Guides, Info & Tips on New Modern Linux Server Administration
This information pertains to very modern recent relases of Redhat based distributions, including the latest releases of CentOS and Fedora, which has had most of these service upgrades and replacements for the last few years now!
The first such service upgrade actually replaced most, if not all of the service init.d startup & shutdown scripts with a very different way of managing the startup, status and shutdown of services, such as the Apache webserver, the CUPS print server, the secure shell, aka the SSH server, and all of the other services that used to be controlled by shell scripts located in the /etc/init.d/ directory. This directory still exists so that in the event that an old legacy service needs to still be managed by the init.d shell scripts, due to the service not yet having the required setup to be managed by the replacement of all of those scripts:
Query Service Status
For instance, here is an example of systemctl being used to query the Secure Shell Server(SSH):
[root@fc24 ~]# systemctl status sshd.service ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pres Active: active (running) since Sun 2016-09-11 01:12:21 PDT; 1h 20min ago Docs: man:sshd(8) man:sshd_config(5) Process: 791 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCE Main PID: 810 (sshd) Tasks: 1 (limit: 512) CGroup: /system.slice/sshd.service └─810 /usr/sbin/sshd Sep 11 01:12:20 fc24.dawgland.com systemd: Starting OpenSSH server daemon. Sep 11 01:12:21 fc24.dawgland.com systemd: sshd.service: PID file /var/run Sep 11 01:12:21 fc24.dawgland.com sshd: Server listening on 0.0.0.0 port Sep 11 01:12:21 fc24.dawgland.com systemd: Started OpenSSH server daemon. lines 1-15/15 (END)
Stopping a Service
This is what is looks like after stopping the SSH server:
[root@fc24 ~]# systemctl stop sshd.service [root@fc24 ~]# systemctl status sshd.service ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pres Active: inactive (dead) since Sun 2016-09-11 02:38:55 PDT; 10s ago Docs: man:sshd(8) man:sshd_config(5) Process: 791 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCE Main PID: 810 (code=exited, status=0/SUCCESS) Sep 11 01:12:20 fc24.dawgland.com systemd: Starting OpenSSH server daemon. Sep 11 01:12:21 fc24.dawgland.com systemd: sshd.service: PID file /var/run Sep 11 01:12:21 fc24.dawgland.com sshd: Server listening on 0.0.0.0 port Sep 11 01:12:21 fc24.dawgland.com systemd: Started OpenSSH server daemon. Sep 11 02:38:55 fc24.dawgland.com systemd: Stopping OpenSSH server daemon. Sep 11 02:38:55 fc24.dawgland.com systemd: Stopped OpenSSH server daemon. lines 1-14/14 (END)
Starting a Service Back Up
And this is the command to start it back up, and because there is no output after starting it, I've also included the output of the status once again after starting the Secure Shell Server back up:
[root@fc24 ~]# systemctl start sshd.service [root@fc24 ~]# systemctl status sshd.service ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pres Active: active (running) since Sun 2016-09-11 02:42:38 PDT; 9s ago Docs: man:sshd(8) man:sshd_config(5) Process: 2801 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCC Main PID: 2803 (sshd) Tasks: 1 (limit: 512) CGroup: /system.slice/sshd.service └─2803 /usr/sbin/sshd Sep 11 02:42:38 fc24.dawgland.com systemd: Starting OpenSSH server daemon. Sep 11 02:42:38 fc24.dawgland.com systemd: sshd.service: PID file /var/run Sep 11 02:42:38 fc24.dawgland.com sshd: Server listening on 0.0.0.0 por Sep 11 02:42:38 fc24.dawgland.com systemd: Started OpenSSH server daemon. lines 1-15/15 (END)
Disabling a Service
To Disable a service, usually replacing status, start, or stop with "disable" works to disable most services, but sometimes, it doesn't always work, and you also need to "mask" the service as well.
