Posted in Linux, Red Hat

Redhat Linux v7 System Administration

Catatan Redhat v7 Sys Admin 

Init Process 
    - init -> /sbin/init 
    - /etc/inittab 
    - Version 7 memakai upstart 
    
    /sbin/init
        - /sbin/init starts -> menjadi proses no 1 
        - reads /etc/rc.d/rc.sysinit
        - reads /etc/systemd/system/default.target -> to determine the runlevel 
        - source function library 
          /etc/rc.d/init.d/functions -> how to start, kill, and determine the PID 
        - looks in the /etc/rc.d/rcN.d dir 
          ex : /etc/rc.d/rc5.d -> run level 5 
        
Daemon Processes 
        - sshd 
        - sendmail 
        - cupsd 
        - smartd
        
Kernel Memory,start with 'k'
        - kthread 
        - kjournald 
        - kpsmoused 

/etc/inittab 
    0 = halt 
    1 = single user mode - no users can log on, no network 
    2 = normal mutliuser, but without NFS mounts 
    3 = multiser mode with NFS
    4 = unused 
    5 = multiuser + graphical X11 
    6 = reboot 
     Runlevel 1 = single-user mode / maintenance mode 
                - root no password needed 
                - program running minimal 
                - network is disabled 
                - file system is mounted /etc/fstab 
     To enter runlevel 1 
                - ln -sf /lib/systemd/system/runlevel.target
                  /etc/systemd/system/default.target 
                - at GRUB, select kernel, press 'e' 
                  add "1" at the end of the line 
                  [enter]
                  press "b" -> to boot 
                - man 8 init (use with caution)

        show /lib/systemd/system/*.target 
        execute init 1 
        execute init 5 
        execute init 6 
        
      Runlevel Start/Stop Scripts 
    - Each runlevel has an /etc/rc#.d directory
    - /etc/rc.d/rc 
    - when run as scriptname start / stop / restart / reload / status 
    - ls /etc/rc2.d 
    - ln -l s10network = soft link into /etc/init.d 
    - K script = kill scripts stop process 
      S script = start scripts 
    - when entering runlevel 2, /etc/rc.d/rc 
        - run each script in /etc/rc2.d with k-script 
            k89rdisc stop, k95firstboot stop, k99rngd stop 
        - run each script with letter S-start 
            S01systat start, S02lvm2-monitor start, S08ip6tables start 
    - the /etc/rc#.d/[KS]##fo scripts -> symlinks to /etc/init.d/foo 
    - /etc/init.d/foo {start|stop}
    - service package {start|stop}
    
    #chkconfig -> runlevel information for system services 
        --list : displas runlevel for a service 
        --add  : add a service 
        --del  : delete a service 
        on|off : turn a service on / off 
        
SYSTEMCTL 
    - config files = /lib/systemd/system 
    - /lib/systemd/system/default.target = what is used on boot 
    - /lib/systemd/system/runlevel?.target = related to runlevel 0 - 6 
    - services -> /lib/systemd/system/sshd.service 
    - systemctl stop servicename 
    - systemctl start servicename 

    chkconfig 
    re-init 
    chkconfig 
    /etc/rc.d/rc.local = contents 
    
    #shutdown -h now 
    #init 0 
    
    #shutdown -r now 
    #reboot 
    #init 6 
    
    #1:00 am 
    #shutdown -h 01:00
    #shutdown -r 17:00 
    - 5 menit sebelum shutdown /etc/nologin is created to disable new logins 
    

Partition 
    xfs(default v7), ext2-4, swap, lvm 
    nfs -> nfs.example.com 
            /data/rhel7 
    http -> rhel.example.com/iso 
        
Raid 0(Striping)
     1(mirroring of 2/more disks)
     5(Striping with parity)
     6(Striping with dual parity)
      LVM can span multiple physical disks, creating huge partitions     
    - GRUB loads the kernel(vmlinuz -virtual memory linux z-compressed)into 
      memory
    - The kernel starts the init process
    - MBR -> GRUB -> vmlinuz -> init -> iptables
                                     -> syslogd
                                     -> crond 
    - GRUB starts the linux kernel 
      commands : rescue mode / single user mode -> /proc/cmdline
      - ro root=LABEL=/ rhgb quiet 
      - /boot/grub/grub.conf 
      - grub legacy -> Redhat 5.5 
        grub 2      -> Redhat 6 
      - MBR adadi first sector dari first drive, cylinder 0, sector 0. Grub pakai 
        "stage 1.5" di /boot/grub 
      - ls -l /boot/grub 
      - /boot/grub/grub.conf 
        /etc/grub.conf 
      - #grub-install -> reload the Grub MBR, rebuild the MBR 
      - #grubby -> to configure Grub 
      - #grub -> start grub command line 
      - #grub-md5-crypt -> encrypt a grub password in MD5 format 
      - grub dapat informasi dari /boot/grub/grub.conf 
      - 'e' -> edit -> tambah 'single' / single user mode 
      - #ls /boot/init* /boot/vmlinuz* 
           /boot/initramfs.. /boot/vmlinuz...
      - initramfs : an initial ram disk file system 
        + compressed cpio archieve 
        + init shell script that loads the necessary modules 
        + kernel switches to the actual hard drive(swithboot)
      - #ls /boot/config-*
         boot/config-3.10.0-123.el7.x86_64 
      - kernel di load, kernel initializes, configure virtual memory, processors, 
        storage 
      - looks for initrd(initramfs) decompress it, mount it
        unmount initramfs disk image
        executes /sbin/init 
      - #dmesg | less 
      
