Basic Commands

pwd command = present working directory

cal command - display calendar for specified month and year

echo command - will echo whatever you provide it.

date command - Displays current time and date

whoami command- user who is currently logged in.

clear command - This command clears the screen.

Manual Pages

‘--help’ option and man page

ls command - Listing File And Directories

ls -l displays a long listing of the files.

mkdir command - To create a directory,

touch command - For creating an empty file

copy command - # cp source destination

move command - # mv source destination

remove command – # rmdir – Remove Directory

$ rm files|directories - To remove files and directories

cat command - to view the contents of a file

head command - Displays the first few lines of a file

tail command - shows the last 10 lines by default

wc command - Word count

grep command - grep’ command searches for a pattern in a file

 vi Editing commands

Should have to press esc button and then followed

Keystrokes Action

i Insert at cursor (goes into insert mode)

a Write after cursor (goes into insert mode)

A Write at the end of line (goes into insert mode)

ESC Terminate insert mode

u Undo last change

U Undo all changes to the entire line

o Open a new line (goes into insert mode)

dd

3dd Delete line

Delete 3 lines.

D Delete contents of line after the cursor

C Delete contents of a line after the cursor and insert new text. Press ESC key to end insertion.

dw

4dw Delete word

Delete 4 words

x Delete character at the cursor

r Replace character

R Overwrite characters from cursor onward

s Substitute one character under cursor continue to insert

S Substitute entire line and begin to insert at the beginning of the line

Make sure you press the right command otherwise you will end up making undesirable changes to the
file. You can also enter the insert mode by pressing a, A, o, as required.
Keystroke Use

k Move cursor up

j Move cursor down

h Move cursor left

l Move cursor right

Saving and Closing the file

You should be in the command mode to exit the editor and save changes to the file.

Keystroke Use

Shift+zz Save the file and quit

:w Save the file but keep it open

:q Quit without saving

:wq Save the file and quit

:wq! save the file and force quit

USER And Group Administration

The /etc/passwd file is a colon-separated file that contains the following information:

User name.

Encrypted password.

User ID number (UID)

User's group ID number (GID)

Full name of the user (GECOS)

User home directory.

Login shell.
/etc/group file

It stores group information or defines the user groups

it defines the groups to which users belong.

and each line has the following format (all fields are separated by a colon (:)

group_name: It is the name of group. If you run ls -l command, you will see this name printed in the
group field.

Password: Generally password is not used, hence it is empty/blank. It can store encrypted password.

Group ID (GID): Each user must be assigned a group ID. You can see this number in your /etc/passwd
file.

Group List: It is a list of user names of users who are members of the group. The user names, must be
separated by commas.

/etc/shadow file fields)

Username : It is your login name.

Password : It is your encrypted password. The password should be minimum 8-12 characters long
including special characters, digits, lower case alphabetic and more. Usually password format is set to
$id$salt$hashed, The $id is the algorithm used On GNU/Linux as follows:

Last password change (lastchanged) : Days since Jan 1, 1970 that password was last changed

Minimum : The minimum number of days required between password changes i.e. the number of days
left before the user is allowed to change his/her password

Maximum : The maximum number of days the password is valid (after that user is forced to change
his/her password)

Warn : The number of days before password is to expire that user is warned that his/her password must
be changed
Inactive : The number of days after password expires that account is disabled

Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login
may no longer be used.

Permissions

SUID ( setuid ) :-

If SUID bit is set on a file and a user executed it. The process will have the same rights as the owner of
the file being executed.

For example: passwd command have SUID bit enabled. When a normal user change his password this
script update few system files like /etc/passwd and /etc/shadow which can’t be update by non root
account. So that passwd command process always run with root user rights.

Implementation of SUID on file:

Mehtod 1:

# chmod u+s suresh.txt

# ls -l suresh.txt

-rwsr-xr-x 1 root root 0 Mar 8 02:06 suresh.txt

Method 2:

# chmod 4655 suresh.txt

# ls -l suresh.txt

-rwSr-xr-x 1 root root 0 Mar 8 02:06 suresh.txt

SGID ( setgid) :-

Same as SUID, The process will have the same group rights of the file being executed. If SGID bit is set on
any directory, all sub directories and files created inside will get same group ownership as main
directory, it doesn’t matter who is creating.
Implementation of SGID on directory:

# chmod g+s /test/

# ls -ld /test

drwxrwsrwx 2 root root 4096 Mar 8 03:12 /test

Now swich to other user and create a file in /test directory.

# su - suresh

$ cd /test/

$ touch suresh.net.txt

$ ls -l suresh.net.txt

-rw-rw-r-- 1 suresh root 0 Mar 8 03:13 suresh.net.txt

Sticky Bit :-

The sticky bit is used to indicate special permissions for files and directories.

If a directory with sticky bit enabled, will restricts deletion of file inside it.

It can be removed by root, owner of file or who have write permission on it.

This is usefull for publically accessible directories like /tmp.

Implementation of Sticky bit on file:

Method 1:

# chmod +t suresh.txt

# ls -l suresh.txt

-rw-r--r-T 1 root root 0 Mar 8 02:06 suresh.txt

Mothod 2:

# chmod 1777 suresh.txt

# ls -l suresh.txt

-rwxrwxrwt 1 root root 0 Mar 8 02:06 suresh.txt

In above output it showing sticky bit is set with character t or T in permissions filed.
Small t represent that execute permission also enable and capital T represent that execute permission
are not enabled.

1. Search and Find Files

Let’s say that you have just installed a fresh copy of the new Ubuntu on your machine, and that you are
going to give Python scripting a shot. You have been scouring the web looking for tutorials, but you see
that there are two different versions of Python in use, and you don’t know which one was installed on
your system by the Ubuntu installer, or if it installed any modules. Simply run this command:
# dpkg –l | grep –i python

Sample Output
ii python2.7 2.7.3-0ubuntu3.4
Interactive high-level object-oriented language (version 2.7)
ii python2.7-minimal 2.7.3-0ubuntu3.4
Minimal subset of the Python language (version 2.7)
ii python-openssl 0.12-1ubuntu2.1
Python wrapper around the OpenSSL library
ii python-pam 0.4.2-12.2ubuntu4
A Python interface to the PAM library

First, we ran dpkg –l, which lists installed *.deb packages on your system. Second, we piped that output
to grep –i python, which simple states “go to grep and filter out and return everything with ‘python’ in it.”
The –i option is there to ignore-case, as grep is case-sensitive. Using the –i option is a good habit of
getting into, unless of course you are trying to nail down a more specific search.
2. Search and Filter Files
The grep can also be used to search and filter within individual files or multiple files. Lets take this
scenario:
You are having some trouble with your Apache Web Server, and you have reached out to one of the
many awesome forums on the net asking for some help. The kind soul who replies to you has asked you
to post the contents of your /etc/apache2/sites-available/default-ssl file. Wouldn’t it be easier for you,
the guy helping you, and everyone reading it, if you could remove all of the commented lines? Well you
can! Just run this:
# grep –v “#” /etc/apache2/sites-available/default-ssl

