Linux System Administration- a Duide to Services and Duties of Administration, from the Ground Up

Overview:
Advantages of Linux Over Other Operating Systems
Distributions
Getting Started
Configuring Linux
Your Friend, the Shell
An Overview of System Services
The DHCPD Server
The Apache HTTP Server
The BIND DNS Server
The Secure Shell Server
The Pro-FTPD Server
The Samba SMB Server
Assorted Servers and Services
Securing Your Linux System
Customizing Your Linux Kernel
Appendix A: Common Linux Commands

Advantages of Linux over other Operating Systems

Linux has *MANY* advantages over other Operating Systems (OSes). Here are some of the advantages:

* Portable- can be ported to most platforms.
* Stable- can run for years without having to reboot the OS.
* Better Networking- Linux was developed with networking in mind, thus it has a better TCP/IP stack than most other OSes.
* Compatibility- Linux can even be used as a Microsoft shared file server (NETBIOS), thanks to the Samba project.
* Performance- Linux is a fast, light OS that can be customized to the hardware of a particular server, allowing it to run faster than Windows NT, and many other OSes.
* Open Source- Linux is completely open source, as well as the majority of its services, if you don't like how a program operates, you can simply change it.
* Low Cost- Linux is free, and will always be free, thanks to the GNU Public Licence, the legal licence that governs over it, preventing anyone from selling Linux, and not making it available for free.
* Small Kernel- The Linux kernel is about 25 MB. It can run on a 486 with 8 MB of RAM.

Now then, what are the disadvantages of using Linux? In a server environment, there are few, if any. The main problems that Linux does have, however, pertain to lack of hardware support (video cards, which are not needed for a server, plain text will do fine). Also, there are some driver problems with Windows-based hardware, such as "Win Modems". Again, this is not a problem in a server environment, who would want to use a software-based modem in a server? Another disadvantage to Linux is lack of software support, such as in productivity software, and games. Yet again, this is not needed in a server. So therefore, Linux has numerous advantages over many other OSes, and very few disadvantages.

Distributions

Linux is distributed through several companies, and each company has a different idea of how Linux should be used. Here is a list of some of the more popular Linux distributions, and their strengths/weaknesses:

Red Hat Linux
Red Hat Linux caters itself to the server market. It is the #1 Linux distributor.
Advantages:
Red Hat is easy to install, and easy to update, thanks to the up2date package from Red Hat, which checks for programs that are out of date. Also, the Redhat Package Manager (RPM) format allows easy install of software.
Disadvantages:
The RPM format uses pre-compiled programs, which may be unsuitable for a faster running server (if you custom compile the program, it runs faster under most circumstances). However, source code RPM packages do exist, and they are called SRPMs (the S stands for source). Also, for a server system to be set up properly (with as much customization as possible), the system must be configured after the install.

Debian GNU/Linux
Debian GNU/Linux uses mostly GNU software (mostly open source), hence the name Debian GNU/Linux.
Advantages:
Debian allows customization of software in the installation procedure, allowing post-install configuration to be limited. Debian includes the dselect program, which allows packages with dependencies on other packages to be excluded or included. It also includes its own alternative to the RMP format, known as a .deb package, or Debian Package.
Disadvantages:
Debian is for the most part harder to install than most other distributions.

Slackware
Slackware is not as popular as Debian or Red Hat Linux, but it still warrants mention.
Advantages:
Slackware is easier to install than Debian, and easier to maintain. It aims for closeness to the original UNIX, while maintaining Linux compatibility. Also, one of their distributions, Zip Slack is only 100 MB, and it can fit on either a zip disk, or a cdrom, if someone wants to look at it before they decide to go with Slackware.
Disadvantages:
Slackware doesn't have a distribution-specific package. Slackware is prone to instability also, which makes it un-fit for a server environment. In addition to all of this, Slackware lacks a security updates page, so it is further unfitting for a server environment.

SuSE
SuSE, a German-based company, also aims towards simplicity.
Advantages:
SuSE is very simple to install, and to configure. It is compatible with RPM formats.
Disadvantages:
SuSE is mostly GUI-driven, and it has a high memory cost. The recommended requirements for memory is 48 MB without the GUI installer. Also, SuSE's security section isn't version-specific, meaning that all exploits are listed, leaving the novice at a loss as to whether or not they are affected.

The above listed distributions are by far the most popular, but by no means the end of the list. For more distribution information, refer to linux.com.

Getting Started

Once you have selected the desired distribution, you should then write down all specifics regarding your hardware. Also, if you are planning on dual-booting (running multiple OSes on one server), then you will have to make an empty partition, or better yet, just make empty space. However, dual booting in a server environment is probably not what most people will go with, as the server must be up constantly.

