3
Table of Contents FamiliarizationGuides............................................................................................................7
NetworkAdminFamiliarization........................................................................................................7Overview..............................................................................................................................................7Creatinganetworkmap......................................................................................................................7MonitoringNetworkTraffic...............................................................................................................10ManagingandProtectingaNetwork.................................................................................................11pfSenseFirewallRuleBasics..............................................................................................................14pfSensePacketCaptures...................................................................................................................15NetworkAdminTools/Skills...............................................................................................................16
EmailAdminFamiliarization...........................................................................................................17Overview............................................................................................................................................17SquirrelMail.......................................................................................................................................18Apache...............................................................................................................................................19Postfix................................................................................................................................................20Dovecot..............................................................................................................................................20EmailAdminTools/Skills....................................................................................................................21HelpdeskAdminTools/Skills..............................................................................................................22
SystemAdminFamiliarization........................................................................................................23Overview............................................................................................................................................23ManagingSystemServices................................................................................................................23ConfigurationandLayout..................................................................................................................24Creatingandmanaginguseraccounts...............................................................................................25SystemAdminTools/Skills.................................................................................................................25
ChatAdminFamiliarization............................................................................................................26Overview............................................................................................................................................26StartingandStopping........................................................................................................................26ConfigurationandLayout..................................................................................................................27Creatingandmanaginguseraccounts...............................................................................................27
WebAdminFamiliarization............................................................................................................28FamiliarizationActivity......................................................................................................................28ApacheRestartActivity......................................................................................................................28WebSiteAdminTools/Skills..............................................................................................................29
ITStaffJobDescriptionsforVCCLL........................................................................................30SystemAdministratorJobDescription............................................................................................30
Summary............................................................................................................................................30EssentialDutiesandResponsibilities.................................................................................................30
NetworkAdministratorJobDescription.........................................................................................31
4
Summary............................................................................................................................................31EssentialDutiesandResponsibilities.................................................................................................31
HelpDeskSpecialistJobDescription...............................................................................................32Summary............................................................................................................................................32EssentialDutiesandResponsibilities.................................................................................................32
WebmasterJobDescription...........................................................................................................33Summary............................................................................................................................................33EssentialDutiesandResponsibilities.................................................................................................33
EmailAdministratorJobDescription..............................................................................................34Summary............................................................................................................................................34EssentialDutiesandResponsibilities.................................................................................................34
SupportingDocuments.........................................................................................................35BasicConnectivityTestingTools.....................................................................................................35
ping....................................................................................................................................................35telnet.................................................................................................................................................35traceroute..........................................................................................................................................35
ITHelpDeskNotes&Flowchart.....................................................................................................36CreateTicket......................................................................................................................................36ContactHelpdesk...............................................................................................................................36CompleteTicket.................................................................................................................................36
OTRSquickguide(v0.1.0_10/4/2015)............................................................................................38ToLogIn............................................................................................................................................38ToCreateCustomerUser..................................................................................................................38Tickets................................................................................................................................................38
View/SearchTextFiles...................................................................................................................40head...................................................................................................................................................40tail......................................................................................................................................................40cat......................................................................................................................................................40less.....................................................................................................................................................40grep....................................................................................................................................................41sort.....................................................................................................................................................42
Pidgininstructions(v0.1_04/14/2015)...........................................................................................43Addingcontacts.................................................................................................................................43JoiningGroup/Chatrooms.................................................................................................................43
UserManagementCommands.......................................................................................................44w........................................................................................................................................................44who....................................................................................................................................................44adduser..............................................................................................................................................44deluser...............................................................................................................................................45addgroup...........................................................................................................................................45delgroup............................................................................................................................................45
5
passwd...............................................................................................................................................46SystemManagementCommands...................................................................................................47
ps.......................................................................................................................................................47top.....................................................................................................................................................47htop...................................................................................................................................................47netstat...............................................................................................................................................48service................................................................................................................................................49ssh......................................................................................................................................................50
FilePermissionManagementCommands.......................................................................................51chmod................................................................................................................................................51chown................................................................................................................................................52sudo...................................................................................................................................................52
HelpandEditorCommands............................................................................................................53man....................................................................................................................................................53apropos..............................................................................................................................................53emacs.................................................................................................................................................54
FileSystemCommands...................................................................................................................55df........................................................................................................................................................55du.......................................................................................................................................................55
LinuxCheatSheet...........................................................................................................................56
Index....................................................................................................................................57
7
Familiarization Guides
WelcometotheVirtualCybersecurityCollaborativeLearningLaboratory(VCCLL)!WehavedevelopedthisparticipantguidetobroadoverviewofthevariousrolesyoumayplayinBetaPortscenariosandtoprovideaquick,easy-to-usereferencekitoftools,methodsandtechniques.Theguidehasbeendesignedtoprovideclear,simpleexplanationsanddirections,whichwillhelpyouthroughoutthelearningexperience.Inaddition,theSupportingDocumentssectionprovidessomeadditionalmaterialsthatshouldhelpyougetthemostoutofthisexcitingvirtualexperience.
NetworkAdminFamiliarization
OverviewThenetworkadministrator’sroleistoplanandcoordinatethedesign,installationandconnectivityofcomputerandnetworksystemstoensurethestableoperationofanorganization’sinformationtechnology(IT)assets.Thenetworkadminmustensurethatuptime,performance,resources,andthesecurityofallnetworksystemsmeettheneedsofusers.Tofulfilltheseorganizationalduties,anetworkadminisresponsiblefordeveloping,configuring,maintainingandsupportingallnewandexistingnetworkhardware,softwareandcommunicationslinks.
Ideally,networkadminsshouldbeabletoquicklyrespondtoallofthefollowingquestionsregardingthenetworksystemsforwhichtheyareresponsible.
• WhatInternetProtocol(IP)subnetsandaddressesdoyoumanage?• Whatserversandendpointsarerunningonyournetwork(s)?• Aretheserverslocalorhostedatanexternalsite?• Whatservices(openports)areavailableoneachserverandhost?• Howisyournetworkconfigured,protectedandisolated?• Whatconnectionsareallowedbetweenservers,hostsandInternetusers?• Isthenetworktrafficfromortospecificendpointsanomalous?• Ifanomalous,wheredothoseconnectionsoriginateandterminate?Iftheconnections
includehostsoutsideyournetwork,wherearetheseendpointslocated?
Fortunately,networkadministratorshaveavarietyoftoolsandapplicationsattheirdisposaltohelpthemmeettheirmyriadresponsibilities.Inthesectionsbelow,thevariousfacetsofthepositionareorganizedintobroadcategories.Withineachcategory,you’llfindabriefdiscussionofthetoolsandapplicationsavailabletomeetthemostcommonneeds.
CreatinganetworkmapAbasicresponsibilityforallnetworkadministratorsistounderstandthenetworklayoutandtoknowwhatserversandendpointsarerunningonthenetwork.Inmanycases,anetworkdiagram
8
mayalreadybeavailable;however,itisimportanttoensurethatnetworkdiagramsarekeptup-to-datebyre-mappingthenetworkonaregularbasis.
Severaltoolsexisttofacilitatenetworkmappingandconnectivitytesting.Inthissection,we’llexplainhowtheUnix/Linuxpingandtraceroutecommandscanbeusedforthispurpose.
pingisasimplecommandusedtotestthereachabilityofahostonanetwork.Italsoreportstheround-triptimeformessagessentfromtheoriginatinghosttoadestinationhostandback.
Forexample,thepingsessionshownbelowisusedtoconfirmthatthehost10.0.2.100isreachableviathenetwork.Notetheuseofthe-c(count)option,whichtakesanintegerargumentrepresentingthenumberofpingpacketsthatshouldbesent.Bydefault,onLinuxsystems,pingwillcontinuesendingpingsuntilCtrl-Cispressed.
ping -c 4 10.0.2.100 PING 10.0.2.100 (10.0.2.100): 56 data bytes 64 bytes from 10.0.2.100: icmp_seq=0 ttl=62 time=1.582 ms 64 bytes from 10.0.2.100: icmp_seq=1 ttl=62 time=1.701 ms 64 bytes from 10.0.2.100: icmp_seq=2 ttl=62 time=1.715 ms 64 bytes from 10.0.2.100: icmp_seq=3 ttl=62 time=1.807 ms
--- 10.0.2.100 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 1.582/1.701/1.807/0.080 ms
Thetraceroutecommanddisplaystheentireroutebetweenthesourcehostandthedestination.traceroutelistsalltheroutersitpassesthroughalongtheway.Inaddition,itmeasuresandreportsthetransitdelaysofpacketsacrossthenetwork.
$ traceroute 10.0.2.100traceroute to 10.0.2.100 (10.0.2.100), 64 hops max, 40 byte packets 1 192.168.100.1 (192.168.100.1) 0 ms 4 ms 0 ms 2 172.35.100.1 (172.35.100.1) 0 ms 3 ms 1 ms 3 10.0.2.100 (10.0.2.100) 9 ms 0 ms 0 ms
Basedontheabovetraceroutecommandresult,wecanseethattherearetworoutersbetweenthesourceanddestinationhosts,withIPaddresses192.168.110.1and172.35.100.1.Usingthisinformation,aswellastheIPaddressofthesourcehost(inthisinstance192.168.100.122),wecanbegintobuildasimplenetworkdiagram,asshowninthefigurebelow.(Note:Thenetworkswitchesshowninthediagramareassumedtoexist,sincetheirpresenceisnotdisclosedbythetraceroutecommand.)
9
However,thispictureofthenetworkisincomplete.Runningathost192.168.100.122,traceroutecanonly“see”therouterinterfacesonthesideoftheroutersitfaces.Toseetheaddressesofthenetworkinterfacesontheothersideoftheserouters,traceroutemustberunfromtheoppositeside,aswell.So,nowwelogintotheoriginaldestinationhost(10.0.2.100)andruntraceroutebacktotheoriginalsourcehost(192.169.100.122).
$ traceroute 192.168.100.122 traceroute to 192.168.100.122 (192.168.100.122), 30 hops max, 60 byte packets 1 10.0.2.15 (10.0.2.15) 0.865 ms 0.850 ms 0.838 ms 2 172.35.100.2 (172.35.100.1) 0.956 ms 0.945 ms 0.931 ms 3 192.168.100.122 (192.168.100.122) 3.123 ms 3.122 ms 3.111 ms
Now,giventheseaddressesfortheinterfacesontheothersideoftherouters,wecancompletethenetworkdiagramfortheportionofthenetworkthatincludesthesetwohosts.
Tocreatenetworkdiagramsoflarger,morecomplexnetworks,itisnecessarytologintohostsindifferentpartsofthenetworkandtoruntraceroutebackandforthamongseveralknownhosts.AndwhileinthisexampleweusedtwoLinuxsystemsasthesourcehosts,otheroptionsareavailable.Forexample,mostrouterandfirewallsystems(includingtheVyOSrouterandpfSensefirewallusedintheBetaPortenvironment)alsoprovideaccesstonetworksoftwaretoolssuchaspingandtraceroute.
Formoreinformationontheseandsimilarcommands,seeBasicConnectivityTestingintheSupportingDocumentssection,aswellasthefamiliarizationguidesforVyOSandpfSense.
