Difference between revisions of "OPS235 Resources"

From CDOT Wiki
Jump to: navigation, search
(F12 Live CD update Tracker)
(F13 Live CD update Tracker)
Line 27: Line 27:
 
|}
 
|}
  
= F13 Live CD update Tracker =
+
= F13 Installation DVD update Tracker =
The following table shows the number of packages available for update on a given date on a Live Fedora 12 system.
+
The following table shows the number of packages available for update on a given date on a Live Fedora 13 system.
 
{|border="1"
 
{|border="1"
 
|- style="width: 100%;color: white; background-color: #7430c2; font-weight: bold"
 
|- style="width: 100%;color: white; background-color: #7430c2; font-weight: bold"

Revision as of 16:21, 10 September 2010

Installation Video

Fedora 12 Installation

F12 Live CD update Tracker

The following table shows the number of packages available for update on a given date on a Live Fedora 12 system.

Date No. of Packages Size Time(min.)
November 25, 2009 100 94MB 5
November 24, 2009 89 87MB 5
December 6, 2009 180 152MB 8
Date No of Package Size Time(min.)

F13 Installation DVD update Tracker

The following table shows the number of packages available for update on a given date on a Live Fedora 13 system.

Date No. of Packages Size Time(min.)
September 10, 2010 485 579MB 5
Date No of Package Size Time(min.)

Some facts about Fedora 12 Live DVD

Version information

[root@localhost ~]# uname -a
Linux localhost.localdomain 2.6.31.5-127.fc12.i686 #1 SMP Sat Nov 7 21:41:45 EST 2009 i686 athlon i386 GNU/Linux

Number of packages

[root@localhost ~]# rpm -qa | wc -l
1017

Super User Account

There is no password for the super user account "root". You can simply type "su -" to switch to super user account in order to perform the following task:

  • yum update
  • yum install package-name
  • switch SELinux mode
  • list, flush, add, delete firewall rule using the iptables command
  • start/stop network service
  • add/remove/modify user accounts
  • add/remove software package
  • other administrative tasks
  • reading system log files

Monitoring System Main Log File

Most system daemons write log messages to the main system log file at /var/log/messages. As a system administrator, you can view any new log messages written to the file in real time using the following command line in a terminal window:

[root@localhost ~]# tail -f /var/log/messages
Jan 13 11:59:01 localhost kernel: usb 1-2: new high speed USB device using ehci_hcd and address 5
Jan 13 11:59:01 localhost kernel: usb 1-2: New USB device found, idVendor=058f, idProduct=6387
Jan 13 11:59:01 localhost kernel: usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Jan 13 11:59:01 localhost kernel: usb 1-2: Product: Mass Storage
Jan 13 11:59:01 localhost kernel: usb 1-2: Manufacturer: USB2.0
Jan 13 11:59:01 localhost kernel: usb 1-2: SerialNumber: 1C7FED06
Jan 13 11:59:01 localhost kernel: usb 1-2: configuration #1 chosen from 1 choice
Jan 13 11:59:01 localhost kernel: scsi9 : SCSI emulation for USB Mass Storage devices
Jan 13 11:59:06 localhost kernel: scsi 9:0:0:0: Direct-Access     USB2.0   Flash Disk       8.07 PQ: 0 ANSI: 2
Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: Attached scsi generic sg3 type 0
Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: [sdc] 1998848 512-byte logical blocks: (1.02 GB/976 MiB)
Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: [sdc] Write Protect is off
Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: [sdc] Assuming drive cache: write through
Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: [sdc] Assuming drive cache: write through
Jan 13 11:59:07 localhost kernel: sdc: unknown partition table
Jan 13 11:59:07 localhost kernel: sd 9:0:0:0: [sdc] Assuming drive cache: write through
Jan 13 11:59:07 localhost kernel: sd 9:0:0:0: [sdc] Attached SCSI removable disk
Jan 13 11:59:07 localhost kernel: kjournald starting.  Commit interval 5 seconds
Jan 13 11:59:07 localhost kernel: EXT3 FS on sdc, internal journal
Jan 13 11:59:07 localhost kernel: EXT3-fs: recovery complete.
Jan 13 11:59:07 localhost kernel: EXT3-fs: mounted filesystem with ordered data mode.

The above messages were generated when a user plugged in an USB Flash drive to the system. In this example, the system assgined the device name [sdc] to identify the Flash drive.

