Schedule
Book
- The chapters listed below are from the LINUX+ GUIDE TO LINUX CERT
- UNT Electronic Books. I have provided a link to the e-books via the UNT portal. If it doesn't work, then you will need to access the UNT Safari portal directly, then select the book that is referenced.
Additional Course Links
Start of Course - February 16, 2009
- Open Source
- Internet Services
- Basic Linux Usage
- Basic Shell Commands
- Getting Command Help
- Using SSH Terminal on your computer access your system. If you do not have a SSH terminal then you need to download puttyssh. Mac users already have a terminal program in the Utilities folder under applications, issue "ssh -l useraccount systemname" to connect to your system.
- Using the information that your instructor sent you, access your system. SSH Example
- Learn to use the bash shell (UNT Library: Chapter on Bash Shell in Learning RedHat Linux and Fedora)
- Navigate your Linux system (UNT Library: Working with Unix Files in Practical UNIX)
- learn and run shell commands ( UNT Library: Common Linux Commands)
- Learn vi (http://en.wikibooks.org/wiki/Learning_the_vi_editor and vi Editor Pocket Reference)
- You will also need a SFTP program if you plan on uploading or downloading to your system. Windows users can use WINSCP (download). Mac users can try Transmit3. (View Example)
- Learn yum, update your system ('yum update') as part of assignment 1. You will need to be changed to root for the update to work. So look up the 'su' command. If you do this correctly, you will get a long list of things to update and download. Eventually it will ask you to confirm that you want to proceed. Just follow the directions.
- Getting sendmail to send off campus
(Before you begin editing.
You can use the 'cp' command to make a copy of the file you are about to edit in case you mess the file up when editing. Just do 'cp filename filename.bak' and you have a copy that you can go back to in case of accidents.)
1. Setting up sendmail to handle the UNT mailhost (allows for sending mail off campus) # yum install sendmail-cf vi /etc/mail/sendmail.mc delete dnl from line: dnl define(`SMART_HOST',`smtp.your.provider') and change to: define(`SMART_HOST',`mailhost.unt.edu') add dnl to the line: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl save and exit make the changes # cd /etc/mail # ./make restart sendmail # /sbin/service sendmail restart 2. Setting the .forward file so that all group members get daily watch logs on system security cd /root vi .forward on each line enter the e-mail address of each group member 3. Mail a message to root as a test # mail root Subject: Test to the Group This is a test message . (return on cc)This will send an e-mail to root that should then get sent to all in the .forward file for root. If this doesn't work, then you missed or have a mistake in the steps above. Review and check your edits and try to send e-mail again.
You will now get all system e-mails includin the nightly logs. It is your responability to read these daily messages and monitor activity on your system.
- Install BlockHost in order to limit IP abuse.
Readings
Chapter 1: Is an overview of the Linux.Be sure to pay special attention to the keywords at the end of each chapter and the review questions.
Chapter 2: Covers the hardware required to support Linux.
Chapter 3: This reviews the install of Linux.
For this course, we have already installed Linux on the server, but this is an important part of Linux.
The install covered in the 2nd edition of this book is valid for Fedora before 10.
We are using Fedora Core 10 and the install process has changed a lot, but the basic process is very similar.
The additional course web links above have links to a number of good sites that review the install process.
We did a number of steps during the install to get the system to the stage where you can login.
Chapter 4: Exploring the Linux File System
Time to remote access your system and start working with the command line shell
We want to complete the following things:
February 17 - March 9, 2009
- What is the Web
- What is HTTP
- What is HTML
- What is Apache
- What is a LAMP install
- What are Firewalls and what do they do and why
Readings
Chapter 5: Filesystem ManagementBe sure to pay special attention the file permissin system and how you use the chmod command.
Chapter 6: Filesystem Admin
If you plan on taking the cert, be sure to read this chapter. We will not be using this chapter during the course.
Chapter 7: Adv Installation
If you plan on taking the cert, be sure to read this chapter. We will not be using this chapter during the course.
Chapter 8: More Bash Shell
This chapter goes beyond the basics we did earlier in the semester. The ability to pipe and redirect is essential in using the command line.
Chapter 9: System Ini and X Windows
If you plan on taking the cert, be sure to read this first half of the chapter. Be sure to review the X windows system section. We will be using the GNOME desktop.
Chapter 10: Managing Linux Processes
UNIX is a multi processing system, which allows it to run more than one process at a time. This chapter discusses how to manage and control processes. Be sure to review run levels and managing processes.
Assignment 2 - (Web / Apache Install)
Assignment 2 focuses on the following issues. Be sure to examine these issues in the book and online in order to fully understand the concepts and terms:Open firewall port 80 for Web Service
FC10 uses what is called IPTABLES to control the firewall on your server. IPTABLES is a rules file that tells the OS which ports should be open and how and who should have access to them. We will be doing the basic setup for assignment 2. IPTABLES provides a many ways to configure your server to provide protection from outside attacks. One of the best ways to protect your server is to only open ports that you are using and to control access as required. This is in addition to only running software that accesses these ports as required.
Since, we have not enabled remote desktop access yet (assignment 3), we will editing the iptables file by hand using vi or another command line editor. IPTABLES is already installed on your server as the basic install package. You will need to open up port 80 allow the apache server, that we have not started yet to talk to the outside world via this port. As discussed in the defition above, a port can be thought of as a conduit between the outside network and software running on your server. While port 80 is the default for web services, you can run a web server on any port you want to define depending on conditions you find your server operating in.
a. edit /etc/sysconfig/iptables
b. when you edit iptables, you will notcie that port 22, which is what you are using for SSH is already open.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
c. We can clone this line (look up the vi commands for copy and past) and then edit port 22 to port 80, such that you get this addiontional line in the file. If you would like to see a list of standard ports, you can cat /etc/services to view them. The line you want to add to the file iptables is:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
d. Save and quit the editor
e. The next step is to restart the iptables service, so that it reads in the new settings you have created.
# service iptables restart
f. If this work correctly, you will get the following OKs back. If you get an error message, then go back and look at the file to see if you made a mistake in the edit
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
g. You have now opened up port 80. There is way using the GUI to control these ports, but learning to work on the file directly allows you to use SSH to open a session to your server from just about anywhere (like from my iphone now) to be able to control access.
Install Apache using yum
a. First, lets check to make sure that httpd is installed.
#yum install httpdb. Most likely yum came back with the following, since it should be installed already. If it didn't then it probably asked you to install it.
Package httpd-2.2.10-2.i386 already installed and latest version
Nothing to do
Enable Apache and set to auto-start upon system reboot
a. We have two steps to enable and start the httpd service. The first is to set auto start and the second it to actually start httpd
# chkconfig --levels 235 httpd on
# service httpd start
b. the service command should have outputed
Starting httpd: [ OK ]
c. As a further check, lets look at the process table and see if https was started. You should something like this in the table out
# ps -ef
root 17960 1 0 15:14 ? 00:00:00 /usr/sbin/httpd
apache 17962 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd
apache 17963 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd
apache 17964 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd
apache 17965 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd
apache 17966 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd
apache 17967 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd
apache 17968 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd
apache 17969 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd
Just as a side note, lets look at an example of using a pipe in the command. Try # ps -ef | grep httpd
Test Web Server
a. You have now set httpd to autostart on server reset and have started the web server. It should display the default web page if you go to your server.
Using a browser, enter http://yourserverdomainname
b. if it does not, then you need to check iptables again (did you enter the right enter and did you restart it) and check httpd (did you start it).
Upload new Web Site Page
a. It is now time to upload a web site (or pages) to replace the default page just seen
b. Using whatever web authoring package you like, create a home page for your site. Please create a motif/layout that goes with the name of your system. NOTE: Apache uses index.html as the default startup web page, so make sure your first page in any new web directory is called index.html. We will talk more about how to configure httpd.conf in a bit, when we setup user web areas.
c. Uising WINSCP upload the new web content to the default web area of /var/www/html.
d. Using your browser check your new home page. Congrats! You now have a working web server.
Enable User Home Page
a. You now have a server web area. apache supports the ability to setup user web areas that reside under the user's account. This is handy in several cases. One of the main reasons is that users are then responsble for their own content and you do not have to allow user access to your web directory (/var/www/html) for security issues. Keep in mind, there are some downsides, so the choice of enabling this or not depends on your server needs. We will enable it on your server as a further use of apache.
b. The first is to edit the httpd configuration file. /etc/httpd/conf/httpd.conf is a very complex settings file. It controls everything to do with httpd startup. Before we edit it though, lets make a backup copy so if things stop working, you can copy the backup over the edited version and get back to an operational state.
# cp /etc/httpd/conf/httpd.conf httpd.conf.backup
This command will copy the file httpd.conf in the same directory named httpd.conf.backup
e. edit /etc/httpd/conf/httpd.conf
- Look for the setting for public_html (will be around line 350)
Change
UserDir disable
to
#UserDir disable
and Change
#UserDir public_html
to
UserDir public_html
f. restart httpd service
# service httpd restart
g. the service command should have outputed OK. If it didn't, then you have an error in your edit. Either try to find it or copy back the backup and start the edit again. Mistakes in editing httpd.conf are very unforgiving.
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
h. we have a number of steps now to create a user's public_html area and the open it for outside viewing. This is the more complex part of the process and any problem in this chain can cause a failure notice when you try to access the user web area.
Please watch the Creating a Public_Html movie for a step by step demo.
The basic steps are as follows:
- get to the user account you want to create the uoblic web area for.
- be working as root user.
- create a public_html directory in the user account using mkdir command.
# mkdir public_htmlIf you create this account using root, then you have to change owner so that the user can work in the directory (see demo above)# chown username:username public_html - change the security of the new directory for SELINUX
NOTE: SELINUX has its good points and its bad points. Many people just turn it off, since they believe that it adds an extra level of security on a single user server.
While in the directory you just created public_html enter the following command. This will set the directory for access for httpd, otherwise SELINUX would stop access and httpd would say that the directory is not available for access.
# chcon -R -t httpd_sys_content_t public_html
# chmod a+x .which opens up the home directory to move into the directory not see any files. Another way is to simply change the group to apache
# chgrp apache .
# chmod g+x .
which will allow apache and no other users as a group to move into the user directory. # cd public_html
vi index.html
<html>
<body>
<h1>systemname</h1>
<body>
<html>
save and exit the file editingIf you created this file under root, then you have to change owner so that the user can edit in the file in the future (see demo above)
# chown username:username index.html
http://servername.cecs.unt.edu/~youraccount
Upload User Home Page
a. It is now time to upload a web site (or pages) for the empty user home page
b. Using whatever web authoring package you like, create a home page for your user site. Be sure to put your name, photo, and a bio about yourself on the personal page. Also, be sure to provide a link on your system home page to your personal web site. NOTE: Apache uses index.html as the default startup web page, so make sure your first page in any new web directory is called index.html.
c. Uising WINSCP upload the new web content to the public_html web area.
d. Using your browser check your new home page. http://servername.cecs.unt.edu/~youraccount
e.Congrats! You now have a working web server.
March/April 2009
- Exam to be given sometime in March or April
March 10 - March 30, 2009
- What is VNC
- What is a wiki
- What is swiki
Assignment 3 - (VNC / SWiki)
Assignment 3 focuses on the following issues. Be sure to examine these issues in the book and online in order to fully understand the concepts and terms:Open firewall port 5901 for Web Service VNC and port 8080 for Swiki
Use the informaiton and steps you have learned for assignment 2 to open ports 5901 and port 8080. Be sure to restart iptables
Install vnc-server using yum
#yum install vnc-serverb. Most likely yum came back with the following:
Loaded plugins: refresh-packagekit
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package vnc-server.i386 0:4.1.3-1.fc10 set to be updated
--> Processing Dependency: librfb.so.0 for package: vnc-server
--> Running transaction check
---> Package vnc-libs.i386 0:4.1.3-1.fc10 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================================
Package Arch Version Repository Size
===================================================================================================================================
Installing:
vnc-server i386 4.1.3-1.fc10 updates 884 k
Installing for dependencies:
vnc-libs i386 4.1.3-1.fc10 updates 167 k
Transaction Summary
===================================================================================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 1.0 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): vnc-libs-4.1.3-1.fc10.i386.rpm | 167 kB 00:00
(2/2): vnc-server-4.1.3-1.fc10.i386.rpm | 884 kB 00:00
-----------------------------------------------------------------------------------------------------------------------------------
Total 69 kB/s | 1.0 MB 00:15
======================================================== Entering rpm code ========================================================
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : vnc-libs 1/2
Installing : vnc-server 2/2
======================================================== Leaving rpm code =========================================================
Installed:
vnc-server.i386 0:4.1.3-1.fc10
Dependency Installed:
vnc-libs.i386 0:4.1.3-1.fc10
Complete!
Starting and Stopping VNC Server (Only when you need it)
vncsever should only be run when you need to access the server remotely. There several reasons for this. The primary ones are 1) it isn't a secure service and 2) it takes resources away from other things.
Setting up the VNC server the first timeAfter you install the server, you need to run it the first time and edit some files to get it operational.
When you first run vncserver
# vncserver
You will get the following
You will require a password to access your desktops. Password:
Enter a strong password
Now stop the vncserver:
# vncserver -kill :1
Killing Xvnc process ID 23364
When you run vncserver for the first time, it created a directory in the home directory of the account it has been run under. If you run this under your account then vnc setting files will be saved to /home/youraccountname/.vnc
You need to edit the xstartup file and edit the last line and add one line:
#twm & /usr/bin/gnome-session &
Example of editing and controling IPTABLES using the Gnome GUI and some VNC security discussion
The vncserver is ready to start and stop as you need it.
When you need to access your server remotely using the GUI, login using ssh, then start the vncserver
# vncserver
When you are finished (best not to logout of the ssh while doing remote desktop) you then stop the vncserver
# vncserver -kill :1
In this way, the service is only operating when needed and does not present a long term security issue.