10
MonitoringNetworkTrafficNetworktrafficmonitoringtouchesatleasttwomajorareasofconcerntonetworkadmins,includingboththeamountandtypeoftraffictraversingthenetwork.Administratorsmustbeconstantlyalerttopotentialbottleneckswithintheirnetworks,whichcanleadtosubstandardperformance.Theymustalsobeonthelookoutforpotentiallyanomaloustrafficthatmaybeindicativeofanattack,suchasdenial-of-service(DOS),datamodificationorexfiltration,brute-forceloginattempts,andothers.
Networktrafficmonitoringcanbeaccomplishedusingavarietyofmethodsandtechniques.Inthissection,wewillfocusonpassivetechniques.
tcpdumpisacommand-linetoolthatallowstheusertodisplaynetworkpacketsbeingtransmittedorreceivedoveranetworktowhichaparticularhostisattached.tcpdumpprintsthecontentsofnetworkpackets,eitherthosereadinrealtimefromanetworkinterfacecard,orfromapreviouslysavedpacketfile.Thiscommandisavailableonawiderangeofdevices,includingdesktopandserversystems,routersandfirewalls.RunningtcpdumponUnix/Linux-basedsystemsoftenrequiresrootprivileges.Rootprivilegesincludepowersthattherootaccounthasonthesystem(i.e.,completeaccesstoallfilesandcommands).
tcpdumpsupportsawidevarietyofoptions.Afewcommonexamplesaregivenbelow.
Toseealistofavailablenetworkinterfacesonwhichlisteningispossible:
$ sudo tcpdump -D
Tolistenoninterfaceeth0:
$ sudo tcpdump -i eth0
Tolistenonanyavailableinterface(usefulonroutersorfirewalls):
$ sudo tcpdump -i any
Bydefault,tcpdumpdisplaysabaresummaryofpacketinformation.Thelevelofdetail(verbosity)canbeincreasedbyaddingthe-voption.Beverbosewhilecapturingpackets:
$ sudo tcpdump -v
Bemoreverbosewhilecapturingpackets(uptothreevscanbeused):
$ sudo tcpdump -vv
BeverboseandprintthedataofeachpacketinbothhexandASCII,excludingthelinklevelheader:
$ sudo tcpdump –vX
Runningtcpdumpfromanetworkhost,suchasadesktoporserver,canprovideusefulinformationregardingthetrafficonanetwork.Itcanbeevenmoreinformativetorunpacketcapturesonnetworkroutersandfirewalls,sincethesedevicesareableto“see”allnetworktraffictraversingtheirportionsofthenetwork.Thismakesitpossibleforanetworkadministratortogetabetterpictureofallthehostscommunicatingonthenetwork,aswellasthevolumeofnetworktraffic.
11
TheVyOSroutersoftwareisLinux-based,sotcpdumpcanberunfromthecommandlineinthesamewayasonanyLinuxhost.WhenrunningtcpdumponanyhostbywayofanSSHloginsession,it’simportanttofilteroutthetrafficgeneratedbytheloginsessionitself.So,forexample,tocapturenetworkpacketsonaVyOSrouterviaanSSHconnection,displayingIPaddressesandportnumbers(ratherthanhostnamesandportnames),whilefilteringouttrafficgeneratedbytheSSHloginsession(assumingtherouter’sSSHserverisrunningonthedefaultport):
$ tcpdump -nn port not ssh
Formoreinformationandexamplesseethetcpdumpmainpage.
ManagingandProtectingaNetworkWithintheBetaPortenvironment,networkadminsusetwotypesofnetworkdevicestoconfigureandprotecttheirnetworks:VyOSroutersandpfSensefirewalls.Inthissection,we’llprovideabriefoverviewofthesetwodevices.
VyOS
VyOS1isaLinux-basednetworkoperatingsystemthatprovidessoftware-basednetworkroutingandotherfunctionality.InBetaPort,VyOSisusedexclusivelyforrouting.VyOSroutersareconfiguredandcontrolledbywayofacommandlineinterface(CLI).
TheVyOSCLIiscomprisedofanoperationalmodeandaconfigurationmode.Operationalmodeallowsforcommandstoperformoperationalsystemtasksandtoviewsystemandservicestatus,whileconfigurationmodeallowsforthemodificationofsystemconfiguration.TheCLIprovidesabuilt-inhelpsystem.IntheCLIthe[?]keymaybeusedtodisplayavailablecommands.The[tab]keycanbeusedtoauto-completecommandsandwillpresentthehelpsystemuponaconflictorunknownvalue.
Routerconfigurationisnecessaryonlywhennewnetworksareaddedorintheextremelyrareinstancewhenexistingroutesmustbechanged.Therefore,inthisguidewe’llcoveronlyasmallnumberofoperationalmodecommands.
ConfiguredinterfacesonaVyOSsystemcanbedisplayedusingtheshowinterfacescommand.
vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin DownInterface IP Address S/L Description--------- ---------- --- -----------eth0 10.0.2.15/24 u/u Publiceth1 172.35.100.1/24 u/u LANlo 127.0.0.1/8 u/u ::1/128 Aspecificinterfacecanbeshown,providinggreaterdetail,usingtheshow interfaces <type> <name>command.
1http://vyos.net
12
vyos@vyos:~$ show interfaces ethernet eth0 eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:44:3b:0f brd ff:ff:ff:ff:ff:ff inet 10.16.2.15/24 brd 10.0.2.255 scope global eth0 inet6 fe80::20c:29ff:fe44:3b0f/64 scope link valid_lft forever preferred_lft forever Description: OUTSIDE RX: bytes packets errors dropped overrun mcast 274397 3064 0 0 0 0 TX: bytes packets errors dropped carrier collisions 257276 1890 0 0 0 0
Finally,theconfiguredroutescanbeshownusingtheshowiproutecommand.vyos@vyos:~$ show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF I - ISIS, B - BGP, > - selected route, * - FIB route C>* 10.0.2.0/24 is directly connected, eth0 C>* 127.0.0.0/24 is directly connected, lo C>* 172.35.100.0/24 is directly connected, eth1 S>* 192.68.100.0/24 [1/0] via 172.35.100.2, eth1
pfSense
Behindeachrouter(ontheLANside)withintheBetaPortenvironmentapfSense2firewallhasbeeninstalled.pfSenseisanopensourcefirewall/routercomputersoftwaredistributionbasedonFreeBSDUnix.pfSensecanbeconfiguredandoperatedthroughaweb-basedinterface,andrequiresnoknowledgeoftheunderlyingFreeBSDsystemtomanage.
ToaccessapfSensefirewall,typetheIPaddressoftheLAN-facingnetworkadapterintotheaddressbarofyourWebbrowser.Afterloggingin,thefirewall’smenu-drivenGUIinterfaceisdisplayed.Aportionofthefirewall’shomescreenisshownbelow.ThepfSensenavigationmenuislocatedatthetop,providingreadyaccesstoallofthefirewall’sfunctionality.
Belowthemenubar,adashboardcontainingtwopanesisdisplayed,givingahigh-leveloverviewofthefirewall’sstatus,includingsysteminformationandalistoftheactiveinterfaces.
2https://www.pfsense.org/
13
AmongthemostimportantfeaturesofthepfSensefirewallfornetworkadministratorsaretheabilitytomonitornetworkactivityby“sniffing”networktrafficandtrackingtheactivityofthemostactivenetworkhosts.
pfSenseprovidesapacket-captureutilitysimilartothetcpdumpcommand,describedearlier.Toactivatethisutility,selectDiagnostics->PacketCapturefromthemenu.
Finally,thepfToputilitycanbeusedtomonitornetworktrafficandconnectionsinrealtime.YoucanaccesspfTopviatheGUImenu,atDiagnostics->pfTop.
FormoreinformationoncapturingpacketsandmonitoringnetworktrafficusingpfSense,seethepfSensePacketCapturesdocument.
Asitsnameimplies,thepfSensefirewallalsoprovidestheabilitytocontrolwhatkindsoftrafficareallowedtotraversethenetwork.Fine-grainedrulescanbesetup,basedonprotocol,sourceanddestinationnetworkaddressesandports,amongothercriteria.Thescreenshotbelowshowsa
14
firewallconfiguredtoallowallIPv4andIPv6topassthroughthefirewallinboth(inboundandoutbound)directions.
FirewallrulesaremanagedatFirewall->Rules.FormoreinformationonconfiguringfirewallrulesinpfSense,seethepfSenseFirewallRuleBasicssectionbelow.
pfSenseFirewallRuleBasicsFirewallrulescontrolwhattrafficisallowedtoenteraninterfaceonthefirewall.Oncetrafficispassedontheinterfaceitentersanentryinthestatetableiscreated.Astatetableentryallowsthroughsubsequentpacketsthatarepartofthatconnection.
FirewallrulesonInterfaceandGrouptabsprocesstrafficintheInbounddirectionandareprocessedfromthetopdown,stoppingatthefirstmatch.Wherenouser-configuredfirewallrulesmatch,trafficisdenied.Onlywhatisexplicitlyallowedviafirewallruleswillbepassed.
FirewallrulesaremanagedatFirewall->Rules.Multiplerulesmaybeselectedforsomeactionsbyclickingontheirroworcheckingtheboxatthestartoftheirrow.Rulesmaybedeletedorreorderedinbulkinthisway.
OntheFirewallRulespage,thereisatabforeachinterface,plusatabforeachactiveVPNtype(IPsec,OpenVPN,PPTP),andatabforFloatingRules,whichcontainsmoreadvancedrulesthatapplytomultipleinterfacesanddirections.
Wheneditingarulemanyoftheoptionsareexplainedindetailontheruleeditorscreen.Bemindfulofthedefaultsettingsontheruleeditor,especiallytheprotocol.NewrulesdefaulttoTCPonly.
Whenenteringaddressesintofirewallrules,thefollowingchoicesaregivenforthesourceanddestinationaddresses.Someoftheseoptionsonlyappearinspecificfieldsorcircumstances,orifcertainfeaturesareenabled.
15
any-0.0.0.0to255.255.255.255,orallIPv6addressesSinglehostoralias-SelectthisandenteroneIPaddress(1.2.3.4,aa:bb:cc:dd::1)ortypethenameofanAliasthathasalreadybeenconfigured(Firewall>Aliases)Network-Selectthisandenteranetworkandmask(10.99.0.0/16,aa:bb:cc:dd::0/64)LANnet-ThesubnetconfiguredontheLANinterfaceunderInterfaces>LAN.OnpfSense2.2+,thisalsoincludesstaticroutenetworksonthatinterface.LANaddress-TheIPaddressconfiguredontheLANinterfaceunderInterfaces>LANzzzNet/zzzaddress-WorksthesameasLANabovebutforotherinterfaces(WAN,OPT1,OPT2,etc.)PPTPclients-AutomaticallylocateandusetheaddressesofPPTPclientsL2TPclients-AutomaticallylocateandusetheaddressesofL2TPclientsThisFirewall(self)-AnyIPaddressassignedtoanyinterfaceonthisfirewall(pfSense2.2+)
ThesemacrosarehandybecausetheyallowgenericrulestobecreatedthatrefertoLANoraspecificinterface.IfthatinterfaceIPaddressorsubnetchangesinthefuture,theruleswillberebuiltcorrectlyandtheywillnotneedmanuallyadjusted.
pfSensePacketCaptures
WebGUIPacketCaptures
ApacketcapturemaybeperformedwithinthepfSenseGUIinterfaceunderDiagnostics>PacketCapture.Thesettingsworkthesameastcpdump.ThecapturecanbeviewedintheGUIordownloadedforlaterviewingwithtcpdumporWireshark.