The –v option tells grep to invert its output, meaning that instead of printing matching lines, do the
opposite and print all of the lines that don’t match the expression, in this case, the # commented lines.
3. Find all .mp3 Files Only
The grep can be very useful for filtering from stdout. For example, let’s say that you have an entire
folder full of music files in a bunch of different formats. You want to find all of the *.mp3 files from the
artist JayZ, but you don’t want any of the remixed tracks. Using a find command with a couple of grep
pipes will do the trick:
# find . –name “*.mp3” | grep –i JayZ | grep –vi “remix”
In this example, we are using find to print all of the files with a *.mp3 extension, piping it to grep –i to
filter out and prints all files with the name “JayZ” and then another pipe to grep –vi which filters out and
does not print all filenames with the string (in any case) “remix”.
1. 35 Practical Examples of Linux Find Command
4. Display Number of Lines Before or After Search String
Another couple of options are the –A and –B switches, which displays the matched line and number of
lines either that come before or after the search string. While the man page gives a more detailed
explanation, I find it easiest to remember the options as –A = after, and –B = before:
# ifconfig | grep –A 4 eth0
# ifconfig | grep -B 2 UP

5. Prints Number of Lines Around Match

The grep’s –C option is similar, but instead of printing the lines that come either before or after the string,
it prints the lines in either direction:
# ifconfig | grep –C 2 lo

6. Count Number of Matches

Similar to piping a grep string to word count (wc program) grep’s built-in option can perform the same
for you:
# ifconfig | grep –c inet6

7. Search Files by Given String

The –n option for grep is very useful when debugging files during compile errors. It displays the line
number in the file of the given search string:
# grep –n “main” setup..py

8. Search a string Recursively in all Directories

If you would like to search for a string in the current directory along with all of the subdirectories, you
can specify the –r option to search recursively:
# grep –r “function” *

9. Searches for the entire pattern

Passing the –w option to grep searches for the entire pattern that is in the string. For example, using:
# ifconfig | grep –w “RUNNING”

Will print out the line containing the pattern in quotes. On the other hand, if you try:
# ifconfig | grep –w “RUN”

Nothing will be returned as we are not searching for a pattern, but an entire word.
10. Search a string in Gzipped Files
Deserving some mention are grep’s derivatives. The first is zgrep, which, similar to zcat, is for use on
gzipped files. It takes the same options as grep and is used in the same way:
# zgrep –i error /var/log/syslog.2.gz
11. Match Regular Expression in Files
The egrep is another derivative that stands for “Extended Global Regular Expression”. It recognizes
additional expression meta-characters such at + ? | and (). egrep is very useful for searching source files,
and other pieces of code, should the need arise. It can be invoked from regular grep by specifying the –E
option.
# grep –E

12. Search a Fixed Pattern String

The fgrep searches a file or list of files for a fixed pattern string. It is the same as grep –F. A common
way of using fgrep is to pass a file of patterns to it:
# fgrep –f file_full_of_patterns.txt file_to_search.txt

This is just a starting point with grep, but as you are probably able to see, it is invaluable for a variety of
purposes. Aside from the simple one line commands we have implemented, grep can be used to write
powerful cron jobs, and robust shell scripts, for a start. Be creative, experiment with the options in the
man page, and come up with grep expressions that serve your own purposes!

FIND COMMAND

1. Find Files Using Name in Current Directory

Find all the files whose name is suresh.txt in a current working directory.
# find . -name suresh.txt

./suresh.txt

2. Find Files Under Home Directory

Find all the files under /home directory with name suresh.txt.
# find /home -name suresh.txt

/home/suresh.txt

3. Find Files Using Name and Ignoring Case

Find all the files whose name is suresh.txt and contains both capital and small letters in /home directory.
# find /home -iname suresh.txt

./suresh.txt
./Suresh.txt
4. Find Directories Using Name
Find all directories whose name is Suresh in / directory.
# find / -type d -name Suresh

/Suresh

5. Find PHP Files Using Name

Find all php files whose name is suresh.php in a current working directory.
# find . -type f -name suresh.php

./suresh.php

6. Find all PHP Files in Directory

Find all php files in a directory.
# find . -type f -name "*.php"

./suresh.php
./login.php
./index.php

Part II – Find Files Based on their Permissions

7. Find Files With 777 Permissions

Find all the files whose permissions are 777.
# find . -type f -perm 0777 -print

8. Find Files Without 777 Permissions

Find all the files without permission 777.
# find / -type f ! -perm 777

9. Find SGID Files with 644 Permissions

Find all the SGID bit files whose permissions set to 644.
# find / -perm 2644

10. Find Sticky Bit Files with 551 Permissions

Find all the Sticky Bit set files whose permission are 551.
# find / -perm 1551

11. Find SUID Files

Find all SUID set files.
# find / -perm /u=s

12. Find SGID Files

Find all SGID set files.
# find / -perm /g+s

13. Find Read Only Files

Find all Read Only files.
# find / -perm /u=r

14. Find Executable Files

Find all Executable files.
# find / -perm /a=x

15. Find Files with 777 Permissions and Chmod to 644

Find all 777 permission files and use chmod command to set permissions to 644.
# find / -type f -perm 0777 -print -exec chmod 644 {} \;

16. Find Directories with 777 Permissions and Chmod to 755

Find all 777 permission directories and use chmod command to set permissions to 755.
# find / -type d -perm 777 -print -exec chmod 755 {} \;

17. Find and remove single File

To find a single file called suresh.txt and remove it.
# find . -type f -name "suresh.txt" -exec rm -f {} \;

18. Find and remove Multiple File

To find and remove multiple files such as .mp3 or .txt, then use.
# find . -type f -name "*.txt" -exec rm -f {} \;

OR

# find . -type f -name "*.mp3" -exec rm -f {} \;

19. Find all Empty Files

To file all empty files under certain path.
# find /tmp -type f -empty

20. Find all Empty Directories

To file all empty directories under certain path.
# find /tmp -type d -empty
21. File all Hidden Files
To find all hidden files, use below command.
# find /tmp -type f -name ".*"

Part III – Search Files Based On Owners and Groups

22. Find Single File Based on User

To find all or single file called suresh.txt under / root directory of owner root.
# find / -user root -name suresh.txt

23. Find all Files Based on User

To find all files that belongs to user Suresh under /home directory.
# find /home -user suresh

24. Find all Files Based on Group

To find all files that belongs to group Developer under /home directory.
# find /home -group developer

25. Find Particular Files of User

To find all .txt files of user Suresh under /home directory.
# find /home -user suresh -iname "*.txt"

Part IV – Find Files and Directories Based on Date and Time

26. Find Last 50 Days Modified Files

To find all the files which are modified 50 days back.
# find / -mtime 50

27. Find Last 50 Days Accessed Files

To find all the files which are accessed 50 days back.
# find / -atime 50

28. Find Last 50-100 Days Modified Files

To find all the files which are modified more than 50 days back and less than 100 days.
# find / -mtime +50 –mtime -100
29. Find Changed Files in Last 1 Hour
To find all the files which are changed in last 1 hour.
# find / -cmin -60

30. Find Modified Files in Last 1 Hour

To find all the files which are modified in last 1 hour.
# find / -mmin -60

31. Find Accessed Files in Last 1 Hour

To find all the files which are accessed in last 1 hour.
# find / -amin -60

Part V – Find Files and Directories Based on Size

32. Find 50MB Files

To find all 50MB files, use.
# find / -size 50M

33. Find Size between 50MB – 100MB

To find all the files which are greater than 50MB and less than 100MB.
# find / -size +50M -size -100M

34. Find and Delete 100MB Files

To find all 100MB files and delete them using one single command.
# find / -size +100M -exec rm -rf {} \;

35. Find Specific Files and Delete

Find all .mp3 files with more than 10MB and delete them using one single command.
# find / -type f -name *.mp3 -size +10M -exec rm {} \;

Disk Management

fdisk stands (for “fixed disk or format disk“) is an most commonly used command-line based
disk manipulation utility for a Linux/Unix systems. With the help of fdisk command you can view,
create, resize, delete, change, copy and move partitions on a hard drive using its own user
friendly text based menu driven interface.
This tool is very useful in terms of creating space for new partitions, organising space for new
drives, re-organising an old drives and copying or moving data to new disks. It allows you to
create a maximum of four new primary partition and number of logical (extended) partitions,
based on size of the hard disk you have in your system.

