slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Week Twelve Agenda PowerPoint Presentation
Download Presentation
Week Twelve Agenda

Loading in 2 Seconds...

play fullscreen
1 / 62

Week Twelve Agenda - PowerPoint PPT Presentation


  • 88 Views
  • Uploaded on

Week Twelve Agenda. Announcements The final exam will be True/False, Multiple Choice, and Essay. Make presentation resevation now! Presentation dates for Section number V1WW are December 3 and December 10. Link of the week Review week eleven lab assignment

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Week Twelve Agenda


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide2

Week Twelve Agenda

  • Announcements
  • The final exam will be True/False, Multiple Choice, and Essay.
  • Make presentation resevation now!
  • Presentation dates for Section number V1WW are December 3 and December 10.
  • Link of the week
  • Review week eleven lab assignment
  • Week eleven expected outcomes
  • Next lab assignment
  • Break-out problems
  • Upcoming deadlines
  • Lab assistance
link of the week
Link of the week
  • Domain name registration Web site

https://www.pairnic.com/services.html?gclid=COXiuLv6mI0CFSCTWAod81M57A

  • Determine if a domain is currently in use.

http://www.pair.com/

  • What is a domain name?
  • What is the function of the Domain Name System?
  • BIND (Berkley Internet Name Domain)
  • What is meant by top level domain?
link of the week1
Link of the week

Top Level Domain (TLD)

gov – Government

edu – Educational

org – Other organizations ( often nonprofit)

mil – Military

com – Commercial business

net – Network organizations

ca – Canada

th – Thailand

link of the week2
Link of the week

http://www.iana.org/cctld/cctld.htm

Iana - Internet Assigned Numbers Authority

Observe the Root Zone Database at the above Web site. It represents the list of top-level domains.

Each country has an ISO (International Organization for Standardization) country code designated as its domain name.

link of the week3
Link of the week

UNIX-like file system is hierarchical. It is interpreted from left to right. The top-level domain name appears at the left end.

/var/mail/dandrear

The URL (Uniform Resource Locator) is also hierarchical. Its top-level domain name appears at the end, but is read from right to left.

alpha.einstein.edu

beta.ca.mail2web.com

review week eleven lab assignment
Review week eleven lab assignment

Kernel Initialization

Kernel initialization generates output on the console. You can examine the output from the initialization by viewing /var/log/dmesg, which logs all kernel messages during this procedure.

User Initialization

The /etc/inittab format has not changed, but its level of involvement in the boot up procedure has been reduced with Red Hat Enterprise 6.0.

id:runlevels:action:process

The init process accesses the /etc/inittab file for one system configuration setting (Red Hat Release 6.0).

# initdefault run level is 3

id:3:initdefault:

review week eleven lab assignment1
Review week eleven lab assignment

Red Hat 6.0 Release:

Runlevels are a concept from UNIX System V used by the init daemon or other system initialization systems to define modes of system operation.

Eight runlevels are permitted, the first seven are numbered 0-6 and the eighth is named S or s (both are permitted).

System initialization is started by /etc/init/rcS.conf

The rcS.conf file contains no information about previous run levels.

The stop run level is set to “S”. In the event that the system stops, the default is single user. The /etc/rc.d/rc.sysinit script is executed.

# Individual runlevels are started by /etc/init/rc.conf

#

# Ctrl-Alt-Delete is handled by /etc/init/control-alt-delete.conf

#

# Terminal gettys are handled by /etc/init/tty.conf and /etc/init/serial.conf,

# with configuration in /etc/sysconfig/init.

review week eleven lab assignment2
Review week eleven lab assignment

User Initialization

/etc/profile file Basic setup for all users

$HOME/.profile User preferred environmental set up

$HOME/.bash_profile

Use the ls –a command to display the .profile or .bash_profile file under your $HOME directory.

review week eleven lab assignment3
Review week eleven lab assignment

Metadata

Metadata is data about data. It may describe a single piece of data or multiple content items and hierarchical levels.

Example: Legacy card catalogs in a library.

Metadata can be the name of a US corporation, or a registered trademark.

review week eleven lab assignment4
Review week eleven lab assignment

Metadata

Metadata is structured information that describes and allows us to find, manage, control and understand other information. Structured metadata represents the specifications of this information. In this case, a better definition of this design concept would be "data about the containers of data".

review week eleven lab assignment5
Review week eleven lab assignment

Types of Metadata

There are many different types of metadata.

