description | cover | coverY |
---|---|---|
My lecture notes on Linux Essentials (LPI) and Some System Administration (partitioning, RAID, LVM, DHCP, DNS, DDNS, Apache, etc.). The content is mostly in English, but some parts may be in German. |
0 |
chgrp <Gruppe> <File||Dir>
chgrp verkauf /zugriff/vk
chown <user> <File||Dir>
chown <user>
:
<group> <File||Dir>
chown``
:
<group> <File||Dir>
Für die folgenden Punkte benutzen Sie bitte Debian Mate.
carla
chenin
carlo
charles
celile
cagri
useradd -m carla
useradd -m chenin
useradd -m carlo
useradd -m charles
useradd -m celile
useradd -m cagri
ls -l /home/
to prove that users with home directories were created successfully.
Alternatively:
useradd -m -G team1 caro
The group must have been created before.
It is always best practice to create groups first.
team1 ( carla,celile )
team2 ( cagri, chenin )
team3 ( carlo,charles )
groupadd team1
groupadd team2
groupadd team3
Expert Mode: echo team1 team2 team3 | xargs -n 1 groupadd -r
nano /etc/group
team1:x:1014:carla,celile
team2:x:1015:cagri,chenin
team3:x:1016:carlo,charles
/a-daten/pott1
/a-daten/pott2
/a-daten/pott3
mkdir -p /a-daten/pott1/
mkdir /a-daten/pott2/
mkdir /a-daten/pott3/
ls -l /a-daten/ to prove
team1 auf pott1
team2 auf pott2
team3 auf pott3
chgrp team1 /a-daten/pott1
chgrp team2 /a-daten/pott2
chgrp team2 /a-daten/pott3
OR
cd /a-daten/
chown root:team1 pott1
chown root:team2 pott2
chown root:team3 pott3
rwx rwx --T
chmod 1770 /a-daten/*
usermod carlo -G team1
to add carlo into team1 group.
usermod -a -G group1,group2 username
to add a user into different groups.
usermod -aG sudo ozgur
add the user ozgur to sudo group (= make him Admin)
usermod -l user_newname user_oldname
to rename a user
ls -l
typ rights link owner group bytes date Name
- rwxr-xr-x 2 root root 484 18.04 test.txt
d rwxr-xr-x 2 root root 4096 25.04 pool
/dev/sda
We have already and we would like to add a new one.
Let’s say we are adding a new disk to our system. We need to follow these steps:
- partitionieren (partition)
- formatieren (format)
- montieren (mount)
In VirtualBox, Linux Mint, we added a 5 GB secondary disk.
List block devices
ozgur@frelin:~$``
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 15,5G 0 disk
├─sda1 8:1 0 1M 0 part
├─sda2 8:2 0 513M 0 part /boot/efi
└─sda3 8:3 0 15G 0 part /
sdb 8:16 0 5G 0 disk
sr0 11:0 1 1024M 0 rom
Zeigt formatierte Partitionen.
shows only the formatted partitions.
sdb
is not visible because it is not formatted yet.
ozgur@frelin:~$ blkid
/dev/sda2: UUID="87FB-00E8" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="f737667d-1be9-4d2e-8be7-5f6c3aafd91a"
/dev/sda3: UUID="c282c0f1-ce03-406c-9f17-3e878c3402e9" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="0213cc74-73d7-4098-a0e7-b6746304c282"
fdisk (old) => MBR (512 bytes, supports 4 partitions only. Not used any more.)
gdisk => GUID (Globally Unique Identifier, GPT (GUID Partition Table). Only this is used today. Supports 128 partitions.
root@frelin:~# ls -l /dev/sd*
brw-rw---- 1 root disk 8, 0 Apr 25 11:01 /dev/sda
brw-rw---- 1 root disk 8, 1 Apr 25 11:01 /dev/sda1
brw-rw---- 1 root disk 8, 2 Apr 25 11:01 /dev/sda2
brw-rw---- 1 root disk 8, 3 Apr 25 11:01 /dev/sda3
brw-rw---- 1 root disk 8, 16 Apr 25 11:01 /dev/sdb
root@frelin:~# gdisk /dev/sdb
GPT fdisk (gdisk) version 1.0.8
Partition table scan:
MBR: not present
BSD: not present
APM: not present
GPT: not present
Creating new GPT entries in memory.
Command (? for help): ?
b back up GPT data to a file
c change a partition's name
d delete a partition
i show detailed information on a partition
l list known partition types
n add a new partition
o create a new empty GUID partition table (GPT)
p print the partition table
q quit without saving changes
r recovery and transformation options (experts only)
s sort partitions
t change a partition's type code
v verify disk
w write table to disk and exit
x extra functionality (experts only)
? print this menu
Command (? for help): p
Disk /dev/sdb: 10485760 sectors, 5.0 GiB
Model: VBOX HARDDISK
Sector size (logical/physical): 512/512 bytes
Disk identifier (GUID): 7A265ABA-9BE4-4E7D-A3F5-E4045514990E
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 10485726
Partitions will be aligned on 2048-sector boundaries
Total free space is 10485693 sectors (5.0 GiB)
Number Start (sector) End (sector) Size Code Name
Command (? for help): n
Partition number (1-128, default 1): ↲
First sector (34-10485726, default = 2048) or {+-}size{KMGTP}: ↲
Last sector (2048-10485726, default = 10485726) or {+-}size{KMGTP}: +1G
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300): ↲
Changed type of partition to 'Linux filesystem'
Command (? for help): p
Disk /dev/sdb: 10485760 sectors, 5.0 GiB
Model: VBOX HARDDISK
Sector size (logical/physical): 512/512 bytes
Disk identifier (GUID): 7A265ABA-9BE4-4E7D-A3F5-E4045514990E
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 10485726
Partitions will be aligned on 2048-sector boundaries
Total free space is 8388541 sectors (4.0 GiB)
Number Start (sector) End (sector) Size Code Name
1 2048 2099199 1024.0 MiB 8300 Linux filesystem
Command (? for help): l
Type search string, or <Enter> to show all codes:
0700 Microsoft basic data 0701 Microsoft Storage Replica
0702 ArcaOS Type 1 0c01 Microsoft reserved
2700 Windows RE 3000 ONIE boot
3001 ONIE config 3900 Plan 9
4100 PowerPC PReP boot 4200 Windows LDM data
4201 Windows LDM metadata 4202 Windows Storage Spaces
7501 IBM GPFS 7f00 ChromeOS kernel
7f01 ChromeOS root 7f02 ChromeOS reserved
8200 Linux swap 8300 Linux filesystem
8301 Linux reserved 8302 Linux /home
8303 Linux x86 root (/) 8304 Linux x86-64 root (/)
8305 Linux ARM64 root (/) 8306 Linux /srv
8307 Linux ARM32 root (/) 8308 Linux dm-crypt
8309 Linux LUKS 830a Linux IA-64 root (/)
830b Linux x86 root verity 830c Linux x86-64 root verity
830d Linux ARM32 root verity 830e Linux ARM64 root verity
830f Linux IA-64 root verity 8310 Linux /var
8311 Linux /var/tmp 8312 Linux user's home
8313 Linux x86 /usr 8314 Linux x86-64 /usr
8315 Linux ARM32 /usr 8316 Linux ARM64 /usr
8317 Linux IA-64 /usr 8318 Linux x86 /usr verity
Press the <Enter> key to see more codes, q to quit:
8319 Linux x86-64 /usr verity 831a Linux ARM32 /usr verity
831b Linux ARM64 /usr verity 831c Linux IA-64 /usr verity
8400 Intel Rapid Start 8401 SPDK block device
8500 Container Linux /usr 8501 Container Linux resizable rootfs
8502 Container Linux /OEM customization 8503 Container Linux root on RAID
8e00 Linux LVM a000 Android bootloader
a001 Android bootloader 2 a002 Android boot 1
a003 Android recovery 1 a004 Android misc
a005 Android metadata a006 Android system 1
a007 Android cache a008 Android data
a009 Android persistent a00a Android factory
a00b Android fastboot/tertiary a00c Android OEM
a00d Android vendor a00e Android config
a00f Android factory (alt) a010 Android meta
a011 Android EXT a012 Android SBL1
a013 Android SBL2 a014 Android SBL3
a015 Android APPSBL a016 Android QSEE/tz
a017 Android QHEE/hyp a018 Android RPM
a019 Android WDOG debug/sdi a01a Android DDR
a01b Android CDT a01c Android RAM dump
a01d Android SEC a01e Android PMIC
Press the <Enter> key to see more codes, q to quit:
a01f Android misc 1 a020 Android misc 2
a021 Android device info a022 Android APDP
a023 Android MSADP a024 Android DPO
a025 Android recovery 2 a026 Android persist
a027 Android modem ST1 a028 Android modem ST2
a029 Android FSC a02a Android FSG 1
a02b Android FSG 2 a02c Android SSD
a02d Android keystore a02e Android encrypt
a02f Android EKSST a030 Android RCT
a031 Android spare1 a032 Android spare2
a033 Android spare3 a034 Android spare4
a035 Android raw resources a036 Android boot 2
a037 Android FOTA a038 Android system 2
a039 Android cache a03a Android user data
a03b LG (Android) advanced flasher a03c Android PG1FS
a03d Android PG2FS a03e Android board info
a03f Android MFG a040 Android limits
a200 Atari TOS basic data a500 FreeBSD disklabel
a501 FreeBSD boot a502 FreeBSD swap
a503 FreeBSD UFS a504 FreeBSD ZFS
a505 FreeBSD Vinum/RAID a580 Midnight BSD data
Press the <Enter> key to see more codes, q to quit:
a581 Midnight BSD boot a582 Midnight BSD swap
a583 Midnight BSD UFS a584 Midnight BSD ZFS
a585 Midnight BSD Vinum a600 OpenBSD disklabel
a800 Apple UFS a901 NetBSD swap
a902 NetBSD FFS a903 NetBSD LFS
a904 NetBSD concatenated a905 NetBSD encrypted
a906 NetBSD RAID ab00 Recovery HD
af00 Apple HFS/HFS+ af01 Apple RAID
af02 Apple RAID offline af03 Apple label
af04 AppleTV recovery af05 Apple Core Storage
af06 Apple SoftRAID Status af07 Apple SoftRAID Scratch
af08 Apple SoftRAID Volume af09 Apple SoftRAID Cache
af0a Apple APFS b300 QNX6 Power-Safe
bb00 Barebox boot loader bc00 Acronis Secure Zone
be00 Solaris boot bf00 Solaris root
bf01 Solaris /usr & Mac ZFS bf02 Solaris swap
bf03 Solaris backup bf04 Solaris /var
bf05 Solaris /home bf06 Solaris alternate sector
bf07 Solaris Reserved 1 bf08 Solaris Reserved 2
bf09 Solaris Reserved 3 bf0a Solaris Reserved 4
bf0b Solaris Reserved 5 c001 HP-UX data
Press the <Enter> key to see more codes, q to quit:
c002 HP-UX service e100 ONIE boot
e101 ONIE config e900 Veracrypt data
ea00 XBOOTLDR partition eb00 Haiku BFS
ed00 Sony system partition ed01 Lenovo system partition
ef00 EFI system partition ef01 MBR partition scheme
ef02 BIOS boot partition f800 Ceph OSD
f801 Ceph dm-crypt OSD f802 Ceph journal
f803 Ceph dm-crypt journal f804 Ceph disk in creation
f805 Ceph dm-crypt disk in creation f806 Ceph block
f807 Ceph block DB f808 Ceph block write-ahead log
f809 Ceph lockbox for dm-crypt keys f80a Ceph multipath OSD
f80b Ceph multipath journal f80c Ceph multipath block 1
f80d Ceph multipath block 2 f80e Ceph multipath block DB
f80f Ceph multipath block write-ahead l f810 Ceph dm-crypt block
f811 Ceph dm-crypt block DB f812 Ceph dm-crypt block write-ahead lo
f813 Ceph dm-crypt LUKS journal f814 Ceph dm-crypt LUKS block
f815 Ceph dm-crypt LUKS block DB f816 Ceph dm-crypt LUKS block write-ahe
f817 Ceph dm-crypt LUKS OSD fb00 VMWare VMFS
fb01 VMWare reserved fc00 VMWare kcore crash protection
fd00 Linux RAID
Press the <Enter> key to see more codes, q to quit: w
Likewise, we create 2 more partitions 2 GB each.
mkfs
mkfs default: ext2
We have 2 options to use mkfs command:
- mkfs.ext4 /dev/sdb1
- mkfs -t ext3 /dev/sdb1
Since we have the disk formatted, now we can see it with the command blkid.
root@frelin:~# blkid
/dev/sda2: UUID="87FB-00E8" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="f737667d-1be9-4d2e-8be7-5f6c3aafd91a"
/dev/sda3: UUID="c282c0f1-ce03-406c-9f17-3e878c3402e9" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="0213cc74-73d7-4098-a0e7-b6746304c282"
/dev/sdb1: UUID="8be56ad9-d654-4241-86b6-6c3815f787e1" BLOCK_SIZE="4096" TYPE="ext4" PARTLABEL="Linux filesystem" PARTUUID="885acaff-bcff-48fa-bc65-d3200eee23f0"
/dev/sdb2: UUID="c5c38143-d738-404b-aaf1-7062400b100a" BLOCK_SIZE="4096" TYPE="ext4" PARTLABEL="Linux filesystem" PARTUUID="488abce1-e18d-416c-a3cd-b00912451f9f"
/dev/sdb3: UUID="9fc9a7e9-27c7-4bc3-8f87-68c8329b7b7a" BLOCK_SIZE="4096" TYPE="ext4" PARTLABEL="Linux filesystem" PARTUUID="ec571ace-e9c0-44e5-8dca-8c2fb3eda5a8"
/dev/sda1: PARTUUID="48784f8f-7b4e-4976-8113-a777b40e4e4b"
root@frelin:~#
root@frelin:~# mkdir /platte-b/part1 -p
root@frelin:~# mkdir /platte-b/part2
root@frelin:~# mkdir /platte-b/part3
root@frelin:~# ls -l /platte-b/
total 12
drwxr-xr-x 2 root root 4096 Apr 25 12:06 part1
drwxr-xr-x 2 root root 4096 Apr 25 12:06 part2
drwxr-xr-x 2 root root 4096 Apr 25 12:06 part3
mount
mount <device> <mount-point>(directory)
mount /dev/sdb1 /platte-b/part1
Temporary. The mount disappears when the computer boots.
root@frelin:~# mount /dev/sdb1 /platte-b/part1
root@frelin:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 15,5G 0 disk
├─sda1 8:1 0 1M 0 part
├─sda2 8:2 0 513M 0 part /boot/efi
└─sda3 8:3 0 15G 0 part /
sdb 8:16 0 5G 0 disk
├─sdb1 8:17 0 1G 0 part /platte-b/part1
├─sdb2 8:18 0 2G 0 part
└─sdb3 8:19 0 2G 0 part
sr0 11:0 1 1024M 0 rom
To make it permanent we need to write it into the config file.
nano /etc/fstab
<file system> <mount point> <type> <options> <dump> <pass>
/dev/sdb1 /platte-b/part1 ext4 defaults 0 0
/dev/sdb2 /platte-b/part2 ext4 defaults 0 0
/dev/sdb3 /platte-b/part3 ext4 defaults 0 0
ext4 defaults (rw,auto,async,nouser,suid,exec,dev) 0 0
defaults,noauto,noexec,user (If there are things we don't want to add, we can remove them this way.)
We now save the file.
mount -a
Mounts all
root@frelin:~# mount -a
root@frelin:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 15,5G 0 disk
├─sda1 8:1 0 1M 0 part
├─sda2 8:2 0 513M 0 part /boot/efi
└─sda3 8:3 0 15G 0 part /
sdb 8:16 0 5G 0 disk
├─sdb1 8:17 0 1G 0 part /platte-b/part1
├─sdb2 8:18 0 2G 0 part /platte-b/part2
└─sdb3 8:19 0 2G 0 part /platte-b/part3
sr0 11:0 1 1024M 0 rom
Since we have saved the relevant settings in /etc/fstab, we can now see the partitions of the sdb device under /platte-b/ every time the computer is turned on. we don't need to use the mount -a command.
umount
Unmount command
umount /mnt
Lösung:
Lösung:
gdisk /dev/sdb
n
↲
↲
+3G
↲
p
n
↲
↲
+3G
↲
W
gdisk /dev/sdc
n
↲
↲
+3G
↲
p
n
↲
↲
+3G
↲
w
Lösung:
mkfs.ext4 /dev/sdb1
mkfs.ext4 /dev/sdb2
mkfs.ext4 /dev/sdc1
mkfs.ext4 /dev/sdc2
mount -a
4. Sie erzeugen die Verzeichnisse /data/einkauf, /data/verkauf, /data/buchhaltung, /data/management.
Lösung:
mkdir /data/einkauf -p
mkdir /data/verkauf
mkdir /data/buchhaltung
mkdir /data/management
dora, didi, durham, dani, dilek, doram, dassi, dana
Lösung:
Before adding new users, be sure that /etc/default/useradd has SHELL=/bin/bash for users. Otherwise users can not use bash shell.
cat /etc/shells shows us which shells are available on our system.
If we forget, to change later, we may use the command chsh (change shell).
sudo chsh -s /bin/bash <username>
useradd -m dora
useradd -m didi
useradd -m durham
useradd -m dani
useradd -m dilek
useradd -m doram
useradd -m dassi
useradd -m dana
passwd dora
..
..
passwd dana
bh, ek, vk und mgmt.
Lösung:
groupadd bh
groupadd vk
groupadd ek
groupadd mgmt
7. Die User didi, dana, doram kommen in ek; dora, durham in vk; dani, dilek in bh und dassi, dana in mgmt.
Lösung:
nano /etc/group
bh:x:1001:dani,dilek
vk:x:1002:dora,durham
ek:x:1003:didi,dana,duram
mgmt:x:1004:dassi.dana
8. Die Partition /dev/sdb1 wird auf /data/einkauf, /dev/sdb2 auf /data/verkauf, /dev/sdc1 auf /data/buchhaltung und /dev/sdc2 auf /data/management montiert. ( in der fstab)
Lösung:
nano /etc/fstab
/dev/sdb1 /data/einkauf ext4 defaults 0 0
/dev/sdb2 /data/verkauf ext4 defaults 0 0
/dev/sdc1 /data/buchhaltung ext4 defaults 0 0
/dev/sdc2 /data/management ext4 defaults 0 0
9. Ändern Sie das Gruppeneigentum auf die jeweilige Gruppe und geben Sie diese exklusive Zugriffsrechte.
Lösung:
chgrp bh /data/buchhaltung
chgrp ek /data/einkauf
chgrp vk /data/verkauf
chgrp mgmt /data/management
Or alternatively
chown :bh /data/buchhaltung
chown :ek /data/einkauf
chown :vk /data/verkauf
chown :mgmt /data/management
chmod 1770 /data/*
nano /etc/sudoers Users with admin privileges appear here.
nano /etc/group we see that: sudo:x:27:ozgur this means ozgur can use sudo.
date to see date and time.
date +%V Calendar Week
date +%Y 4 digit actual year
alias date=”date;date +%V” We are adding the week number at the end of the date command.
ls -l /etc/localtime to see local time details.
rm /etc/localtime local time is deleted.
to create a link.
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
With this command we create a symbolic link and date command shows the date and time correctly again.
chage <user> to set the min. [0] and max. [99999] password age.
We can see these changes in /etc/shadow file.
username:password:last_change:min_age:max_age:warn_days:inactive_days:expire_date:reserved
username: username for the account.
password: This field stores the encrypted password or a placeholder indicating that the password is locked or not set.
last_change: It indicates the number of days since January 1, 1970 (UNIX epoch) when the password was last changed.
min_age: Minimum number of days required between password changes.
max_age: Maximum number of days the password is valid before it must be changed.
warn_days: Number of days before the password expires when the user is warned about it.
inactive_days: Number of days after the password expires before the account is disabled.
expire_date: This field is reserved for the expiration date of the account.
reserved: This field is usually reserved for future use and is typically empty.
The actual password is stored in the second field, but it's encrypted using a one-way hashing algorithm (like MD5, SHA-256, or SHA-512) to protect it from being easily deciphered. The other fields control various aspects of password management, such as age, expiration, and warnings.
This file is typically readable only by the root user to prevent unauthorized access to sensitive password information.
chage command in Linux with examples - GeeksforGeeks
chage -l root to view the account aging information.
chage -d 2024-12-01 root to set the last password change date to your specified date
Shows the command history
commands are stored in this file in the home directory when we exit/logout.
We may set history search for example.
1.Benutzen Sie Ubuntu 24.04 Desktop.
2. Sie brauchen 2 Festplatten a 8 GB.
3. Sie erzeugen die User: erin, esther, elsa, elise, elmar, edwin, edin und eddy.
4. Dann brauchen Sie die Gruppen: flight, train, ship und truck.
5. erin und eddy werden Mitglieder von flight, esther und edin von train, elsa und edwin von ship und elise und elmar von truck.
6. Die Festplatten werden partitioniert in jeweils zwei Teile a 4 GB.
7. Alle Partitionen werden mit ext4 formatiert.
8. Sie brauchen die Verzeichnisse /dispo/flug, /dispo/schiff, /dispo/bahn und /dispo/lkw.
9. Jeweils eine Partition wird auf jeweils ein Directory montiert. (bitte fstab benutzen)
10. Zum Schluss setzen Sie die Gruppeneigentümer wie folgt: flight auf flug, train auf bahn, ship auf schiff und truck auf lkw, sowie exklusive Berechtigungen für die einzelnen Gruppen.
Common Unix Printing Service
Socket statistics command is used to retrieve information about sockets.
-t: This option is used to see TCP connections
-n: This option specifies that numerical output should be used instead of resolving service names.
-a: This option stands for "all" and instructs ss to display both listening and non-listening sockets.
ss -tna
IPP (Internet Printing Protocol) port:631
Open Firefox
If you don’t see the printer add as a new one.
socket://10.30.76.230:9100
Give a name: A (the shorter the better)
lp -d A /etc/passwd we are printing the passwd file
debian | apt apt-get |
redhat | |
---|---|---|---|
ubuntu | fedora | ||
mint | centos | yum | |
knoppix | manjaro | ||
suse | zypper | ||
dpkg debian packager | rpm redhat package manager |
apt: advanced package tool
yum: yellowdog update manager
apt | yum | zypper |
---|---|---|
apt [Optionen] befehl apt search postfix apt install ccal apt remove/purge apt update apt upgrade |
yum search … yum install ccal yum remove ccal yum makecache yum |
zypper search … zypper install ccal zypper remove ccal zypper refresh zypper |
search: we can search the software.
install: we can install new software.
remove: Removes the software only.
purge: Removes the software and the active config files also.
update: to refresh the available software list.
upgrade: to update the installed softwares.
Redundant Array of Independent Discs
RAID level: 0, 1, 5, 6
Min. 2 discs.
Read speed is increased
Min. 2 discs
The same data is on another disc copied.
Min. 4 discs
Min. 3 discs
How does redundancy work?
(79) O:
0 | 1 | 0 | 0 | 1 | 1 | 1 | 1 |
---|
(76) L:
0 | 1 | 0 | 0 | 1 | 1 | 0 | 0 |
---|
XOR:
0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 |
---|
Assume that the disk holding the data L was broken. Then we can calculate it backward easily.
We are adding 7x 2 GB disk on VirtualBox
To check whether we added successfully:
ozgur@frelin:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 19G 0 part /
├─sda2 8:2 0 1K 0 part
└─sda5 8:5 0 975M 0 part [SWAP]
sdb 8:16 0 2G 0 disk
sdc 8:32 0 2G 0 disk
sdd 8:48 0 2G 0 disk
sde 8:64 0 2G 0 disk
sdf 8:80 0 2G 0 disk
sdg 8:96 0 2G 0 disk
sdh 8:112 0 2G 0 disk
sr0 11:0 1 1024M 0 rom
multiple drive administration
This command is not installed by default in Debian.
We install it with the command: apt install mdadm
Example for RAID 1:
mdadm -C md127 -l1 -n2 /dev/sd[bc] -x1 /dev/sdd
root@frelin:~# mdadm -C md127 -l1 -n2 /dev/sd[bc] -x1 /dev/sdd
mdadm: Note: this array has metadata at the start and
may not be suitable as a boot device. If you plan to
store '/boot' on this device please ensure that
your boot-loader understands md/v1.x metadata, or use
--metadata=0.90
Continue creating array? y
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md/md127 started.
To see the actual status of md:
/proc/mdstat
root@frelin:~# cat /proc/mdstat
Personalities : [raid1]
md127 : active raid1 sdd[2](S) sdc[1] sdb[0]
2094080 blocks super 1.2 [2/2] [UU]
unused devices: <none>
root@frelin:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 19G 0 part /
├─sda2 8:2 0 1K 0 part
└─sda5 8:5 0 975M 0 part [SWAP]
sdb 8:16 0 2G 0 disk
└─md127 9:127 0 2G 0 raid1
sdc 8:32 0 2G 0 disk
└─md127 9:127 0 2G 0 raid1
sdd 8:48 0 2G 0 disk
└─md127 9:127 0 2G 0 raid1
sde 8:64 0 2G 0 disk
sdf 8:80 0 2G 0 disk
sdg 8:96 0 2G 0 disk
sdh 8:112 0 2G 0 disk
sr0 11:0 1 1024M 0 rom
To see the details of mdadm:
mdadm -D
mdadm -D
Print details of one or more md devices.
root@frelin:~# mdadm -D /dev/md127
/dev/md127:
Version : 1.2
Creation Time : Mon Apr 29 11:03:30 2024
Raid Level : raid1
Array Size : 2094080 (2045.00 MiB 2144.34 MB)
Used Dev Size : 2094080 (2045.00 MiB 2144.34 MB)
Raid Devices : 2
Total Devices : 3
Persistence : Superblock is persistent
Update Time : Mon Apr 29 11:03:43 2024
State : clean
Active Devices : 2
Working Devices : 3
Failed Devices : 0
Spare Devices : 1
Consistency Policy : resync
Name : frelin:md127 (local to host frelin)
UUID : 5959f6b8:355c3532:ae806b34:0ea61651
Events : 17
Number Major Minor RaidDevice State
0 8 16 0 active sync /dev/sdb
1 8 32 1 active sync /dev/sdc
2 8 48 - spare /dev/sdd
Now we format the RAID we created (md127).
root@frelin:~# mkfs.ext4 /dev/md127
mke2fs 1.47.0 (5-Feb-2023)
Creating filesystem with 523520 4k blocks and 131072 inodes
Filesystem UUID: 104a714b-d78d-4a5a-9e09-2674028dd3e6
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
Allocating group tables: done
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
To check if the format was successful:
root@frelin:~# blkid
/dev/sdd: UUID="5959f6b8-355c-3532-ae80-6b340ea61651" UUID_SUB="ee967f0c-14f9-ac0c-b1b1-149a0746917b" LABEL="frelin:md127" TYPE="linux_raid_member"
/dev/md127: UUID="104a714b-d78d-4a5a-9e09-2674028dd3e6" BLOCK_SIZE="4096" TYPE="ext4"
/dev/sdb: UUID="5959f6b8-355c-3532-ae80-6b340ea61651" UUID_SUB="444b5d48-0ab6-e972-ee52-ca3dd0a09541" LABEL="frelin:md127" TYPE="linux_raid_member"
/dev/sdc: UUID="5959f6b8-355c-3532-ae80-6b340ea61651" UUID_SUB="32de2ce4-cf94-596e-53e3-df216e15fd82" LABEL="frelin:md127" TYPE="linux_raid_member"
/dev/sda5: UUID="85ff5dd7-2728-4aee-bcfd-6170430c3b2a" TYPE="swap" PARTUUID="a9b6181f-05"
/dev/sda1: UUID="a6f10548-dd50-4b98-ba3b-224876d4288f" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="a9b6181f-01"
Now we are ready to mount this drive to our system.
mkdir /Raid1 We create a folder for RAID.
nano /etc/fstab We allocate this partition by adding the below line.
/dev/md127 /Raid1 ext4 defaults 0 0
Now we mount this folder to the system:
mount -a
Now we can see it with the lsblk command.
root@frelin:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 19G 0 part /
├─sda2 8:2 0 1K 0 part
└─sda5 8:5 0 975M 0 part [SWAP]
sdb 8:16 0 2G 0 disk
└─md127 9:127 0 2G 0 raid1 /Raid1
sdc 8:32 0 2G 0 disk
└─md127 9:127 0 2G 0 raid1 /Raid1
sdd 8:48 0 2G 0 disk
└─md127 9:127 0 2G 0 raid1 /Raid1
sde 8:64 0 2G 0 disk
sdf 8:80 0 2G 0 disk
sdg 8:96 0 2G 0 disk
sdh 8:112 0 2G 0 disk
sr0 11:0 1 1024M 0 rom
Example for RAID 5:
mdadm -C md126 -l5 -n3 /dev/sd[efg] -x1 /dev/sdh
root@frelin:~# mdadm -C md126 -l5 -n3 /dev/sd[efg] -x1 /dev/sdh
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md/md126 started.
mkfs.ext4 /dev/md126 Formatting
nano /etc/fstab /dev/md126 /Raid5 ext4 defaults 0 0
mount -a
root@frelin:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 19G 0 part /
├─sda2 8:2 0 1K 0 part
└─sda5 8:5 0 975M 0 part [SWAP]
sdb 8:16 0 2G 0 disk
└─md127 9:127 0 2G 0 raid1 /Raid1
sdc 8:32 0 2G 0 disk
└─md127 9:127 0 2G 0 raid1 /Raid1
sdd 8:48 0 2G 0 disk
└─md127 9:127 0 2G 0 raid1 /Raid1
sde 8:64 0 2G 0 disk
└─md126 9:126 0 4G 0 raid5 /Raid5
sdf 8:80 0 2G 0 disk
└─md126 9:126 0 4G 0 raid5 /Raid5
sdg 8:96 0 2G 0 disk
└─md126 9:126 0 4G 0 raid5 /Raid5
sdh 8:112 0 2G 0 disk
└─md126 9:126 0 4G 0 raid5 /Raid5
sr0 11:0 1 1024M 0 rom
Oluşturduğumuz diskleri veri ile doldurup daha sonra bu disklerden birini arızalanmış gibi yapacağız. Bunun icin mdadm -f opsiyonunu kullanabiliriz.
mdadm -f
To mark a disk as faulty.
mdadm /dev/md126 -f /dev/sde sde disk is marked as faulty
cat/proc/mdstat komutunu birkac defa arka arkaya calistirarak recovery’nin yapildigini görebiliriz.
mdadm -D /dev/md126 komutu ile detay bakalim. Arızalı olan disk görünür.
mdadm -r
mdadm /dev/md126 -r /dev/sdf to remove the faulty disk
mdadm -a
mdadm /dev/md126 -a /dev/sdf ile otomatik olarak spare drive eklenir.
Yapilan islemleri sirasiyla görelim:
root@frelin:~# mdadm /dev/md126 -f /dev/sde
mdadm: set /dev/sde faulty in /dev/md126
root@frelin:~# cat /proc/mdstat
Personalities : [raid1] [raid6] [raid5] [raid4]
md126 : active raid5 sdg[4] sdh[3] sdf[1] sde[0](F)
4188160 blocks super 1.2 level 5, 512k chunk, algorithm 2 [3/2] [_UU]
[=>...................] recovery = 6.8% (144024/2094080) finish=0.4min speed=72012K/sec
md127 : active raid1 sdd[2](S) sdc[1] sdb[0]
2094080 blocks super 1.2 [2/2] [UU]
unused devices: <none>
sde diskini arızalı olarak işaretlediğimiz icin RAID, XOR islemiyle recovery yapmaya calisiyor.
Aradan biraz zaman gecmesini bekleyelim ve tekrar bakalim.
root@frelin:~# cat /proc/mdstat
Personalities : [raid1] [raid6] [raid5] [raid4]
md126 : active raid5 sdg[4] sdh[3] sdf[1] sde[0](F)
4188160 blocks super 1.2 level 5, 512k chunk, algorithm 2 [3/2] [_UU]
[===================>.] recovery = 95.8% (2007228/2094080) finish=0.0min speed=69214K/sec
md127 : active raid1 sdd[2](S) sdc[1] sdb[0]
2094080 blocks super 1.2 [2/2] [UU]
unused devices: <none>
Recovery neredeyse tamamlanmak üzere.
root@frelin:~# cat /proc/mdstat
Personalities : [raid1] [raid6] [raid5] [raid4]
md126 : active raid5 sdg[4] sdh[3] sdf[1] sde[0](F)
4188160 blocks super 1.2 level 5, 512k chunk, algorithm 2 [3/3] [UUU]
md127 : active raid1 sdd[2](S) sdc[1] sdb[0]
2094080 blocks super 1.2 [2/2] [UU]
unused devices: <none>
Recovery tamamlanmış ve sde diski F ile işaretlenmiş.
Simdi sira geldi bu diski çıkarıp yerine yenisini takmaya.
root@frelin:~# mdadm /dev/md126 -r /dev/sde
ile arizali olan diski cikaralim ve yerine yenisini takalim.
Yenisini taktiktan sonra bunu RAID’e tekrar tanitmak yani eklemek gerekiyor.
Bunun icin de:
root@frelin:~# mdadm /dev/md126 -a /dev/sde
How To Rebuild and Resync From Failed Hard Drive Raid 5 on mdadm
df
disk free. To see free disk space.
df -h
human readable version
Min. 4 discs
1. Auf Debian Gnome installieren Sie ein RAID 10 mit 5 Festplatten (a 5 GB). Eine davon ist ein Spare.
- Add 5 disks of 5 GB each on VirtualBox (sdb, sdc, sdd, sde, sdf)
- apt install mdadm
- mdadm -C md127 -l10 -n4 /dev/sd[bcde] -x1 /dev/sdf
2. Formatieren Sie das RAID mit ext4.
mkfs.ext4 /dev/md127
3. Montieren Sie den device auf das Directory /sail.
- mkdir /sail
- nano /etc/fstab -> add /dev/md127 /sail ext4 defaults 0 0
- mount -a
4. Dieses wird exklusiv für die Gruppe sailing zur Verfügung gestellt.
- groupadd sailing
- nano /etc/group -> add users to the group sailing
- chgrp sailing /sail or chown :sailing /sail
- chmod 1770 /sail
5. Die Gruppe sailing hat 5 Mitglieder: isa, imo, ilja, inu und ira.
- nano /etc/default/useradd -> Make Shell: bash
- useradd -m isa
- useradd -m imo
- useradd -m ilja
- useradd -m inu
- useradd -m ira
- passwd isa
- passwd imo
- passwd ilja
- passwd inu
- passwd ira
initramfs
initrd
lsmod command
The nl command reads the File parameter (standard input by default), numbers the lines in the input, and writes the numbered lines to standard output.
displays the number of bytes and words in each file that begins with chap.
a built-in shell command used to identify the kind of command you are dealing with.
a utility that determines the type of a file.
file /etc/passwd
prints the first lines of one or more files (or piped data) to standard output.
head /etc/passwd by default displays 10 lines.
head -n20 /etc/passwd displays the first 20 lines.
a command-line utility that prints data from the end of a specified file or files to standard output.
tail is the opposite of the head.
tail -f /var/log/syslog -f ile kullandigimizda, dosyanin sonuna bir bilgi eklendiğinde onu aninda görüyoruz.
used to create a new empty file and to change the timestamps of existing files.
touch file.txt
touch -t 202401011200 file.txt to set the date of a file.
touch -c file.txt if the file doesn’t exist it is created, if not, it is untouched (date remains the same).
displays information about total space and available space on a file system.
df -h displays in human readable format.
allows you to check for memory RAM on your system or to check the memory statics of the Linux operating system.
free -l
free -l -h
a shortcut that leads to a command.
alias ll=”ls -laF”
unalias ll removes the alias ll.
To make it permanent we write it in .bashrc file under the home folder.
/etc/bash.bashrc will be effective to all users.
If the user has the same alias, the user's alias will overwrite it.
is a powerful tool used to find files by their name.
creates and updates the database of file names used by locate.
So that we can find the files fast.
If we create a new file newfile.txt, it will not be displayed by locate newfile.txt.
After running the updatedb command, we can see the file with locate newfile.txt
perform text searches for a defined criteria of words or strings. grep stands for Globally search for a Regular Expression and Print it out.
grep -i <string> <file> ignore case, makes incasesensitive search.
-n number line
-v invert the match
The file that defines the site-specific configuration for the shadow password suite.
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 1000
GID_MAX 60000
LOGIN_RETRIES 5
#
# Max time in seconds for login
#
LOGIN_TIMEOUT 60
displays the name of the current host system.
for cutting out the sections from each line of files and writing the result to standard output.
cut -d: -f1,7 /etc/passwd
utility for translating or deleting characters. It supports a range of transformations including uppercase to lowercase, squeezing repeating characters, deleting specific characters, and basic find and replace. It can be used with UNIX pipes to support more complex translation. tr stands for translate.
echo Maus | tr M H → Haus
Shows the path of an executable file.
used to search the man page descriptions for a specified keyword.