Caution – Don’t Create, Delete or Modify Partitions. Unless you know what you are doing!

1. View all Disk Partitions in Linux

The following basic command list all existing disk partition on your system. The ‘-l‘ argument
stand for (listing all partitions) is used with fdisk command to view all available partitions on
Linux. The partitions are displayed by their device’s names. For
example: /dev/sda, /dev/sdb or /dev/sdc.

[[email protected] ~]# fdisk -l

Disk /dev/sda: 637.8 GB, 637802643456 bytes

255 heads, 63 sectors/track, 77541 cylinders

Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System

/dev/sda1 * 1 13 104391 83 Linux

/dev/sda2 14 2624 20972857+ 83 Linux

/dev/sda3 2625 4582 15727635 83 Linux

/dev/sda4 4583 77541 586043167+ 5 Extended

/dev/sda5 4583 5887 10482381 83 Linux

/dev/sda6 5888 7192 10482381 83 Linux

/dev/sda7 7193 7845 5245191 83 Linux

/dev/sda8 7846 8367 4192933+ 82 Linux swap /
Solaris

/dev/sda9 8368 77541 555640123+ 8e Linux LVM

2. View Specific Disk Partition in Linux

To view all partitions of specific hard disk use the option ‘-l‘ with device name. For example, the
following command will display all disk partitions of device /dev/sda. If you’ve different device
names, simple write device name as /dev/sdb or /dev/sdc.

[[email protected] ~]# fdisk -l /dev/sda

Disk /dev/sda: 637.8 GB, 637802643456 bytes

255 heads, 63 sectors/track, 77541 cylinders

Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System

/dev/sda1 * 1 13 104391 83 Linux

/dev/sda2 14 2624 20972857+ 83 Linux

/dev/sda3 2625 4582 15727635 83 Linux

/dev/sda4 4583 77541 586043167+ 5 Extended

/dev/sda5 4583 5887 10482381 83 Linux

/dev/sda6 5888 7192 10482381 83 Linux

/dev/sda7 7193 7845 5245191 83 Linux

/dev/sda8 7846 8367 4192933+ 82 Linux swap /
Solaris

/dev/sda9 8368 77541 555640123+ 8e Linux LVM

3. Check all Available fdisk Commands

If you would like to view all commands which are available for fdisk. Simply use the following
command by mentioning the hard disk name such as /dev/sda as shown below. The following
command will give you output similar to below.

[[email protected] ~]# fdisk /dev/sda

WARNING: DOS-compatible mode is deprecated. It's strongly recommended

to

switch off the mode (command 'c') and change display units to

sectors (command 'u').

Command (m for help):

Type ‘m‘ to see the list of all available commands of fdisk which can be operated
on /dev/sda hard disk. After, I enter ‘m‘ on the screen, you will see the all available options for
fdisk that you can be used on the /dev/sda device.

[[email protected] ~]# fdisk /dev/sda

WARNING: DOS-compatible mode is deprecated. It's strongly recommended

to

switch off the mode (command 'c') and change display units to

sectors (command 'u').

Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help):

4. Print all Partition Table in Linux

To print all partition table of hard disk, you must be on command mode of specific hard disk
say /dev/sda.

[[email protected] ~]# fdisk /dev/sda

From the command mode, enter ‘p‘ instead of ‘m‘ as we did earlier. As I enter ‘p‘, it will print the
specific /dev/sda partition table.

Command (m for help): p

Disk /dev/sda: 637.8 GB, 637802643456 bytes
255 heads, 63 sectors/track, 77541 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 2624 20972857+ 83 Linux
/dev/sda3 2625 4582 15727635 83 Linux
/dev/sda4 4583 77541 586043167+ 5 Extended
/dev/sda5 4583 5887 10482381 83 Linux
/dev/sda6 5888 7192 10482381 83 Linux
/dev/sda7 7193 7845 5245191 83 Linux
/dev/sda8 7846 8367 4192933+ 82 Linux swap /
Solaris
/dev/sda9 8368 77541 555640123+ 8e Linux LVM
Command (m for help):

5. How to Delete a Partition in Linux

If you would like to delete a specific partition (i.e /dev/sda9) from the specific hard disk such
as /dev/sda. You must be in fdisk command mode to do this.

[[email protected] ~]# fdisk /dev/sda

Next, enter ‘d‘ to delete any given partition name from the system. As I enter ‘d‘, it will prompt
me to enter partition number that I want to delete from /dev/sda hard disk. Suppose I enter
number ‘4‘ here, then it will delete partition number ‘4‘ (i.e. /dev/sda4) disk and shows free
space in partition table. Enter ‘w‘ to write table to disk and exit after making new alterations to
partition table. The new changes would only take place after next reboot of system. This can be
easily understood from the below output.

[[email protected] ~]# fdisk /dev/sda

WARNING: DOS-compatible mode is deprecated. It's strongly recommended

to

switch off the mode (command 'c') and change display units to

sectors (command 'u').

Command (m for help): d

Partition number (1-4): 4
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: Device
or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
You have new mail in /var/spool/mail/root
Warning : Be careful, while performing this step, because using option ‘d‘ will completely delete
partition from system and may lost all data in partition.
6. How to Create a New Partition in Linux

If you’ve free space left on one of your device say /dev/sda and would like to create a new
partition under it. Then you must be in fdisk command mode of /dev/sda. Type the following
command to enter into command mode of specific hard disk.

[[email protected] ~]# fdisk /dev/sda

After entering in command mode, now press “n” command to create a new partition
under /dev/sdawith specific size. This can be demonstrated with the help of following given
output.

[[email protected] ~]# fdisk /dev/sda

WARNING: DOS-compatible mode is deprecated. It's strongly recommended

to

switch off the mode (command 'c') and change display units to

sectors (command 'u').

Command (m for help): n

Command action
e extended
p primary partition (1-4)
e
While creating a new partition, it will ask you two options ‘extended‘ or ‘primary‘ partition
creation. Press ‘e‘ for extended partition and ‘p‘ for primary partition. Then it will ask you to enter
following two inputs.
1. First cylinder number of the partition to be create.
2. Last cylinder number of the partition to be created (Last cylinder, +cylinders or +size).
You can enter the size of cylinder by adding “+5000M” in last cylinder. Here, ‘+‘ means addition
and 5000M means size of new partition (i.e 5000MB). Please keep in mind that after creating a
new partition, you should run ‘w‘ command to alter and save new changes to partition table and
finally reboot your system to verify newly created partition.

Command (m for help): w

The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: Device
or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

7. How to Format a Partition in Linux

After the new partition is created, don’t skip to format the newly created partition using ‘mkfs‘
command. Type the following command in the terminal to format a partition. Here /dev/sda4 is
my newly created partition.

[[email protected] ~]# mkfs.ext4 /dev/sda4

8. How to Check Size of a Partition in Linux

After formatting new partition, check the size of that partition using flag ‘s‘ (displays size in
blocks) with fdisk command. This way you can check size of any specific device.

