LPI Level 1, Exam 102

Linux Professional Institute Exam 102 Objectives are at http://www.lpi.org/en/obj_102.html Copyright c 2004-2007 Jon R. Fox http://www.drfox.com Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included at http://www.gnu.org/licenses/fdl.txt. $Revision: 217 $ $Date: 2007-01-17 12:28:08 -0500 (Wed, 17 Jan 2007) $

105: Kernel
105.1: Manage/Query kernel and kernel modules at runtime
See LPI Linux Certication in a Nutshell, p. 300. LPI test weight: 4.

alias aliasname targetmodule alias a generic name to a specic module. pre-install module shellcommand run a shell command before installing module modulename install module shellcommand override the default module-insertion command insmod for another post-install module shellcommand run a shell command after installing module modulename pre-remove module shellcommand run a shell command before removing module modulename remove module shellcommand override the default module-removal command rmmod for another post-remove module shellcommand run a shell command after removing module modulename

run make menuconfig A hacked version of cdialog text UI for conguration. run make xconfig Runs an X-Windows menu UI for conguration.

Steps for kernel compilation

Run make dep Source le dependencies are checked and a .depend le is built. Run make clean Removes old output les are prepares for new compilation. Run make bzImage Builds a bootable kernel image le. Run make modules Builds all module (.o) les. Run make modules_install Loadable modules are installed to /lib/modules/x.y.z cp /usr/src/linux/arch/i368/boot/bzImage /boot/kernel-x.y.x to copy le to /boot directory. Finally modify /etc/lilo.conf and run lilo or edit /boot/grub/grub.conf.

uname
uname prints system information uname -a All information in the order: uname -s kernel name (Linux) uname -n Hostname (rsifox) uname -r Kernel release (2.6.10) uname -v Kernel version (#1 SMP Tue Dec 28 15:50:14 EST 2004) uname -m Machine (i686) uname -p Processor type (Mobile Intel(R) Pentium(R) 4 - M CPU 2.00GHz) uname -i Hardware platform (GenuineIntel) uname -o Operating system (GNU/Linux)

Working with modules

Modules are located in /lib/modules/kernel-version Module dependency le /lib/modules/kernel-version/modules.dep lsmod list loaded modules. Displays name, size in bytes, use count, and referring modules. insmod modulename Insert a module into the running kernel. insmod -s display results to syslog instead of stdout. insmod -v sets verbose mode. depmod Writes module dependency information to /lib/modules/kernel-version/modules.dep modinfo modulename displays helpful module information modinfo -a displays module author. modinfo -d displays moduless description. modinfo -P displays the typed parameters that module supports. modprobe modulename determines module dependencies and install prerequisites. modprobe -r modulename removes module. modprobe -s display results to syslog instead of stdout. modprobe -v sets verbose mode. modprobe -a loads all modules. modprobe -c displays a complete module conguration. modprobe -l list modules. modprobe -t tag conne to a certain kernel tag such as net, block, cdrom, fs, ipv4, misc. rmmod modulename removes a loaded module. rmmod -a removes all unused modules. rmmod -s display results to syslog instead of stdout.

106: Boot, Initialization, Shutdown, and Runlevels

106.1: Boot the system
See LPI Linux Certication in a Nutshell, p. 134. LPI test weight: 3.

105.2: Recongure, build, and install a custom kernel and kernel modules
See LPI Linux Certication in a Nutshell, p. 310. LPI test weight: 3.

kernels can accept parameters on boot. Most used is root=/dev/hdaX The kernel gives detailed progress on the console during boot and are stored to disk as soon as a disk and logger comes available. dmesg send kernel ring buffer to stdout dmesg -n 1 Show only kernel panics on console. More logging is shown in /var/log/messages

Kernel versioning
Kernels are numbered as major.minor.patchlevel major releases (currently 2.x.x) minor releases (currently 2.6.x is stable). Typically even numbered kernels are stable and odd numbered minor kernels are development kernels. The 2.5 kernels were dev kernels. patch level (currently at 2.6.10 as stable)

106.2: Change runlevels and shutdown or reboot the system

See LPI Linux Certication in a Nutshell, p. 137. LPI test weight: 3.

