Rhcsa Linux

LINUX
One Linux Tutorial Illiterate Become

An Expert At Weeks Time
BY ARK · PUBLISHED JULY 25, 2017 · UPDATED SEPTEMBER 11, 2017
If your Looking for an Linux Tutorial, start learning from scratch you are in correct
place. This Page is the central linking to learn/navigate to required articles. That’s
why i say One Linux Tutorial Illiterate Become An Expert At Weeks Time. Are
you ready to rock..!!
RHEL 5/6 Tutorial Step by step Guide PDF Download this guide for older versions
One Linux Tutorial

Basically what you should learn to survive in current industry from Linux
prospective is very simple. Understand What is Linux Operating System, How
Linux works, Basic Linux commands to create, delete, move files and directories.
Directory structure (File System Hierarchy). Linux Operating System Installation
using CD/DVD and also from Network Installation (Kickstart / PXE Boot). A Few
Text Editors to Create/Edit/Modify Configuration Files.
User Administration to Create / Modify and Remove Users and Groups. File
Linking what is soft link and hard link. Process Management (How process is
running and managing them). Understanding of System Utilization and analyzing
performance using top command. Locating / Searching Files and Directories.
Copying Files from One server to another server using scp command. Scheduling
future tasks (Automatic execution of scripts). Create File Systems, Mounting them,
increasing/decreasing based on requirement.
LVM (Logical Volume Manager), Installing, Updating, Removing and Upgrading
Red Hat Packages (RPM), Configuring IPv4 Networking assigning IP Address,
Network Teaming/Bonding Disk Management quota’s, Finally A few Servers Like
NFS, SMB (Samba), FTP, Web Server (HTTP / HTTPS), iSCSI Server, MariaDB
Or MySQL, SysLog Server, NTP Server, DHCP and DNS.
When you see all of the above so many things..!!! but eventually you feel like so
easy just follow all below provide links one by one Linux tutorial.
Requirements for Learning Linux
 One Computer/Laptop with at least 6GB RAM, Dual Core Processor,
250GB HDD and VT (Virtualization Technology) Enabled
 VMware Workstation Or Oracle virtual Box Software
 Download RHEL ISO
 Intention to Learn / Spending time
Now Your Almost ready with required things follow below topics one by one
Linux tutorial
Introduction To Linux Tutorial Operating System
ls Command with 25 Practical Examples
Installing Linux Operating System Step by Step Guide (RHEL 7.3)
Installing and Configuring IPA Server for Linux Lab Setup at Home
Creating and Managing Files & Directories From CLI
25 Linux Basic Commands you must Learn
Get Help From Command Line Interface ( Whatis, Whereis, Man, Help, Info
and –help )
Edit, View Text Files Using Nano Text Editor
Linux Directory Structure (File System Hierarchy)
User Administration Create, Modify and Remove Users and Groups
Controlling Services and Daemons Systemctl
IPv4 Linux Networking
SSH Server Installation in RHEL 7 / Centos 7
Listing and Managing Linux Processes
Prioritize Process Execution
Syslog Server and Client configuration
Archiving and Compressing Files Using tar and zip Commands
Copying Files and Directories from One Server to Another Server
Local YUM Server Configuration RHEL 7
One Linux Tutorial Illiterate Become An
Expert
Configuring Centralized YUM Repository Using FTP / HTTP
FTP Server Installation and Configuration VSFTPD
Searching files and directories using find command
Managing of physical storage – Creating Standard Partitions
Creating and Managing LVM’s – Logical Volume Manager
ACL – Access Control List in RHEL 7
Scheduling of future Linux tasks using at and Crontab
Deep Dive into Crontab in Linux Tutorial
SELinux Overview
NFS Server and Client in RHEL 7
Firewalld / Iptables – configuring and managing rules
Securing the NFS using kerberos
Adding server as LDAP client
Samba Server Installation and Configuration Step by Step Guide
Samba Multi-user Access Shares
Using Virtualized systems – Kernel-Based Virtual Machines
Major Part Linux Tutorial You have Completed by Reading Above Content Just
Few Steps to Complete One Linux Tutorial You will become an Expert.
Continue One Linux Tutorial

Automated OS installation – Using PXE Boot Server
OS Installation Through Auto Answer File
Linux booting process Ultimate Guide
Recovering forgotten root password Method-1
Reset forgotten root password method-2
MariaDB Installation and Configuration
Using regular expressions with grep command
DHCP Server Configuration RHEL 7 Tutorial
MAC Address Reservation – MAC Binding DHCP
Master DNS server RHEL 7 Tutorial
Web / Httpd/ Apache Server RHEL 7
Making secure web server (https) SSL enabled web server
Time synchronizing using NTP server and client
Perform simple SQL queries against a database
iSCSI Server to Convert Linux Machine Like SAN Storage
Use network teaming or bonding to configure aggregated network links
Introduction to Linux Operating

System RHEL 7/Centos 7
BY ANKAM RAVI KUMAR · PUBLISHED SEPTEMBER 21, 2015 · UPDATED AUGUST 7, 2016
Introduction to Linux Operating

system RHEL 7/Centos 7
UNIX is the first Operating system in the world, developed by Kem Thompson and
Dennis Ritchie in 1969 at Bell Lab by AT&T Company
 IBM : AIX
 SGI : IRIX
 Sun : Solaris
Free software foundation organization, they start a project by name GNU. The
main aim of this project is to develop such an operating system that can run on any
platform.
In 1991, a student Linuz Torvalds developed a kernel named Linux’s kernel plus
GNU application called Linux operating system.
Linux is an open source technology.
Different companies that provide Linux in Market are Redhat, Fedora, Ubuntu,
SuSe, Scientific, Centos, and Knoppix etc.
Features:
 Linux is the fastest Operating system in the world. It runs 2 to 3 times fast
than windows OS.
 Linux is the much secured OS because there is no any problem of virus.
 Linux file format is text format and windows file format is binary format.
 Linux is very reliable OS because kernel of Linux is very stable as compare
to windows kernel not crashed easily.
 Kernel of Linux is very small in size it can be stored in floppy.
 Linux uses the x-Window system which is advanced network windowing
system. Using this system we can display output of any workstation monitor
attached in the network.
Advantages:
 Virus Proof
 Crash Proof
 Economical
 Multiuser, Multi-Tasking and Multi processing capacity
Login Modes:
Two modes:
1.Text mode (CLI)
2.Graphical Mode (GUI)
Login to Text mode we have use (Ctrl+Alt+F1…..F6, F8….F12) (Ctrl+Alt+F7) for
Graphical Mode
Linux is mostly used by internet servers and database servers. It is a very efficient
multi-user and multi-taking operating system traditionally used by large companies
and educational institutions.
It is scalable from a small system to enterprise level system, which makes it
suitable for anyone looking for low cost, reliable operating system.
For programmers it has more and more built-in utilities / tools, programmable shell
and a straight forward structure which is very easy to compile/produce complex
programs.
Linux Operating systems has CLI and GUI interfaces to work on. For end users /
Beginners they can make use of GUI interface to work. The GUI interface called as
X windows and it supports many business applications and games
ls command with 25 practical

examples – RHEL7
BY ANKAM RAVI KUMAR · PUBLISHED JANUARY 11, 2016 · UPDATED MAY 18, 2017
ls command with 25 practical

examples – RHEL7
ls command is used to list information about the FILEs (the current directory by
default). Sort entries alphabetically if none of -cftuvSUX nor –sort is specified. ls
command with 25 practical examples
Syntax : ls [options] arguments
1. Listing current directory content

we can list out all files and directories in current path using ‘ls’ without hidden
directories
[root@TechTutorial ~]# ls
a anaconda-ks.cfg arkitsample.txt ARKIT.txt b c dir1 dir2 initial-setup-

ks.cfg techtutorial
2. Listing including hidden files

default ls command will not list hidden objects, in order to see the hidden objects
have to use option ‘-a’ ls command with 25 practical examples
[root@TechTutorial ~]# ls -a
. anaconda-ks.cfg b .bash_profile .cache .dbus initial-setup-

ks.cfg techtutorial
.. arkitsample.txt .bash_history .bashrc .config dir1

.lesshst .viminfo
a ARKIT.txt .bash_logout c .cshrc dir2 .tcshrc
3. Long list ( it display detailed info)

when you use ‘ls’ command it will list files & directories without there permission,
owner, group and other details, ‘-l’ option will display owner, group, others, Size
and time.
below is the example
[root@TechTutorial ~]# ls -l
total 24
-rw-r--r--. 1 root root 0 Jan 11 15:47 a
-rw-------. 1 root ravi 1765 Jan 8 22:47 anaconda-ks.cfg
-rw-r--r--. 1 root root 2 Jan 10 17:45 arkitsample.txt
-rw-r--r--. 1 root root 3 Jan 10 17:45 ARKIT.txt
-rw-r--r--. 1 root root 0 Jan 11 15:47 b
-rw-r--r--. 1 root root 0 Jan 11 15:47 c

drwxr-xr-x. 3 root root 29 Jan 10 17:20 dir1
-rw-r--r--. 1 root ravi 1813 Jan 8 23:05 initial-setup-ks.cfg
-rw-r--r--. 1 root root 5362 Jan 10 17:44 techtutorial
4. List files & directories separated by

comma
if there is a requirement that we have to list all the files and directories separated
by comma
here is the example ls command with 25 practical examples
[root@TechTutorial ~]# ls -m
a, anaconda-ks.cfg, arkitsample.txt, ARKIT.txt, b, c, dir1, dir2, initial-setup-

ks.cfg, techtutorial
5. List remote directory files & directories

with & without color
in order to list remote directory content with color and without color below is the
example
with color
[root@TechTutorial ~]# ls --color=always

ks.cfg techtutorial
without color, here all the files and directories will display in block color
[root@TechTutorial ~]# ls --color=never

ks.cfg techtutorial
6. List only directory using option ‘-d’

ls command along with option ‘-d’ will display only directory path without its
content
[root@TechTutorial ~]# ls -d /etc/
/etc/
7. List files & directories detailed time

stamp
as we can see above -l option which will give long output, time stamp is not
detailed, by following below example it will give time stamp details including time
zone and seconds
[root@TechTutorial ~]# ls -l --time-style=full-iso
total 24
-rw-r--r--. 1 root root 0 2016-01-11 15:47:47.042849437 +0530 a
-rw-------. 1 root ravi 1765 2016-01-08 22:47:13.626999586 +0530 anaconda-ks.cfg
-rw-r--r--. 1 root root 2 2016-01-10 17:45:26.794985205 +0530 arkitsample.txt
-rw-r--r--. 1 root root 3 2016-01-10 17:45:34.069985006 +0530 ARKIT.txt
-rw-r--r--. 1 root root 0 2016-01-11 15:47:47.043849437 +0530 b
-rw-r--r--. 1 root root 0 2016-01-11 15:47:47.043849437 +0530 c
drwxr-xr-x. 3 root root 29 2016-01-10 17:20:06.963026703 +0530 dir1
drwxr-xr-x. 2 root root 6 2016-01-10 17:05:21.261050887 +0530 dir2
-rw-r--r--. 1 root ravi 1813 2016-01-08 23:05:38.464011991 +0530 initial-setup-

ks.cfg
-rw-r--r--. 1 root root 5362 2016-01-10 17:44:46.245986312 +0530 techtutorial
8. Display files and directories its time

stamp as “YY-MM-DD HH:MM”
No need to think a lot to list files and directories with above time stamp format
[root@TechTutorial ~]# ls -l --time-style long-iso
total 24
-rw-r--r--. 1 root root 0 2016-01-11 15:47 a
-rw-------. 1 root ravi 1765 2016-01-08 22:47 anaconda-ks.cfg
-rw-r--r--. 1 root root 2 2016-01-10 17:45 arkitsample.txt
-rw-r--r--. 1 root root 3 2016-01-10 17:45 ARKIT.txt
-rw-r--r--. 1 root root 0 2016-01-11 15:47 b
-rw-r--r--. 1 root root 0 2016-01-11 15:47 c
drwxr-xr-x. 3 root root 29 2016-01-10 17:20 dir1
drwxr-xr-x. 2 root root 6 2016-01-10 17:05 dir2
-rw-r--r--. 1 root ravi 1813 2016-01-08 23:05 initial-setup-ks.cfg
-rw-r--r--. 1 root root 5362 2016-01-10 17:44 techtutorial
9. List objects its time stamp as “MM-DD

HH:MM”
List all files & directories with date format YY-MM-DD HH:MM
[root@TechTutorial ~]# ls -l --time-style iso
total 24
-rw-r--r--. 1 root root 0 01-11 15:47 a

-rw-------. 1 root ravi 1765 01-08 22:47 anaconda-ks.cfg
-rw-r--r--. 1 root root 2 01-10 17:45 arkitsample.txt
-rw-r--r--. 1 root root 3 01-10 17:45 ARKIT.txt
-rw-r--r--. 1 root root 0 01-11 15:47 b
-rw-r--r--. 1 root root 0 01-11 15:47 c
drwxr-xr-x. 3 root root 29 01-10 17:20 dir1
drwxr-xr-x. 2 root root 6 01-10 17:05 dir2
-rw-r--r--. 1 root ravi 1813 01-08 23:05 initial-setup-ks.cfg
-rw-r--r--. 1 root root 5362 01-10 17:44 techtutorial
10. List files & directories with specified

time stamp format
Here in this option we can mention date command options to customize time stamp
as required
[root@TechTutorial ~]# ls -l --time-style="+%Y-%m-%d %H:%M:%S"
total 24
-rw-r--r--. 1 root root 0 2016-01-11 15:47:47 a

-rw-------. 1 root ravi 1765 2016-01-08 22:47:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 2 2016-01-10 17:45:26 arkitsample.txt
-rw-r--r--. 1 root root 3 2016-01-10 17:45:34 ARKIT.txt
-rw-r--r--. 1 root root 0 2016-01-11 15:47:47 b
-rw-r--r--. 1 root root 0 2016-01-11 15:47:47 c
drwxr-xr-x. 3 root root 29 2016-01-10 17:20:06 dir1
drwxr-xr-x. 2 root root 6 2016-01-10 17:05:21 dir2
-rw-r--r--. 1 root ravi 1813 2016-01-08 23:05:38 initial-setup-ks.cfg
-rw-r--r--. 1 root root 5362 2016-01-10 17:44:46 techtutorial
11. List Only Group Name without User

name (Owner)
ls command will list only group name without user name (Owner name) in long list
lets see the example
[root@TechTutorial ~]# ls -lg
total 24
-rw-r--r--. 1 root 0 Jan 11 15:47 a
-rw-------. 1 ravi 1765 Jan 8 22:47 anaconda-ks.cfg

-rw-r--r--. 1 root 2 Jan 10 17:45 arkitsample.txt
-rw-r--r--. 1 root 3 Jan 10 17:45 ARKIT.txt
-rw-r--r--. 1 root 0 Jan 11 15:47 b
-rw-r--r--. 1 root 0 Jan 11 15:47 c
drwxr-xr-x. 3 root 29 Jan 10 17:20 dir1
-rw-r--r--. 1 ravi 1813 Jan 8 23:05 initial-setup-ks.cfg
-rw-r--r--. 1 root 5362 Jan 10 17:44 techtutorial
12. List Only Owner Name without Group

Name
ls command will list only user name (owner name) excluding group details we
have to use ‘-G’ option along with option ‘-l’
[root@TechTutorial ~]# ls -lG
total 24
-rw-r--r--. 1 root 0 Jan 11 15:47 a
-rw-------. 1 root 1765 Jan 8 22:47 anaconda-ks.cfg
-rw-r--r--. 1 root 2 Jan 10 17:45 arkitsample.txt

-rw-r--r--. 1 root 3 Jan 10 17:45 ARKIT.txt
-rw-r--r--. 1 root 0 Jan 11 15:47 b
-rw-r--r--. 1 root 0 Jan 11 15:47 c
-rw-r--r--. 1 root 1813 Jan 8 23:05 initial-setup-ks.cfg
-rw-r--r--. 1 root 5362 Jan 10 17:44 techtutorial
13. List files & directories in human

readable format
ls command will give you a nice human readable format of ls command output use
option ‘-lh’
[root@TechTutorial ~]# ls -lh
total 24K
-rw-------. 1 root ravi 1.8K Jan 8 22:47 anaconda-ks.cfg

-rw-r--r--. 1 root ravi 1.8K Jan 8 23:05 initial-setup-ks.cfg
-rw-r--r--. 1 root root 5.3K Jan 10 17:44 techtutorial
14. List inode number of files and

directories
we can also list the inode numbers of files and directories using option ‘-i’
[root@TechTutorial ~]# ls -i
71153561 a 71153570 arkitsample.txt 71153562 b 37492119 dir1

71163580 initial-setup-ks.cfg
71142770 anaconda-ks.cfg 71153571 ARKIT.txt 71153568 c 71153564 dir2

71153567 techtutorial
15. List only directories using -d option

ls command will only list directories without files in order to do that we have to
use #ls -d */ command.
[root@TechTutorial ~]# ls -d */
dir1/ dir2/
16. List files & directories, directories

should append with / (slash)
in order to append the directories with / ( slash ) we have to use option ‘-p’. if you
observe below example output all the directories ended with / ls command with 25
practical examples
[root@TechTutorial ~]# ls -p
a anaconda-ks.cfg arkitsample.txt ARKIT.txt b c dir1/ dir2/ initial-setup-

ks.cfg techtutorial
17. Print files & directory names in quoted

format
As we can list the files and directories using ls command, file names will be
printed as quoted format using -Q option
[root@TechTutorial ~]# ls -lQ
total 24
-rw-r--r--. 1 root root 0 Jan 11 15:47 "a"
-rw-------. 1 root ravi 1765 Jan 8 22:47 "anaconda-ks.cfg"

-rw-r--r--. 1 root root 2 Jan 10 17:45 "arkitsample.txt"
-rw-r--r--. 1 root root 3 Jan 10 17:45 "ARKIT.txt"
-rw-r--r--. 1 root root 0 Jan 11 15:47 "b"
-rw-r--r--. 1 root root 0 Jan 11 15:47 "c"
drwxr-xr-x. 3 root root 29 Jan 10 17:20 "dir1"
drwxr-xr-x. 2 root root 6 Jan 10 17:05 "dir2"
-rw-r--r--. 1 root ravi 1813 Jan 8 23:05 "initial-setup-ks.cfg"
-rw-r--r--. 1 root root 5362 Jan 10 17:44 "techtutorial"
[root@TechTutorial ~]# ls -Q
"a" "anaconda-ks.cfg" "arkitsample.txt" "ARKIT.txt" "b" "c" "dir1" "dir2"

"initial-setup-ks.cfg" "techtutorial"
18. Sort the list by time stamp

we can sort the files and directories by its time, this option will list old time stamp
below newer up
[root@TechTutorial ~]# ls -lt
total 24
19. Print in reverse

As example 18 is showing output old files below and newer files up. using ‘-r’
option print in reverse way, old first and new last
[root@TechTutorial ~]# ls -ltr
total 24

20. List recursively

using option ‘-R’ we can list files and directories in recursively
[root@TechTutorial ~]# ls -R
.:

ks.cfg techtutorial
./dir1:
Ravi Test1
./dir1/Ravi:
Kumar
./dir1/Ravi/Kumar:
Tech
./dir1/Ravi/Kumar/Tech:
TUtorial
./dir1/Ravi/Kumar/Tech/TUtorial:
./dir2:
21. print the allocated size of each file, in

blocks
using option ‘-S’ we can sort by file size
[root@TechTutorial ~]# ls -lS
total 24
22. sort by alphabetical order

in order to print in alphabetical order we have to use -X option ls command with 25
practical examples
[root@TechTutorial ~]# ls -lX
total 24
23. List with tab space

ls command default will display file space as 8 COLS, using -T we can print with
more tab space in between files
[root@TechTutorial ~]# ls

ks.cfg techtutorial
[root@TechTutorial ~]# ls -T1

a anaconda-ks.cfg arkitsample.txt ARKIT.txt b
c dir1 dir2 initial-setup-ks.cfg techtutorial
24. Print file names in one row

using option -1 (numeric number 1) ls command with 25 practical examples
[root@TechTutorial ~]# ls -1
anaconda-ks.cfg
arkitsample.txt
ARKIT.txt
dir1
dir2
initial-setup-ks.cfg
techtutorial
25. Lets know the ls command version
details and author details
[root@TechTutorial ~]# ls --version
ls (GNU coreutils) 8.22
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Richard M. Stallman and David MacKenzie.
Its all above ls command.
How to install Redhat Enterprise

Linux 7 Step by Step Guide
BY ANKAM RAVI KUMAR · PUBLISHED JANUARY 9, 2016 · UPDATED SEPTEMBER 11, 2017
There are Lot of Improvements came in RHEL 7.3 Version. Let’s see what are
they and RHEL 7.3 Installation Process. In this Article we are going to see How to
Install RedHat Enterprise Linux 7 Step by Step Guide. We just Published Linux
Tutorial Everything you Learn RHEL 7/Centos 7 from scratch.
New Features in RHEL 7.3
 Certificate Management – SubCA Feature to Create Dedicated CA
 Interoperability – IDM Management API Available
 Active Directory Integration Made Easy
 UPN Support – User Principal Name
 Auto Renewing Kerberos Keys – Keytab renewal
 Password Change via compatibility tree – LDAP
RHEL 7.3 ISO Download
How to Install RedHat Enterprise

Linux 7 Step by Step Guide
Hard drive installations use an ISO image of the binary installation DVD. To use a
hard drive as the installation source, transfer the binary DVD ISO image to the
drive and connect it to the installation system. Then, boot the Anaconda
installation program.
red hat enterprise linux 7 installation – 1
What Language you Would Like to Use during Installation

Select Time zone
Keyboard Language Selection
Installation Source
Installation Source Can be DVD ISO or Net Installation. Net Installation means
directly add web URL so that it will download from provide web URL and Installs
Software Selection
Note: Recommended installation for production servers is minimal installation
Installation Destination Selection
Disk Partitioning
Disk Partitioning can be done in Two Ways One is Standard Partitioning and LVM
(Logical Volume Manager) is preferable way to do, because it has an flexibility to
increase / decrease disk size
Check and Accept Partitioning Scheme
Network Section and Host Name Setup
Assign IP Address to server as static or using DHCP. Provide static name to

machine it will assign automatically
Installation Summary in Single Screen
Installation of RHEL 7.3 is in Progress
Set Root User Password while installing Operating System

Red Hat Enterprise Linux 7 Installation Completed Click REboot
First Time Operating System Loading License Agreement
Final Click to Enter into OS Screen
Install RedHat Enterprise Linux 7

You can use any type of hard drive accessible to the installation program,
including USB flash drives. The binary ISO image can be in any directory of the
hard drive, and it can have any name; however, if the ISO image is not in the top-
level directory of the drive, or if there is more than one image in the top-level
directory of the drive, you will be required to specify the image to be used. This
can be done using a boot option, an entry in a Kickstart file, or manually in the
Installation Source screen during a graphical installation..
A limitation of using a hard drive as the installation source is that the binary DVD
ISO image on the hard drive must be on a partition with a file system which
Anaconda can mount. These file systems are xfs, ext2, ext3, ext4, and vfat
(FAT32). Note that on Microsoft Windows systems, the default file system used
when formatting hard drives is NTFS, and the exFAT file system is also available;
however, neither of these file systems can be mounted during the installation. If
you are creating a hard drive or a USB drive to be used as an installation source on
Microsoft Windows, make sure to format the drive as FAT32.
IMPORTANT
The FAT32 file system does not support files larger than 4 GiB (4.29 GB). Some
Red Hat Enterprise Linux 7 installation media may be larger than that, which
means you cannot copy them to a drive with this file system.
When using a hard drive or a USB flash drive as an installation source, make sure
it is connected to the system when the installation begins. The installation program
is not able to detect media inserted after the installation begins.
Conclusion
Redhat Enterprise Linux 7 is a server version which has more features than RHEL
5&6
setup Linux Lab yet home – installing

and configuring IPA server
BY ARK · PUBLISHED MARCH 6, 2016 · UPDATED JUNE 19, 2018
After completion of part-4 setup You can follow this steps to setup your own
Linux lab at Home, using either vmware workstation or Oracle Virtual box Or
KVM virtualization Or RHEV. In this method i have used Vmware work stations
and Virtual box o setup Linux Lab at home. IPA is the best option to practice
LDAP, Kerberos authentication for RHCE Lab.
run # yum update once and take the snapshot of that VM
right click on VM –> Snapshot –> Take Snapshot
provide the snapshot name and click on Take Snapshot
Setup Linux Lab at home – installing and

configuring IPA server
setup Linux Lab at home – installing and configuring IPA server . In order to build
the lab server we have to install and configure below server roles.
1. YUM Server
2. DNS Server
3. Web Server
4. NTP Server
5. LDAP Server
6. Kerberos Server
7. 389 Directory Server
before creating all the above mentioned servers, we have to assign static IP address
and hostname to the server. in this case we will use nmcli utility to set static IP
address.
Adding New connection

#nmcli connection add type ethernet con-name eth0 ifname ens01677
Assign IP address
#nmcli connection modify eht0 ipv4.address 192.168.4.13/24 ipv4.gateway
192.168.4.2 ipv4.dns 192.168.4.13 +ipv4.dns 8.8.8.8
Set to Manual IP address method
#nmcli connection modify eth0 ipv4.method manual
Bring down the connection
#nmcli connection down eth0
Brind UP the connection
#nmcli connection up eth0
To setup hostname refer this link

YUM Server setup
Yellowdog updater, modified required to manage your RPM packages. YUM
server will automatically resolve dependencies of rpm packages while installing
them. Red Hat Enterprise Linux 7 will not provide YUM, without subscription.
Always installing the packages without YUM is very difficult, so we will setup our
local repository using installation media packages (RHEL 7 DVD).
Step 1: Mount DVD to temp directory

Mount your ISO file to your virtual machine, then mount to any directory using
mount command as mentioned below. in this example i used /rpms for mounting.
#mount /dev/sr0 /rpms
Step 2: Install FTP and

CREATEREPO packages
while installing the createrepo package it may ask you for the dependencies to
install, delrarpm and python-deltarpm.
[root@arkit-server ~]# rpm -ivh /rpms/Packages/createrepo-0.9.9-23.el7.noarch.rpm
[root@arkit-server ~]# rpm -ivh /rpms/Packages/deltarpm-3.6-3.el7.x86_64.rpm
[root@arkit-server ~]# rpm -ivh /rpms/Packages/python-deltarpm-3.6-

3.el7.x86_64.rpm
[root@arkit-server ~]# rpm -ivh /rpms/Packages/vsftpd-3.0.2-9.el7.x86_64.rpm
Step 3: Enable and Start the FTP service

FTP: File transfer protocol, it uses port number 20 and 21 to download and upload
files.
[root@arkit-server ~]# systemctl enable vsftpd.service
[root@arkit-server ~]# systemctl start vsftpd.service;

[root@arkit-server ~]# firewall-cmd --permanent --add-service=ftp
success
[root@arkit-server ~]# firewall-cmd --reload
success
[root@arkit-server ~]# systemctl restart vsftpd.service
verify that in /etc/vsftpd/vsftpd.conf file anonymous_enable=YES string is

enabled or not.
set the SELinux policy enabled.
#getsebool -a |grep ftp
#setsebool -P ftpd_full_access on
Step 4: Copy the packages to /var/ftp/pub/

and create repository
We have to share the YUM repository to our client machines via FTP.
create repository using installation DVD repomod.xml file.
# createrepo -vg /var/ftp/pub/repodata/repomd.xml /var/ftp/pub/
create new yum configuration file and add the entries as mentioned below.
[root@arkit-server ~]# cat /etc/yum.repos.d/ftp.repo
[ARKIT-YUM]
name=yumserver
baseurl=ftp://192.168.4.13/pub/
enabled=1
gpgcheck=0
Now test the yum is working..

That’s about yum server setup.
DNS Server, NTP Server, LDAP

Server, Kerberos Server and 389
Directory Server
Instead of installing all DNS, LDAP, Kerberos and 389 director server, We can
also install an IPA server which includes all of the above.
First enable the firewall rules to install
[root@arkit-server ~]# firewall-cmd --permanent --add-service=http
success
[root@arkit-server ~]# firewall-cmd --permanent --add-service=https
success
[root@arkit-server ~]# firewall-cmd --permanent --add-service=ldap
success
[root@arkit-server ~]# firewall-cmd --permanent --add-service=ldaps

success
[root@arkit-server ~]# firewall-cmd --permanent --add-service=kerberos
success
[root@arkit-server ~]# firewall-cmd --permanent --add-service=dns
success
success
[root@arkit-server ~]# yum install ipa-server bind nds-ldap bind-dyndb-ldap
[root@arkit-server ~]# ipa-server-install --setup-dns

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.
This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
* Configure DNS (bind)
To accept the default shown in brackets, press the Enter key.
Existing BIND configuration detected, overwrite? [no]: yes
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.
Server host name [arkit-server.lab.local]:
Warning: skipping DNS resolution of host arkit-server.lab.local
The domain name has been determined based on the host name.
Please confirm the domain name [lab.local]:
Enter the IP address to use, or press Enter to finish.
Please provide the IP address to be used for this host name: 192.168.4.13
Please provide the IP address to be used for this host name:
Adding [192.168.4.13 arkit-server.lab.local] to your /etc/hosts file
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.
Please provide a realm name [LAB.LOCAL]:
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.
Directer Password: PASSWORD
Confirm Password: CONFIRM-PASSWORD
The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.
IPA admin password: PASSWORD
Password (confirm): CONFIRM-PASSWORD
Do you want to configure DNS forwarders? [yes]:
Enter the IP address of DNS forwarder to use, or press Enter to finish.
Enter IP address for a DNS forwarder: 8.8.8.8
DNS forwarder 8.8.8.8 added
Enter IP address for a DNS forwarder:
Checking forwarders, please wait ...
Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name [4.168.192.in-addr.arpa.]:
Using reverse zone(s) 4.168.192.in-addr.arpa.
The IPA Master Server will be configured with:
Hostname: arkit-server.lab.local
IP address(es): 192.168.4.13
Domain name: lab.local
Realm name: LAB.LOCAL
BIND DNS server will be configured to serve IPA domain with:
Forwarders: 8.8.8.8
Reverse zone(s): 4.168.192.in-addr.arpa.
Continue to configure the system with these values? [no]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
since we already enabled the fire ports we no need to enable now. setup Linux Lab
yet home – installing and configuring IPA server
Now verify the kerberos and ldap user is able to login or not
[root@arkit-server ~]# klist

Ticket cache: KEYRING:persistent:0:0
Default principal: admin@LAB.LOCAL
Valid starting Expires Service principal
03/06/2016 21:46:37 03/07/2016 21:46:31 krbtgt/LAB.LOCAL@LAB.LOCAL
[root@arkit-server ~]# ipa user-find admin
--------------
1 user matched
--------------
User login: admin
Last name: Administrator
Home directory: /home/admin
Login shell: /bin/bash
UID: 823800000
GID: 823800000
Account disabled: False
Password: True
Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
[root@arkit-server ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa: INFO: The ipactl command was successful
Create one more user in ipa server to test from client
[root@arkit-server ~]# ipa user-add

First name: Ravi
Last name: Kumar
User login [rkumar]:
-------------------
Added user "rkumar"
-------------------
User login: rkumar
First name: Ravi
Last name: Kumar
Full name: Ravi Kumar
Display name: Ravi Kumar
Initials: RK
Home directory: /home/rkumar
GECOS: Ravi Kumar
Login shell: /bin/sh
Kerberos principal: rkumar@LAB.LOCAL
Email address: rkumar@lab.local
UID: 823800001
GID: 823800001
Password: False
Member of groups: ipausers
Kerberos keys available: False
[root@arkit-server ~]# ipa passwd rkumar
New Password:
Enter New Password again to verify:
---------------------------------------
Changed password for "rkumar@LAB.LOCAL"
---------------------------------------
Client Side Configuration

Assign the hostname to client
add yum repo to client
# scp /etc/yum.repos.d/ftp.repo root@ipaclient:/etc/yum.repos.d/
Add DNS server IP address to /etc/resolve.conf
[root@ravikumar ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search lab.local
nameserver 192.168.4.10
# yum install nss-pam-ldapd pam_krb5 ipa-client
[root@ravikumar yum.repos.d]# ipa-client-install
Discovery was successful!
Client hostname: ipaclient.lab.local

Realm: LAB.LOCAL
DNS Domain: lab.local
IPA Server: arkit-server.lab.local
BaseDN: dc=lab,dc=local
Synchronizing time with KDC...
Attempting to sync time using ntpd. Will timeout after 15 seconds
Unable to sync time with NTP server, assuming the time is in sync. Please check
that 123 UDP port is opened.
User authorized to enroll computers: admin
Password for admin@LAB.LOCAL:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=LAB.LOCAL
Issuer: CN=Certificate Authority,O=LAB.LOCAL
Valid From: Sun Mar 06 16:03:04 2016 UTC
Valid Until: Thu Mar 06 16:03:04 2036 UTC
Enrolled in IPA realm LAB.LOCAL
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
trying https://arkit-server.lab.local/ipa/json
Forwarding 'ping' to json server 'https://arkit-server.lab.local/ipa/json'
Forwarding 'ca_is_enabled' to json server 'https://arkit-
server.lab.local/ipa/json'
Systemwide CA database updated.
Added CA certificates to the default NSS database.
Hostname (ipaclient.lab.local) does not have A/AAAA record.
Missing reverse record(s) for address(es): 192.168.4.12.
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Forwarding 'host_mod' to json server 'https://arkit-server.lab.local/ipa/json'
SSSD enabled
Configured /etc/openldap/ldap.conf
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring lab.local as NIS domain.
Client configuration complete.
Now your client is added successfully to IPA server
Verify IPA Client with IPA Server

Connection Status
[root@ravikumar ~]# getent passwd rkumar
rkumar:*:823800001:823800001:Ravi Kumar:/home/rkumar:/bin/sh
[root@ravikumar ~]#
[root@ravikumar ~]# su - admin
Last login: Sun Mar 6 22:50:42 IST 2016 on pts/0
su: warning: cannot change directory to /home/admin: No such file or directory
-bash-4.2$ id
uid=823800000(admin) gid=823800000(admins) groups=823800000(admins)

context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
-bash-4.2$ exit
logout
[root@ravikumar ~]# su - rkumar
su: warning: cannot change directory to /home/rkumar: No such file or directory
when you login from client you will not get home directory
to get home directory add below line to mentioned file setup Linux Lab yet home –
installing and configuring IPA server
# vi /etc/pam.d/password-auth
# session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

login again you will get it.
We can also login to IPA server using web UI
That’s about setting up an Linux Lab yet home using virtualization softwares such
as vmware & virtualbox setup Linux Lab yet home – installing and configuring
IPA server
Thanks for the read. setup Linux Lab yet home – installing and configuring IPA
server
RHEL 7 Tutorial Managing Files and

Directories
BY ARK · PUBLISHED FEBRUARY 12, 2017 · UPDATED JULY 22, 2019
In Linux Operating System Everything is considered as a File. If you know
Managing Files and Directories Effectively that way you get more commanding
on Operating system. In this Article We are going to learn RHEL 7 Tutorial
Managing Files and Directories.
RHEL 7 Tutorial Managing Files and
Directories
Creating files and multiple files at a time using touch command, let’s see practical
examples
[root@ArkIT touch]#touch samplefile
[root@ArkIT touch]#touch file{1..10}.txt
Listing the files and directories using ls command

25 practical examples with ls command
Types of Files in Linux

File Type Symbol Description
Regular file – Normal File
Directory d Directory can be stored with other files
Link l Shortcut to the original file
Special File c /dev file. Character device file
Socket File s The file system’s access control
Pipe p Special file that allows processes to communi
Block File b Block Device File
Creating directories and parent directory structure using single command

# mkdir dir1
# mkdir -p /dir2/ravi/test
Copy files source to destination

cp is the command to copy the files
# cp anaconda-ks.cfg ravi wel /dir2/
cp: overwrite ‘/dir2/ravi’? y
cp: cannot overwrite directory ‘/dir2/ravi’ with non-directory
Copy Directories
# cp -Rv dir1/ /dir2/
‘dir1/’ -> ‘/dir2/dir1’
Move Files and Directories

Using mv command we can simple move files / directories from source to
destination
# mv dir1/ /dir2/
mv: overwrite ‘/dir2/dir1’? y
# ls /dir2/
anaconda-ks.cfg dir1 ravi wel
Deleting files and directories

rm is the command to remove / delete files and directories
# rm ravi
rm: remove regular file ‘ravi’? y
# rm -f wel
# rm -f touch/
rm: cannot remove ‘touch/’: Is a directory
# rm -rf touch/
That’s about RHEL 7 Tutorial Managing Files and Directories
25 most commonly used Linux

commands
BY ARK · PUBLISHED MAY 7, 2016 · UPDATED FEBRUARY 16, 2018
25 most commonly used Linux commands in real time. we have to use these
commands without this commands Linux administrator job will not complete a
day. We have to use this commands for reading files, checking present working
directory, moving files, check who logged in to system, check disk space, check
cpu utilization, kill unwanted processes, change files, directories ownership and
permissions. Copy files and directories to remote host.
Linux Tutorial
1.Creating files, Reading files and

