Professional Documents
Culture Documents
com
LINUX Admin Quick Reference /etc/NETWORKING
(Slackware) May change manually.
Jialong He
Jialong_he@bigfoot.com /etc/sysconfig/network NFS File Sharing
http://www.bigfoot.com/~jialong_he (Redhat)
Files
specify name server, DNS domain and
User Management search order. For Example: /etc/fstab file systems mounted during boot.
etc/resolv.conf search la.asu.edu
Files nameserver 129.219.17.200
/etc/exports NFS server export list.
useradd, userdel, create, delete, modify an new user or update ifconfig PRINTER Environment variable of default printer.
/sbin/route add -net ${NETWORK} netmask
usermod default new user information.. ${NETMASK} eth0 /dev/lp0 parallel port.
newusers update and create new users (batch mode).
/sbin/route add default gw ${GATEWAY} netmask Commands
groupadd, groupdel, add, delete or modify group. 0.0.0.0 metric 1
groupmod line printer control program, print queue
lpc, lpq, lprm maintain
host lookup host name or IP (similar to nslookup).
modify account policy (password length,
expire data etc.) or finger information (full dnsdomainname show DNS domain name.
chage. ch fn, chsh
name, phone number etc.) change default login arping; arp find out Ethernet address by first arping then arp. Sendmail
shell.
ipchains firewall and NAT (/etc/sysconfig/ipchains on Redhat) Files
gain root access during boot prompt without
linux init=/bin/sh rw iptables firewall and NAT (/etc/sysconfig/iptables on Redhat)
password, can be used to fix some problems. “sendmail.cf” is the configuration file. “sendmail.mc” is
mount –w -n –o remount / sendmail.cf a macro file which can be used to generate “sendmail.cf”
sendmail.mc by: m4 sendmail.mc > sendmail.cf
Redhat files in /etc/sysconfig
mail aliases, must run “newaliases” after change. use
Network Configuration Configuration Files aliases :include: to include external list in a file.
Files keyboard map, e.g., mail access control, FEATURE(access_db) should be set
keyboard KEYBOARD=”/usr/lib/kdb/keytables/us.map” in sendmail.mc. For example, in /etc/mail/access
/etc/rc.d/rc.inet1
(Slackware) IP address, Network mask, Default gateway cyberpromo.com REJECT
Mouse type, e.g.,
/etc/sysconfig/nework- are in these files. May edit manually to access mydomain.com RELAY
mouse MOUSETYPE=Microsoft spam@somewhere.com DISCARD
scripts/ifcfg-eth0 (Redhat) modify network parameters. XEMU3=yes
network settings, contains makemap hash /etc/mail/access < /etc/mail/access
/etc/HOSTNAME hostname is set by “/bin/hostname” during network NETWORKING=yes
/etc/mail/relay- list all host/domain accepted for relaying.
domains Manage Modules crontab show or edit cron jobs.
Files /etc/shells allowed login shells save a man page as a text file and remove control
man cmd | col –b
characters.
/etc/ftpusers user names NOT allowed to use ftp. >cmd.txt
httpd.conf Apache web server configuration file.
/etc/host.allow
smb.conf Samba server (file and print for Windows).
/etc/host.deny
TCP wrapper host control files. Configure Apache 2.0 with SSL
lilo.conf LILO boot loder configuration file. mod_ssl
/etc/sysconfig contains system configuration files.
syslog.conf System log daemon (syslogd) configuration. (redhat) (1) when compile apache, specify –enable-ssl for configure script.
ssh_config SSH client and server configuration files. /dev/fd0 floppy drive A By default, ssl is not enabled. After compiling, use “httpd –l”
sshd_config to list the modules. “mod_ssl” should be in them.
/etc/inittab system run level control file. (2) generate private key with command:
ld.so.conf default dynamic library search path (run /etc/init.d openssl genrsa -out server.key 1024
ldconfig).
mtool configuration file (access DOS file).
Commands (3) generate certificate request
mtools.conf
fromdos, todos openssl req -new -key server.key -out server.csr
named.conf DNS name server (BIND).
(Slackware)
sysctl.conf kernel parameters by sysctl (Redhat). dos2unix, convert text file from/to linux format. (4) generate self-signed certificate
unix2dos openssl x509 -req -days 60 -in server.csr -signkey server.key -out
ntp.conf net time server. server.crt
(Redhat)
inetd.conf Internet super server.
pwck, grpck verify integrity of password and group files. (5) modify “ssl.conf” which is included in “httpd.conf”. Note,
Xinetd.conf, Xinet.d Extended inetd configuration. specify “httpd –DSSL”, otherwise, commented out <IfDefine SSL>
pwconv,
directory in ssl.conf.
pwunconv, convert to and from shadow passwords and groups.
proftpd.conf proftpd FTP server. grpconv,
amanda.conf network backup server. grpuncov
shadowconfig toggle shadow passwords on and off.
Syslog.conf
/etc/pine.conf PINE mail client system wide settings.
/etc/pine.conf.fixed quota, Each line consists of a selector and an action. A selector has two parts:
edquota, facilities and priorites, separated by a period (.),You may precede every
quotacheck, priority with an equation sign (``='') to specify only this single priority
Manage disk quota.