Kernel sources and conguration

Kernel sources are stored in sub-directories of /usr/src/ You can get a kernel from http://www.kernel.org and unpack it in /usr/src or download an .rpm or .deb of the kernel-sources. Typically the running kernels source is a symlink /usr/src/linux The kernel conguration settings are stored in /usr/src/linux-x.y.z/.config Some systems also have the compiled .cong options for the running kernel in /proc/config.gz Options for conguring a kernel: edit .config with a text editor run make config in the kernel source directory and answer Y/N/M (yes, no, module) for each option to compile in. run make oldconfig and a new .cong default will be made, or the last customized .cong will be used.

modules.conf le
Module conguration storage: /etc/modules.conf or /etc/conf.modules /etc/modules.conf directives: # Comment lines keep keep default paths depfile deplelocation overrides dependency le location modules.dep path path directory to search for modules. options modulename opt1=val1 opt2=val2 specify modules conguration option defaults.

init run by kernel pid 1 Chnage runlevel with telinit. runlevels: 0 shutdown now 1 single user maintenance 2 multiuser no nfs 3 multiuser text mode (command line) 5 GUI starts X 6 Reboot immediately nicer way sends messages to users: shutdown edit les in \etc\inittab \etc\inittab has line with initdefault Check current runlevel with runlevel. Output is previousRL currentRL. If just booted previousRL will be N.

Printing overview
/etc/printcap Printer capabilities le lpd BSD line printer daemon lpr Pipe print job to line printer lpq Queries and displays queue information lprm removes a jobid from the print queue. lpq Line printer control (superuser control)

Even advanced print systems like CUPS provide old BSD compatibility.

107.2: Manage printers and print queries

See LPI Linux Certication in a Nutshell, p. 324. LPI test weight: 1.

lpq -Pprintername query a particular printer lpq -L Long format lpq username query a particular users jobs lprm - remove all of your print jobs lprm -Pprintername - remove all of your print jobs on a particular printer. lpc has an interactive mode if called w/o command line options. lpc abort all Terminates printing NOW on all printers. lpc abort printername Terminates printing NOW on a specic printer. lpc disable Stops any additional jobs from queueing. lpc enable Allows additional jobs to queue. lpc down message disable, stop, and provide message for users as why the printer is down. lpc restart Restarts lpd daemon. lpc stop Stops printing after current job. lpc start Start printing queue. lpc status Display queue status. topq name jobs Push jobs to the top of the waiting queue name up enable & start a print queue.

107.3: Print les

See LPI Linux Certication in a Nutshell, p. 331. LPI test weight: 1.

lpr Print a le lpr -Pprintername Print a le to a specic queue. lpr -#count Send count copies. lpr -s symbolic link the print job.

107.4: Install and congure local and remote printers

See LPI Linux Certication in a Nutshell, p. 332. LPI test weight: 1.

Colon seperated options if input lter of output lter lp printer device for local printer rp remote spool name rm remote machine name mx max size of print job in blocks sd spool directory for print jobs sh suppress header pages

g top of the le G tail of the le \ Search forwards ? Search backwards H help screen :n next le on command line :p previous le on command line man display manpages man -a display all manpages of that name man -w print location of manpages man 3 nd man in a particular section man page sections 1 Executable programs programs 8 System Administration commands 2 System calls 3 Library calls 4 Special les (usually in /dev 5 File formats and conventions 6 Games 7 Macro packages and conventions 9 Kernel routines N Tcl/Tk GNU info pages Tab Move along hypertext links Enter Follow hypertext d Return to top node ? List all info commands p and n move to previous or next page u move up one level in the Texinfo hierarchy q quit h show info primer /string string search whatis Find a short description (from man pages) for a command. apropos Search the whatis database for a string makewhatis Build the whatis database

109: Shells, Scripting, Programming, and Compiling

109.1: Customize and use the shell environment
See LPI Linux Certication in a Nutshell, p. 340. LPI test weight: 5.