[[email protected] ~]# fdisk -s /dev/sda2

5194304

9. How to Fix Partition Table Order

If you’ve deleted a logical partition and again recreated it, you might notice ‘partition out of
order‘ problem or error message like ‘Partition table entries are not in disk order‘.
For example, when three logical partitions such as (sda4, sda5 and sda6) are deleted, and new
partition created, you might expect the new partition name would be sda4. But, the system
would create it as sda5. This happens because of, after the partition are deleted, sda7 partition
had been moved as sda4and free space shift to the end.
To fix such partition order problems, and assign sda4 to the newly created partition, issue the ‘x‘
to enter an extra functionality section and then enter ‘f‘ expert command to fix the order of
partition table as shown below.

[[email protected] ~]# fdisk /dev/sda

WARNING: DOS-compatible mode is deprecated. It's strongly recommended

to
switch off the mode (command 'c') and change display units to

sectors (command 'u').

Command (m for help): x

Expert command (m for help): f
Done.
Expert command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: Device
or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

After, running ‘f‘ command, don’t forget to run ‘w‘ command to save and exit from fdisk
command mode. Once it fixed partition table order, you will no longer get error messages.
10. How to Disable Boot Flag (*) of a Partition

By default, fdisk command shows the boot flag (i.e. ‘*‘) symbol on each partition. If you want to
enable or disable boot flag on a specific partition, do the following steps.

[[email protected] ~]# fdisk /dev/sda

Press ‘p‘ command to view the current partition table, you see there is a boot flag (asterisk (*)
symbol in orange color) on /dev/sda1 disk as shown below.

[[email protected] ~]# fdisk /dev/sda

WARNING: DOS-compatible mode is deprecated. It's strongly recommended

to

switch off the mode (command 'c') and change display units to

sectors (command 'u').

Command (m for help): p

Disk /dev/sda: 637.8 GB, 637802643456 bytes

255 heads, 63 sectors/track, 77541 cylinders

Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System

/dev/sda1 * 1 13 104391 83 Linux

/dev/sda2 14 2624 20972857+ 83 Linux
/dev/sda3 2625 4582 15727635 83 Linux
/dev/sda4 4583 77541 586043167+ 5 Extended
/dev/sda5 4583 5887 10482381 83 Linux
/dev/sda6 5888 7192 10482381 83 Linux
/dev/sda7 7193 7845 5245191 83 Linux
/dev/sda8 7846 8367 4192933+ 82 Linux swap /
Solaris
/dev/sda9 8368 77541 555640123+ 8e Linux LVM
Next enter command ‘a‘ to disable boot flag, then enter partition number ‘1‘ as (i.e. /dev/sda1) in
my case. This will disable boot flag on the partition /dev/sda1. This will remove the asterisk (*)
flag.

Command (m for help): a

Partition number (1-9): 1
Command (m for help): p
Disk /dev/sda: 637.8 GB, 637802643456 bytes
255 heads, 63 sectors/track, 77541 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 1 13 104391 83 Linux
/dev/sda2 14 2624 20972857+ 83 Linux
/dev/sda3 2625 4582 15727635 83 Linux
/dev/sda4 4583 77541 586043167+ 5 Extended
/dev/sda5 4583 5887 10482381 83 Linux
/dev/sda6 5888 7192 10482381 83 Linux
/dev/sda7 7193 7845 5245191 83 Linux
/dev/sda8 7846 8367 4192933+ 82 Linux swap /
Solaris
/dev/sda9 8368 77541 555640123+ 8e Linux LVM
Command (m for help):
I’ve tried my best to include almost all basic commands of fdisk commands, but still fdisk
contains a variety of other expert commands you can use them by entering ‘x‘. For more
detailed information, check out ‘man fdisk‘ command from the terminal.

Logical Volume Manager

Before we start, install the lvm2 package as shown below.

$ sudo apt-get intall lvm2

To create a LVM, we need to run through the following steps.

• Select the physical storage devices for LVM
• Create the Volume Group from Physical Volumes
• Create Logical Volumes from Volume Group
Select the Physical Storage Devices for LVM – Use pvcreate, pvscan, pvdisplay Commands
In this step, we need to choose the physical volumes that will be used to create the LVM. We can create
the physical volumes using pvcreate command as shown below.
$ sudo pvcreate /dev/sda6 /dev/sda7
Physical volume "/dev/sda6" successfully created
Physical volume "/dev/sda7" successfully created

As shown above two physical volumes are created – /dev/sda6 and /dev/sda7.
If the physical volumes are already created, you can view them using the pvscan command as shown
below.
$ sudo pvscan
PV /dev/sda6 lvm2 [1.86 GB]
PV /dev/sda7 lvm2 [1.86 GB]
Total: 2 [3.72 GB] / in use: 0 [0 ] / in no VG: 2 [3.72 GB]

You can view the list of physical volumes with attributes like size, physical extent size, total physical
extent size, the free space, etc., using pvdisplay command as shown below.
$ sudo pvdisplay
--- Physical volume ---
PV Name /dev/sda6
VG Name
PV Size 1.86 GB / not usable 2.12 MB
Allocatable yes
PE Size (KByte) 4096
Total PE 476
Free PE 456
Allocated PE 20
PV UUID m67TXf-EY6w-6LuX-NNB6-kU4L-wnk8-NjjZfv

--- Physical volume ---

PV Name /dev/sda7
 VG Name
PV Size 1.86 GB / not usable 2.12 MB
Allocatable yes
PE Size (KByte) 4096
Total PE 476
Free PE 476
Allocated PE 0
PV UUID b031x0-6rej-BcBu-bE2C-eCXG-jObu-0Boo0x

Note : PE – Physical Extents are nothing but equal-sized chunks. The default size of extent is 4MB.
Create the Volume Group – Use vgcreate, vgdisplay Commands
Volume groups are nothing but a pool of storage that consists of one or more physical volumes. Once you
create the physical volume, you can create the volume group (VG) from these physical volumes (PV).
In this example, the volume group vol_grp1 is created from the two physical volumes as shown below.
$ sudo vgcreate vol_grp1 /dev/sda6 /dev/sda7
Volume group "vol_grp1" successfully created

LVM processes the storage in terms of extents. We can also change the extent size (from the default size
4MB) using -s flag.
vgdisplay command lists the created volume groups.
$ sudo vgdisplay
--- Volume group ---
VG Name vol_grp1
System ID
Format lvm2
Metadata Areas 2
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 2
Act PV 2
VG Size 3.72 GB
PE Size 4.00 MB
Total PE 952
Alloc PE / Size 0 / 0
Free PE / Size 952 / 3.72 GB
VG UUID Kk1ufB-rT15-bSWe-5270-KDfZ-shUX-FUYBvR

LVM Create: Create Logical Volumes – Use lvcreate, lvdisplay command

Now, everything is ready to create the logical volumes from the volume groups. lvcreate command
creates the logical volume with the size of 80MB.
$ sudo lvcreate -l 20 -n logical_vol1 vol_grp1
Logical volume "logical_vol1" created
 Use lvdisplay command as shown below, to view the available logical volumes with its attributes.