Root#fdisk /dev/sda
    #reboot -> rebuild kernel partition table info 
    #partprobe -> rebuild kernel partition table with 
    #mkfs.ext4 /dev/sda6 -> Format
     mke4fs -t ext4 .dev/sda6 -> Format
    #mkdir /mnt/mynewpartition -> Create mount point a dir
    #mount /dev/sda6 /mnt/partition -> mount the partition 
    #tambain di /etc/fstab
     /dev/sda6 /mnt/partition ext4 defaults 1 2 
    
    #fdisk -l 
     fdisk -s /dev/sda1 -> SIZE 
     fdisk /dev/sda
        m for help 
        q for quit 
        n -> new partition -> masukkan first cylinder 
        w for write 
    #cat /proc/partitions 
    #partprobe -> rebuild kernel 
    #cat /proc/partitions 
    
    #e2label /dev/sda5 
    #e2label /dev/sda5 /home 
    
    #fsck -> file system check 
     fsck pada drive yang dimounted adalah BAHAYA 
    #fsck /dev/sda1
    
    #e2fsck /dev/sda -> juga ga aman, harus umount first 
    #umount /dev/sda1
    #e2fsck /dev/sda1 
    #mount /dev/sda1 
    #df -k -> kilobyte 
        -m -> megabyte 
        -h -> human 
    
    - SWAP SPACE -> 2 to 3 times RAM 
      RAM + SWAP 
    #swapon -s -> liat swap summary 
    #fdisk -> buat new partition swap 
        -t, enter the new partition number, enter code 82 for swap
    #mkswap -> format swap space 
    #swapon -> to add swap space 
    #swapoff -> to remove swap space 
    root#partprobe 
        #mkswap /dev/sda8
        #swapon /dev/sda8
        #swapoff /dev/sda8 
        #dd if=/dev/zero of=/tmp/swapspace bs=512 count=4000
        #ls -l /tmp/swapspace 
        #mkswap /tmp/swapspace
        #swapon /tmp/swapspace 
        #swapon -s


        
    LVM(LOGICAL VOLUME MANAGER) : buat multiple volume number dari physical 
    partitions 
    sda12, sda13, sda10, sda11 = Physical volumes(PVs)
    VGs can be combined into one / more volume grups(VGs)
    
    - Web, data, ......unused space....
    - The VG spans all the PVs 
    - The VG has two logical volumes (LVs): web and data 
    - The VG has unused space that can be used for add LV
    
    #pvcreate  -> create a PV 
    #pvdisplay -> diplay a PV 
    #pvmove    -> move data from one PV to another 
    #pvremove  -> remove pv from lvm 
    
    #vgcreate  -> create a VG 
    #vgdisplay -> display VG details 
    #vgextend  -> extend size of VG 
    
    LVM commands 
    #lvcreate  -> create a LV 
    #lvdisplay -> display a LV details 
    #lvextend  -> extend size of LV 
    #lvreduce  -> reduce size of LV 
    #lvresize  -> size LV 
    #lvremove  -> remove LV 
    #lvrename  -> name LV 
    
    #pvcreate /dev/sdb10 /dev/sdb11 /dev/sdb12 (PVs)
    #vgcreate myVolGroup /dev/sdb10 /dev/sdb11 /dev/sdb12 (VGs with new PVs)
    #lvcreate -L 100 myVolGroup
    #lvcreate -L 100 myVolGroup
    #lvcreate -L 100 -n myVolume myVolGroup
    
    CHANGE LVM 
    #pvcreate dev/sdb13
    #vgextend myVolGroup /dev/sdb13
    #lvextend -L 200 /dev/myVolGroup/lvo11
     lvextend -L +100 /dev/myVolGroup/myVolume 
    #lvreduce -L 100 /dev/myVolGroup/lvo11
     lvreduce -L -100 /dev/myVolGroup/myVolume
    #vgreduce -f myVolGroup /dev/sdb13 #error
        #pvmove /dev/sdb13 
        #vgreduce -f myVolGroup /dev/sdb13
        
    DELETE LVM 
    #vgremove myVolGroup
    #vgremove -f myVolGroup 
    
    #pvremove /dev/sdb10
    #pvremove /dev/sdb11 
    #pvremove /dev/sdb12 /dev/sdb13
    
