LinuxCBT_Deb5x_Edition_Notes

###LinuxCBT Deb5x Edition###
Topology -> Docs directory
Features:
 1. Multiple platform support: i386, PowerPC, Sparc, MIPS, S390, AMD64, Intel64, IA-64, etc.
 2. Obtainable via: HTTP, FTP, JIGDO, BitTorrent, CD/DVD
 3. Open Source - freely available
 4. Ships with thousands of packages
 
 
Tasks:
 1. Download the various DVD ISO images:
' for i in `seq 5`; do wget http://cdimage.debian.org/debian-cd/5.0.4/i386/iso-dvd/debian-504-i386-DVD-$i.iso; done '
 
 2. Confirm the MD5SUMS of downloaded ISOs
 3. Prep the VMWare environment
   a. https://192.168.75.50:8333
   b. Create Virtual Machine
   c. Move Debian ISO images beneath top-level container that VMWare references
 
 4. Install Debian on VMWare - from RedHat Enterprise 5x
  a. Installed in full-screen, text mode
  b. selected single, non-LVM, non-encrypted partition option:
   b1. / - 4GB - (/etc, /usr, /var, /home, /boot (linux kernel is here) ...)
   b2. swap - 250MB
 
 5. Upgrade Debian4x -> Debian5x
  a. Reclamation of existing VMWare instance, that was not in the inventory
 
Note: This may become our target instance
 
 
 6. Install Debian via PXE
  a. Download netboot.tar.gz - provides PXE code for network installation
  b. 'cd /tftpboot && tar -xzvf netboot.tar.gz'
  c. Configure Cisco Router DHCP server to servce 'pxelinux.0' file to client
Note: You may restrict the 'pxelinux.0' option to specific hosts and/or groups using DHCP configuration - reservations
 
 
!
ip dhcp pool linuxcbtwin1
   host 192.168.75.101 255.255.255.0
   hardware-address 0011.115b.7053
   client-name linuxcbtwin1
!
ip dhcp pool DEFAULT75
   import all
   network 192.168.75.0 255.255.255.0
   bootfile pxelinux.0
   next-server 192.168.75.50 
   dns-server 68.94.156.1 68.94.157.1 
   option 150 ip 10.1.50.2 
   default-router 192.168.75.1 
   lease 30
!
 
Note: 2 Key options for PXE booting
'bootfile pxelinux.0' - PXE boot client
'next-server 192.168.75.50' - TFTPD
 
Note: TFTPD & DHCPD servers may be the same or different
Note: NetInstall mode eventually attmpts to pull the code for the OS from a valid mirror.
You may configure an internal mirror for your organization and point the installer there.
 
 
###Linux Boot Sequence###
Features:
 1. Boot process Linux systems take to enter usable mode: 1-5
 
1. BIOS (indicates bootable hard drive)
2. Grand Unified Boot Loader (GRUB) -> MBR of primary HD
3. INITRD (includes drivers for hardware connected to your system)
4. Kernel (detects hardware) -> mounts '/' - root file system
5. INIT (propels your system into a usable state) - RunLevels
 
RunLevels: 0-6
 0 -> halt
 1 -> single-user mode, without concern for contending I/O
 2(Debian Default) - 5 -> multi-user run-levels - networking
 6 -> reboot
 
###Rescue - Boot Problems###
Problems:
 1. GRUB
  a. '/boot/grub/menu.lst' - changed (hd0,0) to (hd1,0) and (hd0,1), then fixed via runlevel 1
 
 2. INITRD
  a. Corrupt the file by breaking dependency - renamed initrd.img*
  b. Forced a boot by editing GRUB menu to use new INITRD file name
 
 
 3. INIT
  a. Corrupt: /etc/inittab
 
 4. Rescue Mode - Installation detection facility
 
 
###Basic Linux Commands###
Features:
 1. Numerous small commands that specialize in discrete functions
 
Tasks:
 1. Explore important commands
  a. 'whoami'
  b. 'id' - includes info from: 'whoami' as well as uid|gid info.
  c. 'pwd' - reveals current working directory based on the maintenance of 2 vars:
   c1. 'echo $PWD' - stores the current directory
   c2. 'echo $OLDPWD' - stores most recently visited directory
  d. 'cd' - changes directory - 'cd $OLDPWD'
   d1. 'cd' - with no options, places us in our $HOME directory
Note: The following directory entries:
  '.' - references the current directory
  '..' - references the parent directory
 
 e. 'ls' - lists files
  e1. 'ls -l' - lists files in long format
  e2. 'ls -li' - lists files in long format with INODE information
  e3. 'ls -al' - reveals hidden files
Note: Nix-based systems prefix hidden files with a '.'
  e4. 'ls -ld' - reveals attributes of directory entry
 
 f. 'touch' - creates file if non-existent, otherwise updates timestamp info.
 g. 'stat' - reveals FS information about a file
 h. '!command' - invokes the most recent invocation of a command from the command history
 i. 'echo' - prints what you tell it to
 j. 'cat' - catenates content to STDOUT by default
  j1. 'cat test.txt' - dumps file to STDOUT
  j2. 'cat test.txt test2.txt' - catenates test.txt , then, test2.txt to STDOUT
 
 k. 'mkdir' - creates directories
 l. 'rmdir' - removes directories
 m. 'rm -rf' - removes recursively ANY file entry
 n. 'export VAR=value' - sets and exports for use, a variable
  n1. 'export MUSIC=/home/linuxcbt/music'
 o. 'history' - dumps the current SHELL's history
Note: '!item_num' executes the command with the number in the shell's history
 p. 'alias ls='ls -ali' ' - allows you to make shortcuts to commands and options
 
Command Chaining:
'ls ; pwd ; echo "test" ' - commands are independent
'ls && pwd && echo "test" ' - logical ANDing - previous command MUST exit with exit status '0'
'ls || pwd' - command 2 executes if command 1 fails
Note: You may combine and and/or ALL of these features in a single command
 
 q. 'more | less' - 2 common pagers - displays a page full of info.
 r. 'which' - searches the $PATH for the command you are in search of
 
###Redirection###
Features:
 1. Input - STDIN - Standard Input - /dev/fd/0 - keyboard (may also be a file)
 2. Output - STDOUT - Standard Output - /dev/fd/1 - screen (may also be a file)
 3. Errors - STDERR - Standard Error - /dev/fd/2 - error handling
 
Tasks:
 1. Look at STDIN
  a. '<' - explicit indication
Note: When typical STDIN is ommitted, the process usually waits on STDIN for input (keyboard)
Note: 'CTRL-D will exit STDIN stream'
Note: STDIN is typically implicitly referenced by most processes
  b. '>' - explicit indication
Note: Typically routes to a file or the screen (STDOUT)
   b1. 'cat test.txt test2.txt > test3.txt' - clobber mode (auto-clobbers file or creates anew)
  c. '>>' - append redirection - appends to existing file or creates a new file
   c1. 'cat test.txt test2.txt >> test3.txt'
 
  d. 'STDERR' - '2> errors.txt'
   d1. 'ls -l badfile' - dumps STDERR on STDOUT
   d2. 'ls -l badfile 2> errors.txt' - clobbers and creates errors.txt
   d3. 'ls -l badfile 2>> errors.txt' - appends errors to errors.txt
 
 s. watch - executes and updates the output display of the process
 t. tty - echoes the current TTY
Note: GUI Managers spawn Psuedo-terminals: pts0..n
Note: Each pty has a distinct mapping of: fd0(STDIN), fd1(STDOUT), fd2(STDERR), auto-generated by the environment
 
 u. head (dispalys first n lines of file) & tail (dispalys last n lines)
  u1. 'head -n 1', 'tail -n 1' - both display first and last lines
 
 v. file - returns a file's type
  v1. 'file filename' - returns types
 
 w. seq - generates a sequence of numbers
  w1. 'seq 1000'
 
 x. for - looping mechanism
  x1. ' for i in `seq 10`; do echo "Hello World"; done '
  x2. ' for i in `ls -A`; do file $i; done '
 
 y. reset - resets the buffer of the terminal so you may keep track of your activities
 
 z. free - reveals memory usage
 
 
###Tar, Gzip, Bzip2, Zip###
Features:
 1. Archiving
 2. Compression
 
Gzip:
 1. ' gzip -c filename > filename.gz '
  a. 'seq 1000000 > 1million.txt && ls -lh 1mil*' 
  b. 'gzip -c 1million.txt > 1milliong.txt.gz'
   b1. 'zcat 1million.txt.gz' - read the binary gzip format and render ASCII text
  c. 'gunzip 1million.txt.gz '
  d. 'gzip -l 1million.txt.gz' - enumerates stats of file
 
 2. Bzip2
  a. 'bzip2 -c 1million.txt > 1million.txt.bz2 ' - creates compressed file
  b. 'bunzip2 1million.txt.bz2'
  c. 'bzcat 1million.txt.bz2'
 
 3. Zip & Unzip
  a. 'zip 1million.txt.zip 1million.txt' - dest source - creates a zip file
  b. 'unzip 1million.txt.zip' - decompresses
  c. 'zip stuff.txt.zip *txt' - squeezes ALL *txt files in current directory
  d. 'unzip -l filename.zip' - enumerates stats
  e. 'zcat filename.zip' - extract on the fly and dump to STDOUT
 
Note: 'zcat' applies to both: zip & gzip
 
 4. Tar - archiver - rolls one or more files (including directories) into one image
  a. 'tar -cvf alltxtfiles.tar *txt' - roll ALL txt files into 'alltxtfiles.tar'
  b. 'tar -tvf alltxtfiles.tar' - enumerates the contents of the tarball
  c. 'tar -xvf alltxtfiles.tar' - extracts the contents of the tarball
  d. 'tar -xvf alltxtfiles.tar 1000.txt 100k.txt' - extracts specific files from the archive
  e. 'tar -czvf alltxtfiles.tar.gz *txt' - rolls a tarball with gzip compression
  f. 'tar -cjvf alltxtfiles.tar.bz2 *txt' - rolls a tarball with bzip2 compression
 