Used for automated tasks.
/var/log/cron
It is an important command to search files.
find / -name “pa*”
find / -name “*.txt”
find / -uid 1003
find / -user emma
find /path/to/search -type f -mtime -7 displays the modified files in the last 7 days.
sudo find / \( -path /proc -o -path /run \) -prune -o -perm 755 -type f -exec ls -ld {} + | wc -l how many files do we have with 755 permission in all folders except /proc and /run.
zeigt w Informationen über Benutzer an, die aktuell angemeldet sind.
displays information about the users currently logged in to the system, what they are doing, and system load averages.
Mit dem Befehl who ist es möglich, eine Vielzahl an Informationen über sowohl lokal als auch remote angemeldete Benutzer zu erhalten.
displays information about users who are currently logged in.
listet die Anmeldungen von Benutzern an dem System auf.
Mit dem Befehl lastlog ist es möglich den Zeitpunkt des letzten Einloggens eines Benutzer oder alle Benutzer zu bestimmen.
allows you to display your current environment or run a specified command in a changed environment.
displays and sets the names and values of shell and Linux environment variables.
zip archive.zip file1.txt file2.xls file3.doc
zip -r archive.zip
zip -m archive.zip file3.txt to add a new file.
zip -sf archive.zip to see the details.
unzip -d archive.zip
unzip -l archive.zip
1. Bauen Sie bitte 4 zusätzliche Festplatten in „elementaryOS“ ein. (a 5 GB)
2. Richten Sie mit 4 dieser Platten ein RAID 5 ein. Die 4. Platte soll ein Spare-Laufwerk sein.
(als md127)
3. Formatieren Sie das Gerät mit ext4.
4. Erzeugen Sie die Benutzer: celia, chris, carmen, carlo, cora, corny.
5. Legen Sie die Gruppen technik, entwicklung, bau und leitung an.
6. In leitung kommen cora,carmen, in bau cora,corny,carlo, in technik cora,celia,carlo und in entwicklung chris und carmen.
7. Mounten Sie das RAID unter /DasEi.
8. Unter /DasEi erzeugen Sie die Verzeichnisse tk, ew, bau und ltg.
9. bau bekommt als Gruppe bau, tk technik, ew entwicklung und ltg leitung.
10. Setzen Sie exklusive Berechtigungen (inklusive sticky bit) für die Gruppen.
While the disk is in use, we can change the size of it.
lvm(2): logical volume management (paket)
If it is not installed on your Linux Distribution you may need to manually install it.
apt install lvm2
In Fedora lvm is already installed.
First we created 3 disks (4G, 6G, 5G) with the following partitions:
root@fedora:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 10.2G 0 disk
├─sda1 8:1 0 1M 0 part
├─sda2 8:2 0 1G 0 part /boot
└─sda3 8:3 0 9.2G 0 part /home
/
sdb 8:16 0 4G 0 disk
├─sdb1 8:17 0 2G 0 part
└─sdb2 8:18 0 2G 0 part
sdc 8:32 0 6G 0 disk
├─sdc1 8:33 0 3G 0 part
└─sdc2 8:34 0 3G 0 part
sdd 8:48 0 5G 0 disk
├─sdd1 8:49 0 2G 0 part
├─sdd2 8:50 0 2G 0 part
└─sdd3 8:51 0 1022M 0 part
sr0 11:0 1 1024M 0 rom
zram0 252:0 0 3.8G 0 disk [SWAP]
Physical Volume Create
pvcreate /dev/sd[bcd]1 (2+3+2 GB)
root@fedora:~# pvcreate /dev/sd[bcd]1
Physical volume "/dev/sdb1" successfully created.
Physical volume "/dev/sdc1" successfully created.
Physical volume "/dev/sdd1" successfully created.
Creating devices file /etc/lvm/devices/system.devices
root@fedora:~# pvdisplay
"/dev/sdb1" is a new physical volume of "2.00 GiB"
--- NEW Physical volume ---
PV Name /dev/sdb1
VG Name
PV Size 2.00 GiB
Allocatable NO
PE Size 0
Total PE 0
Free PE 0
Allocated PE 0
PV UUID LmFq0A-O001-c4nv-voLY-sdqE-jfnn-Oz3wib
"/dev/sdc1" is a new physical volume of "3.00 GiB"
--- NEW Physical volume ---
PV Name /dev/sdc1
VG Name
PV Size 3.00 GiB
Allocatable NO
PE Size 0
Total PE 0
Free PE 0
Allocated PE 0
PV UUID phEyA8-gRX4-oYRy-50fk-pLxm-8uOL-iYUuUn
"/dev/sdd1" is a new physical volume of "2.00 GiB"
--- NEW Physical volume ---
PV Name /dev/sdd1
VG Name
PV Size 2.00 GiB
Allocatable NO
PE Size 0
Total PE 0
Free PE 0
Allocated PE 0
PV UUID ckmOK4-CscP-c74g-ZUmf-1nfo-osfT-5hMISu
Volume Group Create
We merge 3 disks as 1 disk.
vgcreate VG /dev/sdb1 /dev/sdc1 /dev/sdd1
or
vgcreate VG /dev/sd[bcd]1
root@fedora:~# vgcreate VG /dev/sd[bcd]1
Volume group "VG" successfully created
root@fedora:~# vgdisplay
--- Volume group ---
VG Name VG
System ID
Format lvm2
Metadata Areas 3
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 3
Act PV 3
VG Size <6.99 GiB
PE Size 4.00 MiB
Total PE 1789
Alloc PE / Size 0 / 0
Free PE / Size 1789 / <6.99 GiB
VG UUID 0JJqmh-AyDQ-ncWL-Tcmx-1sgD-iNZI-nCW3fd
Logical Volume Create
We need 3 things:
lvcreate -n lv1 -L6G VG after -n or -L there might be space or not. Both are possible.
root@fedora:~# lvcreate -n lv1 -L 6G VG
Logical volume "lv1" created.
root@fedora:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 10.2G 0 disk
├─sda1 8:1 0 1M 0 part
├─sda2 8:2 0 1G 0 part /boot
└─sda3 8:3 0 9.2G 0 part /home
/
sdb 8:16 0 4G 0 disk
├─sdb1 8:17 0 2G 0 part
│ └─VG-lv1 253:0 0 6G 0 lvm
└─sdb2 8:18 0 2G 0 part
sdc 8:32 0 6G 0 disk
├─sdc1 8:33 0 3G 0 part
│ └─VG-lv1 253:0 0 6G 0 lvm
└─sdc2 8:34 0 3G 0 part
sdd 8:48 0 5G 0 disk
├─sdd1 8:49 0 2G 0 part
│ └─VG-lv1 253:0 0 6G 0 lvm
├─sdd2 8:50 0 2G 0 part
└─sdd3 8:51 0 1022M 0 part
sr0 11:0 1 1024M 0 rom
zram0 252:0 0 3.8G 0 disk [SWAP]
root@fedora:~# lvdisplay
--- Logical volume ---
LV Path /dev/VG/lv1
LV Name lv1
VG Name VG
LV UUID GiaseA-sQ05-nKhL-2K21-3HmS-Ely8-rhx8tq
LV Write Access read/write
LV Creation host, time fedora, 2024-05-02 09:19:15 +0200
LV Status available
# open 0
LV Size 6.00 GiB
Current LE 1536
Segments 3
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:0
Now is the time to format our Logical Volume
root@fedora:~# mkfs.ext4 /dev/VG/lv1
mke2fs 1.47.0 (5-Feb-2023)
Creating filesystem with 1572864 4k blocks and 393216 inodes
Filesystem UUID: 4b024508-795a-43e8-9fa0-2a5adf27c627
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
root@fedora:~# ls -l /dev/VG
total 0
lrwxrwxrwx. 1 root root 7 May 2 09:19 lv1 -> ../dm-0
root@fedora:~# ls -l /dev/dm*
brw-rw----. 1 root disk 253, 0 May 2 10:05 /dev/dm-0
/dev/dma_heap:
total 0
crw-------. 1 root root 251, 0 May 2 08:29 system
Shows the devices
root@fedora:~# mkdir /log-vol
root@fedora:~# nano /etc/fstab
/dev/VG/lv1 /log-vol ext4 defaults 0 0 SAVE
root@fedora:~# mount -a
root@fedora:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 10.2G 0 disk
├─sda1 8:1 0 1M 0 part
├─sda2 8:2 0 1G 0 part /boot
└─sda3 8:3 0 9.2G 0 part /home
/
sdb 8:16 0 4G 0 disk
├─sdb1 8:17 0 2G 0 part
│ └─VG-lv1 253:0 0 6G 0 lvm /log-vol
└─sdb2 8:18 0 2G 0 part
sdc 8:32 0 6G 0 disk
├─sdc1 8:33 0 3G 0 part
│ └─VG-lv1 253:0 0 6G 0 lvm /log-vol
└─sdc2 8:34 0 3G 0 part
sdd 8:48 0 5G 0 disk
├─sdd1 8:49 0 2G 0 part
│ └─VG-lv1 253:0 0 6G 0 lvm /log-vol
├─sdd2 8:50 0 2G 0 part
└─sdd3 8:51 0 1022M 0 part
sr0 11:0 1 1024M 0 rom
zram0 252:0 0 3.8G 0 disk [SWAP]
root@fedora:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 9.3G 4.0G 4.6G 47% /
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs 783M 1.5M 781M 1% /run
tmpfs 2.0G 16K 2.0G 1% /tmp
/dev/sda3 9.3G 4.0G 4.6G 47% /home
/dev/sda2 974M 316M 591M 35% /boot
tmpfs 392M 168K 391M 1% /run/user/1000
/dev/mapper/VG-lv1 5.9G 1.6M 5.6G 1% /log-vol
Assume that the capacity of lv1 is not enough anymore. We need to enlarge the volume:
root@fedora:~# pvcreate /dev/sd[bc]2
Physical volume "/dev/sdb2" successfully created.
Physical volume "/dev/sdc2" successfully created.
root@fedora:~# pvdisplay
--- Physical volume ---
PV Name /dev/sdb1
VG Name VG
PV Size 2.00 GiB / not usable 4.00 MiB
Allocatable yes (but full)
PE Size 4.00 MiB
Total PE 511
Free PE 0
Allocated PE 511
PV UUID LmFq0A-O001-c4nv-voLY-sdqE-jfnn-Oz3wib
--- Physical volume ---
PV Name /dev/sdc1
VG Name VG
PV Size 3.00 GiB / not usable 4.00 MiB
Allocatable yes (but full)
PE Size 4.00 MiB
Total PE 767
Free PE 0
Allocated PE 767
PV UUID phEyA8-gRX4-oYRy-50fk-pLxm-8uOL-iYUuUn
--- Physical volume ---
PV Name /dev/sdd1
VG Name VG
PV Size 2.00 GiB / not usable 4.00 MiB
Allocatable yes
PE Size 4.00 MiB
Total PE 511
Free PE 253
Allocated PE 258
PV UUID ckmOK4-CscP-c74g-ZUmf-1nfo-osfT-5hMISu
"/dev/sdb2" is a new physical volume of "<2.00 GiB"
--- NEW Physical volume ---
PV Name /dev/sdb2
VG Name
PV Size <2.00 GiB
Allocatable NO
PE Size 0
Total PE 0
Free PE 0
Allocated PE 0
PV UUID eLJuS5-UTXa-JZnf-t7n1-2P7W-F5jF-ebbMye
"/dev/sdc2" is a new physical volume of "<3.00 GiB"
--- NEW Physical volume ---
PV Name /dev/sdc2
VG Name
PV Size <3.00 GiB
Allocatable NO
PE Size 0
Total PE 0
Free PE 0
Allocated PE 0
PV UUID jTC8YD-es7N-ue4i-AVba-rEmn-gXWF-mxLaig
To extend the volume
root@fedora:~# vgextend VG /dev/sd[bc]2
Volume group "VG" successfully extended
root@fedora:~# vgdisplay
--- Volume group ---
VG Name VG
System ID
Format lvm2
Metadata Areas 5
Metadata Sequence No 3
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 1
Open LV 1
Max PV 0
Cur PV 5
Act PV 5
VG Size 11.98 GiB
PE Size 4.00 MiB
Total PE 3067
Alloc PE / Size 1536 / 6.00 GiB
Free PE / Size 1531 / 5.98 GiB
VG UUID 0JJqmh-AyDQ-ncWL-Tcmx-1sgD-iNZI-nCW3fd
lvextend /dev/VG/lv1 -L+4G
root@fedora:~# lvextend /dev/VG/lv1 -L+4G
Size of logical volume VG/lv1 changed from 6.00 GiB (1536 extents) to 10.00 GiB (2560 extents).
Logical volume VG/lv1 successfully resized.
root@fedora:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 9.3G 4.0G 4.6G 47% /
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs 783M 1.5M 781M 1% /run
tmpfs 2.0G 16K 2.0G 1% /tmp
/dev/sda3 9.3G 4.0G 4.6G 47% /home
/dev/sda2 974M 316M 591M 35% /boot
tmpfs 392M 172K 391M 1% /run/user/1000
/dev/mapper/VG-lv1 5.9G 1.6M 5.6G 1% /log-vol
We have 10 GB available but df -h shows 6 GB because the newly added part was not formatted.
resize2fs /dev/VG/lv1 to grow the File System
root@fedora:~# resize2fs /dev/VG/lv1
resize2fs 1.47.0 (5-Feb-2023)
Filesystem at /dev/VG/lv1 is mounted on /log-vol; on-line resizing required
old_desc_blocks = 1, new_desc_blocks = 2
The filesystem on /dev/VG/lv1 is now 2621440 (4k) blocks long.
root@fedora:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 9.3G 4.0G 4.6G 47% /
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs 783M 1.5M 781M 1% /run
tmpfs 2.0G 16K 2.0G 1% /tmp
/dev/sda3 9.3G 4.0G 4.6G 47% /home
/dev/sda2 974M 316M 591M 35% /boot
tmpfs 392M 172K 391M 1% /run/user/1000
/dev/mapper/VG-lv1 9.8G 1.6M 9.3G 1% /log-vol
RAID5(3x20TB) (40 TB capacity)
VG: 40 TB -> 4 lv each 5 TB
We created 4 x 8 GB disk on Suse.
localhost:~ # lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 8G 0 disk
├─sda1 8:1 0 8M 0 part
└─sda2 8:2 0 8G 0 part /usr/local
/home
/var
/tmp
/srv
/opt
/root
/boot/grub2/x86_64-efi
/boot/grub2/i386-pc
/
sdb 8:16 0 8G 0 disk
sdc 8:32 0 8G 0 disk
sdd 8:48 0 8G 0 disk
sde 8:64 0 8G 0 disk
sr0 11:0 1 1024M 0 rom
localhost:~ # mdadm -C md127 -l5 -n3 /dev/sd[bcd] -x1 /dev/sde
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md/md127 started.
localhost:~ # cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4]
md127 : active raid5 sdd[4] sde[3](S) sdc[1] sdb[0]
16758784 blocks super 1.2 level 5, 512k chunk, algorithm 2 [3/2] [UU_]
[===>.................] recovery = 16.5% (1383900/8379392) finish=2.3min speed=49425K/sec
unused devices: <none>
localhost:~ # lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 8G 0 disk
├─sda1 8:1 0 8M 0 part
└─sda2 8:2 0 8G 0 part /usr/local
/home
/var
/tmp
/srv
/opt
/root
/boot/grub2/x86_64-efi
/boot/grub2/i386-pc
/
sdb 8:16 0 8G 0 disk
└─md127 9:127 0 16G 0 raid5
sdc 8:32 0 8G 0 disk
└─md127 9:127 0 16G 0 raid5
sdd 8:48 0 8G 0 disk
└─md127 9:127 0 16G 0 raid5
sde 8:64 0 8G 0 disk
└─md127 9:127 0 16G 0 raid5
sr0 11:0 1 1024M 0 rom
You have mail in /var/spool/mail/root
localhost:~ # pvcreate /dev/md127
Physical volume "/dev/md127" successfully created.
localhost:~ # vgcreate VG /dev/md127
Volume group "VG" successfully created
localhost:~ # vgdisplay
--- Volume group ---
VG Name VG
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size 15.98 GiB
PE Size 4.00 MiB
Total PE 4091
Alloc PE / Size 0 / 0
Free PE / Size 4091 / 15.98 GiB
VG UUID Vr0RYc-pmTY-5nPu-mKC3-B62g-3PVv-NPWMGe
localhost:~ # lvcreate VG -nlva -L3G
Logical volume "lva" created.
localhost:~ # lvdisplay
--- Logical volume ---
LV Path /dev/VG/lva
LV Name lva
VG Name VG
LV UUID ptoxuM-QKpD-ewX0-lt8V-IPrW-RM3p-uhm0u3
LV Write Access read/write
LV Creation host, time localhost.localdomain, 2024-05-02 11:44:30 +0200
LV Status available
# open 0
LV Size 3.00 GiB
Current LE 768
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 4096
Block device 254:0
localhost:~ # lvcreate VG -n lvb -L 3G
Logical volume "lvb" created.
