Professional Documents
Culture Documents
Suhail LA Lab Manual
Suhail LA Lab Manual
LAB MANUAL
Procedure:
a. grep -v "/sbin/nologin$" /etc/passwd | cut -d: -f1
ls -ld /etc/s* | wc -l
b. Select the process by the command name. This selects the processes whose executable
name is given in cmdlist. There may be a chance you won’t know the process ID and
with this command it is easier to search.
Syntax : ps -C command_name
Procedure:
DEVICE=eth0
Replace with:
DEVICE=eth0:0
IPADDR=xxx.xxx.xxx.xxx
IPADDR=172.16.0.1
DEVICE=eth0:0
IPADDR=172.16.0.1
NETMASK=255.255.0.0
NETWORK=172.16.0.0
ONBOOT=yes
NAME=eth0:0
Open file /etc/sysconfig/network-scripts/ifcfg-eth0 and make sure file does not have a
GATEWAY= entry:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
Find the entry that read as follows:
GATEWAY=your-ip
Remove or comment it out by prefixing # (hash) :
# GATEWAY=172.16.0.254
# vi /etc/sysconfig/network
GATEWAY=172.16.0.254
Save the file. Reboot the system or run the following command:
# ifup eth0:0
OR
Procedure:
To enable using pam_quality, add the following line to the password stack in the
/etc/pam.d/passwd file:
password required pam_pwquality.so retry=3
Options for the checks are specified one per line. For example, to require a password with a
minimum length of 8 characters, including all four classes of characters, add the following lines
to the /etc/security/pwquality.conf file:
minlen = 8
minclass = 4
To set a password strength-check for character sequences and same consecutive characters, add
the following lines to /etc/security/pwquality.conf:
maxsequence = 3
maxrepeat = 3
In this example, the password entered cannot contain more than 3 characters in a monotonic
sequence, such as abcd, and more than 3 identical consecutive characters, such as 1111.
Password aging is another technique used by system administrators to defend against bad
passwords within an organization. Password aging means that after a specified period (usually 90
days), the user is prompted to create a new password. The theory behind this is that if a user is
forced to change his password periodically, a cracked password is only useful to an intruder for a
limited amount of time. The downside to password aging, however, is that users are more likely
to write their passwords down.
To specify password aging under Red Hat Enterprise Linux 7, make use of the chage command.
The -M option of the chage command specifies the maximum number of days the password is
valid. For example, to set a user's password to expire in 90 days, use the following command:
chage -M 90 username
You can also use the chage command in interactive mode to modify multiple password aging and
account details. Use the following command to enter interactive mode:
chage <username>
The following is a sample interactive session using this command:
~]# chage juan
Changing the aging information for juan
Enter the new value, or press ENTER for the default
Minimum Password Age [0]: 10
Maximum Password Age [99999]: 90
Last Password Change (YYYY-MM-DD) [2006-08-18]:
Password Expiration Warning [7]:
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
Experiment 4
Objective:
Configure the following tasks:
(a) Add user accounts to your system: Joshua, alex, dax, bryan, zak, ed and manager. Assign
each user this password: 123@iMs.
(b) Add the groups to your system: sales with GID: 1000, HR with GID: 1100 and web with
GID: 1200.
(c) Add Joshua and alex to the sales group, dax and bryan to the HR group, zak and ed to the
web group and add manager to all of these groups.
(d) Login with each user & verify using id command that they are in the appropriate groups.
Procedure:
Instructions:
1. Add accounts for the following seven users to your system: joshua, alex, dax, bryan, zak, ed,
and manager. Assign each user this password: password
Since you need to add several users, a for-loop may speed things up. This can be entered on the
command line or placed in a file and run as a shell script.
for USER in joshua alex dax bryan zak ed manager
do
useradd $USER
echo password | passwd --stdin $USER
done
Note that this sets a password of password for each user.