$ sudo lvdisplay
--- Logical volume ---
LV Name /dev/vol_grp1/logical_vol1
VG Name vol_grp1
LV UUID ap8sZ2-WqE1-6401-Kupm-DbnO-2P7g-x1HwtQ
LV Write Access read/write
LV Status available
# open 0
LV Size 80.00 MB
Current LE 20
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 252:0

After creating the appropriate filesystem on the logical volumes, it becomes ready to use for the storage
purpose.
$ sudo mkfs.ext4 /dev/vol_grp1/logical_vol1

LVM resize: Change the size of the logical volumes – Use lvextend Command
We can extend the size of the logical volumes after creating it by using lvextend utility as shown below.
The changes the size of the logical volume from 80MB to 100MB.
$ sudo lvextend -L100 /dev/vol_grp1/logical_vol1
Extending logical volume logical_vol1 to 100.00 MB
Logical volume logical_vol1 successfully resized

We can also add additional size to a specific logical volume as shown below.
$ sudo lvextend -L+100 /dev/vol_grp1/logical_vol1
Extending logical volume logical_vol1 to 200.00 MB
Logical volume logical_vol1 successfully resized

RPM & YUM

RPM package is a powerful utility to manage the software in all major Linux distributions. RPMs
can be used to,

 Install packages
 Remove packages
 Upgrade packages
 Verify packages

Here are some useful command to manage RPM packages,

1. Getting detailed information about the package httpd

rpm -qi httpd

2. Determining which package installed the file /etc/httpd/conf.d/httpd-portal.conf,

rpm -qf /etc/httpd/conf.d/httpd-portal.conf

3. Showing all the files installed my httpd

rpm -ql httpd

4. Viewing the documentation files for the command httpd,

rpm -qd httpd

5. Listing all files included in an rpm file,

rpm -qpl /mnt/iso/suse/i586/wget-1.10.2-78.i586.rpm

6. Verify if the package is installed or not,

rpm -qa | grep httpd

7. To check what has changed in the files on the system since the HTTPD rpm originally
installed,

rpm -V httpd

8. Checking package to ensure its integrity and origin: (NOTE: gpg or pgp software must be
installed on your system before you use this command)

rpm -K /mnt/iso/suse/i586/wget-1.10.2-78.i586.rpm

9. To install wget RPM package,

rpm -ivh /mnt/iso/suse/i586/wget-1.10.2-78.i586.rpm

10. Upgrading the package wget: (NOTE: if the package is not installed it will install it for You,
like option “-ivh”),

rpm -Uvh /mnt/iso/suse/i586/wget-1.10.2-78.i586.rpm

11. Upgrade the package wget (if it exists already),

rpm -Fvh /mnt/iso/suse/i586/wget-1.10.2-78.i586.rpm

12. Removing the RPM package wget,

rpm -e wget

13. To list the configuration file of a package,

rpm -qc httpd

14. To display the list of all recently installed packages,

rpm -qa –last

15. To find out what dependencies httpd package has,

rpm -qR httpd

16. To find out what dependencies an rpm file has,

rpm -qpR /mnt/iso/suse/i586/wget-1.10.2-78.i586.rpm

17. To display list of configuration files for a command,

rpm -qcf /usr/sbin/httpd

YUM

1. Install a package using yum install

# yum install postgresql.x86_64

2. Uninstall a package using yum remove

# yum remove postgresql.x86_64

3. Upgrade an existing package using yum update

# yum update postgresql.x86_64

4. Search for a package to be installed using yum search

# yum search firefox

5. Display additional information about a package using yum info

# yum info samba-common.i686

6. View all available packages using yum list

# yum list | less

7. List only the installed packages using yum list installed

# yum list installed | less

8. Which package does a file belong to? – Use yum provides

# yum provides /etc/sysconfig/nfs

9. List available software groups using yum grouplist

# yum grouplist

10. Install a specific software group using yum groupinstall

# yum groupinstall 'DNS Name Server'

11. Upgrade an existing software group using groupupdate

# yum groupupdate 'Graphical Internet'

12. Uninstall a software group using yum groupremove

# yum groupremove 'DNS Name Server'

13. Display your current yum repositories

# yum repolist

14. Install from a disabled repositories using yum –enablerepo

# yum --enablerepo=fedora-source install vim-X11.x86_64

What is a Soft Link or Symbolic Link or Symlink ?

Soft links are very similar to what we say “Shortcut” in windows, is a way to link to a file or directory.
Symlinks doesn’t contain any information about the destination file or contents of the file, instead of
that, it simply contains the pointer to the location of the destination file. In more technical words, in
soft link, a new file is created with a new inode, which have the pointer to the inode location of the
original file.

Symbolic links are created with the “ln” command in linux. The syntax of the command is:

$ln -s
-s = This flag tells to create a symlink (if you don’t use this it will create a hard link, which we will talk
about soon).
For Example,

$ ln -s /usr/bin/suresh ~/Desktop/suresh

I hope now the concept of Soft Links should be clear.

HARD & SOFT LINKS

Hard Link vs Soft Link

What are Hard Links

1. Hard Links have same inodes number.

2. ls -l command shows all the links with the link column shows number of links.
3. Links have actual file contents
4. Removing any link, just reduces the link count, but doesn't affect other links.
5. You cannot create a hard link for a directory.
6 If original file is removed then the link will still show you the content of the file.

What are Soft Links

1. Soft Links have different inodes numbers.

2. ls -l command shows all links with second column value 1 and the link points to original file.
3. Soft Link contains the path for original file and not the contents.
4. Removing soft link doesn't affect anything but removing original file, the link becomes "dangling"
link which points to nonexistent file.
5. A soft link can link to a directory.

What is a Hard Link ?

Hard link is a bit different object when compared to a symlink. In softlink a new file and a new Inode
is created, but in hard link, only an entry into directory structure is created for the file, but it points to
the inode location of the original file. Which means there is no new inode creation in the hard link.
This can be explained like this:

So, in hard link, you are referencing the inode directly on the disk, which means that there should be
a way to know how many hard links exist to a file. For the same, in the inode information, you have an
option for “links”, which will tell how many links exists to a file. You can find the same information by
using this command:

$ stat <file name>

$ stat 01
Size: 923383 Blocks: 1816 IO Block: 4096 regular file
Device: 803h/2051d Inode: 12684895 Links: 3
Access: (0644/-rw-r–r–) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2012-09-07 01:46:54.000000000 -0500
Modify: 2012-04-27 06:22:02.000000000 -0500
Change: 2012-04-27 06:22:02.000000000 -0500

In this example, it means that the specific file have 2 hard links, which makes the count to 3.

When to use Soft Link:

1. Link across filesystems: If you want to link files across the filesystems, you can only use
symlinks/soft links.
2. Links to directory: If you want to link directories, then you must be using Soft links, as you
can’t create a hard link to a directory.

When to use Hard Link:

1. Storage Space: Hard links takes very negligible amount of space, as there are no new inodes
created while creating hard links. In soft links we create a file which consumes space (usually
4KB, depending upon the filesystem)
2. Performance: Performance will be slightly better while accessing a hard link, as you are directly
accessing the disk pointer instead of going through another file.
3. Moving file location: If you move the source file to some other location on the same filesystem,
the hard link will still work, but soft link will fail.
4. Redundancy: If you want to make sure safety of your data, you should be using hard link, as in
hard link, the data is safe, until all the links to the files are deleted, inste
“What is the main difference between hard links & soft links” ?

A. A softlink will have a different Inode number than the source file, which will be having a pointer to
the source file but hardlink will be using the same Inode number as the source file.
Q. How can I find all the Soft Links in my system ?
A. Use this command for the same “find /etc -type l -exec ls -li {} \;”
Q. How can I find all the files having Hard Links in my system ?
A. Use this command for the same “find / -links +2 -type f -exec ls -li {} \;”
Q. How to find whether a file is a softlink ?

