LINUX Admin Quick Reference.pdf

LINUX Admin Quick Reference

Jialong He

Jialong_he@bigfoot.com

http://www.bigfoot.com/~jialong_he

boot and the name is read from these files.

May change manually.

HOSTNAME=hostname.domain.com

/etc/NETWORKING

(Slackware)

NFS File Sharing

Files

/etc/fstab

/etc/sysconfig/network

(Redhat)

specify name server, DNS domain and

search order. For Examp le:

search la.asu.edu

nameserver 129.219.17.200

User Management

Files

/etc/group

/etc/passwd

/etc/shadow

file systems mounted during boot.

etc/resolv.conf

NFS server export list.

/etc/exports

auto mount master file.

/etc/auto.master

host name to IP mapping file.

/etc/hosts

User account information.

Commands

mount

host name information look up order.

Example:

order hosts, bind

multi on

mount a file system or all entries in fstab.

/etc/host.conf

/etc/bashrc

/etc/profile

$HOME/.bashrc

$HOME/.bash_profile

exportfs

export file system listed in exports

bash system wide and per user init files.

new way to specify information source.

show file systems exported

/etc/nsswitch.conf

showmount –e

hostname

/etc/networks

/etc/protocols

/etc/services

/etc/csh.cshrc

/etc/csh.login

$HOME/.cshrc

$HOME/.tcshrc

$HOME/.login

TCP/IP services and ports mapping.

tcsh system wide and per user init files.

Printer Configuration

Files

/etc/printcap

/etc/printcap.local

/etc/rpc

RPC service name to their program numbers

mapping.

/etc/skel

temp late files for new users.

Commands

netconfig

Printer capabilities data base.

default for certain commands.

/etc/default

menu driven Ethernet setup program.

LPRng configuration file.

/etc/lpd.conf

Redhat/Slackware version info (Linux kernel

version with “uname –a”)

/etc/redhat -release

/etc/slackware -version

setup PPP connection (Slackware).

pppsetup

permissions control file for the LPRng line

printer spooler

/etc/lpd.perms

setup Ethernet during boot, for example

Commands

Access control (BSD lpd).

/etc/hosts.lpd

/sbin/ifconfig eth0 ${IPADDR} broadcast

${BROADCAST} netmask ${NETMASK}

script to create an new user interactively

(slackware) or link to useradd (Redhat).

adduser

/etc/hosts.equiv

trusted hosts.

Environment variable of default printer.

PRINTER

ifconfig

create, delete, modify an new user or update

default new user information..

useradd, userdel,

usermod

/sbin/route add -net ${NETWORK} netmask

${NETMASK} eth0

/dev/lp0

parallel port.

update and create new users (batch mode).

newusers

Commands

/sbin/route add default gw ${GATEWAY} netmask

0.0.0.0 metric 1

host lookup host name or IP (similar to nslookup).

dnsdomainname show DNS domain name.

arping; arp

groupadd, groupdel,

groupmod

add, delete or modify group.

line printer control program, print queue

maintain

lpc, lpq, lprm

modify account policy (password length,

expire data etc.) or finger information (full

name, phone number etc.) change default login

shell.

chage. ch fn, chsh

Sendmail

Files

find out Ethernet address by first arping then arp.

firewall and NAT (/etc/sysconfig/ipchains on Redhat)

ipchains

gain root access during boot prompt without

password, can be used to fix some problems.

mount –w -n –o remount /

linux init=/bin/sh rw

firewall and NAT (/etc/sysconfig/iptables on Redhat)

iptables

“sendmail.cf” is the configuration file. “sendmail.mc” is

a macro file which can be used to generate “sendmail.cf”

by: m4 sendmail.mc > sendmail.cf

sendmail .cf

sendmail.mc

Redhat files in /etc/sysconfig

Configuration Files

mail aliases, must run “newaliases” after change. use

:include: to include exter nal list in a file.

