Novell Linux certification practicum lab manual: Accompanied by double-sided DVD-ROM 0672328402, 9780672328404
298 98 5MB
English Pages x, 182 Seiten Seiten [195] Year 2005;2006
Polecaj historie
Table of contents :
Cover......Page 1
Table of Contents......Page 6
What Is Covered in This Book......Page 13
A Word About Practicum Exams......Page 14
What Do You Need?......Page 15
CHAPTER 1: Novell Linux Desktop 9......Page 17
Exercise 1: Armstrong’s Auto Body......Page 19
Exercise 2: Barry’s House of Trophies......Page 20
Exercise 3: Collette Consulting......Page 21
Exercise 4: D. S. Technical......Page 22
Exercise 5: Evan’s Dilemma......Page 23
Exercise 6: Frank’s Flowers......Page 24
Exercise 7: Gibson’s Marketing Consultants......Page 25
Exercise 8: Heberling Venture Fund......Page 26
Exercise 9: Indiana Industrials......Page 27
Exercise 10: Jerralds Union Institute......Page 28
Exercise 11: Kent’s School......Page 29
Exercise 12: Lessons Learned, Inc.......Page 30
Exercise 13: Mississippi Computing......Page 31
Exercise 14: NoMore Paper......Page 32
Exercise 15: Octagon Systems......Page 33
CHAPTER 2: SUSE LINUX Enterprise Server 9......Page 35
Exercise 16: ACME Electronics......Page 39
Exercise 17: Barnes and Fine......Page 40
Exercise 18: Cash Today......Page 41
Exercise 19: Donna’s Collectibles......Page 42
Exercise 20: Edna and Lorraine Antiques......Page 43
Exercise 21: Fetters Hair and Such......Page 45
Exercise 22: Global Moving......Page 46
Exercise 23: Hare Trucks......Page 47
Exercise 24: Independent Fireworks......Page 48
Exercise 25: J & C Bookkeeping......Page 49
Exercise 26: Karen’s Computers......Page 50
Exercise 27: Lifetime Solutions......Page 51
Exercise 28: Muncie Management......Page 52
Exercise 29: New Start, Inc.......Page 53
Exercise 30: Oak Pictures......Page 54
Exercise 31: P.A.R. Inc.......Page 56
Exercise 32: Quality Seals......Page 57
Exercise 33: Rich and Big Home Improvements......Page 58
Exercise 34: Spencer Treats......Page 59
Exercise 35: Thrifty Constructors......Page 60
Exercise 36: U.S. Roadways......Page 61
Exercise 37: Victory Electric......Page 62
Exercise 38: Waffles and More......Page 63
Exercise 39: Xtreme Books......Page 64
Exercise 40: Young and Forest......Page 65
Exercise 41: Zebb Jewels......Page 66
Exercise 42: Yorktown Bakers......Page 67
Exercise 43: X. L. Technology......Page 68
Exercise 44: Wait and Waste, LLC......Page 69
Exercise 45: Village Pump & Supply......Page 70
CHAPTER 3: Advanced SUSE LINUX Enterprise Server 9......Page 71
Exercise 46: Alabama Cement......Page 73
Exercise 47: Alaska Tours and Such......Page 74
Exercise 48: Arizona Aluminum Manufacturing......Page 75
Exercise 49: Arkansas University......Page 76
Exercise 50: California Dreaming......Page 77
Exercise 51: Colorado Insurers......Page 78
Exercise 52: Connecticut Water......Page 79
Exercise 53: Delaware Trucking......Page 80
Exercise 54: Florida Reviewers......Page 81
Exercise 55: Georgia Widgets......Page 82
Exercise 56: Hawaii PineTrees, Inc.......Page 83
Exercise 57: Idaho Rock Quarries......Page 84
Exercise 58: Illinois Lotto......Page 85
Exercise 59: Indiana Reptiles......Page 86
Exercise 60: Iowa Retirement Homes......Page 87
Exercise 61: Kansas Vets, Ltd.......Page 88
Exercise 62: Kentucky’s D S Technical......Page 89
Exercise 63: Louisiana Fishing......Page 90
Exercise 64: Maine Asylums, LLC......Page 91
Exercise 65: Maryland Programming......Page 92
Exercise 66: Massachusetts Spammers......Page 93
Exercise 67: Michigan Growers......Page 94
Exercise 68: Minnesota River Authority......Page 95
Exercise 69: Mississippi Diabetes Group......Page 96
Exercise 70: Missouri Knife and Scissor......Page 97
Exercise 71: Montana Expeditions......Page 98
Exercise 72: North Carolina Swimmers......Page 99
Exercise 73: North Dakota Plastics......Page 100
Exercise 74: Nebraska Genealogy......Page 101
Exercise 75: Nevada Design......Page 102
Exercise 1: Armstrong’s Auto Body......Page 103
Exercise 2: Barry’s House of Trophies......Page 106
Exercise 3: Collette Consulting......Page 109
Exercise 4: D. S. Technical......Page 111
Exercise 5: Evan’s Dilemma......Page 112
Exercise 6: Frank’s Flowers......Page 113
Exercise 7: Gibson’s Marketing Consultants......Page 114
Exercise 8: Heberling Venture Fund......Page 115
Exercise 9: Indiana Industrials......Page 116
Exercise 10: Jerralds Union Institute......Page 117
Exercise 11: Kent’s School......Page 118
Exercise 12: Lessons Learned, Inc.......Page 119
Exercise 13: Mississippi Computing......Page 122
Exercise 14: NoMore Paper......Page 123
Exercise 16: ACME Electronics......Page 124
Exercise 17: Barnes and Fine......Page 125
Exercise 19: Donna’s Collectibles......Page 127
Exercise 20: Edna and Lorraine Antiques......Page 128
Exercise 21: Fetters Hair and Such......Page 130
Exercise 22: Global Moving......Page 131
Exercise 23: Hare Trucks......Page 132
Exercise 24: Independent Fireworks......Page 133
Exercise 25: J & C Bookkeeping......Page 134
Exercise 28: Muncie Management......Page 137
Exercise 29: New Start, Inc.......Page 138
Exercise 30: Oak Pictures......Page 139
Exercise 32: Quality Seals......Page 142
Exercise 35: Thrifty Constructors......Page 143
Exercise 36: U.S. Roadways......Page 144
Exercise 38: Waffles and More......Page 146
Exercise 39: Xtreme Books......Page 148
Exercise 40: Young and Forest......Page 149
Exercise 41: Zebb Jewels......Page 151
Exercise 43: X. L. Technology......Page 153
Exercise 44: Wait and Waste, LLC......Page 154
Exercise 45: Village Pump & Supply......Page 155
Exercise 46: Alabama Cement......Page 156
Exercise 47: Alaska Tours and Such......Page 160
Exercise 48: Arizona Aluminum Manufacturing......Page 161
Exercise 49: Arkansas University......Page 163
Exercise 50: California Dreaming......Page 165
Exercise 51: Colorado Insurers......Page 167
Exercise 53: Delaware Trucking......Page 168
Exercise 54: Florida Reviewers......Page 170
Exercise 55: Georgia Widgets......Page 172
Exercise 57: Idaho Rock Quarries......Page 173
Exercise 58: Illinois Lotto......Page 174
Exercise 60: Iowa Retirement Homes......Page 175
Exercise 61: Kansas Vets, Ltd.......Page 176
Exercise 62: Kentucky’s D S Technical......Page 178
Exercise 63: Louisiana Fishing......Page 179
Exercise 64: Maine Asylums, LLC......Page 180
Exercise 65: Maryland Programming......Page 181
Exercise 67: Michigan Growers......Page 182
Exercise 68: Minnesota River Authority......Page 184
Exercise 70: Missouri Knife and Scissor......Page 185
Exercise 72: North Carolina Swimmers......Page 186
Exercise 73: North Dakota Plastics......Page 188
Exercise 74: Nebraska Genealogy......Page 189
Exercise 75: Nevada Design......Page 190
E-F......Page 191
Q-R......Page 192
V-W......Page 193
X-Y-Z......Page 194
Citation preview
Tasks and Objectives at a Glance CHAPTER 1
CHAPTER 2
Novell Linux Desktop 9
SUSE LINUX Enterprise Server 9 (continued)
TASK
EXERCISE #
Adding a User Adding a User During Installation Archiving Files Changing Global User Account Settings Changing Login Shell Changing Password Encryption Changing User Account Settings Changing Your Password Checking the Start Logs Compressing Files Using File Roller Configuring the Desktop Configuring a GNOME Shortcut Configuring the Local Printer Creating a Backup Creating a Rescue Floppy Creating a KDE Shortcut Creating Launcher Disabling Remote Administration Enabling Accessibility Options Installing a Software Package Installing Another Desktop Installing SMB Printer Installing Novell Linux Desktop 9 Killing a Process Making KDE the Default Interface Remote Desktop Sharing Resizing Partitions Searching for Files Updating the Operating System Using Terminal Window
2 1 10 2 2 1, 2 2 5 15 10 10 2 3 8 13 13 8 4 15 3 3 3 7 1 11 1 12 14 6 9 5
CHAPTER 2
SUSE LINUX Enterprise Server 9 OBJECTIVE
EXERCISE #
Accessing and Using man Pages Accessing Release Notes and White Papers Accessing the Command Line Adding New Hardware to a SLES 9 System Applying Security Updates Archiving Files with tar Automating Data Backups with cron Backing Up and Restoring the File System
32 32 16 38 25 35 30 35
OBJECTIVE
EXERCISE #
Backing Up Files with tar 35 Being Informed About Security Issues 32 Changing Directories and Listing Directory Contents 16 Common Command-Line Tasks 26 Compressing and Uncompressing Files with gzip and bzip2 16 Configuring a File System with Logical Volume Management (LVM) 42 Configuring a Network Installation 20 Configuring a Samba Server as a File Server 20 Configuring an Apache Web Server 20 Configuring and Installing the GRUB Boot Loader 43 Configuring and Managing Network Printing Services 38 Configuring and Managing Routes 27 Configuring Hostname and Name Resolution 27 Configuring Linux File System Partitions 42 Configuring Security Settings with YaST 25 Configuring SUSE LINUX Enterprise Server Time 44 Copying and Moving Files and Directories 16 Creating a Security Concept 25 Creating Directories 16 Creating, Viewing, and Appending Files 21 Deleting Files and Directories 21 Deploying OpenLDAP on a SLES 9 Server 45 Developing a Backup Strategy 35 Enabling a Web Server (Apache) 20 Enabling Remote Administration with YaST 36 Executing Commands at the Command Line 16 Executing RPM Package-Related Operations 19 Finding Files on Linux 17 Finding Help on the Web 32 Implementing and Monitoring Enterprise Security Policies 44 Installing a Printer in the Linux System 38 Introduction to Command Shells 41 Introduction to Linux Text Editors 41 Introduction to Network-Related Command-Line Commands 27 Introduction to YaST2 Throughout Limiting Physical Access to Server Systems 43 (continues on Inside Back Cover)
Contents
Novell Linux Certification Practicum Lab Manual ®
EMMETT DULANEY
Published by Pearson Education, Inc. 800 East 96th Street, Indianapolis, Indiana 46240 USA
Novell® Linux Certification Practicum Lab Manual Copyright © 2006 by Novell, Inc. All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. International Standard Book Number: 0-672-32840-2 Library of Congress Catalog Card Number: 20059040121 Printed in the United States of America First Printing: November 2005 08 07 06 05 4 3 2 1 Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Novell Press cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
ACQUISITIONS EDITOR Jenny Watson DEVELOPMENT EDITOR Scott Meyers MANAGING EDITOR Charlotte Clapp PROJECT EDITOR Andy Beaster COPY EDITOR Rhonda Tinch-Mize INDEXER Aaron Black PROOFREADER Kathy Bidwell
Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book.
TECHNICAL EDITOR David Coughanour
About Novell Press
BOOK DESIGNER Gary Adair
Novell Press is the exclusive publisher of trade computer technology books that have been authorized by Novell, Inc. Novell Press books are written and reviewed by the world’s leading authorities on Novell and related technologies, and are edited, produced, and distributed by the Que/Sams Publishing group of Pearson Education, the worldwide leader in integrated education and computer technology publishing. For more information on Novell Press and Novell Press books, please go to www.novellpress.com.
PUBLISHING COORDINATOR Vanessa Evans
PAGE LAYOUT Kelly Maish
Special and Bulk Sales Pearson offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contact U.S. Corporate and Government Sales 1-800-382-3419 [email protected] For sales outside of the U.S., please contact International Sales [email protected] Novell Press is the exclusive publisher of trade computer technology books that have been authorized by Novell, Inc. Novell Press books are written and reviewed by the world’s leading authorities on Novell and related technologies, and are edited, produced, and distributed by the Que/Sams Publishing group of Pearson Education, the worldwide leader in integrated education and computer technology publishing. For more information on Novell Press and Novell Press books, please go to www.novellpress.com. Associate Publisher Mark Taber
ii
Program Manager, Novell, Inc. Darrin Vandenbos
Marketing Manager Doug Ingersoll
Contents at a Glance Introduction
1
CHAPTER 1:
Novell Linux Desktop 9
CHAPTER 2:
SUSE LINUX Enterprise Server 9
23
CHAPTER 3:
Advanced SUSE LINUX Enterprise Server 9
59
CHAPTER 4:
Solutions to Exercises
91
Index
5
179
iii
Table of Contents Introduction 1 What Is Covered in This Book . . . . . . . . . . . . . . . . . . . . . 1 What This Book Is Not . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 A Word About Practicum Exams . . . . . . . . . . . . . . . . . . . . 2 What Do You Need? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 CHAPTER 1:
Novell Linux Desktop 9
5
Exercise 1: Armstrong’s Auto Body . . . . . . . . . . . . . . . . . . 7 Exercise 2: Barry’s House of Trophies . . . . . . . . . . . . . . . . . 8 Exercise 3: Collette Consulting . . . . . . . . . . . . . . . . . . . . . 9 Exercise 4: D. S. Technical . . . . . . . . . . . . . . . . . . . . . . . 10 Exercise 5: Evan’s Dilemma . . . . . . . . . . . . . . . . . . . . . . . 11 Exercise 6: Frank’s Flowers . . . . . . . . . . . . . . . . . . . . . . . 12 Exercise 7: Gibson’s Marketing Consultants . . . . . . . . . . . 13 Exercise 8: Heberling Venture Fund . . . . . . . . . . . . . . . . 14 Exercise 9: Indiana Industrials . . . . . . . . . . . . . . . . . . . . 15 Exercise 10: Jerralds Union Institute . . . . . . . . . . . . . . . . 16 Exercise 11: Kent’s School . . . . . . . . . . . . . . . . . . . . . . . . 17 Exercise 12: Lessons Learned, Inc. . . . . . . . . . . . . . . . . . 18 Exercise 13: Mississippi Computing . . . . . . . . . . . . . . . . 19 Exercise 14: NoMore Paper . . . . . . . . . . . . . . . . . . . . . . . 20 Exercise 15: Octagon Systems . . . . . . . . . . . . . . . . . . . . . 21 CHAPTER 2:
SUSE LINUX Enterprise Server 9
23
Exercise 16: ACME Electronics . . . . . . . . . . . . . . . . . . . . 27 Exercise 17: Barnes and Fine . . . . . . . . . . . . . . . . . . . . . 28 Exercise 18: Cash Today . . . . . . . . . . . . . . . . . . . . . . . . . 29 Exercise 19: Donna’s Collectibles . . . . . . . . . . . . . . . . . . . 30 Exercise 20: Edna and Lorraine Antiques . . . . . . . . . . . . . 31 Exercise 21: Fetters Hair and Such . . . . . . . . . . . . . . . . . 33 Exercise 22: Global Moving . . . . . . . . . . . . . . . . . . . . . . 34 Exercise 23: Hare Trucks . . . . . . . . . . . . . . . . . . . . . . . . 35 iv
Exercise 24: Independent Fireworks . . . . . . . . . . . . . . . . 36 Exercise 25: J & C Bookkeeping . . . . . . . . . . . . . . . . . . . 37 Exercise 26: Karen’s Computers . . . . . . . . . . . . . . . . . . . . 38 Exercise 27: Lifetime Solutions . . . . . . . . . . . . . . . . . . . . 39 Exercise 28: Muncie Management . . . . . . . . . . . . . . . . . . 40 Exercise 29: New Start, Inc. . . . . . . . . . . . . . . . . . . . . . . 41 Exercise 30: Oak Pictures . . . . . . . . . . . . . . . . . . . . . . . . 42 Exercise 31: P.A.R. Inc. . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Exercise 32: Quality Seals . . . . . . . . . . . . . . . . . . . . . . . . 45 Exercise 33: Rich and Big Home Improvements . . . . . . . . 46 Exercise 34: Spencer Treats . . . . . . . . . . . . . . . . . . . . . . . 47 Exercise 35: Thrifty Constructors . . . . . . . . . . . . . . . . . . 48 Exercise 36: U.S. Roadways . . . . . . . . . . . . . . . . . . . . . . 49 Exercise 37: Victory Electric . . . . . . . . . . . . . . . . . . . . . . 50 Exercise 38: Waffles and More . . . . . . . . . . . . . . . . . . . . 51 Exercise 39: Xtreme Books . . . . . . . . . . . . . . . . . . . . . . . 52 Exercise 40: Young and Forest . . . . . . . . . . . . . . . . . . . . 53 Exercise 41: Zebb Jewels . . . . . . . . . . . . . . . . . . . . . . . . . 54 Exercise 42: Yorktown Bakers . . . . . . . . . . . . . . . . . . . . . 55 Exercise 43: X. L. Technology . . . . . . . . . . . . . . . . . . . . . 56 Exercise 44: Wait and Waste, LLC . . . . . . . . . . . . . . . . . . 57 Exercise 45: Village Pump & Supply . . . . . . . . . . . . . . . . 58 CHAPTER 3:
Advanced SUSE LINUX Enterprise Server 9
59
Exercise 46: Alabama Cement . . . . . . . . . . . . . . . . . . . . . 61 Exercise 47: Alaska Tours and Such . . . . . . . . . . . . . . . . . 62 Exercise 48: Arizona Aluminum Manufacturing . . . . . . . . 63 Exercise 49: Arkansas University . . . . . . . . . . . . . . . . . . . 64 Exercise 50: California Dreaming . . . . . . . . . . . . . . . . . . 65 Exercise 51: Colorado Insurers . . . . . . . . . . . . . . . . . . . . 66 Exercise 52: Connecticut Water . . . . . . . . . . . . . . . . . . . . 67 Exercise 53: Delaware Trucking . . . . . . . . . . . . . . . . . . . . 68 Exercise 54: Florida Reviewers . . . . . . . . . . . . . . . . . . . . 69 Exercise 55: Georgia Widgets . . . . . . . . . . . . . . . . . . . . . 70 v
Exercise 56: Hawaii PineTrees, Inc. . . . . . . . . . . . . . . . . . 71 Exercise 57: Idaho Rock Quarries . . . . . . . . . . . . . . . . . . 72 Exercise 58: Illinois Lotto . . . . . . . . . . . . . . . . . . . . . . . . 73 Exercise 59: Indiana Reptiles . . . . . . . . . . . . . . . . . . . . . . 74 Exercise 60: Iowa Retirement Homes . . . . . . . . . . . . . . . . 75 Exercise 61: Kansas Vets, Ltd. . . . . . . . . . . . . . . . . . . . . . 76 Exercise 62: Kentucky’s D S Technical . . . . . . . . . . . . . . . 77 Exercise 63: Louisiana Fishing . . . . . . . . . . . . . . . . . . . . 78 Exercise 64: Maine Asylums, LLC . . . . . . . . . . . . . . . . . . 79 Exercise 65: Maryland Programming . . . . . . . . . . . . . . . . 80 Exercise 66: Massachusetts Spammers . . . . . . . . . . . . . . . 81 Exercise 67: Michigan Growers . . . . . . . . . . . . . . . . . . . . 82 Exercise 68: Minnesota River Authority . . . . . . . . . . . . . . 83 Exercise 69: Mississippi Diabetes Group . . . . . . . . . . . . . 84 Exercise 70: Missouri Knife and Scissor . . . . . . . . . . . . . . 85 Exercise 71: Montana Expeditions . . . . . . . . . . . . . . . . . . 86 Exercise 72: North Carolina Swimmers . . . . . . . . . . . . . . 87 Exercise 73: North Dakota Plastics . . . . . . . . . . . . . . . . . 88 Exercise 74: Nebraska Genealogy . . . . . . . . . . . . . . . . . . 89 Exercise 75: Nevada Design . . . . . . . . . . . . . . . . . . . . . . 90 CHAPTER 4:
Solutions to Exercises
91
Exercise 1: Armstrong’s Auto Body . . . . . . . . . . . . . . . . . 91 Exercise 2: Barry’s House of Trophies . . . . . . . . . . . . . . . . 94 Exercise 3: Collette Consulting . . . . . . . . . . . . . . . . . . . . 97 Exercise 4: D. S. Technical . . . . . . . . . . . . . . . . . . . . . . . 99 Exercise 5: Evan’s Dilemma . . . . . . . . . . . . . . . . . . . . . . 100 Exercise 6: Frank’s Flowers . . . . . . . . . . . . . . . . . . . . . . 101 Exercise 7: Gibson’s Marketing Consultants . . . . . . . . . . 102 Exercise 8: Heberling Venture Fund . . . . . . . . . . . . . . . 103 Exercise 9: Indiana Industrials . . . . . . . . . . . . . . . . . . . 104 Exercise 10: Jerralds Union Institute . . . . . . . . . . . . . . . 105 Exercise 11: Kent’s School . . . . . . . . . . . . . . . . . . . . . . . 106 Exercise 12: Lessons Learned, Inc. . . . . . . . . . . . . . . . . 107 vi
Exercise 13: Mississippi Computing . . . . . . . . . . . . . . . 110 Exercise 14: NoMore Paper . . . . . . . . . . . . . . . . . . . . . . 111 Exercise 15: Octagon Systems . . . . . . . . . . . . . . . . . . . . 112 Exercise 16: ACME Electronics . . . . . . . . . . . . . . . . . . . 112 Exercise 17: Barnes and Fine . . . . . . . . . . . . . . . . . . . . . 113 Exercise 18: Cash Today . . . . . . . . . . . . . . . . . . . . . . . . 115 Exercise 19: Donna’s Collectibles . . . . . . . . . . . . . . . . . . 115 Exercise 20: Edna and Lorraine Antiques . . . . . . . . . . . . 116 Exercise 21: Fetters Hair and Such . . . . . . . . . . . . . . . . 118 Exercise 22: Global Moving . . . . . . . . . . . . . . . . . . . . . 119 Exercise 23: Hare Trucks . . . . . . . . . . . . . . . . . . . . . . . 120 Exercise 24: Independent Fireworks . . . . . . . . . . . . . . . 121 Exercise 25: J & C Bookkeeping . . . . . . . . . . . . . . . . . . 122 Exercise 26: Karen’s Computers . . . . . . . . . . . . . . . . . . . 125 Exercise 27: Lifetime Solutions . . . . . . . . . . . . . . . . . . . 125 Exercise 28: Muncie Management . . . . . . . . . . . . . . . . . 125 Exercise 29: New Start, Inc. . . . . . . . . . . . . . . . . . . . . . 126 Exercise 30: Oak Pictures . . . . . . . . . . . . . . . . . . . . . . . 127 Exercise 31: P.A.R. Inc. . . . . . . . . . . . . . . . . . . . . . . . . . 130 Exercise 32: Quality Seals . . . . . . . . . . . . . . . . . . . . . . . 130 Exercise 33: Rich and Big Home Improvements . . . . . . . 131 Exercise 34: Spencer Treats . . . . . . . . . . . . . . . . . . . . . . 131 Exercise 35: Thrifty Constructors . . . . . . . . . . . . . . . . . 131 Exercise 36: U.S. Roadways . . . . . . . . . . . . . . . . . . . . . 132 Exercise 37: Victory Electric . . . . . . . . . . . . . . . . . . . . . 134 Exercise 38: Waffles and More . . . . . . . . . . . . . . . . . . . . 134 Exercise 39: Xtreme Books . . . . . . . . . . . . . . . . . . . . . . 136 Exercise 40: Young and Forest . . . . . . . . . . . . . . . . . . . . 137 Exercise 41: Zebb Jewels . . . . . . . . . . . . . . . . . . . . . . . . 139 Exercise 42: Yorktown Bakers . . . . . . . . . . . . . . . . . . . . 141 Exercise 43: X. L. Technology . . . . . . . . . . . . . . . . . . . . 141 Exercise 44: Wait and Waste, LLC . . . . . . . . . . . . . . . . . 142 Exercise 45: Village Pump & Supply . . . . . . . . . . . . . . . 143 Exercise 46: Alabama Cement . . . . . . . . . . . . . . . . . . . . 144 vii