Updating file content
To create file very first command in Linux we use is ‘cat' lets see how to create files
using cat command
[root@ArkIT ~]# cat > firstfile
This is a first file created using cat command
As mentioned in above ‘>’ redirect symbol we have to use along with cat
command to create file with content. Whenever you type cat > FILENAME hit
enter, than it will just show blank screen below the command now type some data
and press CTRL+d first will save and exit.
To read file content below is the command example
[root@ArkIT ~]# cat firstfile
[root@ArkIT ~]# cat >> firstfile
Second line of this file
[root@ArkIT ~]# cat firstfile

Second line of this file
To append the file content ‘>>’ double grater than we have to use. Type data and
press CTRL+d to save.
2. List files and directories

To list files and directories in Linux we have to use ls command
[root@ArkIT ~]# ls
anaconda-ks.cfg Desktop Documents Downloads file firstfile initial-setup-ks.cfg

linux Music Pictures Public rhce Templates Videos
long list with detailed information show. ls -l command will show detailed list
of files and directories.
[root@ArkIT ~]# ls -l
total 24
-rw-------. 1 root root 1968 Mar 18 02:26 anaconda-ks.cfg
drwxr-xr-x. 2 root root 6 Mar 17 20:59 Desktop
drwxr-xr-x. 2 root root 6 Mar 17 20:59 Documents
drwxr-xr-x. 2 root root 6 Mar 17 20:59 Downloads
-rw-r--r--. 1 root root 1084 Apr 28 08:16 file

list and sort files based on created date
[root@ArkIT ~]# ls -ltr
total 24
-rw-r--r--. 1 root root 2016 Mar 17 20:58 initial-setup-ks.cfg
-rw-r--r--. 1 root root 1812 Apr 28 05:59 rhce
-rw-r--r--. 1 root root 1227 Apr 28 06:02 linux
-rw-r--r--. 1 root root 1084 Apr 28 08:16 file
-rw-r--r--. 1 root root 72 May 6 22:45 firstfile
ls -ltr means l = long list, t = time, r = recursively
3. Let you know current working

directory
To show in which directory your currently working use pwd commnad
[root@ArkIT ~]# pwd
/root
4. more – file perusal filter for crt
viewing
more command is used to filter for paging through text one screen full at a time.
[root@ArkIT ~]# cat anaconda-ks.cfg |more
[root@ArkIT ~]# more -d anaconda-ks.cfg
[root@ArkIT ~]# more anaconda-ks.cfg
5. copy files and directories from

source to destination
To copy the files and directories from one location to other location we have to
use cp command
To copy only files use below command. If you use same command for directories
will not work, have to use -r option along with cp command
[root@ArkIT ~]# cp firstfile /opt/
[root@ArkIT ~]# cp Music/ /opt/
cp: omitting directory ‘Music/’ <<< --- if you didn't use -r option this error
will come
[root@ArkIT ~]# cp -r Music/ /opt/

[root@ArkIT ~]# ls -l /opt/
total 4
-rw-r--r--. 1 root root 72 May 7 07:15 firstfile
drwxr-xr-x. 2 root root 6 May 7 07:17 Music
whenever copying the files & directories we required to preserve time stamps to
preserving the time stamps of files & directories use option ‘-p’ along with cp
command
-rw-------. 1 root root 1968 Mar 18 02:26 anaconda-ks.cfg << -- Original file
[root@ArkIT ~]# cp -p anaconda-ks.cfg /opt/
[root@ArkIT ~]# ls -l /opt/anaconda-ks.cfg
-rw-------. 1 root root 1968 Mar 18 02:26 /opt/anaconda-ks.cfg <<--- copied file
ls command with 25 examples

6. Delete files and directories
To delete files and directories use rm command
[root@ArkIT ~]# rm file <<-- Delete regular file with confirmation
rm: remove regular file ‘file’? y
[root@ArkIT ~]# rm -f firstfile <<-- Delete Regular file without asking

confirmation
[root@ArkIT ~]# rm -rf Public/ <<-- Delete Directory without asking for
confirmation
To delete normal file use rm command it will ask you for the conformation when
deleting. If do not want to prompt any confirmation use -f option. To delete
directories use rm -rf .
Note: Be careful whenever your running rm -rf, avoid wildcard * while running rm
command, Go to the same directory and run rm -rf using wildcard *.
7. Moving files and directories

Moving files meaning that changing the location of files from one to another path.
use mv command
Syntax: mv [source] [destination]
[root@ArkIT opt]# mv Music/ /root/

mv: overwrite ‘/root/Music’? y
8. Creating New Directories

Most of the guys who are not fimilier with Linux also they know about mkdir
command
[root@ArkIT ~]# mkdir /Testing <<-- Creating Directory under /
[root@ArkIT ~]# mkdir test <<-- Creating Directory in current path

[root@ArkIT ~]# mkdir -p /Test/Best/Rest/ <<-- Creating Collaborative directories
9. Changing directories
To go from one directory to another directory we have to use cd command
as you see in above screenshot . (dot) represents current directory. ..(dot dot)
represents its parent directory, what is the use of them..?
whenever we use cd command cd ../../../ which means we are going two
directories back from current.
[root@ArkIT ~]# cd /tmp/ <<-- switch directory to /tmp
[root@ArkIT /]# cd /var/log/cups/ <<-- Switch to multiple directories yet the

same time
[root@ArkIT cups]# cd ../../../ <<-- Going two directories back
[root@ArkIT /]# cd -
/var/log/cups <<-- Going to previously changed path

[root@ArkIT cups]# cd ~ <<-- Whereever your go back to User HOME directory
[root@ArkIT ~]# pwd
/root
~ (tild) is used to switch back to HOME path
10. Deleting empty directories

We can also make use of rm command but some time we would like to delete
only empty directories (any directory didn’t contain any data) so rmdir command is
very handy whenever we would like to delete empty directories. as a example we
have taken two directories One is having few files in it another one is empty.
[root@ArkIT ~]# rmdir /test <<-- Directory having few files in it not deleted
rmdir: failed to remove ‘/test’: Directory not empty
[root@ArkIT ~]# rmdir /Testing/ <<-- Directory is empty deleted successfully
11. Print files

To print files from Linux command line we can use lpr command
[root@ArkIT ~]# lpr rhce <<-- Print rhce file to default printer
[root@ArkIT ~]# lpr rhce -P PRINTERNAME <<-- Print rhce file to specified printer
[root@ArkIT ~]# lpr -#5 rhce <<--- Print only 5 pages out of all pages
12. List who is logged into system and

run-levels
show who logged in to server and which run level is running currently
[root@ArkIT ~]# who
root tty1 2016-05-06 22:06
root pts/0 2016-05-07 07:10 (192.168.4.1)
root pts/1 2016-05-07 09:17 (192.168.4.1)
[root@ArkIT ~]# who -r
run-level 3 2016-05-06 22:05
[root@ArkIT ~]# who -d
[root@ArkIT ~]# who -H

NAME LINE TIME COMMENT
root tty1 2016-05-06 22:06
root pts/0 2016-05-07 07:10 (192.168.4.1)
root pts/1 2016-05-07 09:17 (192.168.4.1)
[root@ArkIT ~]# who -a
system boot 2016-05-06 22:05
run-level 3 2016-05-06 22:05
root + tty1 2016-05-06 22:06 12:22 1604
root + pts/0 2016-05-07 07:10 02:45 3973 (192.168.4.1)
root + pts/1 2016-05-07 09:17 . 4995 (192.168.4.1)
13. Clear screen

Typing all the commands on screen and its output in screen will look like messy to
clear all this output and commands typed use clear command
Video Player
00:00
00:05
14. Check disk and partition spaces

To list partition space and its utilization you have to use df command
[root@ArkIT ~]# df -t xfs

Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/rhel-root 18307072 3113572 15193500 18% /
[root@ArkIT ~]# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
[root@ArkIT ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 18G 3.0G 15G 18% /
[root@ArkIT ~]# df -m
Filesystem 1M-blocks Used Available Use% Mounted on
df -t <FileSystem> – it will list only the partition which are formated with
specified file system type
df -i – it will show with inode utilization
df -h – human redable format
df -m – all partition in MB size
15. Searching for files and its content

Searching for the content in file without opening the file use grep command
[root@ArkIT ~]# grep commands linux

all unix commands with examples
linux commands cheat sheet
list of linux commands pdf
in above example we were searching for ‘commands’ string in ‘linux’ file
[root@ArkIT ~]# grep -v commands linux
linux lab exercises
linux practice labs

linux high performance computing
above example will exclude the specified string (it means which lines does not
contain string will be displayed)
For more and more examples see this
Grep practical examples
16. Check CPU and Memory
utilization
top command is used to check CPU utilization, memory utilization and more.
17. Stream editor command

sed is stream editor to replace the text in file without opening in text editors, insert
lines, delete lines and replace strings
[root@ArkIT ~]# sed -i 's/oldstring/newstring/g' FILENAME
Sed command with 20 practical examples
18. killing processes when struck,

hang OR not required
To kill the processes when they struck up, Hang state OR some unwanted
processes not required we can kill them
Send an signal using signal id. Signal id 9 means SIGKILL
[root@ArkIT ~]# kill -9 7330
[root@ArkIT ~]# kill -l
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP
6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1
11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM
16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP
21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR
31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3
38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8
43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12
53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7
58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2
63) SIGRTMAX-1 64) SIGRTMAX

19. Listing running processes
when we run an command / script which will generate an process with process ID
and CPU will assign an Nice value priority for it.
[root@ArkIT ~]# ps
PID TTY TIME CMD
4995 pts/1 00:00:00 bash
7416 pts/1 00:00:00 ps
[root@ArkIT ~]# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.4 60032 7804 ? Ss 05:30 0:02 /usr/lib/systemd/systemd --switched-root

--sy
root 2 0.0 0.0 0 0 ? S 05:30 0:00 [kthreadd]
[root@ArkIT ~]# ps -U root -u root u <<-- list all processes running by ROOT user
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.4 60032 7804 ? Ss 05:30 0:02 /usr/lib/systemd/systemd --switched-root

--sy
root 2 0.0 0.0 0 0 ? S 05:30 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 05:30 0:00 [ksoftirqd/0]

20. Changing the files and directory
permissions
This command most of the Linux administrators know, I think nobody will work as
Linux Administrator without knowing this command. The command is chmod
command
[root@ArkIT ~]# ls -l anaconda-ks.cfg

[root@ArkIT ~]# chmod 760 anaconda-ks.cfg
[root@ArkIT ~]# chmod o+x anaconda-ks.cfg
-rwxrw---x. 1 root root 1968 Mar 18 02:26 anaconda-ks.cfg
[root@ArkIT ~]# chmod g+x anaconda-ks.cfg

-rwxrwx--x. 1 root root 1968 Mar 18 02:26 anaconda-ks.cfg
We can use chmod command along as numeric numbers and alpha

chmod command
 4 = read
 2 = write
 1 = execute
 u = rwx — User permissions
 g = rwx — Group permissions
 o = rwx — Other permissions
21. Changing group ownership for

files and directories
Changing ownership of files and directories using chown and chgrp command
chown USERNAME:GROUPNAME FILENAME
-rwxrwx--x. 1 root root 1968 Mar 18 02:26 anaconda-ks.cfg
[root@ArkIT ~]# chown root:project1 anaconda-ks.cfg

-rwxrwx--x. 1 root project1 1968 Mar 18 02:26 anaconda-ks.cfg
As shown in above example ownership of anaconds-ks.cfg has been changed to

project1 group and user root.
[root@ArkIT ~]# chgrp u1 anaconda-ks.cfg

-rwxrwx--x. 1 root u1 1968 Mar 18 02:26 anaconda-ks.cfg
22. Creating and extracting

compressed files (zip files)
tar is the command used to create archive and extract archive files
[root@ArkIT ~]# tar -czvf test.tar.gz *

anaconda-ks.cfg
Desktop/
Documents/
Downloads/
tar command options

 -c = create
 -z = gzip type file
 -v = verbose
 -f = file
 -x = extract
[root@ArkIT ~]# tar -xvf test.tar.gz
23. Connecting to remote host using

secure shell
In regular times we use this command to connect remote Linux based host. To
connect remote host using root user we have to use below command.
[root@ArkIT ~]# ssh root@192.168.4.21
Above comand will not support GUI to connect remote host using GUI support, we
have to use below command
[root@ArkIT ~]# ssh -XY root@192.168.4.21
24. Securely copy the files and

directories to remote host
To copy the files from present host to remote host we have to use scp command
[root@ArkIT ~]# scp anaconda-ks.cfg root@192.168.4.21:/root/Desktop/
25. cheeking system Date and Time

To check system Date and Time we have to use date command
[root@ArkIT ~]# date
Sat May 7 14:18:32 IST 2016
[root@ArkIT ~]# date +%D:%M:%Y

05/07/16:18:2016
That’s it. 25 most commonly used Linux commands
Getting Help 5 command line tools

Not Difficult At All!
BY ARK · PUBLISHED JULY 27, 2016 · UPDATED AUGUST 2, 2018
Situation is there is no internet on production servers..!! Suddenly you need help to
execute an commands in Linux Servers, How..?? Read this Getting Help 5
command line tools article end of this article you will get an confidence.
1. Reading Manual Pages (man)
2. Reading Page Information (pinfo)
3. Reading info pages (info)
4. Identify where is the command path (whereis)
5. Know what the command will do (whatis)
6. Help command to get options on the go (help command/command –help)
Getting help 5 command line tools

1. man command
man is an interface to the on-line reference manuals.
Man Pages has 8 categories to refer the manual
1. Executable programs or shell commands
2. System calls (functions provided by the kernel)
3. Library calls (functions within program libraries)
4. Special files (usually found in /dev)
5. File formats and conventions eg /etc/passwd
6. Games
7. Miscellaneous (including macro packages and conventions)
8. System administration commands (usually only for root)
9. Kernel routines [Non standard]
Manual page
Navigating Man Pages

 Spacebar – Scrolling man page down
 PageDown/Down Arrow – Scrolling man page down
 PageUp/Up Arrow – Scrolling man page UP
 /string – Search for particular string
 n (key) – Repeat search Up to down
 N (key) – Repeat search Down to up
 g – Go to first to man page
 G – Go to end of the man page
 q – Exit from man page
Search the short manual page descriptions for keywords and display any matches
[root@desktop ~]# man -k passwd

chpasswd (8) - update passwords in batch mode
fgetpwent_r (3) - get passwd file entry reentrantly
getpwent_r (3) - get passwd file entry reentrantly
gpasswd (1) - administer /etc/group and /etc/gshadow
grub2-mkpasswd-pbkdf2 (1) - Generate a PBKDF2 password hash.
lpasswd (1) - Change group or user password
lppasswd (1) - add, change, or delete digest passwords.
To see man page of particular command
[root@desktop ~]# man ls

LS(1) User Commands LS(1)
NAME
ls - list directory contents
Lookup for smail/short description about

command
[root@Techtutorials ~]# man -f cat
cat (1) - concatenate files and print on the standard output
cat (1p) - concatenate and print files
2. pinfo command to Getting help

pinfo is the command to access man pages and get help to execute commands same
like man command. Page info will be displayed in different format.
3. info command to read info documents

Read info documents, which will open all the documents continuous to one
 UP Arrow/Page Up – To go upwards of the document
 Down Arrow / Page Down – To go downwards of the document
 /String – Search for particular word
 Press ‘q’ – Quit from info document
info command options

 -k = look up STRING in all indices of all manuals
 -d = Add DIR to INFOPATH
 -f = Specify info file and read
 -R = Output “RAW” ANSI escapes
4. Whereis command to Locate binaries

whereis command is very handy when your environment is secured with path
variables, where you have to type entire path to execute commands example
like .i.e. /bin/ls
all the binaries are not located in same path like /bin/ binaries are located in
different path like /bin /sbin /usr/bin/ /usr/sbin/, to identify banary location we have
to execute whereis command to know binary exact location
[root@Techtutorials ~]# whereis ls
ls: /usr/bin/ls /usr/share/man/man1/ls.1.gz /usr/share/man/man1p/ls.1p.gz

5. whatis command line tool
whatis utility will help you when you would like to know about any command
which you don’t know. Command i know but when i execute it what happens.
[root@Techtutorials ~]# whatis ls
ls (1) - list directory contents
ls (1p) - list directory contents
[root@Techtutorials ~]# whatis ip
ip (7) - Linux IPv4 protocol implementation
ip (8) - show / manipulate routing, devices, policy routing and

tunnels
6. instance help on command

you can use <command –help> to get command options with little bit
explanation
Use help command
[root@Techtutorials ~]# help cd
cd: cd [-L|[-P [-e]]] [dir]
Change the shell working directory.

Change the current directory to DIR. The default DIR is the value of the
HOME shell variable.
The variable CDPATH defines the search path for the directory containing
DIR. Alternative directory names in CDPATH are separated by a colon (:).
A null directory name is the same as the current directory. If DIR begins
with a slash (/), then CDPATH is not used.
Conclusion
Getting help from 5 command line tools is very handy to do our regular daily to
daily activities.
Editing Viewing Text files using Nano

text editor RHEL 7
BY ARK · PUBLISHED OCTOBER 12, 2016 · UPDATED OCTOBER 14, 2016
There are many Text Editors are available to edit text files. Most easy to edit text
files using Nano editor. It will work just like Notepad in Windows Operating
system. Let’s see Editing Viewing Text Files Using Nano text Editor in RHEL 7.
Nano Text editor created as TIP – This isn’t PICO editor.
Advantages of Nano Text Editor

 Nano Provides more features than PICO
 Colored Text for writing scripting languages .i.e.C, C++, Shell Scripting and
Perl …Etc
 Smoothing Scrolling
 Simple Control Keys
 Regular Expression support to Search Text in file
 Multiple Buffers to Do Undo, Redo and Edit Text
Editing Viewing Text Files Using Nano

Text Editor
Syntax : nano <file name>
Viewing Text file and Adding Data to Text file I am just opening ‘arkit’ file using
nano.
[root@puppet ~]# nano arkit
Moving Curser Around

To Move Curser UP / DOWN / Left Side / Right Side we have to Use keyboard
arrow keys.
Keyboard Arrow Keys to Navigate Curser Around
Jump Curser from Line beginning to Ling Ending keys. By Pressing CTRL + A
key go to Current Begining of the Line and CTRL + E to End of Current Line.
Ctrl+A Go to beginning of current line
Ctrl+E Go to end of current line

Move Curser around the paragraph’s using shortcut keys. Use ALT + ( Go to the
beginning of a paragraph, then of the previous paragraph. ALT + ) Go to End of
the paragraph, then Next end of Paragraph.
Go just beyond end of paragraph; then of next paragraph
Go to beginning of paragraph; then of the previous paragraph
Read Page by Page

If you’re opening a text file which contains more than two are more pages then you
may require to switch from one page to another page using simple shortcut keys in
nano Text Editor.
Using ALT + \ Go to the first line of the page
Press ALT + \ Key Go to the first line of the page

Go to the Last Line of the Page ALT + /
Press ALT + / Go to the Last Line of the Page
Moving Curser within Paragraph

We can Use CTRL + F Go Forward One character and CTRL + B Go Backward
one character, simply using arrow keys also we can move cursor
Go fast move word by word using CTRL + SPACE BAR and ALT + SPACE
BAR to Back one word by word
Moving Curser Line by Line Up and Down by Pressing CTRL + P keys to go
Previous Line and CTRL + N Keys to Go Next Line.
Copy Text and Paste

Multiplying the Text by Copy & Paste Lines by Lines. Using Nano Text Editor we
can copy Selected lines and single-line also, Press ALT + 6 Copy Current cursor
position Line to Copy Buffer space.
Paste Copied Text using CTRL + U Or F10 Function Key
Cut Text using CTRL + K Or F9 Function Key, Using CTRL + U Paste the Cut
Buffer Text.
Bulk Lines Cut using ALT + T from the cursor position to the end of the file
Inserting and Deleting

Inserting Same word by Word, Line by Line using ALT + V Insert the next
keystroke verbatim
Tab at the cursor position Insert Using Ctrl + I which is very useful to adjust
content
Newline at the cursor position Using Ctrl + M Keys Editing Viewing Text Files
Delete Single character which is under the cursor Using Ctrl + D
Ctrl + H Delete the character to the left of the cursor, Meaning deleting from
left to right
Indent and Unindent

Indent the current line Using Keys ALT + } space left between the margin and
the start of an indented line. Adding tab space to starting of the Line.
Unindent the current line ALT + { Removing added tab space from starting of
the Line
Find and Replace String

Search page Text using a regular expression, We can search text within the opened
text file pressing CTRL + W key, Repeating search keyword using ALT + W key.
Replacing particular word using Ctrl + \ Or ALT + R Replace a string or a
regular expression.
Search to replace word
Replace With Word
Press Yes, No, ALL
Replaced Words Count
Scrolling Up and Down without Scrolling

Cursor
Moving the Text Up without scrolling cursor Press Keys ALT+ – Or ALT +
_ Scroll up one line
ALT + + Or ALT + = Scroll down one line without scrolling the cursor
Go to Particular Line Using Shortcut Key ALT + G Or CTRL + _
If you Cut Or Copy the Text it will hold by buffer size, to switch between the
versions of previous and Next File Buffer Use ALT + < Or ALT + , for
Previous File Buffer and ALT + > Or ALT + . for Next File Buffer
Enabling and Disabling Help Mode
Help Mode Disabled
Help Mode Enabled
Pressing ALT + X to enable and disable Help Mode

ALT + C key to enable and disable Constant cursor position Display Editing
Viewing Text Files
Enabled and Disabled Constant cursor position
Save (Unload Buffer) and Exit from File

Ctrl + X (F2) Close the current file buffer / Exit from nano
Ctrl + O (F3) Write the current file to disk
Enabling Colored Text to highlight

programming code
By default whenever you edit the program code using nano text editor you can’t
see colors, syntax highlight colors. To come in color we have to change few
settings in nano Text Editor configuration file.
Nano will support at a time one type of programing language.
Edit below mentioned file and un-comment your favorite programming language. I
have enabled perl programming support.
#nano /etc/nanorc
## Nanorc files
# include "/usr/share/nano/nanorc.nanorc"
## C/C++
# include "/usr/share/nano/c.nanorc"
## HTML
# include "/usr/share/nano/html.nanorc"
## TeX
# include "/usr/share/nano/tex.nanorc"
## Quoted emails (under e.g. mutt)
# include "/usr/share/nano/mutt.nanorc"
## Patch files
# include "/usr/share/nano/patch.nanorc"
## Manpages
# include "/usr/share/nano/man.nanorc"
## Groff
# include "/usr/share/nano/groff.nanorc"
## Perl
include "/usr/share/nano/perl.nanorc"
## Python
# include "/usr/share/nano/python.nanorc"
## Ruby
# include "/usr/share/nano/ruby.nanorc"
## Java
# include "/usr/share/nano/java.nanorc"
## Assembler
# include "/usr/share/nano/asm.nanorc"
## Bourne shell scripts

# include "/usr/share/nano/sh.nanorc"
## POV-Ray
# include "/usr/share/nano/pov.nanorc"
That’s it about Nano Text Editor.
Linux Directory Structure Changed

RHEL7 File System Hierarchy
Standard
BY ARK · PUBLISHED DECEMBER 7, 2016 · UPDATED DECEMBER 7, 2016
Do you ever think why Linux Directory Structure is different than other operating
systems..? And why we need to have so many directories in Linux, Let me explain
in a better way to understand Linux Directory Structure Changed RHEL7 File
System Hierarchy Standard (FHS).
Why File System Hierarchy is important..?

 Basic Security
 Categorizing Sharable and UN-sharable files in different buckets
 Organizing application files as per the FHS complaint
 Which gives more flexibility for the developers to write / develop programs
 Easy to manage Operating system for Administrators
File System Hierarchy is dependent for more other processes like booting process
and recover / restore processes. Let’s see one by one what they store and how it is
useful.
Linux Directory Structure Changed

RHEL7 File System Hierarchy Standard
/bin is a separate directory under / (slash / root) which stores essential command
binaries and commands that may be used by normal users and administrators.
symbolic links also to the other commands /scripts.
Example: cat, chgrp, chmod and so an..
/boot contains static files of the boot loader, This Directory contains everything
required by the boot process except configuration files not needed at boot time and
the map installer. This may include saved master boot sectors and sector map files.
Example: Grub2
/dev directory contains device files. dev directory contains MAKEDEV and
MAKEDEV.local to create externally attached device files and also local device
files.
Example: /dev/cdrom – CD player
/dev/st0 – Tape Drive
/etc directory hold host-specific system configuration files. Configuration files
must be an local files and must not be an executable binaries. No binary files
located under /etc directory. It contains major / important system configuration
files.
Example: /etc/passwd, /etc/group
/lib directory includes essential shared libraries and kernel modules. Dynamically
linked C library files (lib.so) and execution time linker/loader (ld) file types
contained by lib directory.
/media directory is used as mount point for removable media, such as CD / DVD
drives, thumb drives etc. We can create sub-directories under /media directory to
mount multiple devices.
/mnt directory used as mount point for mounting a filesystem temporarily. Any
partitions you would like to mount it for temporary you can make use of this temp
path.
/opt directory is reserved for add-on application software packages such as

chrome browser. Every third party packages you install it will create
and <package name> directory or <provider name> directory to identify
them easily. Directories under opt /opt/bin, /opt/doc, /opt/include, /opt/info,
/opt/lib, and /opt/man are reserved for local system administrator use.
Example: /opt/chrome etc..
/sbin directory
This /sbin directory contains essential system binaries. Utilities used by systemd
administrators will be stored under this directory. /sbin also contains binaries
which are used for booting, restoring, recovering and repairing the system.
Example: fsck, reboot etc..
/srv directory stores data for services provided by this system. It contains site
specific data which is served by system.
/tmp stores temporary files. /tmp is very special directory which is accessible to
every user in the system. Assigned an permissions called sticky bit and few more
special permissions.
/usr secondary major hierarchy. When /bin directory is not flexible to keep more
binaries / scripts we can keep in /usr/bin directory. /usr is an shareable and read-
only data, FHS complaint hosts and must not be writable.
/var holds variable data, which is not static data variable data is an dynamic data.
Var directory contains log files as well.
/home is an default users home directory
/root is an default root user home directory.
Conclusion: Directory structure is created in Linux based on FH complaint.
File system hierarchy standard. FHS gives basic security and separate shareable
and UN-shareable files.
User Administration Creating

Modifying and Deleting RHEL 7
BY ARK · PUBLISHED NOVEMBER 5, 2016 · UPDATED JULY 3, 2018
In Linux Terms users are users who utilize system for doing there work effectively.
Work means which maybe anything like writing code, designing graphics, Playing
games, innovating new things and learning new things. Linux does not have
complex user administration, User administration in Linux / Unix platform is very
easy of-course very effective as well. In this article we are going to learn User
Administration Creating Modifying and Deleting RHEL 7 / Centos 7. Creating modifying
user accounts
Three Types of users exists in Linux /
Unix
 Administrator / Super User / Root User / Inbuilt User
 Service Accounts
 Normal Users
User Administration Creating Modifying

and Deleting RHEL 7
1. Root User: root user is an high privileged user which has complete

permissions by default. root user id always 0. While installing Operating system
root user will be created by default as administrator to install and manage things.
Few of the administrator type commands can only be run by root user.
2. Service Accounts: Service accounts are the users which creates
automatically whenever we install & start service. .i.e. NFS (nfsnobody), http
(apache) .. etc. These service account will have an permissions to manage its
related services. Service accounts by default do not have shell access
(/sbin/nologin). These user id’s will start from 1 – 999 in New version of Linux
such as RHEL 7 / Centos 7.
3. Normal Users: Normal user accounts will be created by administrator
(root / Super user), These user id’s start from 1000 – 65535. Manually we can
assign permission based on requirement using sudoers.
Creating Users / Adding Users

Using simple useradd command we can create user in Linux / Unix Operating
systems. You must be an super user / Administrator to create another normal user.
[root@ArkIT-Serv ~]# useradd ravikumar
[root@ArkIT-Serv ~]# cat /etc/passwd |grep ravikumar
ravikumar:x:1000:1000::/home/ravikumar:/bin/bash
When we execute useradd command and passwd command it will do below

steps to create user.
 It will add entry in /etc/passwd file
 Along with the user primary group with same as user name will be created
 Group entry will be added in /etc/group
 By Default user home directory will be created under /home path
 /etc/skel directory files will be copied to /hom/USERNAME/
 Encrypted password entry will be updated in /etc/shadow file
Useradd Command Options

While creating an user we can also customize few things like placing user home
directory in mentioned path / Custom path. Adding Comment to user, Expiry date
and so an.
 -c Used to add comment
 -d Used to create custom home path of user
 -D Used to change default settings
 -e The date on which the user account will be disabled. The date is
specified in the format YYYY-MM-DD.
 -f User Account will go to disabled after mentioned period expires
 -g User will have one primary and remaining secondary groups, instead of
creating own primary group we can make another group as primary
 -G Adding user to secondary group
 -k Copy skel directory files
 -K Disable Password Ageing while creating service account
 -l Avoid to add user entry in lastlog and faillog list
 -m Create Home Directory for user (Without -m option also by default
useradd command will create)
 -M Do not Create Home Directory for the user
 -N Do not create primary group as same as user name instead add user to
group name mentioned with -g option
 -o Allow to create user with duplicate UID
 -r Create and System Account
 -u Specify custom UID for the user
Let’s see few practical examples of
options
[root@ArkIT-Serv ~]# useradd -u 3333 -g project1 -c "Ind Administrator" -s
/bin/bash -d /opt/ravik -e 2016-12-31 ravik
[root@ArkIT-Serv ~]# cat /etc/passwd |grep ravik
ravik:x:3333:2005:Ind Administrator:/opt/ravik:/bin/bash
Check below is the output to verify user account expiry date
[root@ArkIT-Serv ~]# chage -l ravik
Last password change : Nov 05, 2016
Password expires : never
Password inactive : never

Account expires : Dec 31, 2016
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Modify existing user values using usermod command

Along with the usermod command we have to use below options to modify
required details
 -c Change Comment
 -d Change Home Directory Path
 -e Change Expiry Date
 -g Primary group change
 -G Adding to different secondary group
 -l Login Name change
 -L Lock User
 -m Move User home directory content to new path
 -s Shell Change
 -u Change User Identification UID
 -U Unlock Locked user
Let’s see few examples here
Change User Shell from /bin/bash to /bin/csh
[root@ArkIT-Serv ~]# usermod -s /bin/csh ravik
ravik:x:3333:2005:Ind Administrator:/opt/ravik:/bin/csh
Change user comment

ravik:x:3333:2005:Ravi Kumar Linux Administrator:/opt/ravik:/bin/csh
Lock and Un-Lock User
[root@ArkIT-Serv ~]# usermod -L ravik
ravik:x:3333:2005:Ravi Kumar Linux Administrator:/opt/ravik:/bin/csh
[root@ArkIT-Serv ~]# cat /etc/shadow |grep ravik
ravik:!!:17110:0:99999:7::17166:
[root@ArkIT-Serv ~]# usermod -U ravik
[root@ArkIT-Serv ~]# cat /etc/shadow |grep ravik
ravik:!:17110:0:99999:7::17166:
Deleting User
Deleting exiting user is very simple just we have to run userdel command along
with required options, User administration creating, modifying and deleting users.
[root@ArkIT-Serv ~]# userdel ravik
[root@ArkIT-Serv ~]# userdel -r ravikumar
[root@ArkIT-Serv ~]# cd /opt/
[root@ArkIT-Serv opt]# ls
ravik rh
[root@ArkIT-Serv opt]# cd /home/
[root@ArkIT-Serv home]# ls
ravi1
if you delete user without using -r option user home directory will not delete, you
have to delete user home path manually. If you use -r option home directory also
will delete automatically.
Conclusion
User Administration is very simple and very effective, I hope you understand about
user types, Creating, Modifying and Deleting Users from Linux Machine.
Related Articles
Access Control List Explained
What is LVM and How to create LVM
11 rsync commands
systemctl command with all possible

options rhel7 and centos7
BY ARK · APRIL 28, 2016
systemctl is a command available in new version of Linux. Systemctl is used to
control the systemd and service manager. To control services we have to use lot many
options along with systemctl command. It is changed dramatically in new version of
Linux. In this article we are going to explore as many possible ways as to use
systemctl command in Linux.
Let’s start with checking the service status.
1. Service Status Check and show service

units
below is the command used to verify the service status
[root@TechTutorial ~]# systemctl status network.service

network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network)
Active: active (exited) since Thu 2016-04-28 13:39:38 IST; 32min ago
Process: 5239 ExecReload=/etc/rc.d/init.d/network reload (code=killed,
signal=TERM)
Process: 5313 ExecStart=/etc/rc.d/init.d/network start (code=exited,
status=0/SUCCESS)
[root@server ~]# systemctl show crond.service
Id=crond.service
Names=crond.service
Requires=basic.target
Wants=system.slice
Conflicts=shutdown.target
Before=shutdown.target
2. Verify service is active and enabled

If service is active it means service is running without any issues. As a example we
verify web service is running OR not.
[root@TechTutorial ~]# systemctl is-active httpd.service

active
Enabling service means we are ensuring that service should start when server is
rebooted. In older versions chkconfig command.
[root@server ~]# systemctl enable crond.service

[root@server ~]# systemctl is-enabled crond.service
enabled
3. Start and restart service using systemctl

As simple as starting the services and restarting the services is very easy, Here we
have little more than that in New version.
[root@server ~]# systemctl start crond.service

[root@server ~]# systemctl restart crond.service
as we say it is more than start and restart we have systemctl try-restart now your

thinking about what is the difference between restart and try-restart..?
option restart will restart the service if it is in stopped state also.
option try-restart Restart one or more units specified on the command line if the
units are running. This does nothing if units are not running. Note that, for
compatibility with Red Hat init scripts, condrestart is equivalent to this command.
[root@server ~]# systemctl try-restart crond.service
4. Listing dependencies, jobs, sockets, uni
t-files and Units
Listing dependencies means what are the services we have to start before starting this
required service this before version this feature was not there.
Shows required and wanted units of the specified unit. If no unit is specified,
default.target is implied. Target units are recursively expanded. When –all is passed,
all other units are recursively expanded as well
[root@server ~]# systemctl list-dependencies crond.service

crond.service
├─system.slice
└─basic.target
├─alsa-restore.service
├─alsa-state.service
├─firewalld.service
├─microcode.service
├─rhel-autorelabel-mark.service
├─rhel-autorelabel.service
├─rhel-configure.service
├─rhel-dmesg.service
├─rhel-loadmodules.service
├─paths.target
├─slices.target
list-jobs will show what are jobs running currently in background
[root@server ~]# systemctl list-jobs

No jobs running.
Listing installed unit files
[root@server ~]# systemctl list-unit-files |grep sshd

anaconda-sshd.service static
sshd-keygen.service static
sshd.service enabled
sshd@.service static
sshd.socket disabled
List all available sockets

[root@server ~]# systemctl list-sockets
LISTEN UNIT ACTIVATES
/dev/initctl systemd-initctl.socket systemd-initctl.service
/dev/log systemd-journald.socket systemd-journald.service
/run/dmeventd-client dm-event.socket dm-event.service
/run/dmeventd-server dm-event.socket dm-event.service
/run/lvm/lvmetad.socket lvm2-lvmetad.socket lvm2-lvmetad.service
/run/systemd/journal/socket systemd-journald.socket systemd-journald.service
/run/systemd/journal/stdout systemd-journald.socket systemd-journald.service
/run/systemd/shutdownd systemd-shutdownd.socket systemd-shutdownd.service
/run/udev/control systemd-udevd-control.socket systemd-udevd.service
/var/run/avahi-daemon/socket avahi-daemon.socket avahi-daemon.service
/var/run/cups/cups.sock cups.socket cups.service
/var/run/dbus/system_bus_socket dbus.socket dbus.service
/var/run/rpcbind.sock rpcbind.socket rpcbind.service
@ISCSIADM_ABSTRACT_NAMESPACE iscsid.socket iscsid.service
@ISCSID_UIP_ABSTRACT_NAMESPACE iscsiuio.socket iscsiuio.service
kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service
16 sockets listed.
Pass --all to see loaded but inactive sockets, too.
Note: because the addresses might contains spaces, this output is not suitable for
programmatic consumption.
[root@server ~]# systemctl list-sockets --show-types

LISTEN TYPE UNIT ACTIVATES
/dev/initctl FIFO systemd-initctl.socket systemd-initctl.service
/dev/log Datagram systemd-journald.socket systemd-journald.service
/run/dmeventd-client FIFO dm-event.socket dm-event.service
/run/dmeventd-server FIFO dm-event.socket dm-event.service
/run/lvm/lvmetad.socket Stream lvm2-lvmetad.socket lvm2-lvmetad.service
/run/systemd/journal/socket Datagram systemd-journald.socket systemd-
journald.service
/run/systemd/journal/stdout Stream systemd-journald.socket systemd-
journald.service
/run/systemd/shutdownd Datagram systemd-shutdownd.socket systemd-shutdownd.service
/run/udev/control SequentialPacket systemd-udevd-control.socket systemd-
udevd.service
/var/run/avahi-daemon/socket Stream avahi-daemon.socket avahi-daemon.service
/var/run/cups/cups.sock Stream cups.socket cups.service
/var/run/dbus/system_bus_socket Stream dbus.socket dbus.service
/var/run/rpcbind.sock Stream rpcbind.socket rpcbind.service
@ISCSIADM_ABSTRACT_NAMESPACE Stream iscsid.socket iscsid.service
@ISCSID_UIP_ABSTRACT_NAMESPACE Stream iscsiuio.socket iscsiuio.service
kobject-uevent 1 Netlink systemd-udevd-kernel.socket systemd-udevd.service
16 sockets listed.
[root@server ~]# systemctl list-sockets --failed

0 sockets listed.
5. Setting up default target (Older version

Run Level) and getting default target
We have to use set-default to set default run level and we can see default run level
using get-default option as shown below example
[root@server ~]# systemctl set-default multi-user.target

rm '/etc/systemd/system/default.target'
ln -s '/usr/lib/systemd/system/multi-user.target'
'/etc/systemd/system/default.target'
[root@server ~]# systemctl get-default

multi-user.target
6. Masking service ans unmasking service

What is mean by masking service, there is situation that company will have multiple
administrators working together still there are times one administrator will stop the
service which is not required but another administrator will start the same service
unfortunately Or unknowingly , will lead to lot of problems to avoid this types of
situations. We have to disable, stop the service and mask it, when other administrator
try to start also the service will never start until unless explicitly unmask.
[root@server ~]# systemctl disable crond.service

rm '/etc/systemd/system/multi-user.target.wants/crond.service'
[root@server ~]# systemctl stop crond.service
[root@server ~]# systemctl mask crond.service
ln -s '/dev/null' '/etc/systemd/system/crond.service'
[root@server ~]# systemctl status crond.service
crond.service
Loaded: masked (/dev/null)
Active: inactive (dead)
As shown in above command examples we have stopped the service, disabled the
service and masked the service. Now try to start the service.