Network Configuration

Files

/etc/rc.d/rc.inet1

(Slackware)

/etc/sysconfig/nework -

scripts/ifcfg -eth0 (Redhat)

aliases

keyboard map, e.g.,

KEYBOARD=”/usr/lib/kdb/keytables/us.map”

mail access control, FEATURE(access_db) should be set

in sendmail.mc. For example, in /etc/mail/access

cyberpromo.com REJECT

mydomain.com RELAY

spam@somewhere.com DISCARD

keyboard

IP address, Network mask, Default gateway

are in these files. May edit manually to

modify network parameters.

Mouse type, e.g.,

MOUSETYPE=Microsoft

XEMU3=yes

access

mouse

network settings, contains

NETWORKING=yes

makem ap hash /etc/mail/access < /etc/mail/access

/etc/mail/relay - list all host/domain accepted for relaying.

network

/etc/HOSTNAME

hostname is set by “/bin/hostname” during

Manage Modules

insmod, lsmod, modinfo,

modprobe, rmmod,

depmod

show or edit cron jobs.

domains

Commands

newaliases

crontab

unconfigure system

sys-unconfig

Manage loadable modules.

chkconfig --list

list services started at different run level.

rebuild the data base for the mail aliases file.

probe for new hardware (Redhat).

kudzu

build access database, e.g,

makemap hash access.db<access

makemap

rpm -i INSTALL a package

rpm -e UNINSTALL a package

rpm -q QUERY a package

rpm -U UPDATE a package

Miscellaneous

Files

/etc/shells

rpm

Useful Configuration Files

Files

httpd.conf

allowed login shells

save a man page as a text file and remove control

characters.

man cmd | col –b

> cmd.txt

user names NOT allowed to use ftp.

/etc/ftpusers

Apache web server configuration file.

Configure Apache 2.0 with SSL

mod_ssl

(1) when compile apache, specify –enable-ssl for configure script.

By default, ssl is not enabled. After compiling, use “httpd –l”

to list the modules. “mod_ssl” should be in them.

(2) generate private key with command:

openssl genrsa -out server.key 1024

/etc/host.allow

/etc/host.deny

Samba server (file and print for Windows).

TCP wrapper host control files.

smb.conf

LILO boot loder configuration file.

lilo.conf

/etc/sysconfig

(redhat)

contains system configuration files.

System log daemon (syslogd) configuration.

syslog.conf

SSH client and server configuration files.

floppy drive A

ssh_config

ssh d_config

/dev/fd0

/etc/inittab

/etc/init.d

system run level control file.

ld.so.conf

default dynamic library search path (run

ldconfig).

Commands

fromdos, todos

(Slackware)

dos2unix,

unix2dos

(Redhat)

(3) generate certificate request

openssl req -new -key server.key -out server.csr

mtool configuration file (access DOS file).

mtools.conf

named.conf

DNS name server (BIND).

(4) ge nerate self -signed certificate

openssl x509 -req -days 60 -in server.csr -signkey server.key -out

server.crt

kernel parameters by sysctl (Redhat).

convert text file from/to linux format.

sysctl.conf

net time server.

ntp.conf

Internet super server.

inetd.conf

verify integrity of password and group files.

pwck, grpck

(5) modify “ssl.conf” which is included in “httpd.conf”. Note,

specify “httpd –DSSL”, otherwise, commented out <IfDefine SSL>

in ssl.conf.

Extended inetd configuration.

Xinetd.conf, Xinet.d

directory

pwconv,

pwunconv,

grpconv,

grpuncov

convert to and from shadow passwords and groups.

proftpd.conf

proftpd FTP server.

network backup server.

amanda.conf

Syslog.conf

toggle shadow passwords on and off.

shadowconfig

PINE mail client system wide settings.

/etc/pine.conf

/etc/pine.conf.fixed

Each line consists of a selector and an action. A selector has two parts:

facilities and priorites, separated by a period (.),You may precede every

priority with an equation sign (``='') to specify only this single priority

and not any of the above. You may also (both is valid, too) precede the

priority with an exclamation mark (``!'') to ignore all that priorities, either

exact this one or this and any higher priority.

Example:

mail.notice /var/log/mail # log to a file

*.emerg @myhost.mydomain.org # log to remote host

quota,

edquota,

quotacheck,

quotaon,

quotaoff,

repquota,

Manage disk quota.