Exercise 47: Alaska Tours and Such . . . . . . . . . . . . . . . . 148 Exercise 48: Arizona Aluminum Manufacturing . . . . . . . 149 Exercise 49: Arkansas University . . . . . . . . . . . . . . . . . . 151 Exercise 50: California Dreaming . . . . . . . . . . . . . . . . . 153 Exercise 51: Colorado Insurers . . . . . . . . . . . . . . . . . . . 155 Exercise 52: Connecticut Water . . . . . . . . . . . . . . . . . . . 156 Exercise 53: Delaware Trucking . . . . . . . . . . . . . . . . . . . 156 Exercise 54: Florida Reviewers . . . . . . . . . . . . . . . . . . . 158 Exercise 55: Georgia Widgets . . . . . . . . . . . . . . . . . . . . 160 Exercise 56: Hawaii PineTrees, Inc. . . . . . . . . . . . . . . . . 161 Exercise 57: Idaho Rock Quarries . . . . . . . . . . . . . . . . . 161 Exercise 58: Illinois Lotto . . . . . . . . . . . . . . . . . . . . . . . 162 Exercise 59: Indiana Reptiles . . . . . . . . . . . . . . . . . . . . . 163 Exercise 60: Iowa Retirement Homes . . . . . . . . . . . . . . . 163 Exercise 61: Kansas Vets, Ltd. . . . . . . . . . . . . . . . . . . . . 164 Exercise 62: Kentucky’s D S Technical . . . . . . . . . . . . . . 166 Exercise 63: Louisiana Fishing . . . . . . . . . . . . . . . . . . . 167 Exercise 64: Maine Asylums, LLC . . . . . . . . . . . . . . . . . 168 Exercise 65: Maryland Programming . . . . . . . . . . . . . . . 169 Exercise 66: Massachusetts Spammers . . . . . . . . . . . . . . 170 Exercise 67: Michigan Growers . . . . . . . . . . . . . . . . . . . 170 Exercise 68: Minnesota River Authority . . . . . . . . . . . . . 172 Exercise 69: Mississippi Diabetes Group . . . . . . . . . . . . 173 Exercise 70: Missouri Knife and Scissor . . . . . . . . . . . . . 173 Exercise 71: Montana Expeditions . . . . . . . . . . . . . . . . . 174 Exercise 72: North Carolina Swimmers . . . . . . . . . . . . . 174 Exercise 73: North Dakota Plastics . . . . . . . . . . . . . . . . 176 Exercise 74: Nebraska Genealogy . . . . . . . . . . . . . . . . . 177 Exercise 75: Nevada Design . . . . . . . . . . . . . . . . . . . . . 178 Index
viii
179
About the Author Emmett Dulaney is the author of the Novell Certified Linux Professional (CLP) Study Guide and the Novell Linux Desktop 9 Administrators Handbook from Novell Press. A columnist and contributor to UnixReview, CertCities, and Novell Connection, he holds a number of vendor certifications and was a CNE in the days before operating system numbers followed the title. He is currently working on his doctorate, and coming to the conclusion that there is always just one more thing to do. He can be contacted at [email protected].
Dedication This book is dedicated to Evan. His spirit of experimentation and learning by doing will carry him far.
Acknowledgments I am grateful to Jenny Watson for giving me the opportunity to write this book. I always appreciate her confidence and encouragement and enjoy the chance to work with her every chance I get. Thanks are also due to David Coughanour, the technical editor, Andy Beaster, the project editor, and Scott Meyers, the development editor. I cannot thank them enough.
ix
We Want to Hear from You! As the reader of this book, you are our most important critic and commentator. We value your opinion and want to know what we’re doing right, what we could do better, what topics you’d like to see us cover, and any other words of wisdom you’re willing to pass our way. You can email or write me directly to let me know what you did or didn’t like about this book—as well as what we can do to make our books better. Please note that I cannot help you with technical problems related to the topic of this book and that due to the high volume of mail I receive I may not be able to reply to every message. When you write, please be sure to include this book’s title and author as well as your name and email address or phone number. I will carefully review your comments and share them with the author and editors who worked on the book. Email:
[email protected]
Mail:
Mark Taber Associate Publisher Novell Press/Pearson Education 800 East 96th Street Indianapolis, IN 46240 USA
Reader Services For more information about this book or others from Novell Press, visit our website at www.novellpress.com. Type the ISBN or the title of a book in the Search field to find the page you’re looking for.
x
Introduction The germ of a concept for this book came from a number of conversations at BrainShare. After several sessions where Novell was promoting Linux and topics related to it, I overheard any number of administrators asking the same question in different wording: “How can I tell if I truly know Linux well enough?” Sometimes the “well enough” implied to be able to pass the CLP (Certified Linux Professional) or CLE (Certified Linux Engineer) exams. Many times, though, the “well enough” simply meant to be able to feel comfortable with the operating system. When I suggested the idea of a lab manual with case studies, it was well received enough to warrant scribbling some thoughts on paper. Those thoughts blossomed and fermented and turned into the book you now hold in your hand. This book is designed to allow you to test your knowledge with Linux at three different levels. If you are new to Linux, and the versions currently available from Novell, this book is most likely not for you. This book contains 75 practicum-style lab exercises to allow you to test your knowledge and abilities with Novell Linux Desktop 9 (NLD) and SUSE LINUX Enterprise Server (SLES).
What Is Covered in This Book This book is divided into four chapters. Each of the first three chapters builds on the ones that have come before it. You are presented with a case and some tasks to perform without any direction on how to accomplish those tasks. The fourth chapter walks through all the preceding exercises and shows one solution to each. Chapter 1, “Novell Linux Desktop 9,” offers 15 exercises using the Novell Linux Desktop. No other operating system or software is required, and you need only have a mastery of this NOS in order to work through these.
Novell Linux Certification Practicum Lab Manual
Chapter 2, “SUSE LINUX Enterprise Server 9,” offers 30 exercises of intermediate difficulty using SUSE LINUX Enterprise Server (SLES). These cases are roughly equivalent to the practicums you would encounter during the CLP exam. Chapter 3, “Advanced SUSE LINUX Enterprise Server 9,” offers 30 exercises of greater difficulty using SLES. These cases are roughly equivalent to those you would encounter as practicums during the CLE exam. Chapter 4, “Solutions to Exercises,” walks through each of the exercises in the first three chapters and shows how to solve them. It is important to know that with Linux there are often multiple ways to arrive at the same solution, and each lab shows but one. Read through the solutions here if you do not know how to solve the exercises and even if you do, as it might provoke you to thinking through the answer to a predicament in a different way and that will always come in handy at some point in your future.
What This Book Is Not This book is not designed to be a programmer’s guide or administrators’ desktop companion—Novell Press offers a number of excellent books in those categories. This is not a reference work for network theory, protocols, or architectures. This book focuses purely on your testing your own ability to work through the cases presented to you without step-by-step guidance. And if you are weak in any particular area, refer to the solutions in Chapter 4, as well as consider the purchase of a reference book, an administrator’s desktop companion, a Novell Study Guide, or something similar to help you fill in the holes.
A Word About Practicum Exams There is a fair chance that the reason you purchased this book was to help prepare for the practicum exams on the CLP and CLE tests. Although it is easy to read that practicum exams are those in which you are required to do something as opposed to just pick the correct multiple-choice answer, it is sometimes difficult to grasp just exactly what such an exam is like. The practicum begins by presenting you with a “Business Requirements Document.” You are always to pretend that you are a consultant or administrator for a fictitious company (the BRD will explain which) and that you have a task before you.
2
Introduction
The underlying purpose of this BRD is to give you all the information you need to know in order to satisfy the requirements of the task and meet the expectations for the company. Notice the emphasis on “meet.” This is a very important concept that you must keep in mind: Your role during the exam is to do exactly what needs to be done to meet the BRD and nothing else. In the real world, if you were brought in to solve a problem with DNS and you happened to notice that printing was configured all wrong, you would never spend billable time fixing the printing problem without first asking approval to do so from the customer. That same attitude must be taken here—it is your job to configure the system as you are told to do so and not make arbitrary changes in other areas. In the actual exam, it will never be necessary to demonstrate every task from every one of the objectives that exist in this book in order to satisfy the requirements, but you never know which objectives will be needed to satisfy the BRD you are presented with until you take the actual test. As a very rough rule of thumb, it is not unlikely that you will have to perform up to 75% of the tasks covered here in order to successfully complete the practicum. You must study for all topic areas, though, in order to be fully prepared. A FAQ on “practical training” can be found at http://practicum.novell.com/ modules.php?op=modload&name=FAQ&file=index, and the home page on this technology can be found at http://practicum.novell.com/index.php.
What Do You Need? In order to work through the exercises in this book, you need a test environment in which you can experiment without inflicting harm on any production machines. For the NLD client, the requirements for a standard installation are ■
Pentium II+ 266MHz or any AMD64 or Intel EM64T processor
■
128MB RAM
■
800MB free hard drive space
■
800x600 or higher resolution
NOTE For some of the exercises, you will also need a printer and access to another NLD 9 workstation.
3
Novell Linux Certification Practicum Lab Manual
Though the preceding numbers are the minimum, the following requirements are more realistic for an environment you can be comfortable working within: ■
Pentium 3 1GHz processor
■
512MB RAM
■
20GB free hard drive space
■
1024x768 or higher resolution
■
100Mb/sec Ethernet card
For the SLES machine, you need a machine that will meet the standard requirements of SUSE LINUX Enterprise Server 9, a client workstation (the NLD one works best), and an Internet connection. The requirements given for a comfortable NLD environment will work well:
4
■
Pentium 3 1GHz processor
■
512MB RAM
■
20GB free hard drive space
■
1024x768 or higher resolution
■
100Mb/sec Ethernet card
CHAPTER 1
Novell Linux Desktop 9 The 15 exercises that follow allow you to test your knowledge with Novell Linux Desktop 9. No other operating system, or software, is required to be able to work through these labs. Step-bystep solutions appear in Chapter 4, “Solutions to Exercises.” NOTE In order to do exercise 7, you will also need access to a printer. Likewise, in order to do exercise 12, you will need access to another NLD 9 workstation.
Table 1.1 lists the tasks this section covers and which exercise each of those tasks can be found in. TABLE 1.1
Tasks Within This Section TASK
EXERCISE
Adding a User
Exercise 2
Adding a User During Installation
Exercise 1
Archiving Files
Exercise 10
Changing Global User Account Settings
Exercise 2
Changing Login Shell
Exercise 2
Changing Password Encryption
Exercises 1, 2
Changing User Account Settings
Exercise 2
Changing Your Password
Exercise 5
Checking the Start Logs
Exercise 15
Compressing Files
Exercise 10
Using File Roller
Exercise 10
C H A P T E R 1 : Novell Linux Desktop 9
TABLE 1.1
Tasks Within This Section (continued) TASK
EXERCISE
Configuring the Desktop
Exercise 2
Configuring a GNOME Shortcut
Exercise 3
Configuring the Local Printer
Exercise 8
Creating a Backup
Exercise 13
Creating a Rescue Floppy
Exercise 13
Creating a KDE Shortcut
Exercise 8
Creating Launcher
Exercise 4
Disabling Remote Administration
Exercise 15
Enabling Accessibility Options
Exercise 3
Installing a Software Package
Exercise 3
Installing Another Desktop
Exercise 3
Installing SMB Printer
Exercise 7
Installing Novell Linux Desktop 9
Exercise 1
Killing a Process
Exercise 11
Making KDE the Default Interface
Exercise 1
Remote Desktop Sharing
Exercise 12
Resizing Partitions
Exercise 14
Searching for Files
Exercise 6
Updating the Operating System
Exercise 9
Using Terminal Window
Exercise 5
6
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 1: Armstrong’s Auto Body You are a consultant in the small business division of your company. You have been dispatched to Armstrong’s Auto Body in Middletown, where a new workstation to be used in the front office has just arrived. They have requested that the operating system on this machine be replaced with the latest version of Novell Linux Desktop 9. One of the administrators at the site has used the KDE interface before and likes it, so that should be the default front end. The administrator password needs to be N7Press and encryption should be set to MD5. In addition to the root user, add another user with the following information:
Full Username:
Ken Armstrong
User Login:
kenarm
Password:
ntSc9
Receive System Mail:
Yes
Auto Login:
No
Additional Groups:
audio, cdrom, and dialout
Authentication files used should be /etc/passwd and /etc/shadow. You need to make sure that they have Internet connectivity and the kenarm user can log in without problem, and then your assignment is completed. NOTES
7
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 2: Barry’s House of Trophies You are a field consultant for D. S. Technical Solutions. While making a routine service call to Barry’s, you learn that the system administrator has had to leave for a few days. A new salesman has started, and an account for him needs to be added to the local NLD workstation. The settings should be as follows:
Full Username:
Doyle Lucas
User Login:
dlucas
Password:
A5ubin
Maximum number of days for the same password:
60
Days before password expiration to issue warning:
5
Expiration date:
12/31/2006
Login shell:
/bin/zsh
Default group:
users
Additional group memberships:
audio, dialout, uucp, and video
Desktop background:
triplegears
Screensaver:
Start after 10 minutes and require a password to stop
Additionally, Barry would like to make the following universal changes to all accounts on the workstation: ■
Change Password Encryption Method to Blowfish.
■
Set the Minimum Acceptable Password Length to 6 characters.
■
The delay after incorrect login attempts should be set to 2.
Make these changes for the client. NOTES
8
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 3: Collette Consulting You are a system administrator for Collette Consulting. The vice president of Information Technology calls you into his office. Currently his installation of Novell Linux Desktop is loading the KDE interface. Because of a recent contract the company was awarded, he wants GNOME to now be his default interface, while maintaining the ability to use KDE as needed. He also has a disability and needs to have the sticky keys feature enabled in order to be able to use the keyboard properly. Being in his position, his final request is that by pressing Alt+F12, it will automatically lock the screen. Make these changes for the client. NOTES
9
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 4: D. S. Technical You are a temporary system administrator working for D. S. Technical Solutions. They hire everyone on a short-term basis, mine ideas from them, and then let them go as they bring in new labor. You overheard two managers talking and one of them mentioning that there needs to be a way to see Desktop Preferences from a single icon on the desktop, without the need to wade through menus. This should open up a folder giving quick access to Appearance, Hardware, Personal, and System settings. The other manager joked that if someone could come up with a way to do that, they might keep him around for a while. D. S. Technical uses only Novell Linux Desktop 9, and all workstations use only GNOME. Create a launcher named Job Security on the desktop that will execute this command. NOTES
10
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 5: Evan’s Dilemma The phone rings in the middle of the night, and you hear the voice of Evan, a junior administrator for your company, on the phone. Apparently, there has been a break-in attempt on the server, and he is not sure what else has been affected. As a precautionary measure, the head of IT asked that he call all key personnel and inform them to change their passwords. Because it is not known what graphical utilities might have been affected/changed, you must change your password within a terminal using the passwd utility. NOTES
11
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 6: Frank’s Flowers During a routine visit with one of your customers, Mr. Pianki informs you that the system administrator has just left under less than favorable circumstances. As the administrator was escorted out of the office, he shouted that when tomorrow comes everyone will be sorry that they don’t have him around anymore. From the tone, Pianki believes the administrator might have created a shell script shortly before he left that will run and damage files on the system. You need to check the system for any files created within the past two days to figure out if there are any possible time bombs waiting to go off. NOTES
12
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 7: Gibson’s Marketing Consultants Gibson is evaluating Novell Linux Desktop and currently has it installed on only one workstation. You have been sent to the Gibson office to install a printer on that workstation. They are using the KDE desktop. The printer they want to configure is connected to a Windows machine and shared across the network. In order to access it, you must use the following settings: ■
User ID—JBUCK (with a password of mississippi)
■
Workgroup—gib_mkt
■
Server—market
■
Printer name—4250_hp
■
Manufacturer—HP
■
Model—LaserJet 4250
■
Starting banner—none
■
Ending banner—none
■
Quota—none
■
Allowed users—only cgibson
Configure access to this printer for the customer. NOTES
13
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 8: Heberling Venture Fund You are an administrator for Heberling Venture Fund, a small company that invests in chain restaurants and biotechnology. The company president pulls you aside one day and tells you that he is tired of sharing the network printer. Because of the sensitive nature of some of his correspondence, he ran out and purchased a printer of his own—a Canon BJC-8200—and he wants you to install it on his NLD machine under the name private so that he’ll quickly be able to differentiate it from the other printer. NOTE For this exercise, you may replace the Canon BJC-8200 with any spare printer that you have at your disposal.