Failed to issue method call: Unit crond.service is masked.
now unmask the service and start it will start
[root@server ~]# systemctl unmask crond.service

rm '/etc/systemd/system/crond.service'
crond.service - Command Scheduler
Loaded: loaded (/usr/lib/systemd/system/crond.service; disabled)
Active: active (running) since Thu 2016-04-28 22:45:12 IST; 9s ago
Main PID: 7521 (crond)
CGroup: /system.slice/crond.service
└─7521 /usr/sbin/crond -n
7. Reload and reset service status

Most of the administrator will still have an question that what is the difference
between service reload and restart.
Service reload is used whenever we changed something to the service and we would
like to push the changes to the service without interrupting the connected users.
Reloading the service will never change existing PID (Process Identity)
Service restart is used to restart the service which means stop and start the service,
whenever we run restart existing users will disconnect and new PID will be created. It
required little downtime to the service changes.
Before reloading the service status
[root@server ~]# systemctl status sshd.service

sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Thu 2016-04-28 05:56:52 IST; 16h ago
Process: 7228 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 1601 (sshd)
CGroup: /system.slice/sshd.service
└─1601 /usr/sbin/sshd -D
After reloading the service
[root@server ~]# systemctl reload sshd.service

[root@server ~]# systemctl status sshd.service
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Thu 2016-04-28 05:56:52 IST; 16h ago
Process: 7243 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
└─1601 /usr/sbin/sshd -D
if observe correctly PID before and after reload not changed.
Reset the “failed” state of the specified units
[root@server ~]# systemctl reset-failed sshd.service
8. Daemon reload option

After deleting the file or directory, you should reload the systemd process so that it no
longer attempts to reference these files and reverts back to using the system copies.
You can do this by typing:
[root@server ~]# systemctl daemon-reload
9. Isolating Targets using systemctl

command
It is possible to start all of the units associated with a target and stop all units that are
not part of the dependency tree. The command that we need to do this is called,
appropriately, isolate. This is similar to changing the runlevel in other init systems.
For instance, if you are operating in a graphical environment with graphical.target

active, you can shut down the graphical system and put the system into a multi-user
command line state by isolating the multi-user.target. Since graphical.target depends
on multi-user.target but not the other way around, all of the graphical units will be
stopped.
You may wish to take a look at the dependencies of the target you are isolating before
performing this procedure to ensure that you are not stopping vital services:
systemctl list-dependencies multi-user.target
When you are satisfied with the units that will be kept alive, you can isolate the target
by typing:
systemctl isolate multi-user.target
10. Create service snapshot and delete

Create a snapshot. If a snapshot name is specified, the new snapshot will be named
after it. If none is specified, an automatic snapshot name is generated. In either case,
the snapshot name used is printed to STDOUT, unless –quiet is specified.
A snapshot refers to a saved state of the systemd manager. It is implemented itself as a

unit that is generated dynamically with this command and has dependencies on all
units active at the time. At a later time, the user may return to this state by using the
isolate command on the snapshot unit.
Snapshots are only useful for saving and restoring which units are running or are
stopped, they do not save/restore any other state. Snapshots are dynamic and lost on
reboot.
[root@server ~]# systemctl snapshot sshd.service

sshd.service.snapshot
[root@server ~]# systemctl status sshd.service.snapshot
Loaded: loaded
[root@server ~]# systemctl delete sshd.service.snapshot

[root@server ~]# systemctl status sshd.service.snapshot
Loaded: not-found (Reason: No such file or directory)
Using Shortcuts for Important Events

Conclusion
Now you know how to use some of the systemctl commands to start, stop, restart,
mask , unmask and enable systemd services.
We are waiting for your valuable

comments dear, Don’t wait write your
feedback.

Search Engine Keywords :

systemd command in linux, systemctl command not found in linux, systemctl
command in linux, systemctl command not found linux, systemctl command not
found linux mint, what is systemctl command in linux, sudo systemctl command not
found, ubuntu systemctl command not found, systemctl list running services,
systemctl is enabled, systemctl mask, centos systemctl command not found,
systemctl list services, systemctl status, install systemctl ubuntu, systemctl command
not found centos, linux systemctl command, systemctl add service, systemctl start up,
systemctl disable service, systemctl commands, centos 7 systemctl add service, centos
7 service command, rhel 7 systemctl, centos 7 systemctl, bash sudo not found, bash
visudo command not found, bash sudo command not found, rosrun command not
found, systemctl status degraded, bash systemctl command not found, systemctl
command not found ubuntu, systemctl enable service, systemctl create new service,
systemctl command in linux, bash command not found linux, bash open command not
found, command not found bash script, install systemctl, ubuntu upstart systemd, does
ubuntu use systemd, ubuntu 14.04 systemd, systemd ubuntu, systemd how to,
systemctl linux, debian systemctl, centos systemctl, systemctl command not found,
systemctl service file, systemctl stop iptables, systemctl remove service, systemctl
stop, systemctl service file location, systemctl set default, systemctl is enabled static
nmcli command Network Manager

command Line tool RHEL 7/Centos 7
BY ARK · AUGUST 20, 2016
A new Operating system came with new nmcli command Network Manager
command line tool RHEL 7/Centos 7. Using nmcli command we can manage
Ethernet Card devices, Assigning Static IP Address, DHCP client, WIFI
connections, bridge connections, Bonds, Teaming and VLAN’s.
No need of editing configuration files to configure IP address, routing and
configuring Network devices
Let’s start with nmcli command

nmcli command syntax
[root@TechTutorials ~]# nmcli
Usage: nmcli [OPTIONS] OBJECT { COMMAND | help }
Manage Network devices
[root@TechTutorials ~]# nmcli device status
DEVICE TYPE STATE CONNECTION
eno16777736 ethernet connected eth0
lo loopback unmanaged --
[root@TechTutorials ~]# nmcli device show
GENERAL.DEVICE: eno16777736
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:3D:FA:DD
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: eth0
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/0
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 192.168.4.20/24
IP4.GATEWAY: 192.168.4.2
IP4.DNS[1]: 8.8.8.8
IP6.ADDRESS[1]: fe80::20c:29ff:fe3d:fadd/64
IP6.GATEWAY:
# Below command disconnects device

[root@TechTutorials ~]# nmcli device disconnect eno16777736
# Below command connects device

[root@TechTutorials ~]# nmcli device connect eno16777736
Device 'eno16777736' successfully activated with 'a80360f3-0972-4843-8d86-
a27ae37d8751'.
To manage Network connections flexible, using nmcli command we can create N

number of logical connections and we can active them based on
requirement. Basically we can’t active multiple connections yet a time but the
thing is we can active each connection yet a time.
Example: Network 1 IP series 192.168.1.x
Network 2 IP series 10.10.90.x
Network 2 IP series 172.168.2.x
every time when you want to change network connectivity to different network
you have to change IP address to that series, But here create multiple connections
and active them based on requirement. See below example, using single physical
NIC card created multiple logical connections and activated one connection yet a
time.
[root@TechTutorials ~]# nmcli connection add con-name 172series ifname eno16777736
type ethernet
Connection '172series' (ad091ed0-c221-4cd9-9e7a-6eb2063de4fe) successfully added.

type ethernet
Connection '192series' (6c3ba921-b303-4ded-b8cb-dbade432bc66) successfully added.

type ethernet
Connection '10series' (e717f706-539b-422a-a94a-f7fe49edb83e) successfully added.
[root@TechTutorials ~]# nmcli connection show
NAME UUID TYPE DEVICE
192series 6c3ba921-b303-4ded-b8cb-dbade432bc66 802-3-ethernet --

172series ad091ed0-c221-4cd9-9e7a-6eb2063de4fe 802-3-ethernet --
eth0 a80360f3-0972-4843-8d86-a27ae37d8751 802-3-ethernet eno16777736
10series e717f706-539b-422a-a94a-f7fe49edb83e 802-3-ethernet --
List out active connections only

[root@TechTutorials ~]# nmcli connection show --active
Assigning static IP Address to existing

connection
[root@TechTutorials ~]# nmcli connection modify 10series ipv4.addresses 10.10.90.2
ipv4.gateway 10.10.90.1 ipv4.dns 4.4.4.4 +ipv4.dns 8.8.8.8
make connections to connect automatically after server reboot
[root@TechTutorials ~]# nmcli connection modify 10series connection.autoconnect

yes
above command will make sure that connection should connect automatically after
server reboot
Know the status of NetworkManager
[root@TechTutorials ~]# nmcli -t -f RUNNING general
running
It will tell whether NetworkManager is Running OR Not

[root@TechTutorials ~]# nmcli -t -f STATE general
connected
To the State of NetworkManager
[root@TechTutorials ~]# nmcli radio wifi off
[root@TechTutorials ~]# nmcli radio wifi on
[root@TechTutorials ~]# nmcli radio all
WIFI-HW WIFI WWAN-HW WWAN
enabled enabled enabled enabled
Switch off / Switch on and know the status of Wifi connection

To see all configured profile details in multiline information using below command
[root@TechTutorials ~]# nmcli -p -m multiline -f all con show
======================================================
NetworkManager connection profiles
======================================================
NAME: eth0
UUID: a80360f3-0972-4843-8d86-a27ae37d8751
TYPE: 802-3-ethernet
TIMESTAMP: 1471705850
TIMESTAMP-REAL: Sat 20 Aug 2016 08:40:50 PM IST
AUTOCONNECT: yes
AUTOCONNECT-PRIORITY: 0
READONLY: no
DBUS-PATH: /org/freedesktop/NetworkManager/Settings/2
ACTIVE: yes
DEVICE: eno16777736
STATE: activated
ACTIVE-PATH: /org/freedesktop/NetworkManager/ActiveConnection/0
---------------------------------------------------------
Using below command to list only active connections, As we can see eth0 is in
active state.
[root@TechTutorials ~]# nmcli connection show --active

To enable auto connect connections after every reboot, to check whether
connections are in autoconnect or not
[root@TechTutorials ~]# nmcli -f name,autoconnect c s
NAME AUTOCONNECT
eth0 yes
192series yes
10series yes
172series yes
Objects we can use as like above we have used c and s

general NetworkManager’s general status and operations
networking overall networking control
radio NetworkManager radio switches
connection NetworkManager’s connections
device devices managed by NetworkManager
agent NetworkManager secret agent or polkit agent
Profile connection details full and complete details using below command
[root@TechTutorials ~]# nmcli -p connection show eth0
===============================================================================
Connection profile details (eth0)
===============================================================================
connection.id: eth0
connection.uuid: a80360f3-0972-4843-8d86-a27ae37d8751
connection.interface-name: eno16777736
connection.type: 802-3-ethernet
connection.autoconnect: yes
connection.autoconnect-priority: 0
connection.timestamp: 1471706450
connection.read-only: no
connection.permissions:
connection.zone: --
connection.master: --
connection.slave-type: --
connection.secondaries:
connection.gateway-ping-timeout: 0
OUTPUT TRUNCATED...
Show profile with all passwords of Wifi

[root@TechTutorials ~]# nmcli connection show --show-secrets "WiFi"
Show details about wifi connection profile with all passwords
[root@TechTutorials ~]# nmcli -f active connection show eth0
GENERAL.NAME: eth0
GENERAL.UUID: a80360f3-0972-4843-8d86-a27ae37d8751
GENERAL.DEVICES: eno16777736
GENERAL.STATE: activated
GENERAL.DEFAULT: yes
GENERAL.DEFAULT6: no
GENERAL.VPN: no
GENERAL.ZONE: --
GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/0
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/2
GENERAL.SPEC-OBJECT: /
GENERAL.MASTER-PATH: --
IP4.ADDRESS[1]: 192.168.4.20/24
IP4.GATEWAY: 192.168.4.2
IP4.DNS[1]: 8.8.8.8
IP6.ADDRESS[1]: fe80::20c:29ff:fe3d:fadd/64
IP6.GATEWAY:
shows details for “eth0” active connection, like IP, DHCP information, etc.
Thanks for the read.
Related Articles
Generating Linux Audit Reports
Screen Recording Software RHEL
How to install adobe flash player in Ubuntu Linux
Root user password reset in RHEL 7
SSH Server (Secure Shell) Installation

and Configuration RHEL 7 / Centos 7
BY ARK · MARCH 15, 2017
SSH Server (Secure Shell) is a program for logging into a remote host / server and
managing remote host / server by executing commands. It is intended to provide
secure encrypted communications between client and server over an insecure
network. SSH will also support X11 forwarding (which means executing GUI
tasks).
SSH Server Profile
 Packages : yum install openssh
 Port Number: 22 is default
 Config File: /etc/ssh/sshd_config
 Daemon Name: sshd
Advantages of SSH Server
 It Provides secure connection to remote host
 Using SSH we can also copy files from one host to another host (SCP)
Secure copy
 Upload file securely using SFTP
 Execute commands on remote host
 Create Passwordless authentication (Key Based Authentication ) to run
automated scripts
SSH Server (Secure Shell) Installation and

configuration
To install SSH Server it’s so simple using yum / rpm packages. Most of the
installation methods will install openssh packages along with the Operating System
installation itself.
[root@ArkitServer ~]# yum install openssh
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use
subscription-manager to register.
RHEL7 | 4.1 kB 00:00:00
(1/2): RHEL7/group_gz | 136 kB 00:00:00
(2/2): RHEL7/primary_db | 3.9 MB 00:00:00
Package openssh-6.6.1p1-31.el7.x86_64 already installed and latest version
Nothing to do
Enable and Start Services
[root@ArkitServer ~]# systemctl enable sshd.service
[root@ArkitServer ~]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon

Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset:
enabled)
Active: active (running) since Wed 2017-03-15 20:54:55 IST; 23min ago
Docs: man:sshd(8)
man:sshd_config(5)
└─1201 /usr/sbin/sshd
Configure SSH Settings using config file

[root@ArkitServer ~]# vi /etc/ssh/sshd_config
Restrict access to particular Network by adding network id. Example:

192.168.1.0/24
#ListenAddress 0.0.0.0
#ListenAddress ::
Change SSH default port to something else (instead of 22). After defining the port
number in config file we have to apply SELinux policy
Port 1028
run below command to change SELinux context
semanage port -a -t ssh_port_t -p tcp 1028
Log authentication related logs to log file, If you hash out the SyslogFacility
authentication related messages will not be logged
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
How to Permit Root Login via SSH..?

Permit root login from SSH you have to un-comment below config line (by default
root is allowed). If you would like to deny root login via SSH instead of ‘yes’ write
‘no’
#PermitRootLogin yes
Enabling Key Based authentication, remote host keys would be added to required
file. Customization can be done by specifying below parameter in config file
AuthorizedKeysFile .ssh/authorized_keys
GUI windows access using SSH, Enable X11forwarding so that you can run GUI
window on remote host from SSH
X11Forwarding yes
Banner Message when user logged in to server using SSH, user will see an banner
message. To specify Banner message enable below config line
Banner /filepath
Allow to ssh only particular group members
AllowGroups groupname
Likewise there are so many options to configure SSH Server (Secure Shell) and
optimize
Conclusion: SSH is used to connect remote servers securely and manage them easily.
Mostly used protocol in the world is SSH.
How to Setup Passwordless Authentication to run scripts
SELinux Context
How You Know You’re Doing ps
Command Linux The Right Way –
Video
BY ARK · PUBLISHED DECEMBER 22, 2016 · UPDATED JANUARY 26, 2017
In this article we are going to see ps command Linux as video session. ps
command displays report a snapshot of the current processes. ps displays
information about a selection of the active processes. If you want a repetitive
update of the selection and the displayed information, use top instead.
ps command Linux
To see every process on the system using standard syntax
[root@ArkITShell ~]# ps -e
[root@ArkITShell ~]# ps -ef
[root@ArkITShell ~]# ps -eF
[root@ArkITShell ~]# ps -ely
See every process on the system using BSD syntax
[root@ArkITShell ~]# ps ax
[root@ArkITShell ~]# ps axu
Print a process tree

[root@ArkITShell ~]# ps -ejH
[root@ArkITShell ~]# ps axjf
Get info about threads
[root@ArkITShell ~]# ps -eLf
[root@ArkITShell ~]# ps axms
Security info
[root@ArkITShell ~]# ps -eo euser,ruser,suser,fuser,f,comm,label
[root@ArkITShell ~]# ps axZ
[root@ArkITShell ~]# ps -eM
To see every process running as root (real & effective ID) in user format:
[root@ArkITShell ~]# ps -U root -u root u
To see every process with a user-defined format
[root@ArkITShell ~]# ps -eo

pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
[root@ArkITShell ~]# ps axo stat,euid,ruid,tty,tpgid,sess,pgrp,ppid,pid,pcpu,comm
[root@ArkITShell ~]# ps -Ao pid,tt,user,fname,tmout,f,wchan
Print only the process IDs of syslogd
[root@ArkITShell ~]# ps -C syslogd -o pid=
Print only the name of PID 42
[root@ArkITShell ~]# ps -q 42 -o comm=
That’s about ps command in Linux.
Related Articles
analyze Linux system performance
20 ssh interview questions and answers
Linux directory structure changed in RHEL7 – FHS file hierarchy standard
Identify processes that make heavy use

of the CPU and memory
BY ARK · SEPTEMBER 10, 2016
Identify processes that make heavy use of the CPU and memory, set the priority of
processes renice and kill processes. Traditionally, in any unix ‘ps’ it is the
command to identify the processes with their respective characteristics, qualities
and states. This traditional command in GNUs systems supports 3 types of syntax
for the parameters, namely: UNIX, BSD and GNU. To simplify this post will use
the UNIX syntax which allows grouping the various options and require.
Identify processes that make heavy use of

the CPU and memory
Command syntax:
ps <Options> arguments
For example:
[root@TechTutorials ~]# ps -aux
It should be noted, ps is not equal to ps -a.

Process Snapshot (ps)
The ps command lists the processes depending on the parameters that we pass
modifiers.
Let’s review the most relevant:
ps -e / -A List all processes
List -x processes that are associated with a terminal (TTY) -U Lists the processes
associated with one or several users
-o it Used to determine which characteristics of the process will be listed
The most interesting -o parameters are:
 % Cpu% CPU cpu utilization of the process in “##. #” Format.
 % Mem% MEM ratio of the process’s resident set size to the physical
memory on the machine, Expressed as a percentage
 args COMMAND command With all its arguments as a string.
Modifications to the arguments May be shown.
 cgroup cgroup Control display groups to Which the process belongs.
 or NI nice value. This ranges from 19 (nicest) to -20 (not nice to others)
 pid PID to the process ID number Representing
 ppid PPID parent process ID
We can then combine these parameters in the following output:
[root@TechTutorials ~]# ps -e -o pid,% cpu,% mem, args
Which would give us the pid, the percentage of CPU used, the percentage of
memory used and the arguments with which the program is run. Another
interesting parameter is cgroup, because since we have systemd, all processes
running under the control of a group (control group).
You can find these settings and many more doing ‘man ps’ in section STANDARD
FORMAT Specifiers
The last tip is: to sort the output, use -sort, and specify on the basis that we want to
sort the output parameter.
For example we ordain by percentage of CPU processing:
[root@TechTutorials ~]# ps -e -o pid,% cpu, cpu command --sort%
Table of Process (top)

Another classic command of UniXS, we will list the table real-time process and
resource consumption. Also, default orders top processes by CPU consumption,
which enables us to find which programs are consuming more resources.
R can be changed by pressing the priority number of a process and k can send a
signal to kill the process.
You can find a good post on top here
Nice & renice
The UniXS systems allow processing set priorities for the CPU ‘focus’ mainly on
certain tasks and relegates others.
Nice to execute a command with a given priority:
[root@TechTutorials ~]# nice -n 5 command --argument

If the process were already running, we can reassign the priority with renice
referencing its pid:
[root@TechTutorials ~]# renice -n April 2345
Kill and derivatives

Finally, to eliminate a process, we have the kill command.
Unix establishes different signals that can send to a process, the most common are
SIGHUP (1) (die and run again), SIGTERM (15) (notifies the process that has to
end its execution, but gives you time to close the file descriptors and kill their
children) and SIGKILL (9) (terminates the process immediately) l.
Thus, we can send these signals using the PID and the number of signal:
[root@TechTutorials ~]# kill -s September 2345
Killall and pkill allow us to do the same, but looking for the process name:
[root@TechTutorials ~]# killall -s 9 xchat
Another interesting post on the subject here

conclusion
These topics are essential for any administrator linux / unix, so we just did a brief
review, there is no difference in Red Hat 7 what we know at this point.
Related Articles
htop command in Linux
Linux File System Usage Monitoring Script
rsyslog Server Installation and

Configuration In RHEL 7 and Centos
7
BY ARK · PUBLISHED APRIL 23, 2016 · UPDATED MAY 31, 2018
rsyslog server is used to collaborate all server logs to centralized place. System
administrator no need to login each and every device to collect logs, just install and
configure rsyslog server and watch all server logs using single command. Linux
labels (auth, cron, ftp, lpr, authpriv, news, mail, syslog, etc ,..) the log messages to
indicate the type of software that generated the messages with severity (Alert,
critical, Warning, Notice, info, etc ,..).
What is syslog server

In computing, syslog is a standard for message logging. It permits separation of
the software that generates messages, the system that stores them, and the software
that reports and analyzes them. Each message is labeled with a facility code,
indicating the software type generating the message, and assigned a severity label.
Required Hardware and Software

rsyslog server should have at-least 4GB of RAM. 2CPU cores. 1Giga byte
Network card. Installed with RHEL 7 (Red Hat Enterprise Linux 7, 7.1, 7.2 OR
Centos 7).
Server Profile
 Packages: rsyslog*
 Service / Daemon Name: rsyslog.service
 Port number: 514
 Config File: /etc/rsyslog.conf
In this article we are using Server IP: 192.168.4.20 Client IP: 192.168.4.21 for
demonstrate
rsyslog Server side configuration

[root@server ~]# hostname
server.arkit.co.in
Installing rsyslog packages

[root@server yum.repos.d]# yum install rsyslog*
Dependency Installed:
librelp.x86_64 0:1.2.0-3.el7 postgresql-libs.x86_64 0:9.2.7-1.el7
Complete!
Enable and start the services

We have to enable the service first because whenever you restart the rsyslog server
it should automatically start after the reboot. If you did not enable the service it
will not start we have to start service manually.
[root@server ~]# systemctl enable rsyslog.service
[root@server ~]# systemctl start rsyslog.service
[root@server ~]# systemctl status rsyslog.service
Edit config file

Before enabling the config
[root@server ~]# vi /etc/rsyslog.conf

# rsyslog configuration file
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
After the Change
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception

$ModLoad imtcp
$InputTCPServerRun 514
:wq! (Save & Exit)
Restart the service to effect the change

[root@server ~]# systemctl restart rsyslog.service
Allow firewall ports from server

Default port number for syslog is 514
[root@server ~]# firewall-cmd --permanent --add-port=514/tcp
success
[root@server ~]# firewall-cmd --permanent --add-port=514/udp
success
[root@server ~]# firewall-cmd --reload
success
Verify Service is listening
[root@server ~]# netstat -antup | grep 514
Client Side
ping to server and verify server is reachable from client
[root@desktop ~]# hostname

desktop.arkit.co.in
[root@desktop ~]# ping 192.168.4.20
PING 192.168.4.20 (192.168.4.20) 56(84) bytes of data.
64 bytes from 192.168.4.20: icmp_seq=1 ttl=64 time=0.481 ms
Edit the config file
[root@desktop ~]# vi /etc/rsyslog.conf
*.* @@192.168.4.20:514
:wq! (Save & Exit)
As shown above we have to point the client to send logs. . means all the logs. if
would like to specify only particular logs then do not specify . in client config.
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.

mail.* -/var/log/maillog
# Log cron stuff

cron.* /var/log/cron
# Everybody gets emergency messages

*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.

uucp,news.crit /var/log/spooler
Restart the service
[root@desktop ~]# systemctl restart rsyslog.service
[root@desktop ~]# systemctl status rsyslog.service
Test logs
open log file in server and switch the users in client machine
[root@server log]# tail -f /var/log/secure
Apr 23 16:16:02 desktop su: pam_unix(su-l:session): session closed for user atkit
That’s about rsyslog server configuration.

Please provide your valuable feedback on the same
Related Articles
HowTo Install GNOME Desktop in Centos 7
Configuring MAC Binding in DHCP Server
DHCP Server installation and configuration Centos 7
20 useful tar and zip commands to

compress and extract files
BY ARK · PUBLISHED JANUARY 25, 2016 · UPDATED AUGUST 15, 2018
20 useful tar and zip commands It is useful to store a group of files in one file for
easy backup, for transfer to another directory, or for transfer to another computer.
It is also useful to compress large files; compressed files take up less disk space
and download faster via the Internet.
It is important to understand the distinction between an archive file and a
compressed file. An archive file is a collection of files and directories stored in one
file. The archive file is not compressed — it uses the same amount of disk space as
all the individual files and directories combined. A compressed file is a collection
of files and directories that are stored in one file and stored in a way that uses less
disk space than all the individual files and directories combined. If disk space is a
concern, compress rarely-used files, or place all such files in a single archive file
and compress it.
Note: tar file is not a compressed file, but compressed file is archived file
As we so many extensions to compress the files using tar command, as we take
few examples in this article. All the extensions will work to compress the files and
directories but there compression ratio is different compare to each other. Based
extension compression ratio we can use different options.
1. gzip
2. bzip
3. zip
Syntax: tar <File Name.tar> <directory / file path>
20 useful tar and zip commands

1. Archiving files using tar command
Archiving is not an compression of files and directories it’s an kind of group all the
files and directories together in single file, instead of multiple files. After creating
an archive file, we can’t see size difference in between actual file system size and
archive file.
Let’s see an example below
[root@TechTutorial tar]# du -h *.txt <<-- Files Size before creating an archive
[root@TechTutorial tar]# tar -cvf ravi.tar *.txt << to Create an Archive file
command
[root@TechTutorial tar]# du -h ravi.tar << -- After Creating an archive file size
380K ravi.tar
explanation of tar command options

 -c Create an archive file
 -v verbose (display all files status to archive)
 -f specifying the files
2. Extracting an archive file

In order to extract the archive file we have to use -x option along with tar
command
[root@TechTutorial tar]# tar -xvf ravi.tar

3. Updating an archive file with newly
created files
There is a requirement that, we have to update an archive file by adding only
newly created files. Adding only newly created files to archive will save us the lot
of time.
Let’s see an example as shown below, when we use -u option along with tar
command it will update the tar file with newly created files
[root@TechTutorial tar]# tar -uvf ravi.tar *.txt
Techtutorials.txt
4. List files from archive without

extracting them
all the times we know need to extract an archive in order to see the archive content,
if it is an large file its very difficult to extract and it takes lot of time to extract and
required disk space as well to extract the files.
We have to use ‘-t’ option to see all files which are there in archive file
[root@TechTutorial tar]# tar -tf ravi.tar
5. Extract single file from archive

This option is very handy whenever we have an large archive file, we need only
single file from that archive to be restored. In order to restore an single file from
archive we have to use wildcards
[root@TechTutorial tar]# rm -rf *.txt <<-- Deleted all the Files from current
location
[root@TechTutorial tar]# ls << -- After Deletion we have below files
3 arkit10.doc arkit1.doc arkit2.doc arkit3.doc arkit5.doc arkit6.doc

arkit7.doc arkit8.doc arkit9.doc ravi.tar
[root@TechTutorial tar]# tar -xvf ravi.tar Techtutorials.txt <<<-- Restored an

single file from archive
Techtutorials.txt
above is the example how we can restore a single from archive
6. Extract multiple files from archive (not

all files)
As you see in 5th step we extracted single file from archive, in the same way we
are going to extract an multiple files from archive (not all).
Note: in order to extract files from archive you have to know exact file names, you
can use ‘-t’ to see all the files in archive
[root@TechTutorial tar]# rm -rf Techtutorials.txt <<-- To get clarity deleted

previous presented files
[root@TechTutorial tar]# tar -xvf ravi.tar "Techtutorials.txt" "test1.txt"
test1.txt
Techtutorials.txt
[root@TechTutorial tar]# rm -rf Techtutorials.txt test1.txt
[root@TechTutorial tar]# tar -xvf ravi.tar --wildcards *.txt
Note: As we deleting the previous files only for demonstration only, DO NOT
DELETE FILES in your environment.
you can mention multiple file names and also we can use wildcard option to restore
multiple files as shown above example
7. Compressing files in gzip

As of now we see how to archive an files (grouping files together in single file).
After creating an archive we did not get an space saving benefit because archive
will not compress an files, file size will not decrease. When we compress an files
we save disk space. If we want to create ‘gzip’ file with extension ‘.gz’ we have to
use ‘-z’ option along with ‘tar’ command.
Let’s see an example
[root@TechTutorial tar]# tar -czvf tech.tar.gz *.txt

[root@TechTutorial tar]# ls
3 arkit2.doc arkit6.doc arkit9.doc kumar.txt tech.tar.gz

test1.txt test4.txt
arkit10.doc arkit3.doc arkit7.doc d.txt ravi.tar Techtutorials.txt

test2.txt
arkit1.doc arkit5.doc arkit8.doc g.txt ravi.txt tech.txt

test3.txt
[root@TechTutorial tar]# du -h tech.tar.gz
4.0K tech.tar.gz
[root@TechTutorial tar]# du -h *.txt
As shown in above example, after compression of text files using ‘-z’ we got an
compression file size is 4KB actual file size 380KB
8. Compressing files using bzip

Its also same like ‘gzip’ only but compression ratio of ‘.bz2′ is more compare
to ‘.gz’ we are going to compress same files as we used in above example and see
how much we will get the compressed file size, for ‘bzip’ we have to use ‘-
j’ option.
[root@TechTutorial tar]# tar -cjvf 1tech.tar.bz2 *.txt

[root@TechTutorial tar]# du -h 1tech.tar.bz2
4.0K 1tech.tar.bz2
In this comparison of ‘.gz’ and ‘.bz2’ compression methods practical examples are
below
9. Compression ratio of .gz (gzip) and .bz2

(bzip)
After compressing 34MB using ‘.gz’ output file size is 8.6MB.
Using same files compressed with ‘.bz2’ output file size is 7.2MB.
Comparatively .bz2 compression ratio is higher than .gz
[root@TechTutorial tar]# du -h tarr.tar.gz
8.6M tarr.tar.gz
[root@TechTutorial tar]# du -h tarr.tar.bz2
7.2M tarr.tar.bz2
10. Extracting compressed files from

‘gzip’ and ‘bzip’
To extract ‘gzip’ and ‘bzip’ files we have to use ‘-x’ option along with there own
options ‘-z’ for gzip and ‘-j’ for bzip.
Below is the example for extracting the ‘bzip’ file
[root@TechTutorial tar]# tar -xjvf 1tech.tar.bz2
d.txt
Below is the practical example for extracting the ‘gzip’ file
[root@TechTutorial tar]# tar -xzvf tech.tar.gz
d.txt
11. zipping the files using zip command

zip command is used to compress the files with .zip extension, zip is available in
different platform’s such as Unix, Linux, Windows and MAC.
Syntax: zip <Destination File Path and Name>.zip <source
files to compress>
below is the example to compress the files using ‘zip’ command
[root@TechTutorial tar]# zip docfiles.zip *.txt
adding: d.txt (deflated 100%)
12. zipping files and directories along with

sub directories and its files
When we use remote directory compression using ‘zip’ command it will not
compress all the sub directories and its content in order to compress all the sub
directories and its files we have to use ‘-r’ along with zip command
[root@TechTutorial tar]# zip -r subdir.zip ravi/
adding: ravi/ (stored 0%)
13. compressing with high compression

ratio
zip command has good feature that we can also mention an compression ratio
option from 1 to 9. 9 gives high compression.
[root@TechTutorial tar]# zip -9 -r deepcompress.zip ravi/
14. Excluding particular file / directory

from compression
Exclude file from compression in order to do that ‘-x’ we have to use.
[root@TechTutorial tar]# zip -r compress1.zip ravi/ -x ravi/g.txt
15. Delete particular file from zip

Delete an file from compressed file using option ‘-d’ along with zip command
[root@TechTutorial tar]# zip -d compress1.zip ravi/tech.txt
deleting: ravi/tech.txt
16. Update newly created files to zip

Updating zip file using ‘-u’ option which will only add newly created files to zip
file.
[root@TechTutorial tar]# touch Update2.txt
[root@TechTutorial tar]# zip -u compress1.zip *.txt
adding: Update2.txt (stored 0%)
17. Update zip with newly modified files

Update only modified files to zip file, in order to do modified file update use ‘-
fr’ option
[root@TechTutorial tar]# zip -fr compress1.zip *.txt
freshening: Update2.txt (stored 0%)
[root@TechTutorial tar]#
18. List all files from zip without

extracting them
List all files from zip without extracting them
# less compress.zip
19. Check zip file content without

extracting
Without extracting zip file, if you want to see zipped file content you can see using
‘zmore’ and ‘zless’ commands.
# zmore compress.zip
# zless comress.zip
20. De-compress zip file

In order to extract the zip file we have to use ‘unzip’ command. If files are exists it
will ask you for the confirmation to re-write the same.
[root@TechTutorial tar]# unzip compress1.zip
Archive: compress1.zip
replace d.txt? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
Conclusion
We can group all files and directories in a single file by archiving, We can also
compress the files and directories in order to save the disk space. Archiving files and
directories will not save a disk space.
Thanks for your precious time, please write

your comments below ….
Linux Tutorial
lsof commands
15 scp commands securely copy files

to remote servers Linux
BY ARK · PUBLISHED JULY 21, 2016 · UPDATED JULY 13, 2017
Basically to copy files/directories from one Server/Machine to another we have to
use file sharing services such as Samba(SMB) OR NFS, but we don’t want to
create an Samba server / NFS server just to copy required files/directories one
time. Here is an solution where we can make use of 15 scp commands securely
copy files to remote server. This scp command examples works an all the Unix /
Linux flavors.
scp copies files between hosts on a network. It uses SSH for data transfer, and uses
the same authentication and provides the same security as SSH. Unlike rcp, scp
will ask for passwords or passphrases if they are needed for authentication.
scp command example syntax
scp [options] Source Destination
15 scp commands advantages

 scp use SSH as dependant
 SCP use cipher systems AES, Blowfish, 3DES, CAST128, and Arcfour
which are supported by SSH
 We can also use passphrase to authenticate
Environment for demonstration
 Server (Source) 192.168.4.20
 Desktop (Destination) 192.168.4.200
1. Copy File from Source to Destination ( Server1 –
> Server2)
A simple way to copy the file from server to desktop use below command.
[root@TechTutorials ~]# scp test root@192.168.4.200:/root/Desktop
2. Copy multiple files from source to destination

In this below example we just copy multiple files to remote host, as custom
selected files (required files)
[root@TechTutorials ~]# scp initial-setup-ks.cfg file1 file2

root@192.168.4.200:/root/Desktop/
scp commands
3. Copy directory instead of copying single / multiple

files
If we have an multiple files in a directory instead of copying all the files separately
we can just copy entire directory as it is to destination. Let’s see an example
command
[root@TechTutorials ~]# scp -r test root@192.168.4.200:/tmp/
As we see an above example we copied an ‘test’ directory to destination server.