Bash shell environmental variables PATH List of directories which the shell looks for executables. HOME Your home directory USERNAME Your username TERM Type of terminal bash les ~/.bash_history History storage ~/.bash_profile Bash runs with login instance. ~/.bashrc Bash runs with each bash subshell ~/.profile Bash runs if no /.bash_profile ~/.bash_logout Bash runs upon logout. ~/.inputrc Denes optional key-bindings for bash. To look at current shell variables, run bash built-in env To create a new shell variable, use equal sign. #PI=3.141592 To get the command line to print a variable, echo it: echo $PI To use a local variable in other shells, use export: export PI To alias a command use alias: alias more=less To make a function in bash: function MYFUNC(){ command-list; } Modify many many BASH options with set builtin.

109.2: Customize or write simple scripts

See LPI Linux Certication in a Nutshell, p. 351. LPI test weight: 3.

108.2: Find Linux documentation on the Internet

See LPI Linux Certication in a Nutshell, p. 155. LPI test weight: 3.

108: Documentation
108.1: Use and manage local system documentation
See LPI Linux Certication in a Nutshell, p. 147. LPI test weight: 4.

Linux Documentation Project http://www.tldp.org Usenet Newsgroups comp.os.linux comp.os.linux.answers comp.os.linux.networking Archives in http://groups.google.com Websites of specic projects (such as http://www.x.org Mailing Lists Vendor websites

Lots of plain text docs in /usr/share/doc (/usr/doc is a symlink) Use less pager to look at plain text less keystrokes space forward one screen D forward one-half screen Return forward one line B backward one screen U backward one-half screen Y backward one line

108.5: Notify users on system-related issues

Not in LPI Linux Certication in a Nutshell LPI test weight: 1.

/etc/issue pre-login message and identication le for gettys /etc/issue.net The le /etc/issue.net is a text le which contains a message or system identication to be printed before the login prompt of a telnet session. /etc/motd The contents of /etc/motd are displayed by login(1) after a successful login but just before it executes the login shell.

Bash scripts should be prepended with #!/bin/bash Bash Built-in variables $1-$N Stores the arguments (variables) that were passed to the shell program from the command line. $? Stores the exit value of the last command that was executed. $0 Stores the rst word of the entered command (the name of the shell program. $* Stores all the arguments that were entered on the command line ($1 $2 ...). "$@" Stores all the arguments that were entered on the command line, individually quoted ("$1" "$2" ...). Status variable $? Graceful exits normally are zeros. Builtin test expression or [ expression ] The test structures: File comparisons: -d Returns True if le, lename is a directory. -f Returns True if le, lename is an ordinary le. -r Returns True if le, lename can be read by the process. -s Returns True if le, lename has a nonzero length. -w Returns True if le, lename can be written by the process. -x Returns True if le, lename is executable. String comparisons:

Returns True if str1 is identical to str2. Returns True if str1 is not identical to str2. Returns True if str is not null. Returns True if the length of str is greater than zero. -z str Returns True if the length of str is equal to zero. (zero is different than null) Numeric comparisons: int1 -eq int2 Returns True if int1 is equal to int2. int1 -ge int2 Returns True if int1 is greater than or equal to int2. int1 -gt int2 Returns True if int1 is greater than int2. int1 -le int2 Returns True if int1 is less than or equal to int2 int1 -lt int2 Returns True if int1 is less than int2 int1 -ne int2 Returns True if int1 is not equal to int2 Comparing expressions: !expression Returns true if expression is not true expr1 -a expr2 Returns True if expr1 and expr2 are true. && and operator. expr1 -o expr2 Returns True if expr1 or expr2 is true. || or operator. if structure if [ expression ] then commands fi if..then...else structure if [ expression ] then commands else commands fi If..then...else If...else if [ expression ] then commands elif [ expression2 ] then commands else commands fi case structure case string1 in str1) commands;; str2) commands;; *) commands;; esac string1 is compared to str1 and str2. If one of these strings matches string1, the commands up until the double semicolon (; ;) are executed. If neither str1 nor str2 matches string1, the commands associated with the asterisk are executed. This is the default case str1 = str2 str1 != str2 str -n str