He also wants an icon on his KDE desktop that will immediately open up to printer management features so that he can cancel print jobs if needed, should he accidentally send a job to the wrong printer or need to do other maintenance. Add the printer to the system on the parallel port, and configure the shortcut for the user. NOTES
14
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 9: Indiana Industrials You are an administrator of a site office for Indiana Industrials. The head of Information Technology sends a memo to all administrators mandating that all operating systems be current as of tomorrow. An audit will be conducted, and all service packs and updates are to be installed on every workstation in order to ensure that the majority of known security holes have been patched. At your site, you have only one workstation running Novell Linux Desktop. It is connected to the Internet, and you need to look for, and install, any patches or updates that are available for it. NOTES
15
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 10: Jerralds Union Institute You are onsite at Jerralds working on a problem with a printer when a salesperson calls in. He has created an important presentation that he must give to a client and then gone to the client’s site in London without it. The flustered salesperson cannot remember the exact name of the file or whether he has even combined everything he needed into one file yet. The only thing he knows for certain is that the needed file(s) are in his home directory and he needs everything there emailed to him as quickly as possible. You step in and volunteer to handle the situation. The best approach for being able to send the files in the dlucas home directory is to archive into a single file named LONDON. Because it will be sent as email, you also need to compress it. Prepare this archive for the salesman so that it can be sent to him. NOTES
16
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 11: Kent’s School A private school in the area has called you in for a consultation. They have been teaching students how to write shell scripts at a very elementary level. One of the students wrote a script named omniart, which has called a number of sleep processes. They do not want to shut the machine down, and will do so only as a last resort, as it is running some other applications that still need to execute. Those other applications, however, are being slowed tremendously by the sleep processes. They would like for you to terminate the sleep processes as quickly as possible. NOTES
17
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 12: Lessons Learned, Inc. Dr. Wiese of Lessons Learned, Inc. calls you into his office. He shares with you a frustration that he is having. One of his colleagues is constantly calling him on the phone and asking him to come into his office so that he can be shown how to do something simple in NLD that he used to do in Windows. NOTE This exercise requires access to another NLD 9 workstation that is connected to the same network.
No matter how many times Dr. Wiese walks through it, the colleague always says he understands, and then calls again the next day without remembering. Dr. Wiese is bothered by the amount of time it takes to quit what he is doing, walk down the hall, go up the stairs, show the simple solution, and then come back down again. When you mention the capability of NLD to do desktop sharing, he is elated and thinks this might solve the problem. As you are discussing the situation, the phone rings, and it is the same colleague with the same problem. Set up a connection between the two machines to solve this dilemma. NOTES
18
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 13: Mississippi Computing You are a consultant for Mississippi Computing, a small company serving medium-sized companies in the finance field. You are called out to a customer’s site to meet with Terry Truitt. He informs you that the systems he is responsible for are scheduled to be moved in the next few days as the company moves into larger offices. As insurance against damage that could be done during the move, he wants you to create an emergency disk as well as a full backup of the NLD workstation in his office. NOTES
19
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 14: NoMore Paper You are an administrator for NoMore Paper, Inc.—a company that specializes in paperless solutions for small offices. As part of your support package, you act as a reseller and provide hardware, including workstations, to your customers. One customer calls to state that errors are infrequently occurring indicating that he has run out of swap space and he has no idea what that means. You must make a service call to the customer and increase the size of the swap space. NOTES
20
C H A P T E R 1 : Novell Linux Desktop 9
Exercise 15: Octagon Systems A company that you consult for has recently received a used workstation from its corporate office. That workstation is running Novell Linux Desktop 9. Before it goes live on the network, the company wants you to make certain that remote administration capabilities are not turned on. They also want verification from you that everything is working properly on the system before agreeing to sign for it. Check these items for the customer. NOTES
21
This page intentionally left blank
CHAPTER 2
SUSE LINUX Enterprise Server 9 The 30 exercises that follow allow you to test your knowledge with SUSE LINUX Enterprise Server 9 at an intermediate level. Although the vast majority of these exercises can be done from the console, you’ll find it helpful—to put it lightly—to have at least one client connected to the server. The ideal client for most purposes is the Novell Linux Desktop. Step-by-step solutions to these exercises appear in Chapter 4, “Solutions to Exercises.” Table 2.1 lists the objectives from the courses used to prepare for the Novell CLP (Certified Linux Professional) that this section covers and which exercise each of those tasks can be found in. Please note that not every study objective for that exam is here, as some do not lend themselves well to exercises—such as “The History of Linux.” Where possible, every objective that could have an exercise associated with it is represented here at least once. NOTE The three Novell courses that are recommended for CLP study, and from which these objectives are derived, are numbers 3036 (Linux Fundamentals), 3037 (Linux Administration), and 3038 (Advanced Linux Administration).
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
TABLE 2.1
Objectives Within This Section OBJECTIVE
EXERCISE
Accessing and Using man Pages
Exercise 32
Accessing Release Notes and White Papers
Exercise 32
Accessing the Command Line
Exercise 16
Adding New Hardware to a SLES 9 System
Exercise 38
Applying Security Updates
Exercise 25
Archiving Files with tar
Exercise 35
Automating Data Backups with cron
Exercise 30
Backing Up and Restoring the File System
Exercise 35
Backing Up Files with tar
Exercise 35
Being Informed About Security Issues
Exercise 32
Changing Directories and Listing Directory Contents
Exercise 16
Common Command-Line Tasks
Exercise 26
Compressing and Uncompressing Files with gzip and bzip2
Exercise 16
Configuring a File System with Logical Volume Management (LVM)
Exercise 42
Configuring a Network Installation
Exercise 20
Configuring a Samba Server as a File Server
Exercise 20
Configuring an Apache Web Server
Exercise 20
Configuring and Installing the GRUB Boot Loader
Exercise 43
Configuring and Managing Network Printing Services
Exercise 38
Configuring and Managing Routes
Exercise 27
Configuring Hostname and Name Resolution
Exercise 27
Configuring Linux File System Partitions
Exercise 42
Configuring Security Settings with YaST
Exercise 25
Configuring SUSE LINUX Enterprise Server Time
Exercise 44
Copying and Moving Files and Directories
Exercise 16
Creating a Security Concept
Exercise 25
Creating Directories
Exercise 16
Creating, Viewing, and Appending Files
Exercise 21
Deleting Files and Directories
Exercise 21
Deploying OpenLDAP on a SLES 9 Server
Exercise 45
Developing a Backup Strategy
Exercise 35
Enabling a Web Server (Apache)
Exercise 20
24
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
TABLE 2.1
Objectives Within This Section (continued) OBJECTIVE
EXERCISE
Enabling Remote Administration with YaST
Exercise 36
Executing Commands at the Command Line
Exercise 16
Executing RPM Package-Related Operations
Exercise 19
Finding Files on Linux
Exercise 17
Finding Help on the Web
Exercise 32
Implementing and Monitoring Enterprise Security Policies
Exercise 44
Installing a Printer in the Linux System
Exercise 38
Introduction to Command Shells
Exercise 41
Introduction to Linux Text Editors
Exercise 41
Introduction to Network-Related Command-Line Commands
Exercise 27
Introduction to YaST2
Throughout
Limiting Physical Access to Server Systems
Exercise 43
Managing and Securing the Linux User Environment
Exercise 30
Managing File Permissions and Ownership
Exercise 23
Managing Linux Users and Groups
Exercise 20
Managing Processes
Exercise 18
Managing Resources on the Network
Exercise 36
Managing RPM Software Packages
Exercise 19
Managing Runlevels
Exercise 22
Managing Software Updates with YaST Online Update Server (YOU)
Exercise 29
Managing the Network Configuration from YaST2
Exercise 40
Managing User Accounts
Exercise 20
Managing User Accounts with YaST2
Exercise 20
Managing the GRUB Boot Loader
Exercise 43
Mirroring Directories with rsync
Exercise 39
Modifying System Settings
Exercise 45
Monitoring Processes
Exercise 18
Multiuser Processes and Multitasking in the Linux System
Exercise 18
Obtaining Hardware Configuration Information from YaST2
Exercise 17
Piping and Redirection
Exercise 26
Providing Secure Remote Access with OpenSSH
Exercise 36
Saving Routing Settings to a Configuration File
Exercise 27 25
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
TABLE 2.1
Objectives Within This Section (continued) OBJECTIVE
EXERCISE
Scheduling Jobs
Exercise 30
Securing Files and Directories with Permissions
Exercise 23
Setting Up and Configure Disk Quotas
Exercise 24
Setting Up Network Devices with the IP Tool
Exercise 28
Setting Up Routing with the IP Tool
Exercise 28
Testing the Network Connection with Command-Line Tools
Exercise 28
Testing the Network Interface
Exercise 28
Troubleshooting the Boot Process of a SLES 9 System
Exercise 33
Updating the SLES 9 Installation
Exercise 29
Using ACLS for Advanced Access Control
Exercise 22
Using Advanced Scripting Techniques
Exercise 37
Using Basic Script Elements
Exercise 31
Using Command-Line Editors to Edit
Exercise 37
Using Desktop Editors to Edit Files in the Linux System
Exercise 40
Using grep to Search File Content
Exercise 26
Using GUI-based Help in the Linux System
Exercise 32
Using info Pages
Exercise 32
Using System Logging Services
Exercise 34
Using Variable Substitution Operators
Exercise 37
Viewing Processes from the GUI and the Command-Line Interface
Exercise 18
26
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 16: ACME Electronics You are a consultant for a small company that specializes in crafting custom technology solutions for small businesses. The owner of ACME, a mom-andpop company, calls you on the phone and informs you that they have just hired a new receptionist named Kristin. Kristin has no experience with Linux, and only a small amount of experience with computers. In order to do a particular monthly task her job requires, she needs to know how to access the command line, change to the ACME directory, and zip all files in that directory with gzip using the syntax {month}.gz. After that is done, she is to move the archived file to the /ACME/MONTHLY directory and all other files in the directory to /ACME/OLD. You need to walk her through these tasks. NOTES
27
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 17: Barnes and Fine The manager of a small video store informs you that he cannot find a file on his server. He knows the file has the phrase tickets in the title, but is not sure what the full name is. You need to find the file on the system for him. NOTE You should attempt to find the file using both the graphical tools and from the command line.
While you are at the site, you have also been instructed by the home office to obtain information about hardware and note it to report back to them for possible upgrades. As a security precaution covered in the customer’s contract, you are also required to look for and note any newly added files with permissions above 2000. NOTES
28
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 18: Cash Today A small chain of stores is considering upgrading their servers to newer equipment. You have been dispatched to collect information about the processes running on the SLES servers. Because the company you work for believes strongly in redundancy, you are to take a screenshot of the processes from the GUI, and then go to the command line and create a text file of the currently running processes. Both files are then to be mailed to the main office. NOTES
29
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 19: Donna’s Collectibles You are the administrator for a small company. A new application has arrived that is to be installed on the SLES server. The application is in RPM format. Install this application on the server and document it in the administration log. NOTES
30
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 20: Edna and Lorraine Antiques You are the head Linux administrator for a medium-sized company. A new server has been ordered and has just arrived with only a base installation. This server will be used at a remote office manned primarily by the sales department. You need to configure this server to do the tasks for which it was purchased. The server will need to function according to the requirements given in Table 2.2. TABLE 2.2
Server Requirements SPECIFICATION
DETAILS
SLES 9 Server Name
EDNA-SLES
Static IP Address Configuration
Use an IP address of 192.168.0.78, a subnet mask of 255.255.255.0, and a default router address of 192.168.0.1.
Server Services
The server should have the following services: Apache Web Server Samba
You need to create a new group—ACCOUNTS—on the server and add five users to the system and to this group. The users you need to create are shown in Table 2.3. TABLE 2.3
Members of the ACCOUNTS Group USERNAME
ATTRIBUTES
VALUE
mmcneil
Full Name Shell Password
/bin/bash
ckight
jcharney
nborowski
Jhuh
Full Name Shell Password Full Name Shell Password
Michelle McNeil 38m457z Cathy Kightlinger /bin/ksh
Ander7son Jane Charney /bin/bash
REC1ent
Full Name Shell Password
/bin/csh
Neill Borowski
Full Name Shell Password
/bin/bash
3e1v7e Jane Huh Wee1ken9d
The server needs to be configured to run Apache. Samba should be installed and configured as a workgroup with the name EDNA-WKGRP. 31
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
NOTES
32
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 21: Fetters Hair and Such You have arrived at a customer’s site and have been handed a sheet of paper detailing what they expect from your visit. In scribbled handwriting that you recognize to be the owner of the company’s, you are to 1. Create a directory named /personal. 2. Create four subdirectories beneath /personal using the names ■
accounts
■
employees
■
suppliers
■
other
3. Delete all files in the /tmp directory. 4. View the boot log and look for any problems there. NOTES
33
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 22: Global Moving You are the administrator for the local office of Global Moving. An email from the head of Information Technology arrives requesting that the following changes be made on all SLES servers: 1. The default runlevel should be changed to 4. 2. The ACLs on all files beneath /tmp should be set to equal those of the
.fonts.cache-1 file in the /root folder.
NOTE If you are not logged in to the KDE desktop as root, you will not find .fonts.cache-1 file in the /root folder on the SLES 9 server. If you log in as another user (such as an admin user), you can find this file in the home folder for that user.
TIP Use the setfacl utility to set ACLs on one set of files to those on another.
TIP Upon rebooting (after changing the default runlevel to 4), the server doesn’t boot to the GUI login. NOTES
34
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 23: Hare Trucks You are a consultant for Wagner & Reise. You have been sent to Hare Trucks to make some changes to their server that have been implemented by their home office. You must set the system such that all newly created files have default permissions of –rw-r-----. You must also change the permissions on all files in the /tmp directory to have read-only permissions for all users. NOTES
35
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 24: Independent Fireworks Independent Fireworks has hired you as a temporary administrator to help with some problems they have been experiencing. To solve these problems, they want you to implement disk quotas for all users, limiting them to 50MB of server space. NOTES
36
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 25: J & C Bookkeeping You are an administrator for J & C. Several emails have been flying about discussing the need for all servers to be updated with the latest security updates. You have been instructed to apply all patches and updates through YaST and make certain that appropriate security settings are in place on the server. NOTES
37
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 26: Karen’s Computers As you arrive for work in the morning, you find a note asking you to make a separate report of every user who has recently logged in to the server, showing the dates and times for that user’s accessing the system. Scribbled on the bottom of the note is “use grep.” NOTES
38
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 27: Lifetime Solutions Lifetime Solutions is having network problems. Users are reporting that they are unable to access the server or the Internet. You suspect that the problem lies in the routing table, but are not convinced. Check the hostname of the server, and run the regular barrage of commandline networking commands to verify that the network is working or confirm that it is not. Check the routing table as well as the address resolution results. NOTES
39
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 28: Muncie Management You are a junior administrator recently hired by Muncie Management to support their networks. The company has recently moved from another platform to SLES and is a big proponent of lifetime learning. One of your job duties is to learn as much as you can about the operating system and network. For today’s study, use the IP tool to check the network connections and familiarize yourself with this utility. NOTES
40
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 29: New Start, Inc. A press release from Novell is in your inbox. It discusses upgrades that have been recently released for SLES as well as NLD and several other products. Written on the top of the press release is a note from your manager—“Run YOU”. NOTES
41
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 30: Oak Pictures You are the senior Linux administrator for a technical solutions company. One of your customers, Oak Pictures, has ordered a new SUSE Enterprise Linux Server 9 system to be configured at your location and then transported to them. Another administrator has already installed the operating system and added some applications that are standard for your company. You must now configure and tweak it. The server will regularly run a number of unattended jobs as root. The appropriate configuration file should be edited to include entries for those processes shown in Table 2.4. All entries should run and write any output (standard or error) to /dev/null. TABLE 2.4
Processes to Run Automatically PROCESS
FREQUENCY
/usr/local/bin/oriontest.sh
Every 5 minutes starting on the hour
/usr/local/bin/suf.sh
Every 15 minutes, starting on the hour
/usr/local/bin/use.sh
Every 10 minutes, starting at five minutes past the hour
/usr/local/bin/orionrestart.sh
6:30 in the morning on Sunday, Tuesday, Thursday, and Saturday
You also need to configure the system according to the settings listed in Table 2.5. TABLE 2.5
System Configuration Settings and Changes ENTITY
NEW VALUE
Newly Created Files
All newly created files should have default permissions on them set to rw-rw-r--.
/home/jackson
The owner on all files beneath this directory should be changed from jackson to syed. Additionally, the group associated with all files beneath this directory should be changed from users to root.
/bin/zcat
Create a link to this file in the home directory of the root user. The name of the link should be viewer.
Users
Add two new users to the system: wintel and omni. The UID of wintel should be 1010 and of omni 1011. The passwords settings for each account should be such that they must be changed in 90 days. Additionally, all passwords should be in the /etc/shadow file as opposed to /etc/passwd.
42
C H A P T E R 2 : SUSE LINUX Enterprise Server 9 TABLE 2.5
System Configuration Settings and Changes (continued) ENTITY
NEW VALUE
Initial Runlevel
Set the intial runlevel of the system to the custom setting of 4.
Static IP Address Configuration
Use an IP address of 192.168.10.7, a subnet mask of 255.255.255.0, and a default router address of 192.168.10.101.
Documentation
Add an entry to the end of /var/log/messages that the system has been configured on this date.
