booting from the Rescue System and editing the GRUB configuration file for learning purposes, and does not necessarily reflect what you might do in an emergency situation. For example, you can boot the Rescue System and enter a 3 in the boot options field to boot into runlevel 3 without editing the GRUB configuration file.
Part I: Boot the Rescue System (Installed SLES 9 Servers Only)
If you are running SLES 9 from a server you installed using the steps in Exercise 1-1, do the following:
x
Workbook 5-10
1.
Open a terminal window and su to root.
2.
Enter mount; then look for a file system which is mounted on root (/) and note the corresponding device name.
3.
Insert SLES 9 CD 1 in the CD-ROM drive; then reboot the system. Make sure that your system boots from the CD-ROM drive. If not, you might need to adjust the BIOS settings.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Manage Backup and Recovery
4.
At the boot screen, highlight Rescue System; then press Enter.
5.
From the language selection dialog, highlight your language; then press Enter.
6.
When the rescue system starts, log in by entering root.
Part II: Boot the Rescue System (SLES 9 VMware Servers Only)
If you are running SLES 9 from a VMware server, do the following: 1.
Open a terminal window and su to root.
2.
Enter mount; then look for a file system which is mounted on root (/) and note the corresponding device name.
3.
Insert SLES 9 CD 1 in the CD-ROM drive.
x
If you are using SLES 9 (or another Linux distribution) as a host machine for VMware Workstation, make sure SLES 9 CD 1 is mounted on the host machine before continuing. 4.
Reboot the system.
5.
At the VMware boot screen, click the screen (to select it) and press Esc (to display the Boot Menu). Notice that CD-ROM Drive is listed below Hard Drive in order of priority. You need to move CD-ROM Drive above Hard Drive to boot from SLES 9 CD 1.
6.
From the Boot Menu, highlight and select . The Setup Utility dialog appears.
Version 1
7.
Press the right arrow key until you select the Boot tab; then press the down arrow key until you select CD-ROM Drive.
8.
Move CD-ROM Drive above Hard Drive by typing a +.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 5-11
SUSE LINUX Advanced Administration/Self-Study Workbook
9.
Save the change and reboot the VMware server by pressing F10; then select Yes. The VMware server reboots from the CD-ROM drive, and the SLES 9 Installation boot screen appears.
10. At the SLES 9 Installation boot screen, highlight Rescue
System; then press Enter.
x
If the SLES 9 Installation boot screen does not appear (with a Rescue System option), you will not be able to complete the rest of this exercise. This can occur if you are using SLES 9 (or another Linux distribution) as a host machine for VMware Workstation. 11. From the language selection dialog, highlight your language;
then press Enter. 12. When the rescue system starts, log in by entering root.
Part III: Edit and Test the GRUB Configuration File
Do the following: 1.
After logging in to the rescue system, mount the root partition of the system by entering the following: mount root_device_name /mnt
2.
Open the GRUB configuration file of the installed system with vi by entering the following: vi /mnt/boot/grub/menu.lst
3.
Duplicate all 3 lines which belong to the first entry (title Linux) in the configuration file.
4.
When you have duplicated the entry, change the title of the copy to the following: title Linux-Runlevel 3
Workbook 5-12
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Manage Backup and Recovery
5.
Add a 3 (preceded by a space) at the end of the line with the kernel parameters.
6.
Save and close the GRUB configuration file.
7.
Unmount the root partition by entering umount /mnt.
8.
Remove SLES 9 CD 1 from the drive.
9.
Restart the computer by entering reboot.
10. At the boot prompt, highlight the entry Linux-Runlevel 3 and
press Enter.
x
You can also boot to runlevel 3 by entering 3 in the Boot Options field. 11. When the system boots to runlevel 3, log in as root; then access
the graphical login by entering init 5. 12. Log in as geeko. (End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 5-13
SUSE LINUX Advanced Administration/Self-Study Workbook
Workbook 5-14
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
SECTION 6
Create Shell Scripts
In this section of the workbook, you learn how to do the following: ■
“Produce Output from a Script” on 6-3
■
“Read User Input” on 6-4
■
“Simple Operations with Variables” on 6-5
■
“Use Command Substitution” on 6-6
■
“Use Arithmetic Operations” on 6-7
■
“Use Variable Substitution” on 6-9
■
“Use the if Command” on 6-10
■
“Use the case Command” on 6-11
■
“Use the while and until Commands” on 6-12
■
“Use the for Loop” on 6-13
■
“Interrupt Loop Processing” on 6-14
■
“Use Shell Functions” on 6-15
■
“Use the getopts Command” on 6-17
■
“Exercise Answers” on 6-18
The exercises in this section include a description of a script that needs to be written. At the end of the section are the solutions to the exercises. We recommend attempting to create the script, and then comparing your script to the solution to understand the scripting concepts covered.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-1
SUSE LINUX Advanced Administration/Self-Study Workbook
You can find all these scripts on the 3038 Course CD in the directory /exercises/section_6. By using these scripts as a template, you can customize them to meet the needs of your production environment. Although shell programing can be difficult at first, it becomes easier as you using the shell scripting language to automate tasks on your own system.