Variousfiltersmaybeaddedtorestrictthescopeofthecapture,suchasaspecificProtocol,Hostaddress,orPort(amongothers).Thesizeofthecapturemaybeadjustedaswell.Oftenafewthousandpacketsarenecessarytocatchcertainactivity.
TheLevelofdetailselectoronlycontrolsthelevelofdetaildisplayedinthepfSenseGUIforviewingthecontentsofacapture.Itmaybeadjustedafteracapturehasbeentaken,toviewthecapturewithmoredetail,adjustthisvalueandclickViewCapture.
ClickStarttostartacapture.Whileacaptureisrunning,aStopbuttonisalsodisplayedtostopacaptureinprogress.
ViewCaptureshowsthecontentsofthepreviouscapture.
DownloadCaptureinitiatesadownloadofthecapturefileforviewinglocally(orsendingtoaremotetechnician.)
tcpdump
tcpdumpalsocomesinstalledwithpfSense.ItcanbeusedoverSSHorontheconsoleinashell.InthisexampleamethodofcapturingtrafficotherthanSSH,ARP,DNSandSTPishighlighted.ThecapturewillbedirectedtoafilecalledSniff_outputinthecurrentdirectory.
16
$ tcpdump -i em0 not port 22 and not port 53 and not arp and not stp >> Sniff_output
The-iisdesignatingtrafficfromtheem0interface.Inthisexampletrafficfromoneofthesubnetsem0connectedtopfSenseisbeinggrabbed.
pftop
pftopisatoolbuiltintopfSensethatcanmonitortraffic/connections.ThistoolcanbefoundintheGUIunderDiagnostics>pftoporbyconnectingtopfSenseviaSSHortheconsole.
NetworkAdminTools/Skills
Generalusetools/conceptsLogginginwithSSHsudocat, head, tail, lessgrep, grep -vsortdups -efnetstat -atunemacsUsingpipeswithabovecommands
Specifictools&applicationspasswd(Tochangeuserpasswords)adduser(Tosetupuseraccounts)mount(Filesystemsattachedlayoutofsystem)who(whoisloggedin)htop(alternativetotopwithabetterlayout)addgroup(creationofanewgroup)andhowtoaddedausertoagroupservice <service name> <start|stop|status> pfsense(webinterface)VyOScommandsshow interfaces
Logfiles/var/log/syslog /var/log/auth.log
17
EmailAdminFamiliarization
OverviewEmailserviceswithinBetaPortareprovidedthroughaWeb-basedemailpackage.Ofcourse,theemailpackagedoesnotworkalone.ItreliesonseveralotherpackagestoprovideWebserviceandavarietyofemailservices:
ApacheWebserver3providestheWebservicesthatSquirrelMailreliesupon.
Postfix4isamailtransferagent(MTA)packagethatprovidesemailservices,specificallytheSimpleMailTransferProtocol(SMTP).ThismeansthatPostfixhandlesincomingandoutgoingemailservices.
Dovecot5isanInternetMessageAccessProtocol(IMAP)andPostOfficeProtocol,version3(POP3)serverpackagethatallowsemailclientstoretrievemessagesfromamailserveroveraTCP/IPconnection.
Insummary,SquirrelMail6isaWebapplicationthatrunsontopoftheApacheWebservertoprovideeasyandconvenientaccesstoemailservicesprovidedbyPostfixandDovecot.
It’seasytoseeeachofthesepackagesatwork(andtoensurethattheservicesarerunningandlisteningforconnections)insupportofSquirrelMailbyrunningthenetstatcommand.Thefollowing(excerpted)exampleusesoptionsatnp,which(lefttoright)specifythatallnetworkservicesusingthetcpprotocolshouldbeshownusingnumericIPaddressesonly,alongwiththeirassociatedprocesses.NotethatmasterreferstoaPostfixprocess.
$ sudo netstat -atnpActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1017/mastertcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 880/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 880/dovecot tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 880/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 880/dovecot tcp6 0 0 :::25 :::* LISTEN 1017/master tcp6 0 0 :::993 :::* LISTEN 880/dovecot tcp6 0 0 :::995 :::* LISTEN 880/dovecot tcp6 0 0 :::110 :::* LISTEN 880/dovecot tcp6 0 0 :::143 :::* LISTEN 880/dovecot tcp6 0 0 :::80 :::* LISTEN 1143/apache2
3https://httpd.apache.org4http://www.postfix.org5http://www.dovecot.org6https://squirrelmail.org/
18
AbriefoverviewoftheconfigurationandlayoutofSquirrelMailandeachofthepackagesthatsupportsitwillbeprovidedinthesectionsbelow.
SquirrelMailAsdescribedabove,SquirrelMailisawebmailpackage,specificallyaWebapplicationthatrunsonApacheWebservers.Assuch,SquirrelMailissimplyacollectionofserver-sidescriptsandtext-basedconfigurationfiles.
StartingandStopping
SinceSquirrelMailisanapplication,ratherthanaservice,thereisn’taspecificcommandavailabletostartand/orstopit.Itis,however,possibletodisableandlaterre-enableaSquirrelMailWebsiteusingacoupleofApachecommands:
TotemporarilydisableSquirrelMail:
$ sudo a2dissite squirrelmailSite squirrelmail disabled.
Toactivatethenewconfiguration,youneedtorun:
$ sudo service apache2 reload * Reloading web server apache2
Tore-enableSquirrelMail:
$ sudo a2ensite squirrelmailSite squirrelmail disabled.
Toactivatethenewconfiguration,youneedtorun:
$ sudo service apache2 reload * Reloading web server apache2
Importantnote:SincethisprocessrequiresreloadingtheentireWebserver,itisextremelyimportanttocoordinatethisactivityaheadoftimewithyourWebAdministratorandHelpDesk!
ConfigurationandLayout
Asawebmailapplication,SquirrelMailhasthreedifferenttypesofconfigurationfiles:1)Generalconfigurationsettingswhichaffectthebehavioroftheentireapplication,2)Individualuserconfigurationsettings,whichaffecttheapplication’sbehavioronanindividualuserbasis,and3)ApacheWebserverconfigurationsettings,whichgoverntheapplication’sbehaviorasaWebservice.Thefirsttwotypesofconfigurationwillbediscussedhere,andtheApacheconfigurationwillbediscussedintheApachesectionthatfollows.
OnUbuntuservers,generalconfigurationsettingsarecontainedinseveralfileslocatedinthe/etc/squirrelmaildirectory.Themostimportantofthesefilesisconfig.pl,whichisactuallyaperllanguagescriptthatprovidesasimplemenu-drivenapplicationforsettingandsavingconfigurationsettings.
19
Theconfigurationsettingsforindividualusersarestoredinper-userfilesinthedirectory/var/lib/squirrelmail/data/withtheextension.pref.Addressbookdataforindividualusersisalsostoredinthisdirectory,infileswiththeextension.abook.
Creatingandmanaginguseraccounts
SquirrelMailuseraccountsareactuallycreatedandmanagedasnormaluseraccountsontheemailserveritself.Therefore,thecommandstoadd,modifyandremoveemailaccountsarethesameasthosetoadd,modifyandremovesystemaccounts.UserManagementCommandsintheSupportingDocumentssectionfordetailsonhowtousethesecommands.
ApacheSinceconfigurationandmanagementofApacheWebserveristheresponsibilityoftheWebAdministrator,thediscussioninthissectionwillbelimitedtothoseaspectsthatdirectlyaffecttheSquirrelMailapplication.FormoreinformationonApache,seetheWebAdminFamiliarizationactivity.
StartingandStopping
Asdiscussedintheprevioussection,enablingordisablingtheSquirrelMailapplicationalsorequiresthattheApacheWebserverberestartedorreloaded.ThecommandforreloadingApacheisshownagainhereforyourconvenience:
$ sudo service apache2 reload * Reloading web server apache2
Importantnote:Onceagain,itisextremelyimportanttocoordinatethisactivitywithyourorganization’sWebAdministratorandHelpDeskpersonnel,asrestartingtheserverisverylikelytoaffectseveralotherimportantservices.
ConfigurationandLayout
LikeallApacheWebsitesandapplicationsonUbuntu,configurationdatafortheSquirrelMailapplicationisstoredinadirectorynamed/etc/apache2/sites-available.Bydefault,SquirrelMail’sconfigurationisstoredinafilenamedsquirrelmail.conf.Amongthemostimportantsettingsisthedocumentroot,bydefault,/usr/share/squirrelmail/.AlltheSquirrelMailserver-sidescriptsthatcontroltheapplication’sbehaviorarestoredinthisdirectory.Othersettingsincludedirectoryindexsettingsandaccessrestrictions.
20
PostfixPostfixisamailtransferagent(MTA)thatroutesanddeliverselectronicmail.Thus,itisthesoftwareresponsibleforreceivingemailmessagesforSquirrelMailusersfromotherserversandforroutingthemessagestheysendtothedestinationemailservers.
StartingandStopping
Dependingonitsconfiguration,aPostfixservermayactuallyhavethreeormoreprocessesrunningatanygiventime.But,regardlessofhowmanyprocessesitcomprises,thePostfixservercanbestopped,startedandrestartedusingthefollowingcommands.
$ sudo /etc/init.d/postfix stop$ sudo /etc/init.d/postfix start$ sudo /etc/init.d/postfix restart
Ratherthanstopping/startingorrestartingtheserver,itissometimespreferabletosimplyforcePostfixtoreloaditsconfiguration.Thisstepisrequiredfollowinganyconfigurationchangesandmustbedonebeforechangestakeeffect.ToforcePostfixtoreloadit’sconfiguration,usethefollowingcommand.
$ sudo service postfix reload
Configurationandlayout
OnUbuntusystems,thePostfixconfigurationfilesarelocatedinthedirectory/etc/postfix.Thetwoprimaryconfigurationfilesaremain.cfandmaster.cf.Themain.cffilestoressite-specificPostfixconfigurationparameterswhilemaster.cfdefinesthedaemonprocesses.Onceamailserverhasbeensetup,thereisveryseldomanyreasontochangeitsconfiguration.
Postfixlogmessagesarewrittento/var/log/mail.log.Reviewinglogmessagesisanimportantdutyofanyserveradministrator,aslogfilesrecordallservertransactionsandcanoftenprovideinformationthat’susefulindeterminingtherootcauseofanyunusualbehavior.Forinformationandtipsonsearchingandviewlogfiles,seeView/SearchTextFilesintheSupportingDocumentssection.
DovecotDovecotisanIMAPandPOP3serverpackagethatallowsemailclients,includingWeb-basedclientslikeSquirrelMail,toretrievemessagesfromamailserveroveraTCP/IPconnection.
StartingandStopping
LikePostfix,theDovecotservertypicallyhasseveralprocessesrunning.Allassociatedprocessescanbestopped,startedorrestartedusingthefollowingcommands.
$ sudo service dovecot stop$ sudo service dovecot start
21
$ sudo service dovecot restart
Likeanyotherserversystem,Dovecotmustberestartedafteranyconfigurationchangesbeforethosechangestakeeffect.
Configurationandlayout
OnUbuntusystems,theDovecotconfigurationfilesarelocatedinthedirectory/etc/dovecot.Themainconfigurationfileisdovecot.conf,whichrarelyrequiresanychangesfollowinginstallation.Inaddition,thedirectory/etc/dovecot/conf.dholdsnumerousotherconfigurationfiles.Again,afterasuccessfulinstallation,configurationchangesarerarely,ifever,required.
