CHAPTER 4. Configuring the Base System
Exam objectives in this chapter
■ User Profiles
■ Device Management
■ Networking
Introduction
This chapter explains how to configure system and user profiles as well as the common environment variables, the management of the various devices and where these as located in the disk structure, and the fundamentals of Linux networking utilizing TCP/IP and how to mange this within Linux.
User management is one of the fundamental tasks that need to be understood for day-to-day management of a Linux system. Ensuring that users have the correct rights and environment setup will assure that their experience in using the system is favorable and that the support overhead is kept to a minimum.
The networking of the computer system, whether via wired or wireless connection, is usually a given necessity in today's world. The computer also typically uses Transmission Control Protocol/Internet Protocol (TCP/IP) as the transport mechanism for the network connections and the different options available to set up this will be discussed. The basics in connecting to name servers (NSs) and Dynamic Host Configuration Protocol (DHCP) servers are also discussed, and the majority of parameters are explained.
User Profiles
Any installation of Linux includes the creation of a number of different user accounts: the superuser, a normal day-to-day user, and a system user. A normal user can add, delete, and modify his or her files and those that have the appropriate attribute set. These users cannot make system-wide changes nor can they manage other users on the system.
A superuser (also referred to as a system administrator) has global privileges and can create and delete users and can change the permissions of files located within the filesystems. There is a special superuser known as root, with a user ID and group ID of 0. This user has full and unrestricted rights to manipulate any file, to traverse to any directory, and to execute any program.
Fast Facts
All users in a system will have a profile which is configurable.
■ Only superusers have the rights to configure other user's profiles.
■ Use export when you set environment variables if they need to be elsewhere in the environment.
■ Use the full path name when you need to run commands that are not located in a directory specified in your path variable.
■ Setting a variable may require additional actions, for example, setting the PRINTER variable also needs printer drivers installed.
A system user is an administrative account that is used by the system itself for the running of various administrative tasks. System users differ from other users on the system in that they do not have a home directory or password; nor can they be accessed via the normal system login prompt.
System and User Profile and Environment Variables
Users on the system are able to customize their profile to suit specific needs and preferences, held in environment variables throughout the system. There are three different shells in bash (Bourne-again shell): login shell, normal shell, and interactive shell. The login shell reads .bash_profile located in the user home directory or /etc directory, and interactive shells read ~/.bashrc. The environment variables are named objects that contain information that can be used by one or more applications.
A summary of the bash (Bourne-again shell) startup files is shown below:
■ /etc/profile: The system-wide startup file and will be executed when a user logs on.
■ /etc/bash.bashrc: This is often linked to /etc/bashrc and is called per interactive shell startup.
Both these files will be protected, and only the superuser (root) will be able to make changes to the file. As the files may be overwritten with a system upgrade, it is not recommended that changes are made to them directly.
Normal users have two similar files that are also called:
■ /home/user/.bash_profile: A personal startup file and is executed when a user logs into a system.
■ /home/usr/.bashrc: The personal interactive shell startup file.
The format for creating and modifying an environment variable within bash (Bourne-again shell) is always in the format:
NAME=value
Crunch Time
The setting of a variable only makes this available in that shell. To move the variable from the shell to the environment, the export command has to be used:
export NAME=value
This allows programs other than the shell to access this variable (for instance, a file editor).
PS1
When a user first logs on, he or she will be greeted by a prompt. The user prompt is defined initially in the file /etc/bash.bashrc as the environment variable PS1 and can display a vast array of data.
Typical variables that are used:
dDate in “Wed Sep 09” format
hFirst part of the host name
uUsername
Time in 24-h format
PS2
The PS2 variable is very similar to the PS1 variable except that it is displayed when the user issues an incomplete command and the system will prompt and wait for the user to complete the command and press Enter again. This default secondary prompt is the > sign and can be changed by altering the PS2 variable.