Workbook 6-2
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Exercise 6-1
Produce Output from a Script Do the following: 1.
Write a script that outputs “Hello world.” Use the following command in the script: echo -e “\aHello\nworld"“
x
2.
Find out the purpose of the \a, the \n and the -e options (try accessing the man pages).
3.
Compare your solution with the script at the end of the section.
This script is also available as hello.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-3
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 6-2
Read User Input Do the following:
x
1.
Create a simple shell script that prompts the user to enter her first and last name, and then greets the user with her full name.
2.
Compare your solution with the script at the end of the section.
This script is also available as name1.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Workbook 6-4
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Exercise 6-3
Simple Operations with Variables Do the following:
x
1.
Modify your script from Exercise 6-2 so that it reads the user's first and last name, combines both in one variable, and outputs the variable.
2.
Compare your solution with the script at the end of the section.
This script is also available as name2.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-5
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 6-4
Use Command Substitution Do the following: 1.
Create a shell script that outputs the current login name and the current working directory. The output of the commands whoami and pwd should be read into variables with the variables printed to the screen.
2.
x
Compare your solution with the script at the end of the section.
This script is also available as info.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Workbook 6-6
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Exercise 6-5
Use Arithmetic Operations Do the following: 1.
Review the following flowchart:
2.
Write a shell script that reflects the above flowchart.
3.
Modify the script to use the other fundamental arithmetic operations (subtraction, multiplication, division).
4.
Find out what happens if
Figure 6-1
5.
Version 1
❑
The user enters a word for each number.
❑
The user enters nothing (presses Enter) at each prompt.
Compare your solution with the script at the end of the section.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-7
SUSE LINUX Advanced Administration/Self-Study Workbook
x
This script is also available as sum.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Workbook 6-8
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Exercise 6-6
Use Variable Substitution Do the following: 1.
Write a script that asks the user for a filename, and then performs a search for that filename using the command find. Use a variable substitution to assign a default value for the filename (such as *.bak) in case the user enters nothing.
2.
x
Compare your solution with the script at the end of the section.
This script is also available as find.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-9
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 6-7
Use the if Command Do the following: 1.
Write a shell script that checks for the existence of a given file, and if the file is executable. A message should be displayed for each of the following scenarios: ❑
The file does not exist.
❑
The file exists.
❑
The file exists and is executable.
You can use the command test -x to check whether a file is executable. 2.
x
Compare your solution with the script at the end of the section.
This script is also available as file_check.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Workbook 6-10
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Exercise 6-8
Use the case Command Do the following:
x
1.
Create an example (not a complete script) to show how a script can use a case statement to process a user's answer to a Yes/No question. Include the responses as “yeah” and “nope.”
2.
Compare your solution with the example at the end of the section.
This example t is also available as yes_no.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-11
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 6-9
Use the while and until Commands Do the following:
x
1.
Create a script that performs a simple while loop 100 times. In every iteration, the number of the current iteration should be printed to screen.
2.
Write a second script which uses until instead of while.
3.
Compare your solution with the scripts at the end of the section.
These scripts are also available as counter1.sh and counter2.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Workbook 6-12
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Exercise 6-10
Use the for Loop Do the following: 1.
Create a shell script that renames all files in the current directory with uppercase letters transformed to lowercase. Hints:
2.
x
❑
Use the command find . -type f -maxdepth 1 to find all files in the current directory.
❑
You can use the command tr [A-Z] [a-z] to convert uppercase letters to lowercase.
❑
If you don’t know how to start, have a brief look at the solution at the end of the section.
❑
Test your script in a directory that does not contain important files.
Compare your solution with the script at the end of the section.
This script is also available as lowercase1.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-13
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 6-11
Interrupt Loop Processing Do the following: 1.
Modify the script from Exercise 6-10 so that existing files in the current directory are not overwritten. Use continue to interrupt the iteration over the files in the directory if a file with the target name already exists.
2.
x
Compare your solution with the script at the end of the section.
This script is also available as lowercase2.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Workbook 6-14
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Exercise 6-12
Use Shell Functions Do the following: 1.
Review the following shell function: # # # #
Prompt the user to answer with "yes" or "no. The question itself is supplied as an argument when calling the function, for example: "yesno Do you want to continue?"
yesno (){ while true do echo "$*" echo "Please answer by entering (y)es or (n)o:" read ANSWER case "$ANSWER" in [yY] | [yY][eE][sS] ) return 0 ;; [nN] | [nN][oO] ) return 1 ;; * ) echo "I cannot understand you over here." ;; esac done }
This function asks the user to enter y or n. Depending on the answer, the function returns 0 or 1. If the answer is wrong, an error message is displayed. The command echo “$*” is used to print a question, which is passed as a parameter to the function. 2.
