Linux 102 Examination Modular Training Notes Leading Edge Business Solutions This manual was written for Leading Edge Business Solutions http://www.ledge.co.za/ as part of their Linux training programme. This document is protected by copyright. This document may be redistributed under the terms of the GNU free documention licence. See the “Legal notices” section for details. 102-letter.odm, 2 March 2006 2 LPI 102 Course Notes LPIC topics LPIC topic 1.105.1 — Manage/Query kernel and kernel modules at runtime [4] 18 LPIC topic 1.105.2 — Reconfigure, build, and install a custom kernel and kernel modules [3]. . 24 LPIC topic 1.106.1 — Boot the system [3] 34 LPIC topic 1.106.2 — Change runlevels and shutdown or reboot system [3] 39 LPIC topic 1.107.2 — Manage printers and print queues [1] 43 LPIC topic 1.107.3 — Print files [1] 46 LPIC topic 1.107.4 — Install and configure local and remote printers [1] 50 LPIC topic 1.108.1 — Use and manage local system documentation [4] 55 LPIC topic 1.108.1 — Use and manage local system documentation [3] 60 LPIC topic 1.108.5 — Notify users on system-related issues [1] 63 LPIC topic 1.109.1 — Customize and use the shell environment [5] 66 LPIC topic 1.109.2 — Customize or write simple scripts [3] 72 LPIC topic 1.111.1 — Manage users and group accounts and related system files [4] 85 LPIC topic 1.111.2 — Tune the user environment and system environment variables [3] 96 LPIC topic 1.111.3 — Configure and use system log files to meet administrative and security needs [3] 100 LPIC topic 1.111.4 — Automate system administration tasks by scheduling jobs to run in the future [4] 106 LPIC topic 1.111.5 — Maintain an effective data backup strategy [3] 110 LPIC topic 1.111.6 — Maintain system time [4] 119 LPIC topic 1.112.1 — Fundamentals of TCP/IP [4] 124 LPIC topic 1.112.3 — TCP/IP configuration and troubleshooting [7] 138 LPIC topic 1.112.4 — Configure Linux as a PPP client [3] 152 LPIC topic 1.113.1 — Configure and manage inetd, xinetd, and related services [4] 160 LPIC topic 1.113.2 — Operate and perform basic configuration of sendmail [4] 167 LPIC topic 1.113.3 — Operate and perform basic configuration of Apache [4] 176 LPIC topic 1.113.4 — Properly manage the NFS, smb, and nmb daemons [4] 182 LPIC topic 1.113.5 — Setup and configure basic DNS services [4] 190 LPIC topic 1.113.7 — Set up secure shell (OpenSSH) [4] 196 LPIC topic 1.114.1 — Perform security administration tasks [4] 204 LPIC topic 1.114.2 — Setup host security [3] 221 LPIC topic 1.114.3 — Setup user level security [1] 226 Table of Contents 1 Foreword 10 1.1 About these notes 12 1.2 Revisions and bugs 12 LPI 102 Course Notes 3 1.3 Copyright notice 12 1.4 GNU Free Documentation License 12 2 Kernel modules 18 LPIC topic 1.105.1 — Manage/Query kernel and kernel modules at runtime [4] 2.1 Kernel modules 18 2.2 Module information 19 2.3 Inserting modules 19 2.4 modprobe, modules.conf and depmod 21 2.5 Unloading modules 22 2.6 Review 22 3 Rebuilding the kernel 24 LPIC topic 1.105.2 — Reconfigure, build, and install a custom kernel and kernel modules [3] 3.1 The kernel 24 3.2 Obtaining the kernel 25 3.3 Kernel patches 27 3.4 Compiling a kernel 27 3.5 Choosing options for your kernel 29 3.6 Review 30 4 Booting Linux 34 LPIC topic 1.106.1 — Boot the system [3] 4.1 Kernel boot parameters 34 4.2 LILO 36 4.3 GRUB 36 4.4 Boot messages 37 4.5 Review 37 5 Change runlevels 39 LPIC topic 1.106.2 — Change runlevels and shutdown or reboot system [3] 5.1 init and telinit 39 5.2 shutdown 40 5.3 inittab 40 5.4 Review 41 6 Print queues 43 LPIC topic 1.107.2 — Manage printers and print queues [1] 6.1 lpd, lpr, lpq and lprm 43 6.2 Troubleshooting 44 6.3 Review 45 7 Postscript 46 LPIC topic 1.107.3 — Print files [1] 7.1 What is postscript 46 7.2 mpage 47 4 LPI 102 Course Notes 7.3 Review 48 8 Printer setup 50 LPIC topic 1.107.4 — Install and configure local and remote printers [1] 8.1 lpd and printcap 50 8.2 apsfilter 52 8.3 magicfilter 53 9 Documentation 55 LPIC topic 1.108.1 — Use and manage local system documentation [4] 9.1 man pages 55 9.2 /usr/share/doc 57 9.3 Review 58 10 Internet Documentation 60 LPIC topic 1.108.1 — Use and manage local system documentation [3] 10.1 Linux documentation project 60 10.2 Mailing lists 60 10.3 Newsgroups 61 10.4 Vendor web sites 61 10.5 Third party web