To copy directory ‘-r’ option have to use along with scp command
4. Preserving the time stamp as like source
When you copy files / directories from Source to Destination, we get an latest time
stamp in destination side. Copy the files / directories exact as like source (all
attributes will be copied) so exact time stamp and permissions will be copied.
[root@TechTutorials ~]# scp -rvp test root@192.168.4.200:/root/Desktop/
preserving attributes
5. Compress and copy files / directories

faster – 15 scp commands examples
Using ‘-C’ option will compress and copy the files / directories to destination. Data
compression will happens in Network level and destination receives data size as it
is in source.
[root@TechTutorials ~]# scp -C linux-nrpe-agent.tar.gz root@192.168.4.200:/root/
6. Know your copy status

If you would like to see an copy status, we have to use ‘-v’ option along with scp
command. Verbose will be displayed
[root@TechTutorials ~]# scp -v file1 root@192.168.4.200:/root/

Executing: program /usr/bin/ssh host 192.168.4.200, user root, command scp -v
-t /root/
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
root@192.168.4.200's password:
7. Use random port to along with scp command

We can also specify particular port to copy data from source to destination
[root@TechTutorials ~]# scp -P 22 file2 root@192.168.4.200:/root/Desktop/
8. Suppress scp command output (verbose)

warning and error messages Just copy
Quiet mode: disables the progress meter as well as warning and diagnostic
messages from ssh
[root@TechTutorials ~]# scp -vq file1 root@192.168.4.200:/tmp/
Executing: program /usr/bin/ssh host 192.168.4.200, user root, command scp -v

-t /tmp/
Sending file modes: C0644 32 file1
Sink: C0644 32 file1
9. copy/scp files/directories without using

password
Generate an ssh key and copy to destination which makes passwordless connection
[root@TechTutorials ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ff:37:20:a2:52:a3:88:f8:23:de:ef:ef:79:ed:a8:49 root@TechTutorials
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| |
| S |
| o ... . |
|.. . o E .o. . |
|+ + o o o..o o |
|.+.oo+o*o..... . |
+-----------------+
[root@TechTutorials ~]# ssh-copy-id root@192.168.4.200
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter
out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted
now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.4.200'"

and check to make sure that only the key(s) you wanted were added.
Now initiate an scp will not ask any password
[root@TechTutorials ~]# scp key stdin root@192.168.4.200:/root/
without password copy files
10. Instead password use key file

To use key file we have to mention ‘-i’ option along with 15 scp commands
[root@TechTutorials ~]# scp -i privatekey.key anaconda-ks.cfg
root@192.168.4.200:/root/
11. Use SSH config file to scp

Here in 15 scp commands we can also use predefined parameters to make scp
copy easier
All possible values with scp command
AddressFamily
BatchMode
BindAddress
CanonicalDomains
CanonicalizeFallbackLocal
CanonicalizeHostname
CanonicalizeMaxDots
CanonicalizePermittedCNAMEs
ChallengeResponseAuthentication
CheckHostIP
Cipher
Ciphers
Compression
CompressionLevel
ConnectionAttempts
ConnectTimeout
ControlMaster
ControlPath
ControlPersist
GlobalKnownHostsFile
GSSAPIAuthentication
GSSAPIDelegateCredentials
HashKnownHosts
Host
HostbasedAuthentication
HostKeyAlgorithms
HostKeyAlias
HostName
IdentityFile
IdentitiesOnly
IPQoS
KbdInteractiveAuthentication
KbdInteractiveDevices
KexAlgorithms
LogLevel
MACs
NoHostAuthenticationForLocalhost
NumberOfPasswordPrompts
PasswordAuthentication
PKCS11Provider
Port
PreferredAuthentications
Protocol
ProxyCommand
PubkeyAuthentication
RekeyLimit
RhostsRSAAuthentication
RSAAuthentication
SendEnv
ServerAliveInterval
ServerAliveCountMax
StrictHostKeyChecking
TCPKeepAlive
UsePrivilegedPort
User
UserKnownHostsFile
VerifyHostKeyDNS
[root@TechTutorials ~]# scp -F .ssh/config anaconda-ks.cfg

root@192.168.4.200:/root/
12. Execute remote to remote host copy

Scenario is copy files from Server2 –> Server3 execute scp command from
Server1
[root@TechTutorials ~]# scp root@192.168.2.20:/root/file1 root@192.168.4.200:/tmp/

13. Use different Encryption algorithm to
copy
As i mentioned in above of this article SSH will support not only AES encryption
it will also support more algorithms, we can also specify which algorithm yo want
to use
[root@TechTutorials ~]# scp -c 3des nagios-plugins-2.1.1.tar.gz

root@192.168.4.200:/tmp/
14. Use specified bandwidth scp command

examples
Whereas we may not have much bandwidth to copy files from source to
destination, if we push numbers of files yet time with low bandwidth Network will
choke/breaks. Instead of breaking we take an action to limit and copy. All the
values of bandwidth we mention in Kilo-bits.
[root@TechTutorials ~]# scp -l 500 nagios-plugins-2.1.1.tar.gz

root@192.168.4.200:/tmp/
15. Shell script to copy files / directories to multiple

Servers with single command
To make 15 scp commands simple i made an simple scripts which help you to copy
files/directories to multiple servers using single command. Use passwordless
connection which makes your work more easier
To use this script we have to write list of servers in /tmp/destfile.txt
# vi /tmp/destfile.txt
192.168.4.200
192.168.4.2
192.168.4.90
#chmod 777 /tmp/destfile.txt
Now Create a file anywhere where to keep script file. In this example i want to
keep my script in /scripts/ directory
# vi /scripts/multiscp.sh
#!/bin/bash
## Author: Ankam Ravi Kumar
## Purpose: Copy files to multiple Server using single script
## Date: 21st July 2016
echo -e "Please Enter the file path which you want to copy:\c"
read file
for dest in `cat /tmp/destfile.txt`; do

scp -rC $file ${dest}:/tmp/
done
How to execute this file
# chmod u+x /scripts/multiple.sh
# sh /scripts/mutiple.sh
Output of the script
[root@Techtutorials ~]# sh multiscp.sh
Conclusion
15 scp commands which makes our life easy to copy files/directories instantly to
remote servers. scp command examples are most useful for transferring files and
directory content from one server to another server.
Thanks for the read please write your feedback on the same.
Related Articles
SSH to remote server without password
File System Usage Monitoring using Shell Script
How to Monitor CPU utilization using Shell Script
Take Remote Desktop of Linux Machine
YUM (YellowDog Updater Module)

Local installation and configuration
step by step guide
BY ARK · FEBRUARY 26, 2017
Yum is the Red Hat package manager that is able to query information about
available packages, fetch packages from configured repositories, install and
uninstall them, and update an entire system to the latest available version. Yum
performs automatic dependency resolution on packages you are updating,
installing, or removing, and thus is able to automatically determine, fetch, and
install all available dependent packages. In this article YUM ( YellowDog Updater
Module ) Local installation and configuration step by step guide.
Yum can be configured with new, additional repositories, or package sources, and
also provides many plug-ins which enhance and extend its capabilities. It is able to
perform many of the same tasks that RPM can’t additionally, many of the
command-line options are similar. Yum enables easy and simple package
management on a single machine or on groups of them.
It provides secure package management by enabling GPG (Gnu Privacy Guard)
signature verification on GPG-signed packages to be turned on for all package
repositories or for individual repositories. When signature verification is enabled,
Yum will refuse to install any packages not GPG-signed with the correct key for
that repository. This means that you can trust that the RPM packages you
download and install on your system are from a trusted source, such as Red Hat,
and were not modified during transfer.
YUM (YellowDog Updater Module)

Advantages
 Resolving dependencies automatically
 It support upgrade to next version
 Install packages securely
 Does not required to download packages separately
Local YUM Installation and Configuration

Guide
If your CD/DVD media already in CD/DVD drive then simply mount using below
command
[root@ArkIT ~]#mount /dev/sr0 /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
[root@ArkIT ~]#df -h /mnt

/dev/sr0 3.7G 3.7G 0 100% /mnt
Mount ISO file
[root@ArkIT ~]# mount -o loop RHEL7.iso /mnt/
Note: Permanent Local YUM server copy entire Dvd content to server path.
[root@ArkIT ~]#cd /mnt/
[root@ArkIT mnt]#cp -Rv * /rpms/
Configure YUM repository
[root@ArkIT Packages]#rpm -ivh createrepo-0.9.9-23.el7.noarch.rpm
Preparing... ################################# [100%]
package createrepo-0.9.9-23.el7.noarch is already installed
Edit the Configuration file and add the config
[root@ArkIT ~]#cd /etc/yum.repos.d/

[root@ArkIT rpms]#vi /etc/yum.repos.d/yumserver.repo
[root@ArkIT rpms]#cat /etc/yum.repos.d/yumserver.repo
[RHEL7]
name=DVD media
baseurl=file:///rpms/
enabled=1
gpgcheck=1
gpgkey=file:///rpms/RPM-GPG-KEY-redhat-release
Verify enabled repository
[root@ArkIT ~]#yum repolist
Loaded plugins: langpacks, product-id, subscription-manager
repo id repo name status
!RHEL7 DVD media 4,371
repolist: 4,371
[root@ArkIT ~]#yum repolist enabled
repo id repo name status
!RHEL7 DVD media 4,371
repolist: 4,371
Install VNC Packages trough yum and

check
[root@ArkIT ~]#yum install vnc*
Package tigervnc-server-1.2.80-0.30.20130314svn5065.el7.x86_64 already installed

and latest version
Resolving Dependencies
--> Running transaction check
---> Package tigervnc.x86_64 0:1.2.80-0.30.20130314svn5065.el7 will be installed

--> Finished Dependency Resolution
Dependencies Resolved
================================================================
Package Arch Version Repository Size
================================================================
Installing:
tigervnc x86_64 1.2.80-0.30.20130314svn5065.el7 RHEL7 212 k
Transaction Summary
=================================================================
Install 1 Package
Total download size: 212 k
Installed size: 527 k
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : tigervnc-1.2.80-0.30.20130314svn5065.el7.x86_64 1/1
Verifying : tigervnc-1.2.80-0.30.20130314svn5065.el7.x86_64 1/1
Installed:
tigervnc.x86_64 0:1.2.80-0.30.20130314svn5065.el7
Complete!
Conclusion
Local YUM server is more useful to install and upgrade packages with automatic
dependencies resolving. yellowdog updater module
Related Articles
Setup Linux Lab at Home complete Guide
Getting help from Command Line Interface RHEL7
25 Basic Linux Commands
One Linux Tutorial Illiterate Become An
Expert
setup Linux Lab yet home – installing
and configuring IPA server
BY ARK · PUBLISHED MARCH 6, 2016 · UPDATED JUNE 19, 2018
After completion of part-4 setup You can follow this steps to setup your own
Linux lab at Home, using either vmware workstation or Oracle Virtual box Or
KVM virtualization Or RHEV. In this method i have used Vmware work stations
and Virtual box o setup Linux Lab at home. IPA is the best option to practice
LDAP, Kerberos authentication for RHCE Lab.
run # yum update once and take the snapshot of that VM
right click on VM –> Snapshot –> Take Snapshot
provide the snapshot name and click on Take Snapshot
Setup Linux Lab at home – installing and

configuring IPA server
setup Linux Lab at home – installing and configuring IPA server . In order to build
the lab server we have to install and configure below server roles.
1. YUM Server
2. DNS Server
3. Web Server
4. NTP Server
5. LDAP Server
6. Kerberos Server
7. 389 Directory Server
before creating all the above mentioned servers, we have to assign static IP address
and hostname to the server. in this case we will use nmcli utility to set static IP
address.
Adding New connection

#nmcli connection add type ethernet con-name eth0 ifname ens01677
Assign IP address
#nmcli connection modify eht0 ipv4.address 192.168.4.13/24 ipv4.gateway
192.168.4.2 ipv4.dns 192.168.4.13 +ipv4.dns 8.8.8.8
Set to Manual IP address method
#nmcli connection modify eth0 ipv4.method manual
Bring down the connection
#nmcli connection down eth0
Brind UP the connection
#nmcli connection up eth0
To setup hostname refer this link

YUM Server setup
Yellowdog updater, modified required to manage your RPM packages. YUM
server will automatically resolve dependencies of rpm packages while installing
them. Red Hat Enterprise Linux 7 will not provide YUM, without subscription.
Always installing the packages without YUM is very difficult, so we will setup our
local repository using installation media packages (RHEL 7 DVD).
Step 1: Mount DVD to temp directory

Mount your ISO file to your virtual machine, then mount to any directory using
mount command as mentioned below. in this example i used /rpms for mounting.
#mount /dev/sr0 /rpms
Step 2: Install FTP and

CREATEREPO packages
while installing the createrepo package it may ask you for the dependencies to
install, delrarpm and python-deltarpm.
[root@arkit-server ~]# rpm -ivh /rpms/Packages/deltarpm-3.6-3.el7.x86_64.rpm
[root@arkit-server ~]# rpm -ivh /rpms/Packages/python-deltarpm-3.6-

3.el7.x86_64.rpm
[root@arkit-server ~]# rpm -ivh /rpms/Packages/vsftpd-3.0.2-9.el7.x86_64.rpm

Step 3: Enable and Start the FTP service
FTP: File transfer protocol, it uses port number 20 and 21 to download and upload
files.
[root@arkit-server ~]# systemctl enable vsftpd.service
[root@arkit-server ~]# systemctl start vsftpd.service;
[root@arkit-server ~]# firewall-cmd --permanent --add-service=ftp
success
success
[root@arkit-server ~]# systemctl restart vsftpd.service
verify that in /etc/vsftpd/vsftpd.conf file anonymous_enable=YES string is

enabled or not.
set the SELinux policy enabled.
#getsebool -a |grep ftp
#setsebool -P ftpd_full_access on
Step 4: Copy the packages to /var/ftp/pub/
and create repository
We have to share the YUM repository to our client machines via FTP.
create repository using installation DVD repomod.xml file.
# createrepo -vg /var/ftp/pub/repodata/repomd.xml /var/ftp/pub/
create new yum configuration file and add the entries as mentioned below.
[root@arkit-server ~]# cat /etc/yum.repos.d/ftp.repo
[ARKIT-YUM]
name=yumserver
baseurl=ftp://192.168.4.13/pub/
enabled=1
gpgcheck=0
Now test the yum is working..

That’s about yum server setup.
DNS Server, NTP Server, LDAP

Server, Kerberos Server and 389
Directory Server
Instead of installing all DNS, LDAP, Kerberos and 389 director server, We can
also install an IPA server which includes all of the above.
First enable the firewall rules to install
[root@arkit-server ~]# firewall-cmd --permanent --add-service=http

success
[root@arkit-server ~]# firewall-cmd --permanent --add-service=https
success
[root@arkit-server ~]# firewall-cmd --permanent --add-service=ldap
success
[root@arkit-server ~]# firewall-cmd --permanent --add-service=ldaps
success
[root@arkit-server ~]# firewall-cmd --permanent --add-service=kerberos
success
[root@arkit-server ~]# firewall-cmd --permanent --add-service=dns
success
success
[root@arkit-server ~]# yum install ipa-server bind nds-ldap bind-dyndb-ldap
[root@arkit-server ~]# ipa-server-install --setup-dns

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.
This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
* Configure DNS (bind)
To accept the default shown in brackets, press the Enter key.
Existing BIND configuration detected, overwrite? [no]: yes
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.
Server host name [arkit-server.lab.local]:
Warning: skipping DNS resolution of host arkit-server.lab.local
The domain name has been determined based on the host name.
Please confirm the domain name [lab.local]:
Please provide a realm name [LAB.LOCAL]:
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.
Directer Password: PASSWORD
Confirm Password: CONFIRM-PASSWORD
The IPA server requires an administrative user, named 'admin'.
This user is a regular system account used for IPA server administration.
IPA admin password: PASSWORD
Password (confirm): CONFIRM-PASSWORD
Do you want to configure DNS forwarders? [yes]:
Enter the IP address of DNS forwarder to use, or press Enter to finish.
Enter IP address for a DNS forwarder: 8.8.8.8
DNS forwarder 8.8.8.8 added
Enter IP address for a DNS forwarder:
Checking forwarders, please wait ...
Do you want to configure the reverse zone? [yes]:
Please specify the reverse zone name [4.168.192.in-addr.arpa.]:
Using reverse zone(s) 4.168.192.in-addr.arpa.
The IPA Master Server will be configured with:
Hostname: arkit-server.lab.local
IP address(es): 192.168.4.13
Domain name: lab.local
Realm name: LAB.LOCAL
BIND DNS server will be configured to serve IPA domain with:
Forwarders: 8.8.8.8
Reverse zone(s): 4.168.192.in-addr.arpa.
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring NTP daemon (ntpd)
[1/4]: stopping ntpd
[2/4]: writing configuration
[3/4]: configuring ntpd to start on boot
[4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
since we already enabled the fire ports we no need to enable now. setup Linux Lab
yet home – installing and configuring IPA server
Now verify the kerberos and ldap user is able to login or not
[root@arkit-server ~]# klist

Ticket cache: KEYRING:persistent:0:0
Default principal: admin@LAB.LOCAL
Valid starting Expires Service principal
03/06/2016 21:46:37 03/07/2016 21:46:31 krbtgt/LAB.LOCAL@LAB.LOCAL
[root@arkit-server ~]# ipa user-find admin
--------------
1 user matched
--------------
User login: admin
Last name: Administrator
Home directory: /home/admin
Login shell: /bin/bash
UID: 823800000
GID: 823800000
Account disabled: False
Password: True
Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
[root@arkit-server ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa: INFO: The ipactl command was successful
Create one more user in ipa server to test from client
[root@arkit-server ~]# ipa user-add

First name: Ravi
Last name: Kumar
User login [rkumar]:
-------------------
Added user "rkumar"
-------------------
User login: rkumar
First name: Ravi
Last name: Kumar
Full name: Ravi Kumar
Display name: Ravi Kumar
Initials: RK
Home directory: /home/rkumar
GECOS: Ravi Kumar
Login shell: /bin/sh
Kerberos principal: rkumar@LAB.LOCAL
Email address: rkumar@lab.local
UID: 823800001
GID: 823800001
Password: False
Member of groups: ipausers
Kerberos keys available: False
[root@arkit-server ~]# ipa passwd rkumar
New Password:
Enter New Password again to verify:
---------------------------------------
Changed password for "rkumar@LAB.LOCAL"
---------------------------------------

Assign the hostname to client
add yum repo to client
# scp /etc/yum.repos.d/ftp.repo root@ipaclient:/etc/yum.repos.d/
Add DNS server IP address to /etc/resolve.conf
[root@ravikumar ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search lab.local
# yum install nss-pam-ldapd pam_krb5 ipa-client
[root@ravikumar yum.repos.d]# ipa-client-install
Discovery was successful!
Client hostname: ipaclient.lab.local

Realm: LAB.LOCAL
DNS Domain: lab.local
IPA Server: arkit-server.lab.local
BaseDN: dc=lab,dc=local
Synchronizing time with KDC...
Unable to sync time with NTP server, assuming the time is in sync. Please check
that 123 UDP port is opened.
User authorized to enroll computers: admin
Password for admin@LAB.LOCAL:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=LAB.LOCAL
Issuer: CN=Certificate Authority,O=LAB.LOCAL
Valid From: Sun Mar 06 16:03:04 2016 UTC
Valid Until: Thu Mar 06 16:03:04 2036 UTC
Enrolled in IPA realm LAB.LOCAL
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
trying https://arkit-server.lab.local/ipa/json
Forwarding 'ping' to json server 'https://arkit-server.lab.local/ipa/json'
Forwarding 'ca_is_enabled' to json server 'https://arkit-
server.lab.local/ipa/json'
Systemwide CA database updated.
Added CA certificates to the default NSS database.
Hostname (ipaclient.lab.local) does not have A/AAAA record.
Missing reverse record(s) for address(es): 192.168.4.12.
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Forwarding 'host_mod' to json server 'https://arkit-server.lab.local/ipa/json'
SSSD enabled
Configured /etc/openldap/ldap.conf
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring lab.local as NIS domain.
Client configuration complete.
Now your client is added successfully to IPA server
Verify IPA Client with IPA Server

Connection Status
[root@ravikumar ~]# getent passwd rkumar
rkumar:*:823800001:823800001:Ravi Kumar:/home/rkumar:/bin/sh
[root@ravikumar ~]#
[root@ravikumar ~]# su - admin
su: warning: cannot change directory to /home/admin: No such file or directory
-bash-4.2$ id
uid=823800000(admin) gid=823800000(admins) groups=823800000(admins)

context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
-bash-4.2$ exit
logout
[root@ravikumar ~]# su - rkumar

su: warning: cannot change directory to /home/rkumar: No such file or directory
when you login from client you will not get home directory
to get home directory add below line to mentioned file setup Linux Lab yet home –
installing and configuring IPA server
# vi /etc/pam.d/password-auth
# session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
login again you will get it.

We can also login to IPA server using web UI
That’s about setting up an Linux Lab yet home using virtualization softwares such
as vmware & virtualbox setup Linux Lab yet home – installing and configuring
IPA server
Thanks for the read. setup Linux Lab yet home – installing and configuring IPA
server
Please write your valuable feedback.
Related Articles
How to Install GNOME desktop in RHEL 7
rsyslog server installation and configuration RHEL 7
Linux Server Operating System
Installation and configuration FTP

server in RHEL 7
BY ARK · PUBLISHED JUNE 1, 2016 · UPDATED JUNE 1, 2016
File Transfer Protocol (FTP) is a most popular way to transfer files from
one machine to another machine across a network in heterogeneous
environment. If you take an example of NFS (Network File system) it has
an restriction to it can’t be access from other platform such as windows.
FTP server does not have such a restriction it can be accessed from Linux
OR windows OR OSx. Let’s see installation and configuration FTP server in
RHEL 7.
 Whenever we install vsftpd package installed then ftp user will be
created
 ftp user home directory will be set as /vat/ftp ftp’s document root
path.
 Vsftpd has been very popular because it is a very fast.
 Lightweight FTP server and very easy to configure.

Server profile:
Packages : vsftpd
Daemon : vsftpd
Port Numbers : 20, 21
Config file path : /etc/vsftpd/vsftpd.conf
Features:
1. It is very secure and fast
2. Bandwidth throttling
3. IPv6 ready
4. Encryption support through SSL integration
5. Virtual IP configurations
6. Virtual users
7. Per-user configuration
8. Per-source-IP configuration and limits
Installation and Configuration FTP server in RHEL 7
Before going to install the vsftpd packages, ensure that the server has access
to internet. If it doesn’t have, configure local YUM repository for vsftpd
packages installation.
Install vsftpd yum command
[root@Tech Tutorials ~]# yum install -y vsftpd*
Edit the configuration file. /etc/vsftpd/vsftpd.conf is the main

configuration file of ftp server.
[root@Tech Tutorials ~]# vi /etc/vsftpd/vsftpd.conf

#Disable anonymous user Access to secure FTP server
anonymous_enable=NO
Allow local users to login in vsftpd.
local_enable=YES
Enable write access to local users.
write_enable=YES
Uncomment the line chroot_local_user
chroot_local_user=YES
Enable writable chroot.
allow_writeable_chroot=YES
:wq
Restart and enable the vsftpd service

[root@Tech Tutorials~]# systemctl restart vsftpd.service
[root@Tech Tutorials~] # systemctl enable vsftpd.service
Create a rule for Firewall to allow FTP ports

Now need to allow default FTP port 20 and 21 through firewall.
[root@Tech Tutorials~]# firewall-cmd --permanent --zone=public --add-

port=21/tcp
[root@Tech Tutorials~]# firewall-cmd --permanent --zone=public --add-port=21/tcp
[root@Tech Tutorials~]# firewall-cmd --reload
Apply SELinux context to ftp directory. Enable write permission on home

directories.
[root@Tech Tutorials~]# semanage fcontext -a -t public_content_rw_t

"/var/ftp/pub(/.*)?"
[root@Tech Tutorials~]# restorecon -R /var/ftp/pub
[root@Tech Tutorials~]# setsebool -P ftpd_anon_write 1 OR on
Edit configuration file for enable upload files.
[root@Tech Tutorials~]# vim /etc/vsftpd/vsftpd.conf

anon_upload_enable=yes # <-- #Un-Comment this line
:wq!
[root@Tech Tutorials~]# systemctl restart vsftpd

[root@Tech Tutorials~]# chown ftp /var/ftp/pub
Client Side configuration

Install ftp package through yum command
[root@Client ~]# yum install ftp
Test the ftp server and downloading files.
[root@Client ~]# ftp ftp.server.com

ftp> ls
ftp> cd pub
ftp> get file1
ftp>!ls
ftp> bye
For files uploading. Test the FTP server
[root@Client~]# ftp ftp.server.com

ftp> cd pub
ftp> ls
ctp>!ls
ftp> put file1
ftp>bye
Conclusion
Installation and configuration FTP server is completed. FTP protocol is not
an platform independent which support multiple platforms.
Please do comment your feedback
find command practical examples Can

Improve Your Skills
BY ARK · PUBLISHED FEBRUARY 5, 2017 · UPDATED JUNE 1, 2018
Search for files in a directory hierarchy, finding the files and directories in Linux is
very easy using find command. Find will search any set of directories you
specify for files that match the given search criteria. You can search for files by
name, owner, group, type, permissions, data and other criteria. Learn find
command practical examples.
Syntax: find <directory path> <Search pattern> <action>
1. Find Command without any options
It will list out all the files and folders in current directory including hidden along with
path. $find Or $find . Or $find -print Or $find . -print
[root@ArkIT-Serv ~]# find
find command
2. Search Files and Directories using name

Looking files and directories based there names simple, we have to use -
name parameter. In below example, searching for resolvebugs.txt file. Here you
have to provide the name exact as file name because -name option is case sensitive.
[root@ArkIT-Serv ~]# find . -name resolvedbugs.txt
./resolvedbugs.txt
Ignore case we have to use -iname option
[root@ArkIT-Serv ~]# find . -iname Resolvedbugs.txt
./resolvedbugs.txt
[root@ArkIT-Serv ~]# find . -name Resolvedbugs.txt
find -name
3. Search Only files out of all
Only files i want to list out of all directories and files. We have an option -type
f to fetch only files, here f means file
[root@ArkIT-Serv ~]# find . -type f -iname file1.txt
find only files

4. Search Only Directories within Linux Server
List only directories again we have to use -type d to fetch only directories, here d
means directory.
[root@sny-fusion ~]# find . -type d -iname file11
Find directories
5. Find all files which are end with same
file extension
Some times we did not remember what is the file name, we just know file
extension, so find all same extension files in particular path. In this case we are
using * wild card character which replace one or more characters.
[root@ArkIT-Serv ~]# find . -name "*.txt"
find all text files

6. Locate the files based on their permissions
Ultimate feature of find command is to search files / directories based an their
permissions. Some times we did not remember file name Or File extension what
we simply remember it’s permissions, still you can find files / directories. This
option is very useful for us because if would like to find all full permission files
and directories because they are vulnerable.
[root@ArkIT-Serv ~]# find . -perm 0777
Find files and directories based on permissions

7. Files without permissions
As we seen in 6th step is to find all full permission files, now find which are not
having mentioned permissions. Here ! = not equal to.
[root@ArkIT-Serv ~]# find . ! -perm 0777
exclude provided string
8. Search for SGID files / directories using

find
SGID = Set Group ID for execution. All files / directories which as SGID
permissions.
[root@ArkIT-Serv ~]# find / -perm 2755
9. Search for SGID files / Directories using alpha permission

values
Finding files / directories using numerical permission values, in same way we can
also find using character based permissions.
[root@ArkIT-Serv ~]# find / -perm /u+s
find SUID files

10. Find Sticky bit files
Sticky bit is an special permission to execute files with other user permissions
[root@ArkIT-Serv ~]# find / -perm 1755
Find sticky bit files
11. All SUID set of files

Set User ID is also same like SGID. In SGID we execute with Group ID. SUID we
execute using Other User ID.
[root@ArkIT-Serv ~]# find / -perm /u=s
12. Search for Executable files in Server

It’s more important that we should not have executable permissions to unwanted
files / not required files. Simply find all executable files and remove there
permissions so that protecting our own environment.
[root@sny-fusion ~]# find . -perm /a+x
13. Find Read only files

Restricted with read only, we can find using below command
[root@sny-fusion ~]# find . -perm /u=r

find read only files
14. Find files based on permissions and

replace there permissions
Wow..!! amazing right with single command we can change entire files /
directories permissions
[root@ArkIT-Serv ~]# find . -perm 777 -exec chmod 700 {} \;
[root@ArkIT-Serv ~]# find . -perm 777 -print0 | xargs -0 chmod 755
15. Search for file in multiple directories at the same time

Multiple paths can be accepted in find command simply provide multiple paths one
after another find will execute search in both the paths
[root@ArkIT find]#find /root/find/ /root/ -name file1.txt
/root/find/file1.txt
/root/find/file1.txt
16. Delete files which are find in search criteria

Along with find command make use of -exec to execute continuous commands
find /root/ -type f -name "*.txt" -exec rm -f {} \;
remove text files
find / -type f -name "*.txt" -print 0 | xargs -0 rm -f
same can be done using xargs as well
17. Remove Empty files

Do you want just delete / remove empty files from multiple paths by single
command use below command
find / -type f -empty -exec rm -f {} \;
delete empty files using find command

18. Delete empty directories from multiple paths
Empty directories on system there is no use with them, we can simply delete.
Deleting empty directories from system will clear clutter, can be achieved using
below command
find / -type d -empty -exec rm -f {} \;

19. Modified files list in last 24 Hours + 10 minutes
File’s data was last modified n*24 hours ago. Awesome option, identify list of files
which are modified in last 24hours + n minutes. This will help you out in problem
solving, if you know which file is modified recently by some other user. -mtime
means file modified time.
find /root/find/ -mtime 10
mention range from in between 24hours + ten minutes to 24 Hours -20 minutes
find /root/find/ -mtime +10 -mtime -20
20. Modified Files in Last 10 Minutes

19th option will give modified files list after 24hours but -mmin can provide
results within minutes. File’s data was last modified n minutes ago.
find /root/find/ -mmin 1
21. Find command – files based on user

permissions
Search the files based on user ownership. Find-out how many files owned by
particular user.
[root@ArkIT ~]#find / -user admin
/var/spool/mail/admin
22. Find files and directories based on group ownership
Locate files and directories based on their group ownership permissions. In below
example admin is the group name. find command is most useful over here.
find / -group admin
23. Large files in system can be find using -size option

find command support to search the files based on their size, Here M = MB, G = GB
find / -size 100M
24. specify how depth want to search

Descend at most levels (a non-negative integer) levels of directories below the
command line arguments.
-maxdepth 0 means only apply the tests and actions to the command line
arguments.
find / -maxdepth 3 -name "*file"
25. Find No User and No Group owned files and directories

Files and directories which does not have user assigned / group assigned can be
find using below command
find / -nouser -o -nogroup

Conclusion: There are N number of examples, lot many options with find
command is available in single article can’t be fit. We try to elaborate in upcoming
posts.
Related Posts
ps command in Linux
25 commonly used Linux Commands
ls command 25 practical examples
Linux Video tutorial
Master The Skills Of Linux File

System And Be Successful
Linux file system is a method to partition the Hard Disk drive into multiple
partitions. Partitions are used to store the data by making Linux File System in it.
Basically Linux File systems are two types as shown below
Linux File System
Linux File System
Local File Systems are used to format partitions into usable without making file
system in partitions we can’t store data. Just making the partitions will turn them as
RAW. Partitions are used to organize users data on a Hard Disk.
When you make an Extended File System it will create an different types off
blocks to segregate data store
1. Master Blocks / Boot Blocks
2. Super Blocks
3. Inode Blocks
4. Data Blocks
Master Blocks / Boot Blocks : Only boot partitions contain
master blocks data. Remaining partitions master blocks are empty.
Super Blocks : Just like an index to the book and it works holds to the
information as follows
 Utilized inode numbers
 Free inode numbers
 Utilized data blocks
 Free data blocks
Inode table (index table) which holds all the information about
files/directories like permissions, owner, group name, size and time stamps.
 4096 bytes default block size
 15 data blocks = inode
If data size is more than 100MB block size is 4096bytes. If data size is less than
100MB block size is 1024bytes.
Data block storage of files
Below is the File System comparison in brief
File Max File Max Partition
Journal-ling Notes
System Size Size
Fat16 2 GB 2 GB No Legacy
Fat32 4 GB 8 TB No Legacy
(For Windows Compatibility) NTFS-3g
NTFS 2 TB 256 TB Yes is installed by default in Ubuntu, allowing Read/W
support
ext2 2 TB 32 TB No Legacy
Standard linux filesystem for many
ext3 2 TB 32 TB Yes
years. Best choice for super-standard installatio
Modern iteration of ext3. Best choice
ext4 16 TB 1 EB Yes for new installations where super-standard isn’
necessary
reiserFS 8 TB 16 TB Yes No longer well-maintained
JFS 4PB 32PB Yes Created by IBM – Not well maintained
(metadata)
Yes Created by SGI. Best choice for a mix
XFS 8 EB 8 EB
(metadata) of stability and advanced journaling
GB= Gigabyte (1024 MB) TB = Terabyte (1024 GB) PB = Petabyte (1024 TB) EB = Exabyte (1024 PB)
How the Partitions take place

Always partitions can be four at any point of time
Primary =3 and Extended =1 OR Primary=4
if you create an partition, numbers will be assigned as mentioned below
All primary partitions will directly assign 1 – 4 numbers, whereas 3 primary 1

extended will create like below. Extended partition number 4 just created we can’t
make any file system on that.
To Create partitions we have to use fdisk utility
[root@Techtutorials ~]# fdisk /dev/sdc

Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): n

All primary partitions are in use
Adding logical partition 6
First sector (825344-10485759, default 825344):↵
Using default value 825344
Last sector, +sectors or +size{K,M,G} (825344-10485759, default 10485759): +100M
Partition 6 of type Linux and of size 100 MiB is set
Command (m for help): p
Disk /dev/sdc: 5368 MB, 5368709120 bytes, 10485760 sectors

Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xead8a888
Device Boot Start End Blocks Id System

/dev/sdc1 2048 206847 102400 83 Linux
/dev/sdc2 206848 411647 102400 83 Linux
/dev/sdc3 411648 616447 102400 83 Linux
/dev/sdc4 616448 10485759 4934656 5 Extended
/dev/sdc5 618496 823295 102400 83 Linux
/dev/sdc6 825344 1030143 102400 83 Linux
Command (m for help): wq

The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: Device or resource
busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
by default when you create an extended partition it will not update kernel to update
kernel we have to execute below command
# partprobe /dev/sdc
[root@Techtutorials ~]# mkfs.ext4 /dev/sdc1

mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
25688 inodes, 102400 blocks
5120 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=33685504
13 block groups
8192 blocks per group, 8192 fragments per group
1976 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Allocating group tables: done

Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
Mount partition
Partition has been formatted with EXT4, to mount it permanently we have to add
an entry in /etc/fstab file.
[root@Techtutorials ~]# mkdir /data

[root@Techtutorials ~]# vi /etc/fstab
[root@Techtutorials ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Wed Jun 22 11:14:58 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/rhel-root / xfs defaults 0 0
UUID=5b0f4ed0-592e-4114-9a8e-10a7b99d2cd3 /boot xfs
defaults 0 0
/dev/mapper/rhel-swap swap swap defaults 0 0
/dev/sdc1 /data ext4 defaults 0 0
[root@Techtutorials ~]# df -h
devtmpfs 1.2G 0 1.2G 0% /dev
tmpfs 1.2G 80K 1.2G 1% /dev/shm
tmpfs 1.2G 8.9M 1.2G 1% /run
tmpfs 1.2G 0 1.2G 0% /sys/fs/cgroup
/dev/sda1 497M 124M 373M 25% /boot
[root@Techtutorials ~]# mount -a

[root@Techtutorials ~]# df -h
devtmpfs 1.2G 0 1.2G 0% /dev
tmpfs 1.2G 80K 1.2G 1% /dev/shm
tmpfs 1.2G 8.9M 1.2G 1% /run
tmpfs 1.2G 0 1.2G 0% /sys/fs/cgroup
/dev/sda1 497M 124M 373M 25% /boot
/dev/sdc1 93M 1.6M 85M 2% /data
To mount partition temporarily we have to use below

command mount and unmount partition using umount
[root@Techtutorials ~]# mount /dev/sdc1 /data
[root@Techtutorials ~]# df -h /data
/dev/sdc1 93M 1.6M 85M 2% /data
[root@Techtutorials ~]# umount /data
To Delete Partition follow below steps

 unmount file system
 Remove entry from fstab file
 delete partition
 Update kernel
[root@Techtutorials ~]# umount /data

[root@Techtutorials ~]# vi /etc/fstab
[root@Techtutorials ~]# mount -a
[root@Techtutorials ~]# cat /etc/fstab |grep /dev/sdc
##/dev/sdc1 /data ext4 defaults 0 0
[root@Techtutorials ~]# fdisk /dev/sdc
Command (m for help): d

Partition number (1-6, default 6): 1
Partition 1 is deleted
Disk /dev/sdc: 5368 MB, 5368709120 bytes, 10485760 sectors

Disk identifier: 0xead8a888

/dev/sdc2 206848 411647 102400 83 Linux
/dev/sdc3 411648 616447 102400 83 Linux
/dev/sdc4 616448 10485759 4934656 5 Extended
/dev/sdc5 618496 823295 102400 83 Linux
/dev/sdc6 825344 1030143 102400 83 Linux


Syncing disks.
[root@Techtutorials ~]# partprobe /dev/sdc
Conclusion
Standard partition can be created using fdisk utility. Standard Linux File system
can’t be increased/decreased which is not flexible for production environment.
That’s it about Linux File System
Related Articles
Linux Boot process
Linux Swap File System
What is LVM.? How to Create LVM
Linux (Logical Volume Manager)
BY ARK · AUGUST 6, 2016
what is LVM.? How to create LVM Linux
LVM = Logical Volume Manager, Simply telling definition is not enough we
should know the purpose and advantages to use further.
If we take an example of standard Linux partitions are not flexible to increase and
decrease file system when required, In this case we can’t use standard file system
in production environment which is having high data growth rate.
Standard partitions can be used where there is no high data growth, which
partitions are used to store data and delete data later on.
Advantages of LVM
 Very easy to create partitions
 Increasing and decreasing file system size online is made easy
 Adding more than one HDD will increase performance
 LVM will support larger size of file system (100TB single partition)
What is LVM
We can create Logical Volumes using single HDD OR multiple HDD see the
below example how they works
Multiple HDD LVM Logical Volumes
As per the above example we are going to combine multiple HDD as a single
Volume Group then create required size of Logical Volumes. Here we can achieve
more performance compare to single HDD standard partition.
Example: One member job is divided into multiple members ultimately work
should complete faster. Adding multiple disks as Physical Volumes will increase
reading / writing headers.
Single HDD Logical Volumes
As per above example Single HDD is divided into multiple Physical Volumes and
combined as Volume group then created Logical volumes. Here we may not see
more performance compare to above multiple disks. Here we get flexibility to
create and manage file system.
How to Create LVM Linux (Logical

Volume Manager)
Procedure for creating LVM first Create Physical Volume –> Volume Group –>
Logical Volume. Let’s see practically how it goes, for this example i have taken
20GB HDD (/dev/sdc).