NOTES
43
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 31: P.A.R. Inc. You have been hired by P.A.R. to help create proprietary shell scripts for applications that they market. Your first assignment is to create the beginning routine for a shell script name INCRMT, and set permissions that enable it to execute from the command line. Create the file within your home directory. The script is to count backward from any number provided at the command line to 1, and print that number. For example, if a user gives the command INCRMT 6
the display should be: 6 5 4 3 2 1
NOTES
44
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 32: Quality Seals You have been hired by Quality Seals to help with their conversion from another platform to Linux. They want you to create documentation that will help their users get up to speed quickly. You are to write the first documentation for users working in security. Write a few paragraphs detailing how they can stay informed about security issues and where they can find information on any Linux commands. NOTES
45
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 33: Rich and Big Home Improvements R&B calls in the middle of the night waking you from your sleep. Their SLES server lost power when a cleaning lady pulled the plug so that she would have somewhere to plug the vacuum cleaner into. The server has been plugged back in, yet it is not booting properly. After quickly dressing and driving to their location, you need to troubleshoot the boot process on the server. NOTES
46
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 34: Spencer Treats You are a consultant working for a VAR. Spencer Treats, one of your customers, has fired all of their support staff and replaced them with temporary workers. The manager of the department tells you that he’s not sure the SLES server is working the way that it used to, but doesn’t have anyone left to ask to verify it. He would like you to check the system logs and look for any oddities that might appear within. After checking the logs, you can either put him at ease and assure him that all is working as it should, or identify the problems. NOTES
47
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 35: Thrifty Constructors Thrifty Constructors has lost their lease and are forced to quickly move to another location. Before shutting down the SLES server, however, they want you to do a tar backup of the system. Because this has not been done for a while and because there is a possibility that harm could occur during the move, you should verify that the backup is a good copy and can be restored without error. When you are convinced that the backup is good, shut the server down properly. NOTES
48
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 36: U.S. Roadways You are a consultant for D. S. Technical. One of your accounts, U.S. Roadways, is in the habit of calling at all hours and needing little things done on their server. Tired of having to give up your free time to drive to their site and satisfy the customer, you have decided to enable remote administration of the SLES server. Additionally, you need to install and configure OpenSSH. NOTES
49
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 37: Victory Electric Victory Electric has contracted you to create a shell script. The script is to be a front end to other routines they have written, and it is to run at the command line. When executed, it should offer a menu of four options to customers: ■
A—to run a script called flexon.sh
■
B—to run a script called hour.sh
■
C—to run a script called comp.sh
■
D—to run a script called Indian.sh
The user should be able to enter a choice in upper- or lowercase and have the menu choice run. A quit option should also be available for the user to exit the menu. If any other key is pressed, the routine should indicate that an improper choice has been made and should allow the user to try again. NOTES
50
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 38: Waffles and More A new USB color printer has arrived at Waffles and More. Though it is not the greatest printer, the manager will not waste anything and insists that it be installed on the server and shared for all users. Add the printer to the server and configure sharing to all users. NOTES
51
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 39: Xtreme Books There is a new publisher at Xtreme Books, where you work as a combination acquisitions editor/system administrator. At his previous place of employment, the publisher had a bad experience with all the files on a server being accidentally deleted. Although you assure him that there is redundancy on the system and that backups are routinely done, he demands that the /home directory be mirrored to another directory (/recovery) on the same server so that two copies of everything are always available. To appease him, create the /recovery directory and configure the server to mirror the /home directory to this newly created directory. NOTES
52
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 40: Young and Forest Young and Forest is a small company with a revolving door for system administrators. As a consultant to the company, you are often brought in to fill in during times when they are in the hiring process. This time, they hired an administrator with no previous experience, but who comes highly recommended by his father, the company vice president. You have been assigned the task of showing the new employee how to verify the status of the network. Because he has no experience at the command line, show how the network status and configuration can be done through YaST and also how desktop editors can be used to examine configuration files. NOTES
53
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 41: Zebb Jewels Zebb Jewels is an old-school Unix company that has just recently converted to Linux. The administrators of the company have no confidence in the desktop interfaces and prefer to do everything from the command line. They have a number of shell scripts that they are converting from their old systems to the new SLES server. Those scripts have the name of the server hardcoded into them. The old server was ZEBB7, but the new one is JEWEL, and this is preventing the scripts from running. Show the administrators how to use the command-line text editors to make the changes they need to make. NOTE A number of command-line tools can be used to make these changes, and you should be able to illustrate at least three. NOTES
54
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 42: Yorktown Bakers A new hard drive has arrived at the company where you are an administrator. You need to add this drive to the server and partition it. Configure LVM and create at least three partitions on the new drive. NOTES
55
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 43: X. L. Technology You are one of several administrators at X. L. Technology. One of the SLES servers is coming in from the field and being replaced with another. You are to take the old server and put a number of other operating systems on it, in addition to SLES, and give it new life in the lab. In order to do this, you need to install and configure GRUB to allow for other options to display in the boot menu. You also need to limit physical access to this server, because it might still have some sensitive client data on it, to only those in the lab environment or administrators. NOTES
56
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 44: Wait and Waste, LLC You are a consultant for Wait and Waste, a small company that specializes in meeting the needs of medical waiting rooms and offices. One doctor’s office is complaining that their server is not keeping time, and it is throwing off their bookkeeping. You need to configure the SLES server as a SUSE LINUX Enterprise Time server. While you are there, they also want you to double-check their security policies and look for any gaps that might exist. NOTES
57
C H A P T E R 2 : SUSE LINUX Enterprise Server 9
Exercise 45: Village Pump & Supply Village Pump & Supply is undergoing a rapid expansion. They want the current server to have OpenLDAP deployed on it and system settings modified to reflect the use of this technology. Install and configure OpenLDAP on the SLES 9 server and modify the two configuration files ■
slapd.conf
■
ldap.conf
as needed. NOTES
58
CHAPTER 3
Advanced SUSE LINUX Enterprise Server 9 The 30 exercises that follow allow you to test your knowledge with SUSE LINUX Enterprise Server 9 at an advanced level. As with those that preceded, the vast majority of these exercises can be done from the console, but you might find it helpful to have at least one client connected to the server. Once again, the ideal client for most purposes is the Novell Linux Desktop. Step-by-step solutions to these exercises appear in Chapter 4, “Solutions to Exercises.” Table 3.1 lists the objectives and prerequisites from the courses used to prepare for the Novell CLE (Certified Linux Engineer) 9 that this section covers and which exercise each of those tasks can be found in. Where possible, every objective that could have an exercise associated with it is represented here at least once. NOTE The two Novell courses that are recommended for CLE 9 study, and from which these objectives are derived, are numbers 3057 (SUSE LINUX Network Services), and 3058 (SUSE LINUX Security).
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
TABLE 3.1
Objectives Within This Section OBJECTIVE
EXERCISE
Configuring a DHCP Server
Exercises 48, 68
Configuring a DNS Server
Exercises 49, 67
Configuring Email Services
Exercise 50
Detecting Intruders
Exercise 51
Implementing a Packet Filter
Exercise 52
Implementing a Proxy Server with SQUID
Exercise 53
Implementing a VPN
Exercise 54
Implementing a Web Application Server with Tomcat
Exercise 55
Implementing an Application-Level Gateway
Exercise 56
Implementing General Security Practices
Exercises 57, 73
Implementing Host Security
Exercises 58, 71
Implementing Network Printing Using CUPS
Exercise 59
Implementing Network Security
Exercise 60
Implementing OpenSLP
Exercise 61
Implementing Samba to Provide File and Print Services
Exercise 62
Install SLES 9
Exercises 46, 72
Managing the SLES 9 System Configuration
Exercises 47, 69, 70, 74, 75
Monitoring Traffic on Your Network
Exercise 63
Relating General Firewall Concepts
Exercise 64
Responding to Security Breaches
Exercise 65
Securing Services with Cryptography
Exercise 66
Using YaST
Throughout
60
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 46: Alabama Cement You are an administrator for a company that owns a number of independent concerns. One of those entities, Alabama Cement, has purchased an SLES 9 server, and you have been assigned to go to the site and install the operating system. Someone will be following after you to install the proprietary software the site needs in order to do its specialized tasks. Your assignment is merely to perform a normal installation of the operating system. NOTES
61
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 47: Alaska Tours and Such You have been summoned to one of the satellite offices of the tour company Alaska Tours and Such. They suspect configuration problems with the network card on their server. You are to change the settings on the network card so that it no longer uses DHCP and now has a static IP address of 192.168.0.14 and subnet mask of 255.255.255.0. You also need to configure a default gateway of 192.168.0.1. After configuring the system, you need to test connectivity to the gateway and beyond. NOTES
62
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 48: Arizona Aluminum Manufacturing You have been called to the server room at AAM and been given an assignment. The head of the lab wants you to turn on the DHCP service for the SLES server. You are to also enable LDAP support and use the following settings: ■
Domain name: LabRoom
■
Default Lease Time: 1 day, with a maximum allowed of 2 days
■
IP address of this host: 192.168.0.14
■
IP address of default gateway: 192.168.0.1
■
IP address range: 192.168.0.15–192.168.0.99
When you complete the installation of the service, be sure to start it before you leave. NOTE You should start the service from the command line. NOTES
63
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 49: Arkansas University Your pager goes off in the middle of the church service, and you hastily make a retreat to the narthex. There is a problem with DNS at the local university in the D S Technical lab. They want you to immediately configure an SLES 9 server to the following specifications: ■
Zone name: dstechnical.com
■
Name server: lab1.dstechnical.com
■
TTL: 3 days
■
Reverse lookup: Yes
Configure the server as required. NOTES
64
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 50: California Dreaming You have been summoned to the local office of the California Dreaming ice cream company. They are converting from a hosted environment to running their own servers. Your assignment for the day is to configure the Postfix service as an MTA for the california.com domain. NOTES
65
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 51: Colorado Insurers As you arrive for work in the morning, you are met by a very anxious network administrator. He informs you that he suspects someone “hacked” into the server over the weekend. He has nothing to base this on other than hearsay from a couple of co-workers around the water cooler. Check the appropriate logs and identify anything that might indicate an intrusion. NOTES
66
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 52: Connecticut Water You have been summoned to CW to configure a packet-filtering firewall. The manager tells you that iptables must be used because he read in a magazine that that is the best approach. While you are at it, he would also like NAT routing enabled on the server. NOTE As a part of this exercise, you should configure and test NAT as well as verify the packet-filtering configuration. An NLD workstation can be used to test this. When you take the actual Novell practicum, testing the configuration is helpful in proving that you know what should be done and have done it properly. NOTES
67
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 53: Delaware Trucking The administrator for Delaware Trucking has just left the company. Until a replacement can be found, your company has been retained to help with administrative tasks. Today, you have been asked to configure and test the Squid HTTP proxy server on their SLES 9 system. NOTES
68
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 54: Florida Reviewers Florida Reviewers has recently expanded from a single office to two offices. You have been hired to create a VPN connection between their two hosts (servers) using YaST and test it. NOTES
69
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 55: Georgia Widgets The independent widget growers association has hired you to install and configure Tomcat on their SLES 9 server. After you have installed and configured it, you should test the setup as well. NOTES
70
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 56: Hawaii PineTrees, Inc. You are a consultant for a small company doing security implementations and audits. Drawing the short stick from the daily assignment jar, you have been dispatched to HPI in order to implement an application-level gateway on the SLES 9 server. Make a list of the questions and concerns that should be asked when you reach the site, and then implement this per the customer’s request. NOTES
71
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 57: Idaho Rock Quarries You have been sent to IRQ to act as a consultant. After reading a number of horror stories in the paper, they are interested in making certain that they have security well in hand. They are running only a single SLES 9 server with a number of NLD workstations. You need to make a list of items they should consider in order to implement best practice host security at their site. NOTES
72
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 58: Illinois Lotto You are the administrator for Illinois Lotto—a small company that recommends lottery numbers to clients. Your supervisor has asked that you install the nmap, nmap-gtk, and snort packages on the SLES 9 server. NOTES
73
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 59: Indiana Reptiles It has been a long week, and you cannot wait for it to end. It seems as if you have spent more time driving to customers’ sites all week than you have actually spent in their presence. You have now arrived at Indiana Reptiles. They have hired you to configure the cupsd daemon on their server to enable broadcasting and add a CUPS administrative user with the name “cupsadmin.” NOTES
74
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 60: Iowa Retirement Homes A number of old hackers have begun to retire and move to Iowa. As a proactive measure, the head of the retirement community there has asked that you make a list of items they should consider in order to implement best practice network security at their site. NOTES
75
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 61: Kansas Vets, Ltd. As part of a routine maintenance/administration package that your company offers, you have been assigned by Kansas Vets, Limited to double-check the OpenSLP configuration on their single SLES 9 server and verify that it is working properly. Make certain that it is locating the services that it should. NOTES
76
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 62: Kentucky’s D S Technical You are a consultant for a small IT firm. You have been hired to configure the Samba service as a PDC for the DSTECHNICAL domain. NOTE Use your NLD workstation to test that the workgroup/domain configuration works correctly and that you can log in to it.
Satisfy the customer and configure the Samba service as a PDC for the DSTECHNICAL domain. NOTES
77
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 63: Louisiana Fishing One of your clients, Louisiana Fishing, is worried that their network is receiving too much traffic, and responses for data are taking longer than they should. Although this is desirable in most businesses, Louisiana Fishing fears that they might not have the resources to keep up with an increase in their load. Monitor the traffic on the SLES 9 server and look for any indication that traffic might be too heavy; then make an appropriate recommendation based on your findings. NOTES
78
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 64: Maine Asylums, LLC During a monthly meeting of the local Linux users’ group, an interesting situation presents itself. The administrators at Maine Asylums, LLC are interested in pursuing security options. At this point, they do not want to implement anything, but they want to know what their choices are. Make a list of general firewall concepts and include pros and cons as to why, and how, they should implement such on their network. NOTES
79
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 65: Maryland Programming You own a small network consulting company on the East Coast. You have three employees—each with his own specialty—and can, thus, offer services for a number of different operating systems and platforms. The administrator for Maryland Programming, a cable news network, calls in a panic. He is certain that there has been a confirmed security breach on their SLES server. You must arrive on site and take appropriate measures to respond to this security breach. NOTES
80
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 66: Massachusetts Spammers Due to the backlash and general hard feeling associated with spam, Massachusetts Spammers would like to implement cryptography to secure their services. They do not, however, want to pay you to perform this action. Rather, they want you to document the steps involved, and the cryptographic options available to them with SLES 9 and fax those to them. Prepare the documentation for the customer. NOTES
81
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 67: Michigan Growers You are a consultant specializing in the networking and telecommunications fields. Many of your clients turn to you only after they have exhausted all internal resources and are stumped on how to proceed. You have been hired by MG to configure DNS to restrict all queries to hosts on your network segment. Hosts on your network segment should not be able to query DNS. NOTES
82
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 68: Minnesota River Authority The Minnesota River Authority is responsible for educating the public about such issues as boat safety and fishing statutes. They are attempting to convert all of their practices to a standardized form after decades of being independently handled by individual branch offices and Department of Natural Resources officers. For MRA, configure the DHCP daemon on your SLES 9 server from exercise 48 to send dynamic updates to the DNS server (exercises 49 and 67). NOTES
83
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 69: Mississippi Diabetes Group The Mississippi Diabetes Group has hired you on a project basis to write a simple shell script for them. The script should ask for the name of a file. When the user enters the name of the file, the script should verify that the file exists within the current directory and that it is readable. If the file does not exist, it should be created with a zero size so that another program can then run without error. Create this script, named MDG.sh, for the customer. NOTES
84
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 70: Missouri Knife and Scissor You have recently finished a class on advanced Linux administration, and your boss is announcing to all customers that no request is now too big or too small. As you’re explaining to him that this route of advertising might not lead to the most efficient use of your time, he hands you an assignment. The Missouri Knife and Scissor company has a number of shell routines that it needs to run on a regular basis: ■
ABC: needs to run every Monday at 6:05
■
BCD: needs to run on the second day of each month at 15:10
■
CDE: needs to run on March 14th and September 15th at 18:30
■
DEF: needs to run every 10 minutes between 6:00 and 18:00 every day
■
EFG: needs to run at 5 minutes past the hour on every hour between 12:00 and 16:00 on weekdays only
Write down the cron file entries that MK&S needs to run these scripts at their appropriate times. NOTES
85
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 71: Montana Expeditions You are the regional IT administrator for a company that owns and operates a number of smaller companies. All of the smaller companies act as selfcontained entities and have their own IT departments. You serve as a point of reference that any IT department can turn to should they encounter a task they are uncertain how to perform. Montana Expeditions has called you to its site. A new IT director has mandated a number of items he wants done to the SLES 9 server so that it matches his old environment. They would like the server to be changed such that the default permissions on all newly created files are –rw-rw-r--/. They want the permissions on all files currently in the /tmp directory to be changed to 751. Last, they want the passwords from the /etc/shadow file put back in the /etc/passwd file. NOTES
86
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 72: North Carolina Swimmers You are a field specialist assigned to manage a number of strategic accounts within a given geographic area. You have been instructed to treat all accounts with a great deal of finesse and make each of them feel as if they are the only account that your company services. NCS has summoned you to its headquarters. They have been using the KDE interface on their SLES server since it was installed. A new administrator has been hired to replace the old one, however, and he is only familiar with GNOME. You are to install the GNOME desktop on the server and make it available for the administrator when he logs in to the server. NOTES
87
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 73: North Dakota Plastics After finishing several years of undergraduate and graduate studies in information technology, you have recently been hired by North Dakota Plastics. You are astounded at how simplistic their operations are and troubled by some of what you have found. North Dakota Plastics currently has only one SLES 9 server. They leave the console running in a room that has a great deal of traffic. Because of this, they would like you to configure the desktop to go to a screensaver after three minutes of no activity, and require a password to be unlocked. NOTES
88
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 74: Nebraska Genealogy You are an administrator for Nebraska Genealogy, a company that specializes in tracking family histories. Your company has recently migrated from the Unix platform and is heavily dependent upon the use of proprietary shell scripts to perform routine operations. You have been assigned the task of creating a simple menu interface that will offer four choices—ABC, BCD, CDE, and DEF. The user should be able to pick a number between 1 and 4 to run one of those, or 5 to quit. Write the script to create this menu. NOTES
89
C H A P T E R 3 : Advanced SUSE LINUX Enterprise Server 9
Exercise 75: Nevada Design You are a programmer/administrator who has been assigned to Nevada Design on a short term, temporary basis. Nevada Design has a number of small jobs that they want you to do, as well as one simple request. They would like a short shell script that will tell them how many users are listed in the /etc/passwd file on their server. They intend to run this on a regular basis to see if accounts get added and draw attention to them when they do. Write as short a script as possible to accomplish this task for the customer. NOTES
90
CHAPTER 4
Solutions to Exercises The following solutions walk through each exercise in a step-bystep manner. It is important to know that there is often more than one way to arrive at the same result, and the solution presented here might be but one of many.
Exercise 1: Armstrong’s Auto Body Novell Linux Desktop is presently available in both the DVD and CD formats, and there is no difference between the formats with the exception of not needing to switch media with DVD. This discussion walks through the use of the CD media. To begin the installation, insert the first CD into the drive and boot the workstation. A Welcome screen will quickly appear followed by a screen offering a boot options menu. If the boot options menu does not appear, reconfigure the BIOS on the workstation to make the drive bootable. The welcome menu offers the following choices: ■
■
Boot from Hard disk—This
choice is the default, and the one to use if you accidentally arrive at this menu and truly do not want to make any changes. Installation—The
choice to use to begin the installation
routine. ■
Installation – ACPI Disabled—This option sets acpi=off and is used only if you are having trouble with
power savings interfering with the installation routine. ■
Installation – Safe Settings—Among other things, this sets acm=off, acpi=off, and barrier=off and is used when you are having a great deal of trouble getting an installation
C H A P T E R 4 : Solutions to Exercises
to take. These settings disable certain advanced features such as power management and advanced hard drive settings during the installation process. Use this choice as a last ditch effort for a successful installation, and use it only after you have exhausted the previous two options. ■
Manual Installation—This
lets you walk through only the aspects of the installation you want to tweak.
■
Rescue System—This
■
Memory Test—This
recovers a system with corrupted boot files.
does not do any installation, but simply checks the
memory. To begin a standard install, choose Installation. The License Agreement appears next. Scroll through the choices, and you can either click on the command button labeled I Agree or the command button labeled I Do Not Agree. If you choose the latter, the installation will not continue. After agreeing to the License Agreement, YaST2 identifies itself as “The Installation and System Administration Program,” and you must select your language. Your hardware is then analyzed, and you are given radio buttons allowing you to choose either GNOME or KDE for the default desktop. Neither is preselected, so choose KDE. A summary of the installation settings you have chosen appears next. As soon as you click Accept, a warning appears telling you that YaST2 has all the information needed and can now start the installation. Once you click to start the actual installation, the hard disk starts being prepared. Following that, you can watch the status of the installation for each of the CDs through progress bars. At the end of this phase, basic installation finishes with the following automatic steps: NOTE Before selecting Accept, you should change the partition proposal to leave unpartitioned space. Without this, you will run into difficultly adding space to the swap partition in exercise 14. The basic steps for this are 1. From the Installation Settings page, select Partitioning. 2. On the next page, select Create custom partition setup. 3. Select Custom partitioning—for experts. 4. Highlight the entry in the partition table for the Linux native partition; then select Delete > Yes. 5. Highlight the entry in the partition table for the storage device (/dev/hda or /dev/sda); then select Create. 6. Select Primary Partition; then select OK. 92
Exercise 1: Armstrong’s Auto Body
7. Change the value in the End field to +8GB (any value that leaves at least 2GB of free disk space); then select OK. 8. Select Next, and you are returned to the Installation Settings page. 9. Select Accept. 1. Update configuration. 2. Copy files to installed system. 3. Install boot manager. 4. Prepare system for initial boot.
The system reboots and continues on with the installation (often asking that you insert the next install CD at this point). Packages are now installed including RealPlayer, Acrobat Reader, Red Carpet, and OpenOffice.org, among others. You are prompted to enter, and verify, a password for the root user. Enter the password N7Press. A command button entitled Expert Options also appears on this screen. Choose it and select MD5 encryption. A scan is done for network interfaces, DSL connections, ISDN adapters, Modems, Proxy, and VNC Remote administration. Accept the results found on the summary screen, and choose to test the Internet connection. This is necessary to download the latest release notes and updates, and make sure that the system is up-to-date. When the three choices are offered for an authentication mode, select Local (/etc/passwd)—this option stores entries in the /etc/passwd and /etc/shadow files. After clicking Next, you can add the new user account for Ken Armstrong using the information presented in the exercise. Choose the Details option to be able to select the additional groups the user is to belong to. After choosing Next, SuSEconfig now starts and writes the system configuration files as they stand at this point; after which, Release Notes are displayed. You can scroll through and read the Notes if you prefer, or access them at any later point in time at /usr/share/docs/release-notes/RELEASE-NOTES.en.rtf. Hardware configuration occurs next, as such items as graphic cards, printers, and sound cards are searched for and identified. Once again, you can make any changes on the summary screen that you want to or accept what is there and click Next. At this point, the installation is complete, and all that is left to do is click Finish. Once you do so, the system reboots and comes to the Novell Linux Desktop login screen, prompting you for a username and password that you must now supply. After you do so, the KDE desktop is loaded, and you are in business.
93
C H A P T E R 4 : Solutions to Exercises
TIP If you log in as kenarm, you will be set up properly to get into YaST in exercise 2.
Exercise 2: Barry’s House of Trophies One of the simplest ways to add a local user is through the use of YaST (Yet another Setup Tool). From the All Applications menu, choose System, YaST, provide the root password, and select Security and Users in the left pane. In the right pane, choose Edit and create users. The User and Group Administration module appears. Click the Add button and enter the information for the user, as shown in Figure 4.1. FIGURE 4.1
Create an account for the new local user.
NOTE Depending on the service pack level applied to NLD, the screen shown in Figure 4.1 might differ slightly. The SUSE logo is occasionally replaced by a Novell logo in different service packs.
94
Exercise 2: Barry’s House of Trophies
Click the Password Settings button and enter the information related to the account as shown in Figure 4.2. FIGURE 4.2
Set the password settings for the user account.
After clicking Next, Choose Details and change the login shell to the one specified in the exercise. Verify that the default group is users and the correct additional group memberships have been selected. Click Next and then Create. Click Finish to exit the module and return to YaST. To complete the second part of the exercise, choose Security Settings and make sure that the Local Security Configuration is set to Custom Settings (the default). Click Next and, at the Passwords Settings dialog, change Password Encryption Method to Blowfish, and the Minimum Acceptable Password Length to 6 characters, as shown in Figure 4.3. Click Next and leave the Boot Settings intact. Click Next again and, on the Login Settings, change the Delay after Incorrect Login Attempt setting to 2. (The default is 3.) Click Next and leave the existing ID Limitations at their current settings. Click Finish and exit YaST.
95
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.3
Change the password settings.
Click the Applications menu and choose Logout; select End session only and OK. Log in using the newly created user account. Right-click on the desktop and choose Configure Desktop from the pop-up menu. In the left pane, choose Background and set the Picture to triplegears. Click Screen Saver in the left pane and make the changes requested, as shown in Figure 4.4. NOTE Instead of choosing Logout from the Applications menu, you could also use the Switch User option. If you go this route, be careful as the Switch User option can be problematic and you can wind up with several active user “screens” at a time.
Click OK to exit.
96
Exercise 3: Collette Consulting
FIGURE 4.4
Change the Screen Saver Settings.
Exercise 3: Collette Consulting Start YaST, and supply the root password if prompted. Beneath the Software menu, choose Install and Remove Software. In the Search box, type desktop and click on Search. In the right frame, beneath packages, choose as many GNOME packages as you think the vice president might need (documentation, audio files, games, and so on), but be certain to choose the following: ■
gnome2-SuSE
■
gnome-panel
■
gnome-applets
■
gnome-session
■
gnome-common
■
gnome-terminal
■
gnome-desktop
■
gnome-utils
Click Check Dependencies, and all should report OK. Click Accept, and a number of Automatic Changes will appear; click Continue and insert media as prompted. Before closing YaST, create a user to be the vice president of Collette Consulting; then click the Applications menu and choose Logout.
97
C H A P T E R 4 : Solutions to Exercises
Enter the username and password for the vice president, and click Session; choose GNOME Desktop. When the desktop appears, choose System from the menu, and then Personal Settings and Accessibility. Click the box to Enable keyboard accessibility features, as shown in Figure 4.5, and check the box to Enable Sticky Keys. Click Close. TIP You should also disable the option if two keys are pressed together. If you don’t do this, you can’t test the Alt+F12 shortcut.
FIGURE 4.5
Configure the accessibility options.
Still in the Personal Settings menu, choose Shortcuts and locate the action Lock Screen. Click on it and enter the keyboard combination Alt+F12, as shown in Figure 4.6; then click Close. Exit the Settings dialog and verify that your settings work.
98
Exercise 4: D S Technical
FIGURE 4.6
Configure the keyboard combination to lock the screen.
Exercise 4: D. S. Technical Right-click on the desktop and choose Create Launcher from the pop-up menu. Enter the settings shown in Figure 4.7—be certain to set the type to Link. Click on No Icon and choose an icon. (apple-red.png works well for this purpose.) FIGURE 4.7
Create a desktop launcher.
99
C H A P T E R 4 : Solutions to Exercises
Click OK. The icon should now appear on the desktop and double-clicking on it should bring up the folder shown in Figure 4.8. FIGURE 4.8
The launcher and its results.
NOTE A launcher works much like a traditional shortcut in other operating systems. The word launcher, though, is used to keep it from being confused with other shortcuts, like the one created in exercise 3.
Exercise 5: Evan’s Dilemma Using GNOME, from the menu choose Programs, Accessories, and Terminal. At the prompt, type passwd
You must give the old password. After so doing, enter a new password. If you give a password that does not meet the currently configured requirements
100
Exercise 6: Frank’s Flowers
(length, use of characters, and so on), the new password will not be accepted. If the password meets the currently configured requirements, you are prompted to reenter it. Provided that you give the same value for the new password the second time as you did the first, a message will appear, “Password changed,” and you can now close the terminal window.
Exercise 6: Frank’s Flowers With the GNOME desktop, click System, and choose Search for Files… Click the Show more options button, and for Available options choose Date modified less than (days) with a setting of 2, include other file systems, and starting in the / folder, as shown in Figure 4.9. FIGURE 4.9
Look for files created within the past two days.
Make a note of the filenames that appear, and then begin ruling them out as possible shell scripts created by the ex-administrator. NOTE Within the KDE interface, the same functionality is found by choosing Find Files from the programs menu (or System, File System, Search for Files). You can then click on the Properties tab and set the needed options.
101
C H A P T E R 4 : Solutions to Exercises
Exercise 7: Gibson’s Marketing Consultants There are a number of different ways to add this printer; because the exercise states that the company is using KDE, tools included with it will be used to illustrate this solution. Before starting, create the jbuck and cgibson users, using any first name of your choice and following the guidelines used in exercise 4. The user jbuck’s password should be mississippi. Log in as root and, from the menu, choose Utilities, Printing, Printers. From the Configure—Printing Manager interface, choose Add, Add Printer/Class. This starts the Add Printer Wizard in KDE. Click Next at the opening screen, and then choose SMB shared printer (Windows) from the Backend Selection dialog, as shown in Figure 4.10. At the User Identification dialog box, choose Normal account and set the values given for the user. FIGURE 4.10
Configure access to the printer.
At the Printer Model Selection dialog, choose the Manufacturer (HP) and Model. On the Printer Test dialog, select to do a printer test and verify that configuration is working. Leave the default banner page settings (no banner) and the quota settings (no quota) as they are. On the User Access Settings dialog, set the Type to Allowed User and add only cgibson, as shown in Figure 4.11.
102
Exercise 8: Heberling Venture Fund
FIGURE 4.11
Only the cgibson user can use the printer.
Enter any general information you desire about the printer for the name and location fields; then view the summary information and click Finish on the Confirmation screen.
Exercise 8: Heberling Venture Fund Log in as root and connect the printer to the workstation. Start YaST, choose Hardware, and Printer. When you make this choice, a scan of the connections is done. Because the printer is connected to the parallel port, it should be recognized, along with the make and model, as shown in Figure 4.12. TIP You do not have to log in to the desktop as root to start YaST and install a printer. When you start YaST, you will be prompted to supply the root password.
Click Configure and change the default entry in the “Name for printing” field to private. Click Next. The printer manufacturer and model should already be selected. If they are not, or they were incorrectly identified, choose the correct entries and click Next. Click the Test button to send a test page to the printer and make certain that it is properly configured. Once that is done, click Next and Finish to save the printer configuration and exit YaST.
103
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.12
The printer is recognized and can now be configured.
To create the desktop shortcut, right-click on the KDE desktop and choose Create New, File, Link to Location (URL)… At the prompt for “Enter link to location (URL):” enter http:// and then click OK. The icon is created. Right-click on it and choose Rename, and then enter Printer Management. Click on the icon to verify that it is working properly.
localhost:631/printers,
Exercise 9: Indiana Industrials There are two ways you can check for updates and keep the system current: using the YaST2 tool or Red Carpet. We’ll look at the YaST method first. Start YaST and choose Software (if it is not already selected), followed by Online Update. This brings up the dialog box shown in Figure 4.13. You can choose to manually select the patches to be applied (the default) or reload all patches from the server. If any patches are available, they are presented for you to select. Otherwise, you are notified that the system is currently up-to-date, and you can rest easy.
104
Exercise 10: Jerralds Union Institute
FIGURE 4.13
The Online Update options.
Novell Linux Desktop also includes the Red Carpet utility to allow you to check for updates and keep the system current. To start this utility within GNOME, from the System menu, choose Software Update. Within KDE, you choose System, Configuration, Red Carpet to arrive at the same location. A check of the system will be done, and you will be notified if there are any patches to download. If there are no new patches, you will be notified that the system is up-to-date.
Exercise 10: Jerralds Union Institute The File Roller utility offers a graphical interface to allow you to quickly accomplish the task you need to. With KDE, from the programs menu choose Utilities, Archiving, and Archive Manager. Alternatively, with GNOME, choose Programs, System Tools, Archive Files. This opens the File Roller utility. NOTE If you do not find the Archive Files option in your menu, use YaST to install File Roller (using steps similar to those found in exercise 3). 105
C H A P T E R 4 : Solutions to Exercises
TIP With a basic NLD 9 installation, you don’t get the System Tools option under Programs by default. To start the File Roller tool, you can also select System > Run Program, enter file-roller, and select Run.
Click New and name it LONDON. Set the Archive type to Tar Compressed with gzip, as shown in Figure 4.14. FIGURE 4.14
Choosing the archive type in File Roller.
Click New to go back to the File Roller main interface. Click Add, and expand Filesystem. In the right pane, double-click the home directory to see the entries beneath it. Click and drag the dlucas folder into the roller window and save it. You are now ready to email it to the salesman.
Exercise 11: Kent’s School A number of utilities can be used to see and then terminate the processes that are running. Within KDE, from the All Applications menu, you can choose
106
Exercise 12: Lessons Learned, Inc.
System, Monitor, and KDE System Guard. When it starts, click the Process Table tab, and it will show an alphabetic list of the processes running. Scroll down the list until you find the sleep processes—as illustrated in Figure 4.15—highlight all occurrences (by clicking on them), and click the Kill button. A warning message will appear asking you to confirm that you want to kill the selected processes. Choose Kill on this dialog box, and the processes should disappear. FIGURE 4.15
Find the processes to terminate.
Exit the System Guard and your work is finished.
Exercise 12: Lessons Learned, Inc. NOTE This exercise requires a second NLD workstation, connected to the same network. Make sure that the other NLD box is ready, connected to, and communicating on the network before proceeding.
On Dr. Wiese’s colleague’s workstation, access the Applications menu in KDE. Choose System, Remote Access, Desktop Sharing and choose to share the desktop (Create Personal Invitation). This will bring up a Personal Invitation with needed information for the second party to use, as shown in Figure 4.16.
107
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.16
The information needed to create the connection.
On the phone, tell Dr. Wiese to go to System, Remote Access, Remote Desktop Connection and enter the host information given. TIP Be certain to include the whole host address, including the colon and the display number. If you leave off the colon and display number, the connection cannot be made.
A warning will appear on Dr. Wiese’s machine that a connection is being established, as shown in Figure 4.17. The colleague must now enter the password as given, and the connection will be established. On Dr. Wiese’s machine, he can open and run any applications that he wants. The colleague’s machine will show Dr. Wiese’s desktop as if it is another window, as shown in Figure 4.18. The colleague may watch what is being done, as well as take control by clicking on anything or entering any values within that window that might be desired. The remote desktop connection ends when the user closes the window. Very briefly, a pop-up dialog box will appear on Dr. Wiese’s machine indicating that the connection has been closed.
108
Exercise 12: Lessons Learned, Inc.
FIGURE 4.17
You must accept the connection.
FIGURE 4.18
The remote desktop appears as another window.
109
C H A P T E R 4 : Solutions to Exercises
Exercise 13: Mississippi Computing Two tasks need to be done here. The first is to create the emergency disk, and the second is to do the backup. For the emergency disk, open YaST and choose System. Beneath System, select Create a Boot, Rescue, or Module Floppy. Seven choices appear here: ■
Standard Boot Floppy 1
■
Module Floppies
■
Standard Boot Floppy 2
■
Custom Floppy
■
Standard Boot Floppy 3
■
Download Floppy Image
■
Rescue Floppy
Choose Rescue Floppy, and the disk image will be copied to the media. When this finishes, choose System Backup from beneath the System modules of YaST. Choose to add a backup profile by clicking on Profile Management and choosing Add. Give it a name of FULL. Give a filename with an absolute path (such as /tmp/backup.tar) and click Next. Do not enter any search constraints, because you want to include everything, and continue clicking Next until you arrive back at the YaST System Backup dialog shown in Figure 4.19. FIGURE 4.19
The backup can now be done.
110
Exercise 14: NoMore Paper
Click Start Backup, the system will begin reading package files (this can take several minutes), and then the backup will begin.
Exercise 14: NoMore Paper To solve this problem, log in as root and open YaST to interact with disks and perform creation and partitioning tasks graphically. Choose System, Partitioner, and a warning appears. Heed this warning carefully for it fully means what it says—you can do irreversible damage if you are not careful. After you choose Yes to the warning, the partition table shown in Figure 4.20 appears. NOTE The actual partition table that is displayed depends on the disks and partitions in use on your system. You will see something similar to this figure, but not this figure per se.
FIGURE 4.20
You can work with the partitions from this interface.
111
C H A P T E R 4 : Solutions to Exercises
Increase the size of the swap partition and apply the changes. NOTE The partition proposal in exercise 1 leaves room for resizing the swap partition. The Linux native / partition cannot be resized to allow for more disk space if it already uses the entire hard disk.
Exercise 15: Octagon Systems To disable, or make certain that remote administration is not enabled, on the system, log in as root and start YaST. Choose Network Services, Remote Administration. Only two radio button choices are available. Make sure that the one labeled Do Not Allow Remote Administration is chosen and click Finish. Back in YaST, choose the Misc choice and View Start-up Log. This displays the contents of the /var/log/boot.msg file. Scan through this log and look for errors that are occurring. The most recent information is at the bottom of the file, which is where it opens to by default. If anything suspicious does appear as you scan this file, you can choose to save it, print it, or use other utilities to view it if you want to scrutinize it further.
Exercise 16: ACME Electronics Make sure that the /ACME, /ACME/OLD, and /ACME/MONTHLY directories are in place and that the receptionist’s user has the necessary permissions to write files to these directories. You should then document the steps for the new employee as follows: 1. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 2. Type the command cd /ACME. 3. Because all the files within the directory are to be placed in a single file,
both tar and gzip must be used. While the commands can be piped, in order to walk a novice user through the process, it is best to do the operation as two separate processes: tar cvf july.tar . gzip july.tar
112
Exercise 17: Barnes and Fine
4. The command to move the archive file to the desired directory is: mv
july.tar.gz MONTHLY. 5. The command to move all other files to the desired directory is: mv *.*
OLD. 6. Close the terminal session by typing exit.
A quick explanation that “july” should be replaced each month with the current directory should be sufficient to complete walking her through these tasks.
Exercise 17: Barnes and Fine To find the file from the command line 1. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 2. Type the command find / -name “*tickets*” -print | more.
To find the file using the graphical utilities 1. Click on the N on the KDE kicker, then choose Find Files. Set the
options to those shown in Figure 4.21. FIGURE 4.21
Search for the desired file.
113
C H A P T E R 4 : Solutions to Exercises
2. Click on the Find command button.
To find hardware information while you are at the site 1. Start YaST and authenticate as root. 2. Choose Hardware and then Hardware Information. 3. After a short time of probing, a display similar to that shown in Figure
4.22 will be displayed. FIGURE 4.22
Hardware information is made available.
4. Click Save to File and either print the file or email it to your home
office. To find files with permissions above 2000 1. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 2. Type the command find / -perm –2000 –print | more.
114
Exercise 19: Donna’s Collectibles
Exercise 18: Cash Today A number of utilities can be used to see the current processes running, including top, ps, and pstree. Any of these commands can be run within a terminal window, and you can take a screenshot using ksnapshot or the menu command in GNOME, shown in Figure 4.23. FIGURE 4.23
Save a screenshot.
To save a list of the processing running to a file, the command ps –ef > /tmp/proc.txt will create a file that you can mail.
Exercise 19: Donna’s Collectibles To install an RPM package, the generally accepted syntax is rpm –ihv {packagename}.rpm
115
C H A P T E R 4 : Solutions to Exercises
NOTE The -U parameter should be used in place of –i if you need to upgrade a package. To install a new package, you use the -i parameter.
The administration log will be different for each site, but you can append an entry to the end of such a log file with syntax similar to the following: cat >> admin.log 9/15/05 12:34 Installed ABC package in order to meet auditing requirements A complete list of changes to the system can be found in the ABC documentation. Rebooted server and verified all working ok.
Press Ctrl+D to stop appending to the log and return to the session prompt. TIP Instead of blindly appending to the log, you can also edit it with vi or any editor.
Exercise 20: Edna and Lorraine Antiques To install the operating system, insert the first CD into the computer and reboot the system. Exercise 46 walks through each of the individual menus. In this case, you will accept the defaults until prompted for the server name; in which case, you will enter EDNA-SLES. When prompted to use DHCP or configure static IP addressing, choose static and give the values specified in the table: ■
IP address: 192.168.0.78
■
Subnet mask: 255.255.255.0
■
Default gateway: 192.168.0.1
Samba is installed automatically, leaving only Apache that must be installed separately. To install Apache, follow these steps: 1. Start YaST and authenticate as the root user. 2. Choose Software and then Install and Remove Software. Search for
apache, and install it.
116
Exercise 20: Edna and Lorraine Antiques
To configure Samba, log in as root and start YaST; then choose Network Services and Samba Server. The first dialog box will ask for the workgroup name; enter EDNA-WKGRP. Create the users by logging in as root and starting YaST. Choose Security and Users and then Edit and Create Users. Click Add and add each of the users as shown in Figure 4.24, clicking Create after each one. FIGURE 4.24
Add each of the users.
After all the users are added, click Finish. Create the ACCOUNTS group by choosing Edit and Create Groups in the Security and Users section of YaST. Click Add, and configure the information as shown in Figure 4.25. Click Next and Finish.
117
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.25
Add the new group.