    - Create 3 new partitions 200MB, 200MB, 300MB
    - Create 1 VG of these three partitions
    - Create 3 LVs: 100MB, 150MB, 200MB
    - Extend the 3rd LV to 250MB
    #fdisk /dev/sda 
     n -> new partition -> +200M
     n -> +200M 
     n -> +300M 
     p -> liat partisi 
     w -> write 
    #partprobe
    #pvcreate /dev/sda9 /dev/sda10 /dev/sda10 
    #vgcreate newVolume /dev/sda9 /dev/sda10 /dev/sda10 
    #lvcreate -L 100 newVolume 
    #lvcreate -L 150 newVolume 
    #lvcreate -L 200 newVolume 
    #lvdisplay 
    
File System management 
     mount 
     noexec -> don't allow any programs on the filesystem  to be executed
     ro -> read only 
     rw -> read write 
     nosudo -> don't allow set user id programs to run 
     nodev -> devices on the filesystem don't act like devices 
     noatime -> don't update the access time when reading files, good for 
                decreasing disk writes 
     
     /dev = device file entries 
     /etc = admin config files 
     /etc/X11 = X11 admin config files 
     /etc/skel = 'skeleton' user home dir files 
     /bin = executable programs 
     /lib = libraries for binary executable (in /bin and /sbin)
     /var = log files, mail spool files 
     /sbin = root programs 
     /opt = generally used for add-on software 
     /proc = special "files" used by the kernel 
     /media = auto mount point -> /media/cdrom 
     /usr/bin, /usr/etc, /usr/src, /usr/lib, /usr/include 
     #ls /var
      ls /var/spool 
      ls /var/spool/mail 
     /proc -> Virtual File System -> stored in memory bukan di physical disk 
        #cat /proc/cpuinfo 
         cat /proc/meminfo 
         cat /proc/mounts
         cat /proc/filesystems 
      /etc/fstab -> man 5 fstab 
      #mount 
       df -h 
       
       ext4 : extents instead of blocks, improving large file performance
       tmpfs : pure memory-based filesystem 
       vfat : most usb devices 
       iso9660 : cdrom format 
       xfs : SGI(default RHEL7)
       jfs : IBM
       btrfs : linux version dari sun zfs filesystem released by Oracle 
       reiserfs : a journaled filesystem 
       
       #mount /boot 
        mount /dev/sda1 -> already mounted / boot busy 
        umount /boot 
        df 
       #/usr/bin/lsof | grep /boot 
       #umount -l /boot -> "lazy" umount 
       #ls /dev 
        ls /dev/cdrom 
        ls /etc
        ls /opt 
        ls /lib/grub 
        
File System management        
        #fdisk /dev/sda
        #reboot / partprobe -> rebuild kernel partition table 
        #mkfs.ext4 /dev/sda6     -> FORMAT
         mke4fs -t ext4 /dev/sda -> FORMAT
        #mkdir /mnt/mynewpartition -> 
         mount /dev/sda6 /mnt/mynewpartition
         
More File System 
     lsattr 
     chattr 
     a = append 
     c = automatic compress on disk 
     d = don't backup with dump(8)
     i = cannot be modified 
     s = when file is deleted, zero out disk 
     
    #touch test.txt 
    #lsattr test.txt 
    #chattr +i test.txt 
    #lsattr test.txt 
    #echo this is a test >> test.txt -> Permission denied
    #chattr +a -i test.txt 
    #lsattr test.txt 
    #echo this is a test > test.txt 
    #echo this is a test >> test.txt 
    #chattr -a test.txt 
    ##lsattr test.txt 
    
    #getfacl test.txt 
        #setfacl -m u:yudha:r test.txt 
        #getfacl --omit-header test.txt 
    #setfacl -m g:jdoe:rw test.txt 
    #getfacl --omit-header test.txt 
    
    SELINUX -> Enforcing,Permissive, Disabled 
    #ls -Z test.txt
    #ps -Z 
    #ls -Zd ~
    #touch selinux.txt 
        #ls -Zd selinux.txt 
    
    #getenforce
    #setenforce 0 
        #getenforce -> Permisive
    #setenforce 1 
        #getenforce -> Enforcing 
    
    Format : identity:role:domain:level 
        /etc/selinux/targeted/setrans.conf 
    #chcon -> to change the context 
    
    #pwd -> /var/www/html 
    #cat /tmp/a.html 
    #mv /tmp/a.html .
    #ls -Z a.html 
    #wget http://localhost/a.html 
    #chcon --reference=/var/www/html a.html 
    #ls -Z a.html 
    #wget http://localhost/a.html 
    --> /etc/selinux/config 
        setenfoce:
        setsebool 
    #sestatus 
    #/var/log/messages 
    
    GRUB -> 'e' -> vmlinuz -> ctrl+e(end of the line) -> tambahkan kata "single" -> 
         ctrl+x(to boot)
        #tail -f /var/log 
        #crash program (man crash)
        #mount /dev/sda9 -o remount,rw
        #fsck /dev/hda1 -> fix inodes yang disconnected 
            #fsck -y -> yes(JANGAN)
        #mount -o remount,rw /
        #mount -o remount,rw UUID=masukin uuidnya, liat pake fstab / id 
        