PATH
The PATH variable is used by commands to locate a specific command or application. When you enter a command, the shell looks in each of the directories specified in the PATH command. The PATH variable contains the list of directories separated by a colon, such as /bin:/usr/bin:/usr/local/bin.
Editor
The EDITOR variable defines the default text editor, for example, ed, vi, vim, and emacs. To set the default editor to be vim, use EDITOR=vim or EDITOR=/usr/ bin/vim.
It is better to use the complete path name (especially in the .bashrc script) to ensure that the variable is defined correctly.
Term
The TERM variable is to set up the type of terminal in use, which can be particularly important when using screen-orientated programs such as a text editor. The variable can also be set using the tset command, which is often used in the login script for users to allow them to choose the type of terminal they are logging in from.
Pager
The PAGER variable controls the output to the screen, such as the man command. This allows the display of the output in a controlled manner. The typical values for PAGER are more and less. Although these are similar, less has additional features (such as scroll backwards with the b key) and hence is the preferable value to use as a default.
Home
The HOME variable is set whenever you login to the system and will be set to /home/username (where username is your login name). This should not be changed as a lot of programs use this to create or find files in your personal home directory. In addition, the shortcut ~ references the HOME variable.
Printer
The PRINTER variable defines the default printer and is mainly used for command-line programs to print. The setting of the variable does not preclude the need to install the printer on the system.
Device Management
The management of devices on a Linux system is of critical importance and is often undertaken using the command line or graphical user interface (GUI) interface. The following section concentrates on command-line programs.
Fast Facts
You can use a number of Linux commands to obtain information about the hardware installed in the system. These commands can display a wealth of information in order to enable you to debug any issues.
■ lsusb displays USB information.
■ lspci displays information on Peripheral Component Interconnect (PCI) devices.
■ lsmod extracts and displays information on loaded modules.
■ /sys contains files related to the kernel.
■ /proc facilitates communications between the kernel and the user processes.
lsusb
lsusb lists all the USB buses on a system and displays information about any devices attached to them. The -v option gives verbose output.
$ lsusb
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 005: ID 0204:6025 Chipsbank Microelectronics Co., Ltd CBM2080 Flash drive controller
Bus 001 Device 003: ID 046d:c517 Logitech, Inc. LX710 Cordless Desktop Laser
Bus 001 Device 002: ID 413c:0058 Dell Computer Corp. Port Replicator
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
lspci
The lspci command displays all the information regarding the PCI buses in the system and all the devices that are attached to it. This command can also be used with the -x option to display the initial 64 bytes of PCI configuration to see what is loaded.
$ lspci -x
00:00.0 Host bridge: Intel Corporation 82855PM Processor to I/O Controller (rev 03)
00: 86 80 40 33 06 01 90 20 03 00 00 06 00 00 00 00
10: 08 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00
20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
30: 00 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00
00:01.0 PCI bridge: Intel Corporation 82855PM Processor to AGP Controller (rev 03)
00: 86 80 41 33 07 01 a0 00 03 00 04 06 00 20 01 00
10: 00 00 00 00 00 00 00 00 00 01 01 20 c0 c0 a0 22
20: 00 fc f0 fd 00 e8 f0 ef 00 00 00 00 00 00 00 00
30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00
Also, the -b command can be used to display the interrupt request line (IRQ) addresses as seen by the individual cards.
$ lspci -b
00:00.0 Host bridge: Intel Corporation 82855PM Processor to I/O Controller (rev 03)
00:01.0 PCI bridge: Intel Corporation 82855PM Processor to AGP Controller (rev 03)
00:1d.0 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1 (rev 01)
lsmod
The lsmod command extracts all the information about loaded modules, derived from the /proc/modules file, and displays it as shown below:
$ lsmod
ModuleSizeUsed by
nls_iso8859_137681
nls_cp43754321
vfat97641
fat463761 vfat
usb_storage866201
ip6t_LOG62127
/sys
The /sys directory contains all the files related to the kernel, firmware, and other system-related files. There are a number of directories under /sys to ensure that it is a well-organized structure. The overall structure can be seen using the ls command.