Exercise 21: Fetters Hair and Such To perform this operation, follow these steps: 1. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 2. Type the command cd /. 3. Type the command mkdir personal. 4. Type the command cd personal. 5. Type the command mkdir accounts employees suppliers other. 6. Type the command cd /tmp. 7. Type the command rm -i * to interactively delete the files in this direc-
tory and avoid problems. 8. Exit the shell by typing exit; then start YaST and choose Misc followed
by View Start-up Log. This will allow you to look for any problems related to startup as recorded in the boot.msg file. 118
Exercise 22: Global Moving
Exercise 22: Global Moving To change the default runlevel, follow these steps: 1. Log in as any user, and then su – to root. 2. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 3. Type the command cd /etc. 4. Edit the inittab file, shown in Figure 4.26. FIGURE 4.26
Edit the /etc/inittab file.
5. Change the 5 in the line id:5:initdefault: to 4, and the new default
runlevel will be 4. 6. Save the file and exit. The new default runlevel will apply the next time
the system is booted. To change the ACLs on all files beneath /tmp, follow these steps: 1. Log in as any user then su – to root. 2. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole.
119
C H A P T E R 4 : Solutions to Exercises
3. Type the command cd /tmp. 4. Type the command getfacl /root/.fonts.cache-1 | setfacl -set-file=- *
to change all the files beneath this directory.
NOTE If you’ve logged in as a different user, the path to the .fonts.cache-1 file will be /home//. 5. Exit the terminal by typing exit.
Exercise 23: Hare Trucks The numeric representation of –rw-r----- is 640. Subtracting this from the defauflt for new files of 666 gives a remainder of 26. To set the system such that all newly created files have these default permissions, 1. Log in as root. 2. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 3. Type cd /etc. 4. Edit the profile file and change the default entry from umask 022 to
umask 026.
TIP If you try to test the configuration change, note that the profile file is not read until the next time a shell is launched. You won’t see anything different in the permissions of newly created files until after you’ve launched a new shell.
To change the permissions on all files currently in the /tmp directory to readonly permissions for all users, 1. Type cd /tmp. 2. Type chmod 444 * 3. Exit the terminal by typing exit.
120
Exercise 24: Independent Fireworks
Exercise 24: Independent Fireworks To implement disk quotas for all users, 1. Start YaST and authenticate as the root user. 2. Install the quota package. 3. Choose System and then Partitioner. 4. Select the Linux partition and click the Edit button. This will bring up a
screen similar to that shown in Figure 4.27. FIGURE 4.27
The current partition without quotas.
5. Click the Fstab Options button. This brings up a screen similar to that
shown in Figure 4.28. 6. Type usrquota in the Arbitrary Option Value box at the bottom. 7. Click OK twice, followed by Apply. NOTE After clicking Apply, a couple of unexpected things happen. First, YaST tells you that the volume needs to be remounted and asks if you are sure that you want to do this. You will then see a warning which says that it can’t be remounted and implies that you have to know what you are doing to continue. If this happens, select to continue. After doing this, go to a terminal prompt and remount the root partition by entering mount -o remount /dev/hda2.
121
C H A P T E R 4 : Solutions to Exercises
Before going on to the next step, turn quotas on for all mounted file systems by entering quotaon -av, and then make this persistent by entering chkconfig quota on.
FIGURE 4.28
The options available with fstab.
8. It is now possible to go to the command line and use the command
setquota to turn on the quota for each user.
TIP In addition to using setquota, you use repquota to view the quota report and edquota to edit user quota settings.
Exercise 25: J & C Bookkeeping To apply patches and updates through YaST, follow these steps: 1. Log in as root and start YaST.
122
Exercise 25: J & C Bookkeeping
2. Choose Software and then Online Update. A screen similar to that
shown in Figure 4.29 appears. Note: If you click Configure Fully Automatic Update…, you can configure a cron entry that will automatically keep the system current. FIGURE 4.29
Choices for online updating.
3. Click Next. Information about new updates will be retrieved. 4. If prompted for a username and password, enter these values, and then
choose to install any found updates. You can also choose to install patches from a CD by choosing Software and Patch CD Update. To set settings on the server, choose Software and System Update. Choose Change and Update Options. Values similar to those shown in Figure 4.30 appear. Last, the YOU server configuration can be configured by choosing Software and then YOU Server Configuration. This opens a dialog similar to that shown in Figure 4.31.
123
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.30
Update options.
FIGURE 4.31
YOU configuration options.
124
Exercise 28: Muncie Management
Exercise 26: Karen’s Computers You can make a list of each user who has ever logged on to the server by following these steps: 1. Log in as root. 2. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 3. Type lastlog | grep –vi “never” to reduce the display to only lines
of valid logins. This will show the most recent login for each account, but not every login. Make a list of the usernames, and then use each with the last command to find out each login since the last time the wtmp file started. For example, to see the entries for the user edulaney, the command would be last edulaney.
Exercise 27: Lifetime Solutions To check the hostname of the server, follow these steps: 1. Log in as root. 2. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 3. Type hostname.
The “regular barrage of command line networking commands” should include: ping, traceroute, ifconfig, ifstatus, and netstat. Use route and arp to check the routing table as well as the address resolution results, respectively.
Exercise 28: Muncie Management The ip tool is used to see and change the current network configuration. To see the current configuration, the command ip address show is used. The display generated will resemble that shown in Figure 4.32. The output of this command is identical to that of ifconfig. Substituting add for show, you can add to the settings, and using del allows you to delete existing settings.
125
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.32
The output of the ip address show command.
The command ip link show will show the hardware address of every Ethernet device. To work with the routing table, use the following commands: ■
ip route show—to see the current routing table
■
ip route add—to add a route
■
ip route add default—to add a default route
■
ip route delete—to delete a route
Exercise 29: New Start, Inc. To run YOU, follow these steps: 1. Log in as root and start YaST. 2. Choose Software and then Online Update. 3. Click Next. Information about new updates will be retrieved. 4. If prompted for a username and password, enter these values; then
choose to install any found updates.
126
Exercise 30: Oak Pictures
Exercise 30: Oak Pictures The cron file entries that Oak Pictures needs to run these scripts at their appropriate times are as follows: 0,5,15,20,25,30,35,40,45,50,55 * * * * /usr/local/bin/oriontest.sh 2&1> /dev/null 0,15,30,45 * * * * /usr/local/bin/suf.sh 2&1> /dev/null 5,15,25,35,45,55 * * * * /usr/local/bin/use.sh 2&1> /dev/null 30 6 * * 0,2,4,6 /usr/local/bin/orionrestart.sh 2&1> /dev/null
To set the system so that all newly created files should have default permissions on them set to rw-rw-r--(664), follow these steps: 1. Log in as root. 2. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 3. Type cd /etc. 4. Edit the profile file and change the default entry from umask 022 to
umask 002.
TIP The profile file is only read when a shell is launched. You must launch a shell for the changes to take effect.
To change the owner on all files beneath the /home/jackson directory to syed, follow these steps: 1. Log in as root. 2. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 3. Type cd /home/jackson. 4. Type chown syed *.*.
To change the group associated with all files beneath this directory to root, type chgrp root *.*.
127
C H A P T E R 4 : Solutions to Exercises
TIP You can change owner and group in one command by entering chown syed.root *.*.
To create a link named viewer in the /root folder to the /bin/zcat file, follow these steps: 1. Log in as root. 2. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 3. Type ln /bin/zcat viewer. 4. Exit the terminal by typing exit.
Given the specific requirements for the two users to be added to the system, follow these steps: 1. Log in as root and start YaST. 2. Choose Security and Users and then Edit and Create Users. 3. Click Add and enter wintel for the first user. Click Details and set the
User ID to 1010. Click Next. 4. Click Password Settings and set the Maximum Number of Days for
the Same Password to 90. Click Next. 5. Click Create. Repeat the process to add the next user. By default, all
passwords are stored in the /etc/shadow file as opposed to /etc/passwd with SLES 9. To change the default runlevel, follow these steps: 1. Log in as root. 2. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 3. Type the command cd /etc. 4. Edit the inittab file and change the 5 in the line id:5:initdefault: to
4, and the new default runlevel will be 4. 5. Save the file and exit. The new default runlevel will apply the next time
the system is booted.
128
Exercise 30: Oak Pictures
To configure the static IP address configuration as given, follow these steps: 1. Log in as root and start YaST. 2. Choose Network Devices and Network Card. 3. Click Change and Edit. The Network address setup will appear as
shown in Figure 4.33. FIGURE 4.33
The settings for the network card.
4. Click the Static Address Setup button and enter an IP address of 192.168.10.7
and a subnet mask of 255.255.255.0.
5. Click the Routing button and add a default router address of 192.168.10.101.
Click OK.
6. Click Next and Finish. 7. Click Close and exit YaST.
To add (append) an entry to the end of /var/log/messages that the system has been configured on this date, run the following command from a terminal session: logger –p local3.info “system configuration drastically changed”.
129
C H A P T E R 4 : Solutions to Exercises
Exercise 31: P.A.R. Inc. The trickiest part about this shell script is that the variable needs to be treated as a number. This can be accomplished with the following: #incrmt #!/bin/bash typeset –i x x=$1 until [ “$x” –lt 1 ] do echo $x let x=”$x-1” done
Make sure that the owner has permission to execute the script by entering chmod u+x /usr/INCRMT.
Exercise 32: Quality Seals Security information is readily found at a number of Linux-related sites. The first to check, and stay abreast of, is always the vendor’s site. Looking at http://www.novell.com/linux/security provides an overview of Linux-related security issues with links to a number of relevant pages. You should also keep abreast of issues and problems posted at http://www.cert.org and http://www.linuxsecurity.com. Information on any Linux command can be found through a number of utilities inherent in Linux:
130
■
The man tool offers pages on each utility. For example, to find information about the setfacl tool, the command would be man setfacl.
■
Most utilities have the built-in option of --help to offer information. From the command line, you can type setfacl --help to see a quick list of available options.
■
The info utility can be used to view the man pages, as well—for example, info setfacl.
■
The whatis utility can show if there is more than one set of documentation on the system for the utility: whatis setfacl.
■
The whereis utility will list all the information it can find about locations associated with a file—for example, whereis setfacl.
■
The apropos utility uses the whatis database to find values and returns the short summary information: apropos setfacl.
Exercise 35: Thrifty Constructors
The customer should also be reminded that the Web is a great place to find help information on commands as well.
Exercise 33: Rich and Big Home Improvements During a normal boot, the system will come up and change into the runlevel assigned in the /etc/inittab file. Because the system is not “booting properly” and power was lost so rapidly, the most likely culprit is file system corruption; a quick check of the log file (/var/log/messages) should confirm this. If this is the case, run the fsck utility to fix file corruption and bring the system back to a bootable state.
Exercise 34: Spencer Treats You can check various elements on the server by using the commands uptime (load), df, du (filesystem), free, procinfo (memory management), ps, and pstree (process information). To please the customer, you should examine all the logs beneath /var/log and look for any and all oddities that might appear within.
Exercise 35: Thrifty Constructors To do the backup as requested, follow these steps: 1. Log in as root and start YaST. 2. Choose System and System Backup. 3. Click Profile Management and choose Add; then enter a name for the
new profile, such as fullsys. 4. Click OK. 5. The Archive Settings, shown in Figure 4.34, appears. 6. Enter a backup name (using an absolute path), make certain that the
archive type is set to a tar variety, and then click Next. 7. At the File Selection window, leave the default options and click Next. 8. Leave the Search Constraints as they are and click OK.
131
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.34
Configure the backup.
9. At the main YaST System Backup dialog, click Start Backup. After sever-
al minutes of reading packages, the backup will begin. NOTE As an administrator, you should now verify that the backup can be restored. This should be done after making a backup and before shutting down the system. 10. To shut the system down after the backup, close all applications on the
server, and then choose Run Command from the KDE kicker. Enter init 0, and the system will begin an orderly shutdown.
Exercise 36: U.S. Roadways To enable remote administration of the SLES server, follow these steps: 1. Log in as root and start YaST.
132
Exercise 36: U.S. Roadways
2. Choose Network Services and Remote Administration. 3. The Remote Administration configuration dialog shown in Figure 4.35
opens. Click Allow Remote Administration. FIGURE 4.35
Choose to allow remote administration.
4. Click Finish. The server can now be accessed via port 5801.
OpenSSH is installed by default on SLES 9. If it is not present on a particular server: 1. Start YaST as the root user. 2. Choose Software and then Install and Remove Software. 3. Type openssh in the Search field and click Search. 4. Check the two packages found and click Accept. Insert any SLES 9 CDs
needed if prompted.
133
C H A P T E R 4 : Solutions to Exercises
Exercise 37: Victory Electric The following script will meet the requirements that were given: #menu.sh #!/bin/bash while true do clear echo “Please choose from the following menu choices:” echo “A. To run flexon.sh” echo “B. To run hour.sh” echo “C. To run comp.sh” echo “D. To run Indian.sh” echo “Q To quit” echo –n “Please make a selection: “ read lett case $lett in A|a) flexon.sh break ;; B|b) hour.sh break ;; C|c) comp.sh break ;; D|d) Indian.sh break ;; Q|q) exit ;; *) echo “Invalid response” sleep 3 ;; esac done
Exercise 38: Waffles and More Physically connect the printer to the server; then log in as root and start YaST. Choose Hardware and then Printer. Autodetection should find the new printer and it will appear in the Printer Configuration dialog as shown in Figure 4.36. You must now complete the following steps: 1. Click Configure and configure the queue name and spooler settings. 2. Click Next.
134
Exercise 38: Waffles and More
FIGURE 4.36
Autodetection finds the new printer.
3. Choose the printer model. If the correct manufacturer/model combina-
tion does not appear in the list, you can look for drivers on the manufacturer’s site (or locally). 4. Click Next. 5. On the Edit Configuration dialog, click Test and verify that the printer is
configured and working properly. You should try printing without graphics and then with. 6. Click OK, and then Finish. The printer configuration will be saved. 7. At the Printer Administration dialog, shown in Figure 4.37, click
Advanced and make certain that it is configured as a CUPS full server installation to enable users to access it. 8. Click Accept and Finish.
135
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.37
Configure sharing of the printer.
Exercise 39: Xtreme Books To accomplish this task, follow these steps: 1. Open a terminal window, and then switch to root with the su command. 2. From the KDE kicker, click on the icon of a monitor to open a terminal
shell. Optionally, from the menu, select System, Terminal, and then Konsole. 3. Type the command cd /. 4. Type the command mkdir recovery. 5. Type the command rsync –avz /home /recovery.
Although other utilities besides rsync can be used (cp, for example), this will create a mirror of what is in the other directory, maintaining the same permissions, ownership, and all other information. To keep the two directories mirrored, an rsync command can be added to cron to run on a regular basis. 136
Exercise 40: Young and Forest
Exercise 40: Young and Forest Network status can be checked in YaST by choosing Network Services on the left and Network Services on the right. This will show the currently configured services, as shown in Figure 4.38. FIGURE 4.38
Currently configured network services.
It is also possible to click on the N in the KDE kicker, choose System, Monitor, Info Center, and then Network Interfaces to see information on the cards, as shown in Figure 4.39. Clicking on Protocols in the left frame, you can choose different protocols (including networking ones) to check on the status of each. The KDE System Guard (System, Monitor, KDE System Guard), shown in Figure 4.40, can show the process table (allowing you to kill entries) as well as the system load.
137
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.39
The Info Center shows information on the NICs.
FIGURE 4.40
The KDE System Guard shows load.
138
Exercise 41: Zebb Jewels
Last, any desktop editor, or command-line editor, can be used to examine configuration files and make changes. Figure 4.41, for example, shows the /etc/profile file opened in the default KDE editor, Kate. FIGURE 4.41
Editing a system configuration file.
Exercise 41: Zebb Jewels The changes can be made using any number of editors. Among those SLES 9 includes are joe, vi, and sed. Figure 4.42 shows joe editing a file, whereas Figure 4.43 shows the same file in vi. The best editor to use for this task, however, is sed. As a stream editor, it can easily change all occurrences of one value for another using the command sed ‘s/ZEBB7/JEWEL/g’
TIP For more on sed, enter man sed.
139
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.42
Editing a file with joe.
FIGURE 4.43
Editing a file with vi.
140
Exercise 43: X. L. Technology
Exercise 42: Yorktown Bakers To accomplish this task, you should first back up all data on the server, and then properly shut it down. After installing the hard drive and booting the server, use fdisk to create the new partitions. You can then 1. Log in as root and start YaST. 2. Choose System and then LVM. If you do not already have such, you will
be prompted to crate a volume group, as shown in Figure 4.44. FIGURE 4.44
Create a volume group.
3. The physical and logical volumes will appear. 4. Click Add and create each of the three partitions. 5. Click Finish.
Exercise 43: X. L. Technology GRUB is installed on SLES 9 by default. You can see if it is installed on your server by logging in as root, starting YaST, and choosing System, Boot Loader Configuration. This will bring up a dialog similar to that shown in Figure 4.45. If you need to make any changes, you can do so by clicking Edit. This will let you choose between GRUB, LILO, or no boot loader.
141
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.45
Boot loader configuration.
NOTE Clicking Edit Configuration Files allows you to edit the menu.lst file to add options to the boot menu.
To limit physical access to this server, the best solution is to locate it behind a locked door such as in a lab room, server room, or other location. The desktop can always be locked as well by right-clicking on the desktop, choosing Configure Desktop, setting the screensaver to come on after one minute, and requiring a password to stop the screensaver.
Exercise 44: Wait and Waste, LLC The time on a server is set by the /etc/init.d/boot.clock file during boot. Once you have the time properly set on any server, the ntpdate utility can be used to set the time on any other server to that of this one.
142
Exercise 45: Village Pump & Supply
NOTE Configuring the ntp.conf file and starting the ntpd daemon can keep time set properly so that you don’t have to manually run ntpdate every time the server’s time gets too far off.
When checking security policies, one of the first things to do is start YaST as root; then choose Security and Users, Security Settings. This will open a dialog similar to that shown in Figure 4.46. FIGURE 4.46
System security settings.
You can choose any of the preset values, or click Next with Custom and configure password settings, boot settings, login settings, user and group settings, and a few miscellaneous settings.
Exercise 45: Village Pump & Supply To install OpenLDAP on the SLES 9 server, 1. Start YaST as the root user. 143
C H A P T E R 4 : Solutions to Exercises
2. Choose Software and then Install and Remove Software. 3. Type openldap in the Search field and click Search. 4. Check the openldap2, openldap2-client, and yast2-ldap-server pack-
ages and click Accept. Insert any SLES 9 CDs needed if prompted. 5. Back in YaST, choose Network Services, LDAP Server. 6. Click Configure, and you are automatically able to edit the configuration
file entries through the YaST interface. 7. Click Finish.
Exercise 46: Alabama Cement To begin an installation of SLES 9, insert the first CD into the computer and reboot the system. On most computers, the system will boot from the CD, and you will be ready to begin the installation. If this does not happen, you might need to reconfigure the BIOS and change the boot drive order to check for media in the CD/DVD drive first. The first menu to appear offers a number of choices: ■
Boot the Hard Disk—This stops the installation and boots the operating system already on the hard disk. Because this is the safest choice, it is the default.
■
Installation—This is the option to select to begin the normal installation.
■
Installation–ACPI Disabled—Choose this option if you need the Advanced Configuration and Power Interface to not interfere with the installation process.
■
Installation–Safe Settings—Choose this option if DMA mode is needed to get around normal installation. Use this choice if the installation keeps failing with one of the other selections.
■
Rescue System—This allows you to boot the system from the CD in the event that the hard drive boot files are damaged.
■
Memory Test—This checks RAM only.
At the bottom of the screen, a number of function keys are identified:
144
■
F1—Help
■
F2—Toggle through screen display settings
■
F3—Toggle through installation location choices
Exercise 46: Alabama Cement
■
F4—Toggle through languages
■
F5—Choose a debugging output level
■
F6—Include a driver update CD in the installation
To perform a normal installation, choose Installation from the menu, and press Enter. You must then walk through the interfaces presented in YaST2, the installation and system administration program. Although there can be deviations, based on your exact configuration, the following are the major screens— in order—that you must walk through: 1. Choose a language—You can click Accept to move on or Abort to cancel
the installation. 2. Choose the installation mode—You can choose to perform a new installa-
tion (the default), update an existing system, repair an installed system, boot an installed system, or abort. For a normal installation, choose New Installation. 3. At this point, the system will probe for devices and show you a list of
what it has identified. It will identify the system, keyboard, mouse, and so on, as well as show you the recommended installation settings based on the chosen mode. Recommendations and settings fall within these categories: ■
System
■
Software
■
Mode
■
Booting
■
Keyboard layout
■
Time zone
■
Mouse
■
Language
■
Partitioning
■
Default runlevel
4. Three command buttons are available: Change—to alter any of the set-
tings, Abort—to cancel, and Accept—to continue on. Choose Accept; then click Continue, and a warning message appears stating that YaST2 has obtained all the information required to install SUSE LINUX. The installation will be carried out according to the settings made in the previous dialogs. To commit the installation and choices made, click the Yes, Install button. 5. The hard disk is then prepared/partitioned. This will take a few minutes,
and you might need to make other changes manually later if you are implementing RAID or LVM devices. At a minimum, two partitions are created: root and swap.
145
C H A P T E R 4 : Solutions to Exercises
6. Packages are installed next, and you will need to insert various CDs as
prompted. Your goal is usually to complete the installation as quickly as possible, so you can always go back and add any packages at a later point in time. 7. You are prompted to give a password for the root user (and enter it twice
for verification). The password can consist of digits, spaces, letters, and the standard punctuation characters. It is recommended that it contain at least five characters and—at a minimum—the case is mixed between upper and lower. If you enter more than eight characters, you will be prompted to truncate or change it. 8. Network configuration occurs next, and a scan is automatically done to
detect network cards, DSL connections, ISDN adapters, and modems. A summary screen shows you the values found, as well as the current settings for Proxy (default is disabled) and VNC Remote Administration (default is disabled). You can change any of these values, go back, abort, or put the network settings shown to you into effect by clicking Next. 9. After the network configuration is written/saved, the Internet connection
is tested. This operation is purely optional, and you can choose to skip the test if you like. A successful test, however, gives you the option to run the YaST Online Update (YOU) and check for the latest release notes and updates. If updates are available, you can choose to download and install them, or skip the update (which can be done at any later time from within YaST2). 10. Service configuration comes next, allowing you to configure such items
as Certificate Management and OpenLDAP Server. 11. The user authentication method must be chosen. Three choices are avail-
able: ■
NIS—To use if you are using an NIS server
■
LDAP—To use if you are using an LDAP server for user data
■
Local (/etc/passwd)—The choice to select if you are storing passwords in /etc/passwd and /etc/shadow
Accept the default user authentication method (LDAP). 12. You can add new local users at this point. The same password rules for
creating the root user apply to creating passwords for the local users as well.
146
Exercise 46: Alabama Cement
NOTE Not only can you add a new user at this point, but also you should. It is good practice to only use root when necessary, so you should at least have one other user account to log in as by default. I suggest that an “admin” user be created at this point. 13. SuSEconfig now starts and writes the system configuration. The amount
of time this takes will vary greatly from system to system based on the parameters that you’ve entered. 14. Release notes are displayed covering the following areas: ■
General—Information that everybody should read
■
Update—Covers changes not appearing in the Admin Guide
■
Installation—More information about the installation
■
Updates and Features—Covers technical changes and enhancements
■
Providing Feedback—Tells how to contact SUSE, and so on
15. Hardware configuration of the graphics card, printers, and sound cards
follows, and then the installation is complete. You must click the command button labeled Finish, and then you can log in to the system. (It is a good idea to do so as the admin user added during step 12.) Upon successful completion of these steps, a login screen will appear prompting for a username and password. After you give those entries, a Welcome menu thanks you for installing SUSE LINUX Enterprise Server 9 and provides a list of URLs relating to this and other Novell products. If there are problems with the installation, you should trace down the first occurrence in which trouble appeared and look for a solution to it before continuing on. The best tool to use for any problem within this category is common sense. For example, if the system will not read the media, verify that the CD set you have is good by checking to see if another system can read it. If the installation hangs, verify that your system meets the minimum system requirements and that power saving features are not affecting your ability to do the installation. Remember that the first menu to appear offers a plethora of choices besides Installation. Choosing one of the other choices can help you continue on with the installation and repair any system files.
147
C H A P T E R 4 : Solutions to Exercises
Exercise 47: Alaska Tours and Such To configure the network as described, follow these steps: 1. Start YaST. 2. Choose Network Devices, and then Network Card. 3. Click Change, and then Edit, as shown in Figure 4.47. FIGURE 4.47
Change the settings for the network card.
4. Click on the radio button Static Address Setup. Enter the static IP
address of 192.168.0.14 and Subnet mask of 255.255.255.0. 5. Click Routing and enter the default gateway address of 192.168.0.1. 6. Click OK. 7. Click Next, and then Finish. 8. Test the configuration by pinging the default gateway and then a host
outside the network.
148
Exercise 48: Arizona Aluminum Manufacturing
Exercise 48: Arizona Aluminum Manufacturing Configuring the dhcpd daemon as outlined is accomplished through the following steps: 1. Log in to the server and start YaST, authenticating as root when
prompted. 2. Choose Network Services and then DHCP Server. 3. A prompt will appear that the dhcp-server package needs to be installed,
as shown in Figure 4.48. FIGURE 4.48
The dhcp-server package needs to be added.
4. Click Continue to install the package and insert any media as it is
requested. 5. The DHCP Server Wizard will begin and prompt you to select a network
card, as shown in Figure 4.49.
149
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.49
The DHCP Server Wizard begins.
6. Select Next. On the Global Settings screen, do the following: ■
Check the LDAP Support box.
■
Enter LabRoom in the Domain Name field.
■
Enter the IP address of this server in the Primary Name Server IP field.
■
Enter the IP address of the router in the Default Gateway (Router) field.
■
Enter 1 in the Default Lease Time field, leaving the default measure set to days.
7. Click Next. 8. Enter 192.168.0.15 in the First IP Address field. 9. Enter 192.168.0.99 in the Last IP Address field. 10. Enter 1 in the Lease Time field, leaving the default measure set to days. 11. Enter 2 in the Max Lease Time field, leaving the default measure set to
days. 150
Exercise 49: Arkansas University
12. Click Next and then Finish, leaving the DHCP Server:Start-Up setting as
Off—Start Server Manually. 13. A prompt will appear asking for the password to the LDAP server. Enter
the root password. 14. Open a terminal session and type rcdhcpd start to start the dhcp
service. TIP If you’ve logged in as the admin user, which you have hopefully done, you must su - to root at the terminal prompt before entering the command to start dhcp.
Exercise 49: Arkansas University Install and configure the DNS service/daemon by following these steps: 1. Start YaST as the root user. 2. Choose Network Services and then DNS Server. A message will appear
telling you that bind needs to be installed. 3. Click Continue to install the bind package. 4. On the Forwarder Settings page, shown in Figure 4.50, click Next. 5. On the DNS Zones page, set the Zone Name to dstechnical.com and
click Add. 6. For the reverse lookup zone, enter 0.168.192.in-addr.arpa for the
Zone Name and click Add again. 7. Click Edit Zone and click on the NS Records tab, as shown in Figure
4.51. 8. Type lab1.dstechnical.com in the Name Server to Add field and click
Add. 9. Click the SOA tab. The TTL field should show the default of 2 days.
Change that to 3 days. Go to the Records tab and add an A record for lab1 and one for dstechnical.com so that the server name and the domain name resolve to 192.168.0.14. 10. Click OK. 11. Go back to the DNS Zones page, highlight the reverse lookup entry, and
click Edit Zone; then click on the NS Records tab. 12. Type lab1.dstechnical.com in the Name Server to Add field and click
Add. 151
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.50
The Forwarder Settings page.
FIGURE 4.51
Click on the NS Records tab.
152
Exercise 50: California Dreaming
13. Click the SOA tab. The TTL field should show the default of 2 days.
Change that to 3 days. 14. Click on the Records tab and enter the Reverse FQDN for the server
(14.0.168.192.in-addr.arpa) with a Type of PTR. Set the value to lab1.dstechnical.com. 15. Click Add. Click OK. Click Finish.
You will now need to start the named daemon manually. This can be done by opening a terminal prompt, authenticating as root with su –, and then giving the command rcnamed start at the terminal prompt. TIP To validate the configuration, run the following commands: dig lab1.dstechnical.com dig dstechnical.com host 192.168.0.14
Exercise 50: California Dreaming To configure the Postfix service for this company, follow these steps: 1. Start YaST as the root user. 2. Configure the DNS server to resolve mail1.california.com and
california.com to 192.168.0.14; then restart named. 3. Choose Software and then Install and Remove Software. 4. Type postfix in the Search field and click Search. The results will
resemble Figure 4.52. 5. Check the postfix package and click Accept. Insert any SLES 9 CDs
needed if prompted. 6. Edit the /etc/postfix/main.cf file to make any changes that are need-
ed. (Of key importance is the myhostname variable that needs to be set to the hostname.) 7. Start YaST as root user again and choose Network Services, Mail
Transfer Agent. This opens the General Settings shown in Figure 4.53.
153
C H A P T E R 4 : Solutions to Exercises
FIGURE 4.52
Search for postfix-related packages.
FIGURE 4.53
Configure the MTA.
154
Exercise 51: Colorado Insurers
8. Click to enable virus scanning and click Next. 9. Enter the Outgoing mail server information and click Next. 10. Configure the incoming mail information, shown in Figure 4.54, and
click Next. FIGURE 4.54
Configure the incoming mail settings.
11. Click Finish.
Exercise 51: Colorado Insurers There are a number of logs to check for entries that might indicate an intrusion. The primary ones you should examine are ■
/var/log/faillog—Open a shell prompt and use the faillog utility to view a list of users’ failed authentication attempts.
TIP If the faillog utility does not return any data, there have been no failed login attempts. 155
C H A P T E R 4 : Solutions to Exercises
■
/var/log/lastlog—Open a shell prompt and use the lastlog utility to view a list of all users and when they last logged in.
■
/var/log/messages—Use grep, or a derivative thereof, to find login related entries in this file.
■
/var/log/wtmp—Open a shell prompt and use the last command to view a list of users who have authenticated to the system.
Exercise 52: Connecticut Water To configure the firewall as needed by the customer, follow these steps: 1. Start YaST as the root user. 2. Choose Software, Install and Remove Software and verify that iptables
is installed by searching for it. If it is not installed, install it. 3. Open a terminal window. Type iptables -t filter -L. This will show
the currently configured rules for the filter table (of which there should be none). 4. Create a firewall that drops all incoming ICMP packets by typing iptables -t filter -A INPUT -s 0/0 -p icmp -j DROP. Configure the firewall to drop web server traffic by typing iptables -t filter -A INPUT -s 0/0 -p tcp -–dport 80 -j DROP.
5. Enable the NAT routing by typing iptables -t nat -F. 6. Type iptables -t filter -L. This should show that the new rules are
now in place. 7. Exit the terminal window and leave the customer’s site.
NOTE After configuring the system, it is always recommended that you test it and verify that it is working properly. Although the practicum exams are only interested in your configuration, and not your ability to test, you should test as time allows to assure yourself that you have completed the process properly.
Exercise 53: Delaware Trucking To install a Squid HTTP proxy server on the customer’s SLES 9 system, follow these steps: 156
Exercise 53: Delaware Trucking
1. Log in to the server as root, and start YaST. 2. Choose Software and then Install and Remove Software. Search for
squid, as shown in Figure 4.55, and install it. FIGURE 4.55
Install Squid.
3. Edit the /etc/squid/squid.conf file to make any needed changes. In order
for hosts on the private network to access the proxy, you must insert a line beneath the list of ACLs and remove the comment on the line #http_access allow our_networks. NOTE It is worth pointing out that the purpose of this book is to test your knowledge and not serve as a reference guide. Most of the exercises are fairly straightforward and self-explanatory, but this one is a bit more complex. Do not be afraid to use online help and other resources at your disposal to fill in any gaps in your knowledge. 4. After exiting the configuration file, restart the server at a terminal win-
dow with the command rcsquid start.
157
C H A P T E R 4 : Solutions to Exercises
Exercise 54: Florida Reviewers To create a VPN connection, follow these steps: 1. Log in to the server as root, and start YaST. 2. Choose Software and then Install and Remove Software. Search for
ipsec, as shown in Figure 4.56, and install freeswan and ipsec-tools. 3. Repeat this installation on the host that will be on the other end of the
VPN tunnel. FIGURE 4.56
Install the ipsec components.
4. On the host at the left end of the VPN tunnel, configure openssl.cnf and
create and sign the necessary certificates and CSRs. Then launch YaST, choose Security and Users, VPN. This brings up the dialog shown in Figure 4.57. 5. Click the radio button Enable VPN Services. A message will appear
indicating that no certificates have been imported yet, and it will prompt you to import certificates. Click Yes and import any certificates that need to be imported before clicking Next. 6. A message will indicate that no connections have yet been defined and
prompt you to add them. Click Yes and choose between the types shown in Figure 4.58. Choose the type and click Next. 158
Exercise 54: Florida Reviewers
FIGURE 4.57
Configure the VPN service.
FIGURE 4.58
Choose the connection type.
159
C H A P T E R 4 : Solutions to Exercises
7. Modify any common settings, and then click Finish. 8. Repeat steps 5, 6, and 7 for the host on the right end of the VPN tunnel. 9. Test your configuration.
Exercise 55: Georgia Widgets To install and configure Tomcat on the customer’s SLES 9 server, follow these steps: 1. Log in as root and start YaST. 2. Choose Software and then Install and Remove Software. Search for
tomcat and choose to install these packages: ■
apache2-jakarta-tomcat-connectors
■
apache-jakarta-tomcat-connectors
■
jakarta-tomcat
■
jakarta-tomcat-doc
■
jakarta-tomcat-examples
TIP If you encounter a message about a dependency conflict, select to install Java2 as well.
Swap CDs as needed, and then click Finish. 3. Start a terminal session and change to the /usr/share/tomcat/conf
directory. Edit the configuration files to suit the customer. 4. Type rctomcat start to start Tomcat. Close the terminal session. 5. Start the browser and access http://localhost:8080/manager/html to fin-
ish configuration.
NOTE Gentle reminder—if you cannot authenticate to this URL, you need to study Tomcat some more before you are ready to take the practicum.
160
Exercise 57: Idaho Rock Quarries
Exercise 56: Hawaii PineTrees, Inc. The application-level gateway you will most likely implement is Squid, so the procedure for so doing will be the same as that given in exercise 53. The most relevant part of this exercise is creating the list of the questions and concerns that should be asked when you reach the site. When generating that list, you should verify that you included the following: ■
What are internal users allowed access to outside of the network? What services must be made available to them?
■
What services should be made available to anonymous users?
■
What services should be made available to trusted users?
■
What protocols should be allowed to pass from the internal network to the external network?
■
What protocols should be allowed to enter the internal network from the outside?
Exercise 57: Idaho Rock Quarries The list you create for this customer should include the following: ■
Are all updates and patches current on the server? Is YOU automatically configured?
■
Are all updates and patches current on the workstations?
■
Is there sufficient documentation on the server (administrator’s logbook and so on)?
■
Is the server physically secured within a server room or other area?
■
Are all services running on the server required?
■
Is someone assigned to keeping abreast of security threats/developments through cert.org or another site?
■
Is the boot menu password protected?
■
Are users aware of security policies regarding best practices for passwords?
■
Are currently installed packages up-to-date and known to be secure?
■
Is remote administration allowed?
■
What level of encryption is used for passwords?
■
Are certificates used, and, if so, what level of encryption is applied to them? 161
C H A P T E R 4 : Solutions to Exercises
Exercise 58: Illinois Lotto To install the packages requested on the SLES 9 server, follow these steps: 1. Log in as root and start YaST. 2. Choose Software and then Install and Remove Software. Search for
nmap and choose to install these packages: ■
nmap
■
nmap-gtk
3. Enter snort in the Search field and check it when it appears as well. 4. Click Accept. If any dependency messages appear, click Continue to add
them as well. 5. Swap CDs as prompted, and exit YaST upon completion. 6. Click the N at the bottom of the KDE Kicker and choose Internet,
Administration. This brings up the Nmap Front End, shown in Figure 4.59. You can now use/configure the utility as needed. FIGURE 4.59
Configure Nmap.
162
Exercise 60: Iowa Retirement Homes
7. To use the Snort utility, open a terminal session and type snort. This will
generate an error message that lists all the options that can be used with the utility.
Exercise 59: Indiana Reptiles To enable broadcasting for the cupsd daemon on the server, follow these steps: 1. Log in as root and start a terminal session. 2. Edit the /etc/cups/cupsd.conf to remove the comment character (#) in
front of the line BrowseAddress @LOCAL. 3. Save the file, and then type rccups restart to restart the daemon.
To add a CUPS administrative user with the name “cupsadmin,” follow these steps: 1. Log in as root and start a terminal session. 2. Type lppasswd -g sys -a cupsadmin. 3. Enter a password for the account, when prompted. Reenter the password
for the account, when prompted.
Exercise 60: Iowa Retirement Homes The list of items you generate that the customer should consider include the following: ■
Are all updates and patches current on the server? Is YOU automatically configured?
■
Is wireless in use? What type of encryption is employed on it?
■
Are all updates and patches current on the workstations?
■
Are the wiring closets secured?
■
Is there sufficient documentation on the server (administrator’s logbook and so on)?
■
How many know the root password? How often is it changed?
■
Is the server physically secured within a server room or other area?
163
C H A P T E R 4 : Solutions to Exercises
■
What files have SUID and SGID permissions set on them?
■
Are all the services that are running on the server truly required?
■
How often are log files audited? Who does the auditing?
■
Is someone assigned to keeping abreast of security threats/developments through cert.org or another site?
■
Who adds new users and groups, and how often is this done?
■
Is the boot menu password protected?
■
Are users aware of security policies regarding best practices for passwords?
■
Are currently installed packages current and known to be secure? How are administrators notified of updates to them?
■
Is remote administration allowed? How is it monitored?
■
What level of encryption is used for passwords?
■
Are certificates used, and, if so, what level of encryption is applied to them?
Exercise 61: Kansas Vets, Ltd. OpenSLP is installed by default on SLES 9. If it is not installed, you can do so with YaST by choosing Software and then Install and Remove Software. Search for openslp and choose to install the packages. To verify that openslp is locating the services that we expect it to, follow these steps: 1. Log in as root and start YaST. 2. Choose Network Services and then SLP Browser. 3. Choose the service types in the left column as shown in Figure 4.60. 4. Click Finish and exit YaST. 5. Open the web browser and set the address to slp:/, as shown in Figure
4.61. You can now browse the services registered by the slpd daemon.
164
Exercise 61: Kansas Vets, Ltd.
FIGURE 4.60
Configure the SLP Browser.
FIGURE 4.61
View the slp services.
165
C H A P T E R 4 : Solutions to Exercises
Exercise 62: Kentucky’s D S Technical To configure the Samba service as a PDC for the DSTECHNICAL domain, follow these steps: 1. Log in as root and start YaST. 2. Choose Network Services and then Samba Server. 3. A message might appear, as shown in Figure 4.62, indicating that pack-
ages need to be installed. Click Continue. FIGURE 4.62
Samba services need to be installed.
4. Insert and swap CDs as directed. 5. At the first Samba Installation dialog, choose the workgroup/domain and
click Next. 6. At the second Samba Installation dialog, shown in Figure 4.63, choose
PDC and click Next. 7. Complete the Samba configuration and click Finish.
TIP As with so many of the exercises, when you reach this point, you should test your configuration. As time allows on the actual practicum exam, testing what you have done can help put your mind at ease that you are proceeding successfully.
166
Exercise 63: Louisiana Fishing
FIGURE 4.63
Choose Primary Domain Controller.