Use the above yesno function to write a script that lets the system administrator delete user accounts. The script should prompt for the account to delete, and then asks whether the user's home directory should also be deleted.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-15
SUSE LINUX Advanced Administration/Self-Study Workbook
If the question is answered with no, the script should change the user and group ownership of the corresponding home directory to root. After doing so, the script should use the yesno function again to ask whether the administrator really wants to delete the account. Use the commands userdel and chown in the script to perform the necessary tasks. You can assume that the home directory of the user is always located in /home and that the name of the directory is the same as the login name of the user.
x
3.
Test your solution by adding a user account (enter useradd -m tux2) and deleting it.
4.
Compare your solution with the script at the end of the section.
This script is also available as userdel1.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Workbook 6-16
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Exercise 6-13
Use the getopts Command Do the following: 1.
x
Modify the script from Exercise 6-12 so that it does not prompt the user for input. Instead, the script should use the following options: ❑
-u username. This option determines the user which shall be deleted.
❑
-r. If this option is set, the home directory should be removed. If this option is not set, the owner of the home directory should be set to root.
2.
Test you solution by adding a user account (enter useradd -m tux2) and deleting it.
3.
Compare your solution with the script at the end of the section.
This script is also available as userdel2.sh in the directory /exercises/section_6 on your 3038 Course CD.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-17
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise Answers The following are answers to the exercises in this section. Solution for Exercise 6-1:
Script: /exercise/section_6/hello.sh on your 3038 Course CD #!/bin/bash # This script prints a "Hello world" greeting # Author: Tux Penguin # Created: 8/22/2005 echo -e "\aHello\nworld" exit 0
Solution for Exercise 6-2:
Script: /exercise/section_6/name1.sh on your 3038 Course CD #!/bin/bash # This script reads the users first and last name # and then prints a greeting with the full name. # Author: Tux Penguin # Created: 8/22/2005 echo "Please enter your first name:" # first name gets assigned to variable FIRSTNAME read FIRSTNAME echo "Please enter your last name:" # last name gets assigned to variable LASTNAME read LASTNAME #Now print the greeting: echo "Welcome to the club, $FIRSTNAME $LASTNAME" exit 0
Workbook 6-18
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Solution for Exercise 6-3:
Script: /exercise/section_6/name2.sh on your 3038 Course CD #!/bin/bash # This scripts reads the users first and last name # and then prints a greeting with this full name. # Author: Tux Penguin # Created: 8/22/2005 echo "Please enter your first name:" # first name gets assigned to variable FIRSTNAME read FIRSTNAME echo "Please enter your last name:" # last name gets assigned to variable LASTNAME read LASTNAME # create a new NAME variable NAME="$FIRSTNAME $LASTNAME" # Now print the greeting: echo "Welcome back home, $NAME" exit 0
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-19
SUSE LINUX Advanced Administration/Self-Study Workbook
Solution for Exercise 6-4:
Script: /exercise/section_6/info.sh on your 3038 Course CD #!/bin/bash # This script prints information about # the current login # and the current working directory. # Author: Tux Penguin # Created: 8/22/2005 login=`whoami` path=`pwd` echo "The current login is: $login" echo "The current path is: $path" exit 0
Solution for Exercise 6-5:
This script uses all available methods for arithmetic operations.
Workbook 6-20
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Script: /exercise/section_6/sum.sh on your 3038 Course CD #!/bin/bash # This script lets the user specify two whole # numbers and then adds them together. All kinds of # arithmetic formats that are possible # under Bash are used, one after another. # Author: Tux Penguin # Created: 8/22/2005 declare -i INTEGER1 declare -i INTEGER2 declare -i SUM # read first integer echo "Please enter first integer: " read INTEGER1 # read second integer echo "Please enter second integer: " read INTEGER2 # this uses expr for Bourne shell compatibility: RESULT=`expr $INTEGER1 + $INTEGER2` echo "The expr command returns the result: $RESULT." # this uses the Bash built-in let : let RESULT="$INTEGER1 + $INTEGER2" echo "The let built-in returns the result: $RESULT." # this uses a Bash-specific arithmetic expression: RESULT=$[$INTEGER1 + $INTEGER2] #or: #RESULT=$(($INTEGER1 + $INTEGER2)) echo "Using an arithmetic expression in Bash, the result is: $RESULT." # this one uses the variables declared as integers #above: SUM=INTEGER1+INTEGER2 echo "Using the variables declared as integers, the sum is: $SUM." exit 0
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-21
SUSE LINUX Advanced Administration/Self-Study Workbook
Solution for Exercise 6-6:
Script: /exercise/section_6/find.sh on your 3038 Course CD #!/bin/bash # This script searches for files in the current # directory. # The user is prompted to enter a filename; # if no name is entered, we search for the default # value anyway, which is set to "*.bak" # Author: Tux Penguin # Created: 8/22/2005 echo "Please enter the file to be searched for (default is: *.bak):" read FILE find . -name "${FILE:="*.bak"}" exit 0