2. Add the following groups to the system:
• sales (GID:1000)
• hr (GID: 1100)
• web (GID: 1200)
a. [root@stationX]# groupadd -g 1000 sales
b. [root@stationX]# groupadd -g 1100 hr
c. [root@stationX]# groupadd -g 1200 web
3. Add joshua and alex to the sales group, dax and bryan to the hr group. Add zak and ed to the
web group. Add manager to all of these groups. You can use usermod -G to do this:
[root@stationX]# usermod -G sales joshua
[root@stationX]# usermod -G sales alex
[root@stationX]# usermod -G hr dax
[root@stationX]# usermod -G hr bryan
[root@stationX]# usermod -G web zak
[root@stationX]# usermod -G web ed
[root@stationX]# usermod -G sales,hr,web manager
4. You can login as each user and use the id command to verify that they are in the appropriate
groups.
You can use su - user and run the id command, or simply use the username as an argument to id:
for USER in joshua alex dax bryan zak ed manager
do
id $USER
done
Experiment 5
Objective:
Use ACL to accomplish these tasks:
(a) Create groups named Admin and Web.
(b) Create users named John and Jimmy.
(c) Create a new directory named /depts/tech/. Change the permission so that root is the owner
and Admin is the group owner.
(d) Use ACL to give full permission for /depts/tech/ to the Web group.
(e) Allow John read/execute but not write permission on the /depts/tech/ directory.
(f) Allow Jimmy full permission on the /depts/tech/ directory.
Procedure:
1. Create a new directory in /depts/ called tech. Change the permissions such that root
is the owner and hr is the group. Give full access to the user and group, and no access to
anyone else. Don't forget to set the SGID bit.
a. [root@stationX]# mkdir /depts/tech/
b. [root@stationX]# chown root:hr /depts/tech/
c. [root@stationX]# chmod 2770 /depts/tech/
2. Use ACLs to give full permission for /depts/tech/ to the additional web group.
a. setfacl -m g:web:rwx /depts/tech/
3. Allow alex read/execute (but not write) permission on the /depts/tech/ directory. Set a default
ACL of read/write for alex on that directory.
a. [root@stationX]# setfacl -m u:alex:rx /depts/tech/
b. [root@stationX]# setfacl -m d:u:alex:rw /depts/tech/
4. Create some files in /depts/tech/ as several of the users and verify access. Does alex or joshua
have access to files? Does manager?
a. [root@stationX]# su - joshua
[joshua@stationX]$ touch /depts/tech/joshua
touch: cannot touch `/depts/tech/joshua': Permission denied
[joshua@stationX]$ exit
[root@stationX]# su - manager
[manager@stationX]$ touch /depts/tech/manager
[manager@stationX]$ getfacl /depts/tech/manager
... output truncated ...
[manager@stationX]$ exit
[root@stationX]# su - alex
[alex@stationX]$ touch /depts/tech/manager
[alex@stationX]$ touch /depts/tech/alex
touch: cannot touch `/depts/tech/alex': Permission denied
[alex@stationX]$ exit
Experiment 6
Objective:
You are tasked with finding all SUID & SGID files under the / directories.
Procedure:
What is SUID and SGID?
SUID is a special file permission for executable files which enables other users to run the file
with effective permissions of the file owner. Instead of the normal x which represents execute
permissions, you will see an s (to indicate SUID) special permission for the user.
SGID is a special file permission that also applies to executable files and enables other users to
inherit the effective GID of file group owner. Likewise, rather than the usual x which represents
execute permissions, you will see an s (to indicate SGID) special permission for group user.
Let’s look at how to find files which have SUID and SGID set using the find command.
The syntax is as follows:
$ find directory -perm /permissions
Certain directories (such as /etc, /bin, /sbin etc.) or files require root privileges in order to be
accessed or listed, if you are managing your system as a normal user, use the sudo command to
gain root privileges.
How to Find Files with SUID Set in Linux
This below example command will find all files with SUID set in the current directory using
-perm (print files only with permissions set to 4000) option.
$ find . -perm /4000
How to Find Files with SGID Set in Linux
To find files which have SGID set, type the following command.