Specifics to write down include your network interface(s), the IP address(es), any SCSI adapter make and model, and of course the CPU and motherboard (some motherboards require special bux fixes to work around errors, but most likely if it is a quality motherboard, a bug fix is not needed). Since video and sound are not recommended for a server environment , after all why do you need a Graphical User Interface (GUI) for a server? Also, multimedia applications in a server environment are pointless. So, either don't put a sound card in the server (saves you $20), or just don't configure it. Also, the X Window system (GUI for Linux) uses up some resources, so you will have a faster server if you leave out the GUI altogether.

Something else you should have in mind is what role(s) is this server going to have? Is it going go have a HTTP server, a FTP server, a SMTP server, a SSH server, or another server? Write down all the intended uses of your sever before installing the OS, this will save you headache when you are "rooted" (when an attacker gains root, or superuser privileges), due to forgetting that an old version of sendmail was running on a HTTP server. Also, it increases performance, as the extra running services take up system resources. Also, what programs will you be using (or your users)? Will emacs be used (emacs is a text editor that is very powerful, but at the same time takes up resources)? Will a MTA (Mail Transport Agent, program that sends mail) be used? Will any programming compilers be used? Write down a list of all the packages that you feel are needed for your server. There are two main reasons why you should do this. The first reason is that the extra packages take up disk space, which is valuable in a server. The second reason is that extra programs create extra worries, dealing with security. If there is an exploit for a program that you have, you must update it. Therefore, the philosophy with software is that the less that you install, the less you have to worry about. Worst-case scenario, if a user requests a legitimate program, you can later install it.

So, before installing, make a list of hardware details, and of what software you wish to install. Then, enter in the information when requested, this varies from distribution to distribution. Make sure to create a boot disk when asked, as this is generally a good idea, LILO (the boot manager for Linux), sometimes has problems with large hard drives on older computers. Once the distribution is installed, you are asked to reboot, and then you will see a nice little login prompt. Now is where the real fun begins.