$ ls -l /sys
total 0
drwxr-xr-x2 root root 0 2009-05-23 10:53 block
drwxr-xr-x16 root root 0 2009-05-23 08:47 bus
drwxr-xr-x39 root root 0 2009-05-23 08:47 class
drwxr-xr-x4 root root 0 2009-05-23 10:56 dev
drwxr-xr-x10 root root 0 2009-05-23 08:47 devices
drwxr-xr-x5 root root 0 2009-05-23 08:47 firmware
drwxr-xr-x3 root root 0 2009-05-23 08:47 fs
drwxr-xr-x6 root root 0 2009-05-23 08:47 kernel
drwxr-xr-x127 root root 0 2009-05-23 10:53 module
drwxr-xr-x2 root root 0 2009-05-23 08:47 power
/proc
The /proc filesystem is a virtual filesystem, which facilitates communication between the Linux kernel and the user processes. The /proc filesystem contains a number of directories that can organize the data below it and virtual files. Virtual files can be read from or written to the /proc filesystem as a method of communicating with specific entities in the kernel. Virtual files can share data from the user to the kernel or vice versa. There are a number of interesting files in the /proc filesystem such as cpuinfo, which identifies the type and speed of the processor installed in the system, and modules, which identifies the currently loaded modules in the kernel. A typical listing of the directory is shown in Figure 4.1.
The listing shows a series of numbered directories at the left-hand part of the screen for a process that is running on the computer. The directory labeled 1 is for the first process initiated: the init process.
Did You Know?
Although the list of compatible hardware is large and often configured correctly on installation, understanding how Linux configures devices is essential to support and maintain a system. In particular:
■ Use lsusb and lspci to interrogate and list hardware devices.
■ Loaded modules are listed using lsmod.
■ modprobe can load and unload modules.
■ /sys contains files related to the kernel and firmware.
■ /proc is a virtual filesystem to communicate between the kernel and the user processes.
modprobe and modprobe.conf file
Devices can be detected during installation or when a new device is installed in a system. There are also a number of ways to initialize the hardware manually.
■ modprobe is the high-level handler for all modules, and it can be used to unload or load a new device's kernel module.
■ The /etc/modprobe.conf.local file can be edited to prompt the system to recognize and support the new hardware upon reboot.
The base system uses the /proc/modprobe.conf file to load the modules, which should not be modified. This file appends the /etc/modprobe.conf.local to itself via an include statement. Once an entry has been added to the /etc/modprobe.conf.local file and a reboot undertaken, the system performs a module dependency check.
As root, you can also manually load (and unload) a device's kernel module using modprobe. This command will look in the /usr/lib/[kernel version] for all the modules and files except for the optional /etc/modprobe.conf configuration file and /etc/modprobe.d directory. If the module does not exist, modprobe generates an error. As modprobe does not do anything to the module itself, all dependencies and the resolving of symbols are handled by the kernel itself. Kernel messages generated by a module failure will have to be displayed using the dmesg command.
Each module may need one or more additional modules loaded to enable it to function correctly, and modprobe will check for these dependencies in the modules.dep file, which is itself generated by the command depmod. The modules.dep file is located in the /lib/modules/'uname directory.
/etc/modules.conf configuration file
The behavior of modprobe can be altered by the optional /etc/modules.conf file. This file consists of a set of lines, which looks similar to a shell script. The file will typically only exist if you are installing kernel modules, which are not compiled directly into the kernel and not handled by modprobe elsewhere.
Networking
It is very rare that a modern computer system is not connected to some form of network, and this requires the setup of a network card and TCP/IP on your system.
Configuring the Interface
If you are installing a network interface card (NIC) or other hardware module, ensure that it is on the supported device list for the Linux kernel you are installing. Most NICs will have one or more lights to indicate whether it is working and connected correctly. If these indicate an error, use any diagnostics tools that are available to check out the device.
