The administrator's other duties

Discussion in 'Intermediate Tutorials' started by Rob, Jul 9, 2013.

  1. Rob

    Rob Administrator Staff Member

    Messages:
    565
    Likes Received:
    171
    Trophy Points:
    43
    In this section, we'll talk about other routine tasks that you'll be required to so as a systems administrator.

    Shutting down a Linux system

    I remember the days of MS-DOS (not fondly, but I do remember them vividly). I used to use Lotus 1,2,3 spreadsheet and when I was finished, I would quit the program and return to the MS-DOS prompt. Then I would hit the 'off' button on the computer. Well, if you've looked at Linux in text mode, there may be some resemblance to MS-DOS in appearance, but that's as far as the likeness goes. Just hitting the 'off' button on a Linux system is out of the question. You could do serious damage to your file system. The problem is that in Linux you must mount the file systems found in the partitions on your hard disk. When you mount a file system, it just means that you attach the files in a particular device, like a CD or a hard disk partition, to the greater whole of your system. It's important, however to un-mount (the actual command is umount) these files systems when you're through with them. When you just press the off button, you haven't given the system a chance to un-mount these file systems and there could be problems. You can damage the file systems that haven't been properly un-mounted. It's a bit like living in a cold climate.

    When you're welcomed into a house, you take off your coat. But you should put it back on when you leave. When you mount a file system, you've welcomed it into the greater whole of the system. If you don't un-mount it, you're just shoving it out into the cold cruel world! Something that you can't control, like a power outage, may turn your machine off suddenly. Linux's most common file systems can usually recover from this quite easily. It will normally go through a long check of the hard disk and then come back fine. These are a little more forgiving after a hard shutdown, but you should never absolutely rely on everything being in one piece after this happens. The best thing is to shut the machine down as is required, with the shutdown command.

    Code:
    shutdown -h now
    is the proper way to immediately shut down a Linux system. The -h option means halt and now is pretty self-explanatory. We'll have to go into a little more detail about the options available because if you're running a network from your Linux machine, this command may not be the ideal one to use if you need to bring the machine to a halt for maintenence. Your co-workers may be accessing services or be saving critical work on the server, and you would most certainly incur their wrath as they would be denied these services or see their data destroyed. It might be best to do something like this.

    Code:
    shutdown -h +15
    which means that the system is going to be halted in 15 minutes (+15). It's hard to tell if you've given people the time they need to finish what they're doing, that is, the time frame is up to your judgment.

    Rebooting the system

    There are a few reasons why you might need to shutdown a system running Linux. Your system may crash, though with the robustness and reliability of Linux, this is probably not going to happen very often. That doesn't mean that it can never happen, to be honest. The most common reason for rebooting a Linux system is to load a newly installed kernel. You may have had to make modifications to an existing kernel or update to a new version that's just been released. In this case, you need to reboot your system for those changes to take effect. Those who brag about the uptime of their system (to check yours, type: uptime) lament on how they must reboot their computer after compiling a new kernel and watch their number of days running return to 0. To reboot a Linux system, use the -roption:

    Code:
    shutdown -r +15
    The rules for warning others that may be using the network still apply in a reboot. To check out all the possibilities of the command shutdown, consult the man page: man shutdown.

    Share the power

    As we mentioned in a previous section, some commands, like shutdown, are only meant to be used by root. But if you had a situation where Linux was being used as the operating system in PC workstations, you might want to add shutdown to the list of commands in the sudoers file. That would allow the users of Linux workstations to shut down their own machines. Here, we've added the command to our previous example.