Configuring Linux

Once at the login prompt, login as root. Supply the password that you entered at the install phase. Now you can create more users, including less privileged ones, for test purposes (security), and for general use purposes (if this server will double as a workstation). You can do that with the useradd command, which will create the user only. For instance, to create a user named bob, you would enter:
useradd bob
Now, your user needs a password, you may set this using the passwd command, with their name as an argument, for instance:
passwd bob
You will then be asked for a password, and the system will warn you if it is too short (a large security risk, which will be discussed in the security section). Now then, we need to add bob to a group, lets make a new group, and name it friends:
groupadd bob.
This will create the requested group, with a GID (Group ID) as a number higher than 500 or so. The GID is a numerical number that is used to identify the group to the system. All groups under 500 are considered system groups. The lower the number is, the more privileged the group is (this is a convention only). For instance, the root group has a GID of 0. This is as low as it can go, so the root group is really powerful. Also, there are UIDs, or User IDs. These numbers work in the same exact way as GIDs, except that they identify users. Again, it is convention to use above 500 for non-privileged users. Also, the UID for root is 0. To change a UID, or GID, you will type (to open the /etc/group file for changing GIDs):
vi /etc/group
This will invoke the vi editor, a powerful text editor for Linux and UNIX. To insert text, press the insert key. Then, move down the list using the down arrow key on your keyboard, and so forth for left, right, and up. To change text, move to the desired position, and press delete to erase a character, as desired. Then, you may enter in new text, as desired. To exit and save your changes,first hit escape, then type:
:write
Type that with the ":", as that invokes the command mode of vi. Then, type to exit:
:exit
This is the beauty of Linux, you can edit configuration files that pertain to system services and the actual system, thus giving you more control. Now then, lets say that you wanted to insert a name for our friend bob:
vi /etc/passwd
This will again open our editor, vi. Now then, look at the columns of data that are presented here. So many options! Lets start with a given example line that you might see:
bob:x:500:501::/home/bob:/bin/bash
There are 7 fields in this line, each field is separated by a colon. The first field is the username, in our case bob. The second field is the password, which is always set to "x" when shadow passwords are enabled, which will be further described in the security section. The third field is the UID. The fourth field is the GID. The sixth field is the user's name, which can be any plain text, with spaces. For example, our entry would look like this if we called bob Bob the Slob:
bob:x:500:501:Bob the Slob:/home/bob:/bin/bash
Thus, our user bob's name to the Linux system is now Bob the Slob. The seventh field is the user's home directory, where the user is allowed to write to the hard drive in this space, and where their configuration files are kept. If you do not see this line, don't be frightened, you can add it now, and then type the following commands:
mkdir /home/bob
chown bob /home/bob
The "mkdir" command makes any given directory, if you have the permissions. The "chown" command makes that directory or file set as owner by a given user. The last line in /etc/passwd is the shell, which is normally the BASH, or Bourne Again SHell. This is by far one of the most popular shells, and my personal favorite, for compatibility.
System startup files are in the /etc/init.d directory. These files control all services started, one service you might want to stop is the mouse daemon (a daemon is similar to a DOS TSR, it is a program that runs in the background). It frees up a little more resources, and besides, why would you need a mouse daemon in text mode? To view the contents of a script (a script is a text file that is executed, like a batch file in DOS), just type:
cat scriptname
Where scriptname is the name of the script. To display all the scripts, type:
ls
This will generate a listing (hence the 'ls' command) of all the files in that directory, you may wish to use a pipe (the | key) to redirect it to the more command, to where you can hit the space bar to scroll down a screen, to do this, type:
ls | more
An easy way to configure Linux is through linuxconf. To start linuxconf, simply enter:
linuxconf
Linuxconf contains a host of options, from configuring the network devices, to configuring user accounts. It is recommended that you start using linuxconf while you are still new to Linux, but that you learn how to perform given tasks (such as network device configuration) later on, as you will learn how to get more customization out of your Linux system. Also, linuxconf must be installed to work, so if you are ever in a limited environment (cannot install linuxconf), you will have to learn to perform a given task manually anyways.
Installing software in Linux is incredibly easy. Lets say that you want to visit a given website, for instance, www.developer.com and download the latest version of their software. To visit websites in Linux (text-based only), you may invoke Lynx, a nice browser for Linux. Simply type:
lynx www.developer.com
You will then be taken to the manufacturer's website. Press 'h' to view all help, such as navigational procedures. Now then, lets say that you've downloaded the new software, and saved it in your home directory. There are two three main formats this package may be in, the first is an RPM. To install a RPM, exit out of lynx by pressing 'q'. Then, type:
ls
This will show you the contents of the current directory, the package should be in that listing. Then, type:
rpm -i packagename
Where packagename is the name of the package. This will automatically install the software. The other two formats (most popular anyways) are the .tar and .tar.gz packages. The difference is that .tar is not compressed, whereas .tar.gz is (.tar.gz may be abbreviated by .gz). To uncompress a .gz, or a .tar.gz, simply type:
gunzip packagename
This will now change it to a .tar format, which you can now extract via the following command:
tar -xvf packagename
This will extract all the files in the package, and place them in a directory, usually named after the package. Perform a 'ls' to verify the new directory name, usually in blue if colors are enabled. Then, type:
cd directoryname
To enter that directory, then perform a 'ls', and look for any files that pertain to README, be it README.txt, README, etc. Then, type:
cat README | more
Where README is the name of the file. This will redirect the output to the 'more' command, which will enable you to page through the file, press the space bar to go forward a page, and 'q' to quit. This file is important, it gives you the directions to install the software. As you can see, RPM formats are a bit easier to install, but .tar and .tar.gz (both are often called tarballs) are the most common formats, as it is easier to make than a RPM file. This concludes configuration of Linux, if you have an error, or wish to configure it more, you may visit linuxnewbie.com, or you may contact me. Throughout this tutorial, I have used redirectors (the '|' key is one). Now, we will take an in-depth look at the shell, your interface to Linux.

Your Friend, the Shell

Okay, so you have this $ thing. What is this? First of all, the dollar sign you see is a prompt, the remote server is waiting for you do do something. Type the following, and press ENTER:
echo "hello." Nice, you now can print stuff, kinda useless, eh? Not hardly. The beauty of *NIX is that it combines many small programs that just do one thing, so that you can combine them to perform a complex task. Now, lets start with taking a look at what's in our home directory (the path default):
ls -l
The -l specifies to print a long list, showing file permissions, the name, the date, the size, etc. This is similar to the "dir" command in DOS, but it is more powerful. Okay, now lets edit the following file, either using vi or joe:
vi .bash_profile
  or:
joe .bash_profile
This opens the file that is run every time you log in. scroll to the bottom and type : echo "Welcome to my account."
and press for vi:
(The escape key)
:write
:quit
and for joe:
Control K + X
Congratulations! You've just edited your first Linux configuration file, a common, and thus needed skill. You may wish to re-login, or you can simply type the following:
sh .bash_profile
The "sh" command invokes a shell, which reads the file specified as if it were a script (which it is). We will delve into this later. For now, lets make a listing of our directory, then save it to a file, so we can look at it later:
ls -l > ls_1.txt
What this does is it redirects the output of the command 'ls -l' to a file, which is ls_1.txt. The ">" redirector does this. Now, lets take a look at that file. We just want to see what's in the file, not edit it, so we'll type:
cat ls_1.txt
If the output is too long, we can use another redirector, the pipe. This is located usually on the same key as the backspace key. It is a little vertical line. Lets make it to where the output of the 'cat' will go to another program, which is 'more':
cat ls_1.txt | more
This makes it to where you can page through it using the space bar, this is handy when the file specified is too big to show it all on one screen, use the space bar to page through a screen at a time...nice. Now, then, we shall cover another simple command, the who, or w command (either will work):
w
The "w" or "who" command will output a list of all logged in users, their task(s), when they logged in, etc. Nice. Lets suppose though that we wanted to use a single command to output the task(s) of our friend, john:
w | grep "john"
You will remember, the "|" operator redirects the output of 'w' to 'grep "john"', grep is a tool that searches for text in a file, or whatever input is. For instance, if you wanted to write a file of current users and their tasks, and then search that for john:
w > users.txt
cat users.txt | grep "john"
As you will recall from earlier, cat displays the contents of a file, when piped to grep, grep searches for and displays any strings having john in them. Now then, lets cover another file, .bash_history. .bash_history is exactly that, it is the history of all BASH commands inputted, lets display it:
cat .bash_history
You can pipe it to more command if you wish, so you can page through it. Nice. Now then, lets say that we want to copy the .bash_history file to bash.history.bkup:
cp .bash_history bash.history.bkup
This will duplicate the file, so we now have two copies. Well, what if we want to rename that file (the backup) to bash.history:
mv bash.history.bkup bash.history
The mv command moves files, what we are doing is moving it from one name in your home directory (we'll cover this soon), to the same directory, under a different name. Now then, whats this home directory stuff? As specified in /etc/passwd, your home directory is the directory that you are placed in when you login. You usually have full permissions of this directory, lets see what your home directory is:
echo ${HOME}
The echo command, which we've already covered, prints the ${HOME}, but what is that? That is called a shell variable. $ means that it is a variable, {HOME} specifies that it is the variable named HOME. Lets make a new directory in your home directory, first we will switch to that directory:
cd ${HOME}
The cd command means change directory. It changes the user's current directory for the directory specified. Now, lets make the new directory:
mkdir TEST
The mkdir command makes a directory, under the name TEST. Now then, lets change directories to that directory:
cd TEST
Now we are in that directory. Nice. Now, we'll back out of this one, returning to the parent directory, or the directory above this one:
cd ..
The ".." specifies to move back one directory. To verify that we are in your home directory, we will display the current dir:
pwd
The pwd command displays the present working directory. Okay, now lets copy the backup of our history file to the TEST directory:
cp bash.history TEST
The cp command once again copies it to a location, this time a directory. Perform a 'cd' to that directory, then do an 'ls' to see the contents:
cd TEST
ls -l
The -l option gives a long list, without -l simply shows the file names. Okay, lets create a file, test.txt containing the string 'This is a test.' :
echo "This is a test." > test.txt
Now you can cat it if you wish, but the main reason we created this is to cover the next subject, chmod. Chmod changes a file's permissions, which can be tricky at first, but is *IMPORTANT* for basic security. In order to do this, you need to know binary, or you can use the simpler string format, which we will use in this example, I don't want to confuse anyone this soon, if you want to know how to use chmod, check out the man page (you'll learn about this later, too). Now then, chmod follows the following syntax:
chmod (permissions) (file)
u means the current user
g means the user's group
a means all users
- means take away this privilege
+ means give this privilege
= means that this will be the only permissions this file will have
r means that you can read the file
w means you can write to it
x means that you can execute it
User permissions are displayed as:
-rwxrwxrwx
The first bit, or character is a special one, used to run as that user, to specify a directory, etc. The next three characters 'rwx' refer to the user that owns that file. The next three after that 'rwx' refer to the permissions of that owner's group. The last three characters 'rwx' specify all other user's permissions. a '-' instead of a character means that that permission is disabled. For instance:
-rwx-r--r--
Means that the owner can read, write, and execute, but the owner's group, and all other users can only read from it. Now then, lets modify our new file, test.txt so that we cannot read from it (follow me here, this is to demonstrate something):
chmod u-r test.txt
Now lets try to cat it:
cat test.txt
You should get an error basically stating that you don't have read permissions for this file. Now, lets change it back:
chmod u+r
Cat it again to be sure that it is changed. Nice, now lets make it to where only we can read, write, and execute to that file:
chmod ga-rwx test.txt
That made it to where no one can read,write, or execute:
chmod u+rwx
This will give us read, write, and execute privileges. Take this time to play around with it, learn how to use it better. Now, since we are discussing file ownerships, I figured that I would throw in another command, chown. Chown changes a file's owner, following the format of 'chown (user:group) (file)'. For instance the following command:
chown root:root test.txt
Will make it to where only root is the owner. Don't do this, otherwise you will have to write a letter to root, kindly asking them to change the permissions back (unless you have root access). Another command you should learn how to use is rm. use this with caution, however, as 'rm' removes files:
rm -R ${HOME}/TEST
Will completely delete the contents of the directory TEST that we created earlier, plus delete the directory itself. The -R parameter means that it should operate recursively, which means to delete every file, to descend into directories, then remove those files, and the empty directories. Now, lets say that you want to cat a text file, but you want to be able to scroll back a page or two wile reading (be able to go back and forth), you would:
cat filename.txt | less
Use the space bar to go forward, and the P key to go to the previous page.