A. Simply using this command “ls -l” will tell you whether a file is pointing to some other file or not.

Q. How can I find out the source file of a hard link ?

A. No, you can’t find out the source file of a hard link. Once hard link is created, there is no way to tell
which was the first file created.
Q. Can I make a Soft link to a Hard link and Vice Versa ?
A. Yes, both soft links and hard links acts as normal files of the file system, so you can do both.

AT & CRON JOBS

Linux Crontab: 15 Awesome Cron Job Examples

An experienced Linux sysadmin knows the

importance of running the routine maintenance jobs in the background automatically.

Linux Cron utility is an effective way to schedule a routine background job at a specific time
and/or day on an on-going basis.
Linux Crontab Format

MIN HOUR DOM MON DOW CMD

Table: Crontab Fields and Allowed Ranges (Linux Crontab Syntax)

Field Description Allowed Value
MIN Minute field 0 to 59
HOUR Hour field 0 to 23
DOM Day of Month 1-31
MON Month field 1-12
DOW Day Of Week 0-6
CMD Command Any command to be executed.

1. Scheduling a Job For a Specific Time

The basic usage of cron is to execute a job in a specific time as shown below. This will execute
the Full backup shell script (full-backup) on 10th June 08:30 AM.

Please note that the time field uses 24 hours format. So, for 8 AM use 8, and for 8 PM use 20.

30 08 10 06 * /home/Suresh/full-backup

 30 – 30th Minute
 08 – 08 AM
 10 – 10th Day
 06 – 6th Month (June)
 * – Every day of the week

2. Schedule a Job For More Than One Instance (e.g. Twice a Day)
The following script take a incremental backup twice a day every day.

This example executes the specified incremental backup shell script (incremental-backup) at
11:00 and 16:00 on every day. The comma separated value in a field specifies that the command
needs to be executed in all the mentioned time.

00 11,16 * * * /home/Suresh/bin/incremental-backup

 00 – 0th Minute (Top of the hour)

 11,16 – 11 AM and 4 PM
 * – Every day
 * – Every month
 * – Every day of the week

3. Schedule a Job for Specific Range of Time (e.g. Only on Weekdays)

If you wanted a job to be scheduled for every hour with in a specific range of time then use the
following.

Cron Job everyday during working hours

This example checks the status of the database everyday (including weekends) during the
working hours 9 a.m – 6 p.m

00 09-18 * * * /home/Suresh/bin/check-db-status

 00 – 0th Minute (Top of the hour)

 09-18 – 9 am, 10 am,11 am, 12 am, 1 pm, 2 pm, 3 pm, 4 pm, 5 pm, 6 pm
 * – Every day
 * – Every month
 * – Every day of the week
Cron Job every weekday during working hours
This example checks the status of the database every weekday (i.e excluding Sat and Sun) during
the working hours 9 a.m – 6 p.m.

00 09-18 * * 1-5 /home/Suresh/bin/check-db-status

 00 – 0th Minute (Top of the hour)

 09-18 – 9 am, 10 am,11 am, 12 am, 1 pm, 2 pm, 3 pm, 4 pm, 5 pm, 6 pm
 * – Every day
 * – Every month
 1-5 -Mon, Tue, Wed, Thu and Fri (Every Weekday)

4. How to View Crontab Entries?

View Current Logged-In User’s Crontab entries
To view your crontab entries type crontab -l from your unix account as shown below.

Suresh@dev-db$ crontab -l
@yearly /home/Suresh/annual-maintenance
*/10 * * * * /home/Suresh/check-disk-space
[Note: This displays crontab of the current logged in user]

View Root Crontab entries

Login as root user (su – root) and do crontab -l as shown below.

root@dev-db# crontab -l

no crontab for root

Crontab HowTo: View Other Linux User’s Crontabs entries

To view crontab entries of other Linux users, login to root and use -u {username} -l as shown
below.

root@dev-db# crontab -u sathiya -l

@monthly /home/sathiya/monthly-backup
00 09-18 * * * /home/sathiya/check-db-status

5. How to Edit Crontab Entries?

Edit Current Logged-In User’s Crontab entries
To edit a crontab entries, use crontab -e as shown below. By default this will edit the current
logged-in users crontab.

Suresh@dev-db$ crontab -e
@yearly /home/Suresh/centos/bin/annual-maintenance
*/10 * * * * /home/Suresh/debian/bin/check-disk-space
~
"/tmp/crontab.XXXXyjWkHw" 2L, 83C

[Note: This will open the crontab file in Vim editor for editing.
Please note cron created a temporary /tmp/crontab.XX... ]

When you save the above temporary file with :wq, it will save the crontab and display the
following message indicating the crontab is successfully modified.

"crontab.XXXXyjWkHw" 2L, 83C written

crontab: installing new crontab

Edit Root Crontab entries
Login as root user (su – root) and do crontab -e as shown below.

root@dev-db# crontab -e

Edit Other Linux User’s Crontab File entries

To edit crontab entries of other Linux users, login to root and use -u {username} -e as shown
below.

root@dev-db# crontab -u sathiya -e

@monthly /home/sathiya/fedora/bin/monthly-backup
00 09-18 * * * /home/sathiya/ubuntu/bin/check-db-status
~
~
~
"/tmp/crontab.XXXXyjWkHw" 2L, 83C

6. Schedule a Job for Every Minute Using Cron.

Ideally you may not have a requirement to schedule a job every minute. But understanding this
example will will help you understand the other examples mentioned below in this article.

* * * * * CMD

The * means all the possible unit — i.e every minute of every hour through out the year. More
than using this * directly, you will find it very useful in the following cases.

 When you specify */5 in minute field means every 5 minutes.

 When you specify 0-10/2 in minute field mean every 2 minutes in the first 10 minute.
 Thus the above convention can be used for all the other 4 fields.

7. Schedule a Background Cron Job For Every 10 Minutes.

Use the following, if you want to check the disk space every 10 minutes.

*/10 * * * * /home/Suresh/check-disk-space

It executes the specified command check-disk-space every 10 minutes through out the year. But
you may have a requirement of executing the command only during office hours or vice versa.
The above examples shows how to do those things.
Instead of specifying values in the 5 fields, we can specify it using a single keyword as mentioned
below.

There are special cases in which instead of the above 5 fields you can use @ followed by a
keyword — such as reboot, midnight, yearly, hourly.
Table: Cron special
keywords and its meaning
Keyword Equivalent
@yearly 0011*
@daily 00***
@hourly 0****
@reboot Run at startup.

8. Schedule a Job For First Minute of Every Year using @yearly

If you want a job to be executed on the first minute of every year, then you can use
the @yearly cron keyword as shown below.

This will execute the system annual maintenance using annual-maintenance shell script at
00:00 on Jan 1st for every year.

@yearly /home/Suresh/red-hat/bin/annual-maintenance

9. Schedule a Cron Job Beginning of Every Month using @monthly

It is as similar as the @yearly as above. But executes the command monthly once
using @monthly cron keyword.

This will execute the shell script tape-backup at 00:00 on 1st of every month.

@monthly /home/Suresh/suse/bin/tape-backup

10. Schedule a Background Job Every Day using @daily

Using the @daily cron keyword, this will do a daily log file cleanup using cleanup-logs shell
scriptat 00:00 on every day.

