From DawglandWiki
Jump to: navigation, search


Guides, Info & Tips on New Modern Linux Server Administration

Modern Server Administration of Critical Systems

This information pertains to very modern recent relases of Redhat based distributions, including the latest releases of CentOS and Fedora, which has had most of these service upgrades and replacements for the last few years now!


init.d Retired!

The first such service upgrade actually replaced most, if not all of the service init.d startup & shutdown scripts with a very different way of managing the startup, status and shutdown of services, such as the Apache webserver, the CUPS print server, the secure shell, aka the SSH server, and all of the other services that used to be controlled by shell scripts located in the /etc/init.d/ directory. This directory still exists so that in the event that an old legacy service needs to still be managed by the init.d shell scripts, due to the service not yet having the required setup to be managed by the replacement of all of those scripts:

Query Service Status

For instance, here is an example of systemctl being used to query the Secure Shell Server(SSH):

[root@fc24 ~]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pres
   Active: active (running) since Sun 2016-09-11 01:12:21 PDT; 1h 20min ago
     Docs: man:sshd(8)
  Process: 791 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCE
 Main PID: 810 (sshd)
    Tasks: 1 (limit: 512)
   CGroup: /system.slice/sshd.service
           └─810 /usr/sbin/sshd

Sep 11 01:12:20 systemd[1]: Starting OpenSSH server daemon.
Sep 11 01:12:21 systemd[1]: sshd.service: PID file /var/run
Sep 11 01:12:21 sshd[810]: Server listening on port
Sep 11 01:12:21 systemd[1]: Started OpenSSH server daemon.
lines 1-15/15 (END)

Stopping a Service

This is what is looks like after stopping the SSH server:

[root@fc24 ~]# systemctl stop sshd.service
[root@fc24 ~]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pres
   Active: inactive (dead) since Sun 2016-09-11 02:38:55 PDT; 10s ago
     Docs: man:sshd(8)
  Process: 791 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCE
 Main PID: 810 (code=exited, status=0/SUCCESS)

Sep 11 01:12:20 systemd[1]: Starting OpenSSH server daemon.
Sep 11 01:12:21 systemd[1]: sshd.service: PID file /var/run
Sep 11 01:12:21 sshd[810]: Server listening on port
Sep 11 01:12:21 systemd[1]: Started OpenSSH server daemon.
Sep 11 02:38:55 systemd[1]: Stopping OpenSSH server daemon.
Sep 11 02:38:55 systemd[1]: Stopped OpenSSH server daemon.
lines 1-14/14 (END)

Starting a Service Back Up

And this is the command to start it back up, and because there is no output after starting it, I've also included the output of the status once again after starting the Secure Shell Server back up:

[root@fc24 ~]# systemctl start sshd.service
[root@fc24 ~]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pres
   Active: active (running) since Sun 2016-09-11 02:42:38 PDT; 9s ago
     Docs: man:sshd(8)
  Process: 2801 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCC
 Main PID: 2803 (sshd)
    Tasks: 1 (limit: 512)
   CGroup: /system.slice/sshd.service
           └─2803 /usr/sbin/sshd

Sep 11 02:42:38 systemd[1]: Starting OpenSSH server daemon.
Sep 11 02:42:38 systemd[1]: sshd.service: PID file /var/run
Sep 11 02:42:38 sshd[2803]: Server listening on por
Sep 11 02:42:38 systemd[1]: Started OpenSSH server daemon.
lines 1-15/15 (END)

Disabling a Service

To Disable a service, usually replacing status, start, or stop with "disable" works to disable most services, but sometimes, it doesn't always work, and you also need to "mask" the service as well.