localhost:~ # lvdisplay
--- Logical volume ---
LV Path /dev/VG/lva
LV Name lva
VG Name VG
LV UUID ptoxuM-QKpD-ewX0-lt8V-IPrW-RM3p-uhm0u3
LV Write Access read/write
LV Creation host, time localhost.localdomain, 2024-05-02 11:44:30 +0200
LV Status available
# open 0
LV Size 3.00 GiB
Current LE 768
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 4096
Block device 254:0
--- Logical volume ---
LV Path /dev/VG/lvb
LV Name lvb
VG Name VG
LV UUID edQh9z-xZv3-LHZC-eyhV-rnKb-LLGs-W4yiYe
LV Write Access read/write
LV Creation host, time localhost.localdomain, 2024-05-02 11:46:10 +0200
LV Status available
# open 0
LV Size 3.00 GiB
Current LE 768
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 4096
Block device 254:1
localhost:~ # mkdir /data/einkauf -p
localhost:~ # mkdir /data/verkauf
localhost:~ # ls -l /data/
total 0
drwxr-xr-x 1 root root 0 May 2 11:48 einkauf
drwxr-xr-x 1 root root 0 May 2 11:48 verkauf
localhost:~ # mkfs.ext4 /dev/VG/lva
mke2fs 1.46.4 (18-Aug-2021)
Creating filesystem with 786432 4k blocks and 196608 inodes
Filesystem UUID: cd14503f-9303-4b7c-a23d-8e61876829b7
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
localhost:~ # mkfs.ext4 /dev/VG/lvb
mke2fs 1.46.4 (18-Aug-2021)
Creating filesystem with 786432 4k blocks and 196608 inodes
Filesystem UUID: 5a604177-399f-4f69-a96c-33c2af392f90
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
localhost:~ # nano /etc/fstab
/dev/VG/lva /data/einkauf ext4 defaults 0 0
/dev/VG/lvb /data/verkauf ext4 defaults 0 0
localhost:~ # mount -a
localhost:~ # lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 8G 0 disk
├─sda1 8:1 0 8M 0 part
└─sda2 8:2 0 8G 0 part /usr/local
/home
/var
/tmp
/srv
/opt
/root
/boot/grub2/x86_64-efi
/boot/grub2/i386-pc
/
sdb 8:16 0 8G 0 disk
└─md127 9:127 0 16G 0 raid5
├─VG-lva 254:0 0 3G 0 lvm /data/einkauf
└─VG-lvb 254:1 0 3G 0 lvm /data/verkauf
sdc 8:32 0 8G 0 disk
└─md127 9:127 0 16G 0 raid5
├─VG-lva 254:0 0 3G 0 lvm /data/einkauf
└─VG-lvb 254:1 0 3G 0 lvm /data/verkauf
sdd 8:48 0 8G 0 disk
└─md127 9:127 0 16G 0 raid5
├─VG-lva 254:0 0 3G 0 lvm /data/einkauf
└─VG-lvb 254:1 0 3G 0 lvm /data/verkauf
sde 8:64 0 8G 0 disk
└─md127 9:127 0 16G 0 raid5
├─VG-lva 254:0 0 3G 0 lvm /data/einkauf
└─VG-lvb 254:1 0 3G 0 lvm /data/verkauf
sr0 11:0 1 1024M 0 rom
1. Erzeugen Sie auf einem SuSe Server ein LVM Group mit drei Platten á 5 GB.
pvcreate /dev/sd[bcd]
pvdisplay
vgcreate VG /dev/sd[bcd]
vgdisplay
lvcreate -n lva -L 8G VG
lvdisplay
lsblk
mkdir -p /var/backup/local
2. Stellen Sie sicher, dass Sie mindestens 7 User in Ihrem Home Directory haben.
nano /etc/default/useradd
SHELL -> bash
useradd -m user1
useradd -m user2
useradd -m user3
useradd -m user4
useradd -m user5
useradd -m user6
useradd -m user7
3. Formatieren Sie ein LV mit 8 GB (ext4).
mkfs.ext4 /dev/VG/lva
4. Binden Sie das unter dem Directory /var/backup/local ein.
nano /etc/fstab
/dev/VG/lva /var/backup/local ext4 defaults 0 0
mount -a
5. Erzeugen Sie ein zip-file home.zip
unter dem o.g. Verzeichnis mit dem Home Directory als Inhalt.
apt/zypper install zip (Debian/openSuse)
cd /var/backup/local
zip -r home.zip /home
unzip -l home.zip to see the files inside the zip.
rm /home/franz/.profile The user franz deleted its file accidentally.
ls -la /home/franz
cd /↵
unzip /var/backup/local/home.zip home/franz/.profile We are restoring the data.
JavaScript, Perl, Python, Shell
#! (she bang) scripts start with she-bang
#!/usr/bin/perl
#!/usr/bin/python
#!/bin/bash Bash Script
#!/bin/sh Shell Script
Operating system works with channels. Input, output and error channels.
Channel | # | Examples | Umlenkung |
---|---|---|---|
Input | 0 | Keyboard, mouse, … | <, << |
Output | 1 | Monitor, … | > (overwrites), >> (appends) |
Error | 2 | Monitor, … |
overwrites to the existing file.
ls -la /usr/bin > bin-ls.txt
less bin-ls.txt
echo Hello World > hw.txt
cat hw.txt
echo Good Morning > hw.txt
cat >my.txt
Hallo Oma,
Gruss an Opa
Dein Enkel..↵
Ctrl + C
The file my.txt is saved.
cat my.txt
Hallo Oma,
Gruss an Opa
Dein Enkel..
Appends to the file.
echo Guten Morgen >> hw.txt
cat hw.txt
Good Morning
Guten Morgen
1> and > are the same.
root@fedora:~# echo Himmel die Berge 1> hdb.txt
root@fedora:~# echo Himmel die Berge > hdb.txt
Stderr
root@fedora:~# lalalalalala 2> error.txt
root@fedora:~# cat error.txt
bash: lalalalalala: command not found...
root@fedora:~# tr a-z A-Z < /etc/passwd > pwd.gross
Creates (or overwrites) the file pwd.gross with the same content from /etc/passwd but with the capital letters.
root@fedora:~# cat >my1.txt <<FERTIG
Der String "FERTIG"
bildet die Anweisung zum Schliessen der Datei my1.txt.
Dabei muss FERTIG allein am Anfang einer Zeile stehen.
FERTIG
root@fedora:~# cat my1.txt
Der String "FERTIG"
bildet die Anweisung zum Schliessen der Datei my1.txt.
Dabei muss FERTIG allein am Anfang einer Zeile stehen.
root@fedora:~# cat >ttt.txt <<EOF
> test
> test 2
> EOF
root@fedora:~# cat ttt.txt
test
test 2
she = #
bang = !
nano sdd.sh
#!/bin/bash
# we are creating our first script
gdisk /dev/sdd >/dev/null 2>/dev/null <<END
n
+2G
w
Y
END
chmod a+x sdd.sh = give the privilege to all users to execute this script.
./sdd.sh or bash sdd.sh
We can make the Script such that it selects the Drive and size from the user input.
For that reason we need variables.
root@fedora:~# A=1000
root@fedora:~# echo $A
1000
root@fedora:~# echo $HOME
/root
root@fedora:~# echo $PATH
/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
mv sdd.sh /user/local/sbin
Now we can execute the script directly as sdd.sh
set | less to see the environment variables
#!/bin/bash
# we are creating our first script
clear
echo -en "\n\n\n\n\tGroesseneingabe: "
# -n do not output the trailing newline
# -e enable interpretation of backslash escapes
# \n new line
# \t tab
read GR
# reads text from standard input and stores in the variable GR.
gdisk /dev/sdd >/dev/null 2>/dev/null <<END
n
+$GR
w
Y
END
read <variable>
read GR
Scripts can also be used to observe the system.
With the df -h command we can see how much free space is left, but we can write a script to alert System Admin when the disk reaches 95%.
<variable>=$(command)
root@fedora:~# df -h | grep sda2|tr -s " "|cut -d " " -f5|cut -d% -f1
35
root@fedora:~# VFB=$(df -h | grep sda2|tr -s " "|cut -d " " -f5|cut -d% -f1)
if <Bedingung>
then
<commands>
fi
OR
if <Bedingung>
then
<commands>
else
<commands>
fi
root@fedora:~# if [ $VFB -gt 85 ]
> then
> echo OK
> fi
root@fedora:~# if [ $VFB -gt 10 ]; then echo OK; fi
OK
Now it is time to send an email to the Administrator.
Mail Server (postfix, exim4)
Mail Client
apt install postfix (Local Only)
After installing postfix
root@fedora:~# ss -tna
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 4096 0.0.0.0:5355 0.0.0.0:*
LISTEN 0 4096 127.0.0.54:53 0.0.0.0:*
LISTEN 0 10 0.0.0.0:27500 0.0.0.0:*
LISTEN 0 100 127.0.0.1:25 0.0.0.0:*
LISTEN 0 4096 127.0.0.1:631 0.0.0.0:*
LISTEN 0 4096 [::]:5355 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 4096 [::1]:631 [::]:*
apt install mailutils
nano system.sh
#!/bin/bash
VFB=$(df -h|grep sda2|tr -s " "|cut -d " " -f5|cut -d% -f1)
if [ $VFB -ge 15 ]
then
echo "Die Platte ist voll!!"|mail -s Harddisk ozgur
fi
chmod 755 system.sh
./system.sh
crontab -e
# min Hour Day Month DayofWeek <command>
30 3 * * * /root/system.sh
root@fedora:~# ls -l /var/spool/cron/root (Fedora)
root@fedora:~# ls -l /var/spool/cron/crontabs/root (Debian)
-rw-------. 1 root root 27 May 3 14:15 /var/spool/cron/root
root@fedora:~# ps ax|grep cron
3591 pts/0 S+ 0:00 grep --color=auto cron
for
for <var> in <list>
do
<command>
done
root@fedora:~# cat >user.liste
ilsa
illo
ina
ira
ingo
ino
igo
^C
root@fedora:~# cat user.liste
ilsa
illo
ina
ira
ingo
ino
igo
nano user.sh
#!/bin/bash
for USR in $(cat /root/user.liste)
do
useradd -m $USR
done
chmod a+x user.sh give the execution permission.
root@fedora:~# ./user.sh run the script.
root@fedora:~# ls -l /home to prove that users were added.
total 0
drwx------. 1 ahab ahab 80 Apr 24 11:44 ahab
drwx------. 1 albert albert 118 Apr 24 14:15 albert
drwx------. 1 ali ali 118 Apr 24 13:59 ali
drwx------. 1 anna anna 80 Apr 24 11:44 anna
drwx------. 1 cagri cagri 80 Apr 25 08:42 cagri
drwx------. 1 carla carla 80 Apr 25 08:41 carla
drwx------. 1 carlo carlo 80 Apr 25 08:42 carlo
drwx------. 1 celile celile 80 Apr 25 08:42 celile
drwx------. 1 charles charles 80 Apr 25 08:42 charles
drwx------. 1 chenin chenin 80 Apr 25 08:42 chenin
drwx------. 1 gaga gaga 80 Apr 24 11:49 gaga
drwx------. 1 igo igo 80 May 3 14:50 igo
drwx------. 1 illo illo 80 May 3 14:50 illo
drwx------. 1 ilsa ilsa 80 May 3 14:50 ilsa
drwx------. 1 ina ina 80 May 3 14:50 ina
drwx------. 1 ingo ingo 80 May 3 14:50 ingo
drwx------. 1 ino ino 80 May 3 14:50 ino
drwx------. 1 ira ira 80 May 3 14:50 ira
drwx------. 1 ozgur ozgur 866 May 3 13:42 ozgur
chage -M -W
nano chage.sh
#!/bin/bash
for USR in $(cat /root/user.liste)
do
chage -M 30 -W 5 $USR
done
chmod 755 chage.sh
./chage.sh
for USR in $(ls /home)
to compress and uncompress data.
zip file1.zip file1.txt compresses file1.txt and creates file1.zip
zip files.zip file1.txt file2.txt file3.txt
zip -u files.zip file4.txt
zipinfo files.zip
zip -d files.zip file2.txt removes file2.txt from the files.zip archive
zip -m newfiles.zip file1.txt file2.txt file3.txt file4.txt
zip -r directory.zip directory -r option to zip the directory recursively.
zip -r directory.zip directory1 directory2 directory3 to zip multiple directories
zip -r -e folders.zip folders
unzip files.zip
unzip files.zip -d new_folder -d: different directory
unzip files.zip file1.txt it extracts only the file1.txt
unzip -o files.zip overwrites the existing files.
unzip -l files.zip
zip -r -s 3m file.zip directory -s: split, 3m: 3 MB file size
tape archiver (for backups)
DAT Streamer
tar [-] c create
f file name (Archive Name)
z zip (gzip) (.gz)
j bzip2 (.bz2) takes longer but compresses more.
J xz (.xz) the most compression
t table (to see the Archive content)
x[j|J|z]f <Archive Name> to extract
tar czf
tar czf home.tar.gz /home creates a gzip file in “/home” folder with the name “home.tar.gz”
tar cjf
tar cjf home.tar.bz2 /home
tar cJf
tar cJf home.tar.xz /home
tar xf
Assume that the user ira has deleted its DOCs folder but the System Admin was so clever that he backups the /home folder regularly.
With the command tar xf /root/home.tar home/ira/DOCs we can restore the data.
Ethernet
IEEE 802.x
Every OS uses DHCP clients
In VirtualBox all the PCs receive the IP address 10.0.2.15/24
$ ip a a: addr = address to list the IP addresses.
ip addr show long form
ip addr add <ip>/<CIDR> dev <device name>
ip addr add 192.168.33.31/24 dev enp0s3 (to add a new IP)
Now we can ping this IP.
Device names vary according to the Distributions.
enp0s3 en = Ethernet, p = PCI Bus, s = Slot
eno0 eno = Ethernet on Board
eth0
lo loopback
ipconfig (in Windows)
init 0 = shutdown -h now
init 6 = shutdown -r
Network Types in Virtual Box
Network Type | Access to Other VMs | Access to the Host | Access to Other Physical Machines | Internet Access |
---|---|---|---|---|
NAT | ✖ | One way | ✖ | ✅ |
NAT Network | ✅ | One way | ✖ | ✅ |
Bridged Network | ✅ | ✅ | ✅ | ✅ |
Internal Network | ✅ | ✖ | ✖ | ✖ |
On Debian Mate:
On Debian Server:
We can see the newly added Network Card (MYSWITCH)
Now we open Debian Mate again.
We don’t have an internet connection because we added a new network card but we didn’t introduce it to Linux and we didn’t assign an IP address to it.
If we use the command ip a, we see that we don’t have an IP Address yet. And we see the second network card as enp0s8.
systemctl to list the running programs
NetworkManager-wait-online.service Network Manager gives an error.
Network Manager Client
man nmcli to see the usage details.
Adding a Connection
nmcli connection add type ethernet ifname enp0s8
type: specifies the type of connection we want to create (ethernet, wifi, vpn, bridge, bond, team)
ifname: interface name
enp0s8: interface name for the Ethernet connection
ls -l /etc/NetworkManager/system-connections we see that it was added.
Editing the Connection
nmcli connection edit ethernet-enp0s8
nmcli > print
Long list with details.
Setting an IP Address
nmcli > goto ipv4
nmcli ipv4> set method
manual
nmcli ipv4> print ipv4.method
We see the details.
nmcli ipv4> set addresses
192.168.33.11/24
nmcli ipv4> print ipv4.addresses
We see the details.
Saving the Settings
nmcli ipv4> save
Quitting
nmcli ipv4> quit
Now we are connected to the new Network Card and we have the IP address.
ip a we can see our internet details. Or we can ping now.
Example:
ozgur@fedora:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:86:2b:ce brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
valid_lft 86257sec preferred_lft 86257sec
inet6 fe80::c53d:6174:87f4:7ef2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:79:2c:95 brd ff:ff:ff:ff:ff:ff
inet6 fe80::703:20c8:63fb:8e98/64 scope link noprefixroute
valid_lft forever preferred_lft forever
ozgur@fedora:~$ nmcli connection add type ethernet ifname enp0s8
Connection 'ethernet-enp0s8' (dc313573-b498-4fa5-ab22-547f667f1538) successfully added.
ozgur@fedora:~$ nmcli connection edit ethernet-enp0s8
===| nmcli interactive connection editor |===
Editing existing '802-3-ethernet' connection: 'ethernet-enp0s8'
Type 'help' or '?' for available commands.
Type 'print' to show all the connection properties.
Type 'describe [<setting>.<prop>]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, hostname, link, tc, proxy
nmcli> goto ipv4
You may edit the following properties: method, dns, dns-search, dns-options, dns-priority, addresses, gateway, routes, route-metric, route-table, routing-rules, replace-local-rule, ignore-auto-routes, ignore-auto-dns, dhcp-client-id, dhcp-iaid, dhcp-dscp, dhcp-timeout, dhcp-send-hostname, dhcp-hostname, dhcp-fqdn, dhcp-hostname-flags, never-default, may-fail, required-timeout, dad-timeout, dhcp-vendor-class-identifier, link-local, dhcp-reject-servers, auto-route-ext-gw
nmcli ipv4> set method
Allowed values for 'method' property: auto, link-local, manual, shared, disabled
Enter 'method' value: manual
nmcli ipv4> set addresses
Enter 'addresses' value: 192.168.33.10/24
nmcli ipv4> print method
ipv4.method: manual
nmcli ipv4> print addresses
ipv4.addresses: 192.168.33.10/24
nmcli ipv4> save
Connection 'ethernet-enp0s8' (dc313573-b498-4fa5-ab22-547f667f1538) successfully updated.
nmcli ipv4> quit
ozgur@fedora:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:86:2b:ce brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
valid_lft 85710sec preferred_lft 85710sec
inet6 fe80::c53d:6174:87f4:7ef2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:79:2c:95 brd ff:ff:ff:ff:ff:ff
inet 192.168.33.10/24 brd 192.168.33.255 scope global noprefixroute enp0s8
valid_lft forever preferred_lft forever
inet6 fe80::4d28:ec:c875:7fcd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Bu sekilde farkli Linux dagitimlarina network karti ekleyerek 192.168.33.10/24, 192.168.33.11/24, 192.168.33.12/24 IP adreslerini atadik. Bu IP adresleri birbirlerini ping’leyebilir.
On Ubuntu, after all settings, we should run nmcli connection up ethernet-enp0s8
Debian (and Ubuntu) uses different settings.
ifupdown
apt install ifupdown
nano /etc/network/interfaces Debian uses a single file for all Network Cards.
auto lo
iface lo inet loopback
auto enp0s3
iface enp0s3 inet dhcp
# Let's add the new Network Card
auto enp0s8
iface enp0s8 inet static
address 192.168.33.15/24
ip a komutu ile degisikligi göremiyoruz
ifup enps08 komutu ile degisikligi görmesini sağlıyoruz.
ip a ile simdi görebiliriz.
Secure Shell
Client and Server
Key Pairs (Async):
Public Key
Private Key
GNU Privacy Guard
To encrypt files.
gpg command
gpg --full-generate-key
In this step, public and private keys are created.
ozgur@fedora:~$ gpg --full-generate-key
gpg (GnuPG) 2.4.4; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) ↵
Requested keysize is 3072 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 2w
Key expires at Mon 20 May 2024 02:12:43 PM CEST
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: ozgur
Email address: ↵
Comment: ↵
You selected this USER-ID:
"ozgur"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
GUI asks a password twice.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/ozgur/.gnupg/trustdb.gpg: trustdb created
gpg: directory '/home/ozgur/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/ozgur/.gnupg/openpgp-revocs.d/E0BEC6A0580C7EFFC734737B627615D0FB4ECBF2.rev'
public and secret key created and signed.
pub rsa3072 2024-05-06 [SC] [expires: 2024-05-20]
E0BEC6A0580C7EFFC734737B627615D0FB4ECBF2
uid ozgur
sub rsa3072 2024-05-06 [E] [expires: 2024-05-20]
gpg -k
List public keys
gpg -K
List private keys
gpg --export
We are exporting the Public Key
gpg --export -a ozgur > ozgur.public.key
Send the Public Key to the recipient or copy it into /tmp
cp ozgur.key /tmp/
cp ozgur.odt.gpg /tmp/
Another user copies this file to its home directory.
cp /tmp/ozgur.public.key .
cp /tmp/ozgur.odt.gpg .
gpg --import
Second user imports the Public Key generated by the First user.
gpg --import ozgur.public.key
The Receiver writes an email.
nano a.txt
Hallo Ozgur,
Blabla
LG
Ali
Encrypting the Data
gpg -e
gpg -e -r “ozgur” a.txt or gpg -e a.txt
gpg -e update.sh
You did not specify a user ID. (you may use "-r")
Current recipients:
Enter the user ID. End with an empty line: ozgur
Current recipients:
cv25519/191A87A1DEC2662E 2024-05-06 "ozgur"
Enter the user ID. End with an empty line: (space)
ls -l
a.txt.gpg
Now we copy the encrypted file to the Temp folder.
cp a.txt.gpg /tmp/
Now Özgür logs in and copies the encrypted file into his home folder and decrypts it.
cp /tmp/a.txt.gpg .
gpg a.txt.gpg
GUI opens and we enter the password.
Now we can see the reply.
gpg -d a.txt.gpg
ozgur@fedora:~$ ls -la .gnupg/
total 8
drwx------. 1 ozgur ozgur 136 May 6 14:14 .
drwx------. 1 ozgur ozgur 906 May 6 14:05 ..
-rw-r-----. 1 ozgur ozgur 12 May 6 14:05 common.conf
drwx------. 1 ozgur ozgur 88 May 6 14:14 openpgp-revocs.d
drwx------. 1 ozgur ozgur 176 May 6 14:14 private-keys-v1.d
drwxr-x---. 1 ozgur ozgur 118 May 6 14:14 public-keys.d
-rw-------. 1 ozgur ozgur 1240 May 6 14:14 trustdb.gpg
ozgur@fedora:~$ gpg --list-key
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2024-05-20
[keyboxd]
---------
pub rsa3072 2024-05-06 [SC] [expires: 2024-05-20]
E0BEC6A0580C7EFFC734737B627615D0FB4ECBF2
uid [ultimate] ozgur
sub rsa3072 2024-05-06 [E] [expires: 2024-05-20]
ozgur@fedora:~$ gpg -k
[keyboxd]
---------
pub rsa3072 2024-05-06 [SC] [expires: 2024-05-20]
E0BEC6A0580C7EFFC734737B627615D0FB4ECBF2
uid [ultimate] ozgur
sub rsa3072 2024-05-06 [E] [expires: 2024-05-20]
ozgur@fedora:~$ gpg -K
[keyboxd]
---------
sec rsa3072 2024-05-06 [SC] [expires: 2024-05-20]
E0BEC6A0580C7EFFC734737B627615D0FB4ECBF2
uid [ultimate] ozgur
ssb rsa3072 2024-05-06 [E] [expires: 2024-05-20]
ozgur@fedora:~$ gpg --export -a > ozgur.key
ozgur@fedora:~$ less ozgur.key
We created our public key and we sent this key to our friend.
gpg --import /home/ozgur/sven.key
gpg --encrypt oder gpg -e ozgur.odt
Enter the user ID
cp /tmp/ozgur.odt.gpg .
gpg ozgur.odt.gpg
Enter the password. Then it is decrypted.
carlo
|
anna
|
---|
ssh (ssh client)
scp (secure copy)
sshd (ssh Daemon) - ssh Server, tcp 22
openssh-server should be installed.
apt install openssh-server (Debian)
dnf install openssh-server (Fedora)
If we can not see that ssh is running by checking with ss -tna then we may need to activate it.
systemctl start sshd.service to start the ssh server.
systemctl enable sshd.service to let it start on every boot.
systemctl stop sshd.service to stop ssh server.
We check again after the systemctl start sshd.service command.
root@fedora:~# ss -tna
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 10 0.0.0.0:27500 0.0.0.0:*
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 4096 127.0.0.54:53 0.0.0.0:*
LISTEN 0 4096 127.0.0.1:631 0.0.0.0:*
LISTEN 0 4096 0.0.0.0:5355 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 4096 [::1]:631 [::]:*
LISTEN 0 4096 [::]:5355 [::]:*
ssh <user>@<hostname>
or
ssh <user>@<IP Address> [-p <port number>]
root@fedora:~# ssh [email protected]
The authenticity of host '192.168.33.15 (192.168.33.15)' can't be established.
ED25519 key fingerprint is SHA256:qN9HHbosKnL8OEOHXWc+ZzNhBRHhm7GAwJwh7RUt/vU.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.33.15' (ED25519) to the list of known hosts.
Connection closed by 192.168.33.15 port 22
When we say yes a public key is created under ~/.ssh
~/.ssh/known_hosts folder is created.
root@fedora:~# ls -l .ssh/
total 8
-rw-------. 1 root root 837 May 7 09:37 known_hosts
-rw-r--r--. 1 root root 95 May 7 09:28 known_hosts.old
Now we execute the same command again to connect to the server.
root@fedora:~# ssh [email protected]
[email protected]'s password: <Password for ozgur>
Linux debian-server 6.1.0-20-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.85-1 (2024-04-11) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue May 7 09:37:27 2024
ozgur@debian-server:~$
We were on Fedora and now we are connected to Debian Server.
root@fedora:~# ls -l /etc/ssh/
total 640
-rw-r--r--. 1 root root 620105 Jan 25 01:00 moduli
-rw-r--r--. 1 root root 1916 Jan 25 01:00 ssh_config
drwxr-xr-x. 1 root root 28 Apr 15 00:58 ssh_config.d
-rw-------. 1 root root 3670 Jan 25 01:00 sshd_config
drwx------. 1 root root 88 Apr 15 00:59 sshd_config.d
-rw-------. 1 root root 480 May 7 09:13 ssh_host_ecdsa_key
-rw-r--r--. 1 root root 162 May 7 09:13 ssh_host_ecdsa_key.pub
-rw-------. 1 root root 387 May 7 09:13 ssh_host_ed25519_key
-rw-r--r--. 1 root root 82 May 7 09:13 ssh_host_ed25519_key.pub
-rw-------. 1 root root 2578 May 7 09:13 ssh_host_rsa_key
-rw-r--r--. 1 root root 554 May 7 09:13 ssh_host_rsa_key.pub
root@fedora:~# nano /etc/ssh/sshd_config
In this config file we have:
#Port 22
if we want to change the port number (after port change, ssh server should be restarted)
#PermitRootLogin prohibit-password
This line prohibits root access with a password. This means, we can’t use the ssh root@hostname command to connect to this server.
#LoginGraceTime 2m
ssh login duration. Here 2m means, after 2 minutes of inactive login, connection will be closed automatically.
#PubkeyAuthentication yes
This allows us to connect to a server with Public key (without a password)
Now let’s create key pairs so that without a password we can create an ssh connection.
ssh-keygen
root@fedora:~# ssh-keygen
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519): /root/.ssh/debian-server
Enter passphrase (empty for no passphrase): ↵
Enter same passphrase again: ↵
Your identification has been saved in /root/.ssh/debian-server
Your public key has been saved in /root/.ssh/debian-server.pub
The key fingerprint is:
SHA256:M1TtThnX0jHeGzo0MdYL34pq9jIdfbQLDQ+3qVatQZ0 root@fedora
The key's randomart image is:
+--[ED25519 256]--+
| .. +.=.|
| . +.*.=|
| . . *o==|
| . =o+E*|
| S o **+=|
| o +.=Bo|
| o .++.|
| * .o.. |
| o +o |
+----[SHA256]-----+
root@fedora:~# ls -l .ssh/
total 16
-rw-------. 1 root root 399 May 7 11:17 debian-server
-rw-r--r--. 1 root root 93 May 7 11:17 debian-server.pub
-rw-------. 1 root root 837 May 7 09:37 known_hosts
-rw-r--r--. 1 root root 95 May 7 09:28 known_hosts.old
ssh-copy-id
ssh-copy-id
root@fedora:~# ssh-copy-id -i .ssh/debian-server.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/debian-server.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: <enter Password>
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
root@fedora:~# ssh [email protected]
[email protected]'s password: ???
Linux debian-server 6.1.0-20-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.85-1 (2024-04-11) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue May 7 11:27:11 2024 from 192.168.33.10
-
ozgur@debian-server:~$ cd .ssh
ozgur@debian-server:~/.ssh$ ls -l
total 4
-rw------- 1 ozgur ozgur 93 May 7 11:25 authorized_keys
ozgur@debian-server:~/.ssh$ cat authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6LrkNyYOUH78uj+yfxU9/oBe9Dn5xiXtqbmKteGeAN root@fedora
ifdown enp0s8 to shutdown the NIC.
nano /etc/network/interfaces Now we can make changes
auto lo
iface lo inet loopback
auto enp0s3
iface enp0s3 inet dhcp
# Let's add the new Network Card
auto enp0s8
iface enp0s8 inet static
address 192.168.33.1/24
ifup enp0s8 to run the NIC again.
Now we can see the new IP address with ip a command.
root@debian-server:~# apt install isc-dhcp-server
Configuration 1
root@debian-server:~# nano /etc/dhcp/dhcpd.conf
We erased all lines and now starting with an empty file to configure our DHCP Server.
default-lease-time 600; # in seconds
max-lease-time 720;
subnet 192.168.33.0 netmask 255.255.255.0 {
range 192.168.33.20 192.168.33.100;
option routers 192.168.33.1;
option domain-name-servers 192.168.33.1, 1.1.1.1; # max 4 Address
}
* When half of the lease time is reached, client requests from server lease time to be extended.
Configuration 2
root@debian-server:~# nano /etc/default/isc-dhcp-server
INTERFACESv4="enp0s8"
**#**INTERFACESv6="" we are deactivating IPv6 (but not necessarily)
We deactivated IPv6 and added enp0s8 as IPv4 interface.
root@debian-server:~# systemctl restart isc-dhcp-server.service
root@debian-server:~# ss -uan
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
UNCONN 0 0 0.0.0.0:67 0.0.0.0:*
UNCONN 0 0 0.0.0.0:68 0.0.0.0:*
root@debian-server:~# ss -ua
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
UNCONN 0 0 0.0.0.0:bootps 0.0.0.0:*
UNCONN 0 0 0.0.0.0:bootpc 0.0.0.0:*
Adapter 1 was selected as MYSWITCH
Adapter 2 was deleted.
Now if we run Mint it should receive the IP address from the DHCP Server.
Debian-Mate:
less /etc/resolv.conf
nameserver 192.168.33.1
nameserver 1.1.1.1
If we make it in other Distributions nameserver IP’s can be different.
After DHCP Server installation let’s try to ping google.de
We receive an error.
apt install bind9
After we install the Name Server:
Domain can be now translated into IP Address by Name Server but we still can not reach google.de. Why? Because we don’t have a routing feature in our server.
We need a Router!
From Fedora we are connecting to Debian Server.
systemctl for managing system services.
sysctl primarily for configuring kernel parameters (/proc/sys)
root@debian-server:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
root@debian-server:~# ls -l /proc/sys
total 0
dr-xr-xr-x. 1 root root 0 May 8 09:53 abi
dr-xr-xr-x. 1 root root 0 May 8 09:17 crypto
dr-xr-xr-x. 1 root root 0 May 8 09:53 debug
dr-xr-xr-x. 1 root root 0 May 8 09:53 dev
dr-xr-xr-x. 1 root root 0 May 8 09:17 fs
dr-xr-xr-x. 1 root root 0 May 8 09:17 kernel
dr-xr-xr-x. 1 root root 0 May 8 09:17 net
dr-xr-xr-x. 1 root root 0 May 8 09:53 sunrpc
dr-xr-xr-x. 1 root root 0 May 8 09:53 user
dr-xr-xr-x. 1 root root 0 May 8 09:17 vm
root@debian-server:~# ls -l /proc/sys/net/
total 0
dr-xr-xr-x. 1 root root 0 May 8 09:17 core
dr-xr-xr-x. 1 root root 0 May 8 09:17 ipv4
dr-xr-xr-x. 1 root root 0 May 8 09:18 ipv6
dr-xr-xr-x. 1 root root 0 May 8 09:18 mptcp
dr-xr-xr-x. 1 root root 0 May 8 09:53 netfilter
-rw-r--r--. 1 root root 0 May 8 09:53 nf_conntrack_max
dr-xr-xr-x. 1 root root 0 May 8 09:17 unix
root@debian-server:~# ls -l /proc/sys/net/ipv4/ip_forward
-rw-r--r--. 1 root root 0 May 8 09:53 /proc/sys/net/ipv4/ip_forward
root@fedora:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
root@fedora:~# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1 this is temporary
or
echo 1 > /proc/sys/net/ipv4/ip_forward this is temporary
root@debian-server:~# nano /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
It will be activated at the next boot. (Permanent)
root@debian-server:~# iptables
-bash: iptables: command not found We will install
Installation
root@debian-server:~# apt install iptables
Listing
root@debian-server:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Adding a Rule
root@debian-server:~# iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
-t | table |
---|---|
nat | NAT table is used |
-A | Append (to add a new rule) |
POSTROUTING | POSTROUTING is used for packets after they have been routed. |
-o | outgoing |
enp0s3 | Network Interface |
-j | jump (specifies the target). Determines what happens to packets that match the rule. |
MASQUERADE | MASQUERADE is the target, which is used to dynamically modify the source IP address and port number of outgoing packets to match the address of the outgoing interface. This is commonly used for network address translation (NAT) in scenarios such as internet connection sharing, where multiple devices on a local network share a single public IP address. |
root@debian-server:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
(policy ACCEPT): the default policy for the chain. In this case, the default policy is set to ACCEPT, which means that if a packet does not match any rule in the chain, it will be accepted and allowed to proceed further in the network stack.
target: the target of the rule. The target specifies what action should be taken if a packet matches the rule.
prot: protocol (TCP, UDP, ICMP)
opt: may contain additional options or specifications for the rule.
source: specifies the source of the packet that the rule applies to. It can be an IP address, a network range, or other specifications.
destination: specifies the destination of the packet that the rule applies to. Similar to the source, it can be an IP address, a network range, or other specifications.
root@debian-server:~# nano /etc/rc.local
#!/bin/bash
iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
root@debian-server:~# chmod a+x /etc/rc.local
We restart Debian Server.
root@debian-server:~# init 6
Now we switch to Fedora again and check whether ping works.
root@fedora:~# ping google.com
PING google.com (142.250.147.138) 56(84) bytes of data.
64 bytes from rd-in-f138.1e100.net (142.250.147.138): icmp_seq=1 ttl=104 time=25.4 ms
64 bytes from rd-in-f138.1e100.net (142.250.147.138): icmp_seq=2 ttl=104 time=25.0 ms
64 bytes from rd-in-f138.1e100.net (142.250.147.138): icmp_seq=3 ttl=104 time=24.7 ms
64 bytes from rd-in-f138.1e100.net (142.250.147.138): icmp_seq=4 ttl=104 time=49.7 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3008ms
rtt min/avg/max/mdev = 24.657/31.178/49.710/10.702 ms
IT WORKS!
Routing is successful!!!!
1. Installieren Sie einen Debian Server (router42) mit zwei Netzwerk-Karten, fünf 6-GB Harddisks und SSH-Server.
2. Die erste NIC ist "bridged", die zweite ist im Switch ALLUP.
3. ALLUP hat die Net-ID 192.168.110.0/24 und die zweite NIC die Adresse 192.168.110.1/24.
4. Sie erzeugen die User : nora, nobby, nele, nina, nick, nanni, norma.
5. Sie brauchen die Gruppen : secure1, secure2 und secure3.
Die User nick, nanni kommen in die Gruppe secure3, nora, nobby und nina in secure2 und nina, norma, nele in secure1.
6. Auf den Festplatten machen Sie ein RAID 5 und darauf erzeugen Sie drei logische Volumes a 3 GB.
7. Die drei Directories /sicher/s1, /sicher/s2 und /sicher/s3 werden den drei Volumes nach der Formatierung zugeordnet.
8. Setzen Sie für die o.g. Directories das jeweilige Gruppeneigentum und die exklusiven Berechtigungen für die einzelnen Gruppen incl „sticky bit“.
9. Der Host soll auch als Router agieren, incl. DHCP Server, DNS Server und NAT.
10. Alle User sollen in der Lage sein, sich über ssh einzuloggen. Und zwar ohne Passwort. Dazu brauchen Sie eine GUI Linux Version Ihrer Wahl.
Difference between NAT and bridged device.
NAT: **10.0.2.15 (**default IP address from VirtualBox)
Bridge: It receives the IP address from BBQ DHCP server. 10.30.76.X/24
We add network cards and disks in Virtual Box
ip a we list the devices.
enp0s3 has 10.30.76132/24 (bridged)
enp0s8 does not have an IP address yet.
For Ubuntu we need to install ifupdown
nano /etc/network/interfaces
Add the followings:
auto enp0s8
iface enp0s8 inet static
address 192.168.110.1/24
^X Yes
ifup enp0s8
ip a now we see it
lsblk we see 5 disks sdb, sdc, sdd, sde, sdf
mdadm command not found
apt install mdadm
lsmod we see which driver kernel uses.
madadm -C md127 -l5 -n4 /dev/sd[bcde] -x1 /dev/sdf
lsblk now we see the raids
pvcreate command not found
apt install lvm2
pvcreate /dev/md127
vgcreate VG /dev/md127
lvcreate -n lv1 -L 3G VG
lvcreate -n lv2 -L 3G VG
lvcreate -n lv3 -L 3G VG
lsblk we see that lvm’s are created
mkfs.ext4 /devVG/lv1
mkfs.ext4 /devVG/lv2
mkfs.ext4 /devVG/lv3
mkdir /sicher/s1 -p
mkdir /sicher/s2
mkdir /sicher/s3
ls -l /sicher we see the folders
nano /etc/fstab
/dev/VG/lv1 /sicher/s1 ext4 defaults 0 0
Alt + 6 → copy
/dev/VG/lv2 /sicher/s2 ext4 defaults 0 0
/dev/VG/lv3 /sicher/s3 ext4 defaults 0 0
^X Yes
mount -a
df we see the details
lsblk we see the details
useradd -m nora
useradd -m nobby
…
groupadd secure1
groupadd secure2
groupadd secure3
nano /etc/group
Add the users to the groups
^X Yes
id nina to test user groups
chgrp secure1 /sicher1/s1
chgrp secure2 /sicher1/s2
chgrp secure3 /sicher1/s3
ls -l /sicher/ to see the details
chmod 1770 /sicher/*
ls -l /sicher/ to see the details
-------
ip a to check the internet details
apt install isc-dhcp-server it must be configured
apt install bind9
nano /etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.110.0 netmask 255.255.255.0 {
range 192.168.110.5 192.168.110.110;
option routers 192.168.110.1;
option domain-name-servers 192.168.110.1;
}
^X Yes
nano /etc/default/isc-dhcp-server
INTERFACES4=”enp0s8”
^X Yes
systemctl restart isc-dhcp-server.service
ss -una we see that ports are active
Routing and NAT
NAT
iptables command not found
apt install iptables
iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE this is temporary
iptables -t nat -L to see the details
To make it permanent:
echo “iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE” > /etc/rc.local
nano /etc/rc.local
#!/bin/bash
iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
^X Yes
chmod 755 /etc/rc.local or chmod a+x /etc/rc.local
ls -l /etc/rc.local to check the permissions
Routing
sysctl net.ipv4.ip_forward=1 to activate (temporary)
nano /etc/sysctl.conf
Uncomment net.ipv4.ip`forward=1
Switch to another Linux.