Package Management 
    #rpm -qf /usr/bin/xterm 
    #rpm -ql xterm 
    #rpm -i http://www.example.com/downloads/foo.rpm 
    #rpm -F ftp://updates.example.com/update/foo.rpm
    
    #ls /usr/src/redhat/SOURCES/
    #rpm -Uvh apa.rm=pm 
    #ls /usr/src/redhat/SOURCES/
        #./configure
        #make
        #make install 
    #rpm -V coreutils -> verified
        s = size 
        M = mode differs 
        5 = md5 sum 
        D = device major/minor number 
        L = readlink(2) path mismatch 
        U = user ownership differs 
        G = group ownership differs 
        T = mtime differs 
        
    #yum -C -> Engga cek jaringan 
        /etc/yum.repos.d 
    #yum info logwatch 
    #yum list 
        #yum list installed 
        #yum list updates 
        #yum list available 
        #yum list recent 
    #yum provides /usr/bin/gnuplot 
    #yum install vim-enhanced / yum -y 
    #yum check-update 
    #yum update -> includes --obsoletes 
    #yum upgrade 
    #yum remove foo 
    #yum erase foo 
    
    #rpm -qf /bin/ls 
    #rpm -ql coreutils
    #touch /bin/ls 
        rpm -V coreutils
    #touch /bin/cp 
        rpm -V coreutils 
        
Managing users and group 
    chown yudha file.txt 
    chown yudha:groupIT file.txt 
    chgrp groupIT file1.txt 
        ls -l file.txt 
    
    #useradd yudha 
        #cat /etc/passwd -> ada !! -> LOCK 
             /etc/shadow 
        #cat /etc/group 
             /etc/gshadow 
        #/etc/skel / .bashrc 
    #useradd -b : base directory 
             -c / --comment 
             -d / --home-dir 
             -g / --gid
             -G / --groups 
             -p : encrypted 
             -s / --shell 
             -u / --uid 
        /etc/default/useradd 
        
    #vipw -> edit /etc/passwd 
    #passwd newuser 
    #vigr -> edit /etc/group 
        #mkdir /home/newuser 
        #cp /etc/skel/.* /home/newuser
        #chown -R newuser:newuser /home/newuser 
    #userdel -f 
    #usermod -c : comment 
             -d : home dir 
             -e : data user account will expire 
             -g : login group
             -l : username 
             -p : password 
             -s : shell 
    #chage -l username 
           -d : set number days since the Epoch 
           -E : set number when account will expire
           -m : set minimum days password changes 
           -M : set maximum days password changes 
           -W : warning days 
    #chage -l yudha 
        #chage -m 90 yudha -> min 3 bulan 
        #chage -l yudha 
    #groupadd newgrp 
        #tail -l /etc/group 
    #usermod -G yudha,newgrp yudha 
        #groups yudha 
    #groupmod yudha /etc/group 
        #groupod -g 555 yudha 
        #grep yudha /etc/group
     #grep yudha /etc/group 
        #groupdel yudha 
        #grep yudha /etc/group 
        
    
User Administration 1 
    /etc/bashrc 
        scrips in /etc/profile.d 
    ~/.bash_profile  / ~/.bashrc 
    #chsh -> /bin/csh 
    #echo $0    -> grep yudha /etc/passwd 
    #gpasswd    -> /etc/group
    #userpasswd -> GUI program to change password 
    #yppasswd   -> change passwd in NIS 
    #ypchfn     -> change finger in NIS 
    #ypchsh     -> change shell in NIS 
    
    #pwck       -> check password files
    #chpasswd   -> change password file in batch mode 
    #grpconv    -> convert to shadowed group passwords 
    #pwconf     -> convert to shadowed passwords 
    #grpunconv  -> remove shadowed group password
    #pwunconv   -> remove shadowed passwords 
    
    #su - username -> - buat shell and env 
     su - -> root 
    #vim /etc/bashrc 
        Insert -> echo In /ect/bashr!
    #vim .bash_profile 
        Insert -> echo In .bash_profile!
    #vim .bashrc 
        Insert -> echo In .bashrc!
    #echo $0 
        #grep yudha /etc/passwd 
    #chsh -> /bin/sh atau /bin/bash 
        #/bin/sh 
        #grep yudha /etc/paswd 
        #echo $0 

User Administration 2
    #ls -l /usr/bin/passwd 
        -> s -> owner suid/sgid, x permission 
    
    Perl 
    #!/usr/bin/perl 
    user warnings;
    print "real user id:    $< \n";
    print "effective user id: $> \n";
    #ls -l /tmp/suidtest.pl 
    #/tmp/suidtest.pl 
    #su - yudha 
        #/tmp/suidtest.pl 
        #chmod ug+s /tmp/suidtest.pl 
        #ls -l /tmp/suidtest.pl 
        #su - yudha 
        #/tmp/suidtest.pl
    