condition because the asterisk matches all strings. for do done loop for var1 in list do commands done while loop while [ expression ] do commands done until loop until [ expression ] do commands done functions with arguments fname2 (arg1,arg2...argN){ commands } break [n] exits from the innermost for while or until loop or from n levels of loop. continue [n] skip remaining commands in form while or until loop and go to next iteration (or skip n loops) echo [string] echo string to command line exit [n] exit a shell with status n. The value of n can be 0 (success) or non-zero (failure). read variable1 [variable2] Read a line from stdin and assign to a variable. shift [n] Shift positional parameters down n elements. source Read and execute the lines in le. Mailing results from a script Just pipe a message to the handy mail command (-s option provides an optional subject line) echo "Error! Does not Compute!" |mail -s "Problem" root

useradd -d /home/ecorrado ecorrado home directory useradd -S display (or change) useradd defaults useradd -s /bin/zsh ecorrado change shell useradd -m ecorrado build a home directory from /etc/skel usermod username modify usernames account usermod -L ecorrado Lock users password preventing login usermod -U ecorrado Unlock the users password, enabling usermod -s tcsh ecorrado change users shell the user to log into the system. userdel username delete usernames account userdel -r username delete usernames account and his home directory. groupadd groupname add a group to the system groupmod groupname Modify a group entry groupmod -n newname oldgroupname Rename a groupname groupdel groupname Delete a group. (Rarely done) passwd username Interactively set the password a user. passwd -l username lock a password (su only) gpasswd groupname Interactively set a group password. pwconv convert a standard /etc/passwd le to a shadow password combination pwunconv revert from shadow pw to a standard password le. grpconv convert to a group and shadow group cong. grpunconv revert from a shadow group conguration to a standard group le. chage user modify password aging and expiration settings for user. chage -E expiredate user Set expire date (format is MM/DD/YY or MM/DD/YYYY). chage -l user display pw expiry for a user.

111.2: Tune the user environment and system environment variables

See LPI Linux Certication in a Nutshell, p. 174. LPI test weight: 3.

111: Administrative Tasks

111.1: Manage users and group accounts and related system les
See LPI Linux Certication in a Nutshell, p. 164. LPI test weight: 4.

usernames, password, uid, gid, Users full name, home dir, and default shell saved in /etc/passwd colon delimited le. Shadow password normally used and represented by x in /etc/passwd but actually stored in /etc/shadow. uid, gid are non-negative integers Group information is stored in /etc/group group name, grouppassword, gid, member list are saved in /etc/group in colon delimited format. Normal user programs must be able to read /etc/passwd and /etc/group so passwords are put in the root-read-only /etc/shadow and /etc/gshadow les. Manual editing of /etc/passwd is with vipw Manual editing of /etc/shadow is with vipw -s Manual editing of /etc/group is with vigr Manual editing of /etc/gshadow is with vigr -s useradd user Add account for user on the system. useradd -c "Edward Corrado" ecorrado comment eld

/etc/profile System wide shell conguration script for bash (default PATH is here). an excellent place to set and export a default PATH, PS1, HOSTNAME, HISTSIZE, HISTFILESIZE, USER, LOGNAME, MAIL, INPUTRC an excellent place to put a default umask /etc/skel Skeleton user directory for new users. Typically has a .bash_profile, .bashrc, .bash_logout.

111.3: Congure and use system log les to meet adminstrative and security needs
See LPI Linux Certication in a Nutshell, p. 176. LPI test weight: 3.

syslogd System log daemon displays and records system messages. Most log les live in /var/log /etc/syslog.conf conguration le for syslogd Each line of syslog has entries facility.level action. Facility the creator of the message: auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, local0, local1, ... local7. Level the urgency of the message: debug, info, notice, warning, err, crit, alert, or emerg. Special level none disables a facility. A * can denote all levels. action Destination for the messages that match facility.level|. Options: a lename, a hostname preceded by the @ sign, or a comma