[root@TechTutorials ~]# fdisk -l /dev/sdc

Disk /dev/sdc: 21.5 GB, 21474836480 bytes, 41943040 sectors
[root@TechTutorials ~]# fdisk /dev/sdc

Device does not contain a recognized partition table

Building a new DOS disklabel with disk identifier 0xe62ccdf8.

Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p):↵
Using default response p
Partition number (1-4, default 1):↵
First sector (2048-41943039, default 2048):↵
Last sector, +sectors or +size{K,M,G} (2048-41943039, default 41943039): +2G
Partition 1 of type Linux and of size 2 GiB is set

Disk identifier: 0xe62ccdf8

/dev/sdc1 2048 4196351 2097152 83 Linux
Repeat above step will create one more partition, After completion of creating
required partitions we have to change its partition type to ‘Linux LVM’
Command (m for help): t

Partition number (1,2, default 2):
Hex code (type L to list all codes): 8e
Changed type of partition 'Linux' to 'Linux LVM'

Partition number (1,2, default 2): 1

Disk identifier: 0xe62ccdf8

/dev/sdc1 2048 4196351 2097152 8e Linux LVM
/dev/sdc2 4196352 8390655 2097152 8e Linux LVM


Syncing disks.
Now required partitions are created and converted into Linux LVM type, after
creating partitions update kernel
[root@TechTutorials ~]# partprobe /dev/sdc
Creating Physical Volume

Using pvcreate command we can create PV
[root@TechTutorials ~]# pvcreate /dev/sdc1
Physical volume "/dev/sdc1" successfully created
[root@TechTutorials ~]# pvcreate /dev/sdc2
Physical volume "/dev/sdc2" successfully created
[root@TechTutorials ~]# pvdisplay /dev/sdc*
"/dev/sdc2" is a new physical volume of "2.00 GiB"
--- NEW Physical volume ---
PV Name /dev/sdc2
VG Name
PV Size 2.00 GiB
Allocatable NO
PE Size 0
Total PE 0
Free PE 0
Allocated PE 0
PV UUID ViWQYD-Qjte-fdPi-YgUd-mGBW-3ep3-R6xffx
"/dev/sdc1" is a new physical volume of "2.00 GiB"
--- NEW Physical volume ---
PV Name /dev/sdc1
VG Name
PV Size 2.00 GiB
Allocatable NO
PE Size 0
Total PE 0
Free PE 0
Allocated PE 0
PV UUID YtPDk4-sBDF-ryBW-cqIo-ndym-9nfR-a7f9nn
Creating Volume Group

As per below example VG0 is VG name and /dev/sdc1 and /dev/sdc2 are the
Physical Volumes
[root@TechTutorials ~]# vgcreate VG0 /dev/sdc1 /dev/sdc2
Volume group "VG0" successfully created

[root@TechTutorials ~]# vgdisplay VG0
--- Volume group ---
VG Name VG0
System ID
Format lvm2
Metadata Areas 2
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 2
Act PV 2
VG Size 3.99 GiB
PE Size 4.00 MiB

Total PE 1022
Alloc PE / Size 0 / 0
Free PE / Size 1022 / 3.99 GiB
VG UUID LSzoLa-C5vq-ilBm-j9hZ-b2Am-y2Ye-K6Cgsn
How to Create LVM Linux (Logical

Volume Manager)
[root@TechTutorials ~]# lvcreate -n lvm1 -L 3G VG0
Logical volume "lvm1" created.
[root@TechTutorials ~]# lvdisplay /dev/VG0/lvm1
--- Logical volume ---
LV Path /dev/VG0/lvm1
LV Name lvm1
VG Name VG0
LV UUID 6KoIMO-SRJW-g0S0-bxrt-ABK1-pbjr-qPxRwF
LV Write Access read/write
LV Creation host, time TechTutorials, 2016-08-06 22:07:16 +0530

LV Status available
# open 0
LV Size 3.00 GiB
Current LE 768
Segments 2
Allocation inherit
Read ahead sectors auto
- currently set to 8192
Block device 253:3
As per above command output lv has been created LVM name is lvm1 and its size
is 3GB from Volume group VG0
LVM creation has been completed. Now let’s see how to create file system in
LVM
How to Make file system in LVM

[root@TechTutorials ~]# mkfs.ext4 /dev/VG0/lvm1
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
First data block=0
24 block groups
32768, 98304, 163840, 229376, 294912

[root@TechTutorials ~]# mkdir /data1
[root@TechTutorials ~]# mount /dev/VG0/lvm1 /data1
[root@TechTutorials ~]# df -h /data1
/dev/mapper/VG0-lvm1 2.9G 9.0M 2.8G 1% /data1
Logical Volume has been formatted with EXT4 file system. Mounted to /data1
That’s about Logical Volume Manager
Conclusion
Creating and using Logical volumes using multiple HDD’s will give more
performance and flexibility.
Related Articles
Linux File System
Access Control List in Linux
Swap File System in Linux
RHCSA certification Complete Road Map
POSIX Access Control List ACL

Linux / Unix
POSIX Access Control List ACL : To manage file security using
POSIX (Portable Operating System Interface) access control list ( ACL ).
ACLs allows to assign different permissions for different users and groups. ACL
allows fine-grained permissions to be allocated to a file. Users or groups as well as
users and groups identified by a UID or GUID can be granted permissions.
The same permissions we can use below flags apply on files and directories.
Alpha Symbols r: Read, w: Write, x: Execute
Numeric symbols 4 – Read, 2 – Write, 1 – Execute
 Permissions restricting access to a file to the file owner, membership of a single group or
everyone.
 The file owner can set ACLs on individual files or directories.
 XFS file systems have built in ACL support.
 EXT4 file systems created on RHEL7 have ACL enabled by default.
POSIX Access Control List two types:

1. Access ACLs: we can use access ACLs to grant permissions for a particular
file or directory.
2. Default ACLs: We can use default ACLs only on a directory but if a file
inside that directory does not have an ACL, it inherits the permissions of the
default ACLs of the directory.
When ACL’s are required..?

We are going to see about ACL usage in detailed in below explanation, In this
example we are going to use four users and three groups.
 User Names : ravi, kumar, acl and root
 Groups : finance, engineering and root

To create user and assign password use below command. Repeat the same
command to create multiple users.
[root@Techtutorials ARK-ACL]# useradd ravi

[root@Techtutorials ARK-ACL]# passwd ravi
Changing password for user ravi.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
To create group and add users to group, repeat the same steps create and add
multiple groups
[root@Techtutorials ARK-ACL]# groupadd finance
[root@Techtutorials ARK-ACL]# usermod -G finance ravi
[root@Techtutorials ARK-ACL]# cat /etc/group |grep finance
finance:x:1005:ravi
File Permissions
As per above screenshot permission of the file / directory can only given to User,
Group and Others. User ownership and Group ownership.
 How to restrict particular user, group has full permissions to file / directory
 How to provide an file / directory permissions to user / group without
chaning existing ownership
All the above conditions will be possible by using POSIX Access Control List –
ACL
Let’s see how can we acheive above conditions practically
Check ACL permission of file / directory

[root@Techtutorials ARK-ACL]# getfacl test1
# file: test1
# owner: root
# group: root
user::rw-
group::r--
other::r--
[root@Techtutorials ARK-ACL]# getfacl /root/ARK-ACL/
getfacl: Removing leading '/' from absolute path names
# file: root/ARK-ACL/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
Assign POSIX Access Control List to perticular

user
Before assigning ACL permissions example is below
[root@Techtutorials ARK-ACL]# chmod 770 test1
[root@Techtutorials ARK-ACL]# ls -l test1
-rwxrwx--- 1 root root 0 Jul 15 15:46 test1
[root@Techtutorials ARK-ACL]# su - ravi
Last login: Fri Jul 15 17:05:16 IST 2016 on pts/1
[ravi@Techtutorials ~]$ cd /ARK-ACL/
[ravi@Techtutorials ARK-ACL]$ vi test1
[ravi@Techtutorials ARK-ACL]$ cat test1
cat: test1: Permission denied

As we see above output we have add full permissions to test1 file for user (owner)
and group. We have restricted all others with no access. I have logged in as
ravi user and trying to access the test1 file but it is giving an error
saying permission denied
Let’s assing ACL permission to particular user and see how it works
Assigned Read permissions using ACL
[root@Techtutorials ARK-ACL]# setfacl -m u:ravi:r test1
Verify ACL is working as excepcted
[ravi@Techtutorials ~]$ cd /ARK-ACL/
[ravi@Techtutorials ARK-ACL]$ cat test1
[ravi@Techtutorials ARK-ACL]$ cat > test1
-bash: test1: Permission denied
As per above output we are able to read test1 file but we are not able to write test1
file
Let’s provide write access and see
[root@Techtutorials ARK-ACL]# setfacl -m u:ravi:rw test1

# file: test1
# owner: root
# group: root
user::rwx
user:ravi:rw-
group::rwx
mask::rwx
other::---

[ravi@Techtutorials ~]$ cat > /ARK-ACL/test1
Test
^C
[ravi@Techtutorials ~]$ cat /ARK-ACL/test1
Test
Assign ACL to Group

[root@Techtutorials ARK-ACL]# setfacl -m g:finance:rwx acltest
[root@Techtutorials ARK-ACL]# getfacl acltest
# file: acltest
# owner: root
# group: root
user::rw-
group::r--
group:finance:rwx
mask::rwx
other::r--
finance:x:1005:ravi
[ravi@Techtutorials ~]$ cat > /ARK-ACL/acltest
Test
^C
[ravi@Techtutorials ~]$ cat /ARK-ACL/acltest
Test
ravi user part of finance group so when we provide permission to finance group
automatically user ravi will get an access
Restrict particular user from group has full
permissions
In this scenario restrict particular user from group. Group finance has full access
but member of finance group kumar user restricted. See below example
[root@Techtutorials ARK-ACL]# usermod -G finance kumar
finance:x:1005:ravi,kumar
[root@Techtutorials ARK-ACL]# setfacl -m u:kumar:--- acltest
# file: acltest
# owner: root
# group: root
user::rwx
user:kumar:---
group::r--
group:finance:rwx
mask::rwx
other::---
[root@Techtutorials ARK-ACL]# su - kumar
[kumar@Techtutorials ~]$ cat /ARK-ACL/acltest
cat: /ARK-ACL/acltest: Permission denied
Revoke POSIX Access Control List

permissions from user / group
# file: acltest
# owner: root
# group: root
user::rwx
user:kumar:---
group::r--
group:finance:rwx
mask::rwx
other::---
[root@Techtutorials ARK-ACL]# setfacl -x g:finance acltest
# file: acltest
# owner: root
# group: root
user::rwx
user:kumar:---
group::r--
mask::r--
other::---
removing acl from particular file we have to use -x flag along

with setfacl command
Replicate file ACL permissions to another file
To replicate one of the file ACL permissions to another file. In this example we are
going to replicate test1 file ACL to acltest file.
# file: test1
# owner: root
# group: root
user::rwx
user:ravi:rw-
group::rwx
mask::rwx
other::---
# file: acltest
# owner: root
# group: root
user::rwx
user:kumar:---
group::r--
mask::r--
other::---
[root@Techtutorials ARK-ACL]# getfacl test1 | setfacl --set-file=- acltest
# file: acltest
# owner: root
# group: root
user::rwx
user:ravi:rw-
group::rwx
mask::rwx
other::---
Copying the access ACL into the Default ACL
[root@TechTutorials ~]getfacl --access /ARK-ACL/ | setfacl -d -M- /root/ARK-ACL/
Conclusion
POSIX Access Control List is extended permissions which are used provide access
to more users / groups, who are not owners of user:group.
Thanks for the read, Please provide your valuable feedback on the same.
Related Articles
Setup your own Linux Lab using VMWare workstation
Setup Your Own Linux Lab Customize your home network settings
RHEL 7 Installation Step by Step Guide
Setup Linux Lab Server Step by Step Guide
Scheduling Cronjobs with Multiple

Examples
BY ARK · PUBLISHED APRIL 6, 2016 · UPDATED OCTOBER 23, 2018
The software utility crontab will help in scheduling cronjobs for maintenance
activities, automating regular boring stuff by scheduling shell scripts. We can also
achieve regular periodic checks. It typically automates system maintenance or
administration—though its general-purpose nature makes it useful for things like
downloading files from the Internet and downloading email at regular intervals.
cronjob scheduling is possible using crontab command and each and every user
crontab is separate
# crontab -e = To edit cronjob schedule
# crontab -l = To list scheduled cronjobs
# crontab -r = To remove all cronjobs in single attempt
whenever you schedule a cronjob with particular user the same cronjob will run
using same user, ensure user is having execution permission to the user.
Know crontab fields and its values

[root@server ~]# cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
1. Scheduling cronjobs to run @every

minute
To run cronjob yet every one minute first field is minutes, first field we can right
with separated by comma. below three examples we can use to schedule a cronjob
to run every minute.
# crontab -e
* * * * * sh /scripts/everyminute.sh
1,2,3,4,5,6,7,8,9,10......60 * * * * sh /scripts/everyminute.sh
*/1 * * * * sh /scripts/everyoneminute.sh
2. Scheduling cronjobs to run @every 5

minutes
below two examples to schedule cronjob for every 5 minutes, again we have to
make use of first field to run script @every 5 minutes because first field is minutes
*/5 * * * * sh /scripts/testscript.sh
5,10,15,20,25,30,35,40,45,50,55,0 * * * * sh /scripts/testscript.sh
3. Scheduling cronjobs to run @every 30

minutes
if we want monitoring our file system @every 30 minutes using shell script you
can do using below
*/30 * * * * sh /scripts/FS-Monitoring.sh
OR
0,30 * * * * sh /scripts/FS-Monitoring.sh
4. Scheduling cronjobs to run @every

hour
To schedule a cronjob to run @every hour we can make use of first field either
second field.
0 * * * * sh /scripts/everyhour.sh
OR we can also make use of special schedule
@hourly sh /scripts/everyhour.sh
5. Scheduling cronjobs to run @Every 3

Hours OR 5 Hours
below examples for every 3 hours schedule
0 */3 * * * sh /scripts/cronjob-every-3hours.sh
OR
* 0,3,6,9,12,15,18,21 * * * sh /scripts/cronjob-every-3hours.sh
6. Scheduling cronjobs to run @every day

Or once in a day
we would like to schedule an cronjob to send daily reports once in a day. examples
are below
59 23 * * * sh /scripts/daily-report.sh
OR
we can also make use of special schedule
@daily sh /scripts/daily-report.sh
7. Schedule cronjobs to run every alternate

day
Every alternate day means in between three days middle day job will not run
0 * * * 0,2,4,6 sh /scripts/every-alternate-day.sh
8. Run cronjob first and Second Saturday
of the month
it means that cronjob should run first Saturday of the month and Second Saturday
of the month, remaining Saturdays cron should not run. Detailed explanation of
below example is yet any cose first Saturday will fall from 1-7 it means range from
1st date to 7th date. Second Saturday may fall from 15th to 21st Dates.
0 1 1-7,15-21 6 /scripts/every-first-second-sat.sh
9. Cronjob for every week

to schedule a cronjob to run @every week we can make use of week of the day 5th
field in crontab
0 0 * * 0 sh /scripts/every-week.sh
OR
we can also make use of special schedule
@weekly sh /scripts/every-week.sh
10. Run cronjob @every month 1st date

Here we have to use day of the month, field 3
0 0 1 * * sh /scripts/every-mont-1st.sh
OR
@monthly sh /scripts/every-month.sh
11. Schedule cronjob to run once in a year

I would like to schedule an cronjob to say happy new year to all the employees on
midnight of every year 31st Dec.
59 23 31 12 * echo "Happy New Year to All"
OR
@yearly echo "Happy New Year"
12. I want to run a cronjob @every server

reboot
every time whenever server is rebooted i would like to get notification. We can
make use of special schedule
@reboot echo Server Rebooted | mail -s "Server Rebooted `hostname`"
That’s all about scheduling cronjobs in different timings.

Thanks for reading, Please provide your valuable comments on the same
crontab Linux / Unix with examples
BY ARK · APRIL 3, 2016
The crontab is a list of commands that you want to run on a regular schedule, and also
the name of the command used to manage that list. Crontab stands for “cron table,”
because it uses the job scheduler cron to execute tasks.
First, basic terminology
 cron(8) is the daemon that executes scheduled commands.

 crontab(1) is the program used to modify user crontab(5) files.
 crontab(5) is a per user file that contains instructions for cron(8).
Every user on a system may have their own crontab file. The location of the root and
user crontab files are system dependant but they are generally in /var/spool/cron/
directory.
System-wide crontab file

/etc/crontab file, the /etc/cron.d/ directory may contain crontab fragments which are
also read and actioned by cron.
Linux distributions also have /etc/cron.* directory, scripts in this location will be
executed by root privileges
 /etc/cron.hourly/ — scripts which are placed in that directory will be executed

by hourly
 /etc/cron.daily/ — Scripts which are placed in this path will be executed by
daily
 /etc/cron.monthly/ — Scripts will be executed by monthly
 /etc/cron.weekly/ — Scripts will be executed by weekly
root can always use the crontab command to list, edit and remove cronjobs
Start, Stop and Restart crond service

We have to start the crond service to execute scheduled cronjobs, if crond service in
stopped status cronjobs will not be executed.
crond.service - Command Scheduler
Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled)
Active: active (running) since Sun 2016-04-03 10:22:12 IST; 6h ago
Main PID: 1717 (crond)
CGroup: /system.slice/crond.service
└─1717 /usr/sbin/crond -n
Apr 03 10:22:12 server.arkit.co.in systemd[1]: Started Command Scheduler.

Apr 03 10:22:12 server.arkit.co.in crond[1717]: (CRON) INFO (RANDOM_DELAY will be
scaled with factor 47% if used.)
Apr 03 10:22:13 server.arkit.co.in crond[1717]: (CRON) INFO (running with inotify
support)
[root@server ~]# systemctl restart crond.service
[root@server ~]# systemctl stop crond.service
See Scheduled cronjobs

we can list the cronjobs using crontab command
[root@server ~]# crontab -l

15 11 * * * sh /scripts/logsync.sh
Edit crontab entries using below command

To write / edit cron table entries we have to use
[root@server ~]# crontab -e

Deleting cron table entries

To delete / remove cron table entries we have to use crontab command

[root@server ~]# crontab -r
no crontab for root
Cron table entry format

To see the example for each entry values
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
cron table contains 5 entries
 First entry – Minutes ( 0 – 59 )

 Second entry – Hour ( 0 – 23 )
 Third Entry – Day of the month ( 1 – 31 )
 Fourth Entry – Month name ( 1 – 12 ) Jan,feb.mar,…..dec
 Fifth Entry – Day of week ( 0 – 6 ) Sunday=0, Mon=1, Tue=2, Wed=3, Thu=4,
Fri=5,Sat=6
all the above entries separated by spaces or tabs
Deny user not to execute cronjobs
To deny user not to execute cronjob for particular user. Edit the file /etc/cron.deny
[root@server ~]# cat /etc/cron.deny

ravi
[root@server ~]# su - ravi
[ravi@server ~]$ crontab -e
You (ravi) are not allowed to use this program (crontab)
See crontab(1) for more information
by default all the users will have a access to schedule cronjobs
A crontab command is represented by a single line. You cannot use \ to extend a

command over multiple lines. The hash (#) sign represents a comment which means
anything on that line is ignored by cron. Leading white space and blank lines are
ignored.
Be VERY careful when using the percent (%) sign in your command. Unless they are
escaped \% they are converted into newlines and everything after the first non-escaped
% is passed to your command on stdin.
How to schedule cronjobs

 A comma (,) is used to specify a list e.g 1,4,6,8 which means run at 1,4,6,8.
 Ranges are specified with a dash (-) and may be combined with lists e.g. 1-3,9-
12 which means between 1 and 3 then between 9 and 12.
 The / character can be used to introduce a step e.g. 2/5 which means starting at
2 then every 5 (2,7,12,17,22…). They do not wrap past the end.
 An asterisk (*) in a field signifies the entire range for that field (e.g. 0-59 for
the minute field).
 Ranges and steps can be combined e.g. */5 signifies starting at 0 then every 5.
Debugging cron commands

To debug the cron commands we have to redirect STUDOUT and STUDERR to log
file
capturing output

15 11 * * * sh /scripts/synclog.sh &> /var/log/command.log
above command will send studout and studerr to /var/log/command.log file
That’s about crontab. Please do comment your feedback.
We will see how to schedule an cronjobs in next schedule…
SELinux Security Enhance Linux

three layer protection
BY ARK · PUBLISHED JULY 7, 2016 · UPDATED DECEMBER 15, 2018
SELinux security feature of the Linux kernel. To manage the security enhanced
Linux behavior of a system to keep it secure in case of a network service
compromise.
SELinux is an additional layer of system security. It protects user data from your
system services that have been compromised. Linux administrators are known with
the standard user/group/other(u/g/o) permissions security model.
Picture 1. SELinux
As a example if you see above Picture 1 Whenever outside client request for a data
to access from Linux Server, SELinux will verify requested data port is allowed
from SELinux, It will verify process SELinux context is enabled and File security
context enabled. Three layer security system. This security will work only when
SELinux is in enforcing mode.
SELinux is a set of security rules that determine which process can access which
directories, files and ports. Every file, process, port and directory has a special
label called a SELinux context.
SELinux label context are user, role, type and sensitivity. The type context names
end with “_t“
To display or set SELinux contexts with option “Z”:
[root@server ~]# ls -lZ
-rw-------. root root system_u:object_r:admin_home_t:s0 anaconda-ks.cfg

drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 Desktop
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 Documents
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 Downloads
[root@server ~]# ls -ldZ /etc/

drwxr-xr-x. root root system_u:object_r:etc_t:s0 /etc/
[root@server ~]# ls -ldZ /var/

drwxr-xr-x. root root system_u:object_r:var_t:s0 /var/
[root@server ~]# ls -ldZ /

dr-xr-xr-x. root root system_u:object_r:root_t:s0 /
[root@server ~]# ls -ldZ /var/log/

drwxr-xr-x. root root system_u:object_r:var_log_t:s0 /var/log/
SELinux Modes:
SELinux modes are three types :-
1. Enforcing Mode
2. Permissive Mode
3. Disabled Mode
Enforcing Mode: Default mode which will enforce and enabled the SELinux
security on your system. In this mode SELinux logs and protects.
Permissive Mode: This mode can be used to temporarily allow access to content
that SELinux is restricting. No reboot required to go from enforcing to permissive
vice versa. This mode is useful for troubleshooting SELinux security issues. When
SELinux is in permissive mode it will not deny the access it will only log.
Disabled Mode: Completely disables SELinux your system. Your system reboot is
required to disable SELinux entirely or to get disabled mode to enforcing. Until
unless you reboot your machine after disable it will not effect.
For the first time when you change SELinux from disable mode to enforcing mode
SELinux will relabel all the files and processes from context rules
Change SELinux modes
To check SELinux security status
[root@server ~]# sestatus
SELinux status: disabled
[root@server ~]# getenforce
Disabled
Enable / Disable SELinux Security mode. Edit configuration file and

change SELINUX=’enforcing/disabled’
[root@server ~]# vim /etc/selinux/config
SELINUX=enforcing
SELINUXTYPE=targeted
Enforced mode
[root@server ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
Enforcing
To keep in permissive mode
[root@server ~]# setenforce 0

Permissive
What is the default context for newly

created files / Directories
When we create an file / directory under / (slash) it will assign default_t context.
But if we create an file / directory under /etc/, /var/, /var/www/html/ it will apply
different SELinux security context let see the examples below
[root@server ~]# mkdir /var/test
[root@server ~]# ls -ldZ /var/test/
drwxr-xr-x. root root unconfined_u:object_r:var_t:s0 /var/test/
[root@server ~]# mkdir /etc/test
[root@server ~]# ls -ldZ /etc/test
drwxr-xr-x. root root unconfined_u:object_r:etc_t:s0 /etc/test
[root@server ~]# mkdir /test
[root@server ~]# ls -ldZ /test

drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /test
How to assign SELinux Security Context

To assign a security context to file
[root@server ~]# semanage fcontext -a -t samba_share_t "/test(/.*)?"
[root@server ~]# ls -ldZ /test/
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /test/
[root@server ~]# restorecon -vRF /test/
restorecon reset /test context unconfined_u:object_r:default_t:s0-

>system_u:object_r:samba_share_t:s0
[root@server ~]# ls -ldZ /test/
drwxr-xr-x. root root system_u:object_r:samba_share_t:s0 /test/
To enable port
[root@server ~]# semanage port -l |grep http_port

http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
[root@server ~]# semanage port -a -t http_port_t -p tcp 15000
[root@server ~]# semanage port -l |grep http_port
http_port_t tcp 15000, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
Too See SELinux Boolean values. Enable / Disable sebool parameters
[root@server ~]# getsebool -a |grep ftp
ftp_home_dir --> off
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> off
ftpd_use_cifs --> off
ftpd_use_fusefs --> off

ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off
tftp_home_dir --> off
[root@server ~]# setsebool -P ftpd_anon_write on
[root@server ~]# getsebool -a |grep ftpd_anon_write
ftpd_anon_write --> on
sftpd_anon_write --> off
Conclusion
SELinux security context is highly improved in the newer version of Linux RHEL
7 / Centos 7 / Fedora 24.
That’s it.
Please do comment your feedback on the same
Related Articles: Firewald Kerberized NFS
Book download: Download Security Intelligence
NFS Server Configuration in RHEL7

Step by Step Guide
BY ARK · PUBLISHED JUNE 1, 2016 · UPDATED JULY 25, 2018
NFS Server Configuration in RHEL 7 Step by Step guide. NFS = Network File
system which is used to share directories across the Unix/Linux Operating system.
Which does not support directly cross platform.
 Network File System (NFS): Is a nfs server client protocol used for sharing
files and directories between Linux / Unix to Unix/Linux systems vise versa. It
is a popular distributed filesystem protocol that enables users to mount remote
directories on their server. NFS enables you to mount a remote share locally.
NFS was developed by Sun Micro Systems in the year 1984
 RHEL7 provides the support for NFS versions 3, 4.0, and 4.1(latest version)
 NFS default port number is 2049
 NFS share we can mount Manually, Automatically using AutoFS and Half
manual and half automatic
NFS Server configuration in RHEL7

Features:
1. Centralized Management of Files
2. Everyone can access same data
3. Secured with Firewalls and Kerberos
4. Reduce Storage Cost and Easy to use
Server Profile:
 Packages: nfs-utils*
 Daemon Name: nfs-service
 Port Number: 2049
 Config file path: /etc/exports
NFS server side configuration

 Install nfs packages through yum command.
# yum install nfs-utils
# systemctl enable nfs-server
# systemctl start nfs-server
Enable Firewall ports to communicate with client
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --permanent --add-service=rpc-bind
Above commands will enable the firewall ports from server to client
Create and Configure NFS share
# mkdir /ravi
# chown nfsnoboddy:root /ravi

#chmod 770 /ravi
# vim /etc/exports
/ravi 192.168.4.0/24(rw)
Save & Exit (:wq)
# exportfs -avr
That’s it from server side configuration.

Now we may get one question in mind that do we need to write NFS
SELinux context to NFS shares and Services, Not required since NFS
services default use kernel_t to run
Login to client machine and try to ping to NFS server machine to confirm client is
communicating with NFS server.
# showmount -e NFS-SERVER-IP
# showmount -r 192.168.4.20
To see the NFS shares, which are shared from NFS server
Manually mounting the NFS shares using mount command
# mount -t nfs -o sync 192.168.4.20:/ravi /mnt/nfs
# df -h
Now you should to see an mount point /mnt/nfs
That’s it very easy and simple way to configure nfs server
Conclusion
You learn that how to install and configure NFS server in Linux
Please do comment your feedback on the same
File system Usage Monitoring Script
Reset root user password in RHEL 7
Stale File Handle Error Resolution
RHCSA video tutorial
Firewalld installation configuration

RHEL 7/Centos 7/Fedora 7
We always say that Linux is more secure than other Operating Systems, in
the way to provide port level security FirewallD is the best application. In
Previous Linux versions we used iptables to provide port level security.
Newer Linux versions firewalld is introduced with great features and
enhancements. Actual background of iptables and firewalld works based on
ipchains which are kernel inbuilt module. We are going to see firewalld
installation configuration RHEL 7 port level security. IPtables are absolute.
What is mean by port level security..?
Now a days security plays major role in protecting the servers and its data
from theft. A simple way to do packet filtering using firewalld inbuilt
application. Allow / Deny incoming connections by writing firewall rules. In
newer version of Linux such as RHEL 7 / Centos 7 and Fedora Firewall by
default disables the port communication to clients except allowed.
1. Rich Language for specific firewall rules.
2. D-Bus API.
3. Timed firewall rules.
4. IPv4 and IPv6 NAT support.
5. Create difference Firewall zones.
6. Integration with Puppet.
7. Direct interface.
8. IP set support.
9. Simple log of denied packets.
10. Automatic loading of Linux kernel modules.
11. Lock down: White listing of applications that may modify the firewall.
12. Allow / Deny specified ports
13. Allow / Deny Specified Services (No need to remember service port
number)
FirewallD is available in GUI and CLI as well, CLI tool is firewall-cmd.
Using firewall we can allow particular port to particular network / IP
Address, we can also deny particular port for particular network / IP
address.
Note: Do not use default port numbers to increase the security
Firewalld Installation and Configuration on RHEL 7 port level security
In order to use firewalld as a default we have to disable iptables and

ip6tables permanently to disable permanently do below steps, Stop
services, Disable services and mask services. When you add mask to service
if any other administrator tyring to start the services will not start until
service need to be unmask.
Step 1: Disable iptables & ip6tables services
iptables are obsolete, instead of iptables we have to use firewalld in new
versions of Linux such as RHEL 7 / Centos 7 and Fedora 24
[root@server ~]# systemctl disable iptables

[root@server ~]# systemctl disable ip6tables
Step 2: Stop Iptables & ip6tables services

[root@server ~]# systemctl stop ip6tables
[root@server ~]# systemctl stop iptables
Step 3: Mask Iptables & ip6tables services

Disabling service and Stopping service will help us to keep services in stop
state but later if you start services will start. If we add mask to service
unfortunately if you try to start the service also service will not start until
service need to be unmask
[root@server ~]# systemctl mask ip6tables

ln -s '/dev/null' '/etc/systemd/system/ip6tables.service'
[root@server ~]# systemctl mask iptables

ln -s '/dev/null' '/etc/systemd/system/iptables.service'
[root@server ~]# systemctl status iptables

iptables.service
[root@server ~]# systemctl status ip6tables

ip6tables.service
Firewalld Installation configuration RHEL

7 /Centos 7 and Fedora
Packages for firewall will be included in installation media itself no need to
configure external repositories, if you want you can also configure EPEL
repository OR Local repository
Step 4: Install packages using yum command
[root@Server ~]# yum install -y firewalld firewall-config
Verify the status of firewall service using below command, If it is in stop

status then Enable and Start
[root@server ~]# systemctl status firewalld
[root@server ~]# systemctl enable firewalld.service

ln -s '/usr/lib/systemd/system/firewalld.service' '/etc/systemd/system/dbus-
org.fedoraproject.FirewallD1.service'
ln -s '/usr/lib/systemd/system/firewalld.service'
'/etc/systemd/system/basic.target.wants/firewalld.service'
[root@server ~]# systemctl start firewalld.service
Step 5: Check your default zone and active zone
[root@server ~]# firewall-cmd --get-default-zone
public
As per above output public is the default zone we can also set other zone as
default. Using multiple zones we can mange firewall rules in very flexible
way. As a Example when we change machine network we can just change
default zone to other so that default zone rules will be applicable. Yet any
point of time one zone should be in active. firewalld installation configuration rhel 7
Step 6: Change Default Zone & verify active zone
[root@server ~]# firewall-cmd --set-default-zone=home
success
[root@server ~]# firewall-cmd --get-default-zone
home
[root@server ~]# firewall-cmd --get-active-zones

public
interfaces: eno16777736
Step 7: check firewall version
[root@server ~]# firewall-cmd --version
0.3.9
Step 8: List out interfaces in zone

check how many interfaces are associated with zone
[root@server ~]# firewall-cmd --zone=public --list-interfaces
eno16777736
Step 9: Add new interface to Zone
[root@server ~]# firewall-cmd --add-interface=eth0 --zone=public
success
Step 10: Remove Interface from Zone