Rebuild Kernel quotaon, and not any of the above. You may also (both is valid, too) precede the
quotaoff, priority with an exclamation mark (``!'') to ignore all that priorities, either
Configure Kernel Parameters repquota, exact this one or this and any higher priority.
make config Configuring the kernel with interactive, menu lilo -D dos set LILO default OS (default=dos in lilo.conf) Example:
make menuconfig mail.notice /var/log/mail # log to a file
or X window interface. ldd find out shared library dependencies. *.emerg @myhost.mydomain.org # log to remote host
make xconfig
lsof list opened files.
Compile Kernel Source auth, auth-priv, cron, daemon, kern, lpr, mail, mark,
fuser filename show processes that using the file.
facilities news, syslog, user, uucp, local0 – local7.
make dep
ifdown bring up/down a network interface (Redhat)
make zImage priorities debug, info, notice, warning, err, crit, alert, emerg.
Building and installing a new kernel. ifup
make zdisk
make zlilo sysctl configure kernel parameters (Redhat). Regular File:
action File with full pathname beginning with “/”.
make bzImage list opened socked.
socklist
Compile Modules Terminal and Console:
shutdown [–r|h] Specify a tty, same with /dev/console.
now reboot / halt computer
make modules Building and installing modules. Remote Machine:
make modules_install @myhost.mydomain.org
nmap scan a host for opened ports.
IPtables (Netfilter) -insert | -I Inserts a rule in a chain at a particular point. X Window (XFree86)
Command Syntax Other commands: Files
(1) --new | -N (2) --delete | -D (3) --replace | -D (4) --zero | -Z To set screen resolution, in “Screen” section and Subsection “Display”,
iptables [-t <table >] <command > <chain > <parameters> (5) –check | -C (6) delete-chain | -X (7) rename-chain | -E specify a mode. For example: Modes “1024x768”
Save and Restore rules
/sbin/iptables-save > /etc/sysconfig/iptables Parameters To specify screen refresh rate, in “Monitor” section, specify vertical rate.
/sbin/iptables-restore < /etc/sysconfig/iptables For example: VertRefresh 70-120
--proto | -p [!] name protocol: by number or name, including tcp,
Firewall script sample udp, icmp or all. /etc/X11/xinit/xinitrc clients to run after X server started
http://tiger.la.asu.edu/iptables_examples.htm $HOME/.xinitrc
--source | -s [!] addr/mask source IP address.
/etc/X11/fs/config configure X11 font path (font server).
Build-in Table --destination | -d addr/mask destination IP address.
filter This is the default table for handling network packets. Build- --in-interface | -i incoming interface name, e.g. eth0 or ppp0. Commands
in chains are: outgoing interface name. startx start X window system.
--out-interface | -o
1. INPUT — This chain applies to packets received
via a network interface. --jump | -j jump to a particular target when matching a Xconfigurator
2. OUTPUT — This chain applies to packets sent rule. Standard options: ACCEPT, DROP, (Redhat)
out via the same network interface which received QUEUE, RETURN, REJECT. May jump xfree86setup setup X server and generate XF86config.
the packets. to a user defined chain. (Slackware)
3. FORWARD — This chain applies to packets xf86config
--fragment | -f match second or further fragments only.
received on one network interface and sent out on XFreee86 auto configuration (Plug-n-Play),
XFree86 -configure
Options for TCP and UDP protocol
another. generate a template named “XF86Config.new”
nat This table used to alter packets that create a new connection. Ctrl+Alt+Del stop X server (on some system Ctrl+Alt+ESC).
Build-in chains: --sport | --source-port source and/or destination port. Can specify a
1. PREROUTING — This chain alters packets Ctrl+Alt+F1 F1 temporary switch to text mode, F7 switch
--dport | destination-port range like 0:65535, use exclamation back to graphic mode.
received via a network interface when they arrive. Ctrl+Alt+F7
character (!) to NOT match ports.
2. OUTPUT — This chain alters locally -generated SuperProbe detect graphic hardware.
packets before they are routed via a network
interface.
Options for TCP only xvidtune adjust X server origin and size.
3. POSTROUTING — This chain alters packets --syn Match SYN packets. xmodmap modifying key map and mouse button map.
before they are sent out via a network interface. xhost server access control program for X.
## Masquerade everything out ppp0. --tcp-flags Match TCP packets with specific bits set. For example, -p
iptables -t nat -A POSTROUTING -o ppp0 -j tcp –tcp-flags ACK,FIN,SYN SYN will only match TCP xsetroot root window parameter setting utility for X.
MASQUERADE packets that have the SYN flag set and the ACK and FIN
flags unset. xlsfonts server font list displayer for X.
## Change source addresses to 1.2.3.4. xset ser preference utility for X.
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to Options for ICMP only
1.2.3.4
--icmp-type [!] type Match specified ICMP type. Valid ICMP type can be XF86Config
mangle This table is used for specific types of packet alteration. list by
Build-in chains:
iptables –p icmp -h
1. PREROUTING — This chain alters packets
ServerLayout Section
ServerLayout section binds a Screen section and one or more InputSection
to form a complete configuration. The active ServerLayout section is
specified in ServerFlags. If not, the first ServerLayout section is active. If no
ServerLayout sections are present, the single active screen and two active
(core) input devices are selected as described in the relevant sections.