Example of VNCSERVER First Time, Starting, and Stoping
Test the VNC Server
You need to download a viewer. There are several that support VNC. Common to windows is real-vnc and to mac is chicken of the vnc
Run the client viewer software and enter the system name and view 1 (for windows this is denoted with :1 after the system name).
VNC numbers views starting at 0 = port 5900 on your system. 1 is the default = port 5901, which is the port you opened and the default on the vnc-server install
For additional security, you can always change the port on your server to another port that might not be as easy to find.
If you have everything setup right, then you will see your desktop. If not, go back up to the top and review your changes.
Swiki
For this part of the exercise there will not be many step-by-step directions provided. Be sure to read the install information comntained in the software.
Swiki is a standalone wiki that is based on squeak, which is based on the small-talk 80 language.
This is an example of an application that does not require php or apache to run.
You can download the software at http://minnow.cc.gatech.edu/swiki
Now that you have remote access to your server GUI, you can run firefox on your server and download it directly to the file system.
Once you have it downloaded and extracted, read the install steps.
The first time you run it will be using the remote GUI so that you can see the Swiki gui and configure it for port 8080 and the other elements that are required as stated in the install directions.
If all things are right and the swiki is started, you can access your server swiki remotely using your web browser.
Once you know this works when running it by hand from the GUI, you need to read the directions on how to run it "headless".
Fedora provides a file that is always read at startup to run scripts and applications. It is named /etc/rc.d/rc.local. You will want to place the swiki headless command in this file
You can test if headless runs, by running rc.local
# /etc/rc.d/rc.local
Just be sure to kill any processes that are started so that you do not have more than one swiki running
How to find and kill a processfind the process
# ps -ef | less
Look to see if you can find the process in question, for swiki we ran the command squeak..so we are looking for something line
root 3041 1 2 Feb08 ? 06:05:30 ./squeak -headless squeak.image
This tells us that the process for squeak is 3041
You can now kill that process:
# kill -9 3041
and be able to run the rc.local again for testing
once you know the swiki runs okay in rc.local, try restarting your computer remotely and testing to see if it comes up as you expect
the command to restart your server is
NOTE: you have to be root to issue this command and YOU MUST ALWAYS put -r (for restart). If you don't your server will shutdown and turn off.
# /sbin/shutdown -r now
Your computer will NOW restart. Hopefully!
March 31 - April 13, 2009
- What is MYSQL
- What is PHP
- What is Apache
- What are the ports (primary and alternate) that HTTP uses
- How does a web browser talk to the web server
- Get into your system via VNC
- Start the app -- Applications > System Tools > MYSQL Administrator
- Login into your mysql server. Since you are running it locally, you do not have to open port 3306.
- If you want to use an external mysql management like Navicat you will need to open port 3306
- You will also need to change the permission of the users to allow for outside connetions.
- NOTE: Don't allow ROOT access remotely. Setup another database account.
Assignment 4 - (MYSQL and PHP)
Assignment 4 focuses on the following issues. Be sure to examine these issues in the book and online in order to fully understand the concepts and terms:Install Mysql
The following steps will install mysql.
1. To Install Mysql (this will update and expand the default install)
# yum install mysql mysql-devel mysql-server
2. Create the system startup links for MySQL and start the MySQL server:
# chkconfig --levels 235 mysqld on
3. Start Mysql (this will generate some start up messages)
# /etc/init.d/mysqld start
4. Set the Root Password
# mysqladmin -u root password yourrootsqlpassword
5. Install mysql admin (this will allow you to admin the database via VNC)
# yum install mysql-administrator
Mysql Admin
When you are ready to access your database locally.Install PHP
This will update the current install on the system.
1. Install/Update Apache with PHP 5 Support (the following are a selection of common php moduls)
# yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel
2. Edit /etc/httpd/conf/httpd.conf
change DirectoryIndex to
DirectoryIndex index.html index.htm index.php
Add the following line under #AddType application/x-tar .tgz
AddType application/x-httpd-php .php .html
3. Configure start Apache at boot time
# chkconfig --levels 235 httpd on
4. Start Apache
# /etc/init.d/httpd restart
Test PHP
Create a php test file and view the php into page.
1. Create phptest.html file that contains the following information.
This allows us to test both html and php
<html>
<body>
html test
<hr>
<?php
echo "php test<hr>";
phpinfo();
?>
2. Upload the file into your root html directory.
3. Using your browser view the web page. You should see this.
4. You want to confirm that you have a MYSQL module installed,
otherwise talking to the database does nothing.
If you do not see mysql in the list of modules, then you missed something.
5. NOTE: In order for mysql to showup in the php install, it has to be
installed and RUNNING at the time of the php install above.
April 14 - May 4, 2009
- Take Home Exam
Assignment 5 Due - (Dynamic Web Content)
Final Exam Due
- May 9, 2009