Using Mask to Forcefully Disable a Service
This proved to be the case with the RPCBIND.service. After stopping and disabling the service, a reboot caused the service to be re-enabled and started back up. To have the service disabled and that state saved after a reboot, the "mask" argument is given to the systemctl command. For instance, in the case of RPCBIND.service, this is how to disable it:
(In the below example, ONLY the 3 commands starting with systemctl are typed by the root superuser)
[root@vm1 ~]# systemctl stop rpcbind.service Warning: Stopping rpcbind.service, but it can still be activated by: rpcbind.socket [root@vm1 ~]# systemctl disable rpcbind.service [root@vm1 ~]# systemctl mask rpcbind.service ln -s '/dev/null' '/etc/systemd/system/rpcbind.service
Changing the Default Run Level the Systemd Way
To change the default run-level from booting up into the Graphical User Interface(GUI) into straight text multi-user, which is preferable on a server, the old method involved editing the /etc/inittab file changing the default runlevel from 5 to 3, as shown here:
On modern RPM based systems, this has been replaced by using the systemctl command to create/change the symlink /etc/systemd/system/default.target to point to /lib/systemd/multi-user.target, and visa-versa to switch back to the GUI bootup mode. This can be done manually using the shell "ln -sf" symlink creation command, or more easily, and more importantly, more standardized with the systemctl command, as shown here. The following 3 commands show how to first check the default runlevel target, then change it from graphical to text-based multi-user, and then the 3rd command show's confirmation the command was successful.
[root@fc21 ~]# systemctl get-default graphical.target [root@fc21 ~]# systemctl set-default multi-user.target Removed symlink /etc/systemd/system/default.target. Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/multi-user.target. [root@fc21 ~]# systemctl get-default multi-user.target
The "manual" method:
ln -sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target
In Systemd the targets runlevel5.target and graphical.target are identical. So too are runlevel2.target and multi-user.target.
Runlevel Target Units Description 0 runlevel0.target, poweroff.target Shut down and power off the system. 1 runlevel1.target, rescue.target Set up a rescue shell. 2 runlevel2.target, multi-user.target Set up a non-graphical multi-user system. 3 runlevel3.target, multi-user.target Set up a non-graphical multi-user system. 4 runlevel4.target, multi-user.target Set up a non-graphical multi-user system. 5 runlevel5.target, graphical.target Set up a graphical multi-user system. 6 runlevel6.target, reboot.target Shut down and reboot the system.
Installing Xfce Desktop Environment:
Install Xfce Desktop Environment on here (You will need to add the EPEL Repository as like above in "Cinnamon" installation before).
# yum -y groupinstall X11 # yum --enablerepo=epel -y groups install "Xfce"
Input a command like below after finishing installation:
# echo "exec /usr/bin/xfce4-session" >> ~/.xinitrc # startx
Xfce Desktop Environment starts.
GRUB stands for the "GRandUnifiedBootloader".
It can be very handy to manually "tweak" or otherwise "edit" the boot-up options at the Grub prompt before the machine actually boots up. In order to stop the automatic timed boot-up, tapping any key will interrupt the boot-up process. I like to use the up/down arrow keys, as it's required to use the up/down arrow keys to select which boot-up image you want before running the boot-up process, if you want to select a Linux kernel other than the current default one.
If you want to edit the Grub configuration before allowing the machine to boot up, you will also need to stop the automatic boot-up process. This is especially handy if you want to force a machine to boot into a runlevel that is different from the default.
For instance, it is very easy to force a machine, physical or virtual, to boot into runlevel 3, multi-user environment, instead of say runlevel 5, which is the GUI(pronounced "gooey", and stands for Graphical User Interface).
Usually the first top Linux target listed in the initial grub boot-up screen is the most current, so using it, by making sure it's the one currently highlighted, and then tapping the "E" key to enter into "Edit" mode. Then, using "down arrow" key, move the cursor to the line that starts with linux16, as seen here:
linux16 /vmlinuz-3.10.0-957.5.1.el7.x86_64 root=/dev/mapper/centos-root ro crashkernel=auto rd.lvm.lv=centos/swap rhgb quiet LANG=en_US.UTF-8 initrd16 /initramfs-22.214.171.1247.5.1.el7.x86_64.img
To force a Linux machine to boot up into runlevel 3, the standard full multi-user mode, instead of the default mode, just add the number 3 before the "ro" section of the first grub line. I also like to remove rhgb(RedHat Graphical Boot) and the "quiet" part so that I get the full output of the boot-up process. Here is an example of what the first line looks like before I force it to boot with these options:
linux16 /vmlinuz-3.10.0-957.5.1.el7.x86_64 root=/dev/mapper/centos-root 3 ro crashkernel=auto rd.lvm.lv=centos/swap LANG=en_US.UTF-8
In order to then boot-up with the specified options, use CTRL-X. Also, tapping Alt-D will display the "Details" of the boot-up process.