When you have installed the NIC and are confident that it is working, the NIC needs to be configured. The two key commands required when configuring a NIC are ifconfig and ifup. It should be noted that superuser privileges will be required for some of the options in the ifconfig, ifup, and ifdown commands. The ifconfig command is very useful in displaying the status of a NIC, with part of the output shown below:
$ /sbin/ifconfig
eth0Link encap:Ethernet HWaddr 00:0D:56:E7:9D:B1
inet addr:192.168.1.38 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20d:56ff:fee7:9db1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8773 errors:5 dropped:0 overruns:0 frame:5
TX packets:2722 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5185021 (4.9 Mb) TX bytes:226856 (221.5 Kb)
Interrupt:11
A number of actions to fault find a non-working network card are listed below. With multiple NICs, the cards are sequentially numbered eth0, eth1, and so on, and you must be sure you are manipulating the correct device.
The NIC must be turned on for the system to recognize it, and you can achieve this using ifconfig or ifup as shown below:
ifconfig eth1 up
ifup eth1
Reconfiguring the IP and subnet mask of the device may require the NIC to be inactive or to be turned on and off. This can be achieved using ifconfig or ifdown as such:
ifconfig eth1 down
ifdown eth1
Exam Warning
Remember that ifconfig, ifup, and ifdown are usually located in the /sbin directory, which is not part of the path as defined in $PATH for most users. The full directory path may therefore be required to execute the commands.
The IP address associated with the NIC can be assigned dynamically from a DHCP server, or it can have a static address assigned to it. To set a NIC to a specific IP address, the command is
ifconfig eth1 10.10.10.3 netmask 255.255.255.0
DHCP Setup and Configuration
For the majority of devices, the use of DHCP will be the preferred option. The host running DHCP obtains an IP address by contacting a central server, which maintains the addresses for one or more subnets. Once the client has contacted the server, it will be assigned an IP address, subnet mask, and potentially other information such as the default route and IP address of the default NS. The information that is requested is listed in the configuration file /etc/dhclient.conf.
A command-line DHCP client, /etc/dhcpcd, can also be used to configure the network interface. The Domain name server (DNS) information obtained from the server will be written to resolvconf or, if unavailable, directly to /etc/resolv.conf. In larger networks, the DHCP server may also supply configuration data for Network Information Service (NIS) and Network Time Protocol (NTP), and these will be stored in /etc/yp.conf and /etc/ntpd.conf. These services will be stopped and started by dhcpcd to ensure that they are notified of the change.
For support reasons, a number of other options are useful with the dhcpcd command:
■ release releases the current lease and deconfigures the interface.
■ renew attempts to renew the lease. These two commands are often done sequentially to check the connection to the DHCP server.
■ nogateway restricts any updating of the default route.
■ nontp stops ntp being updated.
■ nodns stops DNS information being updated in /etc/resolvconf.
A DHCP alternative client is dhclient, which runs on startup and reads the /etc/dhclient.conf file. This file contains a list of all the network interfaces that are to be configured in the current system. If the interface is configured using this client, it stores the DHCP lease in /var/lib/dhcp/dhclient.leases.
Configuring a Wireless Interface
To display the status of all the wireless interfaces on a system, use iwconfig with no parameters or the iwlist command found in /usr/sbin. The wireless statistics are obtained from the /proc/net/wireless file.
Fast Facts
To set up a wireless NIC, the main parameters to use are as follows:
■ ESSID sets the network name to enable the user to roam across a number of access points.
■ Mode needs to be set depending on the network topology. The common parameters are Managed for a network of many access points, ad-hoc for a point-to-point connection, and Master if the device will act as access point.
■ Key/enc is used to set the current encryption key and is entered in hex notation in the form XXXX-XXXX-XXXX-XXXX or as an ASCII string with the s: prefix.
Network Configuration Files
There are a number of network configuration files in the systems that are modified automatically or manually. The files can have comments embedded in them using the # symbol.