Exercise 63: Louisiana Fishing Network traffic can be monitored in a number of ways. For Louisiana Fishing, one of the best approaches is to use ntop. The following steps install this utility and illustrate its usage: 1. Log in as root and start YaST. 2. Choose Software and then Install and Remove Software. Search for
ntop and choose to install the package. 3. Exit YaST upon completion of the installation. 4. Open a terminal session and type rcntop start to start the ntop
daemon. 5. A message will appear stating that the administrator password has not yet
been set. Type ntop
–A –u wwwrun.
6. Enter a password for the administrative user. Reenter the password when
prompted. Check to see if ntop is running (ps not, repeat the command in step 4.
–ef | grep ntop).
If
167
C H A P T E R 4 : Solutions to Exercises
7. Open Konqueror and go to http://localhost:3000 as shown in Figure
4.64. FIGURE 4.64
Access ntop through the browser.
8. On the first line of ntop, select All Protocols. 9. On the second line, select Traffic, and you will see a summary of all traf-
fic that has occurred since the program has been running. Select Throughput and Activity to gather statistics on those items. 10. You can log the data (Admin, Log), and shut down ntop (Admin,
Shutdown) from this interface as well.
Exercise 64: Maine Asylums, LLC The list of general firewall concepts that you generate for the customer should include the following: Pros:
168
■
Can prevent unwanted traffic from entering the network.
■
Can monitor outbound traffic as well as inbound.
Exercise 65: Maryland Programming
■
Can prevent unauthorized access or attacks.
■
Can be implemented in a variety of ways (packet filtering, application level, and so on).
■
Is relatively inexpensive to implement.
Cons: ■
Could prevent legitimate data from being received.
■
Can only protect at the layers it is targeting. A packet filter firewall, for example, is still susceptible to upper level attacks. This can lead to a false sense of security.
Implementing a firewall simply involves defining what you want to allow and disallow, and then installing and configuring the appropriate package for such.
Exercise 65: Maryland Programming The first order of business is to begin protecting any and all data that points to the intrusion. It is necessary to follow proper procedures and begin documenting everything in order to ■
Have any chance of prosecution
■
Be able to prevent a similar incident in the future
■
Identify everything that has been affected
An Incident Response Plan (IRP) should exist and be referenced immediately to see what steps should be followed after an incident has occurred. A chain of custody should be established and documented for all evidence gathered. The escalation policies, hopefully spelled out in the IRP, should be followed in order to notify the appropriate managers, IT personnel, and law enforcement, if necessary. After investigating the incident, and documenting as much as possible, the next order of business should be to restore the data and repair the damage. Depending on the level of the security breach, this could simply be a matter of copying a couple of files from backup media, or it could involve reformatting and reinstalling the entire operating system. To be fully prepared for such incidents, fake events should be conducted from time to time to make certain that all who should be involved know how to respond accordingly. Sites such as cert.org should be closely monitored for recommendations on how to respond and to be kept abreast of new threats. 169
C H A P T E R 4 : Solutions to Exercises
Exercise 66: Massachusetts Spammers The cryptographic options available with SLES 9 can be broken into two categories: symmetric and asymmetric. With symmetric encryption, the same key used to encrypt data is also used to decrypt it: The sender and the receiver both need the same key. Cryptographic standards using symmetric encryption include ■
Data Encryption Standard (DES)
■
Advanced Encryption Standard (AES)
■
Blowfish
With asymmetric encryption, two keys—not one—are used. The keys are mathematical opposites of each and are known as the public key and the private key. Because they are opposites, data encoded with the public key can only be decoded with the private key and data encoded with the private key can only be decoded with the public key. Cryptographic standards using asymmetric encryption include ■
Rivest Shamir Adleman (RSA)
■
Digital Signature Algorithm (DSA)
Digital signatures use asymmetric encryption to create an encrypted hash of the message being sent. The hash is sent to the recipient with the message, and the recipient generates a hash of their own. The public key is used to decrypt the hash sent with the message to see if the two hashes are the same—if they are, it can be reasoned that the message is original and was not altered. The only weakness in the system lies in verifying that the public key is legitimate, which is the role that certificate authorities (CAs) fulfill. Encryption schemes express security in terms of the number of bits used to encode the data. While older encryption schemes rely on 40 to 56 bits to encode data, 128 bits, or more, are more common today.
Exercise 67: Michigan Growers To restrict all DNS queries to hosts on your network segment, follow these steps: 1. Log in to the server and start YaST, authenticating as root if prompted. 2. Choose Network Services and then DNS Server.
170
Exercise 67: Michigan Growers
NOTE If DNS is already configured, you can skip to step 6. 3. At the Forwarder Settings, leave Set Forwarders Manually as the
default, configure the other fields, and click Next. 4. On the DNS Zones dialog, add the zone by clicking Add, and then click
Next. 5. On the Finish Wizard dialog, click Start DNS Server Expert
Configuration… 6. In the left frame, choose Basic Options. This will bring up the display
shown in Figure 4.65. FIGURE 4.65
Basic options for the DNS server.
7. Select allow-query in the Option drop-down list. 8. Type {allowedhosts; } in the Value field and click Add. 9. Click Finish.
171
C H A P T E R 4 : Solutions to Exercises
TIP You can test this configuration easily enough by trying to resolve the lab1 .dstechnical.com hostname. If all is working properly, you shouldn’t be able to do it.
Exercise 68: Minnesota River Authority To configure the DHCP daemon to send dynamic updates to the DNS server, follow these steps: 1. Log in as root and start YaST. 2. Choose Network Services and then DHCP Server. 3. Go to Global Settings and make certain that LDAP Support is not
checked. Create the TSIG keys. 4. Fill in the values for the Dynamic DHCP, as shown in Figure 4.66. FIGURE 4.66
Configure Dynamic DHCP.
172
Exercise 70: Missouri Knife and Scissor
5. Configure Dynamic DNS for the subnet in the expert settings on your
DHCP server. 6. Click Finish.
Exercise 69: Mississippi Diabetes Group There are any number of ways of writing a shell script that will accomplish this task. Because the user should be prompted for a filename, the read command should be used. To verify that the file exists, the test command should be used (which can be summoned by its [ alias). The –r option can be used to verify that it is readable. Last, if the file does not exist, the touch utility can be used to create it with a size of zero. Given those parameters, the following shell script will fulfill this role: #MDG.sh echo “Enter filename:” read filename if [ -r $filename ] then echo “File exists” else touch $filename echo “File created” fi
TIP There needs to be a space between filename and the ]; otherwise you will get an error message that line 3 is missing the ].
Exercise 70: Missouri Knife and Scissor The cron file entries that Missouri Knife and Scissor needs to run these scripts at their appropriate times are as follows: 0 6 * * 1 ABC 10 15 2 * * BCD 30 18 14 3 * CDE 30 18 15 9 * CDE 0,10,20,30,40,50 6-18 * * * DEF 5 12-16 * * 1-5 EFG
173
C H A P T E R 4 : Solutions to Exercises
The only tricky entry here is the one for CDE. Because the two dates to be run have nothing in common, the easiest method is to create two separate entries for it.
Exercise 71: Montana Expeditions Three actions need to take place to meet the needs of this customer. The first is to change the default permissions on all newly created files to 664. Subtracting that from 666 leaves a value of 002. To meet this requirement, edit the /etc/profile file and change the default entry umask 022 to umask 002. To change the permissions on all files currently in the /tmp directory to 751, the easiest solution is to open a terminal session, change to the /tmp directory, and use the command chmod 751 *. Last, to move the passwords from the /etc/shadow file to the /etc/passwd file, within the terminal session, use the command pwunconv (the opposite of which is pwconv).
Exercise 72: North Carolina Swimmers To install GNOME and make it available for the administrator when he logs in to the server, follow these steps: 1. Start YaST as the root user. 2. Choose Software and then Install and Remove Software. 3. Type gnome in the Search field and click Search. The results will resemble
Figure 4.67. 4. Check the gnome2-SuSE, gnome-applets, gnome-common, gnome-
desktop, gnome-libs, gnome-panel, gnome-print, gnome-session, gnome-terminal, and gnome-utils packages and click Accept. Click Continue to accept any automatic changes and insert any SLES 9 CDs needed if prompted. 5. Log out, and end the session. At the login prompt, the user can now
click Menu, followed by Session Type and GNOME. This will bring up that desktop (and make it default for subsequent logins), as shown in Figure 4.68.
174
Exercise 72: North Carolina Swimmers
FIGURE 4.67
Search for gnome-related packages.
FIGURE 4.68
The GNOME desktop is now installed and available.
175
C H A P T E R 4 : Solutions to Exercises
Exercise 73: North Dakota Plastics The easiest method for accomplishing this task is to right-click on the KDE desktop and choose Configure Desktop. This brings up the dialog box shown in Figure 4.69. FIGURE 4.69
Configure the desktop.
Click on Screen Saver in the left column and set the configuration settings as shown in Figure 4.70
176
Exercise 74: Nebraska Genealogy
FIGURE 4.70
Configure the screensaver to meet the customer’s needs.
Exercise 74: Nebraska Genealogy The following script will meet the requirements that were given: #Choices.sh clear PS3=”Please make your selection from the following choices: “ select item in ABC BCD CDE DEF Quit do case $item in ABC) echo “Program ABC will now be executed” ;; BCD) echo “Program BCD will now be executed” ;; CDE) echo “Program CDE will now be executed” ;; DEF) echo “Program DEF will now be executed” ;; Quit) break ;; *) echo “You must enter a number between 1 and 5.” ;; esac done
177
C H A P T E R 4 : Solutions to Exercises
Exercise 75: Nevada Design Any number of scripts can be written to perform this simple function. Because you only want a number, it is important to parse out any information other than that number. The first example follows: #Example1.sh grep –c “.” /etc/passwd
Another example would be: #Example2.sh wc –l /etc/passwd | cut –d” “ –f1
178
D
Index
A-B accessibility options, enabling, 9, 97-98 administration (remote) disabling, 21, 112 enabling (YaST), 49, 132-133 Access Control (ACLs), 34, 119-120 Apache web servers, configuring, 31, 116-117 application-level gateways, implementing, 71 archiving files general, 16, 105-106 with tar, 48, 131-132 asymmetric encryption, 170 backups automating with cron, 42-43, 127, 129 file systems, 48, 131-132 Novell Linux Desktop, creating, 19, 110-111 strategies, 48, 131-132 boot process (SLES), 9, 46, 131 breaches in security, 80, 169 bzip2, 27, 112-113
C certificate authorities (CAs), 170 CLS, 34, 119-120 command line accessing, 27, 112-113 network-related commands, 39, 125 executing commands, 27, 112-113 editors, 50, 134 tasks, 38, 125 testing network connections, 40, 125 viewing processes, 29, 115 command shells, 54, 139 compressing files, 16, 27, 105-106, 112-113 configuration files, 39, 125 cron, 42-43, 127-129 cryptography, 81, 170 CUPS, 74, 163
dependency conflicts, resolving, 160 desktops. See also GNOME and KDE configuring, 8, 94-96 editors, 53, 137-139 installing, 9, 97-98 sharing, 18, 107-108 DHCP servers, 63, 83, 149-151, 172-173 digital signatures, 170 directories, 27 deleting, 33, 118 managing, 112-113 mirroring with rsync, 52, 136 disk quotas, 36, 121-122 DNS servers, 64, 82, 151-153, 170-171
E-F email services, 65, 153-155 emergency disks, 110-111 Enterprise security policies, managing, 57, 142-143 faillog utility, 155 fdisk, 141 file ownerships/permissions, 35, 120 File Roller, 16, 105-106 file servers, configuring Samba Servers, 31, 116-117 implementing Samba, 77, 166 file systems backing up, 48, 131-132 configuring, 55, 141 files appending, 33, 118 archiving general, 16, 105-106 with tar, 48, 131-132 compressing, 16, 27, 105-106 copying, 27 creating/deleting, 33, 118 editing, 53, 137-139 finding, 28, 113-114 managing, 112-113 searching, 12, 101 viewing, 33, 118 firewalls configuring, 156 general concepts, 79, 168-169
179
G gateways (application-level), 71 global user accounts, 8, 94-96 GNOME installing, 87, 174 searching with, 101 shortcuts, 9, 97-98 Grep, 38, 125 GRUB boot loader, 56, 141-142 GUI Help, 45, 130-131 viewing processes, 29, 115 gzip, 27, 112-113
H-I-J hardware, adding in SLES 9, 51, 134-135 configurations, 28, 113-114 Help (GUI-based), 45, 130-131 host security, 73, 86, 162-163, 174 hostname, configuring, 39, 125 -i parameter, 116 info pages, 45, 130-131 intruders, detecting, 66, 155-156 IP tool, 40, 125 jobs. See processes
K-L KDE as default interface, 7 installing, 91-93 shortcuts, creating, 14, 103-104 searching with, 101 SMB printers, installing, 13, 102-103 launchers, 10, 99-100 Linux text editors, 54, 139 log-ins, monitoring, 125 logging service, utilizing, 47, 131 Logical Volume Management (LVM), 55, 141 login shell, changing, 8, 94-96 logs (start logs), 21, 112
M-N man pages, 45, 130-131 mirroring directories, 52, 136 multitasking, 29, 115 multiuser processes, 29, 115
180
name resolution, configuring, 39, 125 NAT, 67 networks commands, 39, 125 configurations, 53, 137-139 devices, 40, 125 implementing security, 75, 163-164 installations, 31, 116-117 managing resources, 49, 132-133 monitoring traffic, 78, 167-168 network printing with CUPS, 74, 163 printing services, managing, 51, 134-135 ntop, 167-168 ntp.conf files, 143
O-P OpenLDAP, 58, 143 OpenSLP, 76, 164 OpenSSH, 49, 132-133 ownerships (file), managing, 35, 120 packet filters, 67, 156 partitions adding space during installation, 92 configuring, 55, 141 resizing, 20, 111-112 passwords changing, 11, 100 encrypting, 7-8, 91-96 permissions (file), 35, 120 piping, 38, 125 printers installing, 51, 134-135 local printers, 14, 103-104 SMB printers, 13, 102-103 printing implementing Samba, 77, 166 utilizing CUPS, 74, 163 processes killing, 17, 106 managing and monitoring, 29, 115 scheduling, 42-43, 127-129 proxy servers, 68, 156-157
Q-R -r option, 173 read command, 173 Red Carpet, 105 release notes, accessing, 45, 130-131 remote access, 49, 132-133
remote administration disabling, 21, 112 enabling, 49, 132-133 remote desktops, sharing, 18, 107-108 rescue floppies, creating, 19, 110-111 restoring file systems, 48, 131-132 routers, 125 managing, 39, 67 setting up, 40 RPM, 30, 115 rsync, 52, 136 runlevels, 34, 119-120
S Samba implementing, 77, 166 configuring as a file server, 31, 116-117 screensavers, configuring, 176 screenshots, capturing, 29, 115 script elements, 44, 130 scripting techniques, 50, 134 security cryptography, 81, 170 detecting intruders, 66, 155-156 firewalls, 79, 168-169 implementing, 88, 176 host security, 73, 86, 162-163, 174 networks, 75, 163-164 managing Enterprise security policies, 57, 142-143 responding to breaches, 80, 169 reviewing, 72, 161 staying informed, 45, 130-131 security settings, 37, 122-123 servers DHCP servers, configuring, 63, 83, 149-151, 172-173 DNS servers, configuring, 64, 82, 151-153, 170-171 limiting physical access, 56, 141-142 web application servers, implementing, 70, 160 sharing printers, 51, 134-135 remote desktops, 18, 107-108 shortcuts GNOME shortcuts, 9, 97-98 KDE shortcuts, 14, 103-104 SLES 9 boot process, 46, 131 hardware, adding, 51, 134-135
installing, 61, 87, 144-147, 174 system configuration, 62, 84-90, 148, 173-178 updating, 41, 126 SQUID proxy servers, 68, 156-157 start logs, checking, 21, 112 su -, 151 SUSE Linux Enterprise Time server, 57, 142-143 Switch User option, 96 system logging services, 47, 131 system settings, modifying, 58, 143
T tar files, archiving, 48, 131-132 terminal windows, 11, 100 test command, 173 text editors (Linux), utilizing, 54, 139 time on a server configuring, 57, 142-143 Tomcat, 70, 160 touch utility, 173
U -U parameter, utilizing, 116 updates Novell Linux Desktop, 104-105 security updates, applying, 37, 122-123 SLES 9, 41, 126 YOU, 41, 126 user accounts managing, 31, 116-117 settings, changing, 8, 94-96 user environments, 42-43, 127-129 users adding, 8, 94-96 CUPS, 74, 163 during installation, 7, 91-93 managing, 31, 116-117
V-W variable substitution operators, utilizing, 50, 134 variables, treating as numbers, 130 VPN connections, 69, 158-160 web application servers (Tomcat), 70, 160 web servers (Apache), 31, 116-117 white papers, 45, 130-131
181
X-Y-Z YaST configuring security settings, 37, 122-123 disk quotas, 121 enabling remote administration, 49, 132-133 resizing partitions, 111-112 updating with, 104 users, 94-96 VPN connections, implementing, 69, 158-160 YaST Online Update Server (YOU), 41, 126 YaST2 hardware configurations, 28, 113-114 network configurations, 53, 137-139 user accounts, 31, 116-117
182
Tasks and Objectives at a Glance (continued from Inside Front Cover) CHAPTER 2
CHAPTER 2
SUSE LINUX Enterprise Server 9 (continued)
SUSE LINUX Enterprise Server 9 (continued)
OBJECTIVE
OBJECTIVE
EXERCISE #
Managing and Securing the Linux User Environment Managing File Permissions and Ownership Managing Linux Users and Groups Managing Processes Managing Resources on the Network Managing RPM Software Packages Managing Runlevels Managing Software Updates with YaST Online Update Server (YOU) Managing the Network Configuration from YaST2 Managing User Accounts Managing User Accounts with YaST2 Managing the GRUB Boot Loader Mirroring Directories with rsync Modifying System Settings Monitoring Processes Multiuser Processes and Multitasking in the Linux System Obtaining Hardware Configuration Information from YaST2 Piping and Redirection Providing Secure Remote Access with OpenSSH Saving Routing Settings to a Configuration File Scheduling Jobs Securing Files and Directories with Permissions Setting Up and Configure Disk Quotas Setting Up Network Devices with the IP Tool Setting Up Routing with the IP Tool Testing the Network Connection with Command-Line Tools Testing the Network Interface Troubleshooting the Boot Process of a SLES 9 System Updating the SLES 9 Installation Using ACLS for Advanced Access Control Using Advanced Scripting Techniques Using Basic Script Elements
30 23 20 18 36 19 22 29 40 20 20 43 39 45 18 18 17 26 36 27 30 23 24 28 28 28 28 33 29 22 37 31
EXERCISE #
Using Command-Line Editors to Edit Using Desktop Editors to Edit Files in the Linux System Using grep to Search File Content Using GUI-based Help in the Linux System Using info Pages Using System Logging Services Using Variable Substitution Operators Viewing Processes from the GUI and the Command-Line Interface
37 40 26 32 32 34 37 18
CHAPTER 3
Advanced SUSE LINUX Enterprise Server 9 OBJECTIVE
EXERCISE #
Configuring a DHCP Server 48, 68 Configuring a DNS Server 49, 67 Configuring Email Services 50 Detecting Intruders 51 Implementing a Packet Filter 52 Implementing a Proxy Server with SQUID 53 Implementing a VPN 54 Implementing a Web Application Server with Tomcat 55 Implementing an Application-Level Gateway 56 Implementing General Security Practices 57, 73 Implementing Host Security 58, 71 Implementing Network Printing Using CUPS 59 Implementing Network Security 60 Implementing OpenSLP 61 Implementing Samba to Provide File and Print Services 62 Install SLES 9 46, 72 Managing the SLES 9 System Configuration 47, 69, 70, 74, 75 Monitoring Traffic on Your Network 63 Relating General Firewall Concepts 64 Responding to Security Breaches 65 Securing Services with Cryptography 66 Using YaST Throughout
DVD Includes Side 1: Novell® Linux Desktop 9 Evaluation Version
Side 2: SUSE™ LINUX Enterprise Server 9 Evaluation Version
Installation instructions at: www.novell.com/products/desktop/eval.html
Installation instructions at: www.novell.com/products/linuxenterpriseserver/eval.html