Now that we have covered the basic commands, we will dive into scripting via the shell. For those of you that feel as if the shell doesn't offer enough power, I recommend you taking a look at Perl, an excellent scripting language that was designed out of a need for more power than the shell provided. One of the most important commands to remember is chmod. When dealing with scripts, you have to make the file executable. This can be accomplished by simply:
chmod u+x filename.sh
OR:
chmod 700 filename.sh
The 700 part will give the owner read write and execute privileges, while giving all other users no privileges whatsoever. Alternatively, and also more annoyingly, you can simply use the 'sh' command, followed by the script name, without needing to modify the permissions. Lets get into basic principals now of scripting, so we will start with a simple "hello world" script. Scripts are like normal text files, so you can use a text editor like vi, vim, joe, jed, etc. So, lets create a file called hello.sh, and place in it the following lines:
# hello.sh a simple script
echo "Hello World"
And save it. Now, you can either 'chmod u+x' this file, or you can execute it by:
sh hello.sh
However, if you chmoded it, like I suggest, you will need to:
./hello.sh

Now, whats this './' stuff all about?? The answer is simple, the './' indicator means the current directory, which is similar to '..' when we were playing with 'cd'. If you 'cd ./' it will stay in the same directory. For instance, if the current directory was '/home/user', the value of ./ would be the same as typing /home/user. If you want to just execute hello.sh by just typing hello.sh, you will need to change your search path. Your search path is a variable that is defined as the paths to search for an executable file. Instances of this are '/bin', '/usr/bin', and usually '/usr/sbin'.
Now that we have the actual execution parts taken care of, lets dissect the script. We shall start with the first line, which begins with a '#'. This is known in the Linux and UNIX world as a hash mark, and it is used for comments. Anything after a '#' is ignored, so you can type whatever comments you want without any worry of bothering the script. Now, for line 2, 'echo "Hello World"'. This command, echo, tells the shell to repeat, or echo whatever is in the parentheses, which in this case is Hello World. Now then, lets cover another important feature of scripts, the ability to force many commands onto one line:
# force.sh This demonstrates the use of the semicolon to force many commands onto a single line.
echo "1" ; sleep 1 ; echo "2" sleep 1 ; echo "3"
This should echo 1, wait a second, echo 2, wait another second, then echo 3 to display a nice little timer. First lets cover the sleep command, the syntax of the sleep command is: sleep {# of seconds} {suffix} the suffix may be s for seconds (default), m for minutes, h for hours, or d for days. This is used in between commands that you would want a pause in, such as the timer example. Now, lets cover the purpose of this example, the semicolon ';'. The semicolon is used to separate commands that you want executed one after another. Now, you may question the importance of this, so I'll tell you: the semicolon is important, because you can enter entire scripts (if they're short enough) on a single command line, without having to make an actual script. So in the example above, with the exception of the first line (everything behind a hash mark is ignored, remember?), if it were entered into a command prompt, it would work just the same. Plus, if you want to get really technical about it, it would be faster, as the system doesn't have to read from the hard drive, it is right in memory (the commands). Now then, lets deal with making a script that will echo whatever you want it to:
# argument.sh Echos an argument of the shell script
echo $1
This will echo whatever you choose, you just have to use it in its own special syntax, which is:
argument.sh The text that you want displayed
Now then, you may notice that if you type:
./argument.sh text that i want
The script only echos "text". How should we remedy this? You remember that echo had to have quotes surrounding it? Well the same aspect is here, you *have* to enclose it in quotes, like:
./argument.sh "text that I want"
You should also know that the & symbol after a command/script tells it to run in the background. For instance, 'ls &' will perform an ls, just in the background. If you want to re-direct the output of a program to somewhere that it isn't taking up space on your console, you can redirect it to /dev/null, which will not return any output at all, it is a system device that is designed for uses such as this, for example:
ls > /dev/null
This redirects the ls output to /dev/null. Also, you can spawn another shell to execute a command (has to be a command, or executable file, cant be the name of a script in the local directory, without the absolute path ('./'), is to use the ! symbol. For instance:
! ls
However, it should be also noted that 'sh' can only execute scripts, not binary executables, such as the ls program. Now then, lets go a step beyond the "hello world" class of scripts, and lets dive into utilities, how to tailor Linux to your liking:
# delete.sh Moves files to /usr/username/trash, which is only readable by that user.
mv -f $1 ${HOME}/trash
As you will remember, the 'mv' command moves a file, and the -f option forces it. What this does, is it creates a "recycle bin" like that in Microsoft Windows, in your home directory, under trash. Now then, what about recovering it????

