Introduction to System Administration IAP Ô95 - Jan 23-25, 1-3pm - NE43-518 Who are we and why are we here? ¥ Who are we? Ð William Ang - Angstrom Information Systems - ang@ang.com Ð Scott Blomquist - System Administrator - Lab for Computer Science, MIT - sb@theory.lcs.mit.edu ¥ Why are we here? Ð Educate & Inform people about System Administration Ð Dispel the myths about System Administration Ð Promote Administration as an integral part of deploying Unix machines What is a System Administrator? ¥ System Administrator is a person who is responsible for the smooth operation of a set of computer equipment. ¥ Sometimes also referred to as the System Manager, the Wizard, the God, the Tyrant, the Clueless Guy, the Geek, etc.... ¥ Accomplish the task by Ð designing/implementing policies Ð allocating resources Ð planning and scheduling Ð coercing/threatening users ¥ Not much different than running a business or running a country, Greenland?. Who got you in this mess? ¥ I volunteered! ¥ I happened to be the only one who has a clue (or computer literate) ¥ Nobody is doing it. ¥ Can't afford one. Who am I? ¥ I can geek! I can tell you.... what the 3 bit from the left of a tcp upd packet is. ¥ I can speak! I can get through a sentence without mentioning the words bits, net, or online. ¥ I can read! Especially, Unix Manpages.... ¥ I can sleuth! Call me the Sherlock Holmes of OS's. ¥ I can network! If my geekiness fails, I know someone geekier to ask! What do I think about day to day? ¥ What should I buy? What is the latest & greatest? I have to know!!!!! ¥ Will this widget work with that? Compatibility? ¥ What software can I install? Is is usable? Is it maintained? Is it free? ¥ What software can I write? How can I automate routine tasks? ¥ Is my data/System safe? Backups? How safe? From hardware failures? From the wiley hacker? What do I think about day to day? Cont. ¥ How can I get the most performance out of my hardware/software. Resource Allocation? ¥ What are my policies? Written or assumed? Do people know them? Do I know them? Are users being bad? Maybe they don't know it! ¥ What if something goes wrong? Do I have a plan. Can I recover? What will be the downtime? Golden Rules ¥ You always have more work than you can deal with. ¥ Leverage by Planning, Scheduling, and Organizing ¥ Let the computer do the work for you. ¥ Be the Manager, not the Slave. ¥ logs, logs, logs... ¥ detail, detail, detail... Next Up... ...What you need to know! ¥ Mac or PC or Unix or VMS or ... ¥ Other things to worry about once you are on the net. (ftp, news, mail, web, etc) Unix ¥ Mac and PC - almost impossible to keep the System files lock, might as way forget about managing them. ¥ Unix as an example for System Administration. ¥ Please let us know if you want to know about Mac's and PC's Unix Admin in a Nutshell ¥ Hostname, IP, Netmask, default router ¥ Services, Daemon - /etc/services, /etc/inetd.conf, rc files ¥ Cron jobs, trimming logs, cleanup tmp files ¥ User relationship, accounts, day-to-day problem resolution ¥ Managing disk space ¥ Disk, partition, printers, modems ¥ Name services (NIS or DNS or Both) ¥ Upgrades, software installations ¥ Hardware Maintenance Files and Directories important to Unix Admin - ÒThe root of all evil?Ó ¥ Important directories that you need to keep in top shape Ð and write-protect them when you are done with it... ¥ / root ¥ boot, vmunix, all the root dot-files (.cshrc, .profile, .rhosts, etc) ¥ /usr/lib ¥ /usr/spool ¥ /tmp Files and Directories important to Unix Admin Cont. - ÒThe root of all evil?