    SGID DIR 
    #mkdir /tmp/test 
    #chmod 777 /tmp/test 
    #ls -l /tmp/test 
    #ls -ld /tmp/test 
    #su - yudha 
        #mkdir /tmp/test/fool 
        #ls -ld /tmp/test/fool
    #chmod g+s /tmp/test 
    #ls -ld /tmp/test 
    #su - yudha 
        #mkdir /tmp/test/foo2 
        #ls -ld /tmp/test/* 
    
    Sticky bits protects files in dir 
    #mkdir /tmp/newtmp 
    #chmod 777 /tmp/newtmp
    #ls -ld /tmp/newtmp
    
    #touch /tmp/newtmp/foo.txt 
    #chmod 700 /tmp/newtmp/foo.txt 
    #ls -l /tmp/newtmp/foo.txt 
    
    #su - yudha 
    #echo hi >> /tmp/newtmp/foo.txt 
    #ls -l /tmp/newtmp/foo.txt 
    #rm /tmp/newtmp/foo.txt 
    #ls -l /tmp/newtmp/foo.txt 
    
    *THE STICKY BIT 
    #chmod +t /tmp/newtmp 
    #ls -ld /tmp/newtmp
    #touch /tmp/newtmp/foo.dat 
    #chmod 700 /tmp/newtmp/foo.dat 
    #su - yudha 
        #rm /tmp/newtmp/foo.dat 
        
    #umask -> 0002 
    #umask -S 
    #umask 027 -> file 640, dir 750 
        #mkdir bar.dir 
        #ls -ld bar.dir 
    #umask 
    #umask -S 
    #umask -S u=rwx,g=r,o=r 
        #touch baz.dat 
        #ls -l baz.dat 
        #mkdir blah.dir 
        #ls -ld blah.dir 
        
    #umask 077 
    #touch abc.dat 
    #ls -l abc.dat 
    #mkdir def.dir 
    #ls -ld def.dir 
    
    #mkdir test 
    #chmod 777 test 
    #ls -ld /tmp/test 
    #su - yudha 
    #cd /tmp/test 
        #mkdir foo1 
        #ls -d foo1 
        #ls -ld foo1 
        #chmod g+s test 
        #ls -ld test 
        #cd /tmp/test 
            #mkdir foo2 
            #ls -ld 
            #ls -ld foo* 
        #chmod +t test 
        #ls -ld test 
        #cd test 
            #touch test.txt 
            #chmod 700 test.txt 
            #rm test.txt -> harus ga bisa diremove 
        #umask -> default 0022 
        #umask 0077 
        
ACL PAM and Remote Authentication 
    #touch test.txt 
    #chmod 750 test.txt 
    #ls -l test.txt 
    #getfacl test.txt 
    
    ***ACL FILE*** 
    #setfacl -m user:yudha:rw- test.txt 
    #getfacl --omit-header test.txt 
        #ls -l test.txt -> ada tanda '+' nya 
        #su - yudha 
        #echo hi >> /tmp/test.txt -> can modify 
    ***ACL DIR***
    #mkdir /tmp/acl
    #chmod 700 /tmp/acl 
    #getfacl --omit-header /tmp/acl 
        #su - yudha 
        #touch /tmp/acl/test.txt -> Permission denied 
    #setfacl -m user:yudha:rwx /tmp/acl 
    #getfacl --omit-header /tmp/acl 
    #ls -ld /tmp/acl 
        #su - yudha 
        #touch /tmp/acl/test.txt 
        #ls -l /tmp/acl/test.txt 
        
    ***PAM(Pluggable Authentication Modules)***
    #cat /etc/pam.d/login 
    PAM modules
    - pam_env      - set/unset env var 
    - pam_unix     - traditional pass auth 
    - pam_cracklib - check the pass against dict words 
    - pam_console  - determine the user owning the system console 
    - pam_listfile - deny / allow services 
    - pam_shells   -  check for valid login shell in /etc/shells 
    - pam_time     - time controlled access 
    
    ***4 KATEGORI dalam PAM config files***
    1. auth     -> auth modules 
    2. account  -> modules to perform user account lookup 
    3. password -> update password as needed 
    4. session  -> actions to take before / after auth 
    
    - required   : module must return TRUE / the auth fails, failure is 
                   reported after all other modules do their work
    - requisite  : module must return TRUE / the auth fails, failure is 
                   reported immediately 
    - sufficient : if module succeeds, no further check are required, if not 
                   execute remaining modules 
    - optional   : success / failure doesn't affect results 
    
    ***PAM STACK***
    #/etc/securetty 
     auth     required    /lib/security/pam_securetty.so 
    #/etc/password atau /etc/shadow. nullok : allows a blank password 
     auth    required    /lib/security/pam_unix.so nullok(allows a blank password)
    #/etc/nologin -> jika /etc/nologin ada, jika ga ada dan user bukan root, auth GAGAL 
     auth    required    /lib/security/pam_nologin.so 
 -->#cat /etc/pam.d/system-auth
        pam_stack.so module buat the stack
    
    ***Remote authentication***
    NIS (network information service)
    LDAP -> /etc/ldap.conf
    SMB (server message block windows like service)
    -> default user auth use local auth 128 bit MD5 
    #system-config-authentication & 
        yum install authconfig-gtk 
        