Hosts File, /etc/hosts
The hosts file maps actual IP addresses to host names and contains both IPv4 and IPv6 addresses. For large networks, this is usually undertaken by using DNS.
Services, /etc/services
The services file maps port numbers to services. A port is specific to an application and is the communication endpoint used by the transport layer protocols in the IP suite. Applications use these port numbers to ensure that the sending and receiving systems understand which application the packet is destined for.
Name Switch Service, /etc/nsswitch.conf
The Name Switch Service is used to tell the system which service to use, with potentially a number of entries per service to allow for multiple “databases” and their lookup order to be specified. Typically, there will be entries for password, hosts, networks, and services among others. The typical entries are as follows:
■ nis: Use NIS or YP (formerly called Sun Yellow Pages)
■ dns: Use the Domain name server
■ files: Use the local files
Resolver File, /etc/resolv.conf
The resolv.conf file will normally be constructed automatically and will never need to be changed manually. It contains the list of one or more NSs, typically obtained from the DHCP service, with the format nameserver IP_ADDRESS.
TCP/IP Ports
There are a number of common networking ports that are used frequently. Ports 0 through 1023 are defined as well-known ports. Registered ports are from 1024 to 49151. The remainder of the ports from 49152 to 65535 can be used dynamically by applications. A brief description of these are as follows:
■ Port 20 and 21: FTP data and FTP control, respectively
■ Port 22: Remote login protocol secure shell (SSH)
■ Port 23: Telnet, used for accessing system remotely but is not very secure
■ Port 25: Simple Mail Transfer Protocol (SMTP) used by e-mail servers
■ Port 53: DNS protocol
■ Port 80: Used for accessing Web servers
■ Port 110: The POP service or Post Office Protocol used by local e-mail clients to retrieve mail from servers
■ Port 123: NTP to synchronize time with remote time servers
■ Port 143: E-mail clients can use the Internet Message Access Protocol (IMAP) to retrieve mail from servers
■ Port 443: This is the Hypertext Transfer Protocol (HTTP) Secure that combines the HTTP with a cryptographic protocol, which can be used for payment transactions and other secure transmission of data from Web pages.
■ Port 631: The Internet Printing Protocol (IPP) used to print to printers located remotely on the network
■ Port 3306: The standard port for MySQL
These ports are defined in the /etc/services file on Linux systems.
Managing Connectivity
The descriptions above have outlined the basics of network connectivity and how to install a network card into a system. The following section builds on this knowledge and defines how to manage the connectivity between systems in a network.
Routing
The setup of the IP address and associated data on each of the NICs within a system is only part of the required network configuration. The system needs to know where to route packets, and this is achieved using the route command, located in /sbin and used after the interfaces have been set up.
Any network interface will have an IP address and a subnet mask. The IP address will be in the form 192.168.1.1 (for IPv4) or 2001:db9:0:1234:0:567:1:1 (IPv6). The subnet mask identifies how many nodes are in that network, for instance, a class C network will have 254 nodes. When a machine has to communicate with another machine, it will decide how to route these packets to it. If it is on the local network, it can do so directly. Otherwise, it has to use an intermediate router to send the packets to. The route command used with no parameters displays the current routing table as shown below:
| syngress> /sbin/route | |||||||
| Kernel IP routing table | |||||||
| Destination | Gateway | Genmask | Flags | Metric | Ref | Use | Iface |
| 192.168.1.0 | * | 255.255.255.0 | U | 1 | 0 | 0 | eth0 |
| loopback | * | 255.0.0.0 | U | 0 | 0 | 0 | lo |
| default | 192.168.1.1 | 0.0.0.0 | UG | 0 | 0 | 0 | eth0 |
The first column shows the destination IP or the host name. The default gateway for this machine is the default entry and will be where packets are sent if no specific route exists for a destination. The Genmask column defines the Netmask for that particular network. The Flags column can have a number of options, with U being the route is enabled and G specifying that the destination requires a gateway. The other notable column is Iface column. This column specifies which interface is used for that route.