Dovecotlogmessagesarewrittentothegenerallog,prefacedwiththeservicenamedovecot,ratherthantoadedicatedlogfile.OnUbuntusystems,generallogmessagesarewrittento/var/log/syslog.Toviewallmessagesin/var/log/syslogassociatedwithDovecotservices,useacommandlikethefollowing.
$ grep dovecot /var/log/syslog
Formoreinformationandtipsonsearchingandviewlogfiles,seeView/SearchTextFilesintheSupportingDocumentssection.
EmailAdminTools/Skills
Generalusetools/conceptsLogginginwithsshsudocat, head, tail, lessgrep, grep -vsortdups -efnetstat -atunemacsUsingpipeswithabovecommands
Specifictools&applicationsApacheWebserverSquirrelMailProsodyPostfixDovecotpasswdadduser
22
Logfiles/var/log/mail.log /var/log/apache2/access.log /var/log/apache2/error.log
HelpdeskAdminTools/Skills
Generalusetools/conceptsLogginginwithsshsudocat, head, tail, lessgrep, grep -vsortdups -efnetstat -atunemacsUsingpipeswithabovecommands
Specifictools&applicationsOTRSticketingsystemwhohtopping
23
SystemAdminFamiliarization
OverviewAsystemadministrator,orsysadmin,istheindividualresponsiblefortheconfigurationandreliableoperationofcomputersystems,especiallymulti-usersystemssuchasservers.Thesystemadministrator(likeNetworkAdministrators)mustensurethatuptime,performance,resources,andsecurityofallsystemsmeettheneedsofusers.Tomeettheseresponsibilities,thesystemadministratorisresponsibleforacquiring,installingandupgradingcomputercomponentsandsoftware;providingroutineautomation;maintainingsecuritypolicies;troubleshooting;andtrainingandsupervisingsupportstaff.
Fortunately,systemadministratorshaveavarietyoftoolsandapplicationsattheirdisposaltohelpthemmeettheirmyriadresponsibilities.Inthesectionsbelow,thevariousresponsibilitiesofthepositionareorganizedintobroadcategories.Withineachcategory,you’llfindabriefdiscussionofthetoolsandapplicationsavailabletomeetasysadmin’sneeds.
ManagingSystemServicesBydefinition,serversystemstypicallyprovideoneormorenetworkservices,suchasWeb,email,chat,file,databaseandothers.Inmanycases,theresponsibilityofmanagingtheseandotherservicesmaybesplitamongsysadminsandoneormoreotherspecialtyadmins,suchasWebserver,email,ordatabaseadmins.Inthesecases,closecooperationandconstantcommunicationamongtheadminsiscriticaltoensuremaximumavailability,reliabilityandsecurityofsystemservices.
Eachserviceisprovidedthroughoneormoreserverprogramscalleddaemons,programsthatrunasbackgroundprocesses,ratherthanbeingunderthedirectcontrolofaninteractiveuser.Inmostcases,daemonsarecontrolledthroughscriptsthatuseconsistentinterfaces.
Toviewallservicesrunningonasystem,severalcommandsareavailable.Forexample,toseealistofallrunningprocesses,alongwithprocessID(PID)numbers,starttime,processnameandotherinformation,usethecommand:
$ sudo ps -ef
Alternatively,thetopandhtopcommandsprovideadynamic,real-timeviewofsystemsummaryinformationandalistofrunningtasks.Processesare,bydefault,displayedinorderbytheirconsumptionofresources(CPUandmemory),fromgreatesttoleast.ThePID,theuserassociatedwiththeprocess,andotherinformationisalsodisplayed.Todisplaythisinformationusingdefaultparameters,simplyruntoporhtop(amoreuser-friendlyversionoftop)atthecommandline.
Whilenearlyallsystemservicesareconfigured,bydefault,toautomaticallystartandstopwhenthesystemisbootedandshutdown,itisoccasionallynecessarytostart,stoporrestartarunningservice.Forexample,configurationchangesorupdatestoaservicenearlyalwaysrequirearestart.Asmentionedabove,mostdaemonsarecontrolledthroughscriptsthatusecommoninterfacesto
24
start,stoporrestarttheservice,ortoforceittoreloaditsconfiguration.Italsousuallypossibleforthesysadmintocheckaservice’sstatusinthisway.
Forexample,theApacheWebserverisoneofaverylargenumberofservicescontrolledthroughtheservicecommand.Tostart,stop,restartorreloadApache,usecommandslikethefollowing:
$ sudo service apache2 start$ sudo service apache2 stop$ sudo service apache2 restart$ sudo service apache2 reload
Youcanalsocheckaservice’scurrentstatusbyusingtheservicecommandwiththestatusargument.Forexample:
$ sudo service apache2 statusApache2 is running (pid 1583).
Formoreinformationontheseandsimilarcommands,seeSystemManagementCommandsintheSupportingDocumentssection.
ConfigurationandLayoutOnUbuntusystems,systemconfigurationsettingsforthevastmajorityofapplicationsandservicesarecontainedintextfileslocatedinatop-leveldirectorynamed/etc.Relativelysmallorsimpleapplicationssuchasupdatedb,whichautomaticallyupdatesadatabaseusedbythelocatecommand,areconfiguredthroughasinglefilein/etcwiththeextension.conf.OtherapplicationssuchasApacheWebserverandPostfixemailsystemhavetheirownsubdirectorieswithin/etccontainingmultipleconfigurationfiles.Thejobofmaintainingthesemorecomplexapplicationsusuallyfallstoaspecialistadministrator,suchasaWeboremailadmin.However,asmentionedabove,closecoordinationandcooperationbetweenthevariousadministratorsworkingonaserversystemisamust.
Inadditiontoconfigurationfiles,mostserviceshavetheirownlogfiles,wheretheyregularlyrecordavarietyofmessagesregardingroutinetransactionsand,moreimportantly,messagesrelatedtoexecutionerrorsorotherproblems.OnLinuxsystems,theselogfilesarefoundinthedirectory/var/log.Aswasthecasewithconfigurationfiles,thetypeandnumberoflogfilesfrequentlydependsonthesizeand/orcomplexityoftheapplication.Themoresimpleandcommonapplicationstypicallywritetheirlogmessagestothefile/var/log/syslog.Morecomplexservices,suchastheApacheWeborPostfixemailservershavetheirownfilesoreventheirowndirectorieswithin/var/log.Again,thejobofmaintainingthesemorecomplexapplicationsusuallyfallstoaspecialistadministratorbut,asalways,coordinationiskey.
Formoreinformationandtipsonsearchingandviewconfigurationandlogfiles,seeView/SearchTextFilesintheSupportingDocumentssection.Forinformationontextediting,seeHelpandEditorCommands,alsointheSupportingDocumentssection.
25
CreatingandmanaginguseraccountsCreatingandmanaginguseraccountsisacoreresponsibilityformanysystemadministrators.Sysadminsareregularlycalledupontocreate,modifyandremoveuseraccountsortochangeusers’passwords.Thesetasksarecarriedoutusingcommandssuchasadduser,deluserandpasswd.SeeUserManagementCommandsintheSupportingDocumentssectionfordetails.
Inaddition,sysadminsareresponsibleformanagingfileanddirectorypermissionstoensurethatonlyauthorizedusershavetheappropriateaccessrightstovieworeditfilesorexecutecommands.SeeFilePermissionManagementCommandsintheSupportingDocumentssectionforinformationonthecommandsusedtosetandmodifyfileaccesspermissions.
SystemAdminTools/Skills
Generalusetools/conceptsLogginginwithsshsudocat, head, tail, lessgrep, grep -vsortdups -efnetstat -atunemacsUsingpipeswithabovecommands
Specifictools&applicationspasswdadduser addgroupwhohtopaddgroupservice df
Logfiles/var/log/syslog /var/log/auth.log
26
ChatAdminFamiliarization
OverviewChatservices,alsocalledExtensibleMessagingandPresenceProtocol(XMPP)services,areprovidedinBetaPortthroughanOpenSourceXMPPserverpackage.Prosody7isasmall,lightweightimplementationoftheXMPPapplicationprotocolthatiseasytoconfigureandmanage.
Prosodysupportsbothclient-to-serverandserver-to-servercommunications.ThismeansthatuserswhohaveanaccountonaProsodyservercaneasilycommunicatewithuserswhohaveaccountsonotherXMPPserversjustaseasilyastheycanwithusershavingaccountsonthesameserver.Bydefault,Prosodylistensforclientconnectionsonport5222andserverconnectsonport5269.
It’seasytoconfirmthatProsodyislisteningonthecorrectportsbyrunningthenetstatcommand.Thefollowing(excerpted)exampleusesoptions-atnp,which(lefttoright)specifythatallnetworkservicesusingthetcpprotocolshouldbeshownusingnumericIPaddressesonly,alongwiththeirassociatedprocesses.Notethatlua5.1referstoaProsodyprocess.ThisisduetothefactthatProsodyiswritteninLua,anembeddedscriptinglanguagethatisoftenusedingameprogrammingbecauseofitsspeed.
$ sudo netstat -atnpActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0:5269 0.0.0.0:* LISTEN 1046/lua5.1 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 878/sshd tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN 1046/lua5.1 tcp6 0 0 :::5269 :::* LISTEN 1046/lua5.1 tcp6 0 0 :::22 :::* LISTEN 878/sshd tcp6 0 0 :::5222 :::* LISTEN 1046/lua5.1
XMPPservicessupportawidevarietyofclients.ThestandardclientforBetaPortusersisPidginInternetMessenger.FormoreinformationonPidgin,seePidginInstructionsintheSupportingDocumentssection.
StartingandStoppingWhileProsodyshouldseldomeverrequirerestarting,it’simportanttoknowhowtostop,start,restartandreloadtheservice.
TostopProsody:$ sudo service prosody stop * Stopping Prosody XMPP Server prosody [ OK ]
TostartProsody:
7https://prosody.im
27
$ sudo service prosody start * Starting Prosody XMPP Server prosody [ OK ]
TorestartProsody:$ sudo service prosody restart * Restarting Prosody XMPP Server prosody [ OK ]
ToforceProsodytoreloaditsconfiguration,suchasafteraconfigurationchange:$ sudo service prosody reload * Reloading Prosody XMPP Server prosody [ OK ]
ConfigurationandLayoutOnUbuntusystems,theProsodyconfigurationfilesarelocatedinthedirectory/etc/prosody.Theprimaryconfigurationfileisprosody.cfg.
Prosodylogmessagesarewrittentothedirectory/var/log/prosody,intotwoseparatelogfiles:prosody.logandprosody.err.Reviewinglogmessagesisanimportantdutyofanyserveradministrator,aslogfilesrecordallservertransactionsandcanoftenprovideinformationthat’susefulindeterminingtherootcauseofanyunusualbehavior.Forinformationandtipsonsearchingandviewlogfiles,seeView/SearchTextFilesintheSupportingDocumentssection.
CreatingandmanaginguseraccountsProsodyuseraccountsarecreatedandmanagedusingacommandnamedprosodyctl.Thiscommandrequiressudoprivileges,whichrestrictsitsusetothosesystemusershavingadministrativeprivileges.