# undelete.sh undeletes file specified by user.
mv ${HOME}/trash/${1} ./
This is relatively simple: the mv command of course moves it, this time we'll leave the -f option off, we want to be warned if a file is going to be overwritten (if the destination file has the same name as the file to be recovered). ${HOME} means $home, or the user's home directory. ALWAYS enclose variables in {}, this keeps the values intact, so it doesn't mess up, without this, the above script(s) won't work. Now then, the ${1} is a little new here, once again enclosed in {}. It is good practice to always enclose your variables in {}. And of course ./ is the current directory. Simple stuff. Now then, lets say that you wanted to time a script to get a directory of all the files in your home directory, then to compare that listing every hour and look for changes:
# ls.sh Compares a directory's contents (in this example the users home dir) for changes in a given time interval, in this case one hour.
ls -l ${HOME} > ${HOME}/.ls
sleep 1h
ls -l ${HOME} > ${HOME}/.ls-comp
diff ${HOME}/.ls ${HOME}/.ls-comp
This will give a non-null output if the contents are changed. Actually, it should have the files listed that have changed as well, but lets break this down some. First line is easy, it executes an 'ls -l' (long list of directory) in ${HOME}, then redirects it to a file, called .ls (In Linux, any file that begins with a '.' is hidden, unless you perform an ls -a), then we wait for an hour. Then we take another 'ls -l' and redirect it to a separate file, .ls-comp. Then, the diff command is executed, which searches for any differences in the files. If one is found, it is displayed. Otherwise, it exits with no return value. Let's play with this some though, as it does not run continuously:
# ls.sh part 2 original modified to send user warning of file change.
while echo "Perpetual loop" > /dev/null
do
ls -l ${HOME} > ${HOME}/.ls
sleep 1h
ls -l ${HOME} > ${HOME}/.ls-comp
if diff ${HOME}/.ls ${HOMR}/.ls-comp
then echo "this is ignored, since it is being redirected to /dev/null" > /dev/null
else
clear
ECHO "FILES CHANGED!"
break
fi
done
Lets start from the first line, this script invokes what's called conditional logic, which states basically that if something is true (no returned value in the instance of shell commands), then the script should do something. The first conditional logic we will use is the while statement. The while statement will continue to perform what is between "do" and "done" until either it is broken out of, or the test returns a non-zero value (it returns text, whatever). While follows:
while command_that_returns_no_value
do
some commands
done
Now then, the command that we want while to test is going to be echoing something to the null device, /dev/null, which returns no output. This creates a perpetual loop, until we break out of it. The rest is the same, up to the if statement, which follows:
if command_that_returns_no_value
then do something
else do something different
fi
The 'fi' ends the if loop. What we are now saying is that if when we compare the diff output, if it returns no value (is true), then we want to do nothing, which in this case is another practice in using /dev/null. Now, if it returns other than zero, it means that a change has been made, which echos a nice little warning, then breaks out of the while loop, exiting the script. Well, what if we want an email report? Insert the following line after the warning, but before break (or line 12):
diff ${HOME}/.ls ${HOME}/.ls-comp | mail yourusername@yourdomain
This will email you the contents of the output of the differences in the files. Now, if you want this script to run non-stop, you'll strip the break command out, so it will email you each time that a change is made, continuously running. Also, you'll take out the echo "CHANGES...." part out, which will thus print no info, and invoke it like:
./ls.sh &
As you will remember, the '&' after a command tells the shell to execute the command in the background. Nice, now you have a free VT (Virtual Terminal, discussed later), or telnet session to monitor any changes made to your directory. As I'm sure you're getting the picture of, Linux can be tailored to fit your individual needs. The only limitation is yourself. If you feel you need something that others can't provide, or if you want to do it yourself, you CAN! And its relatively easy, as opposed to writing C code all day long. Now, you basically should get the idea of how scripting works. Now though, we will go into aliasing and linking, and modifying your search path. First, the search path:
$PATH = ${PATH}:/directory_you_want_included
export $PATH
This will add an entry to the PATH variable. Place this line in your .bash_profile, or /etc/profile (for all users). This will search your directory for a given command, after all others directories specified in your $PATH variable have been searched. You can also:
$PATH = /dir_you_want:${PATH}
If you want it first. I prefer it to be last. Now, what about aliasing? Aliasing is used to make one "command" act as if you entered another. Type to see all aliases:
alias
To add an alias:
alias desired_command_name='real_command_name'
This will create the alias of a desired reference command to a real command. For instance, a common alias is to do alias ls='ls --color' which causes the default 'ls' to output 'ls --color' each time. Now, about linking. Linking is used to link one file to another. For instance, lets say you want a link in your home directory to /home/some_user/their_mp3s:
ln -s /home/some_user/their_mp3s ${HOME}/cool_mp3s
This will create a "directory" in your home directory called cool_mp3s, which acts as if it were the target directory. Thus, you can 'cd cool_mp3s' to cd to that user's mp3 directory.
By now, you should understand how to make shell scripts, and how to execute them. There is an appendix at the end of this document worth reading, Appendix A: Common Linux Commands, if you are having trouble with the Linux commands. Also, there are a few personal favorite shell scripting books of mine whole titles are listed in Appendix B: Continued Reading.