$ find . -perm /2000
To find files which have both SUID and SGID set, run the command below.
$ find . -perm /6000
Experiment 7
Objective:
Configure your system that boots to run level 3 by default. Configure X server using command in
run level 3
Procedure:
Most users run X from runlevels 3 or 5. Runlevel 3 places your system in multi-user mode with
full networking capabilities. The machine will boot to a text-based login prompt with all
necessary preconfigured services started. Most servers are run in runlevel 3, as X is not
necessary to provide any services utilized by most users. Runlevel 5 is similar to 3, except that it
automatically starts X and provides a graphical login screen. Many workstation users prefer this
method, because it never forces them to see a command prompt.
The default runlevel used when your system boots can be found in the /etc/inittab file. If you
have a line in that file that looks like id:3:initdefault:, then your system will boot to runlevel
3. If you have a line that looks like id:5:initdefault:, your system is set to boot into runlevel
5. As root, change the runlevel number in this file to set a different default. Save the file and
restart your system to verify that it boots to the correct runlevel.
id:3:initdefault:
This tells the init process that the default run level for the system is run level 3. To change to a different
run level simply change the number and save the /etc/inittab file. Before doing this, however, be
absolutely sure you know which run level you want. Selecting the wrong runlevel can have serious
consequences.
Experiment 8
Objective:
Devise a ps command that does the following. (Hint: sort/ps/top)
(a) List all processes.
(b) For each process, prints the information which displays the percentage of CPU usage, the
process ID & name of the command that created it.
(c) The output is sorted by the %cpu value from highest to lowest
Procedure:
Part of automating your tasks, is learning how to get a script do what you would have to do yourself
otherwise. Continually adding commands to your own knowledge base is just as important.
Sample Output
Procedure:
Understanding special permissions using SUID, SGID and sticky bit
Sometimes files required execute permissions for users which are not the members of the
owner’s group, in that case you will be required to provide special execute permissions. When
SUID is set then user can run any program like owner of the program. SUID means set user ID
and SGID means set group ID.
SUID have a value of 4 or use u+s. SGID has value of 2 or use g+s similarly sticky bit has a
value of 1 or use +t to apply the value.
Managing SUID in Red Hat Linux
Let us have a look in passwd command program which is executable by all users, you can notice
a small ‘s’ in permission of the file, due to SUID set for the program, every user can change their
own passwd by executing that passwd file.
The red highlighted area indicate that the file is possessed with suid.
Important: The above script is for example only, do not run this script on your system at all, you
are never recommended to use SUID, it is never used in routine administration life, avoid to give
special permission using SUID. Set user id is only used in some of system files like passwd
command.
Managing SGID in Red Hat Linux
A special permission given to the user for a directory, it is a temporary permission which give
rights of group membership so that the other user can use that file like member of the owner’s
group.
Example
Create a directory named /datashare
# mdkir /datashare
Create a new user named guest1
# useradd gst1
Create a group sales
# groupadd sales
Change group ownership of /datashare to sales group
# chgrp sales /datashare
Now, add user guest1 to group sales
# usermod -G guest1,sales guest1
Create a new file in /datashare directory as user guest1
# su - guest1 -c "touch /datashare/hi.txt"
Have a look in permissions, this file belongs to group guest1
You can
see that although /tmp have read, write and execute permissions for all but sticky bit is enabled
which is represent by t so that only owner of the file can delete or rename that file.
Apply sticky bit to some new folder with full permissions to all.
# mkdir /example && chmod 777 /example
Apply sticky bit with chmod command adding +t to apply sticky bit.
# chmod +t /example
Create some file with user example1. And try to delete this file logging in with user example2,
This is clear in above example that only owner of the file can delete or rename the file.
Experiment 10
Objective:
Customize the Bash prompt as per given tasks (Hint - PS1)
(a) Display the current value of primary prompt string.
(b) Changes prompt to print a static string "ITIMS -".