Workbook 6-22
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Solution for Exercise 6-7:
Script: /exercise/section_6/file_check.sh on your 3038 Course CD #!/bin/bash # This script checks whether a file exists and if # its executable # Author: Tux Penguin # Created: 8/22/2005 echo "Please enter a filename: " read FILENAME if test -e $FILENAME then if test -x $FILENAME then echo "The file exists and is executable." else echo "The file exists but is not executable." fi else echo "The file does not exist." fi exit 0
Solution for Exercise 6-8:
Script: /exercise/section_6/yes_no.sh on your 3038 Course CD case "$VARIABLE" in [yY] | [yY][eE][sS] | [yY] [eE] [aA] [hH] ) ... ;; [nN] | [nN][oO] | [nN][oO][pP][eE] ) ... ;; * ) echo error message ;; esac
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-23
SUSE LINUX Advanced Administration/Self-Study Workbook
Solutions for Exercise 6-9:
Script: /exercise/section_6/counter1.sh on your 3038 Course CD #!/bin/bash # A script to iterate over a simple "while" loop 100 # times. # Author: Tux Penguin # Created: 8/22/2005 declare -i COUNTER=1 while test $COUNTER -le 100 do echo "The counter stands at $COUNTER." COUNTER=COUNTER+1 sleep 1 done exit 0
Script: /exercise/section_6/counter2.sh on your 3038 Course CD #!/bin/bash # A script to iterate over a simple until loop 100 times. # Author: Tux Penguin # Created: 8/22/2005 declare -i COUNTER=1 until test $COUNTER -gt 100 do echo "The counter stands at $COUNTER." COUNTER=COUNTER+1 sleep 1 done exit 0
Workbook 6-24
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Solution for Exercise 6-10:
Script: /exercise/section_6/lowercase1.sh on your 3038 Course CD #!/bin/bash # This script renames all files in the current # directory so that they have all lowercase file # names. # Author: Tux Penguin # Created: 8/22/2005 for FILE in `find . -type f -maxdepth 1` do NEWFILE=`echo $FILE | tr [A-Z] [a-z]` if test $FILE != $NEWFILE then echo mv $FILE $NEWFILE fi done exit 0
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-25
SUSE LINUX Advanced Administration/Self-Study Workbook
Solution for Exercise 6-11:
Script: /exercise/section_6/lowercase2.sh on your 3038 Course CD #!/bin/bash # This script renames all files in the current # directory so that they have all-lowercase file # names. # 2nd version: Now we also check whether the file # already exists with lowercase lettering. # Author: Tux Penguin # Created: 8/22/2005 for FILE in `find . -type f -maxdepth 1` do NEWFILE=`echo $FILE | tr [A-Z] [a-z]` if test $FILE != $NEWFILE then if test -e $NEWFILE then echo "There is already a file with the name $NEWFILE." echo "$FILE will not be renamed." # Skip the rest and begin next loop iteration: continue fi echo mv $FILE $NEWFILE fi done exit 0
Solution for Exercise 6-12:
For testing purposes, an echo is put before all important commands, such as chown and userdel. There should be no spaces between [yY][eE][sS]. The same is true of [nN][oO].
Workbook 6-26
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Create Shell Scripts
Script: /exercise/section_6/userdel1.sh on your 3038 Course CD #!/bin/bash # This script prompts for a user name and # then deletes the corresponding account. # Author: Tux Penguin # Created: 8/22/2005 yesno (){ while true do echo "$*" echo "Please answer by entering (y)es or (n)o:" read ANSWER case "$ANSWER" in [yY] | [yY][eE][sS] ) return 0 ;; [nN] | [nN][oO] ) return 1 ;; * ) echo "I can't understand you over here." ;; esac done } read -p "Delete which user? " user if yesno "Also delete home directory of $user?" then home=yes fi if yesno "Really delete user $user?" then if test "$home" = yes then userdel -r $user else home="/home/$user" chown -R root.root $home userdel $user fi fi exit 0
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 6-27
SUSE LINUX Advanced Administration/Self-Study Workbook
Solution for Exercise 6-13:
Script: /exercise/section_6/userdel2.sh on your 3038 Course CD #!/bin/bash # This script prompts for a user name and then deletes # the corresponding account. Optionally, the user's # home directory is deleted as well. # Author: Tux Penguin # Created: 8/22/2005 while getopts u:r variable do case $variable in u ) user="$OPTARG" ;; r ) home=yes ;; esac done if test "$home" = yes then userdel -r $user else home="/home/$user" chown -R root.root $home userdel $user fi exit 0
Workbook 6-28
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Compile Software from Source
SECTION 7
Compile Software from Source
In this section of the workbook, you learn how to do the following: ■
“Compile a Simple C Program” on 7-2
■
“Compile Software from a Source Package” on 7-3
Although SLES 9 is shipped with software packages for almost all purposes, you might want to install software from other sources. Sometimes OpenSource projects or third-party vendors provide RPM packages that are made for SLES 9 and can be installed with the RPM command line tool or with YaST. In many cases, however, open source projects provide only tar archives with the source code of an application. In this section you learn how to compile and install software from these source archives.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 7-1
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 7-1
Compile a Simple C Program In this exercise, you compile a simple C program by doing the following:
x
As part of the SLES 9 installation exercise in Section 1, you already installed the necessary packages for compiling C source (C/C++ Compiler and Tool). If you did not complete this successfully, use the YaST Install and Remove Software module to install this software before starting the exercise.