TocreateanewProsodyaccountandspecifytheuser’spasswordinonecommand,useprosodyctlwiththeregistercommand,followedbythenewusername,theserver’sfully-qualifieddomainname,andthenewuser’spassword.Forexample:
$ sudo prosodyctl register ella elko.26maidenlane.net afwtl7j4
Tochangeanexistinguser’spassword,useprosodyctlwiththepasswdcommand,followedbytheuser’sjid.Thejidlooksjustlikeanemailaddress,anditconsistsoftheusername,followedby‘@’,followedbytheserver’sfullyqualifieddomainname.Forexample,tochangethepasswordforella,whoseaccountwascreatedabove,usethefollowingcommandline,afterwhichyouwillbepromptedforthenewpassword.
$ sudo prosodyctl passwd [email protected]
Finally,toremoveauseraccountfromaProsodyserver,useprosodyctlwiththedelusercommand,followedbytheuser’sjid.Forexample,toremovetheuseraccountella,createdabove,usethefollowingcommandline.
$ sudo prosodyctl deluser [email protected]
28
WebAdminFamiliarization
FamiliarizationActivity1. Itisessentialtofamiliarizeyourselfasquicklyaspossibletothewebservicesyour
companyprovides.Itisalsoessentialforyoutodevelopastrongsenseoftheavailabilityoftheseservicessothatyouarebetterpositionedtoprevent,detectandrespondtounusualactivitythatmaydisruptcompanyoperations.
2. Startbydeterminingwhichwebpagesandweb-basedservicesyourcompanyprovides.Besuretodistinguishbetweenthosethatareservingtheconsumers/publicversusthoseforinternal/companyuse.Usethefollowingspacetorecordyournotes.
3. Visiteachofthewebpagesandeachofwebpagestowhichtheyarelinked.Familiarizeyourselfwithboththeircontentandavailability.Payparticularattentiontopublicfacingwebpagesasmaintenanceoftheiravailabilityiscriticaltocompanyviability.Usethefollowingspacetorecordyournotes.
4. Determinewhichweb-basedservicesareprovidedbyyourcompany.Besuretodistinguishbetweenthosethatareservingthegeneralpublicversusthoseforinternal/companyuse.Usethefollowingspacetorecordyournotes.
5. Reviewtheweblogs(especiallytheaccessanderrorlogfiles).Familiarizeyourselfwith“normal”trafficpatterns.Remembertocommunicatewithyourwebadministratorcolleaguesandseektheirinputasyoudevelopyourownsenseof“normal”.
6. Reviewthetrainingmaterialsthathavebeenprovided.Thesematerialsincludedescriptionsofthetools/commandsusefultowebadministrators.Payparticularattentiontotools/commandsusedtoconfigureandmanagetheApache-basedwebservices.
ApacheRestartActivityOnetaskthatawebadministratormustsometimesperformisarestartofthewebserver.Beawarethatrestartingwebservicesshouldbeperformedonlywhennecessaryasittemporarilypreventsusersfromaccessingwebpagesandweb-basedservices.Theimageandviabilityofthecompanycansufferifwebpagesand/orweb-basedservicesaretakenoff-lineorotherwisemadeunavailable.
ThisactivitypresumesyouhavealreadycompletedtheFamiliarizationActivity(above).
1. NotifytheHelpDeskofyourintentiontorestartthewebserverandthereasonfordoingso.Itisessentialtodocumenttherationaleandreasonsforneedingtorestartthewebserver.
2. Logintoyourwebserverusingsshortelnetandmakesureyoursystemincludestheinit.dcommand(usuallyplacedinthe/etcdirectory).Confirmthepresenceofthefilebyissuingthefollowingcommand:
$ ls /etc/i*
3. Issuethefollowingcommand:
$ sudo /etc/init.d/apache reload
29
Iftheabovecommanddoesnotachievethedesiredoutcomethenusethemoredisruptiverestartcommand:
$ sudo /etc/init.d/apache restart
4. EnsureApacheserverhasrestartedandwebservicesrestored.Reviewtheerrorlog,confirmpublicandinternalaccessibilitytocorrespondingwebpagesandweb-basedservices.
$ cat /var/log/apache2/error.log
5. ReporttotheHelpDeskthatallwebserviceshavebeenrestored.
WebSiteAdminTools/Skills
Generalusetools/conceptsLogginginwithsshsudocat, head, tail, lessgrep, grep -vsortps -efnetstat -atunemacsUsingpipeswithabovecommands
Specifictools&applicationsApacheWebserverchownchmod
Logfiles/var/log/mail.log /var/log/apache2/access.log /var/log/apache2/error.log
30
IT Staff Job Descriptions for VCCLL
SystemAdministratorJobDescription
SummaryResponsiblefordesigning,organizing,modifying,andsupportingacompany'scomputersystems.DesignsandinstallsLANs,WANs,Internetandintranetsystems,andnetworksegments.
EssentialDutiesandResponsibilities• SupportLANs,WANs,networksegments,Internet,andintranetsystems.• Respondpromptlytohelpdeskticketsandstatusqueries.• Maintainsystemefficiency.• Troubleshootproblemsreportedbyusers.• Maintainnetworkandsystemsecurity.• Analyzeandisolateissues.• Monitorserveranddesktopsystemstoensuresecurityandavailability.• Evaluateandmodifysystem'sperformance.• Maintainnetworkserverssuchas(web,file,email,chat)servers
31
NetworkAdministratorJobDescription
SummaryResponsiblefordesigning,organizing,modifying,installing,andsupportingacompany'scomputersystems.DesignsandinstallsLANs,WANs,Internetandintranetsystems,andnetworksegments.
EssentialDutiesandResponsibilities• InstallandsupportLANs,WANs,networksegments,Internet,andintranetsystems.• Installandmaintainnetworkhardwareandsoftware.• Monitorandanalyzenetworkactivitytoensuresecurityandavailability.• Maintainintegrityofthenetwork,serverdeployment,andsecurity.• Ensurenetworkconnectivitythroughoutacompany'sLAN/WANinfrastructureisonpar
withtechnicalconsiderations.• Performnetworkaddressassignment.• Respondpromptlytohelpdeskticketsandstatusqueries.• Assignroutingprotocolsandroutingtableconfiguration.• Maintainnetworkservicessuchasgatewaysandfirewalls.
32
HelpDeskSpecialistJobDescription
SummaryResponsibleforprovidingtechnicalassistanceandsupportrelatedtocomputersystems,hardware,orsoftware.Respondstoqueries,runsdiagnosticprograms,isolatesproblem,anddeterminesandimplementssolution.
EssentialDutiesandResponsibilities• Providetechnicalassistanceandsupportforincomingqueriesandissuesrelatedto
computersystems,networks,software,andhardware.• Respondtoquerieseitherinperson,inwriting(includesemailandchat)oroverthephone.• Writetrainingmanuals.• Askquestionstodeterminenatureofreportedproblemsinsupportofquickandcorrect
resolution.• Walkcustomerthroughproblem-solvingprocess.• ActaspointofcontactforalluserstotheITdepartment.• Trackallraisedissuesandbeinthelooponeffortstoresolveevenifnotactively
coordinating(thehelpdeskshouldneverloosetouchwiththeproblemorthecustomer).• ActasITeyesandearsforproblemsaffectingmultipleusers.• RespondpromptlytostatusqueriesfromotherITareas.
33
WebmasterJobDescription
SummaryResponsibleformaintainingWebsites.Ensuressitesarefunctioningproperlyandareavailabletousers.Testsspeedofaccessandimprovesuponloadingspeed.
EssentialDutiesandResponsibilities• Maintainwebsitesforclientsandbusinesses.• Ensurethewebservers,andsupportingsoftwareareoperatingproperly.• Designwebsites.• Generateandrevisewebpages.• Examineandanalyzesitetraffic.• ConfigurewebserverssuchasApache.• Serveasthebackupserveradministratoronthewebserver.• Regulateandmanageaccessrightsofdifferentusersonwebsite.• Createandmodifyappearanceandsettingofsite.• Respondpromptlytohelpdeskticketsandstatusqueries.• Keepthehelpdeskinformedofanyandallissuesasthewebsiteistheorganizationsfaceto
theworld
34
EmailAdministratorJobDescription
SummaryResponsibleformailserveraccountmanagement,trackingmailserverusage,andbackingupandrestoringemailfiles.Installsandconfiguresnewmailservers.
EssentialDutiesandResponsibilities• Createandmaintainemailaccounts• Resetuserpasswords,asrequired• Assistwithloginandemailclientproblems• MonitorandrespondtoPostmaster(error)messages• Trackmailserverusage• Monitormailserverconnections• Trackdiskspaceusage• Monitormailserverlogs• Controlincomingandoutgoingspammailings
35
Supporting Documents
BasicConnectivityTestingTools
pingpingisoneofthebasictools.Itsendsrepeatedpackets(ICMPratherthanTCPorUDP)tothespecified<host>. $ ping [options] <host>
Thelistofavailableoptionscanbefoundusingmanpages.Themostusefuloptionis-c <count>(replace<count>withthenumberofpingstosend).Thiscanbecritical,becausepingcanalsobeusedasadenial-of-service(DOS)attackand,yes,itispossibletoDOSyourselfwithping.No,youwouldnotbethefirst.Itisimportanttounderstandthatpingonlytellsyouwhethertheserverisup,notthatanyservicesarerunning.Asanexample,ifyoupingaWebserver,youknowthehardwareandOSarerunning,butnotthattheWebserveritselfisnecessarilyrunning.
telnettelnetisaveryoldandusefultool,becauseitisverygeneric. $ telnet <host> <port>
Bydefault,thetelnetservicerunsonport23soifyouuseacommandlinelikethefollowing. $ telnet www.somehost.com
Theconnectionwillbemadeonport23,whichisthedefaultforthetelnetservice.Duetosecurityconcernsthetelnetserviceisoftendisabled.However,itisalsopossibletousethetelnetclienttoconnecttoportsotherthanthedefault.Forexample,ifyouuseacommandlinelikethisone. $ telnet www.somehost.com 80
Theconnectioninthiscasewillbemadeonport80(typicallyusedbyaWebserver)atthedestinationhost,andyoucanenterHTTPcommandstointeractwiththehost’sWebserver,ifthereisonelisteningonthatport.Inthisway,it’spossibletoshowwhethertheWebserverrunningonport80isupandrunning.Inlikefashion,thetelnetcommandcanbeusedtoconnecttootherservices,suchasSMTP,onport25.
traceroutetracerouteattemptstoshowthehopsbetweenhostsontheInternet.Itiscriticaltonotethattracerouteonlyshowstheinterfacefacingthesourcehostaspacketspassthroughrouters.$ traceroute <host>
Example:Hereisanexampleofrunningtraceroutebetweentwohosts(192.168.1.7to172.16.1.2)withasinglerouterinbetween.Thusthe192.168.1.7machineseesthefollowing.
36
$ traceroute 172.16.1.2 traceroute to 172.16.1.2 (172.16.1.2), 64 hops max, 52 byte packets 1 192.168.1.1 (192.168.1.1) 3.877 ms 0.995 ms 0.902 ms 2 172.16.1.2 (172.16.1.2) 2.631 ms 1.318 ms 1.236 ms
While,fromtheotherendofthenetworkconnection,172.16.1.2seesthefollowing. $ traceroute 192.168.1.7 traceroute to 192.168.1.7 (192.168.1.7), 64 hops max, 52 byte packets 1 172.16.1.101 (172.16.1.101) 0.552 ms 0.904 ms 1.265 ms 2 192.168.1.7 (192.168.1.7) 18.025 ms 18.673 ms 19.584 ms
Sotobuildanaccuratenetworkmapyouneedtocheckbothsidesofarouter,asisthecaseifyouarelookingforanetworkfault.Inthecaseofafault,youoftenhavetogetsomebodyontheotherendtochecktheroutesrunningbackinyourdirection.