Rebuild Kernel

Configure Kernel Parameters

make config

make menuconfig

make xconfig

lilo -D dos

set LILO default OS (default=dos in lilo.conf)

Configuring the kernel with interactive, menu

or X window interface.

find out shared library dependencies.

ldd

list opened files.

lsof

Compile Kernel Source

make dep

make zImage

make zdisk

make zlilo

make bzImage

auth, auth -priv, cron, daemon, kern, lpr, mail, mark,

news, syslog, user, uucp, local0 – local7.

fuser filename

show processes that using the file.

facilities

ifdown

ifup

bring up/down a network interface (Redhat)

debug, info, notice, warning, err, crit, alert, emerg.

priorities

Building and installing a new kernel.

configure kernel parameters (Redhat).

Regular File:

File with full pathname beginning with “/”.

sysctl

action

list opened socked.

socklist

Compile Modules

make modules

make modules_install

Terminal and Console:

Specify a tty, same with /dev/console.

Remote Machine:

@myhost.mydomain.org

shutdown [–r|h]

now

reboot / halt computer

Building and installing modules.

nmap

scan a host for opened ports.

IPtables (Netfilter)

Command Syntax

X Window (XFree86)

Files

To set screen resolution, in “Screen” section and Subsection “Display”,

specify a mode. For example: Modes “1024x768”

-insert | -I Inserts a rule in a chain at a particular point.

Other commands:

(1) --new | -N (2) -- delete | -D (3) -- replace | -D (4) --zero | -Z

(5) –check | -C (6) delete -chain | -X (7) rename-chain | -E

iptables [-t < table >] < command > < chain > < parameters>

Save and Restore rules

/sbin/iptables-save > /etc/sysconfig/iptables

/sbin/iptables-restore < /etc/sysconfig/iptables

Parameters

--proto | -p [!] name protocol: by number or na me, including tcp,

udp, icmp or all .

--source | -s [!] addr/mask source IP address.

--destination | -d addr/mask destination IP address.

--in -interface | -i

To specify screen refresh rate, in “Monitor” section, specify vertical rate.

For example: VertRefresh 70 -120

/etc/X11/xinit/xinitrc

$HOME/.xinitrc

Firewall script sample

http://tiger.la.asu.edu/iptables_examples.htm

Build-in Table

filter

clients to run after X server started

/etc/X11/fs/config

configure X11 font path (font server).

Commands

startx

This is the default table for handling network packets. Build-

in chains are:

incoming interface name, e.g. eth0 or ppp0.

start X window system.

outgoing interface name.

--out-interface | -o

INPUT — This chain applies to packets received

via a network interface.

Xconfigurator

(Redhat)

xfree86setup

(Slackware)

xf86config

--jump | -j

jump to a particular target when matching a

rule. Standard options: ACCEPT, DROP,

QUEUE, RETURN , REJECT . May jump

to a user defined chain.

OUTPUT — This chain applies to packets sent

out via the same network interface which r eceived

the packets.

setup X server and generate XF86config.

FORWARD — This chain applies to packets

received on one network interface and sent out on

another.

match second or further fragments only.

--fragment | -f

XFreee86 auto configuration (Plug-n-Play),

generate a template named “XF86Config.new”

XFree86 -configure

Options for TCP and UDP protocol

This table used to alter packets that create a new connection.

Build-in chains:

1. PREROUTING — This chain alters packets

received via a network interface when they arrive.

2. OUTPUT — This chain alters locally -generated

packets before they are routed via a network

interface.

3. POSTROUTING — This chain alters packets

before they are sent out via a network interface.

## Masquerade everything out ppp0.

iptables -t nat -A POSTROUTING -o ppp0 -j

MASQUERADE

nat

stop X server (on some system Ctrl+Alt+ESC).

Ctrl+Alt+Del

source and/or destination port. Can specify a

range like 0:65535, use exclamation

character (!) to NOT match ports.

--sport | --sou rce -port

--dport | destination-port

F1 temporary switch to text mode, F7 switch

back to graphic mode.

Ctrl+Alt+F1

Ctrl+Alt+F7

SuperProbe

detect graphic hardware.

Options for TCP only

adjust X server origin and size.

xvidtune

xmodmap

modifying key map and mouse button map.

--syn

Match SYN packets.

server access control program for X.

xhost

Match TCP packets with specific bits set. For example, -p

tcp –tcp -flags ACK,FIN,SYN SYN will only match TCP

packets that have the SYN flag set and the ACK and FIN

flags unset.

--tcp-flags

root window parameter setting utility for X.

xsetroot

server font list displayer for X.

xlsfonts

ser preference utility for X.

xset

## Change source addresses to 1.2.3.4.

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to

1.2.3.4

Options for ICMP only

XF86Config

--icmp-type [!] type

Match specified ICMP type. Valid ICMP type can be

list by

iptables –p icmp -h

This table is used for specific types of packet alteration.

Build-in chains:

mangle

PREROUTING — This chain alters packets

received via a network interface before they are

routed.

Option for state module (-m state --state)

OUTPUT — This chain alters locally-generated

packets before they are routed via a network

interface.

ESTABLISHED

The matching packet is associated with other

packets in an established connection.

The matching packet is starting a new connection

related in some way to an existing connection.

Commands

The matching packet is either creating a new

connection or is part of a two -way connection not

previously seen.

NEW

Flush (delete) rules in the selected chain.

--flush | -F

Set default policy for a particular chain.

--policy | -P

INVALID

The matching packet cannot be tied to a known

connection.

List all rules in filter table, use [–t tablename] to

specify other tables.

--list | -L

--append | -A

A appends a rule to the end of the specified chain.

XFree86 uses a configuration file called XF86Config for its initial setup.

This file is normally located in “/etc/X11” or “/etc” directory. The

XF86Config file is composed of a number of sections which may be

present in any order. Each section has the form:

Option "OffTime" "time"

Sets the inactivity timeout for the "off" phase of DPMS mode, default 40

min.

Option "DefaultServerLayout" "layout_id"

Specify the default ServerLayout section to use. Default is the first

ServerLayout section.

EXAMPLE

Section "ServerFlags"

Option "BlankTime" "99999"

Option "StandbyTime" "99999"

Option "SuspendTime" "99999"

Option "OffTime" "99999"

EndSection

EXAMPLE

Section "InputDevice"

Identifier "Generic Keyboard"

Driver "keyboard"

Option "AutoRepeat" "500 30"

Option

"CoreKeyboard"

Section "SectionName"

SectionEntry

...

EndSection

Section "InputDevice"

Identifier

"PS2 Mouse"

The graphics boards are described in the Device sections, and the monitors

are described in the Monitor sections. They are bound toget her by a Screen

section. Keyboard and Mouse are described in InputDevice sections,

although Keyboard and Pointer are still recognized. ServerLayout section

is at the highest level and bind together the InputDevice and Screen

sections.

Driver

"mouse"

Option

"CorePointer"

Option

"Device"

"/dev/mouse"

Option

"Protocol"

"PS/2"

Option

"Emulate3Buttons" "true"

EndSection

Module Section

Load "modulename"

Load a module. The module name given should be the module's standard

name, not the module file name.

EXAMPLE

Section "Module"

A special keyword called Option may be used to provide free -form data to

various components of the server. The Option keyword takes either one or

two string arguments. The first is the option name, and the optional second

argument is the option value. All Option values must be enclosed in quotes.

File Section

FontPath "path"

Font path elements may be either absolute directory paths, or a font server

identifier

RGBPath "path"

Sets the path name for the RGB color database.

ModulePath "path"

Allows you to set up multiple directories to use for storing modules loaded

by the XFree86 server.

EXAMPLE

Section "Files"

RgbPath "/usr/X11R6/lib/X11/rgb"

FontPath "unix/:7100"

EndSection

Serverflags Section

Option "DontZap" "boolean"

Disable use Ctrl+Alt+Backspace to termin ate X server.

Option "DontZoom" "boolean"

Disable use ‘ Ctrl + Alt + Keypad + ’ and ‘ Ctrl + Alt + Keypad - ’ to switch video

mode.

Option "BlankTime" "time"

Sets the inactivity timeout for the blanking phase of the screensaver in

minutes. Default 10 min.

Option "StandbyTime" "time"

Sets the inactivity timeout for the "standby" phase of DPMS mode in

minutes. Default 20 min.

Option "SuspendTime" "time"

Sets the inactivity timeout for the "suspend" phase of DPMS mode, default

30 min.

Device Section

Specifies information about the video card used by the system. You must

have at least one Device section in your configuration file. The active device

is in ServerLayout ->Screen.

Identifier

Specify an unique name for this graphics card.

Driver

Specify the name of the driver to use for this graphics card.

EXAMPLE

Section "Device"

Identifier "ATI Mach64"

VendorName "ATI MACH64"

VideoRam 2048

EndSection

Load

"extmod"

Load

"type1"

EndSection

InputDevice Section

There are normally at least two InputDevice sections, one for Keyboard and

one for Mouse.

Identifier

Specify an unique name for this input device.

Drive r

Specify the name of the driver to use for this input device..

Option "CorePointer"

This input device is installed as the primary pointer device.

Option "CoreKeyboard"

This input device is the primary Keyboard.

Monitor Section

Monitor section describes a monitor. There must be at least one monitor

section and the active one is used in ServerLayout ->Screen.

Identifier

Specify an unique name for this monitor.

HorizSync horizsync-range

Gives the range(s) of horizontal sync frequencies of this monitor in kHz.

VertRefresh vertrefresh-range

Gives the range(s) of vertical sync frequencies of this monitor in Hz.

EXAMPLE

Section "Monitor"

Identifier "Generic Monitor "

VendorName "Monitor Vendor"

ModelName "Monitor Mo del"

HorizSync 31.5 -56.6

VertRefresh 40 -70

EndSection

Screen Section

Screen Section binds Device and Monitor sections. There must be at least

one Screen Section. The active one is in ServerLayout section.

Identifier

Specify an unique name for this Screen Section.

Device "device -id"

This specifies the Identifier of Device section to be used for this screen.

Monitor "monitor-id"

This specifies the Identifier of Monitor section to be used for this screen.

DefaultDepth depth

Default color depth, like 8, 16 or 24.

Option "Accel"

Enables XAA (X Acceleration Architecture), default is ON.

DISPLAY SUBSECTION

Each Screen section must have at least one Display Subsection which

matches the depth values in DefaultDepth.

Depth depth

This entry specifies what color depth of this Display Subsection.

Virtual xdim ydim

Specifies the virtual screen resolution to be used.

ViewPort x0 y0

Sets the upper left corner of the initial display.

Modes "mode-name" ...

Secifies the list of video modes to use. Each mode-name specified must be

in double quotes. They must correspond to those specified in the appropriate

Monitor section (including implicitly referenced built -in ESA standard

modes). mode can be switched with Ctrl+Alt+Keypad-Plus or

Ctrl+Alt+Keypad-Minus.

EXAMPLE

Section "Screen"

Identifier

An unique name for this ServerLayout Section.

Screen screen-num "screen-id" position -information

The screen-id field is mandatory, and specifies the Screen section being

referenced.

InputDevice "idev-id" "option" ...

Normally at least two are required, one for the core pointer and the other for

the primary keyboard devices.

EXAMPLE

Section "ServerLayout"

Identifier "Default Layout"

Screen "My Screen"

InputDevice "Generic Keyboard"

InputDevice "PS/2 Mouse"

EndSection

Identifier "My Screen”

Device " ATI Mach64"

Monitor " Generic Monitor"

DefaultDepth 16

SubSection "Display"

Depth 16

Modes "1024x768" "800x600" "640x480"

EndSubSection

SubSection "Display"

Depth 24

Modes "1024x768" "800x600" "640x480"

EndSubSection

EndSection

ServerLayout Section

ServerLayout section binds a Screen section and one or more InputSection

to form a complete configuration. The active ServerLayout section is

specified in ServerFlags. If not, the first ServerLayout section is active. If no

ServerLayout sections are present, the single active screen and two active

(core) input devices are selected as described in the relevant sections.

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: