Difference between revisions of "OPS235 Lab 5 - CentOS7"

From CDOT Wiki
Jump to: navigation, search
Line 1: Line 1:
=Logical Volume Management and Software Package Management=
+
[[Category:OPS235]]
  
==Introduction==
+
=LAB PREPARATION=
  
In this lab you're going to:
+
==Purpose / Objectives of Lab 1==
  
:* Learn how to add and remove software packages on your different Linux systems.
+
There are many other tasks that a Linux system administrator must perform other than installing Linux and installing software.
:* Learn how to properly adjust your various Linux file systems by using and managing LVM both graphically (centos2) as well as command line (centos3).
 
  
== Required Materials (Bring to All Labs) ==
+
A few additional tasks are user management and managing services.
  
* CentOS 6.5 x86_64 Live DVD
 
* CentOS 6.5 x86_64 Installation DVD1
 
* SATA Hard Disk (in removable disk tray)
 
* USB Memory Stick
 
* Lab Logbook
 
  
==Prerequisites==
+
<u>Main objectives</u>:
 +
<br>
 +
:* Administer '''(add, remove, modify) users''' on a Linux system.
 +
:* Save time while adding new users using a template of '''start-up files'''.
 +
:* Create and manage '''groups''' on a Linux system.
 +
:* '''Start and Stop services''' on a Linux system.
 +
:* Display the '''status of running services''' on a Linux system.
  
* Completion and Instructor "Sign-off" of Lab 2: [[OPS235 Lab 2 - CentOS6]]
 
  
==Linux Command Online Reference==
+
==Minimum Required Materials==
Each Link below displays online manpages for each command (via [http://linuxmanpages.com/ http://linuxmanpages.com]):
+
 
 +
{|cellpadding="15" width="40%"
  
{|width="100%" cellpadding="5"
 
|'''LVM Information Utilities:'''
 
|'''LVM Management Utilities:'''
 
|'''Additional Utilities:'''
 
 
|- valign="top"
 
|- valign="top"
|
 
*[http://linuxmanpages.com/man8/vgs.8.php vgs]
 
*[http://linuxmanpages.com/man8/lvs.8.php lvs]
 
*[http://linuxmanpages.com/man8/pvs.8.php pvs]
 
*[http://linuxmanpages.com/man8/vgdisplay.8.php vgdisplay]
 
*[http://linuxmanpages.com/man8/lvdisplay.8.php lvdisplay]
 
*[http://linuxmanpages.com/man8/pvdisplay.8.php pvdisplay]
 
|
 
*[http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-system-config-lvm.html system-config-lvm] (Tutorial)
 
*[http://linuxmanpages.com/man8/lvextend.8.php lvextend]
 
*[http://linuxmanpages.com/man8/resize2fs.8.php resize2fs]
 
*[http://linuxmanpages.com/man8/lvcreate.8.php lvcreate]
 
*[http://linuxmanpages.com/man8/lvreduce.8.php lvreduce]
 
*[http://linuxmanpages.com/man8/pvcreate.8.php pvcreate]
 
*[http://linuxmanpages.com/man8/vgextend.8.php vgextend]
 
|
 
*[http://linuxmanpages.com/man8/mount.8.php mount]
 
*[http://linuxmanpages.com/man8/umount.8.php umount]
 
*[http://linuxmanpages.com/man8/yum.8.php yum]
 
*[http://linuxmanpages.com/man8/rpm.8.php rpm]
 
|}
 
  
==Resources on the web==
+
|width="10%" | [[Image:harddrive.png|thumb|left|85px|<b>Removable Hard Disk Pack</b> (SATA)]]
Additional links to tutorials and HOWTOs:
 
'''Please read this page to get an overview of LVM:'''<br /><br />
 
:* [[Logical Volume Management]] ('''Note:''' It is recommended to return to this guide as a reference when performing the next several investigations)
 
:* [http://fedoranews.org/alex/tutorial/rpm/ Using the RPM Utility]
 
:* [http://www.centos.org/docs/5/html/yum/ Using the YUM Utility]
 
  
 +
|width="10%" |[[Image:ubs-key.png|thumb|left|85px|<b>USB key</b><br>(for backups)]]
  
 +
|width="10%" |[[Image:log-book.png|thumb|left|70px|<b>Lab4 Log Book</b>]]
  
=Logical Volume Management (Introduction)=
+
|}
  
== Check Current LVM Information Prior to Performing Investigations ==
+
==My Toolkit (CLI Reference)==
  
'''LVM''' ('''Logical Volume Management''') is used to manage hard disk drives / partitions for Unix/Linux systems. LVM provides more flexibility than just working with hard disks / hard disk partitions. '''Volume Groups''' are areas used to define '''Physical Volumes''' (i.e. hard disks, disk partitions, or other forms of storage devices). '''Logical Volumes''' are then used to relate directories (mount points) to a specific physical volume or for a "range" or "span" of physical volumes.
+
{|width="50%" cellpadding="15"
 
+
|- valign="top"
Therefore, LVM allows more flexibility and growth potential for Linux systems (for example, having Logical volumes span multiple hard disks). CentOS uses LVM by default upon installation. Other Linux distributions may provide the capacity to install LVM, or later install and then use Logical Volume Management.
+
|width="10%" |<u>User Management:</u>
 +
[http://unixhelp.ed.ac.uk/CGI/man-cgi?useradd+8 useradd]<br>
 +
[http://unixhelp.ed.ac.uk/CGI/man-cgi?userdel+8 userdel]<br>
 +
[http://unixhelp.ed.ac.uk/CGI/man-cgi?usermod+8 usermod]<br>
 +
[http://unixhelp.ed.ac.uk/CGI/man-cgi?groupadd+8 groupadd]<br>
 +
[http://unixhelp.ed.ac.uk/CGI/man-cgi?groupdel+8 groupdel]
 +
|width="10%" |<u>Managing Services</u>
 +
[http://unixhelp.ed.ac.uk/CGI/man-cgi?chkconfig+8 chkconfig]<br>
 +
[http://unixhelp.ed.ac.uk/CGI/man-cgi?service+8 service]<br>
 +
[http://www.dsm.fordham.edu/cgi-bin/man-cgi.pl?topic=systemctl systemctl]<br>
 +
|width="10%" |<u>Miscellaneous</u>
 +
[http://man7.org/linux/man-pages/man5/passwd.5.html /etc/passwd]<br>
 +
[http://man7.org/linux/man-pages/man5/group.5.html /etc/group]<br>
 +
[http://man7.org/linux/man-pages/man5/shadow.5.html /etc/shadow]<br>
 +
[http://archive.linuxfromscratch.org/blfs-museum/1.0/BLFS-1.0/postlfs/skel.html /etc/skel]<br>
 +
[http://zenit.senecac.on.ca/wiki/index.php/Init_vs_systemd init vs systemd]
 +
|}
  
'''Although the concept of LVM is simple, it takes practice and preparation (or "thinking ahead") in order to correctly use this valuable tool'''. It is important for students to gain an understanding of LVM, and how to manage their filesystems using LVM. It is recommended for students to read the following resource prior to this lab and/or return to the following resource while performing this lab: [[Logical Volume Management]]
 
  
At this point, having completed [[OPS235 Lab 2 - CentOS6|Lab 2]] you should have roughly the following disk storage setup:
+
= INVESTIGATION 1: User/Group Management =
  
('''Note:''' These results are output from the '''vgs''', '''pvs''', and '''lvs''' commands that provide volume group, physical volume and logical volume information for each of the virtual machines that you created in lab2. Before proceeding, check these values with your own system to see if you are generally "on the right track".)
+
User account management is a very important operation that a Linux sysadmin does on a consistent basis. The sysadmin not only needs to add or remove user accounts by issuing commands, but may need to automate user account creations a large number (batch) of potential employees. There are many features with the Linux command to create new users including: specification of a home directory, type of shell used, name, password and time-limit (referred to as "aging") for a new user account. Remove user accounts also have options such as removing the user account but keeping the home directory for reference or evidence of "wrong-doing"
  
* '''centos1'''
+
In your ULI101 course, you learned to change permissions for directories and files relating to user, same group members and other group members. In this course, since you are the sysadmin with root privileges, you can create or remove groups as well as change the ownership of directories and files! We will now learn to perform key user account management operations in this section.
  
  VG        #PV #LV #SN Attr  VSize VFree
+
== Part 1: The /etc/passwd file ==
  vg_centos1  1   2  0 wz--n- 9.50g    0
 
  
  PV        VG        Fmt  Attr PSize PFree
+
# Look at the <b><code><span style="color:#3366CC;font-size:1.2em;">/etc/passwd</span></code></b> file.
  /dev/vda3  vg_centos1 lvm2 a--  9.50g    0
+
# Make note of the contents of that file.
 +
# Read about the file: http://man7.org/linux/man-pages/man5/passwd.5.html
 +
# Make sure you know what information each field contains.
 +
# Why do you think there are so many users?
 +
# Look at the names of the users. What do you think these user names represent? Are they people?
 +
# What is the numeric user ID (UID) of the root user?
 +
# The user IDs of real users (people) are different from the user IDs of system accounts. What is the pattern?
  
  LV      VG        Attr  LSize Origin Snap%  Move Log Copy%  Convert
+
'''Answer the Part 1 observations / questions in your lab log book.'''
  lv_root vg_centos1 -wi-ao 8.03g                                   
 
  lv_swap vg_centos1 -wi-ao 1.47g
 
  
* '''centos2'''
+
== Part 2: Adding users ==
  
  VG        #PV #LV #SN Attr  VSize  VFree
 
  vg_centos2  1  3  0 wz--n- 19.51g 7.77g
 
  
  PV        VG        Fmt  Attr PSize  PFree
+
#Perform this part in your '''centos1''' VM.
  /dev/vda2  vg_centos2 lvm2 a-- 19.51g 7.77g
+
# Read the man page for the <b><code><span style="color:#3366CC;font-size:1.2em;">useradd</span></code></b> command.
 +
# Create three fictitious users (make-up their userids and full names. Give each of these newly-created users a password.
 +
# Grep the <b><code><span style="color:#3366CC;font-size:1.2em;">/etc/passwd</span></code></b> file for each of the new users.
 +
#* What is the '''home''' directory of each user?
 +
#* What '''group''' is each user in?
 +
#* What other information can you provide regarding these users?
 +
#* Where are the '''passwords''' stored?
 +
# Look at the man page for '''/etc/shadow''' using the command: <b><code><span style="color:#3366CC;font-size:1.2em;">man 5 shadow</span></code></b>
 +
#* Grep the <b><code><span style="color:#3366CC;font-size:1.2em;">/etc/shadow</span></code></b> file for each of the new users.
 +
#* Make note of this information.
 +
# Create two new dummy users, <b><code><span style="color:#3366CC;font-size:1.2em;">ops235_1</span></code></b> and <b><code><span style="color:#3366CC;font-size:1.2em;">ops235_2</span></code></b>.
 +
# Investigate the home directory of one of your new users.
 +
#* What files are there? Be sure to include hidden files.
 +
#* What do you think these files are used for?
 +
#* How does the operating system determine which files are created in a new home account? The answer can be found here:<br>http://www.linuxhowtos.org/Tips%20and%20Tricks/using_skel.htm
 +
#* Look at the files (including hidden files) in the template directory referred to in the article. Compare them to what is in a home directory for a new user. What do you notice?
 +
#* Create a new file in this directory with the following command: <b><code><span style="color:#3366CC;font-size:1.2em;">touch foo</span></code></b>
 +
#* Create a new user named <b><code><span style="color:#3366CC;font-size:1.2em;">foobar</span></code></b>, with the option to automatically create a home directory.
 +
#* Look at the contents of foobar's home directory. What do you notice?
 +
# Be sure to record your observations in your lab notes.
 +
#Issue the man pages for the '''useradd''' command. Explain the purpose of using the '''-e''' option for the ''useradd'' command. Try to think what would be the purpose for a Linux sysadmin to use this option when creating new users.
  
  LV      VG        Attr      LSize Pool Origin Data%  Move Log Cpy%Sync Convert
+
'''Answer the Part 2 observations / questions in your lab log book.'''
  lv_home vg_centos2 -wi-ao---- 1.95g                                           
 
  lv_root vg_centos2 -wi-ao---- 7.81g                                           
 
  lv_swap vg_centos2 -wi-ao---- 1.97g
 
  
* '''centos3  (Note: This VM has no GUI installed)'''
+
== Part 3: Managing Groups ==
 
  VG        #PV #LV #SN Attr  VSize VFree
 
  vg_centos3  1  3  0 wz--n- 14.51g 4.54g
 
  
  PV        VG        Fmt  Attr PSize PFree
+
#Remain in your '''centos1''' VM for this section.
  /dev/vda3  vg_centos3 lvm2 a-- 14.51g 4.54g
+
# Read the man page for the <b><code><span style="color:#3366CC;font-size:1.2em;">groupadd</span></code></b> and <b><code><span style="color:#3366CC;font-size:1.2em;">groupdel</span></code></b> commands.
 +
# Note which option allows you to set the Group ID number ('''GID''') when you create a new group.
 +
# Examine the file <b><code><span style="color:#3366CC;font-size:1.2em;">/etc/group</span></code></b>
 +
#* Which values of GID are reserved for system accounts?
 +
#* Which values of GID are reserved for non-system user accounts?
 +
#* What is the lowest available GID number for non-system users?
 +
#* What is the default group name of a new user?
 +
#* Add a new group named <b><code><span style="color:#3366CC;font-size:1.2em;">ops235</span></code></b> with a GID of <b><code><span style="color:#3366CC;font-size:1.2em;">600</span></code></b>.
 +
#* The management at your organization have concerns regarding some irresponsible users on your system.
 +
#** Add a new group named '''investigation'''.
 +
#** Look at '''/etc/group''' and note the GID of group called '''investigation'''.
 +
#** What GID is given to a new group if you do not specify it?
 +
#** In the file, add those users to the end of the concerned group (separate each user-name with a comma).
 +
#** Those individuals have explained their actions to management and the crisis has been resolved. Delete the '''investigation''' group.
 +
#** Look at '''/etc/group''' again and note the change.
  
  LV      VG        Attr  LSize  Origin Snap%  Move Log Copy%  Convert
+
'''Answer the Part 3 observations / questions in your lab log book.'''
  lv_home vg_centos3 -wi-ao----  1.00g                                           
 
  lv_root vg_centos3 -wi-ao----  8.00g                                           
 
  lv_swap vg_centos3 -wi-ao---- 992.00m                                   
 
 
* '''c6host (i.e. "removable hard disk" or "disk pack")'''
 
  
Does not use LVM. Confirm this using the same commands used above.
+
== Part 4: Deleting / Modifying Users ==
  
{{Admon/note|VM Backups and Recovery|Most of these investigations will take place in your virtual machines. If you make a significant mistake, your virtual machine may not boot. Remember that you created backups of your virtual machines in Lab 2, and you can restore them if something goes wrong.<br /><br />'''Remember: if you did not create backups for all of your VMs, then you don't have any restoration points to fall-back to!'''|}}
+
#Remain in your '''centos1''' VM for this section.
 +
# Read the man page for the '''userdel''' command. Note which option automatically removes the users home directory when that user is deleted.
 +
# Delete the user '''ops235_1''' using the command <b><code><span style="color:#3366CC;font-size:1.2em;">userdel ops235_1</span></code></b>
 +
# Delete the user '''ops235'''_2 using the same command with the option which removes the home directory of the user.
 +
# Check the contents of the /home directory. What do you notice?
 +
# Check the contents of the <b><code><span style="color:#3366CC;font-size:1.2em;">/etc/group</span></code></b> file. What do you notice?
 +
# Read the man page for the usermod command. Note which options change the user's full name, primary group, supplementary groups, and shell.
 +
# Create a new user account called '''noobie''' for the employee: '''"Really Green"''' . Assign a password for that newly created user.
 +
# Management has indicated that this employee be on on probation for 3 months. Use the '''usermod''' command to set the account for noobie to expire in 3 months from this day as part of the security policy of this organization.
 +
# Add each of your new users to the group ops235 (in other words, add ops235 to each user as a supplementary group).
 +
# Examine <b><code><span style="color:#3366CC;font-size:1.2em;">/etc/group</span></code></b>. What has changed?
 +
# Use the '''usermod''' command to change the full name of the user account '''noobie''' from '''"Really Green"''' to '''"Outstanding Employee"'''. Examine the result of running that command in the <b><code><span style="color:#3366CC;font-size:1.2em;">/etc/passwd</span></code></b> file. What has changed?
 +
# Use the '''usermod''' command to extend the use of their account for 5 years as of today.
 +
# Be sure to record your observations in your lab notes.
  
== Investigation 4: Extend the size of lv_root using command-line tools ==
+
'''Answer the Part 4 observations / questions in your lab log book.'''
  
Perform this investigation in centos3.
+
=INVESTIGATION 2: Managing System Services and Run-levels=
  
Let's say that you have run out of disk space on your computer (centos3), you need more space on the root filesystem, perhaps to host more webpages or a larger database or new software. What are your options? Getting a replacement harddrive would probably require reinstallation of the operating system and backup/restore of the data.
+
Many students may think that the following topic is small and "not a big deal". Those students may say, '''"How hard is running and stopping services?"'''
  
Because we're using LVM though - we can avoid that. We can add a new harddrive (which will serve as a physical volume) to the volume group, and extend the root logical volume to make use of the new available space.
+
The process may not be hard, but knowing how to stop, start, restart and check the status of services is absolutely critical to a Linux server. '''Aside from learning to trouble-shoot problems''' by checking the status of running services, '''understanding how to manage services is critical to help protect a Linux server from penetration''' (this term is referred to as "'''Hardening a system'''"). Sometimes it is "what we don't know" that can harm us. One key element in hardening a computer system is to disable non essential networkng services to allow IDSs ('''Intrusion Detection Systems''') to focus on a narrower range of policy violations. A Debian-based penetration testing distribution called Kali (formerly referred to as '''BackTrax''') allows sysadmins and security professionals to identify vulnerabilities in their computer systems, and thus improve (harden) their systems against penetration. Learning to monitor the status, enable and disable networking services underlies the '''Backtrax''' motto:<br><br>'''''"The quieter you are, then more you will hear..."'''''<br><br>
  
'''Perform the following operations to increase the size of lv_root in centos3:'''
+
=== Part 1: How do we Manage System Services? ===
  
<u>'''<font>Steps:</font>'''</u>
+
We have seen that maintaining unneeded '''packages can be a security risk''' due to the unnecessary increase in the complexity of your system. Similarly, it is also unnecessarily hazardous, and even more so, to leave unneeded services running. In this investigation, we will learn how to '''control services, and turn off those services that we think are not necessary to help reduce security risks'''.}}
  
 +
#Use your '''centos2''' VM for this part.
 
<ol>
 
<ol>
<li>Run the following commands and make note of the output:</li>
+
  <li value="2">Use the '''man''' pages to learn about the '''service''' command.</li><li>Issue the following Linux command:
  <code>ls /dev/vd*
+
      <ul>
  pvs
+
        <li><b><code><span style="color:#3366CC;font-size:1.2em;">service --status-all</span></code></b></li>
   vgs
+
      </ul>
  lvs
+
   </li>
  df -h</code>
+
  <li>Note the services that are currently running.</li>
<li>Open the centos3 virtual machine console</li>
+
  <li>Use the command <b><code><span style="color:#3366CC;font-size:1.2em;">service iptables stop</span></code></b> to stop the service named '''iptables'''</li>
<li>Go to the hardware details view</li>
+
  <li>Run a command to verify that the '''iptables''' service has stopped.</li>
<li>Click "Add Hardware" and add a new storage device of 2GBs, make sure it's a VirtIO disk.</li>
+
  <li>A newer method of managing services is by using '''systemd'''. It has the ability to manage dependent service in parallel and allow one service to be stopped without disrupting the other services. Here is a link that briefly explains how to use '''systemd''' (as opposed to tradition method: ''init'') and the '''systemctl''' command: [http://zenit.senecac.on.ca/wiki/index.php/Init_vs_systemd init vs systemd]</li>
<li>Go back to the console view</li>
+
  <li>If you reboot now - the iptables service will be turned back on. We don't want it on though, it causes students headaches. To turn it off permanently we need to use the '''chkconfig''' command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">chkconfig iptables off</span></code></b></li>
<li>Run the same ls command (performed in step 1), what's changed?</li>
+
  <li>Use the '''systemctl''' command (from the link above - showing examples) to verify that the '''iptables''' service is off ('''hint:''' issue command, and pipe to grep "'''iptables'''").
<li>Now we'll make the new device as a physical volume, add it to the volume group, and extend lv_root:</li>
+
  <li>Reboot and confirm that it's no longer running.</li>
  <code>pvcreate /dev/vdb
 
 
 
  vgextend vg_centos3 /dev/vdb
 
 
 
  lvextend -L +2G -r vg_centos3/lv_root</code>
 
<li>Now rerun the ls/pvs/vgs/lvs/df commands. What has changed and what caused those changes?</li>
 
<li>Among the changes, note that your root filesystem is now 2GB bigger - and you have not even rebooted your machine!</li>
 
 
</ol>
 
</ol>
  
'''Answer the Investigation 4 observations / questions in your lab log book.'''
+
'''Answer Part 1 observations / questions in your lab log book.'''
  
== Investigation 5: How is LVM managed using system-config-lvm? ==
 
  
'''Perform this investigation on the VM named ''<u>centos2</u>''.'''
+
===Part 2: How do we Manage Runlevels?===
[[Image:Ops235_lab4_1.png|thumb|right|Screenshot of system-config-lvm in CentOS. Click to enlarge.]]
 
# Let's learn to administer (manage) our LVM graphically for our '''centos2''' Virtual Machine.<br />CentOS provides a tool called <code>system-config-lvm</code> to graphically administer LVM. The package is not installed by default, so you will need to install it by issuing: (<code>yum install system-config-lvm</code>).
 
<ol>
 
<li value="2">Use this tool to determine the current LVM configuration by clicking on the appropriate element and reading the properties in the right-hand panel -- write down the answers:
 
<ol type="a">
 
  <li>What are the names and sizes of the '''PV'''s?</li>
 
  <li>What is the name and size of the '''VG'''?</li>
 
  <li>What are the names and sizes of the '''LV'''s?</li>
 
  <li>Is there any space in the VG which is not allocated to a LV?</li>
 
</ol>
 
</li>
 
<li>Increase the size of the home file-system to '''4 GB''':
 
  <ol type="a">
 
  <li>Click on the LV containing the '''home''' filesystem.</li>
 
  <li>Click on ''Edit Properties''.</li>
 
  <li>Change the size to '''4 GB''' and click ''Ok''.</li>
 
  </ol>
 
<li>Create a '''new 3G LV''' (LV Properties: linear) containing an ext4 filesystem named lv_archive and mount it at '''/archive'''
 
  <li>Backup <code>'''/etc'''</code> into <code>'''/archive'''</code></li>
 
</ol>
 
::* Copy the files in /etc into the filesystem mounted at <code>/archive</code><br />(use the graphical tools or the command line. If using cp, remember to use the -R option).
 
<ol>
 
<li value="6">Shrink the size of <code>lv_archive</code> to '''1 GB'''.</li>
 
<li>Try shrinking the home file-system. What happens? Why?</li>
 
</ol>
 
  
'''Answer the Investigation 5 observations / questions in your lab log book.'''
+
Running servers in graphical mode will make your system most likely to be penetrated. The X-windows framework can be vulnerable to attacks when these servers are connected to the Internet. This is why when you install server versions of Linux, they work in text-based mode only. Desktop versions of Linux are then installed on workstations (working in graphical mode) that connect to the server (for security reasons).
  
= Storage Setup (prior to starting Lab 4) =
+
The Linux sysadmin can also change the run-level (or state) of a graphical Linux server to run in text-based mode and run the graphical mode by issuing a command when graphic mode is required. The run-level term is now deprecated in Fedora, and will likely be deprecated in RHEL/CentOS at some point as well, but for now this is what the industry is using.
  
At this point, having completed [[OPS235 Lab 3 - CentOS6|Lab 3]] you should have <u>'''roughly'''</u> the following disk storage setup:<br />
 
('''Note:''' These results are output from the '''vgs''', '''lvs''', and '''pvs''' commands within each virtual machine. You will be using these commands in the following lab investigations)<br /><br />
 
  
* '''centos1'''
 
  
  This VM has a GUI and no free space in the VG.
+
#Perform this part in both your '''centos2''' and '''centos3''' VMs.
+
<ol>
   VG        #PV #LV #SN Attr   VSize VFree
+
   <li value="2">Issue the following Linux command:
   vg_centos1  1   2   0 wz--n- 9.80G   0
+
      <ul>
+
        <li><b><code><span style="color:#3366CC;font-size:1.2em;">runlevel</span></code></b></li>
   LV      VG        Attr   LSize 
+
      </ul>
   lv_root vg_centos1 -wi-ao  8.83G                                   
+
   </li>
   lv_swap vg_centos1 -wi-ao 992.00M                                   
+
   <li>Note the difference in output between '''centos2''' and '''centos3'''.</li>
+
   <li>You can use the '''init''' command to change the current run-level. See a list of runlevels [https://www.centos.org/docs/5/html/5.2/Installation_Guide/s2-init-boot-shutdown-rl.html here].</li><li> Use the '''man''' command to learn how to use the '''init''' command. Use this command to change the current run-level in '''centos2''' to '''3'''. What happened?</li>
  PV        VG        Fmt  Attr PSize PFree
+
   <li>Issue the following Linux command:
   /dev/vda2  vg_centos1 lvm2 a-   9.80G    0
+
    <ul>
 +
      <li><b><code><span style="color:#3366CC;font-size:1.2em;">startx</span></code></b></li>
 +
    </ul>
 +
   </li>
 +
   <li>What happens?</li>
 +
   <li>Log-off your graphical system. You should return to your shell prompt.</li>
 +
   <li>Using systemd requires a different method of setting text mode and graphical mode. You can refer to this link for future reference:
 +
[http://fedoraproject.org/wiki/Systemd#How_do_I_change_the_runlevel.3F How to Change Run-Levels with Systemd]</li><li>Restart your centos2 machine, and make certain that it runs in '''graphical''' mode</li>
 +
   </li>Why would you want to make a graphical Linux system run in text-based mode?</li>
 +
</ol>
  
* '''centos2'''
 
  
  This VM has a GUI and free space in the VG.
+
'''Answer Part 2 observations / questions in your lab log book.'''
 
  VG        #PV #LV #SN Attr  VSize VFree
 
  vg_centos2  1  4  0 wz--n- 19.51g 4.73g
 
 
  LV      VG        Attr  LSize 
 
  lv_archive vg_centos2 -wi-ao---- 1.00g                                           
 
  lv_home    vg_centos2 -wi-ao---- 4.00g                                           
 
  lv_root    vg_centos2 -wi-ao---- 7.81g                                           
 
  lv_swap    vg_centos2 -wi-ao---- 1.97g                                 
 
 
  PV        VG        Fmt  Attr PSize PFree
 
  /dev/vda2  vg_centos2 lvm2 a--  19.51g 4.73g
 
  
* '''centos3'''
 
  
  This VM has no GUI installed.
+
= INVESTIGATION 3: LOOKING AHEAD =
 
  VG        #PV #LV #SN Attr  VSize VFree
 
  vg_centos3  2  3   0 wz--n- 16.50g    0
 
 
  LV      VG        Attr  LSize 
 
  lv_home vg_centos3 -wi-ao----  1.00g                                           
 
  lv_root vg_centos3 -wi-ao----  10.00g                                           
 
  lv_swap vg_centos3 -wi-ao---- 992.00m                                   
 
 
  PV        VG        Fmt  Attr PSize  PFree
 
  /dev/vda3  vg_centos3 lvm2 a--  14.51g 2.54g
 
  /dev/vdb  vg_centos3 lvm2 a--  2.00g 2.00g
 
  
* '''c6host (i.e. "disk pack")'''
+
==Automating Routine Tasks (Shell Scripting)==
 +
{|width="40%" align="right" cellpadding="10"
 +
|- valign="top"
 +
|
 +
{{Admon/tip|Bash Shell Scripting Tips:|<br><ul><li>'''The case statement:'''<br><br>The case statement is a control-flow statement that works in a similar way as the if-elif-else statement (but is more concise). This statement presents scenerios or "cases" based on values or regular expressions (not ranges of values like if-elif-else statements). After action(s) are taken for a particular scenerio (or "case"), a break statement (''';;''') is used to "break-out" of the statement (and not perform other actions). A default case (*) is also used to catch exceptions.<br><br><u>'''Examples (try in shell script):'''</u><br><br>''read -p "pick a door (1 or 2): " pick<br>case $pick in<br>&nbsp; 1) echo "You win a car!" ;;<br>&nbsp; 2) echo "You win a bag of dirt!" ;;<br>&nbsp; *) echo "Not a valid entry"<br>&nbsp;&nbsp;&nbsp;&nbsp; exit 1 ;;<br>esac''<br><br>''read -p "enter a single digit: " digit<br>case $digit in<br>&nbsp; [0-9]) echo "Your single digit is: $digit" ;;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  *)&nbsp;echo "not a valid single digit"<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;  exit 1 ;;<br>esac''<br><br></li><li>'''The getopts function:'''<br><br></li></ul>The getopts function allows the shell scripter to create scripts that accept options (like options for Linux commands). This provides the Linux administrator with scripts that provide more flexibility and versatility. A built-in function called '''getopts''' (i.e. get command options) is used in conjunction with a '''while''' loop and a '''case''' statement to carry out actions based on if certain options are present when the shell script is run. The variable '''$OPTARG''' can be used if an option accepts text (denoted in the getopts function with an option letter followed by a colon. Case statement exceptions use the ''':)''' and '''\?)''' cases for error handling.<br><br>'''<u>Example of getopts</u>''' (try in script and run with options)<br><br>''while getopts abc: name<br>do<br>&nbsp; case $name in<br>&nbsp; &nbsp; a) echo "Action for option \"a\"" ;;<br>&nbsp; &nbsp; b) echo "Action for option \"b\"" ;;<br>&nbsp; &nbsp; c) echo "Action for option \"c\""<br>&nbsp; &nbsp; &nbsp; &nbsp; echo Value is: $OPTARG" ;;<br>&nbsp; &nbsp; :) echo "Error: You need text after -c option"<br>&nbsp; &nbsp; &nbsp; &nbsp; exit 1 ;;<br>&nbsp; &nbsp; \?) echo "Error: Incorrect option"<br>&nbsp; &nbsp; &nbsp; &nbsp; exit 1 ;;<br>esac''<br><br>}}
 +
|}
  
  /dev/sdc3        20G  3.7G  15G  20% /
+
We will now use shell scripting to help automate the task for a Linux adminstrator to create regular user accounts.
  /dev/sdc2        29G  4.7G  23G  18% /home
 
  /dev/sdc1        97G  48G  45G  52% /var/lib/libvirt/images
 
  
= Logical Volume Management (Continued) =
 
  
{{Admon/note|Recovering VMs|'''Most of these investigations will take place in you virtual machines.''' If you make a significant mistake, your virtual machine may not boot. Remember that you created backups of your virtual machines in Lab 3, and you can '''restore them if something goes wrong'''.}}
+
#Download, study, and run the following shell script. Issue the command:<br><b><code><span style=" pointer-events:none;cursor:default;color:#3366CC;font-size:1.2em;">wget https://scs.senecac.on.ca/~murray.saul/user-create.bash</span></code></b>
 +
#Try to understand what these Bash Shell scripts do, and then run the script as root. After running the shell script, view the contents of the '''/home''' directory to confirm.
  
== Resources ==
 
  
Please read this page to get an overview of LVM:
+
Although the '''zenity''' command is a "user-friendly" way to run shell scripts, Linux administrators usually create shell scripts that resemble common Linux commands. In this lab, you will learn to create a shell script using the getopts function to make your shell script behave more like actual Linux commands (including the use of options). Refer to the notes section on the right-hand-side for reference about the '''case''' statement and the '''getopts''' function.
[http://zenit.senecac.on.ca/wiki/index.php/Logical_Volume_Management Logical Volume Management]
 
  
It is recommended to open another window(eg. '''right-click''', '''open in new tab or window''') to make reference to view LVM commands as you perform investigations 1 to 3.
 
  
== Investigation 1: How are LVMs are managed using Command-Line Tools  ==
+
<ol><li value="3">Open a Bash shell terminal and login as root.</li><li>Use the wget command to download the input file called user-data.txt by issuing the command:<br><b><code><span style="color:#3366CC;font-size:1.2em;">wget https://scs.senecac.on.ca/~murray.saul/user-data.txt</span></code></b></li><li>View the contents on the user-data.txt file to confirm there are 3 fields (username, fullname, and e-mail address)which are separated by the colon (:) symbol.<li><li>Use a text editor (such as <b><code><span style="color:#3366CC;font-size:1.2em;">vi</span></code></b> or <b><code><span style="color:#3366CC;font-size:1.2em;">nano</span></code></b>) to create a Bash Shell script called: <b><code><span style="color:#3366CC;font-size:1.2em;">createUsers.bash</span></code></b> in /root's home directory.</li><li>Enter the following text content into your text-editing session:</li></ol>
# You are going to repeat the same LVM management operations (as your did with the ''centos2'' VM in '''lab3'''), but you will using command-line tools in the '''centos3''' VM. Since the centos3 VM only operates in command-line mode, you will need to refer to the '''"Logical Volume Management"''' link above.
+
<code style="color:#3366CC;font-family:courier;font-size:.9em;margin-left:20px;">
# Write down the exact commands used at each step, and record appropriate command output:
+
<br>
:: a. Determine the current LVM configuration using the <code>pvs</code>, <code>vgs</code>, and <code>lvs</code> commands.
+
&#35;!/bin/bash <br>
:: b.Grow the home filesystem to 2G using the command <code>lvextend</code> and <code>resize2fs</code>.
+
<br>
:: c.Create a new 2G LV containing an ext4 filesystem and mount it at /archive (use <code>mkdir</code>, <code>lvcreate</code>, <code>mkfs</code>, <code>mount</code>, edit the file <code>/etc/fstab</code> (read the resource: [https://wiki.archlinux.org/index.php/fstab https://wiki.archlinux.org/index.php/fstab] ), and then reboot to confirm automatic mount).
+
&#35; createUsers.bash<br>
:: d.Copy the contents of <code>/etc</code> into <code>/archive</code>.
+
&#35; Purpose: Generates a batch of user accounts (user data stored in a text file)<br>
:: e.Shrink <code>lv_archive</code> to 1G (use <code>umount</code>, <code>resize2fs</code>, <code>lvreduce</code>,  and <code>mount</code>)
+
&#35;<br>&#35; USAGE:<br>
 +
&#35;<br>&#35; /root/createUsers.bash [-i {input-path}] <br>
 +
&#35;<br>
 +
&#35; Author: *** INSERT YOUR NAME ***<br>
 +
&#35; Date:   *** CURRENT DATE ***<br>
 +
<br>
 +
if [ $PWD != "/root" ]  # only runs if in root's home directory<br>
 +
then<br>&nbsp;echo "You must be in root's home directory." >&2<br>
 +
&nbsp;exit 1<br>
 +
fi<br>
 +
if [ "$#" -eq 0 ] #  if no arguments after command<br>
 +
then<br>
 +
&nbsp;echo "You must enter an argument" >&2<br>
 +
&nbsp;echo "USAGE: $0 [-i {input-path}]" >&2<br>
 +
&nbsp;exit 2<br>
 +
fi<br>
 +
</code>
 +
<br>
 +
<ol><li value="6">Save your editing session, but remain in the text editor.</li><li>The code displayed below uses the getopt function set the input file pathname or check for invalid options or missing option text. Add the following code</li></ol>
 +
<br>
 +
<code style="color:#3366CC;font-family:courier;font-size:.9em;">
 +
<br>
 +
outputFlag="n"<br>
 +
while getopts i: name<br>
 +
do<br>
 +
&nbsp;case $name in<br>
 +
&nbsp; &nbsp;i) inputFile=$OPTARG ;;<br>
 +
&nbsp; &nbsp;:) echo "Error: You need text after options requiring text"<br>
 +
&nbsp; &nbsp; &nbsp; &nbsp;exit 1 ;;<br>
 +
&nbsp; &nbsp;\?) echo "Error: Incorrect option"<br>
 +
&nbsp; &nbsp; &nbsp; &nbsp; exit 1 ;;<br>
 +
&nbsp;esac<br>
 +
done<br>
 +
</code>
 +
<ol><li value="6">Save your editing session, but remain in the text editor.</li><li>The code displayed below uses logic to exit the script if the input file does not exist. Command substitution is used to store each line of the input file as a positional parameter. There is one subtle problem here: The full names of the users contain spaces which can create havoc when trying to set each line as a separate positional parameter. In this case the sed command is used to convert spaces to plus signs (+), which will be converted back later. Finally, a '''for''' loop is used to create each account ('''useradd''') and mail the user their account information ('''mail'''). Add the following code:</li></ol>
 +
<br>
 +
<code style="color:#3366CC;font-family:courier;font-size:.9em;">
 +
<br>
 +
if [ ! -f $inputFile ]<br>
 +
then<br>
 +
&nbsp; echo "The file pathname \"$inputFile\" is empty or does not exist" >&2<br>
 +
&nbsp; exit 2<br>
 +
fi<br>
 +
<br>
 +
set $(sed 's/ /+/g' $inputFile)  # temporarily convert spaces to + for storing lines as positional parameters<br>
 +
<br>
 +
for x<br>
 +
do<br>
 +
&nbsp; &nbsp; useradd -m -c "$(echo $x | cut -d":" -f2 | sed 's/+/ /g')" -p $(date | md5sum | cut -d" " -f1) $(echo $x | cut -d":" -f1)<br>
 +
&nbsp; &nbsp; mail -s "Server Account Information" $(echo $x | cut -d":" -f3) <<+<br>
 +
&nbsp; &nbsp; Here is your server account information:<br>
 +
&nbsp; &nbsp; servername: myserver.senecac.on.ca<br>
 +
&nbsp; &nbsp; username:  $(echo $x | cut -d":" -f1)<br>
 +
&nbsp; &nbsp; password: $(date | md5sum | cut -d" " -f1)<br>
 +
&nbsp; &nbsp; Regards,<br>
 +
&nbsp; &nbsp; IT Department<br>
 +
+<br>
 +
done<br>
 +
<br>
 +
echo -e "\n\nAccounts have been created\n\n"<br>
 +
exit 0<br>
 +
</code>
  
== Investigation 2: How can a PV be added to an existing VG using Command-Line Tools? ==
+
<ol>
# Add an additional 2 GB virtual disk to your ''<u>centos1</u>'' system, we will use it as an additional physical volume.
+
<li value="8">Save, set permissions, and then run that shell script for the input text file '''user-data.txt'''. Did it work? Try running the script without an argument - What did it do? </li><li>You have completed lab4. Proceed to Completing The Lab, and follow the instructions for "lab sign-off".</li></ol>
# Do the rest of this investigation in the command line.
 