The route command can add to the routing tables and can specify a host or a network as a destination, with the default being a host. The most common route to add is that of the default gateway such as
/sbin/route add default gw 192.168.1.1
If the interface has just been configured using the ifconfig command, the network may have to be added by hand
/sbin/route add –net 192.168.1.0 netmask 255.255.25.50 dev eth1
IPTables
iptables is a user space program primarily for system administrators and is usually installed as /usr/sbin/iptables. It is used to configure the tables, rules, and filters to control the treatment of network packets into and out of the system. It uses the Xtables framework, which itself is used by Netfilter. The Xtables is the kernel-level component and provides an application program interface (API) for kernel-level extensions. The tables are associated with a number of specific kinds of packet processing. Packets are processed by the system by rules in a chain, with each rule able to send the packet to another rule if necessary. All network packets into and out of the system must traverse at least one chain.
There are three predefined chains for input, output, and forward in the table. A packet traverses the chain until a rule matches the packet and decides what to do with it (such as accept or drop a packet) or returns the rule processing to the calling chain or traverses until the end of the chain is reached. The current rules can be displayed using the iptables –L command and must be run as root as it requires elevated privileges. As Network Address Translation (NAT) is configured from the packet filter ruleset, this is included with iptables.
DNS Record Type and DNS Resolution
The Domain name server is used to convert names to their actual IP address using the resolver process. These servers are defined in the /etc/resolv.conf file defined above. Each NS is part of a tree structure and will have an authoritative NS for its domain, such as foo.com. Each NS may delegate parts of its zone to other NSs for convenience and speed. Starting from the root domain, the server that is the authoritative NS for a domain can be found by following the chain of delegations.
Fast Facts
Each DNS will hold the data for the domain in resource records. These records hold a single fact about that domain, with the common records defined below:
■ A (address) records define the actual IP address associated with a name.
■ NS (name server) records define the authoritative NS for the domain.
■ MX (Mail Exchanger) records define the main server for the zone.
■ PTR (Pointer) records define the real name of the host for a particular IP.
■ CNAME (Canonical Name) is the alias of one name to another.
■ TXT (Text) Primarily for human-readable text but can also contain machine-readable data.
More information on the DNS is covered in Chapter 8, “Installing, Configuring as a Server.”
Network Connectivity Troubleshooting
The following will guide the user through basic network connectivity troubleshooting. When connectivity issues arise, a systematic approach is needed to ensure a quick resolution. If the machine is newly built, it is advisable to use a network connection that is known to be fully working to ensure that the physical connections, cable, and upstream devices such as routers, switches, and DHCP servers are fully operational.
Initially, ensure that the NIC configuration is correct and then connect the network cable. The machine should now be initialized with an IP address and relevant NS information from a DHCP server or using a static information. The ifconfig command, with no parameters, should be executed to display the status of the NICs. For a more comprehensive output than ifconfig, use netstat. The output is listed by sockets (application to application connections between two computers). The common options for the netstat command are shown in Table 4.1.
It is often useful to have the netstat command running in a separate terminal window with the –c command while testing is being undertaken. Additionally, there will be an entry in the Address Resolution Protocol (ARP) table, located in /proc/net/arp which primary translates IP addresses to Media Access Control (MAC) addresses or the actual hardware address embedded in every NIC.
With the machine on the network, the connections to various systems and networks can be tested. Initially, use the PING command to test the hosts loopback address as shown below, using the –c option to limit the number of pings to 3.
$ ping -c 3 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.066 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.064 ms
--- 127.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000 ms
rtt min/avg/max/mdev = 0.064/0.065/0.066/0.000 ms
In addition, the command hostname can be used to display the local host name. This command can be used to display the name and IP address(es) of the host. This will further clarify whether the local IP addressing is set up correctly.