Another BIG change to a "more modern" way of managing all of the software packages on your Linux machine, is the dnf command that is a direct drop-in replacement for yum, the old, tried and true RPM package manager that for going on 20 years has been the main interface to manage Linux software installations, taking into account all of the required dependencies, as well as uninstalling, more commonly referred to "removing" software packages.
Here is an example of how to use dnf to first search for, and then install over the internet, Blender, a very powerful tool to create your own custom animation, simulations and movies:
[root@fc24 ~]# dnf search blender Last metadata expiration check: 2:29:11 ago on Sun Sep 11 00:31:02 2016. =========================== N/S Matched: blender ============================ blender.x86_64 : 3D modeling, animation, rendering and post-production
After searching for and finding the package I want to install, I then use dnf, NOT YUM!, to perform the dependency checking, downloading of the package along with the required dependencies, install all of the packages, and then perform what is called the "Cleanup" portion of the process.
This is how to use dnf to download, install, and then clean up any left over junk:
[root@fc24 ~]# dnf install blender Last metadata expiration check: 2:30:45 ago on Sun Sep 11 00:31:02 2016. Dependencies resolved. ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: Field3D x86_64 1.7.2-1.fc24 updates 519 k OpenColorIO x86_64 1.0.9-11.fc24 fedora 439 k OpenImageIO x86_64 1.6.16-1.fc24 updates 1.7 M blender x86_64 1:2.77a-1.fc24 updates 29 M boost-locale x86_64 1.60.0-7.fc24 updates 279 k boost-program-options x86_64 1.60.0-7.fc24 updates 166 k boost-regex x86_64 1.60.0-7.fc24 updates 300 k fftw-libs-double x86_64 3.3.4-7.fc24 fedora 805 k fonts-blender noarch 1:2.77a-1.fc24 updates 4.7 M google-droid-sans-fonts noarch 20120715-10.fc24 fedora 2.5 M hdf5 x86_64 1.8.16-3.fc24 fedora 1.7 M jack-audio-connection-kit x86_64 1.9.10-5.fc24 fedora 555 k jemalloc x86_64 4.2.1-1.fc24 updates 182 k libffado x86_64 2.2.1-8.fc24 fedora 690 k libspnav x86_64 0.2.3-3.fc24 fedora 17 k libxml++ x86_64 2.40.1-2.fc24 fedora 89 k pugixml x86_64 1.7-2.fc24 fedora 92 k python3-numpy x86_64 1:1.11.0-4.fc24 fedora 3.0 M tinyxml x86_64 2.6.2-11.fc24 fedora 54 k yaml-cpp03 x86_64 0.3.0-9.fc24 fedora 151 k Transaction Summary ============================================================================= Install 20 Packages Total download size: 47 M Installed size: 178 M Is this ok [y/N]: y
Red Hat Enterprise Linux 5,6 & 7
Common Administrative Command Cheat Sheets
Here are some very nice printable cheat sheets of the most common Red Hat Enterprise Linux administrative commands:
Registering a Red Hat Enterprise System with a Valid Subscription - REQUIRED for Updates!
First, you MUST have a valid Red Hat License, Either a Paid License Subscription, or a Developer License Subscription!