    Code:
    Cmnd_Alias TOOLS = /bin/mount, /bin/umount, /sbin/shutdown
    Changing configuration files

    The most important configuration files are located in the /etc directory. Any good administrator will know this directory like the back of his/her hand. Here is list of the most important files that you may have to change regularly:


    Code:
    hosts
    hosts.allow
    hosts.deny

    Let's have a look at what these files do.

    hosts is a list of the machines in your network with their names and IP addresses. Anytime you add a new machine to the network, you should add an entry here. Actually, before the Domain Name System (DNS), there used to be a "master" hosts file to locate all of the machines on the Internet. This was, of course, in the days before the Internet was used by the general public. It looks like this:


    Code:
    # this machine
    127.0.0.1      localhost
     
    # other hosts in the local network
    192.168.0.1    enterprise.mycompany.com      enterprise
    192.168.0.2    constellation.mycompany.com  constellation
    192.168.0.3    intrepid.mycompany.com        intrepid
    192.168.0.4    exeter.mycompany.com          exeter
    192.168.0.5    router.mycompany.com          router

    The naming scheme is entirely up to you. What we have here is a class C network (192.168.X.X) which is connected to the Internet, probably via some high-speed line. The first part, as you can see, are the IP addresses. This is followed by the Fully Qualified Host Name, which includes the domain name and the top level domain. You should not use .com, .org or other Internet top level domains if you're not connected to the Internet. The last part is the name of the machine or "alias". The first line of this hosts file lacks that last bit. That's because you can enable what's known as 'loopbacking' on a Linux machine. It may be the case that you want to run networking programs on a machine but you don't have an actual network. Think of 127.0.0.1 as a virtual network inside your machine. When you type 127.0.0.1 or localhost, it "loops back" to the machine itself. Even with a network, this is often used to run development web servers, for example, where you want to restrict access from the outside.

    hosts.allow is a file that controls who has access to the services that your machine provides. It might look something like this:


    Code:
    ALL : 192.168.
    imapd: .friendly.com, 999.99.
    sshd: .friendly.com

    The syntax is simple. You define the service (all, imapd, sshd) and separate the list of hosts allowed to use them with a colon :)). The host names or IP addresses must be separated by commas. Neither names nor numbers have to be complete but they should begin or end with a dot (.) where applicable. That is, in the example above, host names can begin with a dot because that means any machine in that domain, friendly.com, can access that service. (ie, quite.friendly.com, very.friendly.com). With numbers, you can specify that machine netblock are allowed to access your services by putting a dot after the first sets of numbers, as you can see in our example of 192.168. and 999.99

    In this example, those using machines in your local network (192.168.) are allowed to use all the services available (ALL). Machines in domain .friendly.com and the netblock 999.99. are allowed to access the IMAP daemon, normally used to access email via IMAP . .friendly.com is allowed to login to our network via SSH (Secure Shell).

    hosts.deny is a file that controls whocannot access the services that your machine provides. Most hosts.deny files are the same. They look like this:

    ALL : ALL

    which means that ALL are denied ALL services. This is standard practice. As we have seen with cron and at, X.deny and X.allow files work on the principle that users who are not specifically allowed to use services are denied them. Though it may sound logical, it needs to be restated that if we use the hosts.deny approach, if your name is not listed, then you're allowed to use all the services offered. If we used the hosts.allow approach, then we establish who can use certain services and we therefore deny the rest to everybody else. This is easier to maintain and it is more secure.

    Other important configuration files

    resolv.conf is used primarily to list the name servers your machine uses to find other machines on the Internet



    Code:
    search mycompany.com
    domain mycompany.com
    nameserver 192.168.0.3
    nameserver 999.99.9.9
    nameserver 999.99.9.8

    The first entries, search and domain, tells what domains to look at and then append to names. For example, if you just typed the name 'intrepid' in a browser, it would append .mycompany.com to that name to access that machine. The other entries beginning with nameserver list the the IP address of machines that have run Domain Name Service (DNS) software (BIND, for example) so that you can find other machines on the Internet by name. Our first entry here is a machine in our local network that runs this software. The others listed are normally those of your Internet service provider or others who offer name service to the public.
    Pyplate and DevynCJohnson like this.
  2. Qamarqrsh

    Qamarqrsh New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Do we have to create manually (host.allow and deny file)? or is some where exists these files in /etc?

    Regards
  3. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    910
    Likes Received:
    290
    Trophy Points:
    63
    To check and see if the files are in the directory:
    Code:
    sudo ls -R  /etc | grep host 
    If it is listed then you can use the Mlocate tools:
    Code:
     sudo su -c "updatedb && locate host | grep /etc"
  4. Eric Hansen

    Eric Hansen Member

    Messages:
    96
    Likes Received:
    38
    Trophy Points:
    18
    Part of the issue is that the hosts.{allow,deny} files are being phased out. A few years ago Ubuntu and/or Debian announced that they were eliminating it out in a future release.