Do the following: 1.
Open a terminal window.
2.
Insert the 3038 Course CD in the CD-ROM drive.
3.
Copy the source code package of the example application to the /tmp directory by entering the following: cp /media/mount_point/exercises/section_7/my_name.c /tmp (where mount_point is cdrom, cdrecorder, or dvd, depending on your installed hardware)
4.
Change to the directory /tmp/ by entering cd /tmp.
5.
Compile the C source file by entering the following: gcc my_name.c -o my_name
6.
After the program compiles, start the program by entering the following: ./my_name
7.
Verify that the program works properly by entering a name.
8.
Close the terminal window and remove the CD.
(End of Exercise)
Workbook 7-2
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Compile Software from Source
Exercise 7-2
Compile Software from a Source Package In this exercise, you do the following: ■
Part I: Compile a Source Package
■
Part II: Run the Application
Part I: Compile a Source Package
Do the following: 1.
Open a terminal window.
2.
Insert the 3038 Course CD in your CD-ROM drive.
3.
Copy the source code package of the example application to the directory /tmp/ by entering the following (on one line): cp /media/drive/exercises/section_7/xpenguins-2.2.tar.gz /tmp
4.
Change to the directory /tmp by entering cd /tmp.
5.
Unpack the source archive by entering the following: tar xzf xpenguins-2.2.tar.gz
6.
Change to the source directory by entering cd xpenguins-2.2/.
7.
Start the configure script by entering ./configure.
8.
(Conditional) If the configure script displays an error message indicating that the header files of the X Window system are not installed, install the package XFree86-devel with YaST and run the configure script again before continuing.
9.
When the configure script finishes, enter make.
10. When the make command finishes, su to root. 11. Change to the source directory by entering the following:
cd /tmp/xpenguins-2.2/
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 7-3
SUSE LINUX Advanced Administration/Self-Study Workbook
12. Install the compiled application by entering make install. 13. Close the terminal window.
Part II: Run the Application
To run the application xpenguins, you need to make an adjustment from the KDE Control Center that is not part of the standard build process. To make this adjustment and start the application, do the following: 1.
From the KDE start menu, select Control Center.
2.
From the left side of the Control Center, select Desktop > Behavior.
3.
Select the check box for Allow programs in desktop window; then select Apply and close the Control Center.
4.
Open a terminal window.
5.
Start the application by entering the following: /usr/local/bin/xpenguins
6.
Stop the program by pressing Ctrl+C (from the terminal window). Have a lot of fun :-).
7.
Close the terminal window.
(End of Exercise)
Workbook 7-4
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Perform a Health Check and Performance Tuning
SECTION 8
Perform a Health Check and Performance Tuning
In this section of the workbook, you learn how to do the following: ■
“Analyze System Performance” on 8-2
■
“Reduce Resource Utilization” on 8-7
■
“Tune an IDE Hard Drive With hdparm” on 8-9
As with any system, sometimes the performance of a SLES 9 system is not sufficient. Because of the complexity of today's IT systems and infrastructure, performance bottlenecks are sometimes not easy to find. All components interact with each other, and different kinds of server types require different measures to improve system performance. In this section, you learn about monitoring utilities that help you find the component having performance problems. No matter what measures you choose, make sure that all changes are well tested before you enable them on the actual production system. Changes to the kernel parameters need to be tested very carefully.
b
Version 1
For more information about Linux performance tuning, go to http://www.redbooks.ibm.com/abstracts/redp3862.html?Open.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 8-1
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 8-1
Analyze System Performance In this exercise, you analyze system performance by doing the following:
x
■
Part I: Analyze Processor Utilization
■
Part II: Analyze Memory Utilization
■
Part III: Analyze Hard Disk Utilization
■
Part IV: Analyze Memory Utilization From KDE System Guard
In this exercise you compile a clone image of the kernel to test processing and memory utilization. If you are using the SLES 9 VMware server, we recommend increasing the amount of memory allocated to the VMware server, or the server might crash (lock up).
Part I: Analyze Processor Utilization
Do the following: 1.
Make sure, that you have installed the software selection C/C++ Compiler and Tools as well as the package kernel-source. If these packages are not installed, install them with the YaST software installer.
2.
Open a terminal window.
3.
Enter top. Watch the information about the system load and the process list for a few moments.
4.
Open a second terminal window and su to root.
5.
Enter the following commands: cd /usr/src/linux make cloneconfig
Workbook 8-2
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Perform a Health Check and Performance Tuning
x
If the directory /usr/src/linux does not exist, you need to install the package kernel-source. 6.