Now we can start any Linux with the network card ALLUP.
ping google.de
Works!
ssh-keygen
ssh-copy-id [email protected]
yes
Enter password
Without password we are connected
For all users individually:
ssh-copy-id [email protected]
1. Auf einem Debian Server namens debinall richten Sie eine neue Netzwerkkarte ein, im Switch MAY.
2. Die IP ist 172.30.40.1/24.
3. Sie installieren einen DHCP-SERVER mit der range 172.30.40.10 bis 172.30.40.55.
4. Router ist der Server selbst. Der DNS Server ist er auch.
bind9
/etc/bind/… | /var/cache/bind/managed-keys.bind /var/cache/bind/managed-keys.bind.jnl |
---|
google.de**.**
ROOT Server
Top Level Domains
Sublevel Domains
Domains
Forward resolution IP: 142.76.11.113 |
Reverse resolution 113.11.76.142.in-addr.arpa |
---|
root@fedora:~# host www.google.de
www.google.de has address 142.250.185.195
www.google.de has IPv6 address 2a00:1450:4001:812::2003
To learn the reverse domain:
root@fedora:~# host 142.250.185.195
195.185.250.142.in-addr.arpa domain name pointer fra16s52-in-f3.1e100.net.
We will create a domain : erster.mai
<Deklaration> <TTL> <Klasse> <Typ> <Definition>
Beispiel:
www 86400 IN A 143.76.13.111
www 86400 IN AAAA 2001:fe80::1
MX<no> Mail Exchanger
NS Name Server
PTR Point to Return (pointer)
CNAME Canonical Name
SOA start of authority
It always starts with SOA.
sankt.pauli**.** 86400 IN SOA
or
$TTL 86400
sankt.pauli. IN SOA dns1.sankt.pauli**.** root (
42 ; serial number
1d ; refresh rate
7200 ; retry rate
4w ; expire rate
3600 ; negative TTL
)
sankt.pauli. IN NS dns1.sankt.pauli
dns1 IN A 172.30.40.1
www IN A 172.30.40.5
ozgur@fedora:~$ dig t-online.de soa
; <<>> DiG 9.18.26 <<>> t-online.de soa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20920
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;t-online.de. IN SOA
;; ANSWER SECTION:
t-online.de. 81635 IN SOA dns00.dns.t-ipnet.de. dns.telekom.de. 2024050700 10800 1800 3024000 3600
;; ADDITIONAL SECTION:
dns00.dns.t-ipnet.de. 80018 IN A 194.25.2.170
dns00.dns.t-ipnet.de. 80018 IN AAAA 2003:180:4:a::53
;; Query time: 23 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Tue May 14 10:44:22 CEST 2024
;; MSG SIZE rcvd: 150
ozgur@fedora:~$ dig t-online.de ns
; <<>> DiG 9.18.26 <<>> t-online.de ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16577
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 11
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;t-online.de. IN NS
;; ANSWER SECTION:
t-online.de. 80013 IN NS dns00.dns.t-ipnet.de.
t-online.de. 80013 IN NS dns02.dns.t-ipnet.de.
t-online.de. 80013 IN NS dns20.dns.t-ipnet.de.
t-online.de. 80013 IN NS dns50.dns.t-ipnet.de.
t-online.de. 80013 IN NS pns.dtag.de.
;; ADDITIONAL SECTION:
dns00.dns.t-ipnet.de. 80013 IN A 194.25.2.170
dns00.dns.t-ipnet.de. 80013 IN AAAA 2003:180:4:a::53
dns02.dns.t-ipnet.de. 80013 IN A 194.25.2.172
dns02.dns.t-ipnet.de. 80013 IN AAAA 2003:180:4:a::1:53
dns20.dns.t-ipnet.de. 80013 IN A 212.185.24.129
dns20.dns.t-ipnet.de. 80013 IN AAAA 2003:180:a:2000::53
dns50.dns.t-ipnet.de. 80013 IN A 217.5.100.183
dns50.dns.t-ipnet.de. 80013 IN AAAA 2003:180:4:10a::2:53
pns.dtag.de. 80013 IN A 194.25.0.125
pns.dtag.de. 80013 IN AAAA 2003:40:8000::100
;; Query time: 9 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Tue May 14 10:44:27 CEST 2024
;; MSG SIZE rcvd: 375
$TTL 86400
40.30.172.in-addr.arpa. IN SOA dns1.sankt.pauli. root (
2024051400
1d
7200
1w
3200
)
IN NS dns1.sankt.pauli.
1 IN PTR dns1.sankt.pauli.
5 IN PTR www.sankt.pauli.
nano /etc/bind/named.conf
nano /etc/bind/named.conf.options
options {
directory “/var/cache/bind”; database for domains
};
nano /etc/bind/named.conf.default-zones
nano /etc/bind/named.conf.local
Add:
zone “sankt.pauli” {
type master;
file “pauli.forward”;
};
zone “40.30.172.in-addr.arpa” {
type master;
file “pauli.reverse”;
};
Save the file
nano /var/cache/bind/pauli.forward
nano /etc/bind/db.empty to use as a template
cp /etc/bind/db.empty /var/cache/bind/pauli.forward
nano /var/cache/bind/pauli.forward
Comments can be removed.
$TTL 86400
@ IN SOA debianall.sankt.pauli**.** root (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2413200 ; Expire
86400 ) ; Negative Cache TTL
NS debianall.sankt.pauli**.**
debianall A 172.30.40.1
cp /var/cache/bind/pauli.forward /var/cache/bind/pauli.reverse
We created the exact copy from /var/cache/bind/pauli.forward to use as a template.
nano /var/cache/bind/pauli.reverse
$TTL 86400
@ IN SOA debianall.sankt.pauli**.** root (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2413200 ; Expire
86400 ) ; Negative Cache TTL
NS debianall.sankt.pauli**.**
1 PTR debianall.sankt.pauli**.**
Restart the Name Server
systemctl reload named.service
secures DNS (Domain Name System) transactions
DNS (named) DHCP
Create a KEY for DNS
tsig-keygen -a hmac-md5 DDNS-KEY > /etc/bind/DDNS
ls -l /etc/bind/DDNS
Configure DNS
nano /etc/bind/named.conf.local
include “/etc/bind/DDNS”; since we changed the file path
include “/etc/dhcp/DDNS”; it should be updated like this.
zone “sankt.pauli” {
type master;
file “pauli.forward”;
allow-update { key DDNS-KEY; };
};
zone “40.30.172.in-addr.arpa” {
type master;
file “pauli.reverse”;
allow-update { key DDNS-KEY; };
};
systemctl restart named.service Restart the Name Server (BIND9)
ss -una to check
Configure DHCP
nano /etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
# ddns-update-style interim;
ddns-update-style standard;
subnet 172.30.40.0 netmask 255.255.255.0 {
include “/etc/dhcp/DDNS”;
range 172.30.40.10 172.30.40.55;
option routers 172.30.40.1;
option domain-name-servers 172.30.40.1;
option domain-name "sankt.pauli";
zone sankt.pauli. {
primary 127.0.0.1;
key DDNS-KEY;
}
zone 40.30.172.in-addr.arpa. {
primary 127.0.0.1;
key DDNS-KEY;
}
}
cp /etc/bind/DDNS /etc/dhcp
We are copying the file from /etc/bind folder into /etc/dhcp folder because we had a permission problem.
Restart the server:
systemctl restart isc-dhcp-server.service
Testing
To test whether the DDNS is working, we open Fedora (or any Linux Distro) with MAY Switch only.
ozgur@fedora:~$ ping debianall.sankt.pauli
PING debianall.sankt.pauli (172.30.40.1) 56(84) bytes of data.
64 bytes from debianall.sankt.pauli (172.30.40.1): icmp_seq=1 ttl=64 time=9.73 ms
64 bytes from debianall.sankt.pauli (172.30.40.1): icmp_seq=2 ttl=64 time=1.99 ms
64 bytes from debianall.sankt.pauli (172.30.40.1): icmp_seq=3 ttl=64 time=1.28 ms
64 bytes from debianall.sankt.pauli (172.30.40.1): icmp_seq=4 ttl=64 time=0.992 ms
^C
--- debianall.sankt.pauli ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 0.992/3.499/9.733/3.617 ms
Domain works!
root@fedora:~# dig debianall.sankt.pauli soa
; <<>> DiG 9.18.26 <<>> debianall.sankt.pauli soa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29690
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;debianall.sankt.pauli. IN SOA
;; AUTHORITY SECTION:
sankt.pauli. 86400 IN SOA debianall.sankt.pauli. root.sankt.pauli. 4 604800 86400 2419200 86400
;; Query time: 4 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed May 15 08:59:46 CEST 2024
;; MSG SIZE rcvd: 91
root@fedora:~# dig debianall.sankt.pauli ns
; <<>> DiG 9.18.26 <<>> debianall.sankt.pauli ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41338
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;debianall.sankt.pauli. IN NS
;; AUTHORITY SECTION:
sankt.pauli. 86400 IN SOA debianall.sankt.pauli. root.sankt.pauli. 4 604800 86400 2419200 86400
;; Query time: 4 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed May 15 09:04:49 CEST 2024
;; MSG SIZE rcvd: 91
ozgur@debianall:~$ ls -l /var/lib/dhcp/
total 16
-rw-r--r-- 1 root root 978 May 15 08:20 dhclient.enp0s3.leases
-rw-r--r-- 1 root root 4448 May 15 11:19 dhcpd.leases
-rw-r--r-- 1 root root 811 May 15 10:42 dhcpd.leases~
less /var/lib/dhcp/dhcpd.leases
End of the file:
lease 172.30.40.10 {
starts 3 2024/05/15 09:19:24;
ends 3 2024/05/15 09:29:24;
cltt 3 2024/05/15 09:19:24;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 08:00:27:86:2b:ce;
uid "\001\010\000'\206+\316";
set ddns-rev-name = "10.40.30.172.in-addr.arpa.";
set ddns-dhcid = "\000\001\001}\336\356\311\216\264\335\305\276\331}\257J-\2402\213=`7n<\235V=\307\304\302:\316{\316";
set ddns-fwd-name = "fedora.sankt.pauli";
client-hostname "fedora";
}
ozgur@fedora:~$ ping fedora
PING fedora.sankt.pauli (172.30.40.10) 56(84) bytes of data.
64 bytes from fedora.sankt.pauli (172.30.40.10): icmp_seq=1 ttl=64 time=0.077 ms
64 bytes from fedora.sankt.pauli (172.30.40.10): icmp_seq=2 ttl=64 time=0.048 ms
^C
--- fedora.sankt.pauli ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1008ms
rtt min/avg/max/mdev = 0.048/0.062/0.077/0.014 ms
At first I had a problem because /etc/hostname file was empty
Then I added fedora into that file.
Then ping worked!
/etc/hosts/ Computer uses this file first as a DNS server.
127.0.0.1 localhost
127.0.1.1 fedora
127.30.30.20 www.google.de
1. Auf einem Ubuntu Server brauchen Sie zwei Netzwerkkarten, eine bridged und die andere im Switch WHITSUN.
2. IP in WHITSUN ist 10.10.99.1/24.
3. Sie aktivieren Routing und NAT.
BREAK & WAIT
4. Sie installieren einen DHCP-SERVER und bind9.
5. Sie konfigurieren DHCP mit der range .5 bis .100.
6. Sie konfigurieren bind mit der Domain "heiliger.geist" samt der reverse Domain.
7. Ermöglichen Sie DDNS.
(Gilt für Ubuntu- und Debian-Server)
apt install bind9 isc-dhcp-server
tsig-keygen DDNS > /etc/bind/ddns.key
Nun den Key kopieren nach /etc/dhcp/
cp /etc/bind/ddns.key /etc/dhcp/
/etc/dhcp/dhcpd.conf
default-lease-time 1200;
max-lease-time 2400;
ddns-update-style standard;
subnet 10.10.99.0 netmask 255.255.255.0 {
range 10.10.99.5 10.10.99.100;
option routers 10.10.99.1;
option domain-name-servers 10.10.99.1;
option domain-name “heiliger.geist”;
include “/etc/dhcp/ddns.key”
zone heiliger.geist. {
primary 10.10.99.1;
key DDNS;
}
zone 99.10.10.in-addr.arpa. {
primary 10.10.99.1;
key DDNS;
}
}
/etc/default/isc-dhcp-server
INTERFACESv4=”enp0s8”
/etc/bind/named.conf.local
include “/etc/bind/ddns.key”;
zone “heiliger.geist” {
type master;
file “heiliger.forward”;
allow-update { key DDNS; }
};
zone “99.10.10.in-addr.arpa” {
type master;
file “heiliger.reverse”;
allow-update { key DDNS; }
};
cp /etc/bind/db.empty /var/cache/bind/heiliger.forward
/var/cache/bind/heiliger.forward
$TTL 86400
@ IN SOA dns1.heiliger.geist. root (
1 ; serial no
12000 ; refresh time
600 ; retry time
3200000 ; expire time
3600 ) ; min. ttl
IN NS dns1.heiliger.geist.
dns1 IN A 10.10.99.1
cp /var/cache/bind/heiliger.forward /var/cache/bind/heiliger.reverse
/var/cache/bind/heiliger.reverse
$TTL 86400
@ IN SOA dns1.heiliger.geist. root (
1 ; serial no
12000 ; refresh time
600 ; retry time
3200000 ; expire time
3600 ) ; min. ttl
IN NS dns1.heiliger.geist.
1 IN PTR dns1.heiliger.geist.
1. Auf einem Debian Server brauchen Sie zwei Netzwerkkarten.
2. Die erste ist NAT und die zweite im Switch "OPEN".
3. Die zweite Karte bekommt die IP Adresse 10.200.200.1/24.
ifdown enp0s8
nano /etc/network/interfaces
auto enp0s8
iface enp0s8 inet static
Address 10.200.200.1/24
ifup enp0s8
4. Sie richten ein DDNS System ein :
domain "spring.hot" - IP Range .10 - .200 .
5. Die TSIG Datei soll "first.key" heißen und der Key "shk" .
tsig-keygen shk > /etc/bind/first.key
6. Aktivieren Sie Routing und NAT.
nano /etc/rc.local
#!/bin/bash
iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
7. Testen Sie mit einer grafischen Distribution.
root@fedora:~# ping fedora
PING fedora.spring.hot (10.200.200.10) 56(84) bytes of data.
64 bytes from fedora.spring.hot (10.200.200.10): icmp_seq=1 ttl=64 time=0.094 ms
64 bytes from fedora.spring.hot (10.200.200.10): icmp_seq=2 ttl=64 time=0.048 ms
64 bytes from fedora.spring.hot (10.200.200.10): icmp_seq=3 ttl=64 time=0.036 ms
64 bytes from fedora.spring.hot (10.200.200.10): icmp_seq=4 ttl=64 time=0.057 ms
64 bytes from fedora.spring.hot (10.200.200.10): icmp_seq=5 ttl=64 time=0.047 ms
64 bytes from fedora.spring.hot (10.200.200.10): icmp_seq=6 ttl=64 time=0.037 ms
^C
--- fedora.spring.hot ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5089ms
rtt min/avg/max/mdev = 0.036/0.053/0.094/0.019 ms
root@fedora:~# ping dns1
PING dns1.spring.hot (10.200.200.1) 56(84) bytes of data.
64 bytes from dns1.spring.hot (10.200.200.1): icmp_seq=1 ttl=64 time=23.1 ms
64 bytes from dns1.spring.hot (10.200.200.1): icmp_seq=2 ttl=64 time=1.67 ms
64 bytes from dns1.spring.hot (10.200.200.1): icmp_seq=3 ttl=64 time=1.05 ms
64 bytes from dns1.spring.hot (10.200.200.1): icmp_seq=4 ttl=64 time=0.777 ms
64 bytes from dns1.spring.hot (10.200.200.1): icmp_seq=5 ttl=64 time=0.990 ms
64 bytes from dns1.spring.hot (10.200.200.1): icmp_seq=6 ttl=64 time=1.02 ms
^C
--- dns1.spring.hot ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5011ms
rtt min/avg/max/mdev = 0.777/4.759/23.055/8.186 ms
ozgur@fedora:~$ cat /etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search spring.hot
root@fedora:~# dig spring.hot soa
; <<>> DiG 9.18.26 <<>> spring.hot soa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52135
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;spring.hot. IN SOA
;; ANSWER SECTION:
spring.hot. 86400 IN SOA dns1.spring.hot. root.spring.hot. 2 604800 86400 2419200 86400
;; Query time: 3 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu May 16 11:45:13 CEST 2024
;; MSG SIZE rcvd: 85
root@fedora:~# host dns1
dns1.spring.hot has address 10.200.200.1
root@fedora:~# host 10.200.200.1
1.200.200.10.in-addr.arpa domain name pointer dns1.spring.hot.
root@fedora:~# ssh ozgur@dns1
The authenticity of host 'dns1 (10.200.200.1)' can't be established.
ED25519 key fingerprint is SHA256:1DBsOHBSlSAJDqJzzqE2hcmmF91wWScGcHfcQ4MrJ6A.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:4: 10.200.200.1
Are you sure you want to continue connecting (yes/no/[fingerprint])?
- Nehmen Sie einen Server Ihrer Wahl. Bauen Sie eine zweite Netzwerkkarte ein. Die IP soll 172.25.35.1/24 sein.
- Diese Netzwerkkarte ist im Switch RAG.
- Installieren Sie DHCP-Server und Name-Server. Die Range und den Domain-Name bestimmen Sie selbst. ozgur.turanli
- Konfigurieren Sie DDNS mit dem Key „MyKey“.
- Aktivieren Sie Routing und NAT.
ozgur@fedora:~$ ssh dns1
The authenticity of host 'dns1 (172.25.35.1)' can't be established.