When the local machine is known to be working correctly, the command can be used to test other machines. The PING command will echo back the name and, if resolved, the IP address; otherwise an error message of “ping: unknown host” is displayed. If you use a name of a well-known server, for example, ping linux.com and the name is resolved, then basic NS resolution is working.
To find out more about the actual route packets take from your machine to the target, traceroute can be used which is located in /usr/sbin. The first part of the output to the Syngress Web server is shown below:
$ /usr/sbin/traceroutewww.syngress.com
traceroute towww.syngress.com(145.36.40.200), 30 hops max, 40 byte packets using UDP
1 192.168.1.1 (192.168.1.1) 1.117 ms 0.595 ms 0.621 ms
2 * * *
3 ge-3-27-ur02.grant.tx.houston.comcast.net (68.85.250.25) 7.015 ms 7.898 ms 7.332 ms
4 te-8-1-ar01.royalton.tx.houston.comcast.net (68.85.244.101) 10.504 ms 10.304 ms 9.740 ms
5 po-11-ar02.royalton.tx.houston.comcast.net (68.85.244.98) 11.640 ms 11.836 ms 11.808 ms
6 po-17-ar02.greenspoint.tx.houston.comcast.net (68.85.244.130) 13.299 ms 13.271 ms 13.276 ms
7 te-0-1-0-4-cr01.dallas.tx.ibone.comcast.net (68.86.91.57) 17.153 ms 17.074 ms 16.860 ms
8 64.132.69.249 (64.132.69.249) 16.837 ms 16.650 ms 16.243 ms
Along a network there will be a number of routers which interconnect different networks together. The routers along the network decide where to send the packet, that is, to forward it to one of its interfaces. If the router does not find a matching route for the packet, it will be sent to its default route and so on until the packet reaches its destination.
Earlier in this section, you learned that when a system does not seem to recognize a name but works perfectly with IP addresses, then there is an issue with the name resolution. First, if possible, discover if it is a global issue with all your machines on the network by utilizing the ping <server name> command on another machine. If this works, then the problem is with your machine setup. Check that there is a valid NS defined in the /etc/resolv.conf file and that you can traceroute to that server. If you cannot perform basic routing to these servers, then name resolution will not occur.
The Domain Information Groper or dig command can query the NSs listed in the /etc/resolv.conf file and then undertakes an NS query. An example of the dig command and output is shown below:
$ dig syngress.com
; <<>> DiG 9.5.0-P2 <<>> syngress.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54845
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;syngress.com.INA
;; ANSWER SECTION:
syngress.com.300INA145.36.40.200
;; Query time: 207 msec
;; SERVER: 68.87.85.98#53(68.87.85.98)
;; WHEN: Thu May 14 14:58:26 2009
;; MSG SIZE rcvd: 46
It can also perform a reverse lookup, where the IP address is used instead of the name. This produces slightly different results.
$ dig 145.36.40.200
; <<>> DiG 9.5.0-P2 <<>> 145.36.40.200
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1949
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;145.36.40.200.INA
;; AUTHORITY SECTION:
.900INSOAA.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2009051401 1800 900 604800 86400
;; Query time: 144 msec
;; SERVER: 68.87.85.98#53(68.87.85.98)
;; WHEN: Thu May 14 14:59:37 2009
;; MSG SIZE rcvd: 106
The slightly outdated command nslookup is still useful, in both interactive and noninteractive modes.
$ nslookup
Server: 68.87.85.98
Address: 68.87.85.98#53
Non-authoritative answer:
www.syngress.comcanonical name = syngress.com.
Name: syngress.com
Address: 145.36.40.200
Summary of Exam Objectives
In this chapter, you learned about how to configure the base Linux system. The basics of user and system environment variables were explained and how to configure these globally and for individual users. The main environment variables that are commonly defined were explained.
The management of devices is very important and is often complex to many individuals initially. How to add and delete modules to the kernel and where the configuration files are located is essential knowledge for any system administrators. These commands are worth experimenting with and learning more about them to ensure you can master them.