112: Networking Fundamentals seperated list of users (or an *) to alert. use the logger command to send a log message to syslogd. Ex: 112.1: Fundamentals of TCP/IP logger -p local5.info "Script complete. Sleep well, admin." logrotate utility (typically called by cron) to rotate log les. See LPI Linux Certication in a Nutshell, p. 389. LPI test weight: 4. /etc/logrotate.conf conguration le that describes specic Layer protocols les to rotate. OSI model Examine log les with less, or follow them with tail -f, or search them Physical wires with grep. Data Link Ethernet Network IP (switching and routing) Transport TCP, UDP (Reassembles packets, piggie back on IP) 111.4: Automate system administration tasks by IP Addressing scheduling jobs to run in the future 32 bit integers Host addresses are represented as four octets (8bits) such as See LPI Linux Certication in a Nutshell, p. 180. LPI test weight: 4. 192.168.1.127 the crond daemon allows programs to be run periodically. Netmask such as 255.255.255.0 crontab Allows users to modify their cron table. Network Address such as 192.168.1.0 crontab -e interactive editing of crontab Broadcast such as 192.168.1.255 All ones in the host part crontab -l list the users crontab the Netmask operates on the host address with a logical and crontab -r remove the crontab le operator crontab -u jdoe operate on another users crontab. Standardized netmasks crontab elds: minute hour day month dayofweek command Class A 1 octet for network minute (0-59) Class B 2 octets for network hour (0-23) Class C 3 octets for network day of the month (1 to 31) Class patterns have been generalized to allow for different netmasks day of the week (0 to 6 from Sun to Sat). Mneumonic Sunday is netmask: 255.255.255.128 = 35 Nonesday. : 11111111.11111111.11111111.10000000 Command with options : Network1 192.168.1.0/25 /etc/crontab holds system crontabs, which include a username : Broadcast1 192.168. before the command. Reserved Addresses (non-routable) minute hour day month dayofweek runasuser command Class A: 10.0.0.0 10.255.255.255 (10/8) System crontab often used to run admin scripts in Class B: 172.16.0.0 172.31.255.255 (172.16/12) /etc/cron.hourly/, /etc/cron.daily/, /etc/cron.weekly/, Class C: 192.168.0.0 192.168.255.255 (192.168/16) /etc/cron.monthly/ directories. IP Headers at Run a le in the future TTL 8-bit Time to Live at [-f file] time Run the command in the future. 32 bit Source IP address At time specications: HH:MM[AM or PM] MMDDYY 32 bit destination IP address /etc/{at,cron}.deny TCP Header 16 bit Port number source 111.5: Maintain an effective data backup strategy 16 bit destination port TCP Checksum See LPI Linux Certication in a Nutshell, p. 184. LPI test weight: 3. UDP Header Three kinds of backups: Full, incremental, differential 16 bit Port and destination Differential everything changed since the last full backup no checksum Incremental everything changed since the last backup ICMP Packets veried Checked Internet Control Message Protocol Single User Mode is best for backup Error handling and congestion pings Scsi tapes /dev/st0 high priority packet Scsi tapes, no rewind /dev/nst0 Well known ports: Floppy tapes, no rewind /dev/nft0 21,21 FTP and control of FTP tar Tape archiver 22 SSH mt Magnetic take controls 23 Telnet cpio 25 SMTP dd 53 DNS (UDP) 67,68 DHCP server and client 111.6: Maintain system time 80 HTTP Not in LPI Linux Certication in a Nutshell LPI test weight: 4. 110 POP3 NTP 119 NNTP

139 NetBIOS (UDP) 143 IMAP 161 SNMP dig hostname dns agent ftp hostname telnet hostname port Establish a connection on a port telnet pop3.myispmail.com 110 Try out a whois targetServer Gives dns information.

112.3: TCP/IP conguration and troubleshooting

See LPI Linux Certication in a Nutshell, p. 400. LPI test weight: 7.