ED25519 key fingerprint is SHA256:1DBsOHBSlSAJDqJzzqE2hcmmF91wWScGcHfcQ4MrJ6A.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'dns1' (ED25519) to the list of known hosts.
ozgur@dns1's password:
Welcome to Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-107-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
System information as of Thu May 16 10:25:47 AM UTC 2024
System load: 0.13 Processes: 145
Usage of /: 59.1% of 6.51GB Users logged in: 1
Memory usage: 13% IPv4 address for enp0s3: 10.0.2.15
Swap usage: 0%
* Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
just raised the bar for easy, resilient and secure K8s cluster deployment.
https://ubuntu.com/engage/secure-kubernetes-at-the-edge
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
Last login: Thu May 16 08:25:56 2024 from 10.200.200.10
ozgur@ubuntu-server:~$
SUMMARY
TSIG key Creation
/etc/bind/<key_file_name>
tsig-keygen MyKey > /etc/bind/MyKey.key
Adding Network Cards
/etc/network/interfaces
auto lo
iface lo inet loopback
auto enp0s3
iface enp0s3 inet dhcp
auto enp0s8
iface enp0s8 inet static
address 172.25.35.1/24
Routing
/etc/rc.local
#!/bin/bash
iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
DHCP Configuration
/etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
ddns-update-style standard;
subnet 172.25.35.0 netmask 255.255.255.0 {
include "/etc/dhcp/MyKey.key";
range 172.25.35.20 172.25.35.150;
option routers 172.25.35.1;
option domain-name-servers 172.25.35.1;
option domain-name "ozgur.turanli";
zone ozgur.turanli. {
primary 172.25.35.1;
key MyKey;
}
zone 35.25.172.in-addr.arpa. {
primary 172.25.35.1;
key MyKey;
}
}
DHCP Interface Configuration
/etc/default/isc-dhcp-server
INTERFACESv4="enp0s8"
DNS Configuration
/etc/bind/named.conf.local
include "/etc/bind/MyKey.key";
zone "ozgur.turanli" {
type master;
file "ozgurturanli.forward";
allow-update { key MyKey; };
};
zone "35.25.172.in-addr.arpa" {
type master;
file "ozgurturanli.reverse";
allow-update { key MyKey; };
};
/etc/hosts
DNS Forward Zone File
/var/cache/bind/ozgurturanli.forward
$TTL 86400 ; 1 day
@ IN SOA dns1.ozgur.turanli. root (
3 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS dns1.ozgur.turanli.
dns1 A 172.25.35.1
DNS Reverse Zone File
/var/cache/bind/ozgurturanli.reverse
$TTL 86400 ; 1 day
@ IN SOA dns1.ozgur.turanli. root )
3 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS dns1.ozgur.turanli.
1 PTR dns1.ozgur.turanli.
/etc/bind/named.conf.local ozgur.turanli
A web server can serve up to 12000 Virtual-Hosts
apt install apache2
After the installation we can reach the default Apache2 Web Site.
root@ubuntu-server:~# ls -l /etc/apache2/
total 80
-rw-r--r-- 1 root root 7224 Apr 10 17:45 apache2.conf
drwxr-xr-x 2 root root 4096 May 17 07:13 conf-available
drwxr-xr-x 2 root root 4096 May 17 07:13 conf-enabled
-rw-r--r-- 1 root root 1782 Dec 4 18:58 envvars
-rw-r--r-- 1 root root 31063 Dec 4 18:58 magic
drwxr-xr-x 2 root root 12288 May 17 07:13 mods-available
drwxr-xr-x 2 root root 4096 May 17 07:13 mods-enabled
-rw-r--r-- 1 root root 320 Dec 4 18:58 ports.conf
drwxr-xr-x 2 root root 4096 May 17 07:13 sites-available
drwxr-xr-x 2 root root 4096 May 17 07:13 sites-enabled
root@ubuntu-server:~# ls -l /etc/apache2/sites-enabled/
total 0
lrwxrwxrwx 1 root root 35 May 17 07:13 000-default.conf -> ../sites-available/000-default.conf
Configuration
nano /etc/apache2/apache2.conf
<Directory /> recursive
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
root@ubuntu-server:/etc/apache2# ls -l /var/www
total 4
drwxr-xr-x 2 root root 4096 May 17 07:13 html
root@ubuntu-server:/etc/apache2/sites-available# ls -l
total 12
-rw-r--r-- 1 root root 1332 Dec 4 18:58 000-default.conf
-rw-r--r-- 1 root root 6338 Dec 4 18:58 default-ssl.conf
root@ubuntu-server:/etc/apache2# less ports.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
nano /etc/apache2/sites-available/000-default.conf
DocumentRoot /var/www/html Important
root@ubuntu-server:/etc/apache2/sites-available# nano www.conf
<VirtualHost *:80>
ServerName www.ozgur.turanli
DocumentRoot /srv/web/www
<Directory /srv/web/www>
Require all granted
</Directory>
</VirtualHost>
root@ubuntu-server:/etc/apache2/sites-available# mkdir /srv/web/www -p
root@ubuntu-server:/etc/apache2/sites-available# nano /srv/web/www/index.html
<html>
<head>
<title>Under Construction</title>
</head>
<body>
<h1> under construction !! </h1>
</body>
</html>
root@ubuntu-server:/etc/apache2/sites-available# nano /var/cache/bind/ozgurturanli.forward
Add this line:
www A 172.25.35.1
root@ubuntu-server:/etc/apache2/sites-available# systemctl reload named.service
!!! With Fedora systemd-resolved should also be reset !!!
root@fedora:~# systemctl restart systemd-resolved.service
root@fedora:~# ping www.ozgur.turanli
PING www.ozgur.turanli (172.25.35.1) 56(84) bytes of data.
64 bytes from dns1.ozgur.turanli (172.25.35.1): icmp_seq=1 ttl=64 time=19.6 ms
64 bytes from dns1.ozgur.turanli (172.25.35.1): icmp_seq=2 ttl=64 time=1.17 ms
^C
--- www.ozgur.turanli ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1003ms
rtt min/avg/max/mdev = 1.168/10.381/19.595/9.213 ms
Activate the Sites
root@ubuntu-server:/etc/apache2# a2ensite www.conf
Enabling site www.
To activate the new configuration, you need to run:
systemctl reload apache2
Duplicating a Site
root@ubuntu-server:/etc/apache2/sites-available# sed s/www/xxx/ www.conf > xxx.conf
Baut 'mal bitte 2 Virtuelle Hosts in Namen: emma.sankt.pauli und otto.sankt.pauli
nano /var/cache/bind/sankt.pauli.forward
$TTL 86400 ; 1 day
@ IN SOA dns1.sankt.pauli. root (
6 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS dns1.sankt.pauli.
dns1 A 172.25.35.1
emma A 172.25.35.1
otto A 172.25.35.1
nano /etc/bind/named.conf.local
Add the following:
zone "sankt.pauli" {
type master;
file "sankt.pauli.forward";
allow-update { key MyKey; };
};
root@ubuntu-server:/etc/apache2/sites-available# nano emma.conf
<VirtualHost *:80>
ServerName emma.sankt.pauli
DocumentRoot /srv/web/emma
<Directory /srv/web/emma>
Require all granted
</Directory>
</VirtualHost>
root@ubuntu-server:/etc/apache2/sites-available# nano otto.conf
<VirtualHost *:80>
ServerName otto.sankt.pauli
DocumentRoot /srv/web/otto
<Directory /srv/web/otto>
Require all granted
</Directory>
</VirtualHost>
root@ubuntu-server:/etc/apache2/sites-available# mkdir /srv/web/emma
root@ubuntu-server:/etc/apache2/sites-available# mkdir /srv/web/otto
nano /srv/web/emma/index.html
nano /srv/web/otto/index.html
root@ubuntu-server:/etc/apache2# a2ensite emma.conf otto.conf
systemctl restart named.service
systemctl restart isc-dhcp-server.service
systemctl reload apache2
https
Zertifikat
LDAP
Country | C | DE |
---|---|---|
State | St | Hamburg |
Local | l | Hamburg |
Organization | o | Volksbank |
Organizational Unit | ou | IT-Abt.33 |
Common Name | cn | www.service.volksbank.hamburg.de |
openssl to create SSL certificates.
mkdir /etc/apache2/cert
cd /etc/apache2/cert
root@ubuntu-server:/etc/apache2/cert# openssl req -new > otto.csr
...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+....+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+......+.+..+......+....+..................+..+.+..+....+........+..........+...+........+.+...+...+..................+.....+......+...+............+....+..+.......+..+....+..+............+.+..+....+...+...+.........+..............+.......+........................+......+.....+...+......+...+.....................+....+...+.....+....+.....+..........+........+..........+..+...+......+.+...........+..........+.................+.+.....+.+......+..+...+..........+...+.................+...+...............+.+...+..+.+...+...............+..............+.......+...+........+....+.........+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
......+........+...+...+....+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+..+....+.....+.+......+..+......+....+..+...+......+......+.........+.......+..+..........+........+...+.+........+...+.......+...+........+.+.....+.+.....+...+.+...+...+.........+.........+.........+......+..+.........+......+............+.+.....+.+......+..+......+.+.....+.+..+...+.......+..+...+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...........+.......+.....+...+.......+............+......+..+..........+.......................+..........+.........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Enter PEM pass phrase:1234
Verifying - Enter PEM pass phrase:1234
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Hamburg
Locality Name (eg, city) []:Hamburg
Organization Name (eg, company) [Internet Widgits Pty Ltd]:OTTO AG
Organizational Unit Name (eg, section) []:IT-Abt.1
Common Name (e.g. server FQDN or YOUR name) []:otto.sankt.pauli
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@ubuntu-server:/etc/apache2/cert# ls -l
total 8
-rw-r--r-- 1 root root 1062 May 21 10:13 otto.csr
-rw------- 1 root root 1854 May 21 10:07 privkey.pem
root@ubuntu-server:/etc/apache2/cert# openssl rsa -in privkey.pem -out otto.key
Enter pass phrase for privkey.pem:
writing RSA key
root@ubuntu-server:/etc/apache2/cert# ls -l
total 12
-rw-r--r-- 1 root root 1062 May 21 10:13 otto.csr
-rw------- 1 root root 1704 May 21 10:17 otto.key
-rw------- 1 root root 1854 May 21 10:07 privkey.pem
root@ubuntu-server:/etc/apache2/cert# openssl x509 -in otto.csr -out otto.crt -req -signkey otto.key
Certificate request self-signature ok
subject=C = DE, ST = Hamburg, L = Hamburg, O = OTTO AG, OU = IT-Abt.1, CN = otto.sankt.pauli, emailAddress = [email protected]
root@ubuntu-server:/etc/apache2/cert# ls -l
total 16
-rw-r--r-- 1 root root 1334 May 21 10:25 otto.crt
-rw-r--r-- 1 root root 1062 May 21 10:13 otto.csr
-rw------- 1 root root 1704 May 21 10:17 otto.key
-rw------- 1 root root 1854 May 21 10:07 privkey.pem
root@ubuntu-server:/etc/apache2/sites-enabled# ls -l
total 0
lrwxrwxrwx 1 root root 35 May 17 07:13 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 28 May 21 07:00 emma.conf -> ../sites-available/emma.conf
lrwxrwxrwx 1 root root 28 May 21 07:00 otto.conf -> ../sites-available/otto.conf
lrwxrwxrwx 1 root root 27 May 17 11:44 www.conf -> ../sites-available/www.conf
lrwxrwxrwx 1 root root 27 May 17 12:42 xxx.conf -> ../sites-available/xxx.conf
root@ubuntu-server:/etc/apache2/sites-enabled# nano otto.conf
root@ubuntu-server:/etc/apache2/sites-enabled# less ../ports.conf
root@ubuntu-server:/etc/apache2/sites-enabled# cd ..
root@ubuntu-server:/etc/apache2# ls -l
total 84
-rw-r--r-- 1 root root 7224 Apr 10 17:45 apache2.conf
drwxr-xr-x 2 root root 4096 May 21 10:25 cert
drwxr-xr-x 2 root root 4096 May 17 07:13 conf-available
drwxr-xr-x 2 root root 4096 May 17 07:13 conf-enabled
-rw-r--r-- 1 root root 1782 Dec 4 18:58 envvars
-rw-r--r-- 1 root root 31063 Dec 4 18:58 magic
drwxr-xr-x 2 root root 12288 May 17 07:13 mods-available
drwxr-xr-x 2 root root 4096 May 17 07:13 mods-enabled
-rw-r--r-- 1 root root 320 Dec 4 18:58 ports.conf
drwxr-xr-x 2 root root 4096 May 21 07:03 sites-available
drwxr-xr-x 2 root root 4096 May 21 11:40 sites-enabled
root@ubuntu-server:/etc/apache2# ls -l mods-available/
total 568
-rw-r--r-- 1 root root 100 Dec 4 18:58 access_compat.load
-rw-r--r-- 1 root root 377 Dec 4 18:58 actions.conf
-rw-r--r-- 1 root root 66 Dec 4 18:58 actions.load
-rw-r--r-- 1 root root 843 Dec 4 18:58 alias.conf
-rw-r--r-- 1 root root 62 Dec 4 18:58 alias.load
-rw-r--r-- 1 root root 76 Dec 4 18:58 allowmethods.load
-rw-r--r-- 1 root root 76 Dec 4 18:58 asis.load
-rw-r--r-- 1 root root 94 Dec 4 18:58 auth_basic.load
-rw-r--r-- 1 root root 96 Dec 4 18:58 auth_digest.load
-rw-r--r-- 1 root root 100 Dec 4 18:58 auth_form.load
-rw-r--r-- 1 root root 72 Dec 4 18:58 authn_anon.load
-rw-r--r-- 1 root root 72 Dec 4 18:58 authn_core.load
-rw-r--r-- 1 root root 85 Dec 4 18:58 authn_dbd.load
-rw-r--r-- 1 root root 70 Dec 4 18:58 authn_dbm.load
-rw-r--r-- 1 root root 72 Dec 4 18:58 authn_file.load
-rw-r--r-- 1 root root 78 Dec 4 18:58 authn_socache.load
-rw-r--r-- 1 root root 74 Dec 4 18:58 authnz_fcgi.load
-rw-r--r-- 1 root root 90 Dec 4 18:58 authnz_ldap.load
-rw-r--r-- 1 root root 72 Dec 4 18:58 authz_core.load
-rw-r--r-- 1 root root 96 Dec 4 18:58 authz_dbd.load
-rw-r--r-- 1 root root 92 Dec 4 18:58 authz_dbm.load
-rw-r--r-- 1 root root 104 Dec 4 18:58 authz_groupfile.load
-rw-r--r-- 1 root root 94 Dec 4 18:58 authz_host.load
-rw-r--r-- 1 root root 74 Dec 4 18:58 authz_owner.load
-rw-r--r-- 1 root root 94 Dec 4 18:58 authz_user.load
-rw-r--r-- 1 root root 3374 Dec 4 18:58 autoindex.conf
-rw-r--r-- 1 root root 70 Dec 4 18:58 autoindex.load
-rw-r--r-- 1 root root 64 Dec 4 18:58 brotli.load
-rw-r--r-- 1 root root 64 Dec 4 18:58 buffer.load
-rw-r--r-- 1 root root 889 Dec 4 18:58 cache_disk.conf
-rw-r--r-- 1 root root 89 Dec 4 18:58 cache_disk.load
-rw-r--r-- 1 root root 62 Dec 4 18:58 cache.load
-rw-r--r-- 1 root root 95 Dec 4 18:58 cache_socache.load
-rw-r--r-- 1 root root 70 Dec 4 18:58 cern_meta.load
-rw-r--r-- 1 root root 115 Dec 4 18:58 cgid.conf
-rw-r--r-- 1 root root 60 Dec 4 18:58 cgid.load
-rw-r--r-- 1 root root 58 Dec 4 18:58 cgi.load
-rw-r--r-- 1 root root 76 Dec 4 18:58 charset_lite.load
-rw-r--r-- 1 root root 60 Dec 4 18:58 data.load
-rw-r--r-- 1 root root 83 Dec 4 18:58 dav_fs.conf
-rw-r--r-- 1 root root 79 Dec 4 18:58 dav_fs.load
-rw-r--r-- 1 root root 93 Dec 4 18:58 dav.load
-rw-r--r-- 1 root root 68 Dec 4 18:58 dav_lock.load
-rw-r--r-- 1 root root 58 Dec 4 18:58 dbd.load
-rw-r--r-- 1 root root 460 Dec 4 18:58 deflate.conf
-rw-r--r-- 1 root root 84 Dec 4 18:58 deflate.load
-rw-r--r-- 1 root root 64 Dec 4 18:58 dialup.load
-rw-r--r-- 1 root root 157 Dec 4 18:58 dir.conf
-rw-r--r-- 1 root root 58 Dec 4 18:58 dir.load
-rw-r--r-- 1 root root 64 Dec 4 18:58 dump_io.load
-rw-r--r-- 1 root root 60 Dec 4 18:58 echo.load
-rw-r--r-- 1 root root 58 Dec 4 18:58 env.load
-rw-r--r-- 1 root root 66 Dec 4 18:58 expires.load
-rw-r--r-- 1 root root 72 Dec 4 18:58 ext_filter.load
-rw-r--r-- 1 root root 89 Dec 4 18:58 file_cache.load
-rw-r--r-- 1 root root 64 Dec 4 18:58 filter.load
-rw-r--r-- 1 root root 66 Dec 4 18:58 headers.load
-rw-r--r-- 1 root root 176 Dec 4 18:58 heartbeat.load
-rw-r--r-- 1 root root 182 Dec 4 18:58 heartmonitor.load
-rw-r--r-- 1 root root 1240 Dec 4 18:58 http2.conf
-rw-r--r-- 1 root root 62 Dec 4 18:58 http2.load
-rw-r--r-- 1 root root 62 Dec 4 18:58 ident.load
-rw-r--r-- 1 root root 68 Dec 4 18:58 imagemap.load
-rw-r--r-- 1 root root 82 Dec 4 18:58 include.load
-rw-r--r-- 1 root root 402 Dec 4 18:58 info.conf
-rw-r--r-- 1 root root 60 Dec 4 18:58 info.load
-rw-r--r-- 1 root root 116 Dec 4 18:58 lbmethod_bybusyness.load
-rw-r--r-- 1 root root 116 Dec 4 18:58 lbmethod_byrequests.load
-rw-r--r-- 1 root root 114 Dec 4 18:58 lbmethod_bytraffic.load
-rw-r--r-- 1 root root 114 Dec 4 18:58 lbmethod_heartbeat.load
-rw-r--r-- 1 root root 121 Dec 4 18:58 ldap.conf
-rw-r--r-- 1 root root 60 Dec 4 18:58 ldap.load