[root@server ~]# firewall-cmd --remove-interface=eth0 --zone=public
success
Step 11: List out currently loaded services on

firewall
[root@server ~]# firewall-cmd --get-services
RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns
[root@server ~]# firewall-cmd --permanent --get-services
Step 12: To drop all incoming and out going

packets
[root@server ~]# firewall-cmd --panic-on [Disable incoming and out going

packets]
[root@server ~]# firewall-cmd --panic-off [Enable incoming out going packets]
[root@server ~]# firewall-cmd --query-panic [check panic mode is enabled or

disabled]
Note: Do not try above command in any production servers because it will
disable all the communication
List all open ports, add/allow ports and remove/deny ports using firewalld
in RHEL 7. We can add / remove ports to default zone are specified zone.
After every add / remove we have to reload firewalld services to take effect.
Step 13: List all ports and Services & List all ports
from specified zone
[root@server ~]# firewall-cmd --list-all [List all open ports, services and all]
public (default, active)
interfaces: eno16777736
sources:
services: dhcpv6-client mysql ssh
ports: 5666/tcp 3306/tcp 3260/tcp 5667/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@server ~]# firewall-cmd --zone=public --list-ports
5666/tcp 3306/tcp 3260/tcp 5667/tcp

Step 14: Add & Remove Ports to firewall rules
[root@server ~]# firewall-cmd --permanent --add-port=22/tcp

success
[root@server ~]# firewall-cmd --permanent --zone=public --add-port=22/tcp

success
[root@server ~]# firewall-cmd --zone=public --list-ports

5666/tcp 3306/tcp 3260/tcp 5667/tcp 22/tcp
[root@server ~]# firewall-cmd --permanent --remove-port=22/tcp

success
Adding and Removing services to the firewall. By default when you add /
remove service to firewall it will enable associated port in background
Step 15: List, Add & Remove Services to firewall
rules
[root@server ~]# firewall-cmd --list-services
dhcpv6-client mysql ssh
[root@server ~]# firewall-cmd --list-services --zone=public
dhcpv6-client mysql ssh
[root@server ~]# firewall-cmd --permanent --zone=public --add-service=http
success
[root@server ~]# firewall-cmd --permanent --add-service=https
success
[root@server ~]# firewall-cmd --list-services --zone=public
dhcpv6-client http https mysql ssh
Step 16: Firewalld configuring ports /

services using XML file
Adding and removing services/ports using XML file default file path
is “/etc/firewalld/zones/public.xml”
[root@server ~]# cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>Pulic Zone Rules</description>
<service name="dhcpv6-client"/>
<service name="http"/>
<service name="ssh"/>
<service name="https"/>
<service name="mysql"/>
<port protocol="tcp" port="5666"/>
</zone>
Step 17: Adding port forwarding

When we connect to 2080 port which request will be forwarded to 80 port.
[root@server ~]# firewall-cmd --permanent --add-rich-rule "rule family=ipv4 source

address=192.168.4.0/24 forward-port port=2080 protocol=tcp to-port=80"
success
success
Conclusion
Firewalld service will use ipchains to inject firewall rules. Firewall is used to
enable port level security which will filter incoming and out going packets
in newer versions of Linux such as RHEL 7 and Centos 7. In Ubuntu Linux
there is no firewalld is enabled.
Thanks for reading please do comment your feedback on the same.
That’t it about Firewalld.
Related Posts
Multi User Samba installation and configuration
Enabling SSL certificate along with http
Simple way to create samba server

SEO Keywords
firewalld installation configuration RHEL 7 and Centos 7 firewalld installation

configuration RHEL 7 and Centos 7 firewalld installation configuration RHEL 7 and
Centos 7firewalld installation configuration RHEL 7 and Centos 7
kerberized NFS Server Linux Simple

way to setup
NFS – Network File system is used to provide file sharing with in the Unix /
Linux environments. kerberized NFS server also used for sharing the
directories across the Unix / Linux Platforms. We assume that you already
have an kerberos server in place.
Why we have to use kerberized NFS

Server
 NFS Server without kerberos is not secure
 NFS share can be accessed by multiple users from NFS client because
there is no user level authentication when not using kerberos
 Wihtout Kerberos NFS Server and client communication is not
encrypted
 Kerberos will provide an token based authentication
 NFS with kerberos will use Keytab file to authenticate securely
 All the communication from client to server fully encrypted
Prerequisites
1. Kerberos Server for token issue authority
2. Keytab Files
3. Kerberos principles should be in place (if you want to use krb5p
authentication method)
4. LDAP server for user authentication along with kerberos
5. NFS Server should be part of LDAP client and Kerberos Client
6. Both the machines NFS Server and NFS Client should be part of
kerberos clients
7. DNS name resolution should be in working condition (In case of NO
DNS name resolution, We will add hosts file entries) Master DNS Setup
Guide
8. NFS server and NFS client should be in sync with NTP server (Should
be NTP clients)
Scenario 1: We can install DNS, Kerberos, KDC server, 365 Directory
Service, Token issue authority and LDAP. We use this single server as a
main server.
Scenario 2: We can install and configure One DNS server, One Kerberos
Server and One LDAP Server separately. This Scenario required more
hardware resource but performance will be good.
why i am explaining above two scenario’s because we are going to see the
kerberized NFS with single server all services included in one.
Environment :
Server 1 : DNS, Kerberos, 365 Directory Services and LDAP service
Server 2 : NFS Server
Server 3 : NFS Client
Main Server Side in Kerberos Server Side
We have to generate keytab files and add NFS principles in kerberos
server.
# kadmin
Authenticating as principal root/admin@ARKIT.CO.IN with password.
Password for root/admin@ARKIT.CO.IN: kerberos
kadmin: addprinc -randkey nfs/nfserv.arki.co.in
kadmin: addprinc -randkey nfs/nfsclient.arki.co.in
kadmin: ktadd nfs/nfserv.arki.co.in
kadmin: ktadd nfs/nfsclient.arki.co.in
kadmin: quit
[root@TechTutorials ~]# cp /etc/krb5.keytab /var/www/html/keytabs/nfserv.keytab
[root@TechTutorials ~]# cp /etc/kerb5.keytab

/vat/www/html/keytabs/nfsclient.keytab
Keytab file should be available for download

NFS Server Side Configuration
[root@nfserv.arkit.co.in ~]# yum install sssd* authconfig-gtk krb5-workstation
[root@nfserv.arkit.co.in ~]# yum install nfs*
After installing above packages we have to run below command in GUI

interface
[root@nfserv.arkit.co.in]# system-config-authentication
Provide the details

User Account Database: LDAP
LDAP Search Base DN: DC=arkit,DC=co.in
LDAP Server: ldap://ldap.arkit.co.in Or ldaps://arkit.co.in
Use TLS encryption connections
Authentication Method: Kerberos Password
KDC’s : ldap.arkit.co.in
## Download keytab file
[root@nfserv.arkit.co.in ~]# wget -O /etc/krb5.keytab

http://ldap.arkit.co.in/pub/keytabs/nfserv.keytab
[root@nfserv.arkit.co.in ~]# vim /etc/sysconfig/nfs
## Default line number 13
RPCNFSDARGS = "-V 4.2"
:wq
## Enable and Start NFS Server and NFS Secure Server
[root@nfserv.arkit.co.in ~]# systemctl enable nfs-secure.service
[root@nfserv.arkit.co.in ~]# systemctl start nfs-secure.service
[root@nfserv.arkit.co.in ~]# systemctl enable nfs-server.service
[root@nfserv.arkit.co.in ~]# systemctl start nfs-server.service
[root@nfserv.arkit.co.in ~]# systemctl enable nfs-secure-server.service
[root@nfserv.arkit.co.in ~]# systemctl start nfs-secure-server.service

## Create Directory to share using NFS
[root@nfserv.arkit.co.in ~]# mkdir /nfssecure
## Change Directory ownership
[root@nfserv.arkit.co.in ~]# chown ldapuser1 /nfssecure
## Applu SELinux Policy to Directory
[root@nfserv.arkit.co.in ~]# semanage fcontext -a -t public_content_rw_t

"/nfssecure(/.*)?"
[root@nfserv.arkit.co.in ~]# restorecon -R /nfs
[root@nfserv.arkit.co.in ~]# setsebool -P nfs_export_all_rw on
[root@nfserv.arkit.co.in ~]# setsebool -P nfs_export_all_ro on
Now Create NFS export and export it
[root@nfserv.arkit.co.in ~]# vim /etc/exports
/nfssecure *.arkit.co.in(rw,sec=krb5p)
:wq
The security option accepts four different values:

sec=sys (no Kerberos use)
sec=krb5 (Kerberos user authentication only)
sec=krb5i (Kerberos user authentication and integrity checking)
sec=krb5p (Kerberos user authentication, integrity checking and NFS
traffic encryption)
If you want to use sec=sys, you also need to run
# setsebool -P nfsd_anon_write 1
Now restart NFS services to reflect the changes
[root@nfserv.arkit.co.in ~]# systemctl restart nfs-server.service
[root@nfserv.arkit.co.in ~]# systemctl restart nfs-secure-server.service
[root@nfserv.arkit.co.in ~]# systemctl restart nfs-secure.service
Enable Firewall ports to communicate with NFS clients
[root@nfserv.arkit.co.in ~]# firewall-cmd --permanent --add-service=nfs
[root@nfserv.arkit.co.in ~]# firewall-cmd --permanent --add-service=mountd
[root@nfserv.arkit.co.in ~]# firewallc-cmd --permanent --add-service=rpc-bind

In order to complete Kerberized NFS Server configuration, We are done in
NFS Server we have to switch to NFS client
NFS Client Side configuration
Now start the NFS client side setup. We have to join NFS client also as
LDAP and Kerberos Client
repeat first step from NFS server configuration
## Download keytab file
[root@nfsclient.arkit.co.in ~]# wget -O /etc/krb5.keytab

http://ldap.arkit.co.in/pub/keytabs/nfserv.keytab
[root@nfsclient.arkit.co.in ~]# vim /etc/sysconfig/nfs
## Default line number 13
RPCNFSDARGS = "-V 4.2"
:wq
[root@nfsclient.arkit.co.in ~]# yum install nfs-utils*
[root@nfsclient.arkit.co.in ~]# systemctl enable nfs-secure.service
[root@nfsclient.arkit.co.in ~]# systemctl start nfs-secure.service
[root@nfsclient.arkit.co.in ~]# mkdir /mnt/nfsmount
Now edit fstab configuration file to mount NFS share permanently

[root@nfsclient.arkit.co.in ~]# vim /etc/fstab
nfserv.arkit.co.in:/nfssecure /mnt/nfsmount nfs defaults,sec=kerb5p,v4.2 0 0
:wq
[root@nfsclient.arkit.co.in ~]# mount -a
Now login as ldapuser1 and try to access the nfssecure share it will be
accessible. You can also write data to that share path.
Conclusion
kerberized NFS server is highly secured and encrypted communication.
NFS kerberized share can’t be accessible by other users who does not have
permission to NFS share within the same client.
Thanks for the read please provide your valuable comments on the same
LDAP client configuration with autofs

home directories
BY ARK · PUBLISHED MARCH 19, 2016 · UPDATED JANUARY 3, 2018
openLDAP Server installation and configuration step by step guide LDAP client.
Autofs is an excellent feature/service to mount to remote NFS shares automatically
without running mount command, even from normal users who do not require to
have mount command permissions.
LDAP Client configuration

first, install required packages, in this article we will see how to configure LDAP
client using CLI interface and GUI Interface
[root@ldapclient1 ~]# yum install -y openldap-clients nss-pam-ldapd sssd
authconfig-gtk
[root@ldapclient1 ~]# yum install nfs-utils rpcbind autofs
Using GUI mode

install above packages then enter the command “system-config-authentication“
Using CLI mode

type command “authconfig-tui“
Select [*] Use LDAP

select [*] Use LDAP Authentication
click Next
provide the ldap server details as shown above and click ok
verify the ldap user information using below command
[root@ldapclient1 ~]# getent passwd ldapuser1
ldapuser1:*:1001:1001:ldapuser1:/home/ldapuser1:/bin/bash
as you see below there is no home directory for ldapuser1
[root@ldapclient1 ~]# su - ldapuser1
su: warning: cannot change directory to /home/ldapuser1: No such file or directory
-bash-4.2$
Now mount user home directory using autofs

edit autofs master configuration file add entry
[root@ldapclient1 ~]# vim /etc/auto.master
# Sample auto.master file
# This is a 'master' automounter map and it has the following format:

# mount-point [map-type[,format]:]map [options]
# For details of the format look at auto.master(5).
/misc /etc/auto.misc
/home /etc/auto.ldapuser
now create /etc/auto.ldapuser file and add the entry for autofs mount
[root@ldapclient1 ~]# cat /etc/auto.ldapuser
* -rw 192.168.4.15:/home/&
Now restart autofs service
[root@ldapclient1 ~]# systemctl restart autofs
[root@ldapclient1 ~]# systemctl enable autofs
ln -s '/usr/lib/systemd/system/autofs.service' '/etc/systemd/system/multi-
user.target.wants/autofs.service'
login using ldapuser then verify you should get ldapuser home directory

automatically
[root@ldapclient1 ~]# su - ldapuser1
[ldapuser1@ldapclient1 ~]$
That’s it your LDAP client is configured successfully with autofs home directory

mount
Please provide your valuable feedback
KeyWords: LDAP client configuration, LDAP client home directories
using autofs, autofs LDAP client home, LDAP client home directories using autofs,
Linux LDAP client, RHEL7 LDAP client
Configure LDAP Server
Wiki
Simple way to create and manage

samba shares in RHEL 7
BY ARK · PUBLISHED MAY 20, 2016 · UPDATED NOVEMBER 18, 2018
Simple way to Create and Manage Samba Shares in RHEL 7. We can also call this
as CIFS (Common Internet File System) shares, Sharing the directories / Folders
across the corporate network. Sharing the Directories / Folders from Linux to
Windows and Windows to Linux wise versa we have to use SMB (samba)
protocol. Samba is not only used for sharing directories, we can also use it for
sharing printing services (printing server). I will explain you in detailed simple
way to create and manage samba shares in RHEL 7.
Samba Server Profile

 Packages Required: samba*
 Daemon Name: smb
 Config File Location: /etc/samba/smb.conf
Advantages
 Accessing CIFS shares across the multiple environments
 Sharing Printer using SMB
 Mount windows CIFS shares to Linux
 Fully Secured shares using user authentication
Steps to Configure samba server

Install required Packages, Start & Enable Service, Create users and convert them
as samba users, Create New Directory and Share the directory using SMB Service,
Apply SELinux context and Open Firewall Ports.
Installation of Samba Server in RHEL 7

# yum install samba*
Enabling and Starting SMB services

To Enable the SMB and its dependant service NMB, we have to use below
command
# systemctl enable smb
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-
user.target.wants/smb.service'
# systemctl enable nmb
ln -s '/usr/lib/systemd/system/nmb.service' '/etc/systemd/system/multi-
user.target.wants/nmb.service'
Starting SMB and NMB services, use below mentioned commands to start required
services
# systemctl start nmb
# systemctl start smb
# systemctl status smb
Create Directory and apply SELinux

Policy
If your SELinux is in enforcing mode then in RHEL 7 SELinux will allow any
content to be access from other servers / clients. We have to apply SELinux
context or keep SELinux in disabled / permissive mode.
before applying SELinux context
[root@desktop ~]# ls -ldZ /arkit_share
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /arkit_share
After Applied SELinux context
# mkdir /arkit_share
# semanage fcontext -a -t samba_share_t "/arkit_share(/.*)?"
# restorecon -vRF /arkit_share
# ls -ldZ /arkit_share
drwxr-xr-x. root root system_u:object_r:samba_share_t:s0 /arkit_share
As shown above when you applied an SELinux context to particular directory you
can see using ls -ldZ command. Change directory permissions for user
# ls -ld /arkit_share/
# chown arkit:root /arkit_share/
# ls -ld /arkit_share/
Create users and convert them as Samba

Users
[root@desktop ~]# useradd arkit -s /sbin/noshell
[root@desktop ~]# smbpasswd -a arkit
New SMB password:
Retype new SMB password:
Added user arkit.
Create an normal user with restricted shell access then convert the same user as
samba user. Below is the command to verify samba user is correctly created or Not
# pdbedit -L -v
Configuring samba / CIFS shares
Edit the configuration file to share directory using SMB / SAMBA server.
/etc/samba/smb.conf
# vim /etc/samba/smb.conf
[CIFS_Share]
comment = CIFS share for windows clients
path = /arkit_share
browseable = yes
valid users = arkit
writable = yes
Save the file and Exit

 [CIFS_Share] – Share Name
 Path – Directory path which directory you would like to share
 Valid Users – User Name which user we are providing the access
 writable – Providing Write permissions to share ( this permission will be
overwritten by Actual Directory permissions)
Enabling Firewall to access from Client

# firewall-cmd --permanent --add-service=samba
success
# firewall-cmd --reload
success
Restart the Samba service to reflect changes

# systemctl restart smb.service
# systemctl restart nmb.service
Accessing from Client Side SMB

/CIFS Share
Install required packages to access SMB share from Linux client
# yum install cifs-utils
Installed:
cifs-utils.x86_64 0:6.2-7.el7
Complete!
Create directory for mount point
# mkdir /cifs
# mount -t cifs -o username=arkit //192.168.4.21/CIFS_Share /cifs/
Password for arkit@//192.168.4.21/CIFS_Share: ******

That’s it about simple way to create and manage samba shares in RHEL 7. We will
in next article how to auto mount CIFS /SMB share and adding entry into /etc/fstab
file. Simple way to create and manage samba Simple way to create and manage
samba Simple way to create and manage samba Simple way to create and manage
samba Simple way to create and manage samba
Linux Tutorial
CIFS share multi user access
samba share multi user access

In previous article we discussed about creating and configuring SMB / CIFS
share with single user support which CIFS share can’t be accessed by
multiple users. In this article we are going to discuss about samba share
multi user access which means SMB / CIFS share can be accessed by
multiple users with in the server OR from client.
Creating SMB / CIFS share means it should be accessible from UNIX and
Windows platforms. Samba Share user access must be identified with valid
users and groups by checking their passwords then controls by comparing
their access rights to the permissions on files and directories.
SMB / CIFS share features
 Active File sharing
 Faster data transfer in low band width network
 Secure Data Transfer with user credential
 Node Fault tolerance
 Scalable
Samba Server Profile
 Packages required: samba*
 Daemon Name: smb
 config File Location: /etc/samba/smb.conf
Let’s see how to create samba
share multi user access
[root@ArkIT ~]# yum install samba*
Now Enable and Start SMB service. Enabling service which will
automatically start the smb service immediate after server reboot.
# systemctl enable smb.service
# systemctl start smb.service
Make an directory to share using SMB / CIFS
# mkdir /arkit-multiuser
By default SELinux is enabled. SELinux will not allow to share directory

with other network client without proper SELinux security policies
# semanage fcontext -a -t samba_share_t "/arkit-multiuser(/.*)?"
# restorecon -vRF /arkit-multiuser/
# ls -ldZ /arkit-multiuser/
drwxr-xr-x. root root system_u:object_r:samba_share_t:s0 /arkit-multiuser/

SELinux context for SMB / CIFS share is samba_share_t
Enabling the firewall ports to communicate with clients
# firewall-cmd --permanent --add-service=samba
success
success
Adding normal users and converting them as

Samba users
# useradd ravi
# useradd ramana
# useradd srikanth
# smbpasswd -a ravi
New SMB password:
Added user ravi.
# smbpasswd -a ramana
New SMB password:

Added user ramana.
# smbpasswd -a srikanth
New SMB password:
Added user srikanth.
To verify Samba user
# pdbedit -L -v
Creating common group and add user to group provide access
# groupadd IT
# usermod -aG IT ravi
# usermod -aG IT ramana
Configuring the Samba share with multi user support. Edit the
configuration file and add the configuration yet end of config file
[root@server ~]#vim /etc/samba/smb.conf

[multiuser]
comment = Information Technology Team
path = /arkit-multiuser
write list = @IT
hosts allow = 192.168.4.
Save and Exit

That’s about server side configuration
Now client side configuration
[root@server ~]# yum install cifs-utils
Now create an file in /root with username and password and restrict

access to other user
[root@server ~]# vim /root/access
[root@server ~]# chmod 600 /root/access
[root@server ~]# ls -l /root/access
-rw-------. 1 root root 30 May 29 18:24 /root/access
[root@server ~]# cat /root/access
username=ravi
password=redhat
Open /etc/fstab file and mount the samba share permanently
[root@Client ~]#vim /etc/fstab
//192.168.4.20/multiuser /mnt/coss cifs

credentials=/root/access,defaults,multiuser,sec=ntlmssp 0 0
Save & Exit
# mount -a
now let login to other user and check the CIFS share visibility and access
# cifscreds add 192.168.4.20
Check using df command

That’s it.
Conclusion
samba share multi user access SMB / CIFS has been created. Now you
learned that creating and configuring samba multi user access
Related Articles
Linux Tutorial
CIFS Share Single USer
Video tutorial
HowTo Install KVM Hypervisor
RHEL 7 Kernel-Based Virtual
Machine
BY ARK · PUBLISHED JUNE 23, 2017 · UPDATED AUGUST 19, 2017
We have many hypervisor’s in IT industry but opensource solutions are very
popular. KVM is one of it. KVM stands for Kernel-Based Virtual Machine Using
KVM we can run multiple machines within one server. It will support multiple
operating systems Like: Windows, SUSE, Centos, Ubuntu and Etc.. In this Article
we are going to see HowTo Install KVM Hypervisor (Kernel-Based Virtual
Machine) RHEL 7/Centos 7.
KVM is called as kernel-Based because whenever you install packages which goes
and load from kernel level modules.
KVM Hypervisor Advantages

 No Vendor Dependency it’s fully Open source Solution
 Cross Platform support
 High Performance workloads accepted
 Affordable and low cost
 Highly Secure by SELinux technologies
Verify the processor type using below command, some times we have to enable
virtualization option in BIOS or else full functionality of virtualization will not
work. If your command get the output as shown below it works. If not VT is not
enabled so your machines does not support for KVM.
# egrep '(vmx|svm)' /proc/cpuinfo
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36
clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm
constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf
eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm
pcid dca sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm arat
epb xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid
Install KVM Hypervisor RHEL 7/Centos

7
During Operating System Installation also you can install Virtualization directly
Package Selection
Click on software Selection
Software Selection
Select Either Virtualization Host Or Server GUI and Select Virtualization selection
Prerequisites and required packages you have to install in order to get KVM
functionality enabled
# yum install qemu-kvm qemu-img libvirt virt-install libvirt-python virt-manager
virt-install libvirt-client virt-viewer
Or Else we can also used yum group to install virtualization
# yum groupinstall "Virtualization Host"
 qemu-kvm = QEMU Emulator

 qemu-img = QEMU Disk Image Manager
 virt-viewer = Graphical Interface to see virtual machine console
 virt-manager = GUI to Manage Virtual Machines
 libvirt = libvirtd daemon to run services
 libvirt-client = Libvirt client packages
After installing required packages verify KVM module is visible from kernel using
below command. Insert KVM module to kernel using modprobe command
[root@ArkitServer ~]# lsmod |grep kvm
[root@ArkitServer ~]# modprobe kvm
[root@ArkitServer ~]# lsmod |grep kvm
kvm 554609 0
irqbypass 13503 1 kvm
Now Start KVM supportable services

# systemctl enable libvirt-guests.service
Created symlink from /etc/systemd/system/multi-user.target.wants/libvirt-

guests.service to /usr/lib/systemd/system/libvirt-guests.service.
# systemctl enable libvirtd
# systemctl start libvirt-guests.service
# systemctl start libvirtd
# systemctl status libvirt-guests.service
# systemctl status libvirtd
Note: virt-Manager and virt-viewer required Graphical User Interface to launch

virtual machine manager
If you have installed only minimal installation Operating system then you must
install GUI
# yum install "@X Window System" xorg-x11-xauth xorg-x11-fonts-* xorg-x11-utils -y
Or
# yum groupinstall "Server with GUI"
Start Virt-Manager
By Default virtual machines supportable files are going to store in
/var/lib/libvirt/images/ make sure before start virt-manager you have enough space
to deploy /create virtual machine.
virt-manager we can either from command line or GUI ( install KVM
Hypervisor )
From GUI Click on Applications –> System Tools –> Virtual Machine
Manager
virt-manager from GUI
Command Line
# virt-manager
Create New Virtual Machine from GUI
Click on the Icon to create New Virtual Machine from GUI Mode
Creating Virtual Machine using KVM
Select Appropriate option to load Operating system in this case i am selecting ISO
or CD-ROM and Click Forward
Select ISO
You have ready with .iso file for installing operating system, copy .iso file to base
Linux machine to attach. Browse and attach ISO file click Forward
CPU and Memory
Provide Appropriate CPU’s and Memory (RAM) for virtual machine and Click
Forward
Disk Space
Provide Disk Space and Click Forward

Virtual Machine Final
Give virtual Machine name, Select Network options and Click Finish
# virt-install --name=ArkitRHEL7 --ram=1024 --vcpus=1

--cdrom=/var/lib/libvirt/images/rhel-server-7.3-x86_64-dvd.iso --os-type=linux
--os-variant=rhel7 --network bridge=br0 --graphics=spice --disk
path=/var/lib/libvirt/images/rhel7.dsk,size=20
Instead of going trough all the above steps simply create Virtual Machine using
command line
That’s it about Install KVM Hypervisor RHEL 7 Kernel-Based Virtual Machine
Related Articles
Setting Up Linux Lab at Home
Introduction to Linux Operating System Centos 7
Logical Volume Manager
PXE Boot server configuration step by
step Guide
BY ARK · PUBLISHED MARCH 20, 2016 · UPDATED MAY 17, 2018
Preboot execution Environment (PXE Boot, sometimes pronounced as pixie)
specification describes a standardized client-server environment that boots a
software assembly, retrieved from a network, on PXE-enabled clients. On the
client side it requires only a PXE-capable network interface controller (NIC), and
uses a small set of industry-standard network protocols such as DHCP and TFTP.
The concept behind the PXE originated in the early days of protocols like
BOOTP/DHCP/TFTP, and as of 2015 it forms part of the Unified Extensible
Firmware Interface (UEFI) standard. Given fast and reliable local area networks
(LANs), PXE is the most frequent choice for operating system booting, installation
and deployment.
Assume if there is no PXE Boot server we have to have more OS CD/DVD’s to
install multiple clients and require manual intervention to configure partitions,
software packages users creation so an.
PXE Boot is very useful when we looking to re-image / install more clients yet a
time.
Server OS – RHEL 7 / Centos 7
Note: Observe carefully and do not miss even single character of config files,
which may result un-successful PXE Boot Server.
PXE Boot Advantages :

1. No need to carry Installation media all the times
2. Less manual intervention required
3. No need to monitor installation process
Let’s see the procedure how to configure PXE Boot server
Step 1: Assign static IP address to PXE

Boot Server
using below command we can assign static IP address to server in RHEL7 / Centos
7
[root@Ark-PXEBootServer ~]# nmcli connection modify eno16777736 ipv4.addresses

192.168.4.13/24 ipv4.gateway 192.168.4.2 ipv4.dns 192.168.4.12 ipv4.method manual
connection.autoconnect yes
Bring down and bring up interface connection to reflect changes OR restart

network service systemctl restart network.service
[root@Ark-PXEBootServer ~]# nmcli connection show
eno16777736 c3d606c9-1e71-4c62-8280-7b2380d11b97 802-3-ethernet eno16777736
[root@Ark-PXEBootServer ~]# nmcli connection down eno16777736
[root@Ark-PXEBootServer ~]# ip a
Step 2: Install FTP server and copy OS

CD / DVD content to FTP path
mount the installation media to your server and copy the total content to FTP path
[root@Ark-PXEBootServer ~]# mount /dev/sr0 /run/media/root/

[root@Ark-PXEBootServer ~]# rpm -ivh /run/media/root/RHEL-7.1\
Server.x86_64/Packages/vsftpd-3.0.2-9.el7.x86_64.rpm
[root@Ark-PXEBootServer ~]# cd /run/media/root/RHEL-7.1\ Server.x86_64/
[root@Ark-PXEBootServer ~]# cp -Rvf * /var/ftp/pub/
Now create an YUM server using copied packages
[root@Ark-PXEBootServer ~]# cd /etc/yum.repos.d/
[root@Ark-PXEBootServer ~]# vim localyum.repo
[localyum]
name=local yum server
baseurl=file:///var/ftp/pub/
enable=1
gpgcheck=0
:wq (Save & Exit)
[root@Ark-PXEBootServer ~]# cd /var/ftp/pub/repodata/

[root@Ark-PXEBootServer ~]# cp
527a8b3063d516bd9d4cf33ebf5f8c5a0e83fecb48babbb9e84c7c573004b3f4-comps-
Server.x86_64.xml /var/ftp/pub/comps-Server.x86_64.xml
[root@Ark-PXEBootServer ~]# rpm -ivh /var/ftp/pub/Packages/createrepo-0.9.9-

23.el7.noarch.rpm
[root@Ark-PXEBootServer ~]# createrepo -vg /var/ftp/pub/comps-Server.x86_64.xml

/var/ftp/pub/
[root@Ark-PXEBootServer ~]# yum grouplist
Step 3: Install and configure httpd /

Apache / Web server
Install required packages and point the copied packages to web server default
location. Permit SeLinux.
[root@Ark-PXEBootServer ~]# yum install httpd system-config-kickstart -y
[root@Ark-PXEBootServer ~]# ln -s /var/ftp/pub/ /var/www/html/
[root@Ark-PXEBootServer ~]# systemctl restart vsftpd.service
[root@Ark-PXEBootServer ~]# systemctl status vsftpd.service
[root@Ark-PXEBootServer ~]# systemctl enable vsftpd.service
[root@Ark-PXEBootServer ~]# systemctl restart httpd.service
[root@Ark-PXEBootServer ~]# systemctl status httpd.service

[root@Ark-PXEBootServer ~]# systemctl enable httpd.service
[root@Ark-PXEBootServer ~]# restorecon -Rvf /var/www/html/
[root@Ark-PXEBootServer ~]# restorecon -Rvf /var/ftp/pub/
[root@Ark-PXEBootServer ~]# systemctl restart vsftpd.service
[root@Ark-PXEBootServer ~]# systemctl restart httpd.service
Step 4: Generate unattended configuration

file
To generate un-attended configuration file we have to use kickstart config tool
Required GUI to launch this tool
Login to your server using GUI support and run below command
[root@Ark-PXEBootServer ~]# system-config-kickstart

as shown in above screen select system language, keyboard language and root
password
provide IP address and location of your DVD content path
Select install new boot loader

Select Clear Master boot Record and Click on Add
Add paritions ” /, /boot and swap” by repeating Add button

Click on Add Network Device and provide Network device name and Type
Authentication tab no need select anything leave it as it is
Select the option if you want enable Firewall configuration after the client
installation
in this GUI tool there is no option to include packages, we have to add them by
manually
in Post installation Script if you want to execute any script after the installation you
can include them
Save the file to /var/ftp/pub/ location
Now edit the configuration file and add packages list to that config file
we can make use of anaconda-ks.cfg file add blod characters to
your /var/ftp/pub/auto.cfg file
[root@ldapclient1 pub]# vim /var/ftp/pub/auto.cfg
#platform=x86, AMD64, or Intel EM64T

#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'# Reboot after installation
reboot
# Root password
rootpw --iscrypted $1$AWgTZ0t6$q/EdV2HgySO.sNxekJdEb.
# System timezone
timezone Asia/Kolkata
# Use network installation
url --url="http://192.168.4.13/pub"
# System language
lang en_US
# Firewall configuration
firewall --disabled
# Network information
network --bootproto=dhcp --device=eth0
# System authorization information
auth --useshadow --passalgo=sha512
# Use graphical install
graphical
firstboot --disable
# SELinux configuration
selinux --enforcing
# System bootloader configuration

bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all
# Disk partitioning information
part /boot --fstype="xfs" --size=200
part / --fstype="xfs" --size=10000
part swap --fstype="swap" --size=2000
%packages
@base
@compat-libraries
@core
@desktop-debugging
@dial-up
@fonts
@gnome-desktop
@guest-agents
@guest-desktop-agents
@input-methods
@internet-browser
@multimedia
@print-client
@x11
chrony
kexec-tools
kexec-tools
%end
%post
useradd ravi
echo "ravi" |passwd --studin redhat
%end
Step 5: Install and configure tftp Server

and DHCP server
Xinetd listens for incoming requests over a network and launches the appropriate
service for that request
DHCP – Dynamic Host Configuration Protocol – to assign automatic IP address to
PXE Boot client
Trivial File Transfer Protocol (TFTP) is a simple, lockstep, File Transfer Protocol
which allows a client to get from or put a file onto a remote host. One of its
primary uses is in the early stages of nodes booting from a local area network.
TFTP has been used for this application because it is very simple to implement
[root@Ark-PXEBootServer ~]# yum install syslinux xinetd tftp-server dhcp -y
[root@Ark-PXEBootServer ~]# mkdir /var/lib/tftpboot/pxelinux.cfg
[root@Ark-PXEBootServer ~]# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
Enable TFTP service to run under the xinetd service
[root@Ark-PXEBootServer ~]# vim /etc/xinetd.d/tftp

[root@Ark-PXEBootServer ~]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
[root@Ark-PXEBootServer ~]# systemctl restart xinetd.service

[root@Ark-PXEBootServer ~]# systemctl enable xinetd.service
Configure the DHCP server, below mentioned configuration we have to modify in

dhcp configuration file. (block and Bold characters)
[root@Ark-PXEBootServer ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example

/etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y
[root@Ark-PXEBootServer ~]# vim /etc/dhcp/dhcpd.conf

################################ DHCP SERVER CONFIG START
############################
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
Allow booting;
Allow bootp;
authoritative;
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.