@daily /home/Suresh/arch-linux/bin/cleanup-logs "day started"

11. How to Execute a Linux Command After Every Reboot using @reboot?
Using the @reboot cron keyword, this will execute the specified command once after the
machine got booted every time.

@reboot CMD
12. How to Disable/Redirect the Crontab Mail Output using MAIL keyword?
By default crontab sends the job output to the user who scheduled the job. If you want to
redirect the output to a specific user, add or update the MAIL variable in the crontab as shown
below.

Suresh@dev-db$ crontab -l

MAIL="Suresh"

@yearly /home/Suresh/annual-maintenance

*/10 * * * * /home/Suresh/check-disk-space

[Note: Crontab of the current logged in user with MAIL variable]

If you wanted the mail not to be sent to anywhere, i.e to stop the crontab output to be emailed,
add or update the MAIL variable in the crontab as shown below.

MAIL=""

13. How to Execute a Linux Cron Jobs Every Second Using Crontab.
You cannot schedule a every-second cronjob. Because in cron the minimum unit you can specify
is minute. In a typical scenario, there is no reason for most of us to run any job every second in
the system.

14. Specify PATH Variable in the Crontab

All the above examples we specified absolute path of the Linux command or the shell-script that
needs to be executed.

For example, instead of specifying /home/Suresh/tape-backup, if you want to just specify tape-
backup, then add the path /home/Suresh to the PATH variable in the crontab as shown below.

Suresh@dev-db$ crontab -l
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/home/Suresh

@yearly annual-maintenance

*/10 * * * * check-disk-space

[Note: Crontab of the current logged in user with PATH variable]

15. Installing Crontab From a Cron File

Instead of directly editing the crontab file, you can also add all the entries to a cron-file first.
Once you have all thoese entries in the file, you can upload or install them to the cron as shown
below.

Suresh@dev-db$ crontab -l

no crontab for Suresh

$ cat cron-file.txt

@yearly /home/Suresh/annual-maintenance

*/10 * * * * /home/Suresh/check-disk-space

Suresh@dev-db$ crontab cron-file.txt

Suresh@dev-db$ crontab -l
@yearly /home/Suresh/annual-maintenance
*/10 * * * * /home/Suresh/check-disk-space

Note: This will install the cron-file.txt to your crontab, which will also remove your old cron
entries. So, please be careful while uploading cron entries from a cron-file.txt.
To use cron tab there are two important commands:

crontab -e edit your crontab entries

crontab -l print the entries from crontab

Here is an example of a very easy to reference header for your crontab. You have
the descriptions for every time slot and what every slot will accept. This example
also specifies the shell and the path making sure the binaries you run can be found.
The last line is an example of running "newsyslog" Sunday at midnight. You are
welcome to cut/paste this block to the top of your cron tab.

SHELL=/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#
#minute (0-59)
#| hour (0-23)
#| | day of the month (1-31)
#| | | month of the year (1-12 or Jan-Dec)
#| | | | day of the week (0-6 with 0=Sun or Sun-Sat)
#| | | | | commands
#| | | | | |
#### rotate logs weekly (Sunday at midnight)
00 0 * * 0 /usr/bin/newsyslog

Lets take a look at some examples in order of simple to alittle more complex.
Notice all of the binaries are using their absolute paths. Cron uses its own PATH
variable and it is a safe practice to always use absolute paths in your crontab. This
is to avoid confusion.

Rotate logs weekly at 12midnight. (just like the example above)

00 0 * * 0 /usr/bin/newsyslog
Rotate logs weekly at 12midnight. (instead of 0 for the day of the week we can use
Sun for Sunday)

00 0 * * Sun /usr/bin/newsyslog

Mail a report to root everyday at 11:59pm (23:59).

59 23 * * * /usr/local/bin/pflogsumm -d today
/var/log/maillog | mail -s "mail report" root

Run the backup scripts at 5am on the 3rd (Wed) and 5th (Fri) day of the week.
Send any errors to /dev/null

00 5 * * 3,5 /tools/BACKUP_script.sh >> /dev/null 2>&1

Compress backup files at 6am on the 1st and 15th of the month.

00 6 1,15 * * /tools/BACKUP_compress.sh

Refresh the Squid ad blocker server list every 3 days at 12:05am.

05 0 * * */3 /tools/ad_servers_newlist.sh

Clear the blocked hosts list at 3:23pm (15:23) every Monday only on even
numbered months.

23 15 * */2 1 /tools/clear_blocked_hosts.sh

Run a script at 8:45pm (20:45) on 2nd and the 16th only in the months of January
and April.

45 20 2,16 1,4 * /tools/a_script.sh

Run a script every day at 8:45pm (20:45) and add a random sleep time between 0
and 300 seconds.

45 20 * * * sleep $(($RANDOM \% 300)); /tools/a_script.sh

Run the script at 23:59 (11:59pm) on the last day of the month.

59 23 28-31 * * [ $(date -d +1day +%d) -eq 1 ] &&

/tools/a_script.sh
REMEMBER: On Linux systems you need to run the daemon "atd" for the "at" jobs
to run and "crond" for the "cron" jobs to run. On OpenBSD or FreeBSD machines
the "crond" daemon will handle both "cron" and "at" jobs. If you entered jobs into
their tabs and they do not run, make sure the daemons are started. Also check that
the daemons are started at boot.
At "how to"

To use "at" you need to know the structure and how to complete the command.

at 5am Oct 20 at "time am/pm" "month" "day"

atq lists the user's pending jobs
atrm deletes jobs, identified by their job number
Ctrl-d once done editing use Ctrl-d to close the "at" entry
shell

To run jobs only once it is easier to use "at" than to setup and cron job and then go
back and remove it once the job has ran. Remember you need to have the "atd"
daemon running on Linux systems to run "at" jobs. On OpenBSD or FreeBSD
system the "crond" daemon will handle "cron" and "at" jobs.

To run an "at" job you need to fist tell "at" what time to run the job. Remember to
use absolute paths to avoid confusion. Once to execute att with the time and date
you will be put into an "at" shell. This is where you will enter the commands you
want to execute, one command per line to make it simple.

In this example we will be executing a set of commands at 5am on January 23rd.

The backup script will run and then we will send out mail to root. To close the "at"
shell and save the job you must type Ctrl-d (the control key with the lowercase d).

user@machine:~$ at 5am Jan 23

at> /tools/run_backups.sh
at> echo "job done" | mail -s "backup job finished" root
at> Ctrl-d
job 1 at 2008-01-23 05:00

Once you have completed entering your commands and type Ctrl-d "at" will
respond with the job number and a verification printout of when the job is going to
run. If you made a mistake and ran the job at the wrong time you can usr "atrm" to
remove the job and re-enter your job with the current time.

NETWORKING

Linux Network Configuration and Troubleshooting Commands

Computer loaded with Linux Operating System can also be a part of network whether it is small
or large network by its multitasking and multiuser natures.
Maintaining of system and network up and running is a task of System / Network Administrator’s
job.
In this article we are going to review frequently used network configuration and troubleshoot
commands in Linux.

Linux Network Configuration Commands

Linux Network Configuration and Troubleshooting Commands

1. ifconfig
ifconfig (interface configurator) command is use to initialize an interface, assign IP Address to
interface and enable or disable interface on demand.
With this command you can view IP Address and Hardware / MAC address assign to interface
and also MTU (Maximum transmission unit) size.