Ó ¥ /etc Ð hosts Ð passwd Ð groups Ð inetd.conf Ð rc.* files Ð sendmail.cf (some versions of UNIX has it in /usr/lib) Ð printcap UNIX (Boot Sequence) - ÒBoot? Now the shoe is on the other foot!Ó ¥ read boot block ¥ loads /boot ¥ loads /vmunix ¥ start init 0 ¥ reads in rc, rc.boot, rc.single, stay single user ¥ fsck (check disks) ¥ multi-user -> rc.local ¥ login prompt daemons? ÒWhat are those things that are running in the background??!!?Ó ¥ init - runs scripts to startup machine (/etc/rc.* or /etc/rc.?/*) and manages ttys (System boot) ¥ swapper - swaps memory in and out of swap space (boot) ¥ scheduler/sched - schedules jobs for running (bood) ¥ update - executes a sync every 30secs in case of crash (boot) ¥ portmapper - maps TCP ports to RPC program numbers (boot) daemons? ÒWhat are those things that are running in the background??!!?Ó ¥ syslogd - manages System messages by forwarding them to files, users or machines (boot) ¥ rpc.lockd/rpc.statd - handle local and remote file lock requests (boot) ¥ NIS Ð ypserv - serves NIS information from an NIS server (boot) Ð ypbind - binds client to NIS server (boot) Ð rpc.ypupdated - updates NIS maps on servers (boot) Ð rpc.yppasswdd - handles incomming password change requests (boot) daemons? ÒWhat are those things that are running in the background??!!?Ó ¥ NFS Ð nfsd - handles incoming NFS request (boot) Ð biod - handles outgoing NFS requests (boot) Ð rpc.mountd - handles incomming mount requests (boot) ¥ inetd - listens for Internet connections and starts appropriate server (boot) ¥ in.routed - manages local network routing table (boot) ¥ in.named - handles requests for Domain Name Services (DNS) (boot) daemons? ÒWhat are those things that are running in the background??!!?Ó ¥ timed - handles synchronizing System clocks (boot) ¥ cron - runs programs at specified times and dates (boot) ¥ sendmail - handles sending electronic mail over the internet (boot) ¥ acct - handle the resource usage accounting system (boot) ¥ lpd - line printer spooling daemon daemons? ÒWhat are those things that are running in the background??!!?Ó ¥ in.rlogind - handles incomming login/rlogin requests (inetd) ¥ in.telnetd - handles incomming telnet requests (inetd) ¥ getty - manages ttys including calling login (inetd) ¥ in.ftpd - handles incomming ftp requests (inetd) daemons? ÒWhat are those things that are running in the background??!!?Ó ¥ in.fingerd - handles incomming finger requests (inetd) ¥ Misc. System Specific daemons Ð rwhod - network version of who and uptime (boot) Ð httpd - handle http requests (boot) Ð xdm - manages remote x-terminals using XDMCP INETD - ÒHow does the machine answer the finger?Ó (Need Example) ¥ portmapper (Superdaemon) ¥ instead of startup every daemon you ever need, listens for calls, startup deamons such as talkd, telnetd, etc when there is a request. CRON - ÒWho is that guy, Cron, working the late shift?Ó ¥ cron - runs programs at specified times and dates ¥ Binaries/Files Ð crontab - allows users to edit the entries in the cron table ¥ syntax: crontab -l - list my crontab file ¥ syntax: crontab -e - edit my crontab file using my $EDITOR ¥ syntax: crontab - replace current cron file with Ð /var/spool/cron/crontabs/ - cron file which tells cron what & when to run, submitted by ¥ format - mins hrs day-of-month month weekday CRON - ÒWho is that guy, Cron, working the late shift?Ó ¥ examples - Ð 15 * * * * /usr/local/etc/myscript.sh 2>&1 > /var/adm/logfile - runs every 15 mins passed the hour Ð 0 12 * * * /usr/local/etc/security.sh 2>&1 | mail root - runs daily at 12pm Ð 0 4 * * 0,1,2,3,4,5 /usr/local/etc/daily-backup.sh - runs Sunday-Friday at 4am Ð 0 17 1 1 * /usr/local/etc/once-only.sh - runs January 1 at 5pm ¥ Tips & Techniques Ð Know the time formating well and be sure you are correct about your entry Ð cron runs within Bourne shell, so syntax for is according to Bourne conventions Ð Be CAREFUL about spaces and tabs in crontab files SYSLOG - ÒBig brother is watching!Ó ¥ Manages System messages by forwarding them to files, users or machines ¥ Binaries/Files Ð syslogd - the daemon Ð /etc/syslog.conf ¥ Format Ð . ¥ - *, kern, mail, lpr, daemon, auth, etc. ¥ - emerg, alert, crit, err, warn, notice, info ¥ - device, file, user, remote machine Ð Examples... ¥ *.err;auth.notice dev/console - sends authorization and all errors to console ¥ *.err;daemon,auth.notice /usr/adm/messages - sends all errors, daemon & auth notices to file ¥ auth.notice root - sends authorization notices to root Shells and Scripting Languages - ÒSally bash-ed Perl C-shells by the seashore...Ó ¥ Interactive ¥ hostname> ¥ hostname>mail mymom@home ¥ hostname> logout ¥ Batch ¥ hostname> remove.all.my.junk ¥ #! /bin/sh ¥ rm -rf * ¥ Popular shells ¥ sh, csh, ksh, tcsh, bash.... ¥ Perl Goodies I can add to or come with my System.... ¥ Windowing System? Curses, X (public.x.org), NextStep.... ¥ Document Editting? vi, ed, Emacs (prep.ai.mit.edu) ¥ Document Formatting? Xroff, TeX/LaTeX (labrea.stanford.edu), PostScript, rtf... ¥ Document Displaying? xdvi(public.x.org), ghostscript/ghostview (prep.ai.mit.edu) Goodies I can add to or come with my System.... ¥ Mail Delivery? sendmail, IDA sendmail (ftp.uu.net), Pop (ftp.uu.net) ¥ Mail Reading? binmail, RMAIL, MH/xmh/exmh, mime (ftp.uu.net), elm ¥ Programming? cc/dbx, gcc/gdb (prep.ai.mit.edu), TCL/Tk (harbor.ecn.purdue.edu), Perl (prep.ai.mit.edu) Goodies I can add to or come with my System.... ¥ Security? COPS, crack, TIGER, Tripwire (cert.org) ¥ Utilities? Don't like the one's you got with your Unix then check out GNU! ¥ Web Browsers/utilities? Mosaic/NetScape/Lynx, xv, mpeg_play, audio_play, ghostview, httpd (ftp.ncsa.uiuc.edu) ¥ Misc Fun Stuff? archie/xarchie, webster/xwebster, ical, ftp, irc Workstation-based Tasks & Strategies User account administration - ÒYes! you do need users!Ó ¥ Know your users ¥ User name ¥ UID ¥ Groups to add ¥ Home directory ¥ local or System-wide ¥ Disk Hog? CPU Hog? Adding new users - ÒSo you want an account on MY machine? Well...Ó ¥ Login as superuser. ¥ run adduser (or other vendor-supplied add user program) if you have one. ¥ /etc/passwd and /etc/group. ¥ put in username, uid, gid, password, home, shell, etc in /etc/passwd. ¥ edit /etc/group if necessary. ¥ ypmake (if you are running yp) Adding new users - ÒSo you want an account on MY machine? Well...Ó ¥ Example entry Ð geek:sksa7dJ8djk:1234:2000:Ima Geek:/home/geek:/bin/bash ¥ Tips & Techniques Ð make sure the uid is unique and make sure it is not ZERO. Ð Change the password for user or ask them to change ASAP. Ð where should I put the home directory (disk allocation policy) Ð security, disk space issue, logical, etc. Ð periodical check for null password, world-writable home directory, + in .rhosts Adding New Group ¥ file sharing among local users ¥ /etc/group Ð mynewgroup:*:user1, user2, user3 ¥ groups username - find out which group(s) you belong to. ¥ run ypmake if you are running NIS (YP) Adding New Groups ¥ Tips and Techniques Ð you can belong to only limited number of groups. Ð Max of 8 (BSD 4.3), 16 (SunOS 4.1.3), check your OS manual for your systems. Ð group affiliation determined at shell creation time. May need to logout and log back in again. Disk Management - ÒThe spinning junkyard of users!Ó ¥ Physical Ð Drive mechanism (IDE, SMD, SCSI, IPI) Ð Physical location - internal, external, which interface to connect to, disk size, etc Ð Partition info - no of head, cylinder, byte per sector, size of partitions ¥ Logical partition - / on /dev/sd0a ¥ Other advance Disk management program Ð Disk suite, Backup copilot (Sun) Ð Storage Works (DEC) Disk Management - ÒThe spinning junkyard of users!Ó ¥ Disk mirroring, RAID disk array Ð performance vs Data integrity ¥ Tips and Techniques Ð Max of 8 SCSI devices (if you are not using LUN). CPU is always counted as 1 (usually at SCSI ID # 7) Ð SCSI # = Device #? NOT always the same!!! Ð Your OS may not recognize or know how to deal with high capacity disks (> 2G) Preparing Disk ¥ Format ¥ Every workstation is different, check your manual ¥ Connectors, Cables, Terminators Preparing Disk ¥ Partitioning Ð dividing the disk into one or more logical devices Ð UNIX convention Ð a - 1st partition, b - swap, c - complete disk Ð some OS store partition informaton on cylinder 0 block 0 (which is also the 1st partition) Ð Make sure you donÕt swap on the 1st partition!!! Preparing Disk ¥ Example - Ð 1G drive - 2000 block of 512 byte @ SCSI Drive #3 (drive 0) on a SUN workstation) Ð 2 G Drive - 4000 block of 512 Byte @ SCSI Drive #2 (drive 2) ¥ sd0a 0 to 199 (100M) ¥ sd0b 200 to 599 (200 M) ¥ sd0g 600 to 1999 (700M) ¥ sd2c 0 to 3999 (2000M) Preparing Disk ¥ newfs /dev/rsd2c (wrapper to mkfs) Ð put unix file structure on partition ¥ ... superblocks,..... ¥ make sure you copy down the superblocks, you may need it in the future!!! ¥ mount /dev/sd2c /home or mount /home if /home is defined in /etc/fstab ¥ umount /home ¥ tunefs, du - to be discuss later. Setting up Printers - ÒEnough of this Electronic Stuff, I need a hardcopy!Ó ¥ Binaries/Files/Devices Ð lpd - line printer daemon Ð lpc - line printer configuration utility Ð lpr/lpq/lprm - send to/check-on/remove from line printer queue Ð /etc/printcap - configuration file for printers Ð /etc/hosts.lpd - hosts allowed to print to locally spooled printers Ð /var/spool/ - spool directory for Ð /dev/ - serial device for printer Backup Strategies - ÒHelp! I just deleted my thesis! Can I get it back?Ó ¥ Types of Backup Ð Offline - Need Sys Admin to ÒrestoreÓ backed up files Ð Near Offline - May need Sys Admin but probably not, kinda like a floppy Ð Online - Backup is online ready to be retreived by user ¥ Issues Ð How much data do you have? Ð How often does it change? Ð How critical is the data? Ð What is the lifetime of the data? Ð Does it need to be archived? Forever? How often? Backup Strategies - ÒHelp! I just deleted my thesis! Can I get it back?Ó ¥ Hardware/Media.... Ð 1/2in. tape - What are you kidding? Ð 1/4in. tape - More reasonable - low capacity Ð 8mm tape - 2Gig and 5Gig compressed format Ð 4mm tape - 2-16Gig compressed format Ð Optical Disks/Removable Hard Disks - great for near offline storage ¥ Tips/Techniques/Things to think about Ð Already Compressed data does not compress again when going to tape!!!!! Ð Lifetime of media? Ð Availability of hardware in the future? Ð Standard format? Ð Storage of the media? Backup Strategies - ÒHelp! I just deleted my thesis! Can I get it back?