    #ssh localhost 
    #ls ~/.ssh/known_hosts 
    #ssh-keygen -t rsa 
    #ls ~/.ssh/ 
    #vi ~/.ssh/id_rsa.pub
    #vi .ssh/authorized_keys 
    #chmod 600 .ssh/authorize_keys 
    #ssh localhost 

QUOTAS AND LUKS 
    - Typically, only certain partitions have quotas:
      /home 
      /tmp 
      /var/spool/lpd - print spools 
      /var/spool/mail
      /var/www 
     
    #mount /dev/sda6 /tmppart -o usrquota, grpquota 
    #mount | grep tmppart 
    #quotacheck -cug /tmppart 
    #quotacheck -avug 
    #quotaon /dev/sda6 = ON 
    
    #edquota yudha 
     - blocks = 1024 byte portions of the disk 
     - inodes = number of files a user can create 
     - a soft limit = number of blocks / files if reached the user will 
       be warned & will have a grace period to resolve the issue -> 3 
     - a hard limit = number of blocks / files if reached the user 
       will unable to create new files -> 5 
    #edquota -g thisgroup 
    #edquota -t 
    
    ***TESTING***
    #mkdir /boot/yudha 
    #chown yudha:yudha /boot/yudha 
    #su - yudha 
        #cd /etc/yudha 
        #cp -r /etc/pam.d 
        #quota 
    #edquota -p yudha arry auser 
    * TO MAKE QUOTAS PERMANENT, EDIT /etc/fstab, add usrquota, grpquota 
    /dev/sda6    /tmp/tmppart    ext3    usrquota,grpquota 1 2 
    
    ***LUKS(LINUX UNIFIED KEY SETUP)***
    - Encrypts disk partitions 
    - Encrypts the entire block devices 
    - Can encrypt swap devices 
    - Uses existing device mapper kernel subsystem 
    - Can encrypt during install / manually 
    
    - Create a new partition 
        #fdisk /dev/sda 
         n 
         <ret>
         +250 
         w 
        #partprobe (or reboot)
        #mkfs.ext4 -t ext4 /dev/sda8 
    - File partition with random data     
        #shred -v --iterations=1/dev/sda8 
    - Initialize partition 
        #cryptsetup --verbose --verify-passphrase \ luksFormat /dev/sda8 
    - Open Device 
        #cryptsetup luksOPen /dev/sda8 
    - Make sure it is present 
        #ls -l /dev/mapper | grep luks 
    - Make a file system 
        #mkfs.ext4 /dev/mapper/luks 
    - Mkdir and mount 
        #mkdir /mnt/LUKS 
        #mount /dev/mapper/luks /mnt/LUKS 
    - Add to /etc/crypttab 
        luks /dev/sda8 none 
    - Add to /etc/fstab 
        /dev/mapper/luks /mnt/LUKS ext4 defaults 1 2 
        
    ***DEMO***
    #mount /dev/sda14 /mnt/tmppart -o usrquota,grpquota 
    #quotacheck -cug /mnt/tmppart 
    #ls /mnt/tmppart/
    #quotacheck -avug 
    #quotaon /dev/sda14 
    #edquota username -> masukkan soft 3 hard 5 
        #cd /mnt/tmppart/
        #touch a.dat 
    #chmod 777 /mnt/tmppart 
        #cd /mnt/tmppart/
        #touch a.dat
        #touch b.dat
        #touch c.dat
        #touch d.dat
    ADA BACAAN QUOTA EXCEEDED 
    #ls /mnt/LUKS 
    #mkfs.ext4 /dev/sda15 
    #shred-v --iterations=1 /dev/sda15 -> random data 
    #cryptsetup --verbose --verify-passphrase luksFormat /dev/sda15 -> YES 
    #cryptsetup luksOpen /dev/sda15 luks2
    #ls -l /dev/mapper/ | grep luks 
    
Networking & IP 
    eth0 - first 
    eth1 - second 
    ppp0 - first point-to-point interface 
    #dmesg | grep eth 
    #/usr/sbin/ethtool -i eth0 
    #/usr/sbin/ethtool --driver eth0 
    - ethtool -> display the driver information 
                 dump the register 
                 execute self tests 
                 display statistics 
                 change the speed, duplex, port settings 
    #man ethtool 
    #/usr/sbin/ethtool -s speed 100 
    #/usr/sbin/ethtool -s duplex full 
    ipv6 
        :0000:0000:0000:
        :0:0:0:
        :::
        0:0:0:0:0:0:0:1 = ::1 
    #ifup eth0 
     ifdown eth0
    #/etc/init.d/network stop|start|restart 
    #service network restart 
    #systemctl disable|stop|enable|start network.service 
    #ifconfig -a 
    #ifconfig eth0 10.10.10.10/24 up 
    #netstat -rn 
    #route add -net default gw 10.10.10.254 
    #route del -net default gw 10.10.10.254 
    #ifconfig eth0 0.0.0.0 down 
    #ip addr show eth0 
    #ip addr add 10.10.10.10/24 dev eth0 
    #ip addr del 10.10.10.10/24 dev eth0
    #ip link show eth0 
    #ip link set eth0 up 
    #ip route 
    #ip route add to default via 10.10.10.254 dev eth0
    #ip addr del 10.10.10.10 dev eth0 
    #ip link set eth0 down 
        