#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
subnet 10.152.187.0 netmask 255.255.255.0 {
}
# This is a very basic subnet declaration.
subnet 192.168.4.0 netmask 255.255.255.0 {
range 192.168.4.1 192.168.4.50;
option routers 192.168.4.13;
}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
subnet 192.168.4.0 netmask 255.255.255.0 {
range dynamic-bootp 192.168.4.101 192.168.4.200;
option broadcast-address 192.168.4.255;
option domain-name "arkit.co.in";
option domain-name-servers 192.168.4.12;
filename "pxelinux.0";
next-server 192.168.4.13;
}
###################### DHCP SERVER CONFIG FILE ############################
Verify the dhcp configuration and restart the service
[root@Ark-PXEBootServer ~]# dhcpd configtest
[root@Ark-PXEBootServer ~]# systemctl restart dhcpd.service
[root@Ark-PXEBootServer ~]# systemctl status dhcpd.service
Step 6: Configure boot menu and image

for remote PXE Boot client
Configure and design the boot menu, this menu is visible yet the client side
[root@Ark-PXEBootServer ~]# cd /var/ftp/pub/images/pxeboot/
[root@Ark-PXEBootServer pxeboot]# cp initrd.img vmlinuz /var/lib/tftpboot/
[root@Ark-PXEBootServer pxeboot]# cp /usr/share/syslinux/menu.c32

/var/lib/tftpboot/
[root@Ark-PXEBootServer isolinux]# cd /var/ftp/pub/isolinux/
[root@Ark-PXEBootServer isolinux]# cp -rvf * /var/lib/tftpboot/
[root@Ark-PXEBootServer isolinux]# vim /var/lib/tftpboot/pxelinux.cfg/default
[root@Ark-PXEBootServer isolinux]# cat /var/lib/tftpboot/pxelinux.cfg/default
default vesamenu.c32
timeout 600
display boot.msg
menu background splash.jpg

menu title Welcome to the RHEL 7 PXE Installation!
label local
menu label boot from ^local drive

menu default
localboot 0xffff
label ws
menu label Unattend Installation of RHEL7
kernel vmlinuz
append biosdevname=0 ksdevice=link load_ramdisk=1 initrd=initrd.img network
ks=http://192.168.4.13/pub/auto.cfg noipv6
label si
menu label RHEL 7 ^Standard Installation
kernel vmlinuz
append biosdevname=0 ksdevice=link load_ramdisk=1 initrd=initrd.img
[root@Ark-PXEBootServer isolinux]# systemctl restart xinetd

[root@Ark-PXEBootServer isolinux] systemctl status xinetd
Step 7: Enable firewall ports

Enable ftp, dhcp, http, nfs and 4011 port from firewall
[root@ldapclient1 ~]# firewall-cmd --permanent --add-service=ftp
success
[root@ldapclient1 ~]# firewall-cmd --permanent --add-service=tftp
success
[root@ldapclient1 ~]$ firewall-cmd --permanent --add-service=dhcp
success
[root@ldapclient1 ~]# firewall-cmd --permanent --add-service=nfs
success
[root@ldapclient1 ~]$ firewall-cmd --permanent --add-port=4011/tcp
success
[root@ldapclient1 ~]# firewall-cmd --reload

success
That’s it. PXE Boot server is configured successfully

Go to Client and and boot the client using PXE
Client is getting the IP address from DHCP server
Boot menu. Select the appropriate option and hit enter
Automated OS Installation using

Kickstart Method Linux RHEL7
BY ARK · PUBLISHED FEBRUARY 25, 2017 · UPDATED DECEMBER 11, 2018
Kickstart Means automated. Automated os installation using Kickstart method
Linux RHEL7 is made very simple. We can use Kickstart method to install N
number of servers yet the same time because this method does not require user
intervention while the installation process. Oh. 🙂 sounds awesome but how this is
going to accomplish.? In this Kickstart method, we are going to create a config file
which contains all answers for operating system installation.
Automated OS Installation Advantages

 Install More than one server at the same time
 Save lot of time by creating auto answer file
 Multiple Distributions also supported
 Post-installation scripts help in automating more tasks
Kickstart Method uses below protocols

 NFS
 HTTP
 FTP
Step 1: Mount ISO and Dump Media

Source files
First choose the protocol which you’re going to use for this Kickstart method
installation, above mentioned protocols will be supported. HTTP, HTTPS, NFS,
and FTP.
For NFS server location you can make any directory under / (slash) and copy the
media
If HTTP / HTTPS use default path as /var/www/html
FTP protocol use /var/ftp/pub/as default path
Mount ISO file or CD/DVD media
ISO file mounting
[root@ArkIT]# mount /tmp/RHEL7.iso /mnt
CD/DVD media mounting
[root@ArkIT]# mount /dev/sr0 /mnt
Web server Path: cp -rfv /mnt/* /var/www/html/

FTP server Path: cp -rfv /mnt/* /var/ftp/pub/
NFS Server Path: cp -rfv /mnt/* /nfsserver/
Step 2: Installation and generate Kickstart
file / Auto Answer File
[root@ArkIT ~]# yum install system-config-kickstart
Total download size: 1.7 M
Installed size: 6.4 M
Is this ok [y/d/N]: y
Complete!
Step 3: Generating Auto Answer File

After installing Kickstart config generator we have to open the tool and generate
auto answer file.
[root@ArkIT ~]# system-config-kickstart
Opening Kickstart File Generator
As shown in above screenshot select required options

 Default Language
 Keyboard
 Time Zone
 Root Password and Confirm Password
 Target Architecture
 Reboot system After Installation
Installation Method
Select Installation method either perform a fresh installation or upgrade an existing

installation. Kickstart supports upgrade option as well.
Boot Loader options
If you would like to install new bootloader then select to install a new bootloader
or else select do not install the bootloader. If you’re interested in setting up the
GRUB password you can also do that by selecting the GRUB password option and
provide a password.
Partition Information Tab
Using Partition Information tab declare partition details which are the partitions
you would like to create.
 Clear Master Boot Record — Will clear before boot record if any
 Do Not Clear Master Boot Record — It will not touch the previous boot
record
 Remove all – Will remove all existing partitions and create new
 Remove only existing Linux partitions – it will not delete NTFS partitions
 Preserve existing partitions – Will does not touch any of existing partitions
Note: There is no option to create LVM partitions in this tool, Add config
definition after file generation.
Network Configuration Tab

Network configuration tab will help you to configure NIC, IP Address and
Network Device
Added Network Device
Authentication Tab
Authentication Configuration is the option where you can select the option to join
to NIS, LDAP, Kerberos and local encrypted authentication
Firewall Options
The decision to Enable / Disable firewall and its security level
Display Configuration
Would like to install graphical environment than simply select option

Package selection
Note: Package option did not have an option to select packages, after generating
config file will add
Pre-installation script
Before starting installation would like to run any script you can include
Post-Installation script
After installation run script
save auto answer configuration file
Step4: Adding LVM config and Packages

list
Simply generating Kickstart file will not work as expected, we have to add LVM
configuration and Packages which you would like to install, edit the config file and
add
Edit config file and add below lines to create LVM partitions and packages
installation Automated OS installation
# Partition clearing information
clearpart --all --initlabel
volgroup rhel --pesize=4096 PV0
part PV0 --fstype=lvmpv --ondisk=sda --size=50000
part /boot --fstype=xfs --size=500
logvol / --vgname=rhel --name=root --fstype=xfs --size=10000
logvol /var --vgname=rhel --name=var --fstype=xfs --size=8000
logvol swap --vgname=rhel --name=swap --fstype=swap --size=8000
logvol /home --vgname=rhel --name=home --fstype=xfs --size=7000
logvol /usr --vgname=rhel --name=usr --fstype=xfs --size=7000
%packages
@base
@core
@desktop-debugging
@dial-up
@fonts
@gnome-desktop
@guest-agents
@guest-desktop-agents
@input-methods
@internet-browser
@mariadb
@multimedia
@print-client
@x11
kexec-tools
Step5: Sharing Auto Answer file using

protocols
I would like to write all the protocol steps here, but follow the only one which you
would like to do.
Steps for the HTTP protocol
[root@ArkIT ~]# yum install http*
[root@ArkIT ~]#systemctl enable httpd.service

ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-
user.target.wants/httpd.service'
[root@ArkIT ~]#systemctl start httpd.service
[root@ArkIT ~]#systemctl status httpd.service
Install HTTP packages, enable web service and start web service. Enable service
and port number in a firewall. Automated OS installation
[root@ArkIT ~]#firewall-cmd --permanent --add-service=http
success
[root@ArkIT ~]#firewall-cmd --permanent --add-service=https
success
[root@ArkIT ~]#firewall-cmd --reload
success
copy the auto answer file and RHEL7 media to default path /var/www/html
Steps for FTP Protocol Linux RHEL7

Installing required packages for FTP and start ftp service
# yum install vsftpd*
# systemctl enable vsftpd.service

# systemctl start vsftpd.service
# systemctl status vsftpd.service
# firewall-cmd --permanent --add-service=ftp
Copy Kickstart file and Media files to /var/ftp/pub/ path

NFS server installation and configuration see this full guide
Client Side OS Installation

Boot client machine with OS CD/DVD
Boot Menu
When you see above boot menu options do not select anyone just press Escape
button
boot: linux ks=http://192.168.4.27/rhel7/ks.cfg
Hi Enter.
That’s It. Your Installation process starts and will complete
automatically. Automated OS installation
Conclusion Kickstart method

Setting up kick start method is very easy and simple. Kickstart installation process
very useful when you would like to deploy Linux in a large number of servers.
RHEL 7 Linux Boot Process The

Millionaire Guide to understand
deeply
BY ARK · PUBLISHED JULY 5, 2016 · UPDATED SEPTEMBER 12, 2017
As a Administrator we have to know Linux boot process which help us to
troubleshoot if Linux server struck up in booting. In new version of Linux like
RHEL 7 / Centos 7 / Fedora 24 Linux Boot process made very faster compare to
old versions. New version of Linux includes systemd which is replacement for
Init.
Systemd is introduced as a first modification still it support init scripts as backward
compatibility symbolic link from /sbin/init –> /usr/lib/systemd/systemd.
What’s New in Systemd
1. Service level dependency defined to make boot process faster
2. All services / Processes will start as a control groups not by PID’s, Control
groups adds an tag to all components of a service which make sure that all its
components started properly
3. Systemd as a full control to restart crashed services and its components
Let’s See Linux Boot Process in detailed

Linux boot process
Step 1: Power ON

When you press on power on button SMPS (switch mode power supply) will get
an signal to power on, immediate after it PGS (Power on boot signal) will execute
to get power to all components.
Step 2: POST
(Power-on-Self-Test) is diagnostic testing sequence all the computer parts will
diagnose there own.
Step 3: BIOS
(Basic Input Output System) BIOS is program which verifies all the attached
components and identifies device booting order
Boot Device Order
Based on device order BIOS will first boot device, in this case we are considering
as HDD as first boot device.
Step 4: MBR
(Master Boot Record) contains Boot Loader, Partition information
and Magic Blocks
MBR Size 52bytes
 Boot loader – contains boot loader program which is 446 bytes in size.
 64 Bytes of partition information will be located under MBR, which will
provide / redirects to actual /boot partition path to find GRUB2
 2bytes are magic bytes to identify errors
Step 5: GRUB
(Grand Unified Boot Loader) configuration file located in /boot/grub2/grub.cfg
which actually points to initramfs is initial RAM disk, initial root file system will
be mounted before real root file system.
Basically initramfs will load block device drivers such as SATA, RAID .. Etc. The
initramfs is bound to the kernel and the kernel mounts this initramfs as part of a
two-stage boot process.
Step 6: KERNEL
GRUB2 config file will invoke boot menu when boot is processed, kernel will
load. When kernel loading completes it immediately look forward to start
processes / Services.
Step 7 : Starting Systemd the first system

process
After that, the systemd process takes over to initialize the system and start all the
system services. How systemd will start.
As we know before systemd there is no process / service exists. Systemd will be
started by a system call fork( ); fork system call have an option to specify PID, that
why systemd always hold PID 1.
As there is no sequence to start processes / Services, based on default.target will
start. If lot many services enabled in default.target boot process will become slow.
Step 8: User Interface (UI)

Once that’s done, the “Wants” entry tells systemd to start the display-
manager.service service (/etc/systemd/system/display-manager.service), which
runs the GNOME display manager.
Your User interface start and prompt you for credential to login.
Below are the commands to know time of booting process taken
[root@server ~]# systemd-analyze time

Startup finished in 1.895s (kernel) + 2.622s (initrd) + 20.402s (userspace) =
24.919s
[root@server ~]# systemd-analyze blame

6.850s firewalld.service
5.714s mariadb.service
5.509s tuned.service
5.350s plymouth-quit-wait.service
Thanks for the Read
reset root user password RHEL7 Or

Centos 7 Without Rebuilding OS
BY ARK · PUBLISHED MAY 12, 2016 · UPDATED JUNE 26, 2018
reset root user password rhel7 and centos 7. Sometimes if you forgot root user
password, you can’t reset root user password from any other user since Linux is
not allowed to reset the root user password from other Normal / Administrator
user. Maybe you have to rebuild entire host, using this below method if you have
physical access to server you can recover root password.
If your going to write RHCSA (Red hat Certified System Administrator) and
RHCE (Red hat Certified Engineer) certifications this is the first step you have to
resolve.
reset root user password RHEL7
When you type wrong password above authentication failure screen will appear.
Then in the top right corner there is a power button will appear as shown in below
screenshot, click on power button then click restart
Click Restart
Server will restart.
When server is loading boot menu then press any key (Arrow Key / Space Bar) to
stop the boot menu, then press ‘e’ to edit the kernel line. Whenever kernel lines are
edited below screen will appear
in kernel line where you see “linux16” word go to end of that line and
type rd.break console=tty1 then press CTRL+X
server will continue to boot in single user mode. File system in this mode will be in
Read Only mode. So we have to remount the file system as Read / Write then only
we can able to make a change in configuration files. when we change an Password
of root user encrypted password will be stored in /etc/shadow.
switch_root# mount -o remount,rw /sysroot
above command will mount an file system as read-write
switch_root# chroot /sysroot
above command will change as actual root

sh-4.2# passwd
above command will change the password of root user

Now root password is changed.
Note: In RHEL7 by default SELinux is in enforcing state so we have to relabel
the SELinux then only server will boot properly when you reboot to do that follow
the below steps
sh-4.2# touch /.autorelabel
Above mentioned command will create an hidden file under the slash which means
SELinux will auto matically relabel the SELinux policy when server is booting.
That’s it After the successful boot of server use new password to login.
Please provide your valuable comments on the same
Keywords:
reset root user password rhel7, reset root user password centos 7, changing root
user password rhel7, how to reset root user password in linux
root user password reset – Redhat

Enterprise Linux 7
BY ARK · PUBLISHED SEPTEMBER 17, 2015 · UPDATED JULY 6, 2016
Red hat Enterprise Linux 7 root user password reset process. We have to
interrupt booting process of Linux machine then enter into the single user
mode and reset forgot root user password. How to reset root user password
in RHEL 7 / Centos 7 procedure explained step by step guide.
root user password reset – RHEL7
root user password reset in RHEL 7 /

Centos 7
While Linux is booting when your machine is loading boot menu stop the
booting process
edit kernel parameters
press ‘e’ to edit the boot menu parameters
interrupt booting process RHEL 7
linux16 /vmlinuz-3.10.0-229.el7.x86_64 root=/dev/mapper/rhel-root ro

rd.lvm.lv=rhel/swap crashkernel=auto rd.lvm.lv=rhel/root rhgb quiet init=/bin/bash
LANG=en_us. UTF-8
we have to add init=/bin/bash after the rhgb quiet in kernel line linux16
bash-4.2# mount |grep root
/dev/mapper/rhel-root on / type xfs (ro,realtime,attr2,inode64,noquota)
check root mount point status

/ mount point is in Read-only we have to make it to read-write so that we
can change anything to do that remount the file system with read-write
option
bash-4.2# mount -o remount,rw /
bash-4.2# mount |grep root
/dev/mapper/rhel-root on / type xfs (rw,realtime,attr2,inode64,noquota)

remount file system
use passwd command to change current root user password (Set New one)
passwd command to change root password

root user password has been resetted to new password, Here in RHEL 7 by default
SELinux is in enforcing mode so that we have to relabel the SELinux context
To relabel the SELinux context just create an new file under / which will
automatically reset required SELinux context to all the files
bash-4.2# touch /.autorelabel
bash-4.2# exec /sbin/init
SELinux relabling percentage

Linux machine will be rebooted. while rebooting you observe that SELinux
context applying status by looking yet above screenshot
That’t it about forgot root user password reset in RHEL 7
Install MariaDB 10.2 RHEL 7 / Centos
7 Complete Beginners Guide
BY RAMANA B · PUBLISHED JUNE 13, 2016 · UPDATED DECEMBER 17, 2018
We are going to see how to install MariaDB 10.2 RHEL 7 / Centos 7 Complete
Beginners Guide. Why i said Beginners guide because this is a first step
installation. Why we have to use MariaDB.
Few Features of Maria DB

 Maria DB is an open-source relational database software.
 It is a great alternative or drop-in replacement for MySQL.
 It is free and easy to use.
 MariaDB is fast, Salable and robust, with a rich ecosystem of storage
engines
 MariaDB New features include GIS and JSON support
 A non-blocking client API library
 The Aria and XtraDB storage engines with enhanced performance
 Better server status variables, and enhanced replication.
 API and ABI compatibility with MySQL
Server Profile:
1. Packages: MariaDB,MariaDB-server,MariaDB-libs
2. Daemon Name: MariaDB
3. Port Number: 3306
4. Configuration file path: /etc/my.cnf
Install MariaDB 10.2 RHEL 7 / Centos7

Let’s install maria DB packages using the local repository, along with installation
media maria DB packages also included. So not required to add external repo
packages for maria DB installation. If you want the latest version then use yum repo
from maria DB
MariaDB Repo for RHEL 7 64bit

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/rhel7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
MariaDB repo for Centos 7 64bit
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
Note: We have to enable yum group option to install mariaDB packages
[root@TechTutorials ~]# yum groupinstall mariadb*
Installed:
MySQL-python.x86_64 0:1.2.3-11.el7 mariadb.x86_64 1:5.5.41-

2.el7_0 mariadb-server.x86_64 1:5.5.41-2.el7_0
mysql-connector-odbc.x86_64 0:5.2.5-6.el7
perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64

1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-5.el7
perl-DBI.x86_64 0:1.627-4.el7 perl-Data-Dumper.x86_64 0:2.145-

3.el7 perl-IO-Compress.noarch 0:2.061-2.el7
perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-

14.el7 unixODBC.x86_64 0:2.3.1-10.el7
Complete!
Enable and Start Maria DB Service

After Completion of MariaDB package installation, we have to enable, Start the
service and verify whether itis listing on port number and status
[root@server ~]# systemctl enable mariadb.service
ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-
user.target.wants/mariadb.service'
[root@server ~]# systemctl start mariadb.service

[root@server ~]# ss -tunlp |grep mysqld
tcp LISTEN 0 50 *:3306 *:*

users:(("mysqld",4188,13))
[root@server ~]# systemctl status mariadb.service
Allow MariaDB port from the firewall to communicate from clients
[root@server ~]# firewall-cmd --permanent --add-service=mysql
success
success
How you would like to configure the MariaDB instance, Networking without
Networking.
Networking = Enable instance networking so that we can connect to instance from
remote machine
Without Networking = We can’t connect instance from the remote machine just we
can use within the server
[root@server ~]# vim /etc/my.cnf

skip-networking=1
:wq
Now restart maria.DB service to reflect the changes

Now to secure MariaDB, we have to set root user password for MariaDB, remove
an anonymous user, disallow login remotely, remove the test database and etc.
installing the MariaDB server using below command. Hardening MariaDB.
[root@server ~]# mysql_secure_installation
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
Remove anonymous users? [Y/n] y
... Success!
Disallow root login remotely? [Y/n] y
... Success!
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

Hardening MariaDB Database by creating a password
After installation of MariaDB server, database root user password is blank. So for
security to reset the root password.
Note: Without database root password we can able to login
Now connect to Maria DB server with root password first time
[root@server ~]# mysql -u root -p
Enter password:
MariaDB [(none)]>
That’s it about Install MariaDB 10.2 in RHEL 7 / Centos 7 Complete Beginners

Guide.
Conclusion
Install of MariaDB 10.2 RHEL 7 / Centos 7 is completed. MariaDB is the
replacement of Mysql in a newer version like RHEL 6 / RHEL 7 / Centos 7.
Please do comment your feedback. Stay tuned for upcoming article Database
creation, Creating Tables, user creation, granting privileges, Inserting, Updating
and deleting records
Practical grep command tricks Search

Millions Of Records
BY ANKAM RAVI KUMAR · PUBLISHED OCTOBER 6, 2015 · UPDATED MAY 5, 2018
We can grep the text as required, searching with particular string, printing lines
before and after the search string. Practical Grep command Tricks will help you to
search millions of records. Search for required text content out of big text files is
hectic task.
 -c : Print only count which matches the pattern

 -h : Display matched lines only
 -i : Ignore Upper case or Lower case (Non-case sensitive)
 -L: Without matching
 -l : Display only file names
 -n : Pattern matches lines and their line numbers
 -v : Ignore the pattern and match except
 -e exp : Expression with this option. Can use multiple times.
 -f file : Takes patterns from file, one per line.
 -E : Extended regular expressions or egrep
 -w : Match pattern with whole word
 -o : Print only the matched parts of a matching line, with each such part on a
separate output line.
First I am going to create an file to explain how grep works. The demo files
contains below lines
[root@arkit grep]# cat demofile
First line in the grep demo
Second line is this
ALL UPPERCASE CHARACTERS IN THIS LINE
below second line in this grep demo
last line of the grep demo
1. Check grep command installed..? and

its version
Red hat / Centos / Fedora use below command
rpm -qa |grep grep
In Ubuntu Operating system
dpkg -l |grep grep
To check its version in all the OS

grep -V
2. Search word in single/multiple files case

sensitive
To grep text using grep command as case sensitive no need to use any options,
default grep will search the text as case sensitive. See the below example when
searched with ‘first‘ word it does find matching in the file but when we search with
‘First‘ it find matching.
[root@arkit grep]# grep first demofile
[root@arkit grep]# grep First demofile
3. Case insensitive
word using grep -i (ignore case sensitive)
To grep text as case insensitive we have to use -i option. So it matches all the
words such as “first”, “FIRST” and “First” case insensitively as shown below.
[root@arkit grep]# grep -i first demofile

4. Search text which is not matching to
string
Below option is useful when your searching for the exclude matching word. As a
example below it is excluded “First” line from the search.
You can also use multiple strings using -e option. see the other below example
where we are excluding the ‘First‘ and ‘last‘ strings.
[root@arkit grep]# grep -v First demofile
Second line is this
[root@arkit grep]# grep -v -e "First" -e "last" demofile
Second line is this

5. Print the matching string and its after
number of lines
String and its after number of lines, we have to use -A option. See the below
example grepping the word ‘below‘ and mentioned number of lines after -A
options it prints after immediate lines.
[root@arkit grep]# grep below -A 2 demofile
6. Print the matching string and its before

number of lines
Print the string and its before number of lines, we have to use -B option. See the
below example grepping the word ‘below’ and mentioned number of lines after -B
option it prints before number of lines.
[root@arkit grep]# grep below -B 2 demofile

Second line is this
7. Print the matching string and its around

number of lines
To print matching string and its around lines we have to use -C option. See the
below example grepping for the word ‘ALL’ and mentioned number of lines after
-C option it print its above and its below line.
[root@arkit grep]# grep ALL -C 1 demofile
Second line is this <-------its Above line 1
below second line in this grep demo <-----its Below line 1
8. Search Recursively all the sub-

directories
To search all the sub-directories we have to use -r flag. See the below example to
understand the recursive search.
[root@arkit ~]# grep -ril /root/
9. grep command the string with

highlighted in color
Most of the times we search for matching strings but we have see in detailed that
where is matched string is. If we see searched string in will show in highlighted
color it will be most effective view we can see. So how we can set the grep
highlight color lets see
We can use –color option to see the string in color, as a temporary.
[root@arkit grep]# grep --color=auto CHARACTERS demofile
If you want to set this option as permanent we have to set the environment variable
[root@arkit grep]# export GREP_COLOR='1;30;42'
which basically highlights the matched pattern with foreground color black and
background color yellow (shown below in the snap).
The set display attributes list:
0 Reset all attributes
1 Bright
2 Dim
4 Underscore
5 Blink
7 Reverse
8 Hidden
Foreground Colors
30 Black
31 Red
32 Green
33 Yellow
34 Blue
35 Magenta
36 Cyan
37 White
Background Colors
40 Black
41 Red
42 Green
43 Yellow
44 Blue
45 Magenta
46 Cyan
47 White
10. Get the count of given string from

single file / multiple files
To count the matched string we have to use -c option. See the below example.
[root@arkit grep]# grep -c line demofile
11. Search for files which are matching to

the given string
We can also search the files using grep command lets see how to search files.
Below example we are searching for the demo* file.
[root@arkit grep]# grep -l this demo*
demofile
12. Beginning of line (^) using cap symbol

In grep command, caret Symbol ^ matches the expression at the start of a line. In
the following example, it displays all the line which starts with the Oct 05. i.e All
the messages logged on October 05.
[root@arkit grep]# grep "^Oct 6" /var/log/messages
Oct 6 09:56:46 localhost rsyslogd: [origin software="rsyslogd"

The ^
matches the expression in the beginning of a line, only if it is the first character in a
regular expression. ^N matches line beginning with N.
13. End of the line ( $) using dollar

symbol
Character $ matches the expression at the end of a line. The following grep
command will help you to get all the lines which ends with the word ‘interrupt’
keyword.
[root@arkit grep]# grep "interrupt$" /var/log/messages
From the above output you can come to know when all the messages has got
interrupt. Just like ^ matches the beginning of the line only if it is the first
character, $ matches the end of the line only if it is the last character in a regular
expression.
This grep command most useful commands when we want to search for some
strings in the files, searching for the particular files on the directories.
Do comment you feedback about this article
DHCP server installation and

configuration Linux
BY ARK · PUBLISHED MARCH 24, 2016 · UPDATED OCTOBER 1, 2016
DHCP server : Dynamic host configuration protocol is a Client/Server protocol
which will automatically provide IP address to the requested client. Not only IP
address along with IP it will also provide subnet mask, default gateway
and DNS IP address.
Every device on a TCP/IP-based network must have a unique unicast IP address to
access the network and its resources. Without DHCP, IP addresses for new
computers or computers that are moved from one subnet to another must be
configured manually; IP addresses for computers that are removed from the
network must be manually reclaimed.
With DHCP, this entire process is automated and managed centrally. The DHCP
server maintains a pool of IP addresses and leases an address to any DHCP-
enabled client when it starts up on the network. Because the IP addresses are
dynamic (leased) rather than static (permanently assigned), addresses no longer in
use are automatically returned to the pool for reallocation.
Server will provide a automatic IP address using DORA process which means,
D=Discovery, O=Offer, R-REquest and A=Ackowledgement see detailed
explanation about each one.
Discovery
The client broadcasts messages on the network subnet using the destination address
255.255.255.255 or the specific subnet broadcast address. A DHCP client may also
request its last-known IP address. If the client remains connected to the same
network, the server may grant the request. Otherwise, it depends whether the server
is set up as authoritative or not.
Offer
DHCP server receives a DHCPDISCOVER message from a client, which is an IP
address lease request, the server reserves an IP address for the client and makes a
lease offer by sending a DHCPOFFER message to the client. This message
contains the client’s MAC address, the IP address that the server is offering, the
subnet mask, the lease duration, and the IP address of the DHCP server making the
offer.
Request
In response to the DHCP offer, the client replies with a DHCP request, broadcast
to the server, requesting the offered address. A client can receive DHCP offers
from multiple servers, but it will accept only one DHCP offer. Based on required
server identification option in the request and broadcast messaging, servers are
informed whose offer the client has accepted. When other DHCP servers receive
this message, they withdraw any offers that they might have made to the client and
return the offered address to the pool of available addresses.
Acknowledgement
When the DHCP server receives the DHCPREQUEST message from the client, the
configuration process enters its final phase. The acknowledgement phase involves
sending a DHCPACK packet to the client. This packet includes the lease duration
and any other configuration information that the client might have requested. At
this point, the IP configuration process is completed.

while providing the permanent IP address to the DHCP client it will collect its
MAC address. Provided IP address will not changed until DHCP server lease time
expires.
DHCP Server Profile
Packages : dhcp*
Service : dhcpd.service
Config file : /etc/dhcp/dhcpd.conf
Port Number: 67
Installing DHCP server required packages using yum
[root@mail ~]# yum install dhcp*

[root@mail ~]# systemctl enable dhcpd.service
[root@mail ~]# systemctl start dhcpd.service
Job for dhcpd.service failed. See 'systemctl status dhcpd.service' and 'journalctl
-xn' for details.
you may receive above error some times don’t worry after we set and DHCP server
configuration restart service will work normally
[root@mail ~]# firewall-cmd --permanent --add-service=dhcp

success
[root@mail ~]# firewall-cmd --reload
success
Copy the sample configuration file to main configuration file. Default DHCP
server configuration will not contain anything (empty)
[root@mail ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf

cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y
Now edit the config file /etc/dhcp/dhcpd.conf
[root@mail ~]# vim /etc/dhcp/dhcpd.conf

Default Line number 48
# A slightly different configuration for an internal subnet.
subnet 192.168.4.0 netmask 255.255.255.0 {
range 192.168.4.10 192.168.4.254;
option domain-name-servers ns1.internal.example.org;
option domain-name "arkit.co.in";
option broadcast-address 192.168.4.255;
}
As shown in above we have to change subnet IP netmask IP add your domain

name, routers IP (default gateway) broadcast IP address.
After that restart the dhcpd service
[root@mail ~]# systemctl restart dhcpd.service

[root@mail ~]# systemctl status dhcpd.service
dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled)
Active: active (running) since Thu 2016-03-24 23:39:19 IST; 5s ago
dhcp server configuration verification we can verify the config file using below
command, will tell you where is the configuration went wrong
[root@mail ~]# dhcpd configtest
that’s for server side.

Go to client and test whether your getting same series IP address.
Stay tune for mac binding / reserving static IP to particular server
Configuring MAC binding in DHCP
Server
BY ARK · PUBLISHED MARCH 25, 2016 · UPDATED MARCH 25, 2018
configuring MAC binding in DHCP server means permanently assigning static
Internet protocol (IP) to the DHCP client using client MAC address.
We don’t want to give automatic IP address to servers, which are service providers.
As a example if a NFS or Samba Server IP got changed automatically after a
reboot are Network restart then all client who are acessing NFS and Samba shares
can’t be accessible using old IP address each and every time we have to intimate to
the employees if server IP address changed. Not only about accessing the NFS and
Samba shares some of the shares maybe used for hosting of application. Hot coded
links in HTML/PHP intranets all things get effected due an single IP address
change.
Our goal is to set static IP address to DHCP client (server) using DHCP server
configuration, which is called as configuring MAC binding
first step is to configure DHCP server, please refer below link
DHCP server installation and

configuration Step by Step Guide
Configuring MAC binding
after configuring the DHCP server restart the service and verify status
collect client machine MAC address simple trick, ping to all the clients which you
want configure MAC binding then run # arp -a command
[root@mail ~]# ping 192.168.4.12
PING 192.168.4.12 (192.168.4.12) 56(84) bytes of data.
64 bytes from 192.168.4.12: icmp_seq=1 ttl=64 time=0.290 ms
^C
--- 192.168.4.12 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.290/0.323/0.356/0.033 ms
[root@mail ~]# arp -a
? (192.168.4.2) at 00:50e:56:ee:4e:e2 [ether] on eno16777736
Edit the configuration and change as required
[root@mail ~]# vim /etc/dhcp/dhcpd.conf
host nfsserver {
hardware ethernet 00:50e:56:ee:4e:e2;
fixed-address 192.168.4.12;
}
as shown above we have to add host short name MAC address and host IP address.
If you want to configure MAC binding for 50 servers then copy the same line and
paste below 50 times and change there MAC address, hostname and IP address
accordingly.
test configuration file before restarting DHCP server
[root@mail ~]# dhcpd configtest
Internet Systems Consortium DHCP Server 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
restart DHCP service
That’s it restart network services in client and verify specified IP address it will
get. If you restart 100 times also you will get same IP address from DHCP lease.
Master DNS Configuration Linux Step

by Step
BY ARK · PUBLISHED MARCH 23, 2016 · UPDATED JANUARY 8, 2019
master DNS, Domain name system. DNS major role is to convert human readable
domain names to machine known numbers (IP Address). World resource
connected to the internet or a private network by decentralized naming system.
Master DNS configuration Linux Step by Step Guide.
The Domain Name System delegates the responsibility of assigning domain names
and mapping those names to Internet resources by designating authoritative name
servers for each domain. Network administrators may delegate authority over sub-
domains of their allocated name space to other name servers. This mechanism
provides distributed and fault tolerant service and was designed to avoid a single
large central database.
Based on working method types of DNS are there, few are mentioned below
1. Primary / Master DNS
2. Slave DNS
3. Forwarding DNS
4. Caching DNS
5. Authoritative-Only DNS
Primary / master DNS and Slave DNS

Servers
Given the importance of DNS in making services and entire networks accessible,
most DNS servers that are authoritative for a zone will have built-in redundancy.
There are various terms for the relationships between these servers, but generally, a
server can either be a master or a slave in its configuration.
Both master and slave servers are authoritative for the zones they handle. The
master does not have any more power over the zones than the slave. The only
differentiating factor between a master and a slave server is where they read their
zone files from.
A master server reads its zone files from files on the system’s disk. These are
usually where the zone administrator adds, edits, or transfers the original zone
files.
The slave server receives the zones that it is authoritative for through a zone
transfer from one of the master servers for the zone. Once it has these zones, it
places them in a cache. If it has to restart, it first checks its cache to see if the zones
inside are up-to-date. If not, it requests the updated information from the master
server.
Forwarding DNS Server
This approach adds an additional link in the chain of DNS resolution by
implementing a forwarding server that simply passes all requests to another DNS
server with recursive capabilities (such as a caching DNS server).
The advantage of this system is that it can give you the advantage of a locally
accessible cache while not having to do the recursive work (which can result in
additional network traffic and can take up substantial resources on high traffic
servers). This can also lead to some interesting flexibility in splitting your private
and public traffic by forwarding to different servers.
Caching DNS Server

A caching DNS server is a server that handles recursive requests from clients.
Almost every DNS server that the operating system’s stub resolver will contact
will be a caching DNS server.
Caching servers have the advantage of answering recursive requests from clients.
While authoritative-only servers may be ideal for serving specific zone
information, caching DNS servers are more broadly useful from a client’s
perspective. They make the DNS system of the world accessible to rather dumb
client interfaces.
Authoritative-Only DNS Server

An authoritative-only DNS server is a server that only concerns itself with
answering the queries for the zones that it is responsible for. Since it does not help
resolve queries for outside zones, it is generally very fast and can handle many
requests efficiently.
A Few DNS Records Master DNS Server

RHEL 7
A = Address record
PTR = Pointer record
NS = Name service / server
MX = Mail Exchanger
SOA = State of Authority
CNAME = Canonical name / Alias Name
Master DNS Server Profile

 Packages Required : bind*
 Version : 9
 Daemon : named
 Config File : /var/named/chroot/etc/named.conf
/var/named/chroot/etc/named.rfc1912.zone
 Default zone files location : /var/named/chroot/var/named/
 Port Number : 53
# yum install bind* -y
First start named-chroot before named.service because it will generate config files
# systemctl start named-chroot.service
# systemctl start named.service
# vim /var/named/chroot/etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 192.168.4.128; };

listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.4.0/24; };
(Default line number is 10-17) As shown above enter your DNS server IP address
(which is your server address) and network address which network you want to
provide DNS service.
Now edit zones configuration file
# vim /var/named/chroot/etc/named.rfc1912.zones
zone "arkit.com" IN {
type master;
file "arkit.for.zone";
allow-update { none; };
};
zone "4.168.192.in-addr.arpa" IN {
type master;
file "arkit.rev.zone";
allow-update { none; };
};
as shown above copy the zone configuration lines (Default line numbers from 19 to
23) and paste there itself. copy the Reverse zone configuration line (Default line
number 31 to 35) and paste there itself. Now modify the copied lines as per your
requirement ( which are in pink color).
zone “arkit.com” IN { in this line whatever the domain name you would like to
configure mention that
file “arkit.for.zone”; file name whatever the file name you want you can give
zone “4.168.192.in-addr.arpa” IN { in this line write your IP address in reverse
way
file “arkit.rev.zone”; file name whatever the file name you would like.
Save configuration file and Exit
Creating Zone files

Forward lookup zone – forward lookup zone will convert host name name to IP
address
Reverse lookup zone – reverse lookup zone will convert IP address to host name
change directory path to /var/named/chroot/var/named/
copy the files as per the file names which we have mentioned in above zones
configuration file
in this example
named.local –> arkit.for.zone
named.loopback –> arkit.rev.zone
# cd /var/named/chroot/var/named
# cp named.localhost arkit.for.zone
# cp named.loopback arkit.rev.zone
# vim arkit.for.zone
$TTL 1D
@ IN SOA techtutorial.arkit.com. root.techtutorial.arkit.com. (

0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
;DNS Server Name Records
@ IN NS techtutorial.arkit.com.
@ IN NS slave.arkit.com.
;Name Servers Host name to IP

@ IN A 192.168.4.128
@ IN A 192.168.4.129
;Hosts in this domain records

@ IN A 192.168.4.128
@ IN A 192.168.4.129
techtutorial IN A 192.168.4.128
slave IN A 192.168.4.129
As shown in above configuration server.techtutorial.arkit.com. – DNS Server

Name and domain name
add NS record as DNS Server name and domain name (do not forgot to add (dot)
yet end)
First A record will be your domain name and DNS server IP address
[root@Techtutorial named]# vim arkit.rev.zone
$TTL 1D
@ IN SOA techarkit.arkit.com root.techarkit.arkit.com. (

0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
;Name Servers
@ IN NS techarkit.arkit.com.
@ IN NS slave.arkit.com.
@ IN PTR arkit.com.
;Name Servers Hostname to IP Address
@ IN A 192.168.4.128
@ IN A 192.168.4.129
;Domain records
128 PTR techarkit.arkit.com.
129 PTR slave.arkit.com.
Note: Even do not miss single (dot) which will not start your named service
Master DNS configuration Linux Step by

Step Guide
i have shown single host record as a example if you want to add more records add
them
Now change the ownership of created files to named group
# chown root:named arkit.for.zone
# chown root:named arkit.rev.zone
Add firewall rule to communicate DNS port out
# firewall-cmd --permanent --add-service=dns
Now restart your named service.
# systemctl restart named.service
# systemctl status named.service
Now go to client side and add DNS server IP to /etc/resolve.conf
[root@Techtutorial named]# vim /etc/resolve.conf
search arkit.com
domain arkit.com
verify master dns server
# nslookup arkit.com
#dig arkit.com
#host 192.168.4.128
#dig -x 192.168.4.128
That’s about installing and configuring the master DNS server
web server installation and

configuration step by step guide
Apache web server installation and configuration step by step guide in RHEL7 and
Centos 7. web server is used to host websites using httpd service.
Why Apache name chosen for this

software?
This software is chosen a name called APACHE because its firstly group of
patches included and used as a software to run we server from native American
nations group. Native American people called as Apache men. As shown in figure
below he is an Apache men from native American group of people.
Now if you observe carefully above picture he is wearing an CAP with below
shown picture that’s where Apache name is confirmed for this software
Prerequisites
1. Create DNS entry to resolve you web server name
2. Web browser to access the web server
Server profile
 Package Name: httpd*
 Daemon Name: httpd
 Config File: /etc/httpd/conf/httpd.conf, /etc/httpd/conf.d/ANYNAME.conf
 Port Numbers: 80 (HTTP) and 443 (HTTPS)
Web server installation process