Ó ¥ Utilities for backup... Ð tar -or- cpio - Ok, but Lots-o-script writing Ð dump/restore - Best for archive ¥ dump - backs up files or filesystems Ð options ¥ # - dump levels ¥ b - blocking factor (default 64) ¥ d - density (default 6250) ¥ f - device ¥ s - size ¥ u - update dump record ¥ restore Ð options ¥ i - interactive - allows unix like picking of file ¥ r - restore entire tape ¥ f - device Backup Strategies - ÒHelp! I just deleted my thesis! Can I get it back?Ó ¥ Backup Strategy - A Daily/Weekly/Monthly Strategy using dump that works... Ð Once a month scehedule a full backup (level 0) of fileSystem. Make the time convenient and logical for users to remember. Ð Once a week at a time when the System is least used, backup all the files that have been modified since the last full backup. (level 3) Ð Every day, not including th weekly backup day, at a time when the System is least used backup all the files which have been modified since the last weekly backup Backup Strategies - ÒHelp! I just deleted my thesis! Can I get it back?Ó Backup Strategies - ÒHelp! I just deleted my thesis! Can I get it back?Ó Backup Strategies - ÒHelp! I just deleted my thesis! Can I get it back?Ó ¥ Tips & Techniques Ð Make sure you have a tape in the drive! Ð Always try to backup / on the fileserver daily! Ð Clean tape drive frequently Ð 1 Tape drive for every 5 Gig of disk. Or if you buy more disk, also buy more tape drives to back it up (Wasting your time changing tapes is very expensive!) Setting up Printers - ÒEnough of this Electronic Stuff, I need a hardcopy!Ó ¥ The PRINTCAP file... Ð format : :=:=: ¥ Printer-based - configuring the software end Ð br - baud rate Ð fc - if device is a tty clear flag bits Ð fs - same as fs only set bits Ð lp - line printer device Ð lf - file where errors are logged Ð mx - maximum file size Ð rm - remote machine name Ð rp - remote printer name Ð rw - open printer device read/write instead of read-only Ð sd - spooling directory Setting up Printers - ÒEnough of this Electronic Stuff, I need a hardcopy!Ó Ð sf - suppress form feeds Ð sb - short banner Ð tc - use previous printer definition for values Ð xc - if device is tty then clear local mode Ð xs - same as xc only set bits ¥ Filter - what filter to use Ð if - plain text jobs Ð tf - troff formated jobs Ð df - TeX jobs Ð vf - raster jobs Ð of - output banner filter Ð gf - graph data filter Ð nf - ditroff data filter Ð rf - fortran style filter Ð vf - raster image filter Ð cf - cifplat data filter Setting up Printers - ÒEnough of this Electronic Stuff, I need a hardcopy!Ó Setting up Printers - ÒEnough of this Electronic Stuff, I need a hardcopy!Ó Setting up Printers - ÒEnough of this Electronic Stuff, I need a hardcopy!Ó ¥ Tips & Techniques Ð Plug printer in! Both power and serial port Ð Make sure printcap file has correct device (ttya,ttyb?) Ð Check and make sure init has not started a getty on your serial port Ð Manage printer queues using lpc System Monitoring - ÒWhy is this machine sooooo sloooow?Ó ¥ standard unix tools ¥ things to watch for - CPU, System, user, Disk IO, network traffic ¥ vmstat, iostat, netstat ¥ smtp-based tools ¥ run program at background ¥ gather information at a fixed interval ¥ save data set on disk or tape for future analysis System Monitoring - ÒWhy is this machine sooooo sloooow?Ó ¥ Daily monitoring Ð Disk space monitoring ¥ df ¥ du -s * ¥ run script at night to compare disk space for each user, notify if any one add more than 2M of files... Ð check for security holes, such as setuid files or null passwords Ð generate a report and keep it somewhere House Cleaning ¥ We donÕt have infinite amount of disk space!!! ¥ Places to watch out for Ð /tmp Ð /usr/spool Ð /usr/log Ð User home directories ¥ daily, weekly, and monthly Ð rotation of log files ¥ USER HOME DIRECTORIES Ð remove junk files from temporary directory ( for files that are older than certain date) House Cleaning Ð How to force your roommate to cleanup their room? Ð send threatening e-mail? Ð post TOP-TEN Users? Shame-on-you type of tactic Ð confront users face-to-face? Ð Best is to have a clear policy on disk usage. Ð provide users tools to help themselves. ¥ program to look for junk files ¥ DonÕt make it too easy to remove file without confirmation. Ð Make sure users understand it too. What is the consequence? lost files? Ð strictly enforce it. Performance Tuning - ÒHot-Rodding your system!Ó ¥ Need System monitoring data first ¥ pstat for swap tables statistics ¥ How is my system doing? where is the bottleneck Performance Tuning - ÒHot-Rodding your system!Ó ¥ things to tune Ð run only daemons (or services) that you need Ð Memory Ð Disk Caching Ð tunefs - disk space vs access time (squeeze out the last 10%) Ð Scheduling Ð re-arranging IO devices Ð Upgrade CPUs Ð removing userÕs accounts Ð /nologin as shell for CPU hogs Network-based Tasks & Strategies Network-friendly! ÒWhat me worry? IÕm connected!Ó ¥ PLUG IN ¥ Where is my network drop? ¥ What connector my workstation has? ¥ Do I have a cable, transceiver, etc? ¥ Most important question - ¥ AM I THE NETWORK MANAGER TOO? Network-friendly! ÒWhat me worry? IÕm connected!Ó ¥ Ethernet (10mb/s) Ð 10base5 (Thick), 10Base2 (Thin), 10BaseT (Twisted Pair) Ð Repeater vs Bridge Ð Hub vs Router Ð What is my IP number ¥ 18.XX.XX.XX Ð What is my netmask (subnet) ¥ 0xFFFF0000 (Class B subnet) or 0xFFFFFF00 (Class C subnet) Ð Broadcast ¥ 18.XX.255.255 or 18.XX.0.0 ¥ Same Broadcast convention!!! Network-friendly! ÒWhat me worry? IÕm connected!Ó ¥ /etc/hosts Ð # IP Hostname Ð 18.26.0.36 Mintaka Ð 18.26.0.1 Radole ¥ Set IP number in rc file Ð ifconfig le0 18.26.0.36 netmask 0xffff0000 broadcast 18.26.255.255 Ð 127.0.0.1 Loopback ¥ Set Default Route Ð route -n add default 18.24.0.1 1 Ð /etc/defaultrouter Debugging Network Problems ¥ me(System Admin) or him(Network Admin)? ¥ ping [-s] mit.edu (connectivity) Ð mit.edu is alive Ð 64 bytes from MIT.MIT.EDU (18.72.2.1): icmp_seq=0. time=4. ms ¥ Check IP Routing Ð netstat -nr ¥ # network, to, status, usage, interface ¥ default 18.52.0.1 UG 1234 le0 ¥ 18.52.0.0 18.52.0.70 U 46 le0 Debugging Network Problems ¥ traceroute (router problem?) Ð traceroute to mit.edu (18.72.2.1), 30 hops max, 40 byte packets Ð 1 18.52.0.3 (18.52.0.3) 2 ms 2 ms 2 ms Ð 2 E40-RTR-FDDI.MIT.EDU (18.168.0.2) 2 ms 2 ms 2 ms Ð 3 MIT.MIT.EDU (18.72.2.1) 3 ms 3 ms 3 ms ¥ Intelligent Hubs ¥ Network Monitoring software Ð traffic Ð etherfind Ð NetMatrix NIS(YP) or DNS - ÒI'll tell you my name if you tell me yours!Ó ¥ Looking up Host/IP information ¥ NIS (Yellow Pages) - SUN Ð broadcast-based Ð comprehensive (not just host information, but also users, password, etc) ¥ Setup a NIS server Ð set domainname Ð ypinit -s on server Ð /var/yp ¥ setup a MIS Client Ð set domainname Ð run ypbind at boot time Ð edit files that you want to lookup via NIS ¥ Ò+Ó NIS(YP) or DNS - ÒI'll tell you my name if you tell me yours!