Business Intelligence metadata

General IT metadata

IT metadata management products

File system metadata

Image metadata

review week eleven lab assignment6
Review week eleven lab assignment

Linux runlevels:

0 - halt (Do NOT set initdefault to this)

1 - Single user mode

2 - Multiuser, without NFS (The same as 3, if you do not have networking)

3 - Full multiuser mode

4 - unused

5 - X11

6 - reboot (Do NOT set initdefault to this)

The initialization process for a terminal uses getty to set it up for login by a user. These commands are not used within user shell scripts. Their scripting counterpart is stty.

The mingetty is the minimal getty for console(s).

review week eleven lab assignment7
Review week eleven lab assignment

/etc/inittab actions

respawn – The process will be restarted whenever it terminates.

wait – The process will be started once when the specific runlevel is entered.

once – The process will be executed once when the specific runlevel is entered.

boot – The process will be executed during system initialization.

initdefault – This entry specifies the runlevel which should be entered after system boot.

sysinit – The process will be executed during system boot. It will be executed before any boot or bootwait entries.

review week eleven lab assignment8
Review week eleven lab assignment

Actions

powerwait – The process will be executed when the power goes down.

powerokwait – This process will be executed as soon as init process is informed that the power has been restored.

powerfailnow – This process will be executed when the init process is informed that the battery of the external UPS power is failing.

ctraltdel – The process is executed when the init process receives the SIGINT signal. This means that someone on the system console has pressed the Ctrl-Alt-Del key combination.

review week eleven lab assignment9
Review week eleven lab assignment

UNIX-like commands:

ps –s (view zombie processes)

ps –e –o pid,ppid,stat (display all processes / listed fields)

ps –aux (view status of all processes)

ps –x (view only active processes)

ls –a (view “.” processes)

ps -aux | grep crond (view crond executing)

nice (UNIX) (modified scheduling priority)

(-20 to 19 range)

If a user wanted to compress a large file, but not slow down other processes, they might run the following:

nice -n 19 tar cvzf archive.tgz largefile

review week eleven lab assignment10
Review week eleven lab assignment

UNIX-like commands:

umask (displays umask numeric values)

umask –S (displays umask symbolic values)

fg (Continues a stopped job by running it in the foreground, some shells are not able to run this command ).

bg (Continues a stopped job in the background)

cat /etc/shells (Display available shells on system).

echo $SHELL (Display current shell being utilized).

chsh –s /bin/ksh (Change to a different shell) .

printenv (command to display environment variables).

df (report file system disk space)

review week eleven lab assignment11
Review week eleven lab assignment

Unix/Linux Processes Linux defines a unit of work as a task or process.

UNIXdefines a unit of work as a process.

Each process is identified by a unique PID (Process ID).

Each user is identified by a unique UID (User ID).

Each group of users is uniquely identified by a GID (Group ID).

Each process is started from a previous process using the fork and exec command.

The init process is created by the kernel using a non-traditional procedure called hand-crafted or spontaneous.

review week eleven lab assignment12
Review week eleven lab assignment

Non-Inherited Parent Process Attributes

File locks (semaphores)

Child resource utilization is set to zero

Pending signals (kill –l signals)

Daemon processes offer services like web pages serving, email transferring, time synchronization, and similar. They usually consume little CPU and memory, and run quietly without user interaction. They mainly communicate with other computer programs, or with other computers via network.

review week eleven lab assignment13
Review week eleven lab assignment

Crontab Utilization:

cron is the periodic event scheduler of your system. cron enables users to schedule jobs (commands or shell scripts) to run periodically at certain times or dates. It is commonly used to automate system maintenance or administration, though its general-purpose nature means that it can be used for other purposes, such as connecting to the Internet and downloading email. The following examples give you an idea of its usefulness and necessity.

  • regular daily backups
  • periodic mail checking
  • polling a device(s) for input
  • sending regular reports
  • sending user email every time a cron function is performed
review week eleven lab assignment14
Review week eleven lab assignment

Crontab Utilization:

cron file locations

/etc/crontab

/etc/cron.deny

/etc/cron.allow

Typical directory configuration

/etc/cron.d/hourly

/etc/cron.d/daily

/etc/cron.d/weekly

/etc/cron.d/monthly

review week eleven lab assignment15
Review week eleven lab assignment

How frequent does crond execute on Unix-like systems?