 
###GREP###
Features:
 1. Line processor
 
Tasks:
 1. Use grep to search for interesting strings
  a. 'grep cat animals.txt' - returns ALL lines containing lowercase 'cat'
  b. 'grep -i cat animals.txt' - returns ALL lines containing either case of 'cat'
  c. 'grep 20 animals.txt'
  d. 'grep "^20" animals.txt - returns lines that are anchored with the string: '20'
  e. 'grep "20$" animals.txt - returns lines that end with the string: '20'
  f. 'grep "^20$" animals.txt - returns lines beginning and ending with the string: '20'
  g. 'grep "^c.*" animals.txt - returns lines beginning with 'c'
  h. 'grep "^[c|d]" animals.txt - returns lines beginning with 'c' OR 'd'
  i. 'grep -v "kernel" /var/log/messages' - returns lines that do NOT contain 'kernel'
  j. 'grep -C 2 'dog' animals.txt' - returns 2 lines above and below matched line
   j1. 'grep -C 2 'ostrich' animals.txt > animals.reduced.list.txt
 
###AWK###
Features:
 1. Field processor
 2. Tokenizes lines into fields and returns them for usage
 3. Matches patterns using Regular Expressions - POSIX - GREP - EGREP
 
 
Tasks:
 1. Use Awk to parse fields
  a. ' awk '{ print $1 }' animals.txt ' - prints field #1 using whitespace delimiters
  b. ' awk '{ print $0 }' animals.txt' - prints the entire line
  c. 'awk -F, '{ print $1 }' - prints field #1 from STDIN
  d. 'awk -F "[,- ]" '{print $2}' - prints field #2 using 3 delimiters 
  e. ' awk '/dog/ { print $0 }' animals.txt ' - matches lines with 'dog' and prints the full line
  f. ' awk -f "[,-; ]" '/dog/ { print $0 }' animals.txt - matches lines with dog with multiple delimiters
  g. ' awk '/dog[gy]/ {print $0}' animals.txt - match lines with 'dog' followed by 'y' or 'g'
 
  h. ' awk '{ if ($2 ~ /20/) print $0 }'  animals.txt  '
  i. awk '{ if ($5 ~ /kernel/) print $0 }' messages - matches lines where field $5 = 'kernel'
 
 
 
###Sed - Stream Editor###
Features:
 1. Manipulate Streams of Text
 2. Support for regular expressions
 3. Command-line
 4. Scriptable
 
Tasks:
 1. ' sed -n '1p' animals.txt ' - prints the first line
 2. 'sed -n '$p' animals.txt ' - prints the last line
 3. 'sed -n 4,9p animals.txt ' - prints lines 4-9
 4. 'sed -n 10,12p animals.txt ' - prints lines 10-12
 5. 'sed -n -e '/^$/d' animals.txt ' - deletes blank lines
 6. 'sed -n '1,2p' animals.txt '
 7. 'sed -n '1!p' animals.txt ' - prints all but line #1
 8. 'sed -n '1,3!p' animals.txt - prints all but lines 1-3
 9. 'sed -n -e 's/cat/BIGCAT/p' animals.txt ' - replaces 'cat' with 'BIGCAT'
10. 'sed -n -e 's/^cat$/BIGCAT/p' animals.txt' - replaces lines that begin and end with 'cat'
11. 'sed -n -e 's/\(.*\)\(;\)\(.*\)/\1\2\3/p' animals.txt - tokenizes matches into usable variables
12. 'sed -n -e 's/;/ /p' animals.txt ' - replaces ';' with space
13. 'sed -n -e 's/[,-;]/ /p' animals.txt ' - replaces ';,-' with space
14. 'sed -e 's/[,-;]/ /p' animals.txt ' - replaces ';,-' with space and prints the full doc to STDOUT
15. 'sed -e '/^$/d' animals2.txt ' - removes whitespace, dumps to STDOUT
16. 'sed -i.bak -e '/^$/d' animals2.txt' - removes whitespaces inline and backs-up original file
 
 
###Perl ###
Features:
 1. Everything
 
Tasks:
 1. Basic RegEx Usage
  a. Ensure that the correct number of arguments are supplied
Note: The execution type governs parameter placement
i.e. 'perltest1.pl ' - ARGV[0] -> first parameter
i.e. '/usr/bin/perl perltest1.pl ' - ARGV[1] -> first parameter
 
 
###System Utilities###
Features:
 1. Administration tools for system performance
 
 
 1. 'runlevel' - reveals the current/previous runlevel
 2. 'uptime' - reveals system uptime, and usage over: 1, 5, 15 minutes
 3. 'ps' - enumerates a list of processes
  a. 'ps' - processes tied to a TTY
  b. 'ps -ef' - ALL processes
  c. 'ps -aux' - ALL processes, plus %MEM, %CPU, etc.
 
 4. 'top' - reveals - uptime, df, %MEM, %CPU, sorts, updated real-time, etc.
  a. 'top' - auto-refreshes every 3 sec.
  b. 'top d5' - auto-refreshes every 5 sec.
 
 5. 'df' - reveals current filesystem usage/allocation
  a. 'df -h'
 
 6. 'mount' - reveals current mounts with key details/allows you to mount/umount
 
 
###User & Group Management###
Features:
 1. Facilitates provisioning and management of users/groups
 
Note: Debian users are indexed @ id: 1000
Note: Debian users default to a gid that matches the uid:
 
Tasks:
 1. Correlate GUI management tool to applicable: /etc/ files
/etc/passwd: - general account information - world readable
linuxcbt:x:1000:1000:LinuxCBT User,Stamford Conn.,888-573-4943,,:/home/linuxcbt:/bin/bash
 
/etc/shadow: - passwords
linuxcbt:$1$7GePLICi$WdWcehUWvY1KNwCZI7VqH/:14672:0:99999:7:::
Fields:
 1. login name
 2. encrypted password
 3. Days since Unix epoch(19700101), password was last changed
 4. Days before password may be changed: 0 = no length required
 5. Days after which password must be changed

 6  Days before a password is going to expire during which the user should be warned
 7. Days after password expires that account is disabled
 8. Days since Unix epoch that account is disabled
 9. Reserved
 
 2. Add a new user via the GUI
 
 3. Add a new user via the shell
  a. 'userdel -r dean' - removes the user and $HOME/$MAIL spool directory
  b. 'useradd -d /home/dean dean -g dean'
 
 
###File Permissions - Symlinks###
Features:
 1. Restrictions based on organizational policy - Discretionary Access Control (DAC)
 2. Ability provide multiple views of content - Symlinks
 
File Permissions:
 1. 10-bits - used to represent permissions in Linux | Unix
  1 - leftmost - d (directory), - (file), c (character) (keyboard), b (block device) (storage), l (soft-link)
  2-4 - Correlate to the owner
  5-7 - Correlate to the group
  8-10 - Correlate to the world (everyone)
b rw- rw- --- 1 root disk 8, 1 2010-03-02 09:55 /dev/sda1
Perms Octal: 660
 
Possible Permissions:
 r = read = 4
 w = write = 2
 x = execute = 1
Total Permissions: 7
 
Umask: Governs default permissions assigned to various objects: files & directories
 Files: rw-r--r-- = 644
 Directories: rwxr-xr-x = 755
drwxr-xr-x 2 linuxcbt linuxcbt    4096 2010-03-03 10:38 temp
 
Default Umask: 0022
Total Possible Permissions: 0777 - 0022 = 0755 (directories)
Note: Files further restrict the default umask to 644
 
Permissions Utilities:
 1. chown - change ownership of user and/or group fields
 2. chmod = change the mode (octal)
 3. chgrp = changes the group ownership field
 
Chown Usage:
 ' chown dean 100.txt ' - changes ownership to user named 'dean'
 ' chown linuxcbt.users 100.txt' - changes both: user & group fields
 
Chgrp Usage:
 ' chgrp linuxcbt 100.txt' - changes group ownership of file named: '100.txt'
 
Chmod Usage:
 ' chmod 640 100.txt ' - denies world access
 ' chmod 600 100.txt ' - denies world and group access
 
 ' chmod 744 temp2/ ' - removes 'x' perm from group and world
 
Symbolic permissions Notation:
 1. 'chmod u+x temp2' - enables 'x' permission on directory 'temp2' - owner
 2. 'chmod g+x temp2' - influences group field
 3. 'chmod o+x temp2' - influences other field
 
SETUID - Changes execute permissions on a file to that of the owner
i.e. '/usr/bin/passwd'
Octal: 4755 - leading '4'
-rwsr-xr-x 1 root root 31704 2009-11-14 09:41 /usr/bin/passwd
'find /usr/bin -4755' - find SETUID objects
 
SETGID - Causes files to inherit group permissions from top-level container
'chmod 2755 directory_name'
'chmod g+s directory_name'
 
'mkdir /project'
'chown root.users /project'
'chmod 2755 /project'
 
STICKY BIT - 't' in the world field - ensures users may share a common directory: '/tmp'
 
 
###Symbolic Links###
Features:
 1. Create shortcuts to objects on the file system
 2. Support for 2-types of symlinks: soft (file containers) & hard (inodes)
 3. Soft-links support directories
 4. Hard-links do NOT support directories
 5. Soft-links may traverse file systems, hard-links may not - due to inodes
 6. Removal of soft-links will not remove the source content
 7. Removal of the only hard-link, removes the file for good
 8. Soft-links are of file type: 'l'
 
Usage:
 1. 'ln -s source target'
  a. 'ln -s ../perltest1.pl .' - creates a soft-link of the same name as the source
Note: Soft-links depend heavily/entirely upon the filename container of the source file
 
  b. 'ln -s /etc .' - creates a soft-link to /etc
 
 2. Hard Links - omitt the 's' option
  a. 'ln ../perltest1.pl' - creates a hard-link, upping the reference count
  b. 'ln perltest1.pl newhardperltest1.pl' - creates a hard-link with alternate name
Note: Hard-links always reference the same inode using the same and/or alternate names
Note: Soft-links are assigned distinct inodes, which ultimately reference the source file's name
 
  c. Create hard-links with different permissions
   c1. 'ln /home/linuxcbt/Debian_5x/perltest1.pl && chmod 644 perltest1.pl'
 