/etc/hostname mappings of names and IP addresses /etc/nsswitch.conf controls resolver sources /etc/host.conf Only for pre-glibc2 systems /etc/resolv.conf Controls client side of DNS reolver /etc/networks Used for network resolution for networks (optional) host options hostname Display or set your hostname domainname nisname Display or set nisname ifconfig iface parameters Display and congure network interfaces. netstat Display network connections and routing tables, interface stats, and much more. -i -r -p -c -n ping test network connectivity route displays or congures the routing table route add [options] <target> add machine or network route del [options] <target> delete a machine or network Need to have a default route set traceroute Display one routes packets take to reach a host. ifconfig lo 127.0.0.1 Congures a loopback device route add -net 127.0.0.1 netmask 255.0.0.0 lo Routes all packets for 127.0.0.1 ifconfig eth0 down Takes down an interface ifconfig eth0 192.168.1.30 netmask 255.255.255.0 up route add -host route add default gc 192.168.1.1 eth0 DHCP Dynamic Host Control Protocol Automatically assign IP addresses Client sends DHCPDISCOVER broadcast message One or more send DHCPOFFER message Client picks one and broadcast acknowlegement DHCPREQUEST Sever logs connection sends DHCPACK with conguration /etc/dhcpd.conf Cong for DHCP daemon

112.4: Congure Linux as a PPP client

See LPI Linux Certication in a Nutshell, p. 414. LPI test weight: 3.

PPP Point to Point Protocol Establishes a ppp0 network device chat program controls modem When connection established PPP daemon takes over Serial ports in Linux are /dev/ttySnn

/dev/modem is a symlink Serial ports require ow control due to small buffer space Software XON/XOFF Hardware CTS/RTS How it works Client congures serial line dials phone to server PPP is started on client automatically or manually Server informs client of IP Address and begins sending binary data Client uses IP address et al to connect to TCP/IP Chat Scripts Test les Expect/Send pairs First section lists connections that abort Second section includes pw and user information pppd pppd [device] [speed] [options] pppd options connect crtscts debug defaultroute lock persist PAP Password Authentication CHAP Challenge Handshake Auth Protocol MSCHAP Microsoft buggy implentation of CHAP for WinNT RAS Server

113.2: Operate and perform basic conguration of sendmail

See LPI Linux Certication in a Nutshell, p. 429. LPI test weight: 4.

exportfs lists exported lesystems mount -t nfs remotehost:/remotefilesystem /localfilesystem portmapper needs to be running for RPC SMB /etc/smbd Server Messenger Block windows File and Print Sharing smbd File and print sharing nmbd Name sharing of machines /etc/smb.conf Conguration [global] Main conguration [homes] [printers] [shares]

Used to be sendmail.cf le editing The preferred way is sendmail.mc main les: /etc/aliases or /etc/mail/aliases /etc/mail* ~/.forward mailq sendmail buildaliases /etc/aliases les - colon seperated mailname and spoolname \ can make a continuation line ! pipe is allowed for piping to command newaliases rebuilds the alias database. Sendmail conguration le /etc/sendmail.cf m4 program reads an mc le and turns it into a .cf le. (m4 is a macro preprocessor.) Smarthost: define(SMART_HOST, mail.isp.net) # m4 line For simple changes edit: sendmail.cf mailq prints a summary of the mail messages queued for future delivery. It may only be used by the superuser. sendmail -bp starts sendmail as a background daemon sendmail -bd -q15m starts sendmail and processes the queue every 15 minutes.

113.5: Setup and congure basic DNS services

See LPI Linux Certication in a Nutshell, p. 439. LPI test weight: 4.

113: Networking Services

113.1: Congure and manage inetd, xinetd, and related services
See LPI Linux Certication in a Nutshell, p. 425,448,449. LPI test weight: 3.

113.3: Operate and perform basic conguration of Apache

See LPI Linux Certication in a Nutshell, p. 432. LPI test weight: 4.