When the second command finishes, start a Linux kernel compilation by entering make bzImage. The compilation generates a high load on the system:
7.
From the first terminal window, watch the load numbers. Notice that the load values are constantly rising. The 3 values differ as they display the average of three different periods of time.
8.
Wait until the load average value has reached 1; then quit the compilation process in the second terminal window by pressing Ctrl+C.
9.
In the second terminal window, restore the initial state by entering make clean.
10. From the first terminal window, watch the load values for a few
moments. Notice that the values decrease. 11. End the top program by typing q.
Part II: Analyze Memory Utilization
Do the following:
Version 1
1.
In the first terminal window, enter vmstat 1.
2.
Watch the vmstat output for a few moments, especially the columns si (swap in) and so (swap out).
3.
In the second terminal window, enter make -j bzImage.
4.
In the first terminal window, watch the so and si columns.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 8-3
SUSE LINUX Advanced Administration/Self-Study Workbook
Notice that the command make utilizes a lot of memory. As a result, after a few minutes (normally 3 or 4) the system starts using swap memory. 5.
In the second terminal window, stop the make process by pressing Ctrl+C.
6.
In the first terminal window, watch as the swap activity declines.
7.
Terminate the command vmstat by pressing Ctrl+C.
8.
In the second terminal window, enter make clean.
Part III: Analyze Hard Disk Utilization
Do the following: 1.
Using the YaST package manager, install the package sysstat.
2.
In the first terminal window, enter the following: iostat -x 2 /dev/hda If your root partition is on a different device than hda (such as hdc), adjust the command accordingly.
3.
Watch the output of iostat for a while, particularly the columns await and svctm.
4.
In the second terminal window, enter make -j bzImage.
5.
Watch the iostat values in the columns await and svctm. Notice that both values are rising due to high disk utilization caused by the command make.
Workbook 8-4
6.
In the second terminal window, stop the command make by pressing Ctrl+C.
7.
Watch how the await and svctm times decrease again.
8.
End iostat by pressing Ctrl+C.
9.
In the second terminal window, enter make clean.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Perform a Health Check and Performance Tuning
10. Close the first terminal window (leave the second terminal
window open).
Part IV: Analyze Memory Utilization From KDE System Guard
Do the following: 1.
From the KDE start menu, select System > Monitor > KDE System Guard.
2.
From the menu bar, select File > New.
3.
Enter a title of Memory.
4.
Select 2 rows and 1 columns.
5.
Select OK.
6.
On the left side of the KDE System Guard window, browse to localhost > Memory.
7.
Open Physical Memory and Swap Memory.
8.
Drag the Free Memory sensor from the Physical Memory category and drop it in the upper part of the Memory worksheet.
9.
For the display mode, select Signal Plotter.
10. Drag the Free Memory sensor from the Swap Memory category
and drop it in the lower part of the Memory worksheet. 11. For the display mode, select Signal Plotter. 12. Change the properties of the Free Memory sensors:
a.
Right-click a sensor and select Properties.
b.
From the Style tab page, enter one of the following in the Title field: ❑
Free - Physical
or ❑
Version 1
Free - Swap
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 8-5
SUSE LINUX Advanced Administration/Self-Study Workbook
c.
From the Grid tab page, select the Background color bar; then select a light color for the background and select OK.
d. Close the Properties dialog by selecting OK. 13. Watch the current memory activity for a few moments. 14. From the terminal window, enter make -j bzImage. 15. Return to KDE System Guard and watch the memory activity.
Just as in Part II of the exercise, the command make utilizes a lot of memory. As a result, after a few minutes (normally 3 or 4) the current memory is fully utilized and the system starts using swap memory. 16. Stop the make process by pressing Ctrl+C. 17. From KDE System Guard, watch as the swap activity declines. 18. From the terminal window, enter make clean. 19. Close the KDE System Guard window and the terminal window. (End of Exercise)
Workbook 8-6
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Perform a Health Check and Performance Tuning
Exercise 8-2
Reduce Resource Utilization Do the following: 1.
Log out of the KDE desktop environment by pressing Ctrl+Alt+Backspace.
2.
When the GUI login appears, change to a text console by pressing Ctrl+Alt+F2.
3.
Login as root.
4.
Enter free. Notice the amount of free physical memory.
5.
Open the file /etc/inittab with the vi editor:
6.
Look for the line id:5:initdefault: and change it to the following: id:3:initdefault:
7.
Save and close the file.
8.
Reboot your system by entering reboot. The system boots to runlevel 3.
9.
Log in as root; then enter free.
10. Compare the amount of free physical memory with the number
you noted earlier. Notice that runlevel 3 uses less memory than runlevel 5.
x
The success of this depends on the amount of free memory you have available on your hardware. 11. Switch to runlevel 5 by entering init 5. 12. Log in as geeko with a password of N0v3ll. 13. Edit the line id:3:initdefault: in /etc/inittab to change the default
runlevel back to 5.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 8-7
SUSE LINUX Advanced Administration/Self-Study Workbook
14. Save the file and close the editor. (End of Exercise)
Workbook 8-8
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Perform a Health Check and Performance Tuning
Exercise 8-3
Tune an IDE Hard Drive With hdparm In this exercise, you tune your IDE hard drive. It is assumed that the IDE hard disk is /dev/hda. If your IDE hard disk is connected differently (such as hdc), use the correct device name in the following steps. Do the following: 1.