An Overview of System Services

The DHCPD Server

The Apache HTTP Server

The BIND DNS Server

The Secure Shell Server

The Pro-FTPD Server

The Samba SMB Server

The Samba SMB server is used to connect to a pre-existing Windows NT, 9x, 2000, XP, or DOS network using Microsoft networking clients/servers. With Samba, you can mount shares off of other clients/servers, or you can make your own share on the network. This is vital for most mixed OS environments, because with Samba, you can have a central location for users to get/put files. Also, should you need to grab updates, data, or the like, you can grab files from other shares. Samba's website is located at samba.org. Packages are available in the traditional tarball, RPM, and SRPM. If your system supports the RPM package format, I would recommend using it, as there is little to no advantage to downloading the tarball. You would install the RPM using the rpm command, like this:
rpm -i samba-version.rpm
Where of course "version" designates the version. If you are using a distribution which does not support the RPM format, then you should of course download the tarball. You would then decompress/extract it by issuing the following commands:
gunzip packagename.tar.gz
tar -xvf packagename.tar
Once again, where packagename is the name of the package. Once extracted, change directories to the newly made directory, and then to the source directory beneath it.
cd packagename
cd source
Then, run the standard configure/make commands:
./configure
make
make install
Once all of this is completed, you will then need to verify that the samba distribution has been installed into /usr/local/samba. To do this, type:
ls /usr/local/samba
You should see a directory listing. If not, then the make script may have installed it into /etc/samba. So check there. If it still isn't showing up in the listings, then read the online documentation. Once we have located the distribution, we should now create an init script for it. Init scripts are used at boot to start the services specified, and when you desire to restart or stop a service, you can use the script. Now then, the script should reside in /etc/init.d. If this directory does not exist, consult your distribution documentation. The script should contain the following text, word for word (unless of course you have Samba in a directory other than /usr/local/samba. In that case, substitute what you have for this string.
#!/bin/sh
# Samba init script by Chris Cerberus Pace
case "$1" in
start)
     /usr/local/samba/bin/smbd
;;
stop)
     echo -n "Stopping SMB Daemon: Samba stopped"
     killall -9 smbd
;;
restart)
     echo -n "Restarting SMB Daemon: Samba restarted"
     killall -HUP smbd
;;
force-reload|reload)
     echo -n "Not supported, use restart"
;;
echo "Usage: /etc/init.d/smbd {start|stop|restart}" >&2
exit 1
;;
esac
exit 0
Now that we have this taken care of, we are ready to edit the configuration file. Samba comes with SWAT, A user-friendly interface for Samba. However, with security in mind, I generally recommend against using web-based tools for system configuration. It is a better idea (in my opinion) to just hand edit the configuration file. If, however, you would still like to use SWAT, then add the following line to your /etc/inetd.conf file:
swat      stream      tcp      nowait      root      /usr/local/samba/bin/swat      swat
Also, make sure that /etc/services lists port 901 as SWAT. If not, then add it. You can then restart inetd by using the following command:
killall -HUP inetd
Then, bring up your favorite browser and point the address to 127.0.0.1, port 901, which should be entered like 127.0.0.1:901. For those of us that would rather use the configuration file, you should open /usr/local/samba/lib/smb.conf (also /etc/smb.conf or /etc/samba/smb.conf on some systems). We will now make a sample configuration file:
vi /usr/local/samba/lib/smb.conf