# You should now have both <code>/dev/vda</code> and <code>/dev/vdb</code>.
 
# Record the size of the volume group and the amount of free space (Hint: use a command that you learned in a previous lab).
 
# Read the resource [http://tldp.org/HOWTO/Partition/fdisk_partitioning.html Partitioning with fdisk] to learn how to properly create a partition with the fdisk command.
 
# Use fdisk to partition /dev/vdb with a Linux single partition that fills the whole disk.
 
# Check the messages printed when <code>fdisk</code> exits -- you may need to reboot the system in order for the new partition table to take effect.
 
# Mark ''vdb1'' as a physical volume usable by LVM.
 
# Add the new physical volume to the existing volume group.
 
# Verify that the volume group is larger and has more free space.
 
 
 
{{Admon/note|Think!|The next part of this investigation requires some research, thought, and creativity.}}
 
'''Using that additional space, create a separate filesystem for <code>/home</code>:'''
 
# Create the logical volume <code>lv_home</code> (1G ext4)
 
# Find a way to move the contents of <code>/home</code> onto it.
 
# Change your system configuration so that the new filesystem is mounted on <code>/home</code> from now on.
 
 
 
{{Admon/tip|SELinux relabelling may be required|Your system may report that the files are not present in the new /home filesystem when they are clearly there. This is due to the Security-Enhanced Linux system (SELinux) preventing access to the files, because the files were tampered with (moved) and are no longer recognized as home directory content. You can fix this problem by restoring the file context labels so that SELinux accepts the files as valid home directory content: <code>restorecon -r /home</code>}}
 
 
 
== Investigation 3: How can I use fdisk to manage storage on my disk pack? ==
 
'''On your <u>c6host</u> (i.e. "disk pack"), using your choice of the GUI and/or command-line tools:'''
 
# Create a new partition or logical drive ('''NOT a logical volume!''') - minimum 5G, leaving at least 10G free space in the extended partition.
 
# Format that partition (i.e. put a filesystem on it).
 
# Make sure it's mounted automatically on a mountpoint of your choosing (easiest is to create a new directory for a mountpoint).
 
 
 
= Updated backup instructions =
 
 
 
If you completed this lab correctly - please make sure you are still making full backups of your virtual machines.
 
 
 
Remember adding a new harddrive to centos3? You will need to back up that drive as well. If you don't - you will only have half of your machine backed up, which is of no use for a recovery.
 
 
 
 
 
 
 
 
 
==Resources on the web==
 
Additional links to tutorials and HOWTOs:
 
* [http://www.centos.org/docs/2/rhl-gsg-en-7.2/s1-zip-tar.html archiving with tar, gzip, gunzip]
 
* [[init vs systemd]]
 
* [https://wiki.debian.org/Debate/initsystem/upstart init vs systemd vs upstart]
 
* [https://www.centos.org/docs/5/html/5.2/Installation_Guide/s2-init-boot-shutdown-rl.html Runlevels]
 
 
 
 
 
 
 
 
 
==Completing the Lab==
 
  
Arrange evidence for each of these items on your screen, then ask your instructor to check each item:
+
'''Answer Investigation 3 observations / questions in your lab log book.'''
  
# Compressed files:  <code>/tmp/archive1.tar.gz</code> and <code>/tmp/archive2.tgz</code>
+
= LAB 4 SIGN-OFF (SHOW INSTRUCTOR) =
#<code>nled</code> application is installed
+
{{Admon/important|Time for a new backup!|If you have successfully completed this lab, make a new backup of your virtual machines. Remember to also make a backup of the new second virtual disk drive on ''centos1'' -- you now have two virtual disks on ''centos1'', and therefore two image files, and therefore will need two backup files.}}
#Lab5 notes how to use service/chkconfig commands
 
#VMs backed-up
 
  
= Preparing for Quizzes =
+
'''Arrange proof of the following on the screen:'''
  
# What is a VG? PV? LV?
+
::<span style="color:green;font-size:1.5em;">&#x2713;</span> Account created on '''centos1''' VM.
# What commands are used to determine VG / PV / LV information?
+
::<span style="color:green;font-size:1.5em;">&#x2713;</span> List contents of '''/etc/group''' file (ops235 group) on '''centos1''' VM.
# What does yum do that rpm does not?
+
::<span style="color:green;font-size:1.5em;">&#x2713;</span> List contents of '''/etc/passwd''' file (created accounts) on '''centos1''' VM.
# List the steps to install a package via rpm command.
+
::<span style="color:green;font-size:1.5em;">&#x2713;</span> Display current run-level status on '''centos2''' VM.
# List the steps to determine detailed information regarding an install package.
+
::<span style="color:green;font-size:1.5em;">&#x2713;</span> Creation of your bash shell script called '''createUsers.bash'''
# List the steps to remove a package via rpm command.
 
# List the steps to install a package using the yum command.
 
# List the steps to remove a package using the yum command.
 
# What is the total size of the "main" VG on your system?
 
# How do you create a LV?
 
# How do you delete an LV?
 
# How would you increase the size of the root filesystem by 50 MB?
 
  
 +
= Preparing for the Quizzes =
  
 +
# Describe all of the field in <code>'''/etc/passwd'''</code>
 +
# What is the command to create a user? What option to create a home directory for that user?
 +
# What is the command to change the full name of an already-created user?
 +
# What is the command to delete a user account? What option allows for the user's home directory to be removed as well?
 +
# What is the command to create a group? What is the command (or steps) to include a user in a newly-created group?
 +
# What is the purpose of <code>'''/etc/shadow'''</code>?
 +
# What is the purpose of <code>'''/etc/skel'''</code>?
 +
# What does the term run-level mean?
 +
# How to set the run-level of a Linux system to text-based only? How to set to graphical mode?
 +
# What is the command to view the status of running services?
 +
# What is the command to start a service (like httpd, or sshd)?
 +
# What is the command to start a service?
 +
# Can a service be stopped and started by issuing just one command?
  
{{Admon/important | Backup your work |Backup your disk images for centos2 and centos3 Virtual Machines.}}
+
[[Category:OPS235]]
 +
[[Category:OPS235 Labs]]

Revision as of 05:32, 2 May 2015


LAB PREPARATION

Purpose / Objectives of Lab 1

There are many other tasks that a Linux system administrator must perform other than installing Linux and installing software.

A few additional tasks are user management and managing services.


Main objectives:

  • Administer (add, remove, modify) users on a Linux system.
  • Save time while adding new users using a template of start-up files.
  • Create and manage groups on a Linux system.
  • Start and Stop services on a Linux system.
  • Display the status of running services on a Linux system.


Minimum Required Materials

Removable Hard Disk Pack (SATA)
USB key
(for backups)
Lab4 Log Book

My Toolkit (CLI Reference)

User Management:

useradd
userdel
usermod
groupadd
groupdel

Managing Services

chkconfig
service
systemctl

Miscellaneous

/etc/passwd
/etc/group
/etc/shadow
/etc/skel
init vs systemd


INVESTIGATION 1: User/Group Management

User account management is a very important operation that a Linux sysadmin does on a consistent basis. The sysadmin not only needs to add or remove user accounts by issuing commands, but may need to automate user account creations a large number (batch) of potential employees. There are many features with the Linux command to create new users including: specification of a home directory, type of shell used, name, password and time-limit (referred to as "aging") for a new user account. Remove user accounts also have options such as removing the user account but keeping the home directory for reference or evidence of "wrong-doing"

In your ULI101 course, you learned to change permissions for directories and files relating to user, same group members and other group members. In this course, since you are the sysadmin with root privileges, you can create or remove groups as well as change the ownership of directories and files! We will now learn to perform key user account management operations in this section.

Part 1: The /etc/passwd file

  1. Look at the /etc/passwd file.
  2. Make note of the contents of that file.
  3. Read about the file: http://man7.org/linux/man-pages/man5/passwd.5.html
  4. Make sure you know what information each field contains.
  5. Why do you think there are so many users?
  6. Look at the names of the users. What do you think these user names represent? Are they people?
  7. What is the numeric user ID (UID) of the root user?
  8. The user IDs of real users (people) are different from the user IDs of system accounts. What is the pattern?

Answer the Part 1 observations / questions in your lab log book.

Part 2: Adding users

  1. Perform this part in your centos1 VM.
  2. Read the man page for the useradd command.
  3. Create three fictitious users (make-up their userids and full names. Give each of these newly-created users a password.
  4. Grep the /etc/passwd file for each of the new users.
    • What is the home directory of each user?
    • What group is each user in?
    • What other information can you provide regarding these users?
    • Where are the passwords stored?
  5. Look at the man page for /etc/shadow using the command: man 5 shadow
    • Grep the /etc/shadow file for each of the new users.
    • Make note of this information.
  6. Create two new dummy users, ops235_1 and ops235_2.
  7. Investigate the home directory of one of your new users.
    • What files are there? Be sure to include hidden files.
    • What do you think these files are used for?
    • How does the operating system determine which files are created in a new home account? The answer can be found here:
      http://www.linuxhowtos.org/Tips%20and%20Tricks/using_skel.htm
    • Look at the files (including hidden files) in the template directory referred to in the article. Compare them to what is in a home directory for a new user. What do you notice?
    • Create a new file in this directory with the following command: touch foo
    • Create a new user named foobar, with the option to automatically create a home directory.
    • Look at the contents of foobar's home directory. What do you notice?
  8. Be sure to record your observations in your lab notes.
  9. Issue the man pages for the useradd command. Explain the purpose of using the -e option for the useradd command. Try to think what would be the purpose for a Linux sysadmin to use this option when creating new users.

Answer the Part 2 observations / questions in your lab log book.

Part 3: Managing Groups

  1. Remain in your centos1 VM for this section.
  2. Read the man page for the groupadd and groupdel commands.
  3. Note which option allows you to set the Group ID number (GID) when you create a new group.
  4. Examine the file /etc/group
    • Which values of GID are reserved for system accounts?
    • Which values of GID are reserved for non-system user accounts?
    • What is the lowest available GID number for non-system users?
    • What is the default group name of a new user?
    • Add a new group named ops235 with a GID of 600.
    • The management at your organization have concerns regarding some irresponsible users on your system.
      • Add a new group named investigation.
      • Look at /etc/group and note the GID of group called investigation.
      • What GID is given to a new group if you do not specify it?
      • In the file, add those users to the end of the concerned group (separate each user-name with a comma).
      • Those individuals have explained their actions to management and the crisis has been resolved. Delete the investigation group.
      • Look at /etc/group again and note the change.

Answer the Part 3 observations / questions in your lab log book.

Part 4: Deleting / Modifying Users

  1. Remain in your centos1 VM for this section.
  2. Read the man page for the userdel command. Note which option automatically removes the users home directory when that user is deleted.
  3. Delete the user ops235_1 using the command userdel ops235_1
  4. Delete the user ops235_2 using the same command with the option which removes the home directory of the user.
  5. Check the contents of the /home directory. What do you notice?
  6. Check the contents of the /etc/group file. What do you notice?
  7. Read the man page for the usermod command. Note which options change the user's full name, primary group, supplementary groups, and shell.
  8. Create a new user account called noobie for the employee: "Really Green" . Assign a password for that newly created user.
  9. Management has indicated that this employee be on on probation for 3 months. Use the usermod command to set the account for noobie to expire in 3 months from this day as part of the security policy of this organization.
  10. Add each of your new users to the group ops235 (in other words, add ops235 to each user as a supplementary group).
  11. Examine /etc/group. What has changed?
  12. Use the usermod command to change the full name of the user account noobie from "Really Green" to "Outstanding Employee". Examine the result of running that command in the /etc/passwd file. What has changed?
  13. Use the usermod command to extend the use of their account for 5 years as of today.
  14. Be sure to record your observations in your lab notes.

Answer the Part 4 observations / questions in your lab log book.

INVESTIGATION 2: Managing System Services and Run-levels

Many students may think that the following topic is small and "not a big deal". Those students may say, "How hard is running and stopping services?"

The process may not be hard, but knowing how to stop, start, restart and check the status of services is absolutely critical to a Linux server. Aside from learning to trouble-shoot problems by checking the status of running services, understanding how to manage services is critical to help protect a Linux server from penetration (this term is referred to as "Hardening a system"). Sometimes it is "what we don't know" that can harm us. One key element in hardening a computer system is to disable non essential networkng services to allow IDSs (Intrusion Detection Systems) to focus on a narrower range of policy violations. A Debian-based penetration testing distribution called Kali (formerly referred to as BackTrax) allows sysadmins and security professionals to identify vulnerabilities in their computer systems, and thus improve (harden) their systems against penetration. Learning to monitor the status, enable and disable networking services underlies the Backtrax motto:

"The quieter you are, then more you will hear..."

Part 1: How do we Manage System Services?

We have seen that maintaining unneeded packages can be a security risk due to the unnecessary increase in the complexity of your system. Similarly, it is also unnecessarily hazardous, and even more so, to leave unneeded services running. In this investigation, we will learn how to control services, and turn off those services that we think are not necessary to help reduce security risks.}}

  1. Use your centos2 VM for this part.
  1. Use the man pages to learn about the service command.
  2. Issue the following Linux command:
    • service --status-all
  3. Note the services that are currently running.
  4. Use the command service iptables stop to stop the service named iptables
  5. Run a command to verify that the iptables service has stopped.
  6. A newer method of managing services is by using systemd. It has the ability to manage dependent service in parallel and allow one service to be stopped without disrupting the other services. Here is a link that briefly explains how to use systemd (as opposed to tradition method: init) and the systemctl command: init vs systemd
  7. If you reboot now - the iptables service will be turned back on. We don't want it on though, it causes students headaches. To turn it off permanently we need to use the chkconfig command:
    chkconfig iptables off
  8. Use the systemctl command (from the link above - showing examples) to verify that the iptables service is off (hint: issue command, and pipe to grep "iptables").
  9. Reboot and confirm that it's no longer running.

Answer Part 1 observations / questions in your lab log book.


Part 2: How do we Manage Runlevels?

Running servers in graphical mode will make your system most likely to be penetrated. The X-windows framework can be vulnerable to attacks when these servers are connected to the Internet. This is why when you install server versions of Linux, they work in text-based mode only. Desktop versions of Linux are then installed on workstations (working in graphical mode) that connect to the server (for security reasons).

The Linux sysadmin can also change the run-level (or state) of a graphical Linux server to run in text-based mode and run the graphical mode by issuing a command when graphic mode is required. The run-level term is now deprecated in Fedora, and will likely be deprecated in RHEL/CentOS at some point as well, but for now this is what the industry is using.