Mail Package

Fedora 12 Live DVD does not install the malix package by default. To install the mailx package (so that user can use the mail command to read their local mails), follow the follwing steps:

[root@localhost mail]# yum install mailx
Loaded plugins: presto, refresh-packagekit
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mailx.i686 0:12.4-3.fc12 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================
Package           Arch            Version             Repository                 Size
=========================================================================================
Installing:
 mailx            i686            12.4-3.fc12         fedora                      214 k
 
Transaction Summary
=========================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 214 k
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 214 k
mailx-12.4-3.fc12.i686.rpm                                     | 214 kB     00:01     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
 Installing     : mailx-12.4-3.fc12.i686                       1/1 

 Installed:
   mailx.i686 0:12.4-3.fc12                                                                

Complete!

TCP/IP Network Services running on the Live DVD by default

  • cups on port 631 (Common Unix Print Service)
  • smtp on port 25 (Simple Message Transfer protocol, for handling emails exchange between local users)
  • avahi-daemon on port 5353 and 49032
  • bootpc on port 68 (DHCP Client)
[root@localhost ~]# netstat -atup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address   State       PID/Program name   
tcp        0      0 localhost.localdomain:ipp   *:*               LISTEN      1500/cupsd          
tcp        0      0 localhost.localdomain:smtp  *:*               LISTEN      1800/sendmail: acce 
tcp        0      0 localhost6.localdomain6:ipp *:*               LISTEN      1500/cupsd          
udp        0      0 *:mdns                      *:*                           1489/avahi-daemon:  
udp        0      0 *:ipp                       *:*                           1500/cupsd          
udp        0      0 *:49032                     *:*                           1489/avahi-daemon:  
udp        0      0 *:bootpc                    *:*                           1698/dhclient

SELinux Configuration

Security Enhence Linux is enabled by default.

[root@localhost ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
[root@localhost ~]# 

To Keep SELinux running but ask it not to enforce the Security Policy, do the following:

[root@localhost ~]# setenforce 0
[root@localhost ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

It is not recommended to turn off SELinux. If you encounter some SELinux policy issues and can not get it resolve, then you should set it to permissive mode.

To switch SELinux from "permissive" mode to "enforcing" mode, do the following:

[root@localhost ~]# setenforce 1
[root@localhost ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Firewall Configuration

Fedora distribution use "netfilter" kernel module for building a Stateful Packet Filtering firewall. Firewall is enable on Fedora Live DVD by default.

Default Firewall Setting

The default firewall configuration:

[root@localhost ~]# iptables -L --line-number
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  anywhere             anywhere            
3    ACCEPT     all  --  anywhere             anywhere            
4    ACCEPT     udp  --  anywhere             224.0.0.251         state NEW udp dpt:mdns 
5    REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination          

  • Incoming packets will be filtered based on firewall rules for the INPUT chain (Chain num 1 to 5)
    • Rule number 1 allows any packets which are related to any packets went out before
    • Rule number 2 allows any icmp packets, including echo-request and echo-reply packet (used by the ping command)
    • Rule number 3 allows packets coming from the loop back network interface (lo), need to "-v" to show the interface name.
    • Rule number 4 allows packets go to IP address 224.0.0.251 port 5353
    • Rule number 5 blocks all other incoming packets
  • No packet will be forwarded.
  • All outgoing packets are allowed.

Flush out firewall rules in the Filter table

To turn off the blocking of Incoming packet, do the following:

[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination          

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

The "iptables -F" command "flushes" out all the firewall rules in the filter table. The "iptables -L" displays the updated firewall rules in the filter table (none left after the iptables -F command).

Restore default firewall rules to the Filter table

To restore the default firewall, do the following:

[root@localhost ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: raw mangle nat f[  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:

Additional Software Package Installation

Apache Manual

Installation using yum

[root@localhost ~]# yum install httpd-manual
Loaded plugins: presto, refresh-packagekit
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package httpd-manual.noarch 0:2.2.13-4.fc12 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package              Arch           Version               Repository      Size
================================================================================
Installing:
 httpd-manual         noarch         2.2.13-4.fc12         fedora         767 k 

Transaction Summary
================================================================================
Install       1 Package(s)
Upgrade       0 Package(s) 

Total download size: 767 k
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
fedora/prestodelta                                       | 1.3 kB     00:00     
Processing delta metadata
Package(s) data still to download: 767 k
httpd-manual-2.2.13-4.fc12.noarch.rpm                    | 767 kB     00:02     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : httpd-manual-2.2.13-4.fc12.noarch                        1/1 

Installed:
  httpd-manual.noarch 0:2.2.13-4.fc12                                           

Complete!

Starting Apache Server

[root@localhost ~]# service httpd start
Starting httpd:                                            [  OK  ]
[root@localhost ~]# 

To access your Apache Web Server running on the Live DVD

Applications

OPS235 SSH


Reporting Problems about your Fedora Installation

Please read the bug report guide line to collect as much information as possible when reporting your Fedora problem to your professor.

Miscellaneous Topics