Disable email

To prevent email messages from being sent to your mail account, create a record that contains the following syntax:

* * * * * echo dandrear@franklin.edu > trash_bin

To cancel the email redirection, enter the following:

rm trash_bin

If the output is not needed, the following syntax can be included:

* * * * * echo “Hello Administrator” > /dev/null 2>&1The /dev/null device is a special file that disregards all data written to it.

review week eleven lab assignment16
Review week eleven lab assignment

crontab format:

* * * * * command to be executed

crontab values:

Field Value

minute 00-59

hour 00-23 (military time)

day 1-31

month 1-12

weekday 0-6 (0=Sunday)

Example records:

There are a total of 6 fields in the crontab file

30 5 11 12 * echo “Welcome to Franklin University”

30 * * * * echo “Unix Administration”

review week eleven lab assignment17
Review week eleven lab assignment

Demonstrate: Display crontab entries and /var/mail/dandrear file

and introduce the tail –f u_monitor.csv command.

Who can use the crontab commands (create, list, edit or remove)?

What does the “*” character represent in the first five fields of a crontab record? Match all values

A single integer will match that exact time value.

A comma separated list of integers can invoke multiple matches like 1,2,3.

Example: 5,10,45 * * * * echo “Unix Administration”

review week eleven lab assignment18
Review week eleven lab assignment

crontab restrictions

If your name appears in the cron.allow file. If that files doesn’t exist, you can use crontab.

If your name does not appear in the cron.deny file. If cron.deny exists and is empty, all users can use crontab. If neither file exists, only the root user can use crontab.

crontab command without options

Read standard input

Exit using “Control C” so that the existing crontab is unmodified.

Exit using “Control D” will cause the current users’ crontab to be replaced with no information.

review week eleven lab assignment19
Review week eleven lab assignment

crontab commands

crontab -e Edit crontab file

crontab –l Display your crontab file

crontab –r Remove your crontab file

crontab –v Display last time crontab was edited.

review week eleven lab assignment20
Review week eleven lab assignment

Samba

The /etc/samba/smb.conf file controls most aspects of how Samba works and is divided into two sections. Each section begins with a line that starts with an open bracket ([), includes some text, and ends with a closed bracket (]).

review week eleven lab assignment21
Review week eleven lab assignment
  • [globals] Defines global parameters
  • [printers] Defines printers
  • [home] Defines shares in the homes directory
  • Comments in the smb.conf can start with either a pound (#) or (;).
  • # A private directory, usable only by Bob.
  • ; [bobsdir]
  • ; comment = Bob’s Service
  • ; path = /usr/somewhere/in/space
  • ; writeable = yes
  • ; printable = no
  • ; public = no
review week eleven lab assignment22
Review week eleven lab assignment

Linux Security

SELinux developed by the U.S. National Security Agency (NSA), implements Mandatory Access Control (MAC) in the Linux kernel. MAC enforces security policies that limit what a user or program can do. It defines a security policy that controls some or all objects, such as files, devices, sockets, and ports, and some subjects like processes. Utilizing SELinux, you can grant a process only those permissions it needs to be functional.

review week eleven lab assignment23
Review week eleven lab assignment

Linux Security

TCP Wrapper is part of the client/server model, and can be used with any daemon that is linked against libwrap.a, and relies on the /etc/hosts.allow and /etc/hosts.deny files as the basis of a simple access control language. This access control language defines rules that selectively allow clients to access server daemons on a local system based on the client’s address and the daemon the client tries to access.

review week eleven lab assignment24
Review week eleven lab assignment

Linux Security

chroot jail

On early UNIX systems, the root directory was a fixed point in the file system. Chroot jail allows users on UNIX-like system to define the root directory on a process bases. The chroot jail utility allows you to run a process with a root directory other than /.

By creating an artificial root directory, frequently called (chroot) jail, you can make it harder for the other system files to be accessed.

review week eleven lab assignment25
Review week eleven lab assignment

What is the functionality of Network File System (NFS)?

It is a remote file system designed by Sun Microsystems, available on computers from most UNIX system vendors.

It allows the server to share selected local directory hierarchies with client systems on a heterogeneous network. Files on the remote computer (fileserver) appear as if they are present on the local system. The physical location of a file is irrelevant to an NFS user.

review week eleven lab assignment26
Review week eleven lab assignment

Network Services

A variety of services available across a network

NFS: Developed by Sun Micro Systems

Runs on UNIX, DOS, Windows, VMS, and Linux

Files on the remote computer appear as if they are present on the local system.

Server configuration - /etc/exports file is the main NFS configuration file and it consists of two columns:

Column #1 - lists the directories the network or DNS domains the can get access to the directories.

Column #2 – lists NFS options in brackets.