# Global parameters
[global]
workgroup = HNSG
server string = Debian
printcap name = /etc/printcap
load printers = yes
printing = lprng
log file = /var/log/samba/%m.log
socket options = TCP_NODELAY SO_RCVBUF=81922 SO_SNDBUF=8192
netbios name = Debian
security = share # Share definitions
[storage]
comment = Shared Directory
path = /shared
read only = no
guest ok = yes
[4L]
guest ok = yes
comment = HP 4L
printable = yes
path = /var/spool/samba
The global definition is of course a single definition that is true in all shares, etc. The workgroup is your workgroup, which in my case, is HNSG. In this example, the server string is "Debian". This is also known as the description field in Windows networking. The printcap name is only useful if you plan on sharing a printer. In my case, I have a HP 4L that I share, so I want to specify where the printcap is. In 90% of the cases, you can leave /etc/printcap as it is. The load printers setting allows you to specify whether or not if you want to load the printers automatically. The printing setting should also be left as-is. This specifies which program Samba should use to write to the printer, which is in most cases lpr. The log file setting allows you to specify the log file used, in this case I use the %m variable, which stands for the machine connecting. The socket options setting should also be left alone, this setting is for speed purposes. The netbios name is what the server will appear to be on the network. The security setting has 3 different possible values: user, share, and server. The user setting should only be used if a windows user has an account on the server, and they both have the same passwords. The share setting allows the user to specify a password, but it does not require the Samba server to have the same password. The server uses another SMB server to do all authentication. Here, I use share, because this is a trusted environment, and I do not have an account on the server for every user.
Now begins the share definitions. The share is enclosed in brackets, just like the global definition. Comment is not really needed, the share definition (name in brackets) will be displayed. The path setting specifies which path to use for this directory. The read only setting specifies whether or not to restrict all access to read only. Because I want everyone to write to the shared directory, I disabled this. Finally, we have the guest ok setting, which allows anyone to access the share. This is important, because I want anyone on the LAN to be able to write to this directory.
Now we have the definition for the laser printer, the HP 4L. Again, guest ok makes sure that anyone can use this printer. The comment field, again, is pretty much useless, but it keeps things sane (when you have 100 or so definitions, it can get crazy). We of course want the printable setting enabled. The path setting is just a directory where queued print jobs will reside until they are completed. One thing to make sure when using Samba with guest ok=yes, is that wherever the directory is, it should be world readable, and probably writable. You can set this by using the chmod command:
chmod 777 /path/to/share
Now we will test the Samba configuration:
testparm
If this doesn't work, then precede testparm with /usr/local/samba/bin. You actually might want to put this in your path, to do so, enter the following:
export PATH=$PATH:/usr/local/samba/bin
This runs the utility that comes with Samba, which will test the configuration for any errors. After this is completed:
killall -HUP smbd
Which will restart the Samba server. Now, jog over to a Windows or SMB-enabled system and view the network. You should be able to see your server, if not, make sure that you didn't make any typos. If you are still unable to view your server, wait 10 minutes. Sometimes Windows takes a while to refresh the list of SMB clients. If after 10 minutes, you are still unable to view your server, issue the following commands:
ps -waux | grep "nmbd"
If you do not see any output: nmbd
Again, if nmbd does not work for you, try /usr/local/samba/bin/nmbd. If, after again waiting 10 minutes, or if you see a process called nmbd in the ps output, re-check the configuration file, and make sure that the security setting is correct for your network. If you are still unable to connect, try using the smbclient program, which is designed to enable you to browse shares as if they are FTP servers:
smbclient //127.0.0.1/sharename
Where sharename is the name of a share to test. If you are still unable to access your Samba server, make sure that Samba is running issuing the following commands:
ps -waux | grep "smbd"
If you do not see any output: smbd
Once again, you may have to enter /usr/local/samba/bin/smbd if it is not in your path. Make sure that you are running all of these commands as root, of course. If you are *still* unable to view the Samba share, run:
netstat -a | grep "139"
If you see output, then your server has opened the port correctly. Again, wait 10 minutes. Some NT servers have been known to take up to 45 minutes to refresh. If you are still unable to connect, either from your server, or a client, then read the Samba Project Documentation available at: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection.html. This should solve your problem. Make sure though before you do all this, to flush all ipchains rules. Ipchains is a firewall, and while flushing them isn't recommend for a long-term use, you can flush them to test Samba. To do this, enter:
/sbin/ipchains -F
Also, you can mount SMB shares using the 'smbmount' command. For instance, let's say that I have a client named ralf1 on my network. I would first make a directory to store the mount in:
mkdir /shares
mkdir /shares/ralf
Then, I would specify the share name in which I desire to mount, followed by the directory I want the SMB share mounted in:
smbmount //ralf1/shared /shares/ralf
You can add this to your /etc/rc.d/rc.local, or /etc/rc.local file, which is processed at startup. Also, there is an EXTREMELY useful utility for DHCP networks, the nmblookup utility. This fine utility will tell you the IP address of a host. For instance, if I desired to know the IP address of ralf1, I would issue the following command:
nmblookup ralf1
The nmblookup utility will then report back to me the IP address of ralf1. This is useful if ralf1 has a telnet server running on it for troubleshooting purposes, and if ralf1 has enabled DHCP for its IP address.
Samba is an excellent server, and in most cases, it will work flawlessly. Incidentally, in a test done by PC Magazine, Samba outperformed Windows 2000 servers by 100%. Here is the original article.

Assorted Servers and Services

Securing Your Linux System

Disabling any unnecessary services

Configuring the running services

Customizing Your Linux Kernel

Appendix A: Common Linux Commands