Using your own credentials from Red Hat, run the REGISTER Process:
[root@hostname]# subscriptions-manager register Registering to: subscription.rhsm.redhat.com:443/subscription Username: Your-Username Password: The system has been registered with ID: 5fab7e89-c9b3-4fc7-00765302848c [root@hostname]#
You then need to ATTACH the registration to the system, otherwise, if you check the STATUS of your system's license registration, you will get this error:
[root@hostname]# subscription-manager status +-----------------------------------------------------+ System Status Details +-----------------------------------------------------+ Overall Status: Invalid Red Hat Enterprise Linux for x86_64 Beta: - Not supported by a valid subscription. System Purpose Status: Unknown [root@hostname]#
To ATTACH the registration to the system:
[root@hostname]# subscription-manager attach Installed Product Current Status: Product Name: Red Hat enterprise Linux for x86_64 Beta Status: Subscribed [root@hotname]#
You can then verify your registration STATUS with this command:
[root@hostname]# subscription-manager status +-----------------------------------------------------+ System Status Details +-----------------------------------------------------+ Overall Status: Current System Purpose Status: mismatched [root@hostname]#
MySQL, the long time "free" SQL server and client that used to be included in all standard Linux server installations server, has been acquired by Oracle, and they've "commercialized" it, so that it is no longer "officially" free for any commercial or business usage, and only "free" for personal not-for-profit use. This caused a bunch of long time developers to create what has become the "de-facto" MySQL replacement, and uses the exact same MySQL commands and syntax that we have become accustomed to throughout the years.
This is how I installed MariaDB on my new Fedora Linux 24, the latest and greatest! In one command, I've installed both the server and client, along with all of their dependencies! Here's how I did it:
[root@fc24 ~]# dnf install mariadb-server mariadb Last metadata expiration check: 3:08:41 ago on Sun Sep 11 00:31:02 2016. Dependencies resolved. ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: mariadb x86_64 3:10.1.16-1.fc24 updates 6.3 M mariadb-common x86_64 3:10.1.16-1.fc24 updates 66 k mariadb-config x86_64 3:10.1.16-1.fc24 updates 29 k mariadb-errmsg x86_64 3:10.1.16-1.fc24 updates 203 k mariadb-libs x86_64 3:10.1.16-1.fc24 updates 654 k mariadb-server x86_64 3:10.1.16-1.fc24 updates 19 M perl-DBD-MySQL x86_64 4.036-1.fc24 updates 146 k perl-DBI x86_64 1.634-3.fc24 fedora 729 k perl-Math-BigInt noarch 1.9997.15-2.fc24 fedora 178 k perl-Math-Complex noarch 1.59-362.fc24 updates 95 k perl-Storable x86_64 1:2.53-348.fc24 updates 84 k Transaction Summary ============================================================================= Install 11 Packages Total download size: 28 M Installed size: 140 M Is this ok [y/N]:y
Here is the rest of the output from the "dnf" after hitting the "Y" key to proceed to download the installation RPM packages, install them, and then clean things up to finish the installation:
Downloading Packages: (1/11): mariadb-common-10.1.16-1.fc24.x86_64 158 kB/s | 66 kB 00:00 (2/11): perl-DBI-1.634-3.fc24.x86_64.rpm 1.3 MB/s | 729 kB 00:00 (3/11): perl-Math-BigInt-1.9997.15-2.fc24.no 1.9 MB/s | 178 kB 00:00 (4/11): mariadb-errmsg-10.1.16-1.fc24.x86_64 361 kB/s | 203 kB 00:00 (5/11): mariadb-config-10.1.16-1.fc24.x86_64 295 kB/s | 29 kB 00:00 (6/11): perl-DBD-MySQL-4.036-1.fc24.x86_64.r 532 kB/s | 146 kB 00:00 (7/11): mariadb-libs-10.1.16-1.fc24.x86_64.r 930 kB/s | 654 kB 00:00 (8/11): perl-Math-Complex-1.59-362.fc24.noar 1.0 MB/s | 95 kB 00:00 (9/11): perl-Storable-2.53-348.fc24.x86_64.r 1.0 MB/s | 84 