#/etc/exports/data

/files *(ro,sync)

/home 192.168.1.0/24 (rw,sync)

/data/test *.my-site.com (rw,sync)

/data/database 192.168.1.203/32 (rw,sync)

review week eleven lab assignment27
Review week eleven lab assignment

Network Services

A variety of services available across a network

NFS:

Use the chkconfig command to configure the required NFS daemons to start at boot.

Use exportfs –a command when no directories have been exported to NFS.

Use exports –r command when adding a shared directory to export only the new entries.

Use the showmount –a command to list all currently exported directories.

In the /etc/fstab file, add a similar entry:

#/etc/fstab

192.168.1.100:/data/files /mnt/nfs nfs soft,nfssvers=2 o 2

review week eleven lab assignment28
Review week eleven lab assignment

Network Services

A variety of services available across a network

Remote login:

rlogin (remote login) is a UNIX command that allows an authorized user to login to other UNIX machines (hosts) on a network and to interact as if the user were physically at the host computer. Once logged in to the host, the user can do anything that the host has given permission for, such as read, edit, or delete files.

SSH is a protocol that allows computers to communicate with each other over encrypted connections. An SSH client is used to log in to a remote machine (running an SSH server) and allows the execution of commands on that machine.

review week eleven lab assignment29
Review week eleven lab assignment

Orphan Process:

dandrear 7160 7158 0 17:12 pts/4 00:00:00 -ksh

dandrear 7189 7160 0 17:13 pts/4 00:00:00 /bin/ksh ./pid_ppid.sh dandrear

dandrear 7190 7189 0 17:13 pts/4 00:00:00 ps -ef

dandrear 7191 7189 0 17:13 pts/4 00:00:00 grep dandrear

dandrear 7192 7189 0 17:13 pts/4 00:00:00 sort

dandrear 7001 7113 0 8:13 pts/3 23:00:00 cp

root 7158 938 0 17:12 ? 00:00:00 sshd: dandrear@pts/4

week ten eleven and twelve expected outcomes
Week ten, eleven, and twelve expected outcomes

Upon successful completion of this module, the student will be able to:

Manipulate user accounts.

Describe how cron is used to invoke repetitive processes.

Manipulate process structure including:

a. fork and exec,

b. Initialization process,

c. Background/foreground,

d. PS tool.

Explain basic UNIX security issues.

Describe disk and file system structure.

Use backup and restore archival operations on a system.

Establish network services.

Investigate the structure of the LDAP directory using LDAP commands.

next lab assignment
Next lab assignment

Disk and File System Structure

  • Copy-on-Write

It is an optimization strategy for multiple users can give the same pointer for a resource. The primary advantage is that if a caller never makes any modifications, no private copy is needed.

This strategy is used in virtual memory operating systems pages in memory that might be modified by either the process or its copy are marked copy- on-write.

next lab assignment1
Next lab assignment

Network Services

A variety of services available across a network

Utilize a Web browser:

All network services rely on the ability to convert a host or domain name to an IP address.

DNS are complex. The number of host names and IP addresses in the Internet is very large.

DNS Local contains actual translations for the machines in its local network

DNS Global contains more information about translations.

A single translation could involve several DNS before resolving the IP address.

next lab assignment2
Next Lab Assignment
  • UNIX/Linux file system is contained under the root directory denoted by a slash “/”.
  • Users don’t have to worry about the physical locations of files.
  • The system administrator must be familiar with mounting and un-mounting storage space (/mnt).
  • NIS+ (Network Information Service) is a directory service. Replaced almost entirely by LDAP.
next lab assignment3
Next Lab Assignment

File System

  • It is an organization of data and metadata on a storage device.
  • It is the methods and data structure that an operating system uses to keep track of files on a disk or partition; that is the way the files are organized on the disk.
  • Think of a file system as a protocol. File systems give meaning to the data on a particular storage device.

What is a block device?

It is a device in which the data that moves to and from occurs in blocks (like a disk sector) and supports attributes such as buffering and random access behavior. Block devices include hard drives, CD-ROMs, and RAM disks.

What is a character device?

It is a device that does not have a physical addressable media. Character devices include serial ports and tape devices, where data is streamed character by character.

next lab assignment5
Next Lab Assignment

Super Block

Contains information about each mounted file system.

The actual data structure in Linux is called struct vfsmount.

Information held is mount flags, mount time, device name, pointer to super block and device block size.

The Linux 2.0 kernel keeps a static array of such structures to store up to 64 mounted file systems.