ITHelpDeskNotes&Flowchart
CreateTicketUponticketcreation,thehelpdesktechnicianshouldemailtheuserandanyotherinterestedpartiestoinsurethateveryoneconnectedtotheissueisawareofitsstatus.
ContactHelpdeskWhenatechnicianassignedaticketdeterminesthattheissuecannotberesolved,eitherbecauseoftechnicalreasonsorbecausetheissuecannotbeduplicated,heorsheshouldimmediatelycontactthehelpdesktohelpdeterminenextstepsinaddressingtheissue.
CompleteTicketUponcompletingthehelpdeskticket,thetechnicianwhoclosesitshouldemailthehelpdesk,theuserandanyotherinterestedpartytokeepeveryoneinformed.
38
OTRSquickguide(v0.1.0_10/4/2015)OTRS8isanOpenSourceticketingsystemusedbyBetaPortcompaniestomanagetheirhelpdeskoperations.
ToLogInGoto:
http://helpdesk.[company_name].com/otrs/(yesyouneedthetrailing/)
Enteryourlogincredentials.
ToCreateCustomerUserAfterloggingin
1. Click“Admin”intheheadermenu2. Inthe“CustomerManagement”sectionclick“CustomerUser”3. Click“AddCustomerUser”buttoninleftsidebar4. Fillinthefollowingformfields.
a. Firstnameb. Lastnamec. Username(Customerwillusethistologin.)d. Emaile. CustomerID(Customer’sticketswillbemarkedwiththisID.)
5. Set“Valid”to“Valid”ifitisnotalready.6. Click“Submit”buttonatbottomofpage.
TicketsClickingthe“Tickets”headerbuttondisplaysalistofpossibleviewsandactions.Themostusefulofthesewillbethequeueorstatusview,dependingonwhichyouprefer.Bothdisplaylistsofactivetickets;queueviewseparatesthemintoseparatepagesbywhichqueuetheyarein,whilestatusdoesnot.Queueviewdefaultstothemostdetailedlistingmode,andStatusviewdefaultstothesimplestmode.ItshouldbenotedthatOTRSsystemticketscannotbedeleted,onlyclosed.
ToCreateTicket
Afterloggingin:
1. Click“Tickets”buttoninheadermenu2. Click“newemailticket”inthedropdownmenu3. Fillintheform:
a. Selectqueuefromdropdownmenub. Entercustomeruser(Thisdoeshavesomeautocomplete.)c. Entersubject
8https://www.otrs.com/otrs-free-help-desk
39
d. EntertextAllotherfieldsarenotrequired
4. Click“sendmail”buttonatbottomofpage
ToLockATicketToYourAccount
Eithercheckaticketinoneofthelistviewsorselectit,thenclickthe“Lock”button,asshownbelow.
.
TOCLOSEATICKET
Sameaslockingaticketexceptyouclickthe“Close”buttoninsteadof“Lock.”Thisbuttonislocatedinthesamerow,farthertotheright,asshownintheabovescreenshot.
40
View/SearchTextFiles
headTheheadcommanddisplaysthebeginningofafile.Theformatoftheheadcommandis:
$ head <filename>
Bydefault,youcanonlyreadthefirsttenlinesofafile.Youcanchangethenumberoflinesdisplayedbyspecifyinganumberoption.
$ head -20 <filename>
Theabovecommandwoulddisplaythefirst20linesofafilenamed<filename>.
tailThereverseofheadistail.Usingtail,youcanviewthelasttenlinesofafile.Youcanalsochangethenumberoflinesdisplayedbyspecifyinganumberoption.Thiscanbeparticularlyusefulforviewingthemostrecentlinesofalogfileforimportantsystemmessages.
$ tail -15 /var/log/auth.log
Example:
Youcanusetailtowatchlogfilesastheyarebeingupdated.Usingthe-foption,tailautomaticallyprintsnewmessagesfromanopenfiletothescreeninreal-time.Forexample,toactivelywatch/var/log/syslog,enterthefollowingatashellprompt:
$ tail -f /var/log/syslog
PressCtrl-cwhenyouarefinishedwithautomatedupdating.
catThecatcommandisaversatileutility.Itcanbeusedtoviewtext,tocreatetextfiles,andtojoinfiles.Itsnameisshortforconcatenate,whichmeanstocombinefiles.
Enteringthecatcommandfollowedbyafilenamedisplaystheentirecontentsofthefileonthescreen.Ifthefileislong,thecontentsscrolloffthescreen.Inthiscase,youmaywanttousethelesscommandinstead,describedbelow.
lesslessisaprogramthatletsyouviewtextfiles.ThisisveryhandysincemanyofthefilesusedtocontrolandconfigureLinuxarehumanreadable.
lessisinvokedbysimplytyping:
41
$ less <filename>
Controllingless
Oncestarted,lesswilldisplaythetextfileonepageatatime.YoumayusethePageUpandPageDownkeystomovethroughthetextfile.Toexitless,type"q".Herearesomecommandsthatlesswillaccept.
PageUporb Scrollbackonepage
PageDownorspace Scrollforwardonepage
G Gototheendofthetextfile
1G Gotothebeginningofthetextfile
/characters Searchforwardinthetextfileforanoccurrenceofcharacters
n Repeattheprevioussearch
h Displayacompletelistlesscommandsandoptions
q Quit
grepThegrepcommandisusefulforfindingspecificcharacterstringsinafile.Forexample,tofindeveryreferencemadetothetext"pattern"inthefile<filename>,enter:$ grep <pattern> <filename>
Eachlinein<filename>thatincludesthetext<pattern>islocatedanddisplayedonthescreen.
Thegrepcommandacceptsanumberofoptionsthatwillchangeitsbehavior.Asmallselectionoftheseisshownbelow.Formoreinformation,seethemanpageforgrep.
-v Invertthesenseofmatching,toselectnon-matchinglinesforthegivensearchcriteria.
-ANUM PrintNUMlinesoftrailingcontextaftermatchinglines.
-BNUM PrintNUMlinesofleadingcontextbeforematchinglines.
Example:
TosearchanApacheWebserver’saccesslogforentriespertainingtoaparticularclientIPaddressoraddressrange,youcanuseallorpartoftheaddressasakeywordforthesearch:$ grep 10.0.1.212 /var/log/apache2/access.log
42
sortThesortcommandisusedtosort/orderlinesintextfiles.Youcansortthedatainatextfileanddisplaytheoutputonthescreen,orredirectittoafile.
Basedonyourrequirements,sortprovidesseveralcommandlineoptionsforsortingdatainatextfile.Forexample,tosortthelinesofatextfile<filename>inreverseorder,usethe-roption:$ sort -r <filename>
Inaddition,filesmaysometimescontainduplicateentriesthatarenotimportanttothegoalsoftheuser.Tosortthelinesofatextfile<filename>whileremovingduplicatelines,usethe-u(forunique)option:$ sort -u <filename>
Finally,whensortingonnumericvalues,bestresultsareobtainedbyusingthe-noption,whichsortsbynumericvalue,ratherthanthealphabeticalorderofdigits.$ sort -n <filename>
Examples:
Itissometimesdesirabletosortthelinesofafilebasedonsomecharactersthatarenotatthebeginningofafile.Entriesinmanylogfilesarehighlystructuredsothatitispossibletospecifysortingonaspecificfield.Asanexample,/var/log/syslogrecordslogmessagesfromawidevarietyofservices,thenamesofwhicharegiveninthefifthfieldofeachlogentry.Tosortlogentriesbasedonthenameoftheservice,locatedinfield#5,youwouldusethe-koptiontospecifysortingonthisfield:$ sort -k 5 /var/log/syslog
ThesortcommandisoftenusedincombinationwithotherLinuxcommands,whicharejoinedusingapipe.Thepipetakestheoutputofacommandonitsleftandredirectsthatoutputasinputtothecommandonitsright.
Forexample,sayyouwouldliketogetasortedlistofIPaddressesthathaveconnectedtoyouremailserver’sSMTPserviceforwhichreverseDNSlookupshavefailed.(ThismayindicatethattheIPdoesnotbelongtoalegitimatemailserver.)Theseentrieswillbefoundinafilenamed/var/log/mail.logandwillcontainthetext“connectfromunknown”withtheIPaddressappearinginfield#8.Toobtainalistofthesespecificentries,sortedbyIPaddress,usethefollowingcommand.$ grep 'connect from unknown' /var/log/mail.log | sort -k 8
43
Pidgininstructions(v0.1_04/14/2015)Pidgin9istheIMclientprovidedforuseonallcomputerswithintherange.Pidginislocatedinthe“Start”menuintheInternetfolder.YoucanalsostartPidginbyenteringpidgininaterminal.
Addingcontacts IntheBuddylistwindowclickthe“Buddies”menuandselect:
NewInstantMessage-toopenachatwiththatpersonAddBuddy-toaddsomeonetoyourbuddylist
Note:Boththeseoptionswillopenawindowandaskforthenameofthecontactyouwishtoadd.AddBuddywillalsohavesomeadditionalfieldsthatmaybeleftblank.
JoiningGroup/ChatroomsNote:atpresentyoumayonlyjoinchatroomsontheserveryouraccountisregisteredto.
IntheBuddylistwindowclickthe“Buddies”menuandselect:
JoinAChat-toopenaroomAddChat-toaddaroomtoyourbuddylist
Note:Boththeseoptionswillopenawindowandaskforthenameoftheroomyouwishtoadd.Atthebottomofthewindowwillbea“RoomList”buttonthatcanbeusedtogetalistofthechatroomsonaserver.AddChatwillalsohavesomeadditionalfieldsthatmaybeleftblank.Ifyouenterthenameofagroupthatdoesnotexist,weatherbytypoordeliberately,aroomwiththegivennamewillbecreated.
9https://www.pidgin.im
44
UserManagementCommands
wwdisplaysinformationabouttheuserscurrentlyonthemachine,aswellastheirprocesses.Theheadershows,inthisorder,thecurrenttime,howlongthesystemhasbeenrunning,howmanyusersarecurrentlyloggedon,andthesystemloadaveragesforthepast1,5,and15minutes.Notethatsudoprivilegesarenotrequiredtorunthiscommand.
Example:
Toshowinformationaboutaparticularusernameonly,addtheusernameasanargument.$ w username
whoThewhocommandcanbeusedtolisttheuser’sname,terminalline,logintime,elapsedtimesinceactivityoccurredontheline,andtheprocessIDofthecommandinterpreterforeachcurrentsystemuser.