kB 00:00 (10/11): mariadb-10.1.16-1.fc24.x86_64.rpm 2.2 MB/s | 6.3 MB 00:02 (11/11): mariadb-server-10.1.16-1.fc24.x86_6 3.8 MB/s | 19 MB 00:05 ----------------------------------------------------------------------------- Total 4.3 MB/s | 28 MB 00:06 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Installing : mariadb-config-3:10.1.16-1.fc24.x86_64 1/11 Installing : mariadb-common-3:10.1.16-1.fc24.x86_64 2/11 Installing : mariadb-errmsg-3:10.1.16-1.fc24.x86_64 3/11 Installing : mariadb-3:10.1.16-1.fc24.x86_64 4/11 Installing : mariadb-libs-3:10.1.16-1.fc24.x86_64 5/11 Installing : perl-Storable-1:2.53-348.fc24.x86_64 6/11 Installing : perl-Math-Complex-1.59-362.fc24.noarch 7/11 Installing : perl-Math-BigInt-1.9997.15-2.fc24.noarch 8/11 Installing : perl-DBI-1.634-3.fc24.x86_64 9/11 Installing : perl-DBD-MySQL-4.036-1.fc24.x86_64 10/11 Installing : mariadb-server-3:10.1.16-1.fc24.x86_64 11/11 Verifying : mariadb-server-3:10.1.16-1.fc24.x86_64 1/11 Verifying : perl-DBI-1.634-3.fc24.x86_64 2/11 Verifying : mariadb-common-3:10.1.16-1.fc24.x86_64 3/11 Verifying : mariadb-errmsg-3:10.1.16-1.fc24.x86_64 4/11 Verifying : perl-Math-BigInt-1.9997.15-2.fc24.noarch 5/11 Verifying : mariadb-3:10.1.16-1.fc24.x86_64 6/11 Verifying : mariadb-config-3:10.1.16-1.fc24.x86_64 7/11 Verifying : perl-DBD-MySQL-4.036-1.fc24.x86_64 8/11 Verifying : mariadb-libs-3:10.1.16-1.fc24.x86_64 9/11 Verifying : perl-Math-Complex-1.59-362.fc24.noarch 10/11 Verifying : perl-Storable-1:2.53-348.fc24.x86_64 11/11 Installed: mariadb.x86_64 3:10.1.16-1.fc24 mariadb-common.x86_64 3:10.1.16-1.fc24 mariadb-config.x86_64 3:10.1.16-1.fc24 mariadb-errmsg.x86_64 3:10.1.16-1.fc24 mariadb-libs.x86_64 3:10.1.16-1.fc24 mariadb-server.x86_64 3:10.1.16-1.fc24 perl-DBD-MySQL.x86_64 4.036-1.fc24 perl-DBI.x86_64 1.634-3.fc24 perl-Math-BigInt.noarch 1.9997.15-2.fc24 perl-Math-Complex.noarch 1.59-362.fc24 perl-Storable.x86_64 1:2.53-348.fc24 Complete! [root@fc24 ~]#
Secure MariaDB Database Server Before Enabling SQL Server for Production
Before you enable the MariaDB SQL server, you MUST secure the server, either manually or using the included mysql_secure_installation shell script. Personally, I prefer to do it manually so that I can fine tune and tweak my installation. But the ultimate choice is your's.
Samba/CIFS Information --> Sharing Linux & Windows Stuff - A Necessary Evil~!
Excellent information on Samba 4 and using it to replace Windows AD, can be found here:
Setting up Samba 4 as Windows Active Directory Domain Controller
Password Info & Creation
Usually, passwords are created from the command line using the "passwd" command.
When creating a new user account, by default no password is set, so it must be done so manually!
If you need to create a pasword hash that can be copy and pasted into some other file manually,
there are a number of ways to do it, however I personally prefer a tool that is included with most
Linux distributions, aka "Distros". This tool is part of the Apache web server, so most systems already have it installed.
The htpasswd command is very versatile. This is an example of how to create a password hash manually:
[root@server ~]# htpasswd -c /tmp/tmppass tim New password: Re-type new password: Adding password for user tim [root@server ~]# cat /tmp/tmppass tim:$apr1$2/FJ6Trp$YF8RcdKJvkHKsyrZBQn9N0
The hash is after the "tim:" part, and can be copy and pasted into any file you need it for.
7zip Archive Handling With Linux
Depending on your distro, you will want to get either the 7za package for RPM and APT based distros, and the p7zip packages for Slackware, my preferred server distro!
Fedora VNC Information:
[jamie@server system]$ ls -l vncserver@.service -rw-r--r--. 1 root root 1734 Jan 21 2014 vncserver@.service [jamie@server system]$ pwd /lib/systemd/system