###Partitions & File Systems###
Features:
 1. Provisioning of storage
 
 
Task:
 1. Provision storage for project users to be mounted @: /project
  a. GParted - used to create partition and allocation FS
  b. mount the newly-created file system
   b1. 'mount /dev/sdb1 /project' - mounts /dev/sdb1 @ /project
Note: If data exist at the mount point, they will not be available post-mount
Note: Move data pre-mount
  c. Ensure that mount is available at system restart: /etc/fstab
   c1. 'mount -a' - auto-mounts entries in: /etc/fstab
 
 2. Provision storage manually
  a. fdisk
   a1. 'fdisk /dev/sdc' - manages '/dev/sdc'
   a2. 'n - p - 1 - +4096M' - creates a new, primary partition #1 of size: 4GB
   a3. 'p - w' - print table, and write changes to the disk
  b. FS overlay
   b1. 'mkfs.ext3 /dev/sdc1' - creates an ext3 FS on: /dev/sdc1
  c. Mount FS
   c1. 'mount /dev/sdc1 /project4G' - mounts partition to: /project4G
Note: You may mount the sambe block of storage more than once: /project & /project4G
Note: This allows you to apply top-level directory container permissions individually
 
 3. Provision: ext4 storage manually
  a. fdisk
  b. FS overlay
  c. mount and update: /etc/fstab
 
 
###Provision of Swap Space###
Features:
 1. Additional memory for processes
 2. Managed by the kernel, dynamically
 3. Can be allocated dynamically
 4. Can be allocated as a file and/or partition (preferred)
 
 
Tasks:
 1. Allocate swap with GUI
  a. Allocate
  b. enable - 'swapon /dev/sdd1' - enables swapping for the current uptime
  c. 'swapon -s' - lists swap devices (partitions and/or files) - shows distribution of swap
Note: 'free ' simply shows the total swap and usage
  d. 'swapon -a' - enables swap from /etc/fstab
  e. Update: /etc/fstab to apply swap storage upon reboot
  f. 'swapoff /dev/sdd1' - disables swapping on device (partition or file)
 
 2. Allocate swap from the shell - using fdisk
  a. 'fdisk /dev/sdd'
  b. create swap partition - change type to 'linux swap'
  c. 'mkswap /dev/sdd2' - creates swap file system on /dev/sdd2
  d. 'swapon /dev/sdd2 && free -m' - makes swap available to kernel and dumps mem usage
Note: 'fdisk' will sometimes fail to update the partition table if the disk is in use
 
 3. Allocate swap from a file
  a. 'dd if=/dev/zero of=/project/swapfile bs=1024 count=524288' = generates .5G file with zeroes
  b. 'mkswap /project/swapfile' - makes file usable for swapping
  c. 'swapon /project/swapfile' - enables swapping
  d. 'swapoff -a' - disables all swapping for entries listed in: /etc/fstab
 
 
###Logical Volume Management (LVM)###
Features:
 1. Aggregates storage
 2. Storage of disparate types: i.e. SATA, PATA, SCSI, FireWire, Fibre Channel, et cetera
 3. Volume sets & stripe sets
 4. Extendable, resizable
 
LVM Concepts:
 Storage Hierarchy:
Logical Volume (FS goes here)
  -Volume Groups (Aggregate Physical LVM Volumes)
    -Physical Volumes (i.e. /dev/sdd3, /dev/sdd4, etc.)
 
Tasks:
 1. Create an LVM volume based on 2 partitions
  a. create 2 LVM paritions using fdisk - type = 8e(LVM)
  b. create PVs - 'pvcreate /dev/sdd3 /dev/sdd5'
  c. create VG - 'vgcreate volgroup001 /dev/sdd3 /dev/sdd5' - allocates PVs to VG
  d. create LV - 'lvcreate -L 2.5GB volgroup001' - creates 2.5GB LV
  e. overlay FS on LV - 'mkfs.ext3 /dev/volgroup001/lvol0'
  f. Test volume accessibility and update: /etc/fstab
 
 
 2. Explore '*scan' utilities
  a. 'pvscan' - enumerates physical volumes
  b. 'vgscan' - enumerates volume groups
  c. 'lvscan' - enumerates logical volumes
  d. 'lvrename name_of_volume_group old_logical_name new_logical_name' && 'lvdisplay' || 'lvscan'
  d1. 'lvrename volgroup001 lvol0 logvol0 ' - renames logical volume immediately
Note: If the logical volume and/or volume group name changes, update: /etc/fstab
Note: 'umount' if necessary prior to 'mount -a'
 
 3. Add new storage to LVM
  a. 'fdisk /dev/sdd' - allocate more storage of LVM partition
  b. 'pvcreate /dev/sdd6' - allocate partition for LVM
  c. 'vgextend volgroup001 /dev/sdd6'
  d. 'lvextend /dev/volgroup001/logvol0 -L +1G' - extends the logical volume by 1G
  e. 'resize2fs device newsize'
   e1. 'resize2fs /dev/volgroup001/logvol0 3G' - online resizing (ext3 only)
'
Note: Caveat: online shrinking is not supported. Shrink offline by dismounting 'umount' the volume
 
###Package Management###
Features:
 1. Provision/maintain packages
 2. Multiple tools: apt-*, dpkg, aptitude, GUI
 
Tasks:
 1. Explore GUI - 'Synaptic' - front-end to: 'apt-get'
 2. Explore 'dpkg'
  a. 'dpkg -l' - enumerates all packages
  b. 'dpkg -L openssh-client' - enumerates contents of package
  c. 'dpkg -S /usr/bin/scp' - returns package membership of: /usr/bin/scp
  d. 'dpkg -i package_name.deb - FS' - installs the .deb file from the file system
  e. 'dpkg -r package_name in DB' - removes the package
 
 3. Explore 'aptitude'
Features:
 1. Interactive
 2. Non-interactive
 
Tasks:
 1. Non-interactive usage of 'aptitude'
  a. 'aptitude search ssh' - returns installed/non-installed matches from DB
Note: The package DB is built by the indexed sources: /etc/apt/sources.list
 
  b. 'aptitude install tofrodos' - queries the DB for source location and installs (prompts if media is missing)
  c. 'aptitude remove tofrodos' - removes package named: 'tofrodos.*'
  d. 'aptitude' - runs interactive
   d1. 'search for package and toggle '+' to mark for installation
 
Note: A 'task' can consist of contradictory actions: install, remove, etc.
 
###RunLevels###
Features:
 1. Ability to control system in a variety of modes
 2. Profiles for services/daemons
 
BIOS -> GRUB -> INITRD/KERNEL -> INIT (PID=1) -> RUNLEVELS
 
Default Runlevel = 2: /etc/inittab
Note: Usually, multi-user runlevels are cumulative: i.e. runlevel 2 includes daemons from runlevel 1
 
RunLevels 0-6, 7-9(optional, seldom-used):
 0 - shut down - power-off, if ACPI support or similar
 1 - single user - multi-user support is disabled - networking is disabled
 2 - default, multi-user mode - for Debian
 3 - typical default, multi-user mode, for most distribution - identical to 2
 4 - unused - identical to 2
 5 - unused - identical to 2
 6 - reboot - shuts services/daemons and resets the system, soft-restart
 
/etc/init.d - container of ALL system daemons - implemented as shell scripts
/etc/rc* - run-control directories for the various runlevels
 - Scripts begin with: 'K' (Kill) or 'S' (Start)
 - Scripts also include numeric identifier used for sorting: ascending
Note: /etc/rc* - are containers of: K and S scripts that are symlinked to: /etc/init.d
Note: Default runlevel = 2, however, runlevels 2-5 are identical
Note: Enter programs that MUST run with each invocation into: /etc/rc.local
Note: INIT scripts are called with prefixes of: 'S' or 'K'
Note: 'S' prefix causes the process to start
Note: 'K' prefix causes the process to stop
 
###Job Scheduler - Cron###
Features:
 1. Job Scheduler
 2. Per-user execution - /var/spool/cron/crontabs/$USER
 3. System-wide execution - /etc/crontab
 4. Flexibility: minute, hour, days of the month i.e. (24-28), months i.e. (9-12)
 5. Cron awakes every minute, and queries for changes in schedules
 6. Cron mails the owner of the job, the STDOUT of the job, if an error
 
Tasks:
 1. 'dpkg -L cron'
 2. Define a per-user crontab entry: user=linuxcbt
  a. 'crontab -e' - launches default editor and allows us to setup job in: /var/spool/cron/crontabs/$USER
  b. 'crontab -l' - enumerates user's cron table
 3. As 'root' manipulate 'linuxcbt's' crontab entries
 
 4. Evaluate system-wide crontab: /etc/crontab
Note: 'run-parts' executes ALL executable scripts in a directory
Note: /etc/crontab contains a field to indicate the user with which the process is to execute
 
/etc/anacrontab - contains schedule of missed cron items to be executed
 
/etc/cron.allow - if exists, account name must exist in it, in order to use cron
/etc/cron.deny - if exists, account name must NOT exist in it, in order to use cron
 
###Syslog - rsyslogd - rsyslog###
Features:
 1. Logging via Unix domain sockets
 2. Logging via TCP/IP: UDP:514 || TCP:514
 3. Facilities and Levels control routing of log entries
 4. Derived from 'sysklogd'
 5. Auto-creates directories defined in: /etc/rsyslog.conf, unlike traditional Syslog
 
Primary Config File: /etc/rsyslog.conf
 
Tasks:
 1. Explore: /etc/rsyslog.conf
Note: UDP:614, TCP:514 are both disabled by default: Enable via: /etc/rsyslog.conf
Note: Log files are flagged: 0640 by default, and permissions: root:adm
 
Note: Facilities & Levels are indicated using the following nomenclature:
facility.level  -> Target
auth.* /var/log/auth.log - captures 'auth' facility at ALL levels and routes to file
*.* - captures ALL facilities at ALL levels
 
 2. Route Cisco Router Traffic to rsyslogd
  a. Determine the facility and level to use
   a1. 'local4.info'
  b. Configure rsyslog to accept Cisco router traffic at: local4.info
   b1. 'local4.*  /var/log/cisco/ciscorouter.log'
  c. Enable rsyslog UDP listener and restart rsyslog
  d. Exclude Cisco local4.* records from catch-all rules except debug: /var/log/syslog
 
 3. Forward a copy of local4.* to remote RedHat box: 192.168.75.11
  a. server: /etc/syslog.conf - 'local4.*  /var/log/cisco/ciscorouter.log'
  b. client: /etc/rsyslog.conf - 'local4.* /var/log/cisco/ciscorouter.log,@192.168.75.11'
Note: RedHat default Syslog doesn't create directories. However, catch-all rule captures local4.* traffic
  c. Update: /etc/hosts and: /etc/rsyslog.conf to use hostname
 
###Syslog-NG###
Features:
 1. All provided by Syslog: facilities.levels
 2. Filtration of content
 
Tasks:
 1. Install syslog-ng
Note: Removes 'rsyslog' by default
 
 2. Explore Syslog-NG configuration
Note: a. Syslog-NG requires 3-components per configuration
 
Source - required - Unix Domain Sockets, UDP, etc.
 