    #/etc/sysconfig/network-scripts/ifcfg-ethN 
    #/etc/sysconfig/network 
    #/etc/host.conf -> service to use 
     /etc/hosts -> hosts known 
     /etc/resolv.conf 
    #netstat -c -> port 
    
    IPV6 UTILITIES :
        #ping6
        #traceroute6 
        #tracepath6 
        #ip -6 
        #host -t AAAA hostname6.domain6 -> DNS lookup 
    
    cron(chronograph) -> /var/spool/cron 
    #/etc/crontab 
    #/etc/cron.d/*
    #min hour month_day month week_day command 
    0     0        *        *        *        /opt/bin/apa 
    0,30 *        *        *        1-5     /opt/bin/apa
    30   6         *        *        1-5     /opt/bin/apa
    #ls /etc/cron.daily/
    #cat /etc/cron.daily/cups -> remove spooled print files 
    #/etc/crontab -> /etc/cron.hourly -> /etc/cron.daily
    #/etc/anacrontab
    
FINDING THINGS 
    #which 
        which -a / --all date 
    #whatis 
        created by /usr/sbin/makewhatis 
        whatis printf 
        whatis print
    #find 
        find /usr -name zip
        find /usr -name zip 2>/dev/null 
        find / -atime 1 -> last day akses 
        find --date="11:52 am jan 21 2010" /tmp/reference_time
        find / -newer /tmp/reference_time
        find /filer/videos -name .snapshot -prune -o -type f \ -mtime 1 -print 
        find /home -perm -4000 -exec chmod u-s {} \;
        find /home -perm -4000 -print0 | xargs -0 chmod u-s = xargs 
        find /var/www/htdocs -type d -exec chmod 2775 {} \;
        find /var/www/htdocs -type f -exec chmod 664 {} \;
        find /home -iname "My Documents" -exec rm -rf {} \;
    #locate -> search database
        updatedb 
        /etc/updatedb.conf and set DAILY_UPDATE=yes 
    #locate locate 
     locate -i : case insensitive 
            -n : limit the lines of output
            -e : exclude proide dir 
            -r : filter with the supplied regex 
            -d : path of database 
    #apropos / man -k
        man -k print 
        man -K Linux -> searches the content of man pages 
    
Linux Process 
    #ls -F /var/log 
    #/etc/logrotate.conf -> logs di rotated by logrotate 
    #ls /etc/logrotate.d -> look for services that use logrotate 
    #gnome-system-monitor & 
    #top
        h : help 
        q : quit 
        k : k + PID -> kill 
    #kill -l 
        man 7 signal 
    #sleep 600 & 
     jobs 
     kill 13809 
     jobs 
    SIGTERM(15) = DEFAULT 
    Jika signal tidak kill the process coba SIGQUIT(3), SIGINT(2)
    
    #find / -name foo.txt 2>/dev/null & 
     jobs 
     kill -3 13948 ATAU kill -QUIT 13948 
    CUPS -> http://localhost:631/help 
        #system-config-printer & 
        
Kernel Services 
    Monolithic 
        - All the drivers compiled into the kernel 
        - Faster access to hardware 
        - Requires the kernel to be rebuilt 
        - Loads/unloads driver modules as needed 
    Modular 
        - Kernel is leaner 
        - Runs on a wide range of hardware 
    #lsmod : display currently loaded modules 
        #cat /proc/modules 
        #lsmod | grep vfat 
        #modprobevfat 
        #lsmod | grep vfat
        #insmod: insert a module into the kernel 
        #rmmod : remove a module from the kernel 
        #depmod: create a list of module dependency used by modprobe 
        #modprobe: load all modules listed in modules.dep 
        #mount -r -t vfat /dev/fd0 /mnt/floopy
        #lsmod 
    #ps jaxkuid / yudhaid -> kernel dimulai dengan 'K'
    #ls /boot/init* /boot/vmlinuz*
    initramfs -> initial ram filesystem 
        - a compressed cpio archive 
        - berisi insmod and mdprove, devies in /dev kernel modules in /lib
        - init shell script that loads the necessary modules 
    initramfs - is built at kernel install / upgrade time otomatis 
              - Created with dracut 
              - /etc/dracut.conf 
    #dracut - initramfs dapat dibuat dengan dracut
            - file disimpan di /boot tidak di overwrite 
    #dracut "initramfs-$(uname -r).img" #(uname -r)
    #lsinitrd initramsfs-2.6.32.......img
    #ls /boot/config-*
     ls /boot/System.map-*
     http://dirac.org/linux/system.map 
     
    Kernel Initialization 
        - Kernel initializes, configure virtual memory, io,storage 
        - Look for initramfs, decompresses it, mounts it, load necessary drivers 
        - Initializes virtual devices(LVM, RAID)
        - Unmounts initramfs disk image 
        - Creates a root device and mounts it read-only
        - Executes /sbin/init 