The majority of systems are networked together, and this chapter explored the basics of networking. The routing tables were explained and how to manipulate these. In modern system, it is often problems with incorrect routing that causes problems to occur. In addition, how to set up NICs with static and DHCP IP addresses was discussed, along with an introduction to DNS.
1. A user wants to ensure that his wireless card installed correctly in his system only connects to his company's network. This network has an SSID of mycorp and uses WPA2 for added security. How would you ensure this occurs?
A. iwconfig essid mycorp
B. iwconfig default mycorp
C. iwconfig default_ssid mycorp
D. iwconfig noroam essid mycorp
2. You wish to set up the default editor in your environment to be the vim editor instead of the current setting of vi. Which would be the best solution to achieve this?
A. Modify the /etc/env.conf file to set the default editor environment variable edit to be vim
B. Modify the /etc/env.conf file to set the default editor environment variable editor to be vim
C. Change the ~/.bashrc file to set the default editor environment variable editor to be vim
D. Change the /etc/.bashrc file to set the default editor environment variable edit to be vim
3. A user is experiencing connectivity issues with a network port that has been working successfully for a number of months. You have tested the network by connecting another laptop to the same port, which worked. Looking at the hardware, you can see that they have an old NIC and you wish to replace it with a new one. The kernel did not recognize the NIC upon reboot. How would you add the card manually?
A. modprobe 8139too
B. modprobe enable 8139too
C. modprobe up 8139too
D. add_dep module 8139too
4. Which of the following directories is the primary location for the current hardware information of your computer?
A. /sbin
B. /proc
C. /lib/modules
D. /etc
5. Which are the following configuration files typically associated to individual user' logins with the Bourne-again shell?
A. ~/.bashrc, /etc/profile
B. ~/.bash_profile, /etc/profile
C. ~/.bashrc, ~/profile
D. /etc/.bashrc, /etc/profile
Answers
1. Correct answer and explanation: A. Answer A is correct, as the essid option specifies the correct SSID to use.
Incorrect answers and explanations: B, C, and D. Answer B is incorrect, as there is no default parameter. Answer C is incorrect, as there is no default or ssid option. Answer D is nearly correct, but there is no noroam parameter to this command.
2. Correct answer and explanation: C. Answer C is correct, as this will change the default editor to be vim for yourself.
Incorrect answers and explanations: A, B, and D. Answers A and B are incorrect, as env.conf is not a valid configuration file. Answer D is incorrect, as this is the wrong location of the .bashrc file.
3. Correct answer and explanation: A. Answer A is correct, as this is the correct notation for the modprobe command.
Incorrect answers and explanations: B, C, and D. Answers B and C are incorrect, as the optional parameters are incorrect. Answer D is incorrect, as there is no add_dep command.
4. Correct answer and explanation: B. Answer B is correct because the /proc directory contains the information about the various aspects of a Linux system, including hardware information such as IRQ ports and I/O address for each detected and installed device in the system.
Incorrect answers and explanations: A, C, and D. Answer A is incorrect, as the /sbin directory contains the administrative binary files, and commands such as ifconfig reside here. This directory does not include information about the system-only commands to manipulate the hardware. Answer C is incorrect in that the /lib/modules directory contains most of the hardware driver module but does not include hardware information such as the IRQ addresses. Answer D is also incorrect, as the /etc directory contains a number of system configuration files and installation scripts but does not contain all the hardware information.
5. Correct answer and explanation: A. Answer A is correct, as the /etc/profile configuration file contains the defaults for all users on a global basis. Each user has a .bashrc configuration in his or her home directory.
Incorrect answers and explanations: B, C, and D. Answer B is incorrect, as not all Linux distributions have the .bash_profile configuration file. Answer C is incorrect, as the profile configuration file is located in /etc and not the users home directory. Answer D is incorrect as .bashrc is associated with global configuration files and is therefore not in the /etc filesystem.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.