1. Filter - includes facilities.levels
2. Destination - file, other syslog hosts, console, etc.
3. Log - sends source, filters to destination
 
filter f_local { facility(local4); };
destination d_cisco { file("/var/log/cisco/ciscorouter.log"); };
log { source(s_all); filter(f_local); destination(d_cisco); };
 
Note: 'invoke-rc.d' - equivalent to: 'service' in RedHat, or 'rc' prefix in SuSE Linux
 
4. Extend destination to route to UDP target
destination d_cisco { file("/var/log/cisco/ciscorouter.log"); udp("192.168.75.11"); };
 
5. Filter traffic from Cisco Router & PIX Firewall, using the same facility, to different files:
 
###Cisco Router Block - based on LOCAL4##
filter f_cisco_router { facility(local4) and match("192.168.75.1"); };
destination d_cisco_router { file("/var/log/cisco/ciscorouter.log"); };
log { source(s_all); filter(f_cisco_router); destination(d_cisco_router); };
 
###Cisco Firewall Block - based on LOCAL4##
filter f_cisco_firewall { facility(local4) and match("192.168.75.2"); };
destination d_cisco_firewall { file("/var/log/cisco/ciscofirewall.log"); };
log { source(s_all); filter(f_cisco_firewall); destination(d_cisco_firewall); };
 
 
 
###Log Rotation###
Features:
 1. Auto-rotation of logs based on defined criteria: (size|time)
 2. Compression
 3. Multiple criteria
 4. Supports forced rotations, overriding criteria
 
Tasks:
 1. Explore 'logrotate' package
/etc/logrotate.d - monitored directory (Default)
/etc/logrotate.conf - primary config file - contains sensible defaults
Note: If a log file does NOT have a more specific logrotate file, the global file directives apply
/etc/cron.daily/logrotate - executes daily
 
Note: Logrotate will rotate any log file regardless of the source generator
 
 2. Define Cisco log rotation rules in: /etc/logrotate.d/syslog-ng
Note: We reference the: /etc/logrotate.d/syslog-ng file because syslog-ng governs the logging of messages received from the cisco devices
Note: However, you may place your directives in ANY of the included log files
 
  a. 'logrotate -v -d /etc/logrotate.conf' - rotate simulation
 
 
###Common Network Utilities###
Features:
 1. Find other hosts - PING
 2. Check service availability | ability - Telnet
 3. Network statistics - netstat
 4. Interface configuration - ifconfig
 5. Path to remote systems - traceroute, tracepath
 6. Name resolutions - nslookup , dig, host, whois
 
 
Tasks:
 1. Packet Internet Network Groper (PING) - Diagnostics Utility
  a. 'ping hostname' - sends an unlimited number of packets, by default
   a1. 'ping -c 3 hostname' - sends 3 packets to remote host
Note: PING generates ICMP echo-requests and expects ICMP echo-replies from the target
 
 2. Telnet - tests availability of remote ports | also provides TTYs
  a. 'telnet 192.168.75.1 80' - checks connectivity to TCP:80
Note: You may test ports: 0-65535 || 2^16
 
 3. Netstat
  a. 'netstat -a' - returns ALL sockets: UDP:TCP:Unix
  b. 'netstat -nulp' - reveals UDP listeners sans name resolution, but with programs/PIDs
  c. 'netstat -ntlp' - "" TCP ""
  d. 'netstat -i' - dumps active interfaces
  e. 'netstat -rn' - dumps routing table
 
 4. Address Resolution Protocol (ARP) - translates between layer2 & layer3 addresses
Note: Every NIC contains a unique layer-2 MAC address
  a. 'arp' - dumps the ARP table
  b. 'arp -n' - excludes name resolution
  c. 'arp -d IP' - deletes entry from ARP table
 
Note: Arp will use the entry for your gateway when communicating with routed hosts
 
 5. Traceroute - traces path between client & server || host-A & host-B
Supports multiple methods: ICMP, UDP, TCP
Uses ICMP TTL to determine number of hops between source and destination
Note: Initial ICMP TTL = 1 - for your default gateway
Note: After discerning default GW, traceroute increments ICMP TTL to 2.
Note: Default method is to use UDP:33434 & increment per hop found
Note: However, default method isn't always fruitful. Try other methods: ICMP, TCP
  a. 'traceroute 192.168.75.1' - default route
  b. 'traceroute www.linuxcbt.com'
 
ICMP TTL HOST Probe1 Probe2 Probe3
  1  192.168.75.1 (192.168.75.1)  0.643 ms  0.471 ms  0.547 ms
 2  bras11-l0.mrdnct.sbcglobal.net (204.60.4.47)  12.760 ms  14.205 ms  16.387 ms
 
  c. 'tracepath www.linuxcbt.com' - returns route and MTUs if possible
 
Nslookup - Non-interactive | Interactive - searches default DNS servers: /etc/resolv.conf
  1. 'nslookup www.linuxcbt.com' - non-interactive query
  2. 'nslookup' - enters interactive mode
 
DIG - non-interactive
  1. 'dig www.linuxcbt.com'
  2. 'dig linuxcbt.com mx | ns' - returns mx | ns records respectively
  3. ' dig -x IP ' - reverses the query and returns the PTR record
 
Host - non-interactive
  1. 'host www.linuxcbt.com' - returns forward IP address
  2. 'host -C linuxcbt.com' returns SOA records
 
Whois - Searches for various objects: IPs, domains, etc.
  1. 'whois linuxcbt.com'
 
 
###IPv4 Configurations###
Features:
 1. Interface Configuration - 'ifconfig'
 2. DHCP and/or Static Configuration support
 3. Virtual (sub) interfaces - IPv4 aliases
 4. Displays important metadata for various OSI layers, errors, diagnostics, etc.
 
Tasks:
 1. 'ifconfig' - dumps current configuration of active interfaces
Note: You should ALWAYS see the 'loopback' interface
Note: 'gnome-nettool' - provides ifconfig info., as well as various utilities
 
 2. Use 'ifconfig' to define a new IPv4 sub-interface of: eth0
  a. 'ifconifg eth0:1 192.168.75.31' - temporarily assigns the address for the uptime of the box
Note: Sub-interfaces allow applications, i.e. Apache, to bind services to them
 
 3. Restart 'networking' service and confirm interface availability
Note: temporary sub-interface survives restart of 'networking' service, but NOT stop|start
 
 4. Ensure that sub-interface persists reboots
  a. '/etc/network/interfaces' - primary interface configuration file
   'ping -I 192.168.75.32 ping 192.168.75.31'
 5. Explore ALL interfaces:
  a. 'ifconfig -a' - enumerates ALL active | non-active interfaces
 
 6. Remove interfaces:
  a. 'ifconfig del eth0:1 192.168.75.31' - removes for the session: eth0:1
  b. 'ifconfig del eth0:2 192.168.75.32' - removes for the session: eth0:2
 
 
###IPv6 Configuration###
Features:
 1. Self-configuring
 2. Based on 128-bit addresses, vs. 32-bit address space for: IPv4 approx. 4billion addresses
 3. Enabled by default
 4. Typically configured via router
 5. Incorporates the MAC address of the connecting NIC
Note: MAC addresses use 48-bits
 6. IPv6 addresses are subnetted with /64, which means: /64 for nets & /64 for hosts
 
Tasks:
 1. Explore ifconfig configuration
inet6 addr: ::1/128 Scope:Host - loopback configuration
 
'ifconfig'
eth0      Link encap:Ethernet  HWaddr 00:0c:29:4d:e5:2c  
          inet addr:192.168.75.30  Bcast:192.168.75.255  Mask:255.255.255.0
          inet6 addr: 2002:4687:db25:2:20c:29ff:fe4d:e52c/64 Scope:Global
          inet6 addr: fe80::20c:29ff:fe4d:e52c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2269277 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2204154 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:159602581 (152.2 MiB)  TX bytes:1029103297 (981.4 MiB)
          Interrupt:18 Base address:0x1400 
 
 
Note: Routable IPv6 interfaces define by default a link-local address that is routable on the layer-2 broadcast domain (VLAN)
Note: Routable IPv6 interfaces will also auto-configure IPv6 addresses from edge devices: routers, firewalls, layer-3 switches
 
inet6 addr: fe80::20c:29ff:fe4d:e52c/64 Scope:Link
Note: IPv6 safely ignores leading zeroes
 
6-to-4 Address configured on router and distributed automatically:
6-to-4 Addresses include:
 1. 2002 prefix - 48-bits
 2. Embedded IPv4 routable address - 32-bits
 3. MAC address of the host - 48-bits
inet6 addr: 2002:4687:db25:2:20c:29ff:fe4d:e52c/64 Scope:Global
 
Note: IPv6 address fully reveal your client's, or NIC's identity, as well as your IPv4 Internet presence if using 6-to-4 routing
 
Note: Edge devices, including DHCP6 servers, simply provide the IPv6 prefix. i.e. /64
 
 
###Trivial File Transfer Protocol###
Features:
 1. Fast, connectionless (UDP-based) file transfers
 2. Used primarily with network devices: routers, switches, firewalls, VOIP phones, PXE clients
 3. PXE installations/booting support
 4. Runs via INETD
 
Task:
 1. Install 'atftpd' & 'atftp'
Note: Default installation sets-up: /etc/inetd.conf & invokes the service
Note: Default configuration binds to: UDP:69
Note: Default monitor directory: /var/lib/tftpboot
 
 
 2. Backup Router configuration via ATFTPD
  a. 'copy running-config tftp://192.168.75.30/ciscorouter.config'
 
Note: ATFTPD auto-configures the appropriate permissions to facilitate writes to directory
  b. Pull configuration from ATFTPD
   b1. 'copy tftp://192.168.75.30/ciscorouter.config running-config'
   b2. 'wr mem' - copies running-config startup-config - for persistence across reboots
 
 3. Backup Firewall Configuration via ATFTPD
  a. 'tftp-server inside 192.168.75.30 /pixfirewall.config' - sets variable in PIX config
  b. 'wr mem' - saves configuration for persistence
  c. 'wr net' - dumps configuration to Net location
 
 4. Connect from Linux TFTP client on RedHat box
  a. install 'tftp' client
  b. 'tftp -v 192.168.75.30 -c get ciscorouter.config' - get file from TFTP server
  c. 'tftp -v 192.168.75.30 -c put scp*' - put file to TFTP server
 
 
###File Transfer Protocol Daemon Service###
Features:
 1. Supports authentication
 2. Connection-oriented - TCP:21 - control channel, arbitrary TCP ports for data channels
 3. Supports Passive and Active communications
  a. Active = fixed port - TCP:20
  b. Passive = dynamically allocated ports - TCP:55000 - 56000
 
Tasks:
 1. Explore configuration
/etc/vsftpd.conf - primary config file
/etc/logrotate.d/vsftpd
/etc/init.d/vsftpd - standalone /etc/init.d runscript
 
Note: Post-installation, VSFTPD runs as an anonymous, IPv4 FTPD server
 
 2. Enable Anonymous access
  a. uncomment anonymous-related directives
 
 3. Enable local users & chroot them
  a. 'local_enable=YES' - enables authenticated access
  b. 'chroot_local_user=YES' - forces chroot jail 
 
 
 
###LFTP###
Features:
 1. Sophisticated FTP client access
 2. FTP, FTPS, SFTP, HTTP - multiple protocols
 3. Content mirroring - forward (default/pull) and reverse (put)
 4. Functions: interactively/non-interactively
 5. Scriptable - batch-mode
 6. Maintains command-history
 7. Interactive environment is BASH-like
 8. Supports tab-completion
 
Tasks:
 1. Explore package contents
/usr/bin/lftp - key binary
/etc/lftp.conf - key global config
 
Note: 'set -a' - produces the possible directives supported by LFTP
 
 
 2. Upload/Download items
  a. 'open -u linuxcbt localhost' - connects to local FTPD
Note: This simply builds the connection string. The connection will not be used until a command that requires the connection is excuted. i.e. 'ls'
Note: FTP Servers maintain control (credentials) and data (data transfers) connections
 
  b. '!bash' - exits temporarily to the shell
 
 3. Create a simple script to upload and download items
  a. 'lftp -f lftpscript1.lftp' - executes LFTP non-interactively, batch-mode
 
 4. Download using HTTP
  a. 'lftp http://192.168.75.50/RH54' - allows you to explore HTTP server
 
 5. Upload/Download using SSH
  a. 'lftp -u linuxcbt sftp://192.168.75.50'
 
 6. Rate-limit
  a. 'set net:limit-rate 500' - limits transfers to 500Bps
 
 7. Background/Foreground jobs
  a. 'CTRL-Z'
  b. 'fg' - brings the job to the foreground
  c. 'jobs' - enumerates current job status
 
 8. Mirroring
  a. 'mirror -v work/' - mirrors 'work' directory by pulling to client
  b. 'mirror -v -R work/' - mirrors 'work' directory remotely by putting differences
 
Note: If you need to pull items non-interactively, consider: 'wget' and/or 'curl'
 
###TelnetD###
Features:
 1. Virtual Terminal Access: vty
 2. Clear-text based: not secure, but fast
 3. May save you in the event that SSH is unavailable
 
 
Tasks:
 1. Installation - installs via INETD and enables by default
 2. Test connectivity
Note: Default Debian installation does NOT install SSHD, however, SSH client is installed
Note: Succesfull Telnet authentication will echo: /etc/motd
Note: Install telnetd, but disable in: /etc/inetd.conf untill needed
Note: INETD is managed via: /etc/init.d/openbsd-inetd
Note: INETD-spawned services/daemons remain open/running until sessions have been terminated
Note: TELNETD uses the same PTS, or, pseudo-terminal allocation as SSHD
Note: TELNETD supports SSL, however, client support is sparse. Use SSHD instead
Note: TELNETD is NOT a SECURETTY, and 'root' may not use it by default
Note: SSHD shares the same pseudo-terminals, however, SSHD is inherently secure
 
 
###Dynamic Host Configuration Protocol (DHCP)###
Features:
 1. Automatic client configuration
  a. IP address
  b. subnet mask
  c. default gateway/router
  d. WINS server(s)
  e. NTP server(s)
  f. PXE configuration
 2. UDP-based
 3. Broadcast-based
 
 
Tasks:
 1. Disable DHCP on Cisco router
  a. 'no ip dhcp pool DEFAULT75'
 
 2. Install DHCP Server
  a. 'dpkg -L dhcp3-server' - enumerates embedded files
/etc/dhcp3/dhcpd.conf - primary config file
/var/lib/dhcp3 - primary container for leases
 
 3. Prep /etc/dhcp3/dhcpd.conf for production
 
# 192.168.75.x Definition
subnet 192.168.75.0 netmask 255.255.255.0 {
  range 192.168.75.20 192.168.75.49;
#  option domain-name-servers ns1.internal.example.org;
  option domain-name "linuxcbt.internal";
  option routers 192.168.75.1;
  option broadcast-address 192.168.75.255;
#  default-lease-time 600;
#  max-lease-time 7200;
}
 
 4. Route LOCAL7 via Syslog
 
 5. Start DHCP server and test configuration
 
dhcpd.leases - primary lease file
 
Note: DHCP clients & servers participate in the: DORA process
Discover Offer Response Acknowledgement (DORA)
 
lease 192.168.75.20 {
  starts 4 2010/03/18 14:47:57;
  ends 5 2010/03/19 14:47:57;
  cltt 4 2010/03/18 14:47:57;
  binding state active;
  next binding state free;
  hardware ethernet 00:11:43:76:1f:67;
  uid "\001\000\021Cv\037g";
  client-hostname "linuxcbtwin3";
}
 
 
###BIND - DNS###
Features:
 1. Name-to-IP resolution - forward DNS
 2. IP-to-Name resolution - reverse DNS
 
Tasks:
 1. Install BIND
/etc/bind/named.conf - primary config file
/usr/sbin/named - primary DNS server binary
 
 2. Update DHCP to route clients to BIND instance
 
 3. Default Caching-Only instance
 
 4. Query the DNS server from multiple hosts
  a. 'dig @192.168.75.30 www.linuxcbt.com'
Note: Caching-only servers hold records for the TTL duration permitted by the authoritative name servers
Note: Initial query is usually slower (considerably), than subsequent queries
Note: DNS records may share or sport distinct TTLs
 
 5. Setup Primary DNS - NS - Authoritative server for a zone
  a. Use: /etc/bind/db.local as template
  b. define 'linuxcbt.internal'
  c. Updated: /etc/bind/named.conf.local to reference the zone: 'linuxcbt.internal'
  d. Restart named
 6. Perform queries against primary DNS server from various clients
Note: Primary DNS configuration does not disable caching-only configuration. It's cumulative
 
 
 6. Setup Secondary DNS - NS - Authoritative server for a zone
  a. Use: /etc/bind/db.linuxcbt.internal as template
 
 zone "linuxcbt.internal" {
                type slave;
                file "slaves/linuxcbt.slave.internal.zone.db";
                masters { 192.168.75.30; } ;
                // put slave zones in the slaves/ directory so named can update them
        };
 
 
 
 7. Reverse DNS configuration - IPv4
  a. Will use: '*.in-addr.arpa'
  a1. '75.168.192.in-addr.arpa'
  a2. 'cp db.127 db.192.168.75' - copy template reverse file & include reverse records for NS servers
  a3. update: /etc/bind/named.conf.local
zone "75.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/db.192.168.75";
};
 a4. Restart & test with queries
  a4.1 'dig @192.168.75.30 -x 192.168.75.30' - executes reverse query against specific DNS box
 a5. Include more reverse records
 
 a6. Replicate reverse IPv4 zone to secondary system
 ###Our Slave Zone for: 192.168.75.0/24###
         zone "75.168.192.in-addr.arpa" {
                type slave;
                file "slaves/db.192.168.75.zone";
                masters { 192.168.75.30; } ;
                // put slave zones in the slaves/ directory so named can update them
        };
 
 
8. Reverse zone for: IPv6
Note: Reverse IPv6 zone requires: reverse nibble notation
Note: A nibbile, is half a byte or 4-bits
2002:4687:db25:2:20c:29ff:fe4d:e52c/64
2 0 0 2 4 6 8 7...
 
 
 a. Define a zone statement to handle the reverse IPv6 zone
Note: Split 128-bit address into 2-regions, subnet/host ID i.e. /64-based
Note: Reverse the bits of the network using nibble notation
Note: Be sure to expand all zeroes!
2002:4687:db25:2:
2002:4687:db25:0002
 
 zone "2.0.0.0.5.2.b.d.7.8.6.4.2.0.0.2.ip6.arpa" {
    type master;
    file "db.2.0.0.0.5.2.b.d.7.8.6.4.2.0.0.2.ip6.arpa";
}
 
 b. Define individual IPv6 reverse entries based on: right-most host ID
2002:4687:db25:2: 20c:29ff:fe4d:e52c/64 - linuxcbtdeb1
 
 c.2.5.e.d.4.e.f.f.f.9.2.c.0.2.0    IN    PTR    linuxcbtdeb1.linuxcbt.internal.
 
 d. Perform reverse queries
  'dig @192.168.75.30 -x 2002:4687:db25:2:20c:29ff:fe4d:e52c'
 
 e. Insert reverse IPv6 addresses for other hosts
2002:4687:db25:2:202:b3ff:feb8:a00
 
  '0.0.a.0.8.b.e.f.f.f.3.b.2.0.2.0    IN    PTR    linuxcbtsuse1.linuxcbt.internal.'
 
2002:4687:db25:2:20c:29ff:fe75:3bf6
 
  ' 6.f.b.3.5.7.e.f.f.f.9.2.c.0.2.0    IN    PTR    linuxcbtserv1.linuxcbt.internal.'
 
 f. Replicate configuration to RedHat server
 
 
###Samba###
Features:
 1. Lan Manager/NETBIOS-like server for Linux | Unix -based systems
 2. Publish shares
 3. Publish printers
 4. Authenticate to AD
 
 
Tasks:
 1. Install Samba support
Note: Either client or server requires the 'samba-common' package
 
Note: 'smb.conf' is the primary config file with settings for: clients & servers
 
 2. Explore key clients
  a. /usr/bin/smbtree - functions akin to network neighborhood (enumerates SMB hosts) - Uses broadcast and WINS(if defined)
 - Also returns workgroups, and shares
  b. 'smbtree'
 
/usr/bin/smbclient - permits connections to shares - interactively - FTP-like
Note: MacOSX also includes 'smbclient'
  c. 'smbclient -U dean //linuxcbtwin1/LinuxCBT'
 
 
  d. SMBGet - like 'wget'
   d1. 'smbget -u administrator smb://linuxcbtwin1/LinuxCBT/1million.txt'
 
  e. SMBTar - like 'smbget' but rolls items into a tarball
   e1. 'smbtar -s linuxcbtwin1 -x temp2 -p "abc123" -u dean -t linuxcbtwin1.backup.tar'
 
 
 3. Install Samba Server
  a. Explore the configuration
Note: Samba is implemented primarily as 2 daemons:
 1. 'smbd' - server message block daemon - SMB/CIFS requests for file & print services
 2. 'nmbd' - name registrations - WINS connectivity
 
/etc/init.d/samba - INIT script for both daemons
/etc/samba - top-level container (directory) for Samba configuration files
/usr/sbin/nmbd - NETBIOS Name Daemon
/usr/sbin/smbd - SMB/CIFS - File & Print Server
/etc/samba/smb.conf - primary, monolithic config file, managed manually and/or by SWAT
Note: It is recommended that you select 1 method of: smb.conf management: SWAT or manual
Note: /var/log/samba/log.%m - each SMB/CIFS client spawns a distinct log file
 
  b. Start Samba Server
   b1. 'invoke-rc.d samba start' - this starts 'smbd' & 'nmbd'
 
Note: 'smbd' binds to TCP:139 for IPv4 & IPv6 for SMB service
Note: 'smbd' ALSO binds to TCP:445 for IPv4 & IPv6 for CIFS services
Note: 'nmbd' binds to UDP:137 & UDP:138 for NETBIOS Name support
Note: Samba dynamically generates $HOME shares for connecting clients
Note: These $HOME shares do NOT appear in 'smbtree' dumps
 
 
###Samba Samba Web Administration Tool (SWAT)###
Features:
 1. Web-GUI to manage Samba
 
/usr/sbin/swat - primary binary
 
Tasks:
 1. Explore Interface
  1a. http://localhost:901
  1b. Documentation
  1c. Globals - globals area of: smb.conf - global directives - NETBIOS Name, Network info, etc.
 
Note: SWAT, upon invocation, loads directives from: smb.conf
Note: SWAT presents 2 views:
 1. Basic - reflects commonly-referenced, important, directives
 2. Advanced - reflects ALL Samba-supported directives
 
 2. Manage Users using 'smbpasswd'
  2a. 'smbpasswd -a linuxcbt'
 
###NFS####
Features:
 1. Transparent access to remote file systems
 2. Ability to consolidate and centralize storage
 3. Roaming users
 
 
Tasks:
 1. Explore client package: 'nfs-common'
  1a. 'showmount linuxcbtdeb1'
 
 2. Install NFS-Kernel-Server
 
 3. Export directories
  3a. 'nano /etc/exports' - include '/public' - read only
  3b. 'showmount --all linuxcbtdeb1' - reveals currently mounted systems and shares
  3c. publish content: /public with various permissions for various hosts
    'nano /etc/exports' - include updates
    'exportfs -r' - re-exports items listed in: /etc/exports - removes old rule(s) and publishes new rules
Note: By default, 'root_squash' is enabled on ALL NFS exports
Note: Root squashing equates the client 'root' user to the server's 'nobody' user
 
 
###File System in User Space (FUSE)###
Features:
 1. Permits non-root users the ability to mount FSs into user-space
 
 
Tasks:
 1. Install fuse-utils & fuseiso
  1a. using Synaptic
 2. Download ISO image
 3. Use FUSE (fuseiso) to mount the image
  3a. 'fuseiso -p filename.iso isotemp/' - auto-creates 'isotemp/' target and deletes it upon closing/unmounting
Note: FUSE mounts using i.e. 'fuseiso' are viewable by the owner of the mount only, by default
Note: /etc/
 
Note: non-root users must be made members of: 'fuse' group in order to use 'fuse'
 
 4. Install SSHD - so we may generate a new environment for the user to use 'fuse'
Note: By default, event 'root', is unable to interact with FUSE-mounted virtual file systems mounted by other users
 
Note: http://fuse.sourceforge.net/ - explore other modules
Note: Underlying FS is ultimately responsible for DAC permissions
 
 
###Apache Web Server###
Features:
 1. De facto standard HTTP server
 2. Modular
 3. Supports IPv6 (implies IPv4) by default
 
Tasks:
 1. Confirm installation/explore packages
/etc/apache2 - top-level, configuration file container
/etc/apache2/conf.d - top-level configuration script container
/etc/apache2/conf.d/apache2-doc - documentation config directives
/etc/apache2/httpd.conf - primary configuration file - all other config files are called from: httpd.conf, however, in Debian, the file is: apache2.conf
 
###Aliases re-route user requests from web-space to file-system space###
Alias /manual /usr/share/doc/apache2-doc/manual/
 
<Directory "/usr/share/doc/apache2-doc/manual/">
    Options Indexes FollowSymlinks
    AllowOverride None /* Ensures that .htaccess directives do NOT apply */
    Order allow,deny
    Allow from all
    AddDefaultCharset off
</Directory>
 
ports.conf - contains IP binding information
Note: Apache is started as 'root' and then subsequent processes (children) run as non-privileged user
 
 
ErrorLog /var/log/apache2/error.log - global error log. Applies to ALL virtual hosts if undefined at the virtual host level
Note: Apache directives flow top-down. If a directive is undefined at the virtual host level, the default host (apache2.conf|httpd.conf) directive(s) will apply
 
Modules:
 1. 'mods-available' - repository of *.conf & *.load items
 2. 'mods-enabled' - symlinked items to 'mods-available'
Note: *.load files contain 'LoadModule' statements to load the *.so file
 
 1. 'sites-available' - repository of sites (virtual hosts)
 2. 'sites-enabled' - symlinks to 'sites-available'
 
/etc/apache2/sites-available/default:
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ - /* Like alias, but permits CGI script execution */
 
 
Alias /doc/ "/usr/share/doc/" - /* permits HTTP access to system documentation */
Note: Trailing '/' MUST be preserved by connecting client
 
 
###Apache Logs###
Features:
 1. Extracts from client-server communications
 
 
Tasks:
 1. Explore the default log configuration
/etc/apache2/apache2.conf - contains the default formats
Note: Apache supports 2 types of logs:
 1. Error log (error.log) - traps errors from: debug - emergency - bad messages
 2. Access log (access.log) - traps connection messages for content - good messages
Both files are located in: /var/log/apache2
 
/etc/apache2/apache2.conf
 
Syntax: LogFormat One_or_more_vars nickname/alias
 
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#     
# Define an access log for VirtualHosts that don't define their own logfile
CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined
 
LogFormat Vars:
%v - name of the virtual host that created the log entry
%p - port of the virtual host
%h - connecting host's IP address, by default
%l - ident check, note: usually non-existent '-'
%u - connecting user name - will be present wherever authentication is used. i.e. Basic, digest, etc.
%t - timestamp of the connection, from the server's perspective
%r - request method - i.e. GET/POST/etc.
%s - status code returned to client - i.e. 200(good),300(redirects),400(content error),500(server error)
%b - size of content returned to client - optional '%B' - logs '0' instead of '-'
%{Referrer} - who sent you here
%{User-agent} - connecting Browser: IE, Firefox, Chrome, iPhone, Droid, etc.
 
Note: Apache logs synchronously, which means, you may configure a virtual host to log to separate files simultaneously
 
###Sample Log Entry##
127.0.0.1 - - [22/Mar/2010:12:02:48 -0400] "GET /manual/en/mod/mod_log_config.html HTTP/1.1" 200 6959 "http://localhost/manual/en/logs.html" "Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.18) Gecko/20080528 Epiphany/2.22"
 
Note: Errors pertaining to content access (400x), and server errors (500x) will appear in: /var/log/apache2/error.log
 
Note: 200x errors are typically reflected in the access.log file
 
###Virtual Hosts###
Features:
 1. IP-based - one IP per site
 2. Named-based - shared IP address across sites
 
Tasks:
 1. Explore Default Host configuration
<VirtualHost IP[:Port]>
    One or more directives
    ServerName
    DocumentRoot
    <Directory *>
    </Directory>
</VirtualHost>
 
 2. Define users and setup virtual hosts for those users
 
Site1 (Name-based VHost):
<VirtualHost *:80>
    #One or more directives
    ServerName site1.linuxcbt.internal
    DocumentRoot /home/site1/wwww
    <Directory /home/site1/wwww>
        Options -Indexes FollowSymLinks -MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
    </Directory>
</VirtualHost>
 
    b. Update DNS to include new site
 
Repeat for second client: (site2)
Site1 (Name-based VHost):
<VirtualHost *:80>
    #One or more directives
    ServerName site2.linuxcbt.internal
    DocumentRoot /home/site2/wwww
    <Directory /home/site2/wwww>
        Options -Indexes FollowSymLinks -MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
    </Directory>
</VirtualHost>
 
    b. Update DNS to include new site
 
Note: Apache serves content from the Default Virtual host if the request URI doesn't match any of the defined virtual hosts
 
 
3. Reconfigure Name-based virtual hosts to be IP-based virtual hosts
Note: After VHosts update, be sure to update DNS
 
 
###Apache SSL###
Features:
 1. Encrypted communique between client & server
 2. Confidentiality and integrity of communique
 3. Ability to have 3rd-party sign-off (public CA) i.e. Godaddy, Thawte, etc.
 4. Ability to self-sign certificates
 
Tasks:
 1. Explore the SSL environment
'ssl-cert' package is required
'/usr/sbin/make-ssl-cert' - generates self-signed certificate - wrapper for 'openssl'
'/usr/share/ssl-cert/ssleay.cnf' - template for generating self-signed certs
 
 2. Enable 'default-ssl'
  2a. symlink 'default-ssl' from 'sites-available' to 'sites-enabled'
  2b. symlink 'ssl.*' from 'mods-available' to 'mods-enabled'
Note: Both private and public keys will appear in the same file
  2c. Confirm the: /etc/apache2/ports.conf configuration to ensure: 'Listen 443' is present
  2d. 'invoke-rc.d apache2 restart'
  2e. Test SSL communications
 
Note: '_default_:443' SSL Vhost will respond to requests on ALL IPv[4|6] addresses
 
 3. Segment SSL traffic using IP-based virtual hosts
  3a. Update: /etc/apache2/ports.conf
  3b. Update: /etc/apache2/sites-enabled/default-ssl
 
 4. SSL-enable IP-based Virtual Host: site1.linuxcbt.internal
  4a. site1.linuxcbt.internal
  4b. 'make-ssl-cert /usr/share/ssl-cert/ssleay-site1.cnf /etc/ssl/certs/site1ssl.pem'
  4c. 'cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/site1-ssl'
  4d. Update '/etc/apache2/ports.conf'
  4e. 'cd /etc/apache2/sites-enabled && ln -s ../sites-available/site1-ssl'
  4f. Change SSL port to non-standard: TCP:4443
 
 5. SSL-enable IP-based Virtual Host: site2.linuxcbt.internal
  5a. 'make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/site2ssl.pem'
  5b. 'cp /etc/apache2/sites-available/site1-ssl /etc/apache2/sites-available/site2-ssl'
  5c. symlink sites-available/site2-ssl to: /etc/apaches2/sites-enabled
  5d. updates: /etc/apache2/ports.conf to 'Listen 192.168.75.32:443'
 
 
 
###PHP###
Features:
 1. Dynamic Web page generation
 2. Operates from CLI. i.e. 'perl'
 
Tasks:
 1. Explore the default configuration
 
 2. Expose the info page
  2a. '<? phpinfo(); ?>' - PHP code with short tags
 
 
###Webalizer - Log Analysis###
Features:
 1. Common Log Format (CLF) - default for Apache
 2. Combined Log Format - Includes CLF plus User_Agent, Referrer
 3. FTP
 4. Post-processor
 5. Yields yearly, monthly, daily and hourly stats
 6. May be executed via cron
 
 
Tasks:
 1. Install 'webalizer'
 
 2. Explore package
/usr/bin/webalizer - primary binary
/etc/webalizer/webalizer.conf - primary config
/etc/cron.daily/webalizer - runs daily
/usr/bin/webazolver - symlinked to: /usr/bin/webalizer - invokes webalizer in resolve mode
 
 3. Process log file - default site
  3a. modify: /etc/webalizer/webalizer.conf
Note: Typically users/administrators maintain 1 webalizer.conf file per site
 
 4. Execute 'webalizer'
  4a. 'webalizer 
 
 5. Setup in cron to auto-run
 
 
 
###Patch Manager###
Features:
 1. Self-managing
 2. Downloads, by default, security updates
 3. References: /etc/apt/sources.list - for reference to: http://security.debian.org
Note: Debian security updates are provided: free-of-charge
 4. Can be configured to serve updates internally: via /etc/apt/sources.list
 
 
###MySQL###
Features:
 1. RDBMS
 
Tasks:
 1. Install MySQL
  1a. Forces the installation of the 'mysql-client-*' package, plus dependencies and empty packages
Note: Aptitude auto-resolves the latest packages from its list of sources
 
Note: Default super-user is named: 'root' , NOT to be confused with Linux user: 'root'
Note: MySQL maintains users internally within the default: 'mysql' DB, 'users' table.
 
 2. Explore MySQL packages
  2a. '/usr/bin/mysql' - primary client, which provides terminal, interactive | non-interactive support
  2a1. 'mysql -p' - prompts for password
  2a2. 'mysql -e 'command' [database]' - executes the command 
 
Note: MySQL users are defined in the form: user@host. i.e. 'root@localhost'
Note: Default Debian MySQL implemenation disables 'anonymous access' and enforces a password for the 'root' users
 
  2b. '/usr/bin/mysqldump' - backs-up one or more DBs
  2c. '/usr/bin/mysqladmin' - start|restart|change password|etc.
  2d. '/usr/bin/mysqlimport' - imports data from text files
 
Note: Each MySQL client reads a hierarchy of configuration files: global & local and CLI-options
 
 
 3. Define simple database and data set
  3a. 'create database addressBook;'
  3b. ' create table contacts (`fName` char(20), `lname` char(20), `phone1` char(20), `email` char(30), PRIMARY KEY (`email`) ); '
  3c. ' INSERT INTO contacts (fname,lname,phone1,email) VALUES ('Johan','Doe','888-573-4943','[email protected]'); '
 
  3d. ' INSERT INTO contacts (fname,lname,phone1,email) VALUES ('Jane','Doe','888-573-4943','[email protected]'); '
 
  3e. ' UPDATE contacts SET fname='John' WHERE fname='Johan';
  3f. 'DELETE FROM contacts where fname='John'; '
 
###PHPMyAdmin###
Features:
 1. De facto Web GUI to administer MySQL
 2. Echoes the resultant SQL commands per execution. i.e. click on something and the SQL statement appears. Helps you to learn SQL syntax.
 
Tasks:
 1. Install PHPMyAdmin
 
 2. Explore package contents
 
 
###Postfix - SMTP###
Features:
 1. Message Transfer Agent
 2. Derivative/improvement on SendMail
 
Tasks:
 1. Install Postfix
/usr/sbin/postconf - used to dump/change Postfix configuration
/usr/sbin/postsuper - admin duties on running server
/usr/sbin/sendmail - drop-in replacement for original binary
/usr/lib/postfix/smtp - SMTP client used by Postfix to talk to other SMTP servers
/usr/lib/postfix/smtpd - SMTP server used to receive message and connections
/usr/bin/mailq - enumerates the contents of the mailq
/usr/lib/postfix/master - main master binary, which controls all of sendmail
 
 2. Explore the configuration
/etc/postfix - primary, top-level configuration container
/etc/postfix/main.cf - primary config file
 
 
###Aptitude - Sources.list Update###
Features:
 1. Ability to reference packages from the file system
 
 
Tasks:
 1. Mount ISO image permanently and reference it via: /etc/apt/sources.list
  1a. 'mount -t iso9660 -o loop /home/linuxcbt/Debian_5x/debian-504-i386-DVD-1.iso /home/linuxcbt/Debian_5x/1' - mounts ISO image in target location
  1b. Update: /etc/fstab
  1c. Update: /etc/apt/sources.list via Synaptic Package Manager, or manually from the shell
  1d. Reload the package repository DB using Synaptic Package Manager
 
 
###IMAP/POP3 Support###
 
Features:
 1. IMAP - stores message on the server, entirely. i.e. GMAIL, Yahoo, OWA
 2. POP3 - used to download messages to client.
 3. Mail-retrieval protocols
 4. Support for encryption: SSL/TLS
 5. Dovecot: supports both mbox and Maildirs
 
Tasks:
 1. Install Dovecot IMAP. Removes existing IMAPD package, by default
 2. Explore the contents of Dovecot
/etc/dovceot/dovecot.conf - primary config file
 3. Retrieve messages using MUA: IMAPD
 
 4. Install POP3D
 5. Disable clear-text mail-retrieval support
  5a. /etc/dovecot/dovecot.conf - disable 'pop3' & 'imap'
  5b. 'invoke-rc.d dovecot restart' - unbinds clear-text protocols
 
###SquirrelMail###
Features:
 1. Web GUI/Mail User Agent (MUA) for accessing mail via IMAPD - front-end
 2. Virtual hosts
 3. Modular
 
Note: To obtain the latest, navigate to: squirrelmail.org
 
Tasks:
 1. Install Squirrelmail
 2. Explore configuration
/etc/squirrelmail/apache.conf - primary Apache config file
 3. Access & browse SquirrelMail interface
 4. Enable IMAP (clear-text)
 
###GNU Privacy Guard (GPG)###
Features:
 1. Implements the OpenPGP standard
 2. Provides data encryption services based on PKI (asymmetric encryption)
 3. Digital signatures (based on owner's private key)
 4. Auto-compresses content
 
Tasks:
 1. Explore the GPG environment
/usr/bin/gpg - primary binary used to encrypt/decrypt correspondence (files/e-mails/etc.)
  1a. ' gpg --list-keys ' - enumerates public keys on key chain
  1b. ' gpg --gen-key' - generates PKI pair of keys
  1c. ' gpg --export ' - exports the public key, so that others may encrypt information to us
Note: Repeat the process on the remote user's side to have 2-way encryption/signature services
 
Note: Digital signatures prove authenticity because access to the secret/private key of the PKI pair is restricted to the owner and 'root'
Note: A passphrase adds an additional level of security to PKI in the event that the PKI pair has been compromised: physically(locally), or remotely
 
 2. Generate usage keys on remote side
  2a. 'gpg --gen-key' - generate keys as 'root'
Note: 'gpg --list-secret-keys' - enumerates private key(s) from keychain
 
 3. Sign and encrypt data to ourself
  3a. 'gpg --encrypt -r pub_key_ID 1000.txt' - generates '1000.txt.gpg' encrypted file
  3b. 'gpg --decrypt 1000.txt.gpg' - decrypts, if private key is on keychain of current user
  3c. 'gpg --encrypt -o 1000.txt.pgp -r pub_key_ID 1000.txt' - encrypts with '.pgp' suffix
 
 4. Sign and encrypt with business partner ([email protected])
  4a. ' exchange public keys'
     'gpg --export ' - creates binary file
     'gpg --import key_file' - imports key file
 
###Network Mapper (NMap)###
Features:
 1. Reconnaissance Scans
 2. Set a baseline configuration
 3. Compare against the baseline
 4. Port scans
 5. Host | device detection: i.e. Jetdirect card, Dell box, Apple computer, etc.
 6. Service detection: i.e. VSFTPD, SSH and optionally version
 7. Multi-target scanning
 8. Automation
 9. IPv6 scanning
 
Tasks:
 1. Install NMap
 2. Explore package | usage
/usr/bin/nmap - primary binary
/usr/share/nmap/nmap-mac-prefixes - host | device detection
/usr/share/nmap/nmap-services - port-to-servicename conversion
 
 3. Run 'nmap' in a variety of ways to help tighten our security posture
  3a. ' nmap -v localhost'
Note: As 'root' nmap defaults to 'SYN' scans, however, as anyone else, nmap defaults to 'TCP Connect' scan.
Note: Usually, 'SYN' scans do not alert the application behind the open port, however, 'TCP Connect' scans complete the 3-way TCP handshake, alerting the listening application
 
 
Note: A scan of the loopback adapter is not indicative of what remote users will see, with some exceptions: i.e. SSH tunnels
 
  3b. 'nmap -v 192.168.75.30-32' - scans 3-IPs, .30,.31,.32 for open ports, TCP
  3c. 'nmap -v -sU 192.168.75.30-32' - scans 3-IPs, for open UDP ports
  3d. 'nmap -v -sV ...' - performs a service scan, which returns: service names and versions
 
Note: NMap defaults to TCP scans because the majority of applications are TCP-based
Note: NMap dumps output, by default, to STDOUT, which means, you will lose valuable info. if you don't route to a log file
 
  3e. 'nmap -v -sV -iL filename' - supply host(s) via a file
  3f. 'nmap -v -oN nmap.scan.log -sV -iL filename' - creates Normal NMap output
  3g. 'nmap -v -sP -oN nmap.scan.log -iL filename' - performs a quick PING scan
  3h. 'nmap -v -p 3389 -oN nmap.scan.log -iL filename' - scans TCP:3389 across the subnet
Note: Ensure that centralized NMap host has unfettered access to interesting subnets
  3i. 'nmap -v -O -oN nmap.scan.log -iL filename' - scans for OS detection
###TCPDump###
Features:
 1. Packet capturing of myriad protocols
 2. Supports: Berkeley Packet Filters (BPFs)
 
 
Tasks:
 1. Install TCPDump
/usr/sbin/tcpdump - primary binary
 
 2. Usage examples
  2a. 'tcpdump -v -i eth0'
 
'02:08:38.419385 IP (tos 0x0, ttl 64, id 54461, offset 0, flags [DF], proto TCP (6), length 62) macbook1.local.60842 > linuxcbtdeb1.linuxcbt.internal.5900: P, cksum 0x029e (correct), 191:201(10) ack 695980 win 65535 <nop,nop,timestamp 212564549 65206757>
 
'
 
 2b. 'tcpdump -w tcpdump.capture -i eth0' - creates a TCPDump file
 2c. 'tcpdump -r tcpdump.capture' - reads the previously-created TCPDump file
 2d. 'tcpdump -c 3 -i eth0 -w tcpdump.capture2' - captures 3 packets and exits
Note: Each packet is represented by a line, but the terminal will invariably wrap each line
 2e. 'tcpdump -C 1 -w tcpdump.capture3' - captures 1-million bytes then creates a new file
 2f. 'tcpdump -A -i eth0' - dumps packet payload
 2g. 'tcpdump -e -i eth0' - dumps layer-2 (MAC) info.
 2h. 'tcpdump -A -e -i eth0' - dumps payload and MAC info. - layers 2-7
Note: Packet capturing is a linear progression. Latest information is at the bottom of the capture.
 
 2i. 'tcpdump -D ' - dumps the available interfaces
 2n. 'tcpdump -n ...' - dumps captures without name resolution
 
 3. Apply BPFs
Note: TCPDump supports 3 Qualifiers: 
 1. Type - host|net|port
 2. Direction - src, dst, src or dst, src and dst
 3. Protocol - ip, tcp, udp, icmp, etc.
Note: BPFs support logical Anding and Oring
 
  3a. 'tcpdump -i eth0 -w tcpdump.linuxcbtserv1.capture.1 host 192.168.75.111'
  3b. 'tcpdump -i eth0 -w tcpdump.linuxcbtserv1.capture.2 host 192.168.75.111 and tcp port 21' 
 
Note: BPFs are applicable, for the most part, if a tool is TCPDump-compliant
 
 
###WireShark, formerly known as: Ethereal###
Features:
 1. Packet Capture & analysis
 2. Support for: BPFs (run-time) and Display Filters (post-processing)
Tasks:
 1. Install WireShark
/usr/bin/wireshark - primary binary - run as 'root'
 
 2. Explore interface
Note: Wireshark defaults to: nanosecond precision, however, TCPDump defaults to: microsecond precision
 
 3. Perform various captures/analysis of clear-text, FTP traffic
 
Note: Consider deploying centralized sniffers and route files to back-end post-processor running Wireshark.
 
 
###Lockdown###
Features:
 1. Improve security posture
 
Tasks:
 1. Screensaver set based on inactivity timer
 2. Secure your BIOS
  2a. Setting a usage password
  2b. Disabling removable boot devices: USB, Optical drives
 3. Secure the bootloader: GRUB
  3a. 'grub-md5-crypt' - generates an MD5 password for GRUB: /boot/grub/menu.lst
Note: Consider 'dmcrypt' or 'eCryptFS' to encrypt the FS, in the event the drive is physically compromised, and/or other measures have been circumvented.
Note: 'dmcrypt' requires a password for startup
 
 4. /etc/login.defs - contains defaults for a variety of account variables
Note: Ensure that password encryption algo matches PAM: /etc/pam.d/*
 
 5. Remove 'nullok' from: /etc/pam.d/* - if exists
 6. Disable superfluous services/daemons:
  6a. 'netstat -nutlp' - returns listeners for TCP | UDP
Checklist of daemons to disable:
 1. samba-swat - INETD controlled
  1a. ' update-inetd --disable swat' - disables service in INETD
 2. imap - TCP:143
  2a. '/etc/dovecot/dovecot.conf'  
 
 3. ssh - restrict to 1-IP
 4. postgres
  4a. 'update-rc.d -f postgresql-8.3 remove' 
 5. smbd|nmbd
  5a. 'update-rc.d -f samba remove && /etc/init.d/samba stop && ps -ef | grep smb'
 6. vsftpd
  6a. 'update-rc.d -f vsftpd remove && /etc/init.d/vsftpd stop && ps -ef | grep vsftpd'
 7. tftpd
  7a. 'update-inetd --disable tftp'
 
 8. Disable 'root' access via SSHD
 
Note: Consult Debian documentation for info on: harden* packages
 
 
###IPTables - Firewall###
Features:
 1. Built-in firewall
 2. Stateful inspection
 3. Routing
 4. Network Address Translation (NAT)
 5. Front-end to the Netfilter Kernel firewall
 
Tasks:
 1. Explore configuration
/sbin/iptables - primary binary to write rules and interact with firewall
/sbin/iptables-save|restore - saves & restores IPv4 rules
/sbin/ip6tables - primary binary "" for IPv6 firewall
/sbin/ip6tables-save|restore - ""
 
 2. Use 'iptables'
  2a. 'iptables -L' - lists the chains in the default 'Filter' table
Note: 'Filter' table governs traffic: inbound, outbound, and through (routing) your box
Note: There are 3 default chains in the 'Filter' table
 1. INPUT - traffic sourced from external system destined for your system
 2. FORWARD - router - traffic that is sent through your box
 3. OUTPUT - Traffic sourced from your system to other systems
 
Note: There are 3 default tables:
 1. NAT
 2. Mangle
 3. Filter (Default)
 
 
 2b. Limit inbound traffic to the SMTP server to deny access from Windows server
  2b1. 'iptables -A INPUT -p tcp --dport 25 -s 192.168.75.105 -j DROP'
 
 3. Use 'ip6tables'
Note: Syntax is virtually identically to 'iptables*'
 
 4. Write outbound rules
  4a. 'iptables -A OUTPUT -d 192.168.75.105 -p tcp --dport 3389 -j DROP'

你可能感兴趣的:(linux,职场,休闲,linuxCBT)