Ó ¥ DNS - Internet Ð distributed Ð universal Ð need to have direct access to internet or DNS services Ð cache only ¥ /etc/resolv.conf may be enough Ð domain lcs.mit.edu Ð nameserver 18.52.0.92 Ð nameserver 18.26.0.36 ¥ /etc/named.boot (named) ¥ primary or secondary NFS - ÒNFS : Not for Sharing!Ó ¥ Binaries/Files Ð nfsd, biod, rpc.mountd - daemons, started at boot time Ð exportfs & /etc/exports - exporting file systems Ð mount, umount, /etc/fstab & /etc/mtab - mounting and umounting file systems, systems mounted at startup, and currently mounted systems Ð showmount - showmounted or exported filesystems Ð nfsstat - check out stats for nfs NFS - ÒNFS : Not for Sharing!Ó ¥ /etc/exports Ð THE file NOT to mess up Ð format - directory -option[,option]... ¥ options Ð ro,rw = - read only, read-write for Ð -access= - access restricted to Ð -root= - root access to NFS - ÒNFS : Not for Sharing!Ó ¥ exportfs - actually exports files Ð options - ¥ -a - export all filesystems in /etc/exports file ¥ -u - unexport filesystem - use -ua to unexport all filesystems ¥ -v - verbose ¥ no options - print exported filesystems Ð Run Òexport -aÓ after modifing the /etc/exports file NFS - ÒNFS : Not for Sharing!Ó ¥ Example of /etc/exports NFS - ÒNFS : Not for Sharing!Ó ¥ mount/umount - mount and unmount filesystems Ð syntax : mount Ð options - ¥ no options : print mounted filesystems ¥ -a : mount all in /etc/fstab ¥ -t : type of filesystem to mount (nfs, 4.2...) ¥ -r : read-only ¥ -o : more options (rw|ro,suid,intr,rsize=,wsize=,bg,actimeo=) NFS - ÒNFS : Not for Sharing!Ó ¥ Tips & Techniques Ð Make sure your exports file is correct!!!!! Ð NFS may be slow through gateways change rsize=1024 and wsize=1024 (default=8k) Ð DonÕt put things in your fstab that you donÕt ABSOLUTELY NEED, use automount instead... Automount - ÒYou mean mount-ing isn't automatic?Ó ¥ Binaries/File Ð automount - the daemon ¥ options - Ð -f : primary map is (usually /etc/auto.master) Ð -v : verbose Ð /etc/auto.master - primary map file - INDIRECT MAP ¥ format - Ð [ -mount-options ] ¥ is either a path or /- ¥ is another file or -hosts (-hosts allows people to automount filesystems not in the auto.* files) ¥ -mount-options are ÒmountÓ command options Automount - ÒYou mean mount-ing isn't automatic?Ó Ð /etc/auto.* - seconday map files - DIRECT MAPS ¥ format - Ð key[ -mount-options ] location ¥ key is a path ¥ -mount-options are ÒmountÓ command options ¥ location is the fileserver:/path that you want to automount Automount - ÒYou mean mount-ing isn't automatic?Ó ¥ Example - /etc/auto.master Automount - ÒYou mean mount-ing isn't automatic?Ó ¥ Example - /etc/auto.ai MAIL - ÒThere ain't no disgruntled postal workers here! Hey! Put down that flame!Ó ¥ Mail to where? Ð local user -- /vsr/spool/mail, file protection Ð Lan-based users -- NFS mounting spool dir? Ð Internet, UUCP, etc ¥ smtp protocol ¥ sendmail, mmdf, and others ¥ MX records ¥ /etc/sendmail.cf MAIL - ÒThere ain't no disgruntled postal workers here! Hey! Put down that flame!Ó MAIL - ÒThere ain't no disgruntled postal workers here! Hey! Put down that flame!Ó Ð # Forward Everything Ð # Ð S0 Ð R@ $#tcp $@$F$:$n handle <> form Ð R$* $#tcp $@$F$:$1 everything Ð Mtcp, P=[IPC], F=msDFMueXL, S=11, R=21, A=IPC $h, E=\r\n Ð Mlocal, P=/bin/mail, F=rlsDFMmnP, S=10, R=20, A=mail -d $u Ð Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u MAIL - ÒThere ain't no disgruntled postal workers here! Hey! Put down that flame!Ó ¥ Tips and Techniques Ð keep log in /usr/log/syslog file Ð mail -v Ð telnet machine 25 (talk directly to mailer) Ð DonÕt trust any e-mail messages, very easy to forge mail Ð privacy enhance mail Ð rewrite ÒFrom:Ó field to your mail hub Name FTP service - ÒOh where, Oh where, have all the files gone?Ó ¥ Pick the right ftp daemon Ð vendor/wu-ftp/... Ð look for features, logging, etc. ¥ configuration Ð /etc/shells -- if you are using non-standard shells Ð /etc/ftpusers (users NOT allowed inbound ftp) Ð add user ÒftpÓ to /etc/passwd for anonymous ftp Ð chroot to ftp directory Ð ~ftp/etc/passwd ~ftp/etc/group ~ftp/usr/lib, etc ¥ security issues ¥ policy, copyrighted materials, etc. NEWS - ÒNo news is good news!Ó ¥ Run Server or Client only ¥ For Client-only, NNTP, NNTPSERVER -- find someone who has a server ¥ transport protocols Ð nntp ¥ newsreaders Ð Rn, tin, gnus, gnews NEWS - ÒNo news is good news!Ó ¥ Thinking about running your own server? Ð local storage of articles Ð BIGGGGGG DISKS Ð expiration policies ¥ innd Ð /news/newsfeeds ¥ chaos.dac.northeastern.edu\ ¥ :!local,!clari.*,!mit.*,!athena.*\ ¥ :Tf,Wnm:chaos.dac.northeastern.edu NEWS - ÒNo news is good news!Ó Ð /news/nnrp.access ¥ *.lcs.mit.edu:Read Post10:37 AM10:37 AM:* ¥ ai.mit.edu:Read Post10:37 AM10:37 AM:* ¥ gnu.ai.mit.edu:Read Post10:37 AM10:37 AM:* ¥ nda.com:Read Post10:37 AM10:37 AM:*,!clari.* Ð ews/expire.ctrl ¥ alt.romance.chat*:A:1:1:1 ¥ CRONTAB Ð 3 23 * * * /usr/local/news/bin/asnews /usr/local/news/bin/news.daily expireover Ð 2,22,42 * * * * /usr/local/news/bin/asnews /news/lib/send-nntp myhostname Security -or- ÒStick your hands up!Ó ¥ Physical Security Ð Can your computer be stolen? Disk removed? Tapes taken? Ð Easily Accessable? ¥ Data Security Ð Passive Security - Least Intrusive/Least Security ¥ Crack ¥ COPS Ð Active Security - Most Intrusive/Most Secure ¥ Tripwire ¥ logging telnet ¥ Home Grown.... Security -or- ÒStick your hands up!Ó ¥ HOME GROWN Security... Ð checksumming ¥ after installing your latest OS generate an MD5 checksum of all your important files Ð rdist ¥ use rdist to sync files from 1 secure server Managing Multiple Workstations ¥ How to make managing 50 machines as easy as managing one machine? ¥ keep identical /usr ¥ keep identical configuration files ¥ disk partition/allocation techniques ¥ No local files, NFS mount all user files ¥ Scripts to Sync multiple machines (rdist) ¥ NIS (yp) ¥ /etc/hosts.equiv Where do we go from here? More Resources!!!! ¥ Magazines - ;login, sysadmin, Unix Review, Open System Today, Unix World, root, Information Week, etc... ¥ Books Ð Unix System Administration Handbook - Nemeth, Snyder & Seebass - Prentice Hall Ð Essential System Administration - Frisch - O'Reilly & Associates Ð Programming Perl - Wall & Schwartz - O'Reilly & Associates ¥ Users Group/Meetings/Conferences Ð BBLisa Ð Usenix Ð LISA Where do we go from here? More Resources!!!! ¥ mailing-lists ¥ News - Pick a group, comp.unix.admin, comp.sys.sun.admin, alt security... ¥ FTP/Web ¥ FAQs - Try ftp:January 25, 1995/rtfm.mit.edu/pub/usenet ¥ AN Pages ¥ RTFM -or- Your Manuals that came with the System - sometimes these have the most System specific information Where do we go from here? More Resources!!!! ¥ Where will our stuff be? Ð ftp:January 25, 1995/theory.lcs.mit.edu/pub/admin-iap-95 Ð ttp:January 25, 1995/theory.lcs.mit.edu/~sb/IAP-95.html ¥ hat will it be? Ð these slides in a outline format Ð scripts - All Done! Congratulations!