sites 62 10.6 Review 62 11 System Notification 63 LPIC topic 1.108.5 — Notify users on system-related issues [1] 11.1 Login Messages 63 11.1.1 /etc/issue 11.1.2 /etc/motd 11.2 Instant messaging 64 11.3 Review 64 12 Bash customisation 66 LPIC topic 1.109.1 — Customize and use the shell environment [5] 12.1 Bash profile(s) 66 12.2 Variables 67 12.3 Functions (and aliases) 68 12.4 Keyboard handling and inputrc 69 12.5 Review 70 13 Scripting 72 LPIC topic 1.109.2 — Customize or write simple scripts [3] 13.1 Introduction 72 13.2 Permissions and executables 73 13.3 Basic syntax of a shell script 73 13.4 Script communication 74 13.4.1 Positional parameters 13.4.2 Redirection review LPI 102 Course Notes 5 13.5 Quoting in bash 75 13.5.1 Full quoting ' ' 13.5.2 Partial quoting " " 13.5.3 Command substitution and backticks 13.6 Keywords and built-in commands* 77 13.7 Arithmetic expansion and evaluation 78 13.7.1 expr 13.7.2 let* 13.7.3 Arithmetic expansion using $(( )) 13.8 Control structures 79 13.8.1 test 13.8.2 &&, || 13.8.3 if then fi 13.8.4 case esac 13.8.5 The for do loop 13.8.6 while do 13.8.7 Loop control commands* 13.9 Review 83 14 Users and Groups 85 LPIC topic 1.111.1 — Manage users and group accounts and related system files [4] 14.1 Users 85 14.2 The passwd file 86 14.2.1 PAM 14.2.2 User commands 14.3 Passwords and the shadow password file 89 14.3.1 The shadow password file 14.3.2 Password commands 14.4 Groups 91 14.4.1 /etc/group 14.4.2 /etc/gshadow 14.4.3 Group commands 14.5 Review 93 15 The Environment 96 LPIC topic 1.111.2 — Tune the user environment and system environment variables [3] 15.1 /etc/skel 96 15.2 Profiles 96 15.3 Environment variables 97 15.4 Review 99 16 System logs 100 LPIC topic 1.111.3 — Configure and use system log files to meet administrative and security needs [3] 16.1 Syslog 100 16.1.1 syslogd 6 LPI 102 Course Notes 16.1.2 syslog.conf 16.2 Related tools 103 16.2.1 logger 16.2.2 tail 16.2.3 Log rotation 16.3 Review 104 17 Scheduling jobs 106 LPIC topic 1.111.4 — Automate system administration tasks by scheduling jobs to run in the future [4] 17.1 The cron daemon 106 17.1.1 Crontab 17.1.2 Cron directories 17.1.3 Permissions 17.2 at 108 17.3 Review 108 18 Backup strategy 110 LPIC topic 1.111.5 — Maintain an effective data backup strategy [3] 18.1 Backup and system recovery 110 18.1.1 Backup definitions 18.1.2 Backup policy and disaster recovery 18.1.3 Backup tools 18.1.4 Backup solutions 18.1.5 Partition and filesystem recovery tools 18.2 Review 117 19 System time 119 LPIC topic 1.111.6 — Maintain system time [4] 19.1 Setting the clock 119 19.2 Time zones 121 19.3 Network time protocol (NTP) 121 19.4 Review 122 20 TCP/IP 124 LPIC topic 1.112.1 — Fundamentals of TCP/IP [4] 20.1 IP and other animals 124 20.2 IP addressing 125 20.3 ICMP – Internet Control Message Protocol 128 20.4 TCP – Transmission Control Protocol 128 20.5 UDP – User datagram protocol 129 20.6 Client applications 129 20.6.1 ping 20.6.2 traceroute 20.6.3 DNS query tools 20.6.4 telnet LPI 102 Course Notes 7 20.6.5 whois 20.6.6 ftp 20.7 Review 136 21 TCP/IP configuration 138 LPIC topic 1.112.3 — TCP/IP configuration and troubleshooting [7] 21.1 System start up scripts 138 21.2 Configuring IP 141 21.3 Configuring name resolution 144 21.4 DHCP client 146 21.5 Network troubleshooting 147 21.5.1 netstat 21.5.2 Troubleshooting with ping 21.5.3 Troubleshooting with traceroute 21.5.4 Troubleshooting with tcpdump 21.5.5 Troubleshooting with “host” 21.6 Review 150 22 PPP client 152 LPIC topic 1.112.4 — Configure Linux as a PPP client [3] 22.1 Point to point protocol 152 22.2 pppd configuration 154 22.3 wvdial 156 22.4 ADSL and ISDN 157 22.5 Review 158 23 inetd and xinetd 160 LPIC topic 1.113.1 — Configure and manage inetd, xinetd, and related services [4] 23.1 inetd – the internet super server 160 23.2 xinetd – extended inetd 162 23.3 tcpwrappers – host based access control 163 23.4 Simple services 164 23.4.1 telnet 23.4.2 ftp – File transfer protocol 23.4.3 pop3 – Post office protocol version 3 23.5 Review 166 24 Sendmail 167 LPIC topic 1.113.2 — Operate and perform basic configuration of sendmail [4] 24.1 How Sendmail works 167 24.2 Sendmail configuration 168 24.3 Sendmail queue control 171 24.4 Troubleshooting 172 24.5 Review 174 25 Apache 176 LPIC topic 1.113.3 — Operate