Data Block

Data blocks are used to store the data for a file. There is space only for a few data block numbers in the inode, however if more are needed, more space for pointers to the data blocks is allocated dynamically. These dynamically allocated blocks are indirect blocks. The name indicates that in order to find the data block, one has to find its number in the indirect block first.

next lab assignment8
Next lab assignment

UNIX base root file system tree structure

/bin (commands)

/dev (devices)

/etc (system configuration/executables)

/sbin (boot commands)

/usr/sbin (administrative commands)

/home (users home directories)

/lib (shared libraries)

/mnt (temporary mount directory)

/opt (optional software)

/proc (processes)

/stand (boot-related files)

/var (spooling)

next lab assignment9
Next lab assignment

lost+found directory

The fsck utility is generally able to repair most system damage and the frequency with which you will find anything at all in your lost+found directories has slowed significantly

If you have a system crash and the Linux file system checker (fsck) recovers corrupt files they are placed here.

next lab assignment10
Next lab assignment

Unix-like System Security

  • Security on UNIX-like systems has focused on the following areas:

Files and directories

umask

PATH variable

password authentication

UNIX to UNIX commands

One-way function

next lab assignment11
Next lab assignment

Disks versus File Systems

Introduction:

Application(s) interface with file systems and not disks

Why?

Because disks have shortcomings and are not responsible for data recovery.

File systems must provide consistent state after an unplanned system crash

next lab assignment12
Next lab assignment

File System

Data recovery

Data loss

Fsync system call

Track caching

Shortcoming of track caching – the file system expects the data to be stable store. A system crash with data in the cache will not deliver the user application integrity that was promised.

Ways to circumvent this shortcoming – use non- volital memory and provide microcode restart after power failures.

next lab assignment13
Next lab assignment

The problem with using non-volatile memory and microcode restart is the cost. This solution is disk controller solution is rarely an option.

Newer disks

Provide tag queuing – each request passed to the disk driver is assigned a unique number. Most disk controllers can accept at least 16 pending requests. In combination, the fsync and tag queuing are combined.

Tag queuing was first implemented in SCSI disks. Enabling both reliablity and speed. ATA disks lacked tag queuing. Later ATA adopted a tag queuing called Tag Command Queuing (TCQ).

next lab assignment14
Next lab assignment

Serial ATA has a new definition called Native Command Queuing (NCQ) that has a bit in the write command that tells the drive if it should report completion when media has been written or when cache has been hit. If the driver correctly sets this bit, then the disk will display the correct behavior.

Disk Sector Size

From 1950s to 2010 the disk sector size was 512. In 2010, the sector size was increased to 4,096.

Problems associated with this retrofit

Error rate per bit has risen, requiring the use of ever longer correction codes. The error code must have enough redundancy for each sector to handle a high correction rate even though most sectors will not require it.

next lab assignment15
Next lab assignment

Is the increase density worth it?

Sectors are 8 times larger eliminates 88% of the sector start and stop headers.

Reduces the number of nondata bits on the disk. In effect, using 4,096 byte sectors doubles the amount of user data that can be stored on a given disk.

Legacy File Systems

The 4,096-byte sectors have to emulate the old 512-byte sector disks. This mode causes the disk to be at least 50% slower.

next lab assignment16
Next lab assignment

How to avoid the slowdown!

Files smaller than or equal to 512-bytes are accumulated in a 4,096-byte block.

Conclusion

Your file system must know the type of disk technology to which they are running to ensure reliable data retrival and performance.

Use flash-memory technology!

next lab assignment17
Next Lab Assignment

Unix-like System Security

  • Security on UNIX-like systems has focused on the following areas:

Files and directories

umask

PATH variable

password authentication

UNIX to UNIX commands

One-way function

break out problems
Break-out problems

1. How often do the following two commands execute?

# 1.1. This is a comment.

* * * * * c:\tools\CheckForNewFiles.exe

# 1.2. This is a comment.

* * 3 * * c:\tests\backup.bat

2. Define: File System Super block

3. Define: Domain Name Server

4. Define: Domain name

4. Define: RFC

6. What application is BIND associated

7. What is the “lost+found” area considered on a Unix-like system?

8. Linux Virtual File System

9. One-Way Encryption or One-Way Function

10. Compare a block device to a character device

upcoming deadlines
Upcoming deadlines

Section number V1WW:

Lab Assignment 11-1, Knoppix File System Exercise is due November 25, 2012.

Lab Assignments 12-1 and 12-2, Programming Assignment 2 and Archive Exercise due December 2

Final exam outline will be available on November 25, 2012.

Module 6, contains study information for weeks 10, 11, and 12.

lab assistance
Lab assistance
  • Questions
  • Comments
  • Concerns
  • I will be available after this Franklin Live session to discuss any problems and/or concerns regarding lab assignments.