# yum install httpd*
required to install httpd and its dependencies
Enable and Start the Service

# systemctl enable httpd.service
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-
user.target.wants/httpd.service'
# systemctl start httpd.service
# systemctl status httpd.service
 service enable – which means whenever you restart server, service should
automatically enable
 service start – Normally starting service
As per the above commands web server is installed and started
Allow firewall ports to communicate with

clients
# firewall-cmd --permanent --add-service=https
success
success
web server ports are 80 and 143 default for HTTP and HTTPS
in RHEL 7 and Centos 7 version instead of port numbers we can directly mention
the service which will automatically take its related default port
if you would like to mention the port use below commands
# firewall-cmd --permanent --add-port=443/tcp
success
success
Configuring the web server

create a file with any name extension should be .conf under /etc/httpd/conf.d/*.conf
in this case I am going to use main.conf is the configuration file
# cat /etc/httpd/conf.d/main.conf
<VirtualHost *:80>
ServerAdmin root@arkit.co.in
ServerName server1.arkit.co.in
DocumentRoot /var/www/html/
</VirtualHost>
<Directory "/var/www/html/">
AllowOverride none
Require all granted
</Directory>
# vim /etc/httpd/conf.d/main.conf
# systemctl restart httpd.service
Check configuration if you run with any

problems
# apachectl configtest
Syntax OK
Create HTML file for test

Go to path /var/www/html/ and create index.html file and write some HTML code
or some text test your website
# cat /var/www/html/index.html
Web Server Test File
Client side
Web server testing, as you created above test file with some text in it. Now go to
client machine and type server IP / Name to test your web server is working or not
That’s it about Apache / HTTP service installation and configuration.
Web server installation and

configuration
Securing Web Server by adding SSL certificate
Creating Secret Website Installation and configuration Guide
Secure web Server using SSL

certification in RHEL 7
Installing and configuring Secure web Server in RHEL 7. SSL Certificates are
small data files that digitally bind a cryptographic key to an organization’s details.
When we installed an web server with SSL (Secure Socket Later) certificate it
shows an padlock in starting of the address bar and HTTPS protocol. As shown in
the below figure.
For an standard SSL it will not show an PadLock but it will show an https protocol.
How SSL certificate provides more

security to website
1. A browser attempts to connect a web site secured with SSL. The browser
requests that the we server identify itself.
2. There are two types of keys will be placed in server one is public key,
Second one is private key. Public key of copy will be installed with the
browser installation itself because most of CA (Certification authorities) will
be listed in web browsers. When client request for an web page request first
reach to DNS server it will verify the IP address details then transfer the
request to Web server web server will send an SSL certificate (Public key
token) client launches with HTTPS website.
3. Now server and client data will be encrypted with 2048 bit

If you would like to see an listed Certificate authorities in Google chrome
Settings → Show Advanced Settings → HTTPS/SSL → Manage
Certificates (Screenshot is shown below)
Above listed certificates are pre-
loaded when you install an browser
Now Let’s Go back our real installation and configuration of Secure web server
using SSL certification in RHEL 7
First install an http packages
# yum install http*
# systemctl enable httpd.service
# systemctl start httpd.service
Now create an sample html file in default web location /var/www/html/ directory
# vim /var/www/html/index.html
<h1>Secure Site</h1>
</h2> Secure Site is Opened </h2>
:wq (Save & Exit)
Permit Firewall to connect web server

from client
# firewall-cmd --permanent --add-service=https
In RHEL 7 we can mention directly the service name which will automatically
enables the appropriate port number in the backend
This is purely demo purpose only (Generating an SSL Certificate)
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout

/etc/pki/tls/private/apache.key -out /etc/pki/tls/certs/apache.crt
Generating a 2048 bit RSA private key
Country Name (2 letter code) [XX]:IN

State or Province Name (full name) []:Telangana
Locality Name (eg, city) [Default City]:Hyderabad
Organization Name (eg, company) [Default Company Ltd]:ArkIT
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:TechTutorial.arkit.com
Email Address []:
After you enter the request, you will be taken to a prompt where you can enter
information about your website. Before we go over that, let’s take a look at what is
happening in the command we are issuing:
 openssl: This is the basic command line tool for creating and managing
OpenSSL certificates, keys, and other files.
 req -x509: This specifies that we want to use X.509 certificate signing
request (CSR) management. The “X.509” is a public key infrastructure
standard that SSL and TLS adhere to for key and certificate management.
 -nodes: This tells OpenSSL to skip the option to secure our certificate with a
passphrase. We need Apache to be able to read the file, without user
intervention, when the server starts up. A passphrase would prevent this from
happening, since we would have to enter it after every restart.
 -days 365: This option sets the length of time that the certificate will be
considered valid. We set it for one year here.
 -newkey rsa:2048: This specifies that we want to generate a new certificate
and a new key at the same time. We did not create the key that is required to
sign the certificate in a previous step, so we need to create it along with the
certificate. The rsa:2048 portion tells it to make an RSA key that is 2048 bits
long.
 -keyout: This line tells OpenSSL where to place the generated private key
file that we are creating.
 -out: This tells OpenSSL where to place the certificate that we are creating.
Fill out the prompts appropriately. The most important line is the one that requests
the Common Name. You need to enter the domain name that you want to be
associated with your server. You can enter the public IP address instead if you do
not have a domain name.
Secure web Server using SSL

certification in RHEL 7
Ensure that file are generate and kept under the below directory path
/etc/pki/tls/certs/
Now Copy the ssl.conf file from /etc/httpd/conf.d/ssl.conf to any temp location
(Example /tmp) then edit the file.
# cp /etc/httpd/conf.d/ssl.conf /opt/
in Default ssl.conf file delete lines from 1 to 69 until ‘SSLEngine on‘ Key word
appears
below is the final configuration file for configuring the SSL certificate
# vim /etc/httpd/conf.d/arkit.conf
<VirtualHost *:443>
ServerAdmin root@localhost
ServerName TechTutorial.arkit.com
DocumentRoot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs/arkit.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/arkit.com.key
SSLCertificateChainFile /etc/pki/tls/certs/arkit.com.csr
</VirtualHost>
:wq (Save & Exit)
Restart the web service (http.service) to reflect the changes
Client Side
Browse the website which should load with https://arkit.co.in
That’s it. you successfully configure secure web server with SSL certificate in
RHEL 7 / Centos 7
Please do provide your valuable feedback on the same
SEO Keywords: secure web Server, What is Web Server, Web Server Installation
and configuration, HTTP Service Enable.
Related Articles
Install and Configure HTTPD
Install and Configure NTP server and

client in RHEL 7
NTP stands for Network Time Protocol. NTP is an Internet protocol used
to synchronise the clocks of computers to some time reference. Network
time protocol plays an major role in various situations its very important
and crucial below are few advantages of NTP. In this article we are going to
see How to install and configure NTP server and Client in RHEL 7 / Centos
7.
1. Event Logging required NTP to synchronise because each and every
log will be logged based on time stamp
2. Cluster Heart beat always depends on NTP (If other node in cluster is
not sent and heart beat within the given seconds node will switched
over)
3. Execute an cronjobs on time (defined time) crontab schedules works
in time
4. NTP uses UTC for real time synchronisation
NTP Server profile
Packages : ntp*
Port Number : 123
Daemon Name : NTPD
Install and Configure NTP server and

client in RHEL 7
Install the NTP packeges using yum command – Server side configuration
[root@TechTutorials ~]# yum install -y ntp*
Allow NTP protocol to communicate with clients
[root@TechTutorials ~]# firewall-cmd --permanent --add-service=ntp
Success
[root@TechTutorials ~]# firewall-cmd --reload
Success
OR
[root@TechTutorials ~]# firewall-cmd --permanent --add-port=123/tcp
Success
[root@TechTutorials ~]# firewall-cmd --reload
Success
start and enable NTP service
[root@TechTutorials ~]# systemctl enable ntpd.service

ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-
user.target.wants/ntpd.service'
[root@TechTutorials ~]# systemctl start ntpd.service
[root@TechTutorials ~]# systemctl status ntpd.service
ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled)
Active: active (running) since Mon 2016-06-13 12:39:14 IST; 5s ago
Process: 3738 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited,
status=0/SUCCESS)
Main PID: 3740 (ntpd)
CGroup: /system.slice/ntpd.service
└─3740 /usr/sbin/ntpd -u ntp:ntp -g
edit main configuration file and make changes as required to configure NTP
[root@TechTutorials ~]# vim /etc/ntp.conf
# Default Line number 8
restrict default kod nomodify notrap noquery nopeer -->>> allows other clients
to query time server
restrict -6 default kod nomodify notrap noquery nopeer --->> allows forces DNS
resolution to IPV6 address resolution
:wq
noquary – dumping status data from ntpd

nopeer – all packets attempts to start a peer association
notrap – control message trap service
kod – packet is sent to reduce unwanted queries
nomodify – all ntpq queries that attempts to modification the server
Allow Only Specific Clients
To only allow systems on own network to synchronise with NTP server,
add the following lines to /etc/ntp.conf file for restrict
restrict 192.168.4.120 mask 255.255.255.0 nomodify notrap
for localhost needs to have the full access to query or modify
restrict 127.0.0.1
add local time as backup

add the local clock to main configuration file in ntp.conf
server <ip address> # local clock
fudge 127.127.1.0 stratum 10

Stratum is used to synchronise the time with the server based on distance.
Stratum-0 is a device which can’t be used in the network which is directly
connected to NTP server. Stratum-1 will synchronise the time using GPS
transmission, CDMA technology assume to be accurate or no delay
associated with it. Local time update in NTP server we can make use of
Stratum-0 and Stratum-1.
stratum-0 devices are used as reference clock
stratum-1 as a primary network time standard
define ntp to generate logs which are very useful in troubleshooting

methods
set the log file and the drift file location in main configuration file ntp.conf.
Edit main configuration file /etc/nfp.conf and add below entries
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
[root@TechTutorials ~]# systemctl restart ntpd
NTP Client side Configuration

configuring NTP client to synchronize with NTP server. To enable time
synchronisation between server and client we can make use of GUI
interface as well as CLI interface.
Adding NTP client settings
[root@TechTutorials ~]# yum install system-config-date
[root@TechTutorials ~]# system-config-date
When you type “system-config-date” above popup will open. As

shown above please select “Synchronise Date and Time over
Network”
If NTP servers exists delete them and add your NTP server by clicking
on “Add” button. Select “speed up initial
synchronisation” then Click OK.
That’s from GUI interface your system is now NTP client.

From CLI mode
[root@TechTutorials ~]# vim /etc/chrony.conf

## Go to last line (SHIFT+G)and add below strings
server 0.rhel.pool.ntp.org iburst
server 192.168.4.120 prefer
:wq
prefer: it specified that server is preferred over other servers.

now start the ntpd service
[root@TechTutorials ~]# systemctl start ntpd
now check the ntp status
[root@TechTutorials ~]# ntpq -p
set local time and date
[root@TechTutorials ~]# ntpdate -u 192.168.4.120
That’s about install and configure NTP server and client in RHEL 7
insert, update, delete, create mariadb
databases records
BY ARK · SEPTEMBER 11, 2016
As we see installation and configuration of mariadb server which is the new
replacement for MySql Server. After installation we have to create database,
Create users, grant permissions to users, Insert, update, delete, create mariadb
databases records. Create tables and insert, update and delete data.
How to Connect to Mariadb Server from

CLI
[root@TechTutorials ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 5.5.41-MariaDB MariaDB Server
Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
To connect mariadb server, we have to use mysql command only. Mariadb will use
same features as like MySql.
How to check existing list of databases

in mariadb
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| contacts |
| mysql |
| performance_schema |
+--------------------+
4 rows in set (0.03 sec)
To type commands in mariaDB always we have to use ; (semicolon) after every

command to close the command. If we not use ;(semicolon) in command,
command will not work.
MariaDB [(none)]> create database emploees;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| contacts |
| emploees |
| employees |
| mysql |
| performance_schema |
+--------------------+
above command is used to create database
Check and Create Tables in Database

connect <DATABASE NAME>; to use existing database. We can also use use
<DATABASE NAME>; .
MariaDB [(none)]> connect emploees;
Connection id: 3
Current database: emploees
MariaDB [emploees]> use emploees;
Database changed
create table with specified column names and list the tables. int (integer
values) only number 0-9 are allowed. varchar (alpha and number
allowed) a-z, 0-9.
MariaDB [emploees]> show tables;
Empty set (0.00 sec)
MariaDB [emploees]> create table employee (id int(10), name varchar(50), empid
varchar(20), number int(10), mail_id varchar(10));
Query OK, 0 rows affected (0.00 sec)

MariaDB [emploees]> show tables;
+--------------------+
| Tables_in_emploees |
+--------------------+
| employee |
+--------------------+
1 row in set (0.00 sec)
To list the columns of the table we have to use below command, describe

<TABLE NAME>; will list the column names
MariaDB [emploees]> describe employee;
+---------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+---------+-------------+------+-----+---------+-------+
| id | int(10) | YES | | NULL | |
| name | varchar(50) | YES | | NULL | |
| empid | varchar(20) | YES | | NULL | |

| number | int(10) | YES | | NULL | |
| mail_id | varchar(10) | YES | | NULL | |
+---------+-------------+------+-----+---------+-------+
How to Insert data into the table

inserting the data into the tables using below command, Insert the values
id=1, name=Ravi, empid=1234, number=9700056884,
mail_id=admin@arkit.co.in
MariaDB [emploees]> insert into employee values("1", "Ravi", "1234", 9700056884,

"admin@arkit.co.in");
Query OK, 1 row affected, 2 warnings (0.00 sec)
MariaDB [emploees]> select * from employee;
+------+------+-------+------------+------------+
| id | name | empid | number | mail_id |
+------+------+-------+------------+------------+
| 1 | Ravi | 1234 | 2147483647 | admin@arki |
+------+------+-------+------------+------------+
How to Update existing values using

update sql statement
Now example is update the employee id from 1234 to 9780, Here we take an base
as id column because if we have empid value as 1234 for any other employee
that value will also change if you run update statement without taking base value,
to avoid changing other records we set base as id column.
MariaDB [emploees]> update employee set empid = 9780 where id='1';
Rows matched: 1 Changed: 1 Warnings: 0
+------+------+-------+------------+------------+
+------+------+-------+------------+------------+
| 1 | Ravi | 9780 | 2147483647 | admin@arki |
+------+------+-------+------------+------------+

Delete record from table
To delete one record from table we use below sql statement
+------+-------+-------+------------+------------+
+------+-------+-------+------------+------------+
| 1 | Ravi | 9780 | 2147483647 | admin@arki |
| 2 | Kumar | 1434 | 2147483647 | admin1@ark |
+------+-------+-------+------------+------------+
MariaDB [emploees]> delete from employee where id='1';
+------+-------+-------+------------+------------+

+------+-------+-------+------------+------------+
| 2 | Kumar | 1434 | 2147483647 | admin1@ark |
+------+-------+-------+------------+------------+
insert, update, delete, create mariadb

databases records
How to Create user and grant permissions to database
create user name as “ravi” and grant permissions to “employee”
MariaDB [emploees]> create user ravi@'%' Identified by 'password';
above command is used to create a user in mariadb username=ravi

MariaDB [emploees]> grant select,update,delete,insert on employee.* to
ravi@’%’;
Granting the permissions (select, update, delete, insert) to user ravi on table
employee.
MariaDB [emploees]> SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'ravi');
+------------------------------------------------------+
| EXISTS(SELECT 1 FROM mysql.user WHERE user = 'ravi') |
+------------------------------------------------------+
| 1 |
+------------------------------------------------------+
Above command is used to check whether user is exists or not

That’s it about insert, update, delete, create mariadb databases records post insert,
update, delete, create mariadb databases records
Related Articles
10 reasons to migrate databases from MySql to Mariadb
Installation and configuration of MariaDB
iSCSI Server installation Providing

Remote block storage
BY ARK · OCTOBER 23, 2016
iSCSI Server installation and configuration RHEL7 Providing Remote Block
Storage
iSCSI means Internet Small SCSI System Interface, We will use iSCSI
connectivity because it is cost effective compare to FC connection. Fibre
Connection required separate Hardware such as like FC switch (SAN Switch) FC
switch is more cost compare to normal network switch. To provide iSCSI based
storage we do not required any extra environment because we can make use of
existing Network switches. Let’s see how this technology is going to work for us
iscsi server installation and configuration RHEL 7 providing remote block storage.
We have different types of storage’s such as
1. DAS – Directly attache storage
2. NAS – Network Attached Storage
3. SAN – Storage Area Network
iSCSI protocol comes under SAN (Storage Area Network) To allocate remote
block storage to clients below are the steps we have to follow
1. Create one Partition
2. Create LVM using that partition (Don’t format)
3. Install iSCSI Utilities if not available
4. Create LUN and Map to iSCSI client
5. iSCSI server = Target. iSCSI Client = Initiator.
Let’s see below is the process of creating and mapping the iSCSI LUN from iSCSI
server to Client.
Environment
Server IP =192.168.4.27
Client IP = 192.168.4.13
By Installing and configuring this iSCSI Server, We are Turing Linux box as SAN.
Creating Partition
Here i have new HDD called /dev/sdb 10GB with no partitions
[root@iSCSIServer ~]# fdisk -l /dev/sdb
Disk /dev/sdb: 10.7 GB, 10737418240 bytes, 20971520 sectors

Disk identifier: 0xea9e3f19
Standard partition creation and converting standard to LVM
[root@iSCSIServer ~]# fdisk /dev/sdb

Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): ↵

Using default response p
Partition number (1-4, default 1): ↵

First sector (2048-20971519, default 2048): ↵
Last sector, +sectors or +size{K,M,G} (2048-20971519, default 20971519): +2G
Partition 1 of type Linux and of size 2 GiB is set


/dev/sdb1 2048 4196351 2097152 83 Linux

Selected partition 1


/dev/sdb1 2048 4196351 2097152 8e Linux LVM


Syncing disks.
Update to Kernel when we create new partition, partition table should be up-to date
other wise partition will not be listed, use below command to update
[root@iSCSIServer ~]# partprobe /dev/sdb
Creating Physical Volume, Volume Group and Logical Volume
[root@iSCSIServer ~]# pvcreate /dev/sdb1

Physical volume "/dev/sdb1" successfully created
[root@iSCSIServer ~]# vgcreate VG0 /dev/sdb1

Volume group "VG0" successfully created
[root@iSCSIServer ~]# vgs
VG #PV #LV #SN Attr VSize VFree
VG0 1 0 0 wz--n- 2.00g 2.00g
rhel 1 2 0 wz--n- 39.51g 44.00m
[root@iSCSIServer ~]# lvcreate -l 100%FREE -n iscsilv VG0

WARNING: ext4 signature detected on /dev/VG0/iscsilv at offset 1080. Wipe it?
[y/n]: y
Wiping ext4 signature on /dev/VG0/iscsilv.
Logical volume "iscsilv" created.
iSCSI Server Installation Providing

Remote block storage
As per above output we just created Logical Volume but we did no formatted,
Means we did not created any file system in it.
[root@iSCSIServer ~]# yum install targetcli*
Installed:
targetcli.noarch 0:2.1.fb37-3.el7
pyparsing.noarch 0:1.5.6-9.el7 python-configshell.noarch 1:1.1.fb14-1.el7 python-

kmod.x86_64 0:0.9-4.el7 python-rtslib.noarch 0:2.1.fb50-1.el7 python-urwid.x86_64
0:1.1.1-3.el7
Complete!
Targetcli is the command to enter into iscsi console
targetcli command
Create Storage Object and Create IQN (iSCSI Qualified Name) to map LUN. This
IQN we should take from iSCSI client machine, either we can create our own.
/> /backstores/block create LUN /dev/VG0/iscsilv
/> /iscsi create iqn.2017-03.com.arkit:iSCSIClient1
Creating Storage Object

Go to iSCSI Client Side
Client side we have to install iscsi utilities to connect iscsi server.
Install iscsi-initiator-utils-iscsiuio-6.2.0.873-
29.el7.x86_64 rpm in iSCSI client
[root@iSCSIClient ~]# yum install iscsi*
Get IQN number from Client machine and add to server for mapping disk from
server.
[root@iSCSIClient ~]# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.1994-05.com.redhat:ba1abe3b1a4
Enable and Start iscsid service
[root@iSCSIClient ~]# systemctl enable iscsid.service
ln -s '/usr/lib/systemd/system/iscsid.service' '/etc/systemd/system/multi-
user.target.wants/iscsid.service'
[root@iSCSIClient ~]# systemctl start iscsid.service
[root@iSCSIClient ~]# systemctl status iscsid.service
iscsid.service - Open-iSCSI
Loaded: loaded (/usr/lib/systemd/system/iscsid.service; enabled)
Active: active (running) since Sun 2016-10-23 19:19:49 IST; 11s ago
Docs: man:iscsid(8)
man:iscsiadm(8)
Process: 4144 ExecStart=/usr/sbin/iscsid (code=exited, status=0/SUCCESS)
Main PID: 4146 (iscsid)
CGroup: /system.slice/iscsid.service
├─4145 /usr/sbin/iscsid
└─4146 /usr/sbin/iscsid
Oct 23 19:19:49 iSCSIClient iscsid[4145]: iSCSI daemon with pid=4146 started!

Oct 23 19:19:49 iSCSIClient systemd[1]: Started Open-iSCSI.
Come Back to iSCSI Server side

Now add client IQN in server so that we can map LUN
/> /iscsi create iqn.1994-05.com.redhat:ba1abe3b1a4
Created target iqn.1994-05.com.redhat:ba1abe3b1a4.

Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/> /iscsi/iqn.1994-05.com.redhat:ba1abe3b1a4/tpg1/acls create iqn.1994-
05.com.redhat:ba1abe3b1a4
Created Node ACL for iqn.1994-05.com.redhat:ba1abe3b1a4
Create New LUN using existing LVM and map to client
/> /iscsi/iqn.1994-05.com.redhat:ba1abe3b1a4/tpg1/luns create

/backstores/block/LUN
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.1994-05.com.redhat:ba1abe3b1a4

Portal Creation in Server to map
/> /iscsi/iqn.1994-05.com.redhat:ba1abe3b1a4/tpg1/portals create 192.168.4.14
Using default IP port 3260
Could not create NetworkPortal in configFS.
If your able to see above error while creating portal then do delete default port
0.0.0.0 then create new
/> /iscsi/iqn.2017-03.com.arkit:iscsiclient1/tpg1/portals delete 0.0.0.0

ip_port=3260
Deleted network portal 0.0.0.0:3260

/> /iscsi/iqn.1994-05.com.redhat:ba1abe3b1a4/tpg1/portals create 192.168.4.14
Using default IP port 3260
Created network portal 192.168.4.14:3260.
Save the configuration
/> saveconfig
Last 10 configs saved in /etc/target/backup.

Configuration saved to /etc/target/saveconfig.json
Exit from the Console
/> exit
Global pref auto_save_on_exit=true

Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json
Allow Firewall Port to communicate with
iSCSI Client
3260 iscsi default port
[root@iSCSIServer ~]# firewall-cmd --permanent --add-port=3260/tcp
success
[root@iSCSIServer ~]# firewall-cmd --permanent --add-port=3260/udp
success
[root@iSCSIServer ~]# firewall-cmd --reload
success
Client Side to connect iSCSI LUN

[root@desktop4 ~]# iscsiadm -m discovery -t st -p 192.168.4.27
192.168.4.27:3260,1 iqn.1994-05.com.redhat:ba1abe3b1a4
[root@desktop4 ~]# iscsiadm -m node -T iqn.1994-05.com.redhat:ba1abe3b1a4 -p

192.168.4.27 -l
Logging in to [iface: default, target: iqn.1994-05.com.redhat:ba1abe3b1a4, portal:

192.168.4.27,3260] (multiple)
Login to [iface: default, target: iqn.1994-05.com.redhat:ba1abe3b1a4, portal:
192.168.4.27,3260] successful.
After successful mapping of LUN now you can create file system on LUN, To
Create file system repeat Step 1 (Creating Partition)
[root@iSCSIClient ~]# partprobe /dev/sda
[root@iSCSIClient ~]# mkfs.ext4 /dev/sda1
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
First data block=0
40 block groups
32768, 98304, 163840, 229376, 294912, 819200, 884736
[root@iSCSIClient ~]# mkdir /ravi
[root@iSCSIClient ~]# vim /etc/fstab
[root@iSCSIClient ~]# cat /etc/fstab |grep sda
/dev/sda1 /ravi ext4 _netdev 0 0
[root@iSCSIClient ~]# mount -a

[root@iSCSIClient ~]# df -h |grep ravi
/dev/sda1 2.0G 20M 2.0G 1% /ravi
Enjoy…………….
Related Articles
Could Not Create Networkportal iscsi
What is LVM and How to Create LVM
Creating Swap File System
RHEL7 how to configure NIC

Teaming as Active Backup (Failover)
BY ARK · PUBLISHED MARCH 18, 2016 · UPDATED MAY 29, 2017
The Linux NIC teaming driver provides a method for aggregating multiple network
interfaces into a single “Team” interface. The behavior of the team interfaces
depends upon the runner configuration. Generally teaming supports below
methods.
NIC Teaming will support

1. Round robin NIC Teaming
2. Load balancing NIC Teaming
3. Fail-over NIC Teaming
4. Broadcast NIC Teaming
Naming convention of Red Hat Enterprise Linux as, On board LAN card naming
em0, em1…..etc. Additional LAN card naming if it is a 4 port NIC card p1p1,
p1p2, p1p3 and p1p4 (p1 = Slot1 p1-4=Port)
The key reasons why you might want to use teaming rather than bonding are
 Teaming has a small kernel module which implements fast handling of
packets flowing through your teamed interfaces
 support for IPv6 (NS/NA) link monitoring
 Capable of working with D-Bus and Unix Domain Sockets (the default)
 It provides an extensible and scale-able solution for your teaming
requirements
 load balancing for LACP support
 It makes use of NetworkManager and its associates tools (the modern way)
to manage your network connections
This article will provide a guide to configure NIC teaming in RHEL7.
NIC Teaming as Active Backup will provide you redundancy in case of any one of
NIC is failed still end user can access services from server. We also call it has Fail-
Over mechanism.
Required two NIC cards to configure NIC teaming.

Devices status as mentioned below
[root@Techtutorial ~]# nmcli connection show
[root@Techtutorial ~]# nmcli device status
ens33 ethernet disconnected --
ens36 ethernet disconnected --6

Creating teaming virtual interface
First we will create an master virtual teaming interface the we have to add other
NIC cards as a slaves to teaming master. nmcli is the utility we have to use.
[root@Techtutorial ~]# nmcli connection add type team con-name team0 ifname team0
config '{"runner": {"name": "activebackup"}}'
Connection 'team0' (28a9e70b-8a8f-4354-a4ec-5cfac6577589) successfully added.

team0 28a9e70b-8a8f-4354-a4ec-5cfac6577589 team team0
Provide IP address to team0 virtual

interface
Now we have to configure an IP address, Gateway and DNS to team0 interface to
communicate and add slave interface to team0
[root@Techtutorial ~]# nmcli connection modify team0 ipv4.addresses

192.168.4.50/24 ipv4.gateway 192.168.4.2 ipv4.dns 8.8.8.8 connection.autoconnect
yes ipv4.method manual
Add slave interfaces to Master team

interface
[root@Techtutorial ~]# nmcli connection add type team-slave con-name team0-port1
ifname ens33 master team0
Connection 'team0-port1' (8ca9c28b-bbbc-458f-94fa-56b2f607864f) successfully
added.
[root@Techtutorial ~]# nmcli connection add type team-slave con-name team0-port2 ifname ens36 master
team0
Connection 'team0-port2' (6e57d69e-44d3-4d12-8e6d-dc6e70189800) successfully added
team0 master interface is created and added slave interfaces to master.
Verifying Master and Slave interfaces

team0-port2 6e57d69e-44d3-4d12-8e6d-dc6e70189800 802-3-ethernet ens36
team0-port1 8ca9c28b-bbbc-458f-94fa-56b2f607864f 802-3-ethernet ens33
team0 28a9e70b-8a8f-4354-a4ec-5cfac6577589 team team0
[root@Techtutorial ~]# nmcli device status

ens33 ethernet connected team0-port1
ens36 ethernet connected team0-port2
team0 team connected team0
Activate teaming interface

[root@Techtutorial ~]# nmcli connection down team0
Connection 'team0' successfully deactivated (D-Bus active path:

/org/freedesktop/NetworkManager/ActiveConnection/0)
[root@Techtutorial ~]# nmcli connection up team0
Connection successfully activated (D-Bus active path:
/org/freedesktop/NetworkManager/ActiveConnection/4)
Check functionality of Active-Backup

Teaming
We can check active and backup teaming functionality using below command.
NIC Teaming
[root@Techtutorial ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
ens33
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
ens36
link watches:
link summary: up
name: ethtool
link: up
runner:
active port: ens33
as shown above active port is ens33. Now bring down the ens33 and see
[root@Techtutorial ~]# nmcli device disconnect ens33
Device 'ens33' successfully disconnected.
[root@Techtutorial ~]# teamdctl team0 state

setup:
runner: activebackup
ports:
ens36
link watches:
link summary: up
name: ethtool
link: up
runner:
active port: ens36
as soon as we disconnect / bring down one NIC card other backup NIC will
activate automatically with in Milli seconds.
That’s it..!! NIC Teaming with active backup runner configured and working.
Please provide your review on the same.
Related Articles
tmpwatch Command Linux
Recover Deleted Files RHEL 6
Linux Interview Questions and Answers
RHCSA certification complete road

map follow get certified
RHCSA = Red hat certified System Administrator Certification which is added
advantage for the job seekers. Earning RHCSA certification may not give you job
but definitely you will get more priority in candidate selection. Read this RHCSA
certification complete road map, which will guide you to earn certificate. This
complete course will use Red Hat Enterprise Linux 7 Version.
What are the books you have to refer
 Book EX200
 Official Book content Red Hat system Administrator I RH124
 Official Book content Red Hat System Administrator II RH134
RHCSA Certification Complete Course

Content
1. Introduction to RHEL 7
2. Managing Files & Directories
3. Basic Commands
4. Getting Help Using CLI Interface & Man Pages
5. Editing, Viewing and Managing of Text files
6. User Administration Creating, Deleting and Managing users
7. Controlling Services Using systemctl command
8. Process Management
9. Installing and configuring SSH service
10. Analyse and storing logs
11. Syslog Server
12. Compressing and archiving files and directories
13. Copying Files and Directories to remote servers securely
14. Yellow Dog Update Module (YUM Client)
15. Red Hat Package Manager (RPM)
16. Search files and Directories using find and locate commands
17. Files Links Soft and Hard
18. Managing Of physical storage ( Creating and removing partitions )
19. Logical Volume Manager
20. Access Control List (ACL)
21. Understanding Process priority
22. Scheduling cronjobs and at jobs
23. SELinux
24. Swap File System
25. Network File System (NFS) installation and configuration
26. Managing Firewall Rules
27. Securing the NFS shares using kerberos
28. LDAP Client configuration
29. Setting up LDAP user Home directory
30. NTP Server and Client installation and configuration
31. Recovering forgot root user password
32. Samba Server installation and configuration
33. RHEL 7 Installation and configuration

How RHCSA Exam process will be

 Completely practical exam you have install and configure our own
 Exam time duration 2.5 Hours
 Total Marks 300
 Pass Marks 210
 You have to do 20 Questions in exam to get 300 marks
 Exam results will sent to your Email Address within 3 US working days
Certification Fee Details
16500/- Rupees in India for single paper RHCSA (These Certification fee vary as
per the Red Hat quarter performance)
In US dollars $200 – $300
Do’s & Don’t while writing Exam
 Don’t look into neighbour system (He / She may have different question
than you)
 Do remember to complete the exam before ten minutes
 Do reboot system after completion of exam and re-verify
 Do remember to enable services because after restart service should start
while booting Linux machine
 Don’t carry any document. If examiner find such a document you will be
terminated for 5 years from writing red hat exams
 Examiner will give white paper to write something related to examination.
Do remember to give it back
 Do ask examiner about any question clarification
 Do read all questions clearly before executing
 Don’t be in hurry
What is the environment required to do practice
RHCSA certification complete
 4 GB RAM
 Minimum Dual Core processor
 250GB HDD
 Client Machine & Server Machine is Required
Conclusion
If your an experienced Linux Administrator you can simply complete this RHCSA
exam without taking an official training.

Don’t Miss: VMWare Workstation 12 Installation Step by Step Guide

Don’t Miss: Build Your Own Linux Lab


Rhcsa Linux

Uploaded by

Copyright:

Available Formats

Rhcsa Linux

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Rhcsa Linux

Uploaded by

Copyright:

Available Formats

What are the main topics covered in the Linux tutorial?

What are the main topics covered in the Linux tutorial?

What are the requirements to practice for the RHCSA certification?

What are the requirements to practice for the RHCSA certification?

LINUX

One Linux Tutorial Illiterate Become

One Linux Tutorial

Continue One Linux Tutorial

Introduction to Linux Operating

Introduction to Linux Operating

ls command with 25 practical

ls command with 25 practical

1. Listing current directory content

a anaconda-ks.cfg arkitsample.txt ARKIT.txt b c dir1 dir2 initial-setup-

2. Listing including hidden files

. anaconda-ks.cfg b .bash_profile .cache .dbus initial-setup-

.. arkitsample.txt .bash_history .bashrc .config dir1

a ARKIT.txt .bash_logout c .cshrc dir2 .tcshrc

3. Long list ( it display detailed info)

-rw-r--r--. 1 root root 0 Jan 11 15:47 a

-rw-------. 1 root ravi 1765 Jan 8 22:47 anaconda-ks.cfg

-rw-r--r--. 1 root root 2 Jan 10 17:45 arkitsample.txt

-rw-r--r--. 1 root root 3 Jan 10 17:45 ARKIT.txt

-rw-r--r--. 1 root root 0 Jan 11 15:47 b

-rw-r--r--. 1 root root 0 Jan 11 15:47 c

drwxr-xr-x. 2 root root 6 Jan 10 17:05 dir2

-rw-r--r--. 1 root ravi 1813 Jan 8 23:05 initial-setup-ks.cfg

-rw-r--r--. 1 root root 5362 Jan 10 17:44 techtutorial

4. List files & directories separated by

a, anaconda-ks.cfg, arkitsample.txt, ARKIT.txt, b, c, dir1, dir2, initial-setup-

5. List remote directory files & directories

[root@TechTutorial ~]# ls --color=always

[root@TechTutorial ~]# ls --color=never

a anaconda-ks.cfg arkitsample.txt ARKIT.txt b c dir1 dir2 initial-setup-

6. List only directory using option ‘-d’

[root@TechTutorial ~]# ls -d /etc/

7. List files & directories detailed time

[root@TechTutorial ~]# ls -l --time-style=full-iso

-rw-------. 1 root ravi 1765 2016-01-08 22:47:13.626999586 +0530 anaconda-ks.cfg

-rw-r--r--. 1 root root 2 2016-01-10 17:45:26.794985205 +0530 arkitsample.txt

-rw-r--r--. 1 root root 3 2016-01-10 17:45:34.069985006 +0530 ARKIT.txt

-rw-r--r--. 1 root root 0 2016-01-11 15:47:47.043849437 +0530 b

-rw-r--r--. 1 root root 0 2016-01-11 15:47:47.043849437 +0530 c

drwxr-xr-x. 3 root root 29 2016-01-10 17:20:06.963026703 +0530 dir1

drwxr-xr-x. 2 root root 6 2016-01-10 17:05:21.261050887 +0530 dir2

-rw-r--r--. 1 root ravi 1813 2016-01-08 23:05:38.464011991 +0530 initial-setup-

-rw-r--r--. 1 root root 5362 2016-01-10 17:44:46.245986312 +0530 techtutorial

8. Display files and directories its time

[root@TechTutorial ~]# ls -l --time-style long-iso

-rw-------. 1 root ravi 1765 2016-01-08 22:47 anaconda-ks.cfg

-rw-r--r--. 1 root root 2 2016-01-10 17:45 arkitsample.txt

-rw-r--r--. 1 root root 3 2016-01-10 17:45 ARKIT.txt

-rw-r--r--. 1 root root 0 2016-01-11 15:47 b

-rw-r--r--. 1 root root 0 2016-01-11 15:47 c

drwxr-xr-x. 3 root root 29 2016-01-10 17:20 dir1

drwxr-xr-x. 2 root root 6 2016-01-10 17:05 dir2

-rw-r--r--. 1 root ravi 1813 2016-01-08 23:05 initial-setup-ks.cfg

-rw-r--r--. 1 root root 5362 2016-01-10 17:44 techtutorial

9. List objects its time stamp as “MM-DD