  1. Perform this part in both your centos2 and centos3 VMs.
  1. Issue the following Linux command:
    • runlevel
  2. Note the difference in output between centos2 and centos3.
  3. You can use the init command to change the current run-level. See a list of runlevels here.
  4. Use the man command to learn how to use the init command. Use this command to change the current run-level in centos2 to 3. What happened?
  5. Issue the following Linux command:
    • startx
  6. What happens?
  7. Log-off your graphical system. You should return to your shell prompt.
  8. Using systemd requires a different method of setting text mode and graphical mode. You can refer to this link for future reference: How to Change Run-Levels with Systemd
  9. Restart your centos2 machine, and make certain that it runs in graphical mode
  10. Why would you want to make a graphical Linux system run in text-based mode?


Answer Part 2 observations / questions in your lab log book.


INVESTIGATION 3: LOOKING AHEAD

Automating Routine Tasks (Shell Scripting)

Idea.png
Bash Shell Scripting Tips:

  • The case statement:

    The case statement is a control-flow statement that works in a similar way as the if-elif-else statement (but is more concise). This statement presents scenerios or "cases" based on values or regular expressions (not ranges of values like if-elif-else statements). After action(s) are taken for a particular scenerio (or "case"), a break statement (;;) is used to "break-out" of the statement (and not perform other actions). A default case (*) is also used to catch exceptions.

    Examples (try in shell script):

    read -p "pick a door (1 or 2): " pick
    case $pick in
      1) echo "You win a car!" ;;
      2) echo "You win a bag of dirt!" ;;
      *) echo "Not a valid entry"
         exit 1 ;;
    esac


    read -p "enter a single digit: " digit
    case $digit in
      [0-9]) echo "Your single digit is: $digit" ;;
             *) echo "not a valid single digit"
                 exit 1 ;;
    esac


  • The getopts function:

The getopts function allows the shell scripter to create scripts that accept options (like options for Linux commands). This provides the Linux administrator with scripts that provide more flexibility and versatility. A built-in function called getopts (i.e. get command options) is used in conjunction with a while loop and a case statement to carry out actions based on if certain options are present when the shell script is run. The variable $OPTARG can be used if an option accepts text (denoted in the getopts function with an option letter followed by a colon. Case statement exceptions use the :) and \?) cases for error handling.

Example of getopts (try in script and run with options)

while getopts abc: name
do
  case $name in
    a) echo "Action for option \"a\"" ;;
    b) echo "Action for option \"b\"" ;;
    c) echo "Action for option \"c\""
        echo Value is: $OPTARG" ;;
    :) echo "Error: You need text after -c option"
        exit 1 ;;
    \?) echo "Error: Incorrect option"
        exit 1 ;;
esac


We will now use shell scripting to help automate the task for a Linux adminstrator to create regular user accounts.


  1. Download, study, and run the following shell script. Issue the command:
    wget https://scs.senecac.on.ca/~murray.saul/user-create.bash
  2. Try to understand what these Bash Shell scripts do, and then run the script as root. After running the shell script, view the contents of the /home directory to confirm.


Although the zenity command is a "user-friendly" way to run shell scripts, Linux administrators usually create shell scripts that resemble common Linux commands. In this lab, you will learn to create a shell script using the getopts function to make your shell script behave more like actual Linux commands (including the use of options). Refer to the notes section on the right-hand-side for reference about the case statement and the getopts function.


  1. Open a Bash shell terminal and login as root.
  2. Use the wget command to download the input file called user-data.txt by issuing the command:
    wget https://scs.senecac.on.ca/~murray.saul/user-data.txt
  3. View the contents on the user-data.txt file to confirm there are 3 fields (username, fullname, and e-mail address)which are separated by the colon (:) symbol.
  4. Use a text editor (such as vi or nano) to create a Bash Shell script called: createUsers.bash in /root's home directory.
  5. Enter the following text content into your text-editing session:


#!/bin/bash

# createUsers.bash
# Purpose: Generates a batch of user accounts (user data stored in a text file)
#
# USAGE:
#
# /root/createUsers.bash [-i {input-path}]
#
# Author: *** INSERT YOUR NAME ***
# Date: *** CURRENT DATE ***

if [ $PWD != "/root" ] # only runs if in root's home directory
then
 echo "You must be in root's home directory." >&2
 exit 1
fi
if [ "$#" -eq 0 ] # if no arguments after command
then
 echo "You must enter an argument" >&2
 echo "USAGE: $0 [-i {input-path}]" >&2
 exit 2
fi

  1. Save your editing session, but remain in the text editor.
  2. The code displayed below uses the getopt function set the input file pathname or check for invalid options or missing option text. Add the following code



outputFlag="n"
while getopts i: name
do
 case $name in
   i) inputFile=$OPTARG ;;
   :) echo "Error: You need text after options requiring text"
       exit 1 ;;
   \?) echo "Error: Incorrect option"
        exit 1 ;;
 esac
done

  1. Save your editing session, but remain in the text editor.
  2. The code displayed below uses logic to exit the script if the input file does not exist. Command substitution is used to store each line of the input file as a positional parameter. There is one subtle problem here: The full names of the users contain spaces which can create havoc when trying to set each line as a separate positional parameter. In this case the sed command is used to convert spaces to plus signs (+), which will be converted back later. Finally, a for loop is used to create each account (useradd) and mail the user their account information (mail). Add the following code:



if [ ! -f $inputFile ]
then
  echo "The file pathname \"$inputFile\" is empty or does not exist" >&2
  exit 2
fi

set $(sed 's/ /+/g' $inputFile) # temporarily convert spaces to + for storing lines as positional parameters

for x
do
    useradd -m -c "$(echo $x | cut -d":" -f2 | sed 's/+/ /g')" -p $(date | md5sum | cut -d" " -f1) $(echo $x | cut -d":" -f1)
    mail -s "Server Account Information" $(echo $x | cut -d":" -f3) <<+
    Here is your server account information:
    servername: myserver.senecac.on.ca
    username: $(echo $x | cut -d":" -f1)
    password: $(date | md5sum | cut -d" " -f1)
    Regards,
    IT Department
+
done

echo -e "\n\nAccounts have been created\n\n"
exit 0

  1. Save, set permissions, and then run that shell script for the input text file user-data.txt. Did it work? Try running the script without an argument - What did it do?
  2. You have completed lab4. Proceed to Completing The Lab, and follow the instructions for "lab sign-off".

Answer Investigation 3 observations / questions in your lab log book.

LAB 4 SIGN-OFF (SHOW INSTRUCTOR)

Important.png
Time for a new backup!
If you have successfully completed this lab, make a new backup of your virtual machines. Remember to also make a backup of the new second virtual disk drive on centos1 -- you now have two virtual disks on centos1, and therefore two image files, and therefore will need two backup files.

Arrange proof of the following on the screen:

Account created on centos1 VM.
List contents of /etc/group file (ops235 group) on centos1 VM.
List contents of /etc/passwd file (created accounts) on centos1 VM.
Display current run-level status on centos2 VM.
Creation of your bash shell script called createUsers.bash

Preparing for the Quizzes

  1. Describe all of the field in /etc/passwd
  2. What is the command to create a user? What option to create a home directory for that user?
  3. What is the command to change the full name of an already-created user?
  4. What is the command to delete a user account? What option allows for the user's home directory to be removed as well?
  5. What is the command to create a group? What is the command (or steps) to include a user in a newly-created group?
  6. What is the purpose of /etc/shadow?
  7. What is the purpose of /etc/skel?
  8. What does the term run-level mean?
  9. How to set the run-level of a Linux system to text-based only? How to set to graphical mode?
  10. What is the command to view the status of running services?
  11. What is the command to start a service (like httpd, or sshd)?
  12. What is the command to start a service?
  13. Can a service be stopped and started by issuing just one command?