    Also, to reboot a computer you could also just do:
    Code:
    sudo reboot
    Not every system has it set up from my experience but it works the same.
  5. JDG

    JDG New Member

    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    1
    Wouldn't grep -iR hosts /etc would work as well?

    Also, do you have any insight in the use of the nsswitch.conf file?

    I only ask because I had a friend who accidentally removed this file years back on one of his systems....
  6. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    910
    Likes Received:
    290
    Trophy Points:
    63
    Code:
    sudo grep -iR hosts /etc/
    /etc/nscd.conf:# Currently supported cache names (services): passwd, group, hosts, services
    /etc/nscd.conf: enable-cache            hosts          yes
    /etc/nscd.conf: positive-time-to-live  hosts          3600
    /etc/nscd.conf: negative-time-to-live  hosts          20
    /etc/nscd.conf: suggested-size          hosts          211
    /etc/nscd.conf: check-files            hosts          yes
    /etc/nscd.conf: persistent              hosts          yes
    /etc/nscd.conf: shared                  hosts          yes
    /etc/nscd.conf: max-db-size            hosts          33554432
    /etc/host.conf:order hosts,bind
    /etc/lynx.cfg:# in contrast to LYNX_HOST_NAME, you can define them to trusted hosts at
    /etc/avahi/hosts:# See avahi.hosts(5) for more information on this configuration file!
    /etc/sane.d/net.conf:## saned hosts
    /etc/security/access.conf:# User "root" should be allowed to get access from hosts with ip addresses.
    /etc/security/pam_env.conf:# Set the REMOTEHOST variable for any hosts that are remote, default
    /etc/ImageMagick-6/type.xml:  <include file="type-ghostscript.xml" />
    /etc/services:icshostsvc      4553/tcp
    /etc/makepkg.conf:#-- specify a space-delimited list of hosts running in the DistCC cluster.
    /etc/makepkg.conf:#DISTCC_HOSTS=""
    /etc/mime.types:application/x-font-ghostscript                                                          gsf
    /etc/gconf/gconf.xml.defaults/%gconf-tree.xml:                          <entry name="ignore_hosts" mtime="1374945117" type="schema" stype="list" owner="gnome-vfs" list_type="string">
    /etc/gconf/gconf.xml.defaults/%gconf-tree.xml:                                  <local_schema locale="C" short_desc="Non-proxy hosts">
    /etc/gconf/gconf.xml.defaults/%gconf-tree.xml:                                          <longdesc>This key contains a list of hosts which are connected to
    /etc/gconf/gconf.xml.defaults/%gconf-tree.xml:                  <entry name="ignore_hosts" mtime="1374945117" schema="/schemas/system/http_proxy/ignore_hosts"/>
    /etc/nsswitch.conf:hosts: files dns myhostname
    /etc/hosts:# /etc/hosts: static lookup table for host names
    /etc/ssh/ssh_config:#  RhostsRSAAuthentication no
    /etc/ssh/sshd_config:# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    /etc/ssh/sshd_config:#RhostsRSAAuthentication no
    /etc/ssh/sshd_config:# Change to yes if you don't trust ~/.ssh/known_hosts for
    /etc/ssh/sshd_config:# RhostsRSAAuthentication and HostbasedAuthentication
    /etc/ssh/sshd_config:#IgnoreUserKnownHosts no
    /etc/ssh/sshd_config:# Don't read the user's ~/.rhosts and ~/.shosts files
    /etc/ssh/sshd_config:#IgnoreRhosts yes
    
    -iR will read the files also...

    Networking is my weakness, I just don't really understand it. So, I let network-manager take care of it. Along with gufw..I don't bother with the host files.
  7. JDG

    JDG New Member

    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    1
    I meant 'find' not 'grep'. Big difference between searching for a file and reading it. :)

    Apparently I am in need of remediation :-/
  8. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    910
    Likes Received:
    290
    Trophy Points:
    63
    find hosts /etc | grep hosts.conf ;)

Share This Page