and perform basic configuration of Apache [4] 8 LPI 102 Course Notes 25.1 Running Apache 176 25.2 Configuration 178 25.3 Review 181 26 File servers 182 LPIC topic 1.113.4 — Properly manage the NFS, smb, and nmb daemons [4] 26.1 NFS server 182 26.2 NFS client 183 26.3 Samba server 184 26.4 Review 188 27 Caching DNS server 190 LPIC topic 1.113.5 — Setup and configure basic DNS services [4] 27.1 Name resolution in brief 190 27.2 BIND 190 27.2.1 BIND version 4 27.2.2 BIND version 8 27.2.3 Domain registration 27.2.4 Zone files* 27.3 Review 195 28 Secure shell 196 LPIC topic 1.113.7 — Set up secure shell (OpenSSH) [4] 28.1 All about SSH 196 28.1.1 Alice and Bob 28.1.2 SSH protocol 28.2 SSH server 197 28.3 SSH client 198 28.4 Review 202 29 Security administration 204 LPIC topic 1.114.1 — Perform security administration tasks [4] 29.1 Security policy 204 29.2 Password ageing 205 29.3 Setuid and setgid files 205 29.4 TCP wrappers 206 29.5 Firewalls 206 29.5.1 TCP, UDP, ICMP and IP 29.5.2 iptables 29.5.3 ipchains 29.6 Security updates 217 29.7 Socket 218 29.8 Review 219 30 Host security 221 LPIC topic 1.114.2 — Setup host security [3] 30.1 Miscellaneous security notes 221 LPI 102 Course Notes 9 30.1.1 Shadow passwords 30.1.2 Root mail 30.1.3 Syslog 30.1.4 nologin 30.2 Disabling unused services 223 30.3 Review 224 31 User limits 226 LPIC topic 1.114.3 — Setup user level security [1] 31.1 Process limits 226 31.2 More limits 227 31.3 Review 228 32 Glossary 230 33 Index 232 101 LPI 102 Course Notes Foreword 1 Foreword See the amazing new paradoxical Linux powered vacuum cleaner! It's Linux, but it sucks! (I made it up) This course material relates to the Linux Professionals Institute’s LPI 102 examination (release 2). This course is intended to provide you with the basic skills required for operating and administering Linux systems. This document is a set of training notes for the course. At every good training course the student should come away with some paper in his hand, to file in the company filing cabinet. A really excellent course will include some knowledge and practical ability in the student's head as well. We hope to achieve at least the first with these notes. The second is up to the instructor. Goal of this course This course aims to equip you with the knowledge to be able to pass the LPI 102 examination (release 2). We hope that in the course of doing this course you will acquire the skills that go with an understanding of how Linux works. Target audience This course is aimed at • People who have already written the LPIC 101 exam, as part of the LPIC Level 1 certification. • People who wish to write the LPIC 102 exam, as part of the LPIC Level 1 certification. • People who are familiar with Linux and wish to acquire more advanced skills and fill the gaps in their understanding. • People who want to run network servers on Linux. Prerequisites for taking this course People wishing to take this course will probably fit the following profile • You should have a firm understanding of Linux. Writing and passing the LPIC 101 examination or an equivalent qualification is recommended. • You are a system administrator or hold a similar technical position (or you would like a job like that). • You are interested in technical things and the fascinating little details that make your computer behave strangely. • You want to know how things work – specifically how Linux works, and be willing to spend some time finding out. • You have practical administrative experience with computer systems. • You already have some practical familiarity with using Linux. You have probably installed Linux and have used it without gaining a complete understanding of many functions. [...]... And when we say “her”, we mean “his” if the student happens to be male 121  LPI 102 Course Notes Foreword may differ from one system to the next.  Often the output shown is incomplete, and a valuable  learning experience awaits the person bold enough to retype the bold text 1.1 About these notes These notes have been written with the LPI's objectives and criteria for approved training materials in mind.   We have designed them to be modular,  so that a course following LPI ... permit. When the Document is included in an aggregate, this License does not apply to the other works in the  aggregate which are not themselves derivative works of the Document.  