Open a terminal window and su to root.
2.
Make sure that the DMA mode is activated by entering the following command: hdparm -d 1 /dev/hda
3.
Run a performance test by entering the following: hdparm -t /dev/hda Notice the data throughput in MB/sec.
4.
Disable the DMA mode by entering the following: hdparm -d 0 /dev/hda
5.
Run the performance test again by entering the following: hdparm -t /dev/hda Compare the result with the DMA enabled throughput.
6.
Re-enable DMA by entering the following: hdparm -d 1 /dev/hda
7.
Close the terminal window.
(End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 8-9
SUSE LINUX Advanced Administration/Self-Study Workbook
Workbook 8-10
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Manage Hardware and Component Changes
SECTION 9
Manage Hardware and Component Changes
In this section of the workbook, you learn how to do the following: ■
“Trace How a Network Adapter Is Set Up With hwup and ifup” on 9-2
Although most hardware devices can be configured with YaST or are even automatically detected when plugged into the system, it is sometimes helpful to understand how things work in the background. In the this section, you are introduced to SLES 9 hardware management and how device drivers are loaded.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 9-1
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 9-1
Trace How a Network Adapter Is Set Up With hwup and ifup In this exercise, you do the following: ■
Part I: Boot the System with Hot- and Coldplug Disabled
■
Part II: Use hwup to Load a Driver Module
■
Part III: Use ifup to Set Up the Network Interface
Part I: Boot the System with Hot- and Coldplug Disabled
Do the following: 1.
Log out of the KDE desktop environment and reboot your system.
2.
When the SLES 9 boot screen appears, add the following to the Boot Options field: NOCOLDPLUG=1 NOHOTPLUG=1 These parameters are case-sensitive.
3.
Boot the system by pressing Enter.
4.
At the KDM login screen, log in as geeko.
5.
Open a terminal window.
6.
Try to ping your IP address by entering the following: ping 10.0.0.50 Notice that the network connection is not working.
Part II: Use hwup to Load a Driver Module
Do the following: 1.
Workbook 9-2
From the terminal window, su to root.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Manage Hardware and Component Changes
2.
Enter lspci.
3.
Look for a line with the description Ethernet controller in the second column. Note the PCI address (in the first column), such as the following: 0000:02:00.0
4.
Look for one of the following files in /etc/sysconfig/hardware: ❑
hwcfg-bus-pci-address_ethernet_controller or
❑
hwcfg-id-address_ethernet_controller
5.
Open the file with a text editor.
6.
Look for a line starting with MODULE=. Notice the name of the module after this option. This is the hardware driver for your network adapter.
7.
Close the file.
8.
Verify whether the driver has been already loaded by entering the following: lsmod | grep hardware_driver_name Notice that the driver has not been loaded because you have disabled Coldplug and Hotplug.
9.
Load the driver module by entering one of the following: hwup bus-pci-address_ethernet_controller or hwup id-address_ethernet_controller
10. Verify that the diver is loaded by entering the following:
lsmod | grep hardware_driver_name Notice that the driver has been loaded.
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 9-3
SUSE LINUX Advanced Administration/Self-Study Workbook
Part III: Use ifup to Set Up the Network Interface 1.
Display the current configuration of the network interfaces by entering the following: ip address show
2.
Look for a line starting with eth0. Notice that no IP address has been assigned to the interface. Also notice the hardware address of eth0 (displayed after the words link/ether).
3.
Enter cd /etc/sysconfig/network.
4.
In the directory /etc/sysconfig/network, look for a file with the following name: ifcfg-eth-id-MAC_address
5.
Open this file with a text editor.
6.
Look for the option IPADDR. This is the IP address you will assign to the device.
7.
Close the file.
8.
Configure the interface by entering the following: ifup eth-id-MAC_address
9.
Verify that the interface has been configured by entering the following: ip address show Notice that the interface has been configured and is ready to use.
10. Try to ping your IP address by entering the following:
ping -c 3 10.0.0.50 Notice that the network connection is now working.
Workbook 9-4
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Manage Hardware and Component Changes
11. Close the terminal window. (End of Exercise)
Version 1
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 9-5
SUSE LINUX Advanced Administration/Self-Study Workbook
Workbook 9-6
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Prepare for the Novell CLP Practicum
SECTION 10
Prepare for the Novell CLP Practicum
In this section, you work through the following scenarios to help you to prepare for the Novell CLP (Certified Linux Professional) practicum exam: 1.
Install and Configure SLES 9
2.
Configure a DNS Server
3.
Configure a Web Server
4.