Daemons listen and fork() a new instance does the work. inetd listens on multiple ports and spawns new daemons. once started passes the connection to the new daemon. GNU/Linux can have many minor services that inetd can manage. Some daemons are designed for use with inetd (they dont fork) inetd not always a good choice frequently used daemons may be slow on startup Conguring (p426): sample le of /etc/inetd.conf. rst eld: service name (matches /etc/services second eld: socket_type (usually stream,dgram third eld: protocol (tcp/udp) fourth eld: ags (nowait,wait) fth eld: user who to run the daemon as a user and/or .group sixth eld: server path the program to run seventh eld: arguments the arguments Restart the service with /etc/init.d/inetdrestart or to re-read cong le kill -SIGHUP PID Dont start a service that is supposed to be running on inetd. tcp wrappers consults /etc/hosts.allow and \etc\hosts.deny Allows beat denys. xinetd Bundles tcpwrappers and inetd together.

Apache Most popular web server software httpd.conf /etc/conf/apache.conf Directives case-insensitive No comments on the same line ServerName Directive PortName 80 Users and Groups DocumentRoot Starting apache /etc/init.d/apache start/stop/status/graceful apachectl -k status/stop/start apachectl -D parameter (denes an <IfDefine> ) apachectl -l parameter (what modules compiled into apachectl) Virtualhost

BIND4 and BIND8 Go to a registrar DNS Domain name service 208.253.168.110 Top of the DNS tree is (.) node1.ofce.lugip.org FQDN name all the way to hostname name resolution /etc/nsswitch.conf /etc/hosts, dns, nis nsswitch says USE DNS hosts: db les dns resolv.conf le : search lugip.org nameserver 10.27.1.10 nameserver 10.27.1.254 search line is for BIND One implementation of DNS. congured with /etc/named.conf (BIND v8) congured with /etc/named.boot (BIND v4) Conguration le options Options logging Access Lists Remote servers Conf le where are zone les, query-source address * port 53; Root zone dened in le Serial number in a zone record needs to increase by one for BIND to see a change. zone les need to have a period at the end of a record like : ns.lugip.org. Conguring a caching only nameserver First time a name is needed, a normal lookup is needed. dig returns DNS records for a hostname. nslookup does that and can do the reverse.

113.4: Properly manage the NFS, smb, and nmb daemons

See LPI Linux Certication in a Nutshell, p. 434. LPI test weight: 4.

NFS RPC an RPC server (Remote Procedure Call), upd and tcp sockets NIS also uses RPC Daemons rpc.nfsd, rpc.mountd /etc/exports directory options mappings for uids and gids possible

113.7: Set up secure shell (OpenSSH)

3 Not in LPI Linux Certication in a Nutshell LPI test weight: 4.

Obtain and congure OpenSSH Basic OpenSSH installation and troubleshooting Conguring sshd to start at system boot

/etc/hosts.allow /etc/hosts.deny /etc/nologin /etc/ssh/sshd_config /etc/ssh_known_hosts /etc/sshrc sshd ssh daemon sshd-keygen Authentication by public key. Can make an ssh key and put the Can compile source http://www.openssh.com/portable.html HISTORY le FAQ le Build it if not a FQDN then you might have to x RequireReverseMapping to no Strict permissions: 0400 on private key, 600 on / and 600 on /.ssh

and 600 authorized_keys Password ag, RSA Password nologin.txt is a eld for a text message for login /etc/nologin if exists no one but root may login. /etc/sshd_config Daemon congure /etc/ssh/ssh_config rc file Just like .bashrc Will run a remote command on remote ssh startup. /etc/ssh_known_hosts

chage Change password socket We dont know what the hell they mean

114.2: Setup host security

See LPI Linux Certication in a Nutshell, p. 458. LPI test weight: 3.

shadow file /etc/syslog.conf /etc/syslog.conf

114.3: Setup user level security

See LPI Linux Certication in a Nutshell, p. 460. LPI test weight: 1.

114: Security
114.1: Perform security administration tasks
See LPI Linux Certication in a Nutshell, p. 446. LPI test weight: 4.

quota usermod ulimit

Copyright c 2004 Jon R. Fox $Revision: 217 $, $Date: 2007-01-17 12:28:08 -0500 (Wed, 17 Jan 2007) $. http://www.drfox.com

find Using it to nd suid programs (p451) ipchains iptables packet ltering. passwd Changes password