-rw-r--r-- 1 root root 70 Dec 4 18:58 log_debug.load
-rw-r--r-- 1 root root 76 Dec 4 18:58 log_forensic.load
-rw-r--r-- 1 root root 58 Dec 4 18:58 lua.load
-rw-r--r-- 1 root root 62 Dec 4 18:58 macro.load
-rw-r--r-- 1 root root 56 Dec 4 18:58 md.load
-rw-r--r-- 1 root root 7696 Dec 4 18:58 mime.conf
-rw-r--r-- 1 root root 60 Dec 4 18:58 mime.load
-rw-r--r-- 1 root root 120 Dec 4 18:58 mime_magic.conf
-rw-r--r-- 1 root root 72 Dec 4 18:58 mime_magic.load
-rw-r--r-- 1 root root 668 Dec 4 18:58 mpm_event.conf
-rw-r--r-- 1 root root 106 Dec 4 18:58 mpm_event.load
-rw-r--r-- 1 root root 571 Dec 4 18:58 mpm_prefork.conf
-rw-r--r-- 1 root root 108 Dec 4 18:58 mpm_prefork.load
-rw-r--r-- 1 root root 836 Dec 4 18:58 mpm_worker.conf
-rw-r--r-- 1 root root 107 Dec 4 18:58 mpm_worker.load
-rw-r--r-- 1 root root 724 Dec 4 18:58 negotiation.conf
-rw-r--r-- 1 root root 74 Dec 4 18:58 negotiation.load
-rw-r--r-- 1 root root 87 Dec 4 18:58 proxy_ajp.load
-rw-r--r-- 1 root root 347 Dec 4 18:58 proxy_balancer.conf
-rw-r--r-- 1 root root 115 Dec 4 18:58 proxy_balancer.load
-rw-r--r-- 1 root root 822 Dec 4 18:58 proxy.conf
-rw-r--r-- 1 root root 95 Dec 4 18:58 proxy_connect.load
-rw-r--r-- 1 root root 95 Dec 4 18:58 proxy_express.load
-rw-r--r-- 1 root root 89 Dec 4 18:58 proxy_fcgi.load
-rw-r--r-- 1 root root 93 Dec 4 18:58 proxy_fdpass.load
-rw-r--r-- 1 root root 189 Dec 4 18:58 proxy_ftp.conf
-rw-r--r-- 1 root root 87 Dec 4 18:58 proxy_ftp.load
-rw-r--r-- 1 root root 93 Dec 4 18:58 proxy_hcheck.load
-rw-r--r-- 1 root root 2511 Dec 4 18:58 proxy_html.conf
-rw-r--r-- 1 root root 97 Dec 4 18:58 proxy_html.load
-rw-r--r-- 1 root root 97 Dec 4 18:58 proxy_http2.load
-rw-r--r-- 1 root root 89 Dec 4 18:58 proxy_http.load
-rw-r--r-- 1 root root 62 Dec 4 18:58 proxy.load
-rw-r--r-- 1 root root 89 Dec 4 18:58 proxy_scgi.load
-rw-r--r-- 1 root root 91 Dec 4 18:58 proxy_uwsgi.load
-rw-r--r-- 1 root root 97 Dec 4 18:58 proxy_wstunnel.load
-rw-r--r-- 1 root root 85 Dec 4 18:58 ratelimit.load
-rw-r--r-- 1 root root 70 Dec 4 18:58 reflector.load
-rw-r--r-- 1 root root 68 Dec 4 18:58 remoteip.load
-rw-r--r-- 1 root root 1190 Dec 4 18:58 reqtimeout.conf
-rw-r--r-- 1 root root 72 Dec 4 18:58 reqtimeout.load
-rw-r--r-- 1 root root 66 Dec 4 18:58 request.load
-rw-r--r-- 1 root root 66 Dec 4 18:58 rewrite.load
-rw-r--r-- 1 root root 58 Dec 4 18:58 sed.load
-rw-r--r-- 1 root root 99 Dec 4 18:58 session_cookie.load
-rw-r--r-- 1 root root 99 Dec 4 18:58 session_crypto.load
-rw-r--r-- 1 root root 93 Dec 4 18:58 session_dbd.load
-rw-r--r-- 1 root root 66 Dec 4 18:58 session.load
-rw-r--r-- 1 root root 1373 Jan 17 03:00 setenvif.conf
-rw-r--r-- 1 root root 68 Dec 4 18:58 setenvif.load
-rw-r--r-- 1 root root 78 Dec 4 18:58 slotmem_plain.load
-rw-r--r-- 1 root root 74 Dec 4 18:58 slotmem_shm.load
-rw-r--r-- 1 root root 74 Dec 4 18:58 socache_dbm.load
-rw-r--r-- 1 root root 84 Dec 4 18:58 socache_memcache.load
-rw-r--r-- 1 root root 78 Dec 4 18:58 socache_redis.load
-rw-r--r-- 1 root root 78 Dec 4 18:58 socache_shmcb.load
-rw-r--r-- 1 root root 66 Dec 4 18:58 speling.load
-rw-r--r-- 1 root root 3110 Dec 4 18:58 ssl.conf
-rw-r--r-- 1 root root 97 Dec 4 18:58 ssl.load
-rw-r--r-- 1 root root 749 Dec 4 18:58 status.conf
-rw-r--r-- 1 root root 64 Dec 4 18:58 status.load
-rw-r--r-- 1 root root 72 Dec 4 18:58 substitute.load
-rw-r--r-- 1 root root 64 Dec 4 18:58 suexec.load
-rw-r--r-- 1 root root 70 Dec 4 18:58 unique_id.load
-rw-r--r-- 1 root root 324 Dec 4 18:58 userdir.conf
-rw-r--r-- 1 root root 66 Dec 4 18:58 userdir.load
-rw-r--r-- 1 root root 70 Dec 4 18:58 usertrack.load
-rw-r--r-- 1 root root 74 Dec 4 18:58 vhost_alias.load
-rw-r--r-- 1 root root 66 Dec 4 18:58 xml2enc.load
root@ubuntu-server:/etc/apache2# ls -l mods-enabled/
total 0
lrwxrwxrwx 1 root root 36 May 17 07:13 access_compat.load -> ../mods-available/access_compat.load
lrwxrwxrwx 1 root root 28 May 17 07:13 alias.conf -> ../mods-available/alias.conf
lrwxrwxrwx 1 root root 28 May 17 07:13 alias.load -> ../mods-available/alias.load
lrwxrwxrwx 1 root root 33 May 17 07:13 auth_basic.load -> ../mods-available/auth_basic.load
lrwxrwxrwx 1 root root 33 May 17 07:13 authn_core.load -> ../mods-available/authn_core.load
lrwxrwxrwx 1 root root 33 May 17 07:13 authn_file.load -> ../mods-available/authn_file.load
lrwxrwxrwx 1 root root 33 May 17 07:13 authz_core.load -> ../mods-available/authz_core.load
lrwxrwxrwx 1 root root 33 May 17 07:13 authz_host.load -> ../mods-available/authz_host.load
lrwxrwxrwx 1 root root 33 May 17 07:13 authz_user.load -> ../mods-available/authz_user.load
lrwxrwxrwx 1 root root 32 May 17 07:13 autoindex.conf -> ../mods-available/autoindex.conf
lrwxrwxrwx 1 root root 32 May 17 07:13 autoindex.load -> ../mods-available/autoindex.load
lrwxrwxrwx 1 root root 30 May 17 07:13 deflate.conf -> ../mods-available/deflate.conf
lrwxrwxrwx 1 root root 30 May 17 07:13 deflate.load -> ../mods-available/deflate.load
lrwxrwxrwx 1 root root 26 May 17 07:13 dir.conf -> ../mods-available/dir.conf
lrwxrwxrwx 1 root root 26 May 17 07:13 dir.load -> ../mods-available/dir.load
lrwxrwxrwx 1 root root 26 May 17 07:13 env.load -> ../mods-available/env.load
lrwxrwxrwx 1 root root 29 May 17 07:13 filter.load -> ../mods-available/filter.load
lrwxrwxrwx 1 root root 27 May 17 07:13 mime.conf -> ../mods-available/mime.conf
lrwxrwxrwx 1 root root 27 May 17 07:13 mime.load -> ../mods-available/mime.load
lrwxrwxrwx 1 root root 32 May 17 07:13 mpm_event.conf -> ../mods-available/mpm_event.conf
lrwxrwxrwx 1 root root 32 May 17 07:13 mpm_event.load -> ../mods-available/mpm_event.load
lrwxrwxrwx 1 root root 34 May 17 07:13 negotiation.conf -> ../mods-available/negotiation.conf
lrwxrwxrwx 1 root root 34 May 17 07:13 negotiation.load -> ../mods-available/negotiation.load
lrwxrwxrwx 1 root root 33 May 17 07:13 reqtimeout.conf -> ../mods-available/reqtimeout.conf
lrwxrwxrwx 1 root root 33 May 17 07:13 reqtimeout.load -> ../mods-available/reqtimeout.load
lrwxrwxrwx 1 root root 31 May 17 07:13 setenvif.conf -> ../mods-available/setenvif.conf
lrwxrwxrwx 1 root root 31 May 17 07:13 setenvif.load -> ../mods-available/setenvif.load
lrwxrwxrwx 1 root root 29 May 17 07:13 status.conf -> ../mods-available/status.conf
lrwxrwxrwx 1 root root 29 May 17 07:13 status.load -> ../mods-available/status.load
root@ubuntu-server:/etc/apache2# a2en
a2enconf a2enmod a2ensite
root@ubuntu-server:/etc/apache2# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
systemctl restart apache2
root@ubuntu-server:/etc/apache2# systemctl restart apache2.service
root@ubuntu-server:/etc/apache2# ss -tna
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 10 10.0.2.15:53 0.0.0.0:*
LISTEN 0 10 10.0.2.15:53 0.0.0.0:*
LISTEN 0 10 10.0.2.15:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 10 127.0.0.1:53 0.0.0.0:*
LISTEN 0 10 127.0.0.1:53 0.0.0.0:*
LISTEN 0 10 127.0.0.1:53 0.0.0.0:*
LISTEN 0 10 172.25.35.1:53 0.0.0.0:*
LISTEN 0 10 172.25.35.1:53 0.0.0.0:*
LISTEN 0 10 172.25.35.1:53 0.0.0.0:*
LISTEN 0 5 127.0.0.1:953 0.0.0.0:*
LISTEN 0 5 127.0.0.1:953 0.0.0.0:*
LISTEN 0 5 127.0.0.1:953 0.0.0.0:*
ESTAB 0 0 172.25.35.1:22 172.25.35.20:51820
LISTEN 0 511 *:443 *:*
LISTEN 0 10 [::1]:53 [::]:*
LISTEN 0 10 [::1]:53 [::]:*
LISTEN 0 10 [::1]:53 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 511 *:80 *:*
LISTEN 0 10 [fe80::a00:27ff:fe14:809c]%enp0s8:53 [::]:*
LISTEN 0 10 [fe80::a00:27ff:fe14:809c]%enp0s8:53 [::]:*
LISTEN 0 10 [fe80::a00:27ff:fe14:809c]%enp0s8:53 [::]:*
LISTEN 0 10 [fe80::a00:27ff:fe84:8f6e]%enp0s3:53 [::]:*
LISTEN 0 10 [fe80::a00:27ff:fe84:8f6e]%enp0s3:53 [::]:*
LISTEN 0 10 [fe80::a00:27ff:fe84:8f6e]%enp0s3:53 [::]:*
LISTEN 0 5 [::1]:953 [::]:*
LISTEN 0 5 [::1]:953 [::]:*
LISTEN 0 5 [::1]:953 [::]:*
root@ubuntu-server:/etc/apache2# ls -l mods-enabled/ssl*
lrwxrwxrwx 1 root root 26 May 21 11:44 mods-enabled/ssl.conf -> ../mods-available/ssl.conf
lrwxrwxrwx 1 root root 26 May 21 11:44 mods-enabled/ssl.load -> ../mods-available/ssl.load
root@ubuntu-server:/etc/apache2# nano /etc/apache2/sites-available/otto.conf
<VirtualHost *:80>
ServerName otto.sankt.pauli
Redirect / https://otto.sankt.pauli
</VirtualHost>
<VirtualHost *:443>
ServerName otto.sankt.pauli
DocumentRoot /srv/web/otto
SSLEngine on
SSLCertificateFile /etc/apache2/cert/otto.crt
SSLCertificateKeyFile /etc/apache2/cert/otto.key
<Directory /srv/web/otto>
Require all granted
</Directory>
</VirtualHost>
The settings for otto are done.
For emma, we make the same
root@ubuntu-server:/etc/apache2/cert# openssl req -new -out emma.csr
...+...+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.........+..+......+.......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+............+.....+....+..+..........+..+.+...............+.....+............+.........+.+.....+...+.+......+...............+...+.........+.....+...+....+......+..............+...............+.+...+.....+.........+.......+.....+......+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+..+...+.+.....+......+.........+.+........+................+............+...+..+..................+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.....+.......+......+.....+....+...+..............+................+..+............+.+..+...+...+......+....+.........+..+....+..+....+.........+.....+....+......+......+...+...+..+...............+.......+...+..+.........+....+..+.+........+.........+...+.............+......+......+..+.+......+....................+.+..+.+...........+......+.........+.+.....+...+....+............+...+......+..+.......+...+..+...........................+.........+....+..+...+......+......+....+.....+.......+...+......+........+.......+...+.....+...+.........+.+...+......+......+.....+...+.+...+............+...+........+...+......+.+...+...........+....+.........+.....+.+...............+......+....................+...+.......+.....................+...+..+...............+.......+...+...+..+...+.+........+.+......+...........+.......+.....+...+.............+.........+...+..+............+...+.+..+..........+.........+.....+.....................+....+...+...........+..........+..+.......+...+..+.+..+.............+......+.........+.....+....+...+........+..........+..+...+.........+.......+...+..+....+..+.......+..+....+..+....+...+..+...+.+..............+...+...+.+...+...+...............+..+.+.....+.+.....+......+....+...+...+..............+.+..+............+...+...+...+.....................+...+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Hamburg
Locality Name (eg, city) []:Hamburg
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Emma GmbH
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:emma.sankt.pauli
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:
root@ubuntu-server:/etc/apache2/cert# ls -l
total 20
-rw-r--r-- 1 root root 1070 May 21 12:22 emma.csr
-rw-r--r-- 1 root root 1334 May 21 12:11 otto.crt
-rw-r--r-- 1 root root 1062 May 21 10:13 otto.csr
-rw------- 1 root root 1704 May 21 10:17 otto.key
-rw------- 1 root root 1854 May 21 12:20 privkey.pem
root@ubuntu-server:/etc/apache2/cert# openssl rsa -in privkey.pem > emma.key
Enter pass phrase for privkey.pem:1234
writing RSA key
root@ubuntu-server:/etc/apache2/cert# openssl x509 -in emma.csr -out emma.crt -req -signkey emma.key
Certificate request self-signature ok
subject=C = DE, ST = Hamburg, L = Hamburg, O = Emma GmbH, CN = emma.sank.pauli, emailAddress = [email protected]
root@ubuntu-server:/etc/apache2/cert# nano /etc/apache2/sites-available/emma.conf
<VirtualHost *:80>
ServerName emma.sankt.pauli
Redirect / https://emma.sankt.pauli
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /srv/web/emma
SSLEngine on
SSLCertificateFile /etc/apache2/cert/emma.crt
SSLCertificateKeyFile /etc/apache2/cert/emma.key
<Directory /srv/web/emma>
Require all granted
</Directory>
</VirtualHost>
root@ubuntu-server:/etc/apache2/cert# systemctl restart apache2.service
du -sh /tmp shows how much space is used.
dmesg displays kernel-related messages retrieved from the kernel ring buffer. The ring buffer stores information about hardware, device driver initialization, and messages from kernel modules that take place during system startup.
who /var/run/utmp
w /var/run/utmp
last /var/log/wtmp
lastlog /var/log/lastlog
umask User Mask
root@ubuntu-server:# umask Standard is 0022
0022
DIR 777 | File 666 |
Filter 0022 | |
mkdir newdir → 755 | touch file.txt → 644 |
chacl Change Access Control List
setfacl
getfacl <file name>
find /home/ -mtime
find /home/ -name foo.txt
man apt simple
info apt more modern version. if info cannot find info page then it forwards to man page.
/usr/share/doc Documentation and sample configuration files
zless to see the content of a compressed file.
zcat to see the content of a compressed file.
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
root@ubuntu-server:/# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
export PATH=$PATH:/var/lib/ we are appending a new path.
root@ubuntu-server:/# export PATH=$PATH:/var/lib/
root@ubuntu-server:/# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/var/lib/
lsmod Which kernel mods (drivers) are available in the kernel
lspci
/var, /usr/ may have its own place. These folders have write access.
find / -uid 1005 finds all the files/directories of the user 1005
find / -uid 1005 | xargs rm {}; delete the files with the user id 1005.
Links (Verknüpfungen)
Hard links use the same inode
Soft (Symbolic) links use different inode. They have their own inodes.
i-node (information node)
ln file.txt file2.txt hard link
ln -s file.txt file2.txt soft link
İki farkli disk arasinda hard link oluşturulamaz. Symbolic link olusturulabilir.
ln file.txt /sdb/part1/file2.txt not possible
ls -li shows inode
usermod to change user name
su <username>
su - <username>
ls -a ls komutundan türetilmis alias.
\ls -a alias yerine direkt komutu calistirir
set USERNAME=bob
USERNAME=bob
echo $USERNAME
cp -r or cp -R recursive copy
kill -l lists all signals
echo $? 0 → successful
man 1 passwd
man 5 passwd
man -f passwd lists which options are available (1, 5, lssl)
whatis passwd
man 8 gdisk
man -k <word to be searched>
man -f passwd
apropos passwd
Hidden files are not erased with rm *
rm * .* erases all files including the hidden files.
1. Nehmen Sie einen Debian Server mit zwei Netzwerkkarten und 4 a 5 GB Festplatten.
2. Die zweite NIC ist im Switch "RAN" und bekommt die IP 172.25.35.1/24.
3. Sie brauchen ein RAID 5 mit Spare. Dieses wird auf /srv/www montiert.
4. Sie brauchen die User leo, lale und lina. Diese sollen in die Gruppe web-admins. Diese wird Eigentümerin von /srv/www mit Vollzugriff.
5. Installieren Sie bind9, isc-dhcp-server und apache2.
6. Richten Sie DDNS ein. Domain: last.chance und eine 100 IPS fassende range.
7. Sie brauchen drei virtuelle Hosts : ftp.last.chance, mail.last.chance und www.last.chance.
8. Diese müssen zertifiziert werden (openssl).