Configure a Samba File Server
You must complete Scenario 1. You can then select any of the remaining scenarios to complete. Remember that skills from all 3 Novell CLP courses might be necessary to fulfill the required tasks.
Introduction Digital Airlines is planning on deploying SUSE LINUX in its IT infrastructure. During the first phase, SLES 9 will be used on the back-end systems like file, web, and network-infrastructure servers. As the network administrator for your Digital Airlines office, you (along with management) have designed a migration plan which includes the following services to be migrated to SLES 9:
Version 1
■
DNS services on the internal network
■
Intranet Web server
■
File and Print services for Windows clients
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 10-1
SUSE LINUX Advanced Administration/Self-Study Workbook
You decide to start by installing and testing these services on a computer in a computer in the test lab.
Scenario 1
Install and Configure SLES 9 The following are tasks and requirements that need to be performed on the test server before installing and configuring services (such as DNS): ■
SLES 9 Installation
■
Post-Installation Tasks
Read through these requirements carefully, then install and configure the server.
SLES 9 Installation To make sure you have a clean installed copy of SLES 9, do one of the following: ■
If you used the SLES 9 VMware virtual server for any of the exercises, and saved changes to the virtual server, follow the instructions under “Access the SLES 9 Server as a VMware Server” on Intro-2 and “Configure the SLES 9 VMware Server” on 1-14 to install and configure a clean version of the SLES 9 virtual server.
■
If you installed SLES 9 on your computer, follow the instructions under Exercise 1-1 in the workbook (“Install SLES 9 from CD” on 1-2) to install and configure a clean copy of the SLES 9 server. Make sure that you use a partition setup that fits your needs, and that you install only necessary applications and daemons to support a DNS server, a Web server, and a Samba file server.
Workbook 10-2
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Prepare for the Novell CLP Practicum
Post-Installation Tasks Before you begin configuring services, you need to complete the following post-installation tasks:
Scenario 2
■
Secure the GRUB boot loader with a password.
■
Configure the network connection manually (with or without YaST).
■
Configure runlevel 3 as the system default.
Configure a DNS Server One milestone of Digital Airlines move to SUSE LINUX is the implementation of Linux-based DNS servers. As a first step you decide to setup a test DNS Server in your lab. On the SUSE LINUX test server in your lab, do the following: ■
Configure a master DNS server for 5 test systems (DA10-DA14).
■
Test your setup (you can use the command dig).
■
The server configuration files under /etc as well as the zone files should be backed up. Write a shell script which performs a full backup every Sunday and an incremental backup on the other days using the tar tool. For test purposes, you can copy the backup files to the directory /tmp.
Version 1
■
Configure your backup script as a cron job which runs every day at 10 pm.
■
With another student who is working on the same scenario, configure your servers to be slave DNS servers for each other.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 10-3
SUSE LINUX Advanced Administration/Self-Study Workbook
Scenario 3
Configure a Web Server Your Digital Airlines office runs an internal web server which provides vital information for employees. The server hosts a general portal site and a virtual host for every department. Because the web server needs to be migrated to SLES 9, you decide to create a prototype system for the general portal site and 2 departments (accounting and marketing) on the test server. Set up the prototype system using the following guidelines: ■
Install and configure an Apache web server that hosts the general portal site and 2 virtual hosts for the departments accounting and marketing.
■
Use the Apache example pages as demo content.
■
The virtual host from accounting should run under SSL, and should only be accessible for the users in the group accounting.
■
Make additional entries in the file /etc/hosts to test the virtual host setup.
■
From each department one user should be allowed to login using SSH on the server to change the content of the virtual host. Create two normal users JNelson and SRife on your system. JNelson should be responsible for the marketing department and SRife for the accounting department. Use ACLs to make sure that JNelson and SRife can only read and access the content in the corresponding virtual host directory.
■
Workbook 10-4
All pages which you have to migrate end in .htm. Create a shell script which replaces the .htm with .html.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Prepare for the Novell CLP Practicum
Scenario 4
Configure a Samba File Server As part of the SUSE LINUX migration plan for your Digital Airlines office, you need to move file and print services to a Samba server running on SLES 9. You decide to test this migration for the marketing department on the test server in your lab. Set up the Samba server using the following guidelines: ■
Install the Samba server and client software.
■
Configure a marketing workgroup.
■
Create a UNIX group named marketing.
■
Create 2 normal users (PSmith and JWattson) who are members of the accounting group and are included in the file smbpasswd.
■
Create one shared folder for the group accounting.
■
Export the home directories of PSmith and JWattson as personal shared folders.
■
Test your shares (you can use the smbclient).
■
Create a bash script that searches for Windows executables on the shares. If an executable is found, the file should be moved to a directory outside of the share and a mail should be send to the root user of the Samba server. Depending on your programing skills, you can choose one of the following methods to determine if a file is a Windows executable:
Version 1
❑
Search for file extensions such as .exe or .com (not a secure solution)
❑
Identify the file type using the command file.
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Workbook 10-5
SUSE LINUX Advanced Administration/Self-Study Workbook
Workbook 10-6
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