If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is  less than one half of the entire aggregate, the Document's Cover Texts may be placed on covers that bracket the  Document within the aggregate, or the electronic equivalent of covers if the Document is in electronic form. ... root device (rdev /boot/vmlinuz "/dev/hda7 ") • VGA video mode (vidmode /boot/vmlinuz  "788") • Read only vs. read­write root filesystem (rootflags  ) 364  LPI 102 Course Notes Booting Linux 4.2 LILO LILO  (LInux LOader) is a basic system program which boots your Linux system.  LILO loads  the Linux kernel from a floppy or a hard drive, boots the kernel and passes control of the  system to the kernel.  LILO can also boot other operating systems.  The installation of LILO is ... the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the  public.  1 Foreword LPI 102 Course Notes 15 It is requested, but not required, that you contact the authors of the Document well before redistributing any  large number of copies, to give them a chance to provide you with an updated version of the Document.  4. MODIFICATIONS  You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 ... Solutions (Pty) Ltd – see www.ledge.co.za.  We offer training courses based on this material.  The contact address for queries related to these notes is lpinotes@ledge.co.za 1.2 Revisions and bugs Gentle reader, we hope that these notes provide a wonderful learning experience for you.  In  this process we trust that you will be kind enough to point out to us the typos, stylistic faults  and gross errors in the text.   If you make changes to these notes,  or produce them in an ... Clean the source and backup your present source tree.  If the patch fails or requires some  manual intervention, having a copy of your source tree is always nice dwarf:/usr/src /linux # make clean dwarf:/usr/src /linux # cd dwarf:/usr/src # tar czf linux- 2.4.9.tar.gz linux- 2.4.9 Don't be tempted to use make backup in /usr/src /linux – this might not really do what you  want.  In particular it will destroy your configuration files 3 To patch the kernel to the next version, you install the patch something like this (assuming ... Complete the kernel and module build.  (If your kernel is compiled without modules, the last  two steps are entirely redundant, of course.)   • • dwarf:/usr/src /linux dwarf:/usr/src /linux dwarf:/usr/src /linux dwarf:/usr/src /linux dwarf:/usr/src /linux # # # # # make make make make make dep clean bzImage modules modules_install Finally   copy   the   new   image   from  arch/i386/boot/bzImage  to  /boot ...   the   entire   text   of   this   document,   being   the  master document and the sub­documents Permission is granted to copy, distribute and/or modify this document under the terms of the  GNU Free Documentation License, Version 1.2 published by the Free Software Foundation;  with the Invariant Sections being the “About these notes , the Front­Cover Texts being the  text “This manual was written for Leading Edge Business Solutions http://www.ledge.co.za/ ... "History" in the Document, create one stating the title, year, authors, and publisher of the Document as given on  its Title Page, then add an item describing the Modified Version as stated in the previous sentence.  J. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the  Document, and likewise the network locations given in the Document for previous versions it was based on.  These may be placed in the "History" section. You may omit a network location for a work that was published at ... explicit permission from the previous publisher that added the old one.  The author(s) and publisher(s) of the Document do not by this License give permission to use their names for  publicity for or to assert or imply endorsement of any Modified Version.  5. COMBINING DOCUMENTS  You may combine the Document with other documents released under this License, under the terms defined in  section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections  . Linux 102 Examination Modular Training Notes Leading Edge Business Solutions This manual was written. of their Linux training programme. This document is protected by copyright. This document may be redistributed under the terms of the GNU free documention