Examples:
Usewhotodisplayinformationaboutuserscurrentlyloggedin:$ whoShowthesameinformationasabove,withcolumnheadings:$ who -H
Displayallloginnamesandthenumberofuserscurrentlyloggedon:$ who –q
adduserTheaddusercommandisusedtoadduserstothesystemaccordingtocommand-lineoptionsandconfigurationinformationcontainedinthefile/etc/adduser.conf.adduseroffersafriendlierfront-endthanthelowerleveluseraddcommand.Thecommandwill,bydefault,choosepolicy-conformantuserid(UID)andgroupid(GID)values,createahomedirectorywithskeletalconfiguration,andrunacustomscript,amongotherfeatures.Whenrunningadduser,youwillbeaskedaseriesofquestions.Theprocedurewillbe:
• Assignandconfirmapasswordforthenewuser.• Enteranyadditionalinformationaboutthenewuser,knownasGECOSdata,including
name,buildingandofficenumber,telephone,etc.Thesefieldsareentirelyoptionalandcaneachbeskippedbypressing<Enter>ifyoudonotwishtoutilizethesefields.
• Finally,youwillbeaskedtoconfirmthattheinformationyouprovidedwascorrect.Press<y>tocontinue.
45
Examples:
Addingormodifyinguseraccountsrequiressudoprivileges.Youcanaddanewuserbytyping:$ sudo adduser username
Ifthenewusershouldhavetheabilitytoexecutecommandswithroot(administrative)privileges,youwillneedtogivethenewuseraccesstosudo.Youcandothisbyaddingthenewuser’susernametoaspecialgroupcalledsudo:$ sudo usermod -a -G sudo username
Userswhobelongtothegroupsudoareabletoexecuteanycommandwithrootprivileges.
deluserThedelusercommandisusedtoremoveauserfromthesystem:$ sudo deluser username
Examples:
Itisoftendesirabletoremovetheuser’shomedirectoryatthesametimethattheaccountisdeleted:$ sudo deluser --remove-home username
If,additionally,allfilesownedbytheusershouldbedeleted,includingfilesoutsidetheuser’shomedirectory,usethisoptioninstead:$ sudo deluser --remove-all-files username
addgroupTheaddgroupcommandisusedtoaddgroupstothesystem.Youcanaddanewuserbytyping:$ sudo addgroup newgroup
Example:
Useaddgrouptocreatethegroupprogrammers:$ sudo addgroup programmers
delgroupThedelgroupcommandisusedtoremoveagroupfromthesystem:$ sudo delgroup groupname
Itshouldbenotedthatsomelimitationsexistonwhichgroupscanberemoved.Forexample,theprimarygroupforanyexistingusercannotberemoved.
46
Example:
Itmaynotbedesirabletoremovegroupsthatstillhavemembers.Topreventthisfromoccurringaccidently,addthefollowingoption:$ sudo delgroup --only-if-empty groupname
passwdThepasswdcommandchangespasswordsforuseraccounts.Anormalusermayonlychangethepasswordforhis/herownaccount,whileauserwithrootprivilegesmaychangethepasswordforanyaccount.passwdalsochangesaccountinformation,suchasthefullnameoftheuser,theuser´sloginshell,orhis/herpasswordexpirydateandinterval.
Forpasswordchanges,theuserisfirstpromptedforhis/heroldpassword,ifoneispresent.Thispasswordisthenencryptedandcomparedagainstthestoredpassword.Theuserhasonlyonechancetoenterthecorrectpassword.Userswithrootprivilegesarepermittedtobypassthisstepsothatforgottenpasswordsmaybechanged.
Afterthepasswordhasbeenentered,passwordaginginformationischeckedtoseeiftheuserispermittedtochangethepasswordatthistime.Ifnot,passwdrefusestochangethepasswordandexits.
Theuseristhenpromptedtwiceforareplacementpassword.Thesecondentryiscomparedagainstthefirstandbotharerequiredtomatchinorderforthepasswordtobechanged.
Thepasswordisthentestedforcomplexity.Asageneralguideline,passwordsshouldconsistof6to8charactersincludingoneormorecharactersfromeachofthefollowingsets:
• lowercasealphabetics• digits0thru9• punctuationmarks
Examples:
Usepasswdtodisplayaccountstatusinformationforallusers.Thestatusinformationconsistsofsevenfields.Thefirstfieldistheuser´sloginname.Thesecondfieldindicateswhethertheuseraccountislocked(L),hasnopassword(NP),orhasausablepassword(P).Thethirdfieldgivesthedateofthelastpasswordchange.Thenextfourfieldsaretheminimumage,maximumage,warningperiod,andinactivityperiodforthepassword.Theseagesareexpressedindays.$ sudo passwd –a –S
Usepasswdtolocktheaccountnameduser1.Thisoptiondisablesanaccountbychangingthepasswordtoavaluethatmatchesnopossibleencryptedvalue,andbysettingtheaccountexpiryfieldto1.$ sudo passwd –l user1
47
SystemManagementCommands
psThepscommandreportsonactiveprocesses.(Aprocessisdefinedasaprograminexecution.)Thesyntaxofthiscommandisquitesimple.$ ps [options]
Bydefault(whenrunwithoutoptions),psdisplaysinformationonallprocessesbelongingtothelogged-inuser.ItdisplaystheprocessID(pid=PID),theterminalassociatedwiththeprocess(tname=TTY),thecumulatedCPUtimein[DD-]hh:mm:ssformat(time=TIME),andtheexecutablename(ucmd=CMD).Outputisunsortedbydefault.Amorecommoninvocationofthepscommand,especiallyforsystemadministrators,displaysinformationonallprocessesthatarecurrentlyrunningonthesystem.The-eoptionspecifiesthatallrunningprocessesbedisplayed,whilethe-foptionspecifiesafullformatlisting.Asshowninthisexample,optionscanbegroupedbehindasingle-character.$ ps -ef
Thepscommandprovidesasnapshotofthesystemstateatasinglemomentintime.Ifyouwanttohaverepetitiveupdatesinrealtime,usethetoporhtopcommands,describedbelow.
topThetop programprovidesadynamicreal-timeviewofarunningsystem.ItcandisplaysystemsummaryinformationaswellasalistofprocessesorthreadscurrentlybeingmanagedbytheLinuxkernel.Thetypesofsystemsummaryinformationshownandthetypes,orderandsizeofinformationdisplayedforprocessesareuserconfigurable.topisusefulforsystemadministrators,asitshowswhichusersandprocessesareconsumingthemostsystemresourcesatanygiventime.Althoughtopcantakeanumberofoptionstotailortheinformationdisplayed,runningtopwithoutanyoptionsprovidesawealthofinformationaboutarunningsystem.$ top
Example:Pressingnwhiletopisrunningallowstheusertochangethenumberofprocessesdisplayed.Thedefaultisanunlimitednumberofprocesses.
htophtopisdesignedasanalternativetothetopprogram.Itshowsafrequentlyupdatedlistoftheprocessesrunningonacomputer,normallyorderedbytheamountofCPUusage.Unliketop,htopprovidesafulllistofprocessesrunning,insteadofthetopresource-consumingprocesses.htopusescolorandprovidesvisualinformationaboutprocessor,swapandmemorystatus.Unliketop,htopprovidesmoreflexiblescrollingcapabilities.
48
It is important to use commands such as htop to monitor processes and resource utilization to be able to quickly detect unusual events or system behavior.
Example:
Runninghtopwiththe-uoption,followedbyausername,showsonlytheprocessesofagivenuser.$ htop -u bondj
It is best to take advantage of the interactive display control features of htop by using the special keys while the command is active. Start htop by simply entering the following command. $ htop
The following keys, among others, are active while using htop:
• Pressing<F1>displaysahelpscreen.Pressanykeytoreturntohtopmainscreen.• Pressing<F2>or<s>displaysthesetupmenuforcontrollingwhatisdisplayedandhow.• Pressing<Arrows>,<PgUP>,<PgDn>,<Home>,<End>keysprovidescrollingcapability.• Pressing<F5>or<t>displaysatreeviewinwhichprocessesareorganizedbyparenthood• Pressing<space>tags/untagsaprocess.• Pressing<F9>or<k>sendsakillsignaltothecurrentlytaggedprocess(es).Usecautiously!• Pressing<F10>or<q>toquithtop.
netstatnetstatisausefultoolforcheckingyournetworkconfigurationandactivity.Itisveryoftenusedtocheckactiveconnections,aswellasnetworksocketsthatarethatarewaitingforaconnection(i.e.,listening).
Examples:
Todisplayallactiveconnectionsandservices,includingTCPandUDP,usethenetstatcommandwithoptions-atun,forall,tcp,udp,withnumericaddress.$ netstat –atun Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:5269 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN tcp 0 0 10.0.1.195:22 10.0.1.54:51643 ESTABLISHED tcp 0 368 10.0.1.195:22 10.0.1.54:51646 ESTABLISHED tcp6 0 0 :::5269 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN
49
tcp6 0 0 :::25 :::* LISTEN tcp6 0 0 :::993 :::* LISTEN tcp6 0 0 :::995 :::* LISTEN tcp6 0 0 :::5222 :::* LISTEN tcp6 0 0 :::110 :::* LISTEN tcp6 0 0 :::143 :::* LISTEN tcp6 0 0 :::80 :::* LISTEN udp 0 0 10.0.1.195:123 0.0.0.0:* udp 0 0 127.0.0.1:123 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:* udp6 0 0 ::1:123 :::* udp6 0 0 :::123 :::*
TodisplayallactiveTCPconnectionsandservices,includingtheassociatedprocesses,usethenetstatcommandwithoptions-atnp,forall,tcp,withnumericaddressandprocessinformation.Notethatsudoisrequiredtodisplaytheprocessnames.$ sudo netstat –atnp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:5269 0.0.0.0:* LISTEN 1046/lua5.1 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 878/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2051/master tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2329/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 2329/dovecot tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN 1046/lua5.1 tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 2329/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 2329/dovecot tcp6 0 0 :::5269 :::* LISTEN 1046/lua5.1 tcp6 0 0 :::22 :::* LISTEN 878/sshd tcp6 0 0 :::25 :::* LISTEN 2051/master tcp6 0 0 :::993 :::* LISTEN 2329/dovecot tcp6 0 0 :::995 :::* LISTEN 2329/dovecot tcp6 0 0 :::5222 :::* LISTEN 1046/lua5.1 tcp6 0 0 :::110 :::* LISTEN 2329/dovecot tcp6 0 0 :::143 :::* LISTEN 2329/dovecot tcp6 0 0 :::80 :::* LISTEN 1710/apache2
serviceTheservicecommandisusedtoruninitializationscriptsforvariousLinuxserverprograms.Thesescriptsarenormallystoredinthe/etc/init.ddirectory.Theservicecommandcanbeusedtostart,stop,andrestarttheserverprograms.
Examples:
TostarttheProsodyXMPPchatserver:$ sudo service prosody start * Starting Prosody XMPP Server prosody [ OK ]
Tostart,stoporrestarttheApacheWebserver,usecommandslikethefollowing:
$ sudo service apache2 start$ sudo service apache2 stop$ sudo service apache2 restart
50
sshsshisaprogramthatenablessecurecommunicationsfromaclienttoahostcomputer.Youshouldgettheusualpasswordprompt(orbetoldyoucan'tlogin,ifpasswordsaredisabled)whentheconnectionismade.
Examples:
Thegeneralformforloggingintoahostisshownbelow.