MORE ON KERNEL 
    - sysctl : kernel configuration 
    - Installing a new kernel 
    - /proc filesystem 
    - sysctl command 
      /proc/sys : view and modify kernel 
    #sysctl -a 
    #sysctl net.ipv4.ip_forward 
     sysctl net.ipv4.ip_forward=1
     echo 1 >> /proc/sys/net/ipv4/ip_forward 
     
    "Untuk membuat permanent add it to /usr/lib/sysctl.d/00-system.conf"
    #rpm -qa kernel* 
    #rpm -ivh kernel-2.6.40......rpm 
    #rpm -Uvh kernel-2.6.40......rpm 
    #rpm -ivh --force kernel-2.6.40......rpm ->reinstall it
    #cat /etc/grub.conf 
    #ll /proc/meminfo 
    #cat /proc/meminfo 
    #cat /proc/cpuinfo 
    #cat /proc/devices 
    #cat /proc/filesystems
    #cat /proc/modules -> loaded modules 
    #cat /proc/cmdline -> kernel boot 

SOFTWARE RAID 
    RAID0  : striped disks - distribute data across all disks - no redundancy 
    RAID1  : mirrored disks - duplicates data across all disks in the array 
    RAID5  : striped disk with parity - combine 3 / 
             more disk so that loss of one disk will not lose any data 
    RAID6  : striped disk with dual parity - can recover from the loss of two disks
    RAID10 : striped and mirroed disks - uses both striping and mirroring
    
    #fidsk -l /dev/sda | grep fd 
    #mdadm -C /dev/md0 -1 1 -n 2 /dev/sd8 /dev/sda9 
        -> array started
    #mkfs -j -b 2048 -R stride=32 /dev/md0 
    #mkdir /mnt/RAID 
    #mount /dev/md0 /mnt/RAID 
        Add a mount point ke /etc/fstab
        /dev/md0    /mnt/RAID    ext4    defaults    1 2 
    #mdadm -D /dev/md0 
    
    Removing RAID 
    #mdadm --manage /dev/md0 --fail /dev/sda8
    #mdadm --manage /dev/md0 --remove /dev/sda8
    #mdadm --manage /dev/md0 --fail /dev/sda9
    #mdadm --manage /dev/md0 --remove /dev/sda9
    
    STOP RAID 
    #umount /mnt/RAID 
    #mdadm --manage --stop /dev/md0 
    
    DEMO 
    ---CREATING RAID---
    #fdisk /dev/sda
        n -> logical partition 10
        +500M
        n -> logical partition 11 
        +500M
        p 
        t 
        partition number : 10 
        Hex code (type L to list all) : L 
            18 fd Linux raid 
            fd 
            p 
            t 
        partition number : 11
        Hex code (type L to list all) : L 
            18 fd Linux raid 
            fd 
            p 
            t
            w 
    #partprobe 
    #mdadm -C /dev/md0 -l -n 2 /dev/sda10 /dev/sda11 
    #mkfs -j -b 2048 -R stride=32 /dev/md0 
    #mkdir /mnt/RAID 
    #mount /dev/md0 /mnt/RAID 
    #cd /mnt/RAID
        ls 
    #vim /etc/fstab 
        /dev/md0 /mnt/RAID ext4 defaults 1 2 
    #mdadm -D /dev/md0 
    
X WINDOWS SYSTEM 
    #gnome-control-center & 
    Configuring X.org 
    gdm -> 0.0 
    #xhost 
     xhost + 192.168.7.111 
     xhost - 192.168.7.111 
    
    #export DISPLAY=192.168.7.123:0.0 
    #xterm & 
    #ssh -X yudha@192.168.7.123 
    #xclock & 
    #xhost + 
    #echo $DISPLAY
    #ssh localhost 
    #export DISPLAY=:0 
    #xterm &
    
TROUBLESHOOTING 
    X Windows 
        #gnome 
         ls ~/.g*
        #kde     
         ls ~/.k* 
    #gnome-control-center &
    
    Network interface 
        #ip link show 
        #ifconfig a 
        #ip route 
        #netstat -rn 
        #ethtool eth0 
        #ifconfig eth1 
        #ifdown eth; ifup eth0 
        #dhclient eth0 
        #traceroute / tracepath / mtr 
        
    Filesystem
        #fsck, fdisk, mkfs 
         dump/restore -> to create / restore backups 
         edit /etc/fstab 
         edit /etc/inittab 
         checking logs 
         dmesg 
         fsck 
         e2fsck 
         debugfs 
    livecd#mount /dev/sda1 /mnt 
          #cat /mnt/etc/fstab 
          #mount /dev/sda2 /mnt
          #mount /dev/sda3 /mnt
          
          #chroot /mnt -> to change root directory
          #grub-install /dev/sda
  

 

 

 

 

Author:

Teman yang baik, teman yang memaksa anda untuk terus berkembang...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s