(c) Restore the original prompt.
(d) Insert the bash history prompt special character "\!" between the hostname and dollar-sign.
Procedure:
Customize Bash Prompt In Linux
In BASH, we can customize and change the BASH prompt as the way you want by changing the
value of PS1 environment variable.
Now, we are going to change this prompt as per your liking by inserting some backslash-escaped
special characters called Escape Sequences.
Before going further, it is highly recommended to backup the ~/.bashrc file.
$ cp ~/.bashrc ~/.bashrc.bak
a. Display the current value of primary prompt string
echo $ps1
b. Changes prompt to print a static string "ITIMS -"
As mentioned, the BASH prompt has “username@hostname” part by default in most Linux
distributions. You can change this part to something else.
$ vi ~/.bashrc
Add the following line at the end:
PS1=" ITIMS -> "
Once added, hit the ESC key and type :wq to save and exit the file.
Run the following command to update the changes:
$ source ~/.bashrc
Procedure:
File Transfer Protocol (FTP) is one of the oldest and most commonly used protocols found on
the Internet today. Its purpose is to reliably transfer files between computer hosts on a network
without requiring the user to log directly into the remote host or have knowledge of how to use
the remote system. It allows users to access files on remote systems using a standard set of
simple commands.
The Very Secure FTP Daemon ( vsftpd) is designed from the ground up to be fast, stable, and,
most importantly, secure. Its ability to handle large numbers of connections efficiently and
securely is why vsftpd is the only stand-alone FTP distributed with Red Hat Enterprise Linux.
a. Run the rpm -q ftp command to see if the ftp package is installed. If it is not, run the yum
install ftp command as the root user to install it.
b. In Red Hat Enterprise Linux, the vsftpd package provides the Very Secure FTP daemon.
Run the rpm -q vsftpd command to see if vsftpd is installed:
~]$ rpm -q vsftpd
c. If you want an FTP server and the vsftpd package is not installed, run the following
command as the root user to install it:
~]# yum install vsftpd
d. Run the ftp localhost command as the user you are currently logged in with. When
prompted for your name, make sure your user name is displayed. If the correct user name
is displayed, press Enter, otherwise, enter the correct user name:
~] ftp localhost
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.1.0)
Name (localhost:username):
331 Please specify the password.
Password: Enter your password
500 OOPS: cannot change directory:/home/username
Login failed.
ftp>
Experiment 12
Objective:
Use rpm queries to answer the following questions.
(a) What files are in the "initscripts" package?
(b) Which installed packages have "gnome" in their names?
(c) Which RPM provides /etc/inittab?
Procedure:
What files are in the initscripts package?
[root@stationX]# rpm -ql initscripts
Which installed packages have "gnome" in their names?
[root@stationX]# rpm -qa | grep gnome
Which RPM provides /etc/inittab?
[root@stationX]# rpm -qf /etc/inittab
Experiment 13
Objective:
Prepare a cron job that take the backup of /home at 5:00pm on every Saturday
Procedure:
Linux Cron utility is an effective way to schedule a routine background job at a specific time
and/or day on an on-going basis.
0 17 * * 6 /home/user/backup.sh
(or)
0 17 * * Sat /home/user/backup.sh
● 0 – 0 Minute
● 17 – 05 PM
● * – No specific day in month
● * – No specific month in year
● 6 – Every Saturday of the week
You can either use number or the corresponding three letter acronym for the weekday as shown
below.
● 0=Sun
● 1=Mon
● 2=Tue
● 3=Wed
● 4=Thu
● 5=Fri
● 6=Sat
Note: Get into the habit of using Fri instead of 5. Please note that the number starts with 0 (not
with 1), and 0 is for Sun (not Mon).
Experiment 14
Objective:
Change your system date to 1:00pm 1 March 1990
Procedure:
Use the date command to display the current date and time or set the system date / time over ssh
session. You can also run the date command from X terminal as root user.
For example, set new data to 1 March 1990 13:00:00, type the following command as root user: