NewLinuxInfo
Guides, Info & Tips on New Modern Linux Server Administration
Modern Server Administration of Critical Systems
This information pertains to very modern recent relases of Redhat based distributions, including the latest releases of CentOS and Fedora, which has had most of these service upgrades and replacements for the last few years now!
Basic Linux System Commands - System Management
System Power Off & Reboot
The "shutdown" command has a number of arguments that control how it behaves, such as shutting completely down, or rebooting, with options to send system-wide broadcast messages to all logged in users, apply a delay before shutting down, and other options.
For a simple quick reboot, the alias "reboot" causes an immediate shutdown and startup, resulting in a reboot, hence the name of the command!
As with most all system control commands, you must have eleveated privilges to be the root user, or a memeber of the correct group to allow for usage of sudo to run commands as the root, aka, superuser/administrator. So, as the root user, just typing "reboot" from the command line causes in immediate system reboot without warning or options! If you are not logged in as the root user, then using sudo, assuming you are in the corect sudoers group, to allow you to run the command as if you were logged in as the root user. The command "sudo reboot" then causes an immediate reboot without warning.
The real command to shutdown and reboot the system is the "shutdown" command, with appropriate switches and/or arguments. For instance, to reboot the system now, just as before, but using the shutdown command, the full command to reboot using the shutdown command is as follows:
[jamie@rocky9vm35.dawgland2.com:~]$ sudo shutdown -r now [jamie@rocky9vm35.dawgland2.com:~]$ Connection to rocky9vm35 closed by remote host. Connection to rocky9vm35 closed.
To shut down a system completely, without starting it back up, instead of using the "-r" switch without the quotes, as in the previous example, you use the "-h" switch, without the quotes, as in this example:
[jamie@rocky9vm35.dawgland2.com:~]$ sudo shutdown -h now [jamie@rocky9vm35.dawgland2.com:~]$ Connection to rocky9vm35 closed by remote host. Connection to rocky9vm35 closed.
systemctl
init.d Retired!
The first such service upgrade actually replaced most, if not all of the service init.d startup & shutdown scripts with a very different way of managing the startup, status and shutdown of services, such as the Apache webserver, the CUPS print server, the secure shell, aka the SSH server, and all of the other services that used to be controlled by shell scripts located in the /etc/init.d/ directory. This directory still exists so that in the event that an old legacy service needs to still be managed by the init.d shell scripts, due to the service not yet having the required setup to be managed by the replacement of all of those scripts:
Query Service Status
For instance, here is an example of systemctl being used to query the Secure Shell Server(SSH):
[root@fc24 ~]# systemctl status sshd.service ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pres Active: active (running) since Sun 2016-09-11 01:12:21 PDT; 1h 20min ago Docs: man:sshd(8) man:sshd_config(5) Process: 791 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCE Main PID: 810 (sshd) Tasks: 1 (limit: 512) CGroup: /system.slice/sshd.service └─810 /usr/sbin/sshd Sep 11 01:12:20 fc24.dawgland.com systemd[1]: Starting OpenSSH server daemon. Sep 11 01:12:21 fc24.dawgland.com systemd[1]: sshd.service: PID file /var/run Sep 11 01:12:21 fc24.dawgland.com sshd[810]: Server listening on 0.0.0.0 port Sep 11 01:12:21 fc24.dawgland.com systemd[1]: Started OpenSSH server daemon. lines 1-15/15 (END)
Stopping a Service
This is what is looks like after stopping the SSH server:
[root@fc24 ~]# systemctl stop sshd.service [root@fc24 ~]# systemctl status sshd.service ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pres Active: inactive (dead) since Sun 2016-09-11 02:38:55 PDT; 10s ago Docs: man:sshd(8) man:sshd_config(5) Process: 791 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCE Main PID: 810 (code=exited, status=0/SUCCESS) Sep 11 01:12:20 fc24.dawgland.com systemd[1]: Starting OpenSSH server daemon. Sep 11 01:12:21 fc24.dawgland.com systemd[1]: sshd.service: PID file /var/run Sep 11 01:12:21 fc24.dawgland.com sshd[810]: Server listening on 0.0.0.0 port Sep 11 01:12:21 fc24.dawgland.com systemd[1]: Started OpenSSH server daemon. Sep 11 02:38:55 fc24.dawgland.com systemd[1]: Stopping OpenSSH server daemon. Sep 11 02:38:55 fc24.dawgland.com systemd[1]: Stopped OpenSSH server daemon. lines 1-14/14 (END)
Starting a Service Back Up
And this is the command to start it back up, and because there is no output after starting it, I've also included the output of the status once again after starting the Secure Shell Server back up:
[root@fc24 ~]# systemctl start sshd.service [root@fc24 ~]# systemctl status sshd.service ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pres Active: active (running) since Sun 2016-09-11 02:42:38 PDT; 9s ago Docs: man:sshd(8) man:sshd_config(5) Process: 2801 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCC Main PID: 2803 (sshd) Tasks: 1 (limit: 512) CGroup: /system.slice/sshd.service └─2803 /usr/sbin/sshd Sep 11 02:42:38 fc24.dawgland.com systemd[1]: Starting OpenSSH server daemon. Sep 11 02:42:38 fc24.dawgland.com systemd[1]: sshd.service: PID file /var/run Sep 11 02:42:38 fc24.dawgland.com sshd[2803]: Server listening on 0.0.0.0 por Sep 11 02:42:38 fc24.dawgland.com systemd[1]: Started OpenSSH server daemon. lines 1-15/15 (END)
Disabling a Service
To Disable a service, usually replacing status, start, or stop with "disable" works to disable
most services, but sometimes, it doesn't always work, and you also need to "mask" the service as well.
Using Mask to Forcefully Disable a Service
This proved to be the case with the RPCBIND.service. After stopping and disabling the service, a reboot caused the service to be re-enabled and started back up. To have the service disabled and that state saved after a reboot, the "mask" argument is given to the systemctl command. For instance, in the case of RPCBIND.service, this is how to disable it:
(In the below example, ONLY the 3 commands starting with systemctl are typed by the root superuser)
[root@vm1 ~]# systemctl stop rpcbind.service Warning: Stopping rpcbind.service, but it can still be activated by: rpcbind.socket [root@vm1 ~]# systemctl disable rpcbind.service [root@vm1 ~]# systemctl mask rpcbind.service ln -s '/dev/null' '/etc/systemd/system/rpcbind.service
Changing the Default Run Level the Systemd Way
To change the default run-level from booting up into the Graphical User Interface(GUI) into straight text multi-user, which is preferable on a server, the old method involved editing the /etc/inittab file changing the default runlevel from 5 to 3, as shown here:
id:3:initdefault:
On modern RPM based systems, this has been replaced by using the systemctl command to create/change the symlink /etc/systemd/system/default.target to point to /lib/systemd/multi-user.target, and visa-versa to switch back to the GUI bootup mode. This can be done manually using the shell "ln -sf" symlink creation command, or more easily, and more importantly, more standardized with the systemctl command, as shown here. The following 3 commands show how to first check the default runlevel target, then change it from graphical to text-based multi-user, and then the 3rd command show's confirmation the command was successful.
[root@fc21 ~]# systemctl get-default graphical.target [root@fc21 ~]# systemctl set-default multi-user.target Removed symlink /etc/systemd/system/default.target. Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/multi-user.target. [root@fc21 ~]# systemctl get-default multi-user.target
dnf
Another BIG change to a "more modern" way of managing all of the software packages on your Linux machine,
is the dnf command that is a direct drop-in replacement for yum, the old, tried and true RPM package manager that for going on 20 years has been the main interface to manage Linux software installations, taking into account all of the required dependencies, as well as uninstalling, more commonly referred to "removing" software packages.
Here is an example of how to use dnf to first search for, and then install over the internet, Blender, a very powerful tool to create your own custom animation, simulations and movies:
[root@fc24 ~]# dnf search blender Last metadata expiration check: 2:29:11 ago on Sun Sep 11 00:31:02 2016. =========================== N/S Matched: blender ============================ blender.x86_64 : 3D modeling, animation, rendering and post-production
After searching for and finding the package I want to install, I then use dnf, NOT YUM!, to perform the dependency checking, downloading of the package along with the required dependencies, install all of the packages, and then perform what is called the "Cleanup" portion of the process.
This is how to use dnf to download, install, and then clean up any left over junk:
[root@fc24 ~]# dnf install blender Last metadata expiration check: 2:30:45 ago on Sun Sep 11 00:31:02 2016. Dependencies resolved. ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: Field3D x86_64 1.7.2-1.fc24 updates 519 k OpenColorIO x86_64 1.0.9-11.fc24 fedora 439 k OpenImageIO x86_64 1.6.16-1.fc24 updates 1.7 M blender x86_64 1:2.77a-1.fc24 updates 29 M boost-locale x86_64 1.60.0-7.fc24 updates 279 k boost-program-options x86_64 1.60.0-7.fc24 updates 166 k boost-regex x86_64 1.60.0-7.fc24 updates 300 k fftw-libs-double x86_64 3.3.4-7.fc24 fedora 805 k fonts-blender noarch 1:2.77a-1.fc24 updates 4.7 M google-droid-sans-fonts noarch 20120715-10.fc24 fedora 2.5 M hdf5 x86_64 1.8.16-3.fc24 fedora 1.7 M jack-audio-connection-kit x86_64 1.9.10-5.fc24 fedora 555 k jemalloc x86_64 4.2.1-1.fc24 updates 182 k libffado x86_64 2.2.1-8.fc24 fedora 690 k libspnav x86_64 0.2.3-3.fc24 fedora 17 k libxml++ x86_64 2.40.1-2.fc24 fedora 89 k pugixml x86_64 1.7-2.fc24 fedora 92 k python3-numpy x86_64 1:1.11.0-4.fc24 fedora 3.0 M tinyxml x86_64 2.6.2-11.fc24 fedora 54 k yaml-cpp03 x86_64 0.3.0-9.fc24 fedora 151 k Transaction Summary ============================================================================= Install 20 Packages Total download size: 47 M Installed size: 178 M Is this ok [y/N]: y
Red Hat Enterprise Linux 5,6 & 7 - Common Administrative Command Cheat Sheets
Here are some very nice printable cheat sheets of the most common Red Hat Enterprise Linux administrative commands:
RedHatEnterpriseLinux_5_6_7_Cheatsheets.pdf
MariaDB
MySQL, the long time "free" SQL server and client that used to be included in all standard Linux server installations server, has been acquired by Oracle, and they've "commercialized" it, so that it is no longer "officially" free for any commercial or business usage, and only "free" for personal not-for-profit use. This caused a bunch of long time developers to create what has become the "de-facto" MySQL replacement, and uses the exact same MySQL commands and syntax that we have become accustomed to throughout the years.
This is how I installed MariaDB on my new Fedora Linux 24, the latest and greatest! In one command, I've installed both the server and client, along with all of their dependencies! Here's how I did it:
[root@fc24 ~]# dnf install mariadb-server mariadb Last metadata expiration check: 3:08:41 ago on Sun Sep 11 00:31:02 2016. Dependencies resolved. ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: mariadb x86_64 3:10.1.16-1.fc24 updates 6.3 M mariadb-common x86_64 3:10.1.16-1.fc24 updates 66 k mariadb-config x86_64 3:10.1.16-1.fc24 updates 29 k mariadb-errmsg x86_64 3:10.1.16-1.fc24 updates 203 k mariadb-libs x86_64 3:10.1.16-1.fc24 updates 654 k mariadb-server x86_64 3:10.1.16-1.fc24 updates 19 M perl-DBD-MySQL x86_64 4.036-1.fc24 updates 146 k perl-DBI x86_64 1.634-3.fc24 fedora 729 k perl-Math-BigInt noarch 1.9997.15-2.fc24 fedora 178 k perl-Math-Complex noarch 1.59-362.fc24 updates 95 k perl-Storable x86_64 1:2.53-348.fc24 updates 84 k Transaction Summary ============================================================================= Install 11 Packages Total download size: 28 M Installed size: 140 M Is this ok [y/N]:y
Here is the rest of the output from the "dnf" after hitting the "Y" key to proceed to download the installation RPM packages, install them, and then clean things up to finish the installation:
Downloading Packages: (1/11): mariadb-common-10.1.16-1.fc24.x86_64 158 kB/s | 66 kB 00:00 (2/11): perl-DBI-1.634-3.fc24.x86_64.rpm 1.3 MB/s | 729 kB 00:00 (3/11): perl-Math-BigInt-1.9997.15-2.fc24.no 1.9 MB/s | 178 kB 00:00 (4/11): mariadb-errmsg-10.1.16-1.fc24.x86_64 361 kB/s | 203 kB 00:00 (5/11): mariadb-config-10.1.16-1.fc24.x86_64 295 kB/s | 29 kB 00:00 (6/11): perl-DBD-MySQL-4.036-1.fc24.x86_64.r 532 kB/s | 146 kB 00:00 (7/11): mariadb-libs-10.1.16-1.fc24.x86_64.r 930 kB/s | 654 kB 00:00 (8/11): perl-Math-Complex-1.59-362.fc24.noar 1.0 MB/s | 95 kB 00:00 (9/11): perl-Storable-2.53-348.fc24.x86_64.r 1.0 MB/s | 84 kB 00:00 (10/11): mariadb-10.1.16-1.fc24.x86_64.rpm 2.2 MB/s | 6.3 MB 00:02 (11/11): mariadb-server-10.1.16-1.fc24.x86_6 3.8 MB/s | 19 MB 00:05 ----------------------------------------------------------------------------- Total 4.3 MB/s | 28 MB 00:06 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Installing : mariadb-config-3:10.1.16-1.fc24.x86_64 1/11 Installing : mariadb-common-3:10.1.16-1.fc24.x86_64 2/11 Installing : mariadb-errmsg-3:10.1.16-1.fc24.x86_64 3/11 Installing : mariadb-3:10.1.16-1.fc24.x86_64 4/11 Installing : mariadb-libs-3:10.1.16-1.fc24.x86_64 5/11 Installing : perl-Storable-1:2.53-348.fc24.x86_64 6/11 Installing : perl-Math-Complex-1.59-362.fc24.noarch 7/11 Installing : perl-Math-BigInt-1.9997.15-2.fc24.noarch 8/11 Installing : perl-DBI-1.634-3.fc24.x86_64 9/11 Installing : perl-DBD-MySQL-4.036-1.fc24.x86_64 10/11 Installing : mariadb-server-3:10.1.16-1.fc24.x86_64 11/11 Verifying : mariadb-server-3:10.1.16-1.fc24.x86_64 1/11 Verifying : perl-DBI-1.634-3.fc24.x86_64 2/11 Verifying : mariadb-common-3:10.1.16-1.fc24.x86_64 3/11 Verifying : mariadb-errmsg-3:10.1.16-1.fc24.x86_64 4/11 Verifying : perl-Math-BigInt-1.9997.15-2.fc24.noarch 5/11 Verifying : mariadb-3:10.1.16-1.fc24.x86_64 6/11 Verifying : mariadb-config-3:10.1.16-1.fc24.x86_64 7/11 Verifying : perl-DBD-MySQL-4.036-1.fc24.x86_64 8/11 Verifying : mariadb-libs-3:10.1.16-1.fc24.x86_64 9/11 Verifying : perl-Math-Complex-1.59-362.fc24.noarch 10/11 Verifying : perl-Storable-1:2.53-348.fc24.x86_64 11/11 Installed: mariadb.x86_64 3:10.1.16-1.fc24 mariadb-common.x86_64 3:10.1.16-1.fc24 mariadb-config.x86_64 3:10.1.16-1.fc24 mariadb-errmsg.x86_64 3:10.1.16-1.fc24 mariadb-libs.x86_64 3:10.1.16-1.fc24 mariadb-server.x86_64 3:10.1.16-1.fc24 perl-DBD-MySQL.x86_64 4.036-1.fc24 perl-DBI.x86_64 1.634-3.fc24 perl-Math-BigInt.noarch 1.9997.15-2.fc24 perl-Math-Complex.noarch 1.59-362.fc24 perl-Storable.x86_64 1:2.53-348.fc24 Complete! [root@fc24 ~]#
Secure MariaDB Database Server Before Enabling SQL Server for Production
Before you enable the MariaDB SQL server, you MUST secure the server, either manually or using the included mysql_secure_installation shell script. Personally, I prefer to do it manually so that I can fine tune and tweak my installation. But the ultimate choice is your's.
Samba/CIFS Information --> Sharing Linux & Windows Stuff - A Necessary Evil~!
Excellent information on Samba 4 and using it to replace Windows AD, can be found here:
Setting up Samba 4 as Windows Active Directory Domain Controller
Password Info & Creation
Usually, passwords are created from the command line using the "passwd" command.
When creating a new user account, by default no password is set, so it must be done so manually!
If you need to create a pasword hash that can be copy and pasted into some other file manually,
there are a number of ways to do it, however I personally prefer a tool that is included with most
Linux distributions, aka "Distros". This tool is part of the Apache web server, so most systems already have it installed.
The htpasswd command is very versatile. This is an example of how to create a password hash manually:
[root@server ~]# htpasswd -c /tmp/tmppass tim New password: Re-type new password: Adding password for user tim [root@server ~]# cat /tmp/tmppass tim:$apr1$2/FJ6Trp$YF8RcdKJvkHKsyrZBQn9N0
The hash is after the "tim:" part, and can be copy and pasted into any file you need it for.
7zip Archive Handling With Linux
Depending on your distro, you will want to get either the 7za package for RPM and APT based distros, and the p7zip packages for Slackware, my preferred server distro!
Fedora VNC Information:
[jamie@server system]$ ls -l vncserver@.service -rw-r--r--. 1 root root 1734 Jan 21 2014 vncserver@.service [jamie@server system]$ pwd /lib/systemd/system