Using Mask to Forcefully Disable a Service

This proved to be the case with the RPCBIND.service. After stopping and disabling the service, a reboot caused the service to be re-enabled and started back up. To have the service disabled and that state saved after a reboot, the "mask" argument is given to the systemctl command. For instance, in the case of RPCBIND.service, this is how to disable it:
(In the below example, ONLY the 3 commands starting with systemctl are typed by the root superuser)

[root@vm1 ~]# systemctl stop rpcbind.service
Warning: Stopping rpcbind.service, but it can still be activated by:
[root@vm1 ~]# systemctl disable rpcbind.service
[root@vm1 ~]# systemctl mask rpcbind.service
ln -s '/dev/null' '/etc/systemd/system/rpcbind.service

Changing the Default Run Level the Systemd Way

To change the default run-level from booting up into the Graphical User Interface(GUI) into straight text multi-user, which is preferable on a server, the old method involved editing the /etc/inittab file changing the default runlevel from 5 to 3, as shown here:


On modern RPM based systems, this has been replaced by using the systemctl command to create/change the symlink /etc/systemd/system/ to point to /lib/systemd/, and visa-versa to switch back to the GUI bootup mode. This can be done manually using the shell "ln -sf" symlink creation command, or more easily, and more importantly, more standardized with the systemctl command, as shown here. The following 3 commands show how to first check the default runlevel target, then change it from graphical to text-based multi-user, and then the 3rd command show's confirmation the command was successful.

[root@fc21 ~]# systemctl get-default
[root@fc21 ~]# systemctl set-default
Removed symlink /etc/systemd/system/
Created symlink from /etc/systemd/system/ to /usr/lib/systemd/system/
[root@fc21 ~]# systemctl get-default


Another BIG change to a "more modern" way of managing all of the software packages on your Linux machine, is the dnf command that is a direct drop-in replacement for yum, the old, tried and true RPM package manager that for going on 20 years has been the main interface to manage Linux software installations, taking into account all of the required dependencies, as well as uninstalling, more commonly referred to "removing" software packages.

Here is an example of how to use dnf to first search for, and then install over the internet, Blender, a very powerful tool to create your own custom animation, simulations and movies:

[root@fc24 ~]# dnf search blender
Last metadata expiration check: 2:29:11 ago on Sun Sep 11 00:31:02 2016.
=========================== N/S Matched: blender ============================
blender.x86_64 : 3D modeling, animation, rendering and post-production

After searching for and finding the package I want to install, I then use dnf, NOT YUM!, to perform the dependency checking, downloading of the package along with the required dependencies, install all of the packages, and then perform what is called the "Cleanup" portion of the process.

This is how to use dnf to download, install, and then clean up any left over junk:

[root@fc24 ~]# dnf install blender
Last metadata expiration check: 2:30:45 ago on Sun Sep 11 00:31:02 2016.
Dependencies resolved.
 Package                      Arch      Version             Repository  Size
 Field3D                      x86_64    1.7.2-1.fc24        updates    519 k
 OpenColorIO                  x86_64    1.0.9-11.fc24       fedora     439 k
 OpenImageIO                  x86_64    1.6.16-1.fc24       updates    1.7 M
 blender                      x86_64    1:2.77a-1.fc24      updates     29 M
 boost-locale                 x86_64    1.60.0-7.fc24       updates    279 k
 boost-program-options        x86_64    1.60.0-7.fc24       updates    166 k
 boost-regex                  x86_64    1.60.0-7.fc24       updates    300 k
 fftw-libs-double             x86_64    3.3.4-7.fc24        fedora     805 k
 fonts-blender                noarch    1:2.77a-1.fc24      updates    4.7 M
 google-droid-sans-fonts      noarch    20120715-10.fc24    fedora     2.5 M
 hdf5                         x86_64    1.8.16-3.fc24       fedora     1.7 M
 jack-audio-connection-kit    x86_64    1.9.10-5.fc24       fedora     555 k
 jemalloc                     x86_64    4.2.1-1.fc24        updates    182 k
 libffado                     x86_64    2.2.1-8.fc24        fedora     690 k
 libspnav                     x86_64    0.2.3-3.fc24        fedora      17 k
 libxml++                     x86_64    2.40.1-2.fc24       fedora      89 k
 pugixml                      x86_64    1.7-2.fc24          fedora      92 k
 python3-numpy                x86_64    1:1.11.0-4.fc24     fedora     3.0 M
 tinyxml                      x86_64    2.6.2-11.fc24       fedora      54 k
 yaml-cpp03                   x86_64    0.3.0-9.fc24        fedora     151 k

Transaction Summary
Install  20 Packages

Total download size: 47 M
Installed size: 178 M
Is this ok [y/N]: y


MySQL, the long time "free" SQL server and client that used to be included in all standard Linux server installations server, has been acquired by Oracle, and they've "commercialized" it, so that it is no longer "officially" free for any commercial or business usage, and only "free" for personal not-for-profit use. This caused a bunch of long time developers to create what has become the "de-facto" MySQL replacement, and uses the exact same MySQL commands and syntax that we have become accustomed to throughout the years.

This is how I installed MariaDB on my new Fedora Linux 24, the latest and greatest! In one command, I've installed both the server and client, along with all of their dependencies! Here's how I did it:

[root@fc24 ~]# dnf install mariadb-server mariadb
Last metadata expiration check: 3:08:41 ago on Sun Sep 11 00:31:02 2016.
Dependencies resolved.
 Package                Arch        Version               Repository    Size
 mariadb                x86_64      3:10.1.16-1.fc24      updates      6.3 M
 mariadb-common         x86_64      3:10.1.16-1.fc24      updates       66 k
 mariadb-config         x86_64      3:10.1.16-1.fc24      updates       29 k
 mariadb-errmsg         x86_64      3:10.1.16-1.fc24      updates      203 k
 mariadb-libs           x86_64      3:10.1.16-1.fc24      updates      654 k
 mariadb-server         x86_64      3:10.1.16-1.fc24      updates       19 M
 perl-DBD-MySQL         x86_64      4.036-1.fc24          updates      146 k
 perl-DBI               x86_64      1.634-3.fc24          fedora       729 k
 perl-Math-BigInt       noarch      1.9997.15-2.fc24      fedora       178 k
 perl-Math-Complex      noarch      1.59-362.fc24         updates       95 k
 perl-Storable          x86_64      1:2.53-348.fc24       updates       84 k

Transaction Summary
Install  11 Packages

Total download size: 28 M
Installed size: 140 M
Is this ok [y/N]:y

Here is the rest of the output from the "dnf" after hitting the "Y" key to proceed to download the installation RPM packages, install them, and then clean things up to finish the installation:

Downloading Packages:
(1/11): mariadb-common-10.1.16-1.fc24.x86_64 158 kB/s |  66 kB     00:00    
(2/11): perl-DBI-1.634-3.fc24.x86_64.rpm     1.3 MB/s | 729 kB     00:00    
(3/11): 1.9 MB/s | 178 kB     00:00    
(4/11): mariadb-errmsg-10.1.16-1.fc24.x86_64 361 kB/s | 203 kB     00:00    
(5/11): mariadb-config-10.1.16-1.fc24.x86_64 295 kB/s |  29 kB     00:00    
(6/11): perl-DBD-MySQL-4.036-1.fc24.x86_64.r 532 kB/s | 146 kB     00:00    
(7/11): mariadb-libs-10.1.16-1.fc24.x86_64.r 930 kB/s | 654 kB     00:00    
(8/11): perl-Math-Complex-1.59-362.fc24.noar 1.0 MB/s |  95 kB     00:00    
(9/11): perl-Storable-2.53-348.fc24.x86_64.r 1.0 MB/s |  84 kB     00:00    
(10/11): mariadb-10.1.16-1.fc24.x86_64.rpm   2.2 MB/s | 6.3 MB     00:02    
(11/11): mariadb-server-10.1.16-1.fc24.x86_6 3.8 MB/s |  19 MB     00:05    
Total                                        4.3 MB/s |  28 MB     00:06     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : mariadb-config-3:10.1.16-1.fc24.x86_64                  1/11 
  Installing  : mariadb-common-3:10.1.16-1.fc24.x86_64                  2/11 
  Installing  : mariadb-errmsg-3:10.1.16-1.fc24.x86_64                  3/11 
  Installing  : mariadb-3:10.1.16-1.fc24.x86_64                         4/11 
  Installing  : mariadb-libs-3:10.1.16-1.fc24.x86_64                    5/11 
  Installing  : perl-Storable-1:2.53-348.fc24.x86_64                    6/11 
  Installing  : perl-Math-Complex-1.59-362.fc24.noarch                  7/11 
  Installing  : perl-Math-BigInt-1.9997.15-2.fc24.noarch                8/11 
  Installing  : perl-DBI-1.634-3.fc24.x86_64                            9/11 
  Installing  : perl-DBD-MySQL-4.036-1.fc24.x86_64                     10/11 
  Installing  : mariadb-server-3:10.1.16-1.fc24.x86_64                 11/11 
  Verifying   : mariadb-server-3:10.1.16-1.fc24.x86_64                  1/11 
  Verifying   : perl-DBI-1.634-3.fc24.x86_64                            2/11 
  Verifying   : mariadb-common-3:10.1.16-1.fc24.x86_64                  3/11 
  Verifying   : mariadb-errmsg-3:10.1.16-1.fc24.x86_64                  4/11 
  Verifying   : perl-Math-BigInt-1.9997.15-2.fc24.noarch                5/11 
  Verifying   : mariadb-3:10.1.16-1.fc24.x86_64                         6/11 
  Verifying   : mariadb-config-3:10.1.16-1.fc24.x86_64                  7/11 
  Verifying   : perl-DBD-MySQL-4.036-1.fc24.x86_64                      8/11 
  Verifying   : mariadb-libs-3:10.1.16-1.fc24.x86_64                    9/11 
  Verifying   : perl-Math-Complex-1.59-362.fc24.noarch                 10/11 
  Verifying   : perl-Storable-1:2.53-348.fc24.x86_64                   11/11 

  mariadb.x86_64 3:10.1.16-1.fc24                                            
  mariadb-common.x86_64 3:10.1.16-1.fc24                                     
  mariadb-config.x86_64 3:10.1.16-1.fc24                                     
  mariadb-errmsg.x86_64 3:10.1.16-1.fc24                                     
  mariadb-libs.x86_64 3:10.1.16-1.fc24                                       
  mariadb-server.x86_64 3:10.1.16-1.fc24                                     
  perl-DBD-MySQL.x86_64 4.036-1.fc24                                         
  perl-DBI.x86_64 1.634-3.fc24                                               
  perl-Math-BigInt.noarch 1.9997.15-2.fc24                                   
  perl-Math-Complex.noarch 1.59-362.fc24                                     
  perl-Storable.x86_64 1:2.53-348.fc24                                       

[root@fc24 ~]# 

Secure MariaDB Database Server Before Enabling SQL Server for Production

Before you enable the MariaDB SQL server, you MUST secure the server, either manually or using the included mysql_secure_installation shell script. Personally, I prefer to do it manually so that I can fine tune and tweak my installation. But the ultimate choice is your's.

Samba/CIFS Information --> Sharing Linux & Windows Stuff - A Necessary Evil~!

Excellent information on Samba 4 and using it to replace Windows AD, can be found here:
Setting up Samba 4 as Windows Active Directory Domain Controller

Password Info & Creation

Usually, passwords are created from the command line using the "passwd" command.
When creating a new user account, by default no password is set, so it must be done so manually!

If you need to create a pasword hash that can be copy and pasted into some other file manually,
there are a number of ways to do it, how ever I personally prefer a tool that is included with most
Linux distributions, aka "Distros". This tool is part of the Apache web server, so most systems already have it installed.
The htpasswd command is very versatile. This is an example of how to create a password hash manually:

[root@server ~]# htpasswd -c /tmp/tmppass tim
New password: 
Re-type new password: 
Adding password for user tim
[root@server ~]# cat /tmp/tmppass 

The hash is after the "tim:" part, and can be copy and pasted into any file you need it for.

7zip Archive Handling With Linux

Depending on your distro, you will want to get either the 7za package for RPM and APT based distros, and the p7zip packages for Slackware, my preferred server distro!

Personal tools