$ ssh <username>@<hostname or IP address>
Usesshtoconnecttothecomputernamedlaptopasuserjoe:$ ssh joe@laptop
UsesshtoconnecttothecomputerwithIPaddress192.168.1.1asusermike:$ ssh [email protected]
51
FilePermissionManagementCommands
chmodThechmodcommandisusedtochangetheaccessrightsforafile/directory.Morespecifically,chmodchangesthefilemodebitsofeachgivenfile,whichcanbeeitherasymbolicrepresentationofchangestomake,oranoctalnumberrepresentingthebitpatternforthenewmodebits.NotethateverythinginLinuxisafile.Directoriesarefiles,filesarefilesanddevicesarefiles.Userswithsudoprivilegesareabletoaccessanyfileonthesystem.
Theformatofasymbolicmodeis[ugoa...][[+-=][perms...]...],wherepermsiseitherzeroormorelettersfromthesetrwxXst,orasingleletterfromthesetugo.Multiplesymbolicmodescanbegiven,separatedbycommas.
Acombinationofthelettersugoacontrolswhichusers’accesstothefilewillbechanged:theuserwhoownsit(u),otherusersinthefile’sgroup(g),otherusersnotinthefile’sgroup(o),orallusers(a).Ifnoneofthesearegiven,theeffectisasif(a)weregiven,butbitsthataresetintheumaskarenotaffected.
Theoperator+causestheselectedfilemodebitstobeaddedtotheexistingfilemodebitsofeachfile;-causesthemtoberemoved;and=causesthemtobeaddedandcausesunmentionedbitstoberemovedexceptthatadirectory’sunmentionedsetuserandgroupIDbitsarenotaffected.
ThelettersrwxXstselectfilemodebitsfortheaffectedusers:read(r),write(w),execute(orsearchfordirectories)(x),execute/searchonlyifthefileisadirectoryoralreadyhasexecutepermissionforsomeuser(X),setuserorgroupIDonexecution(s),restricteddeletionflagorstickybit(t).Insteadofoneormoreoftheseletters,youcanspecifyexactlyoneofthelettersugo:thepermissionsgrantedtotheuserwhoownsthefile(u),thepermissionsgrantedtootheruserswhoaremembersofthefile’sgroup(g),andthepermissionsgrantedtousersthatareinneitherofthetwoprecedingcategories(o).
Anumericmodeisfromonetofouroctaldigits(0-7),derivedbyaddingupthebitswithvalues4,2,and1.Omitteddigitsareassumedtobeleadingzeros.ThefirstdigitselectsthesetuserID(4)andsetgroupID(2)andrestricteddeletionorsticky(1)attributes.Theseconddigitselectspermissionsfortheuserwhoownsthefile:read(4),write(2),andexecute(1);thethirdselectspermissionsforotherusersinthefile’sgroup,withthesamevalues;andthefourthforotherusersnotinthefile’sgroup,withthesamevalues.
Examples:
Giventhefollowingfilesandpermissions:-rw-r--r-- 1 user user 0 Nov 19 20:13 file1 -rw-r--r-- 1 user user 0 Nov 19 20:13 file2 -rw-r--r-- 1 user user 0 Nov 19 20:13 file3 -rw-r--r-- 1 user user 0 Nov 19 20:13 file4
Usechmodtoaddownerexecute(x)bittofile1:$ chmod u+x file1
Thisiswhatthefilelistingforfile1nowlookslike: -rwxr--r-- 1 user user 0 Nov 19 20:13 file1
52
Usechmodtoaddotherwrite(w)andexecute(x)bitstofile2:$ chmod o+wx file2
Thisiswhatthefilelistingforfile2nowlookslike:
-rw-r--rwx 1 user user 0 Nov 19 20:13 file2
Usechmodtoremovegroupread(r)bitfromfile3:
$ chmod g-r file3
Thisiswhatthefilelistingforfile3nowlookslike:-rw----r-- 1 user user 0 Nov 19 20:13 file3
Usechmod,innumericmode,toaddread(4),write(2)andexecute(1)toeveryoneforfile4:$ chmod 777 file4
Thisiswhatthefilelistingforfile4nowlookslike: -rwxrwxrwx 1 user user 0 Nov 19 20:13 file4
chownThechowncommandisusedtochangethefileownerand/orgroup.
Examples:
Usechowntochangetheownerofmydirectorytoroot:$ chown root mydirectory
Youcanchangetheownerof mydirectorytorootandthegrouptostudents:
$ chown root:students mydirectory
Youcanchangetheownerof mydirectory,alongwithitsincludedfiles,toroot(Note:Greatcareshouldbeexercisedwhenapplyingchownrecursively):$ chown -hR root mydirectory
sudoThesudocommandisusedtoexecuteaprivilegedcommand(onethattypicallyrequiresbeingloggedonasroot).Youwillbepromptedforyourpasswordthefirsttimeyouusesudo.
Example:Usesudotoexecutethemountcommand,whichcanonlybeexecutedbyroot:
$ sudo mount /dev/sda3 /media/flashdrive
53
HelpandEditorCommands
manmanisusedfordisplayingmanualpages(usuallycalledmanpages).Manpagesareself-containedreferencedocumentsstoredonthehost’sharddrive.Theyareusuallyshort,butsomemanpagescanbequitelong.Ubuntu'smanpagesystemhasareferenceforeverycommand-lineprogram,andinmanycasesitistheonlysourceofinformation.Itoffersaquickreferencetotheswitchesandoptionsavailableinterminal-basedcommandsandprograms.mandisplaysmanpagesusingapagingsystem,whichdisplaystheinformationonepageatatime.
Example:Usemantodisplaythemanpagesforthepscommand:$ man ps
aproposTheaproposcommandprovidesameansofsearchingmanpagenamesanddescriptions.Eachmanualpagehasashortdescriptionavailablewithinit.apropossearchesthedescriptionsforinstancesofkeyword.Keywordisusuallyaregularexpression,asif(-r)wasused,ormaycontainwildcards(-w),ormatchtheexactkeyword(-e).Usingtheseoptions,itmaybenecessarytoquotethekeywordorescape(\)thespecialcharacterstostoptheshellfrominterpretingthem.
Options:
apropos[-e|-w|-r]keyword...
-rInterpreteachkeywordasaregularexpression.Thisisthedefaultbehavior.Eachkeywordwillbematchedagainstmanpagenamesanddescriptionsindependently.Itcanmatchanypartofeither.Matchingisnotlimitedtowordboundaries.
-wInterpreteachkeywordasapatterncontainingshellstylewildcards.Eachkeywordwillbematchedagainstthemanpagenamesandthedescriptionsindependently.If(-e,--exact)isalsoused,amatchwillonlybefoundifanexpandedkeywordmatchesanentiredescriptionorpagename.Otherwise,thekeywordisalsoallowedtomatchonwordboundariesinthedescription.
-eEachkeywordwillbeexactlymatchedagainstthepagenamesandthedescriptions.
Example:Tofindthemanpagescontainingthekeywordpsyoucouldenterthefollowingcommand:$ apropos –e ps
54
emacsemacsisoneoftheoldestandmostversatiletexteditorsavailableforLinuxandUNIX-basedsystems.Itiswellknownforitspowerfulandricheditingfeatures.emacsisalsomorethanjustatexteditor;itcanbecustomizedandextendedwithdifferent"modes"thatsupportspecializededitingfeaturesparticulartotasks(e.g.,writingJava,CorPythonprograms).Ittakestimetolearnhowbesttointeractwithemacs--bepatient.
Commandsinemacsarecontrolcharacters(e.g.,holddownthe<CTRL>keywhiletypinganothercharacter).Hereareafewofthemostcommonlyusedcommands.
HelpCommands
<CTRL>-h help-command:firstcharacterinlotsofusefulhelpcommands
<CTRL>-ht help-with-tutorial:commandtorunthetutorial
<CTRL>-ha command-apropos:promptsforastringandthensearchesforallemacscommandsthatcontainsthatstring
<CTRL>-h? help-for-help:describeshowtousethehelpfacilities
FileReading/WritingCommands
<CTRL>-x<CTRL>-f
find-file:firstpromptsforafilenameandthenloadsthatfileintoaneditorbufferofthesamename
<CTRL>-x<CTRL>-s
save-buffer:savesthebufferintotheassociatedfilename
OtherCommands
<CTRL>-x<CTRL>-c
save-buffers-kill-emacs:whenyouarefinishedediting,tosavetheeditedbutunsavedbuffersandtoreturnyoutotheUNIXprompt
<CTRL>-g keyboard-quit:ifwhiletypingacommandyoumakeamistakeandwanttostop,thisabortsacommandinprogress
<CTRL>-xu undo:undoesthelastcommandtyped,incaseyoumadeamistake
Example:Tostartemacsandopenafilenamedmyfile:
$ emacs myfile
55
FileSystemCommands
dfThedf(diskfilesystem)commanddisplaystheamountofdiskspaceavailableononeormorefilesystems.Bydefault,dfreportsthespaceavailableonallcurrentlymountedfilesystems.Diskspaceisshownin1-kilobyteblocksbydefault,whichcanbedifficulttoread.Usingthe-h(human-readable)optioncausesdftoprintsizesinhumanreadableformat(e.g.,1K,234M,2G).
Example:
Todisplayallmountedfilesystemsandtheirdiskusageinhuman-readableform:$ df -h
duThedu(diskusage)commandreportsthesizesofdirectorytrees,includingofalloftheircontentsandthesizesofindividualfiles.Thismakesitusefulfortrackingdownspacehogs,i.e.,directoriesandfilesthatconsumelargeorexcessiveamountsofspaceonaharddisk.
duiscommonlyemployedbysystemadministratorsasasupplementtoautomatedmonitoringandnotificationprogramsthathelppreventkeydirectoriesandpartitions(logicallyindependentsectionsofaharddisk)fromfillingup.Full,orevennearlyfull,directoriesandpartitionscancauseasystemtoslowdown,preventusersfromlogginginandevenresultinasystemcrash.Althoughvisuallyidentifyingheavyconsumersofdiskspacecanbepracticaliftherearerelativelyfewusersonasystem,itisclearlynotefficientforlargesystemswithhundredsorthousandsofusers.
Thebasicsyntaxisasfollows.Ofcourse,likemostLinuxcommands,duacceptsanumberofoptionsthatcanchangeitsbehavior.
Generalformat:$ du <directories and/or files>
Example:
It’sagoodideaforsystemadministratorstomonitorthesizesofusers’homedirectories,lookingoutforspacehogs.Thefollowingcommandlineshowstheoverallsizeofthe/homedirectory,alongwithitsfirst-levelsubdirectories.Inthisexampletheresultsarepipedthroughthesortcommandtodisplaythedirectoriesinreverseorderbysize,fromlargesttothesmallest.Formoreinformationonsort,seeView/SearchTextFilesintheSupportingDocumentssection.
$ sudo du --max-depth=1 /home/ | sort –rn
57
Index
addgroup,45adduser,44ApacheWebserver,19apropos,53cat,40chmod,51chown,52delgroup,45deluser,27,45df,55Dovecot,20du,55emacs,54firewallrules,14grep,41head,40htop,47less,40Linuxcheatsheet,56man,53manpages,53mount,52netstat,48networkdiagram,7networktrafficmonitoring,10OTRS,38
packetcapture,15passwd,46pfSense,12pfSensefirewall,13pftop,16Pidgin,43ping,8,35Postfix,20processID(PID),23Prosody,26prosodyctl,27ps,47service,49show interfaces,11show ip route,12sort,42SquirrelMail,18ssh,50sudo,52tail,40tcpdump,10,15telnet,35top,47traceroute,8,35useraccounts,25VyOS,11w,44who,44XMPP,26
Top Related