# ifconfig

eth0 Link encap:Ethernet HWaddr 00:0C:29:28:FD:4C

inet addr:192.168.50.2 Bcast:192.168.50.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe28:fd4c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6093 errors:0 dropped:0 overruns:0 frame:0
TX packets:4824 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6125302 (5.8 MiB) TX bytes:536966 (524.3 KiB)
Interrupt:18 Base address:0x2000

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 b) TX bytes:480 (480.0 b)
ifconfig with interface (eth0) command only shows specific interface details like IP Address,
MAC Address etc.
with -a options will display all available interface details if it is disable also.

# ifconfig eth0

eth0 Link encap:Ethernet HWaddr 00:0C:29:28:FD:4C

inet addr:192.168.50.2 Bcast:192.168.50.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe28:fd4c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6119 errors:0 dropped:0 overruns:0 frame:0
TX packets:4841 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6127464 (5.8 MiB) TX bytes:539648 (527.0 KiB)
 Interrupt:18 Base address:0x2000
Assigning IP Address and Gateway

Assigning an IP Address and Gateway to interface on the fly. The setting will be removed in
case of system reboot.

# ifconfig eth0 192.168.50.5 netmask 255.255.255.0

Enable or Disable Specific Interface

To enable or disable specific Interface, we use example command as follows.

Enable eth0

# ifup eth0
Disable eth0

# ifdown eth0
Setting MTU Size

By default MTU size is 1500. We can set required MTU size with below command. Replace
XXXX with size.

# ifconfig eth0 mtu XXXX

Set Interface in Promiscuous mode

Network interface only received packets belongs to that particular NIC.

If you put interface in promiscuous mode it will received all the packets.
This is very useful to capture packets and analyze later. For this you may require superuser
access.

# ifconfig eth0 - promisc

2. PING Command
PING (Packet INternet Groper) command is the best way to test connectivity between two
nodes.
Whether it is Local Area Network (LAN) or Wide Area Network (WAN).
Ping use ICMP (Internet Control Message Protocol) to communicate to other devices.
You can ping host name of ip address using below command.

# ping 4.2.2.2

PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.

64 bytes from 4.2.2.2: icmp_seq=1 ttl=44 time=203 ms
64 bytes from 4.2.2.2: icmp_seq=2 ttl=44 time=201 ms
64 bytes from 4.2.2.2: icmp_seq=3 ttl=44 time=201 ms

OR

# ping www.suresh.com
PING suresh.com (50.116.66.136) 56(84) bytes of data.
64 bytes from 50.116.66.136: icmp_seq=1 ttl=47 time=284 ms
64 bytes from 50.116.66.136: icmp_seq=2 ttl=47 time=287 ms
64 bytes from 50.116.66.136: icmp_seq=3 ttl=47 time=285 ms
In Linux ping command keep executing until you interrupt. Ping with -c option exit after N
number of request (success or error respond).

# ping -c 5 www.suresh.com

PING suresh.com (50.116.66.136) 56(84) bytes of data.

64 bytes from 50.116.66.136: icmp_seq=1 ttl=47 time=285 ms
64 bytes from 50.116.66.136: icmp_seq=2 ttl=47 time=285 ms
64 bytes from 50.116.66.136: icmp_seq=3 ttl=47 time=285 ms
64 bytes from 50.116.66.136: icmp_seq=4 ttl=47 time=285 ms
64 bytes from 50.116.66.136: icmp_seq=5 ttl=47 time=285 ms

--- suresh.com ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4295ms
rtt min/avg/max/mdev = 285.062/285.324/285.406/0.599 ms
3. TRACEROUTE Command
traceroute is a network troubleshooting utility which shows number of hops taken to reach
destination also determine packets traveling path.
Below we are tracing route to global DNS server IP Address and able to reach destination also
shows path of that packet is traveling.

# traceroute 4.2.2.2

traceroute to 4.2.2.2 (4.2.2.2), 30 hops max, 60 byte packets

1 192.168.50.1 (192.168.50.1) 0.217 ms 0.624 ms 0.133 ms
2 227.18.106.27.mysipl.com (27.106.18.227) 2.343 ms 1.910 ms 1.799 ms
3 221-231-119-111.mysipl.com (111.119.231.221) 4.334 ms 4.001 ms 5.619 ms
4 10.0.0.5 (10.0.0.5) 5.386 ms 6.490 ms 6.224 ms
5 gi0-0-0.dgw1.bom2.pacific.net.in (203.123.129.25) 7.798 ms 7.614 ms 7.378 ms
6 115.113.165.49.static-mumbai.vsnl.net.in (115.113.165.49) 10.852 ms 5.389 ms 4.322 ms
7 ix-0-100.tcore1.MLV-Mumbai.as6453.net (180.87.38.5) 5.836 ms 5.590 ms 5.503 ms
8 if-9-5.tcore1.WYN-Marseille.as6453.net (80.231.217.17) 216.909 ms 198.864 ms 201.737
ms
9 if-2-2.tcore2.WYN-Marseille.as6453.net (80.231.217.2) 203.305 ms 203.141 ms 202.888
ms
10 if-5-2.tcore1.WV6-Madrid.as6453.net (80.231.200.6) 200.552 ms 202.463 ms 202.222 ms
11 if-8-2.tcore2.SV8-Highbridge.as6453.net (80.231.91.26) 205.446 ms 215.885 ms 202.867
ms
12 if-2-2.tcore1.SV8-Highbridge.as6453.net (80.231.139.2) 202.675 ms 201.540 ms 203.972
ms
13 if-6-2.tcore1.NJY-Newark.as6453.net (80.231.138.18) 203.732 ms 203.496 ms 202.951
ms
14 if-2-2.tcore2.NJY-Newark.as6453.net (66.198.70.2) 203.858 ms 203.373 ms 203.208 ms
15 66.198.111.26 (66.198.111.26) 201.093 ms 63.243.128.25 (63.243.128.25) 206.597 ms
66.198.111.26 (66.198.111.26) 204.178 ms
16 ae9.edge1.NewYork.Level3.net (4.68.62.185) 205.960 ms 205.740 ms 205.487 ms
17 vlan51.ebr1.NewYork2.Level3.net (4.69.138.222) 203.867 ms
vlan52.ebr2.NewYork2.Level3.net (4.69.138.254) 202.850 ms
vlan51.ebr1.NewYork2.Level3.net (4.69.138.222) 202.351 ms
18 ae-6-6.ebr2.NewYork1.Level3.net (4.69.141.21) 201.771 ms 201.185 ms 201.120 ms
19 ae-81-81.csw3.NewYork1.Level3.net (4.69.134.74) 202.407 ms 201.479 ms ae-92-
92.csw4.NewYork1.Level3.net (4.69.148.46) 208.145 ms
20 ae-2-70.edge2.NewYork1.Level3.net (4.69.155.80) 200.572 ms ae-4-
90.edge2.NewYork1.Level3.net (4.69.155.208) 200.402 ms ae-1-
60.edge2.NewYork1.Level3.net (4.69.155.16) 203.573 ms
21 b.resolvers.Level3.net (4.2.2.2) 199.725 ms 199.190 ms 202.488 ms
4. NETSTAT Command
Netstat (Network Statistic) command display connection info, routing table information etc. To
displays routing table information use option as -r.

# netstat -r

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.50.0 * 255.255.255.0 U 00 0 eth0
link-local * 255.255.0.0 U 00 0 eth0
default 192.168.50.1 0.0.0.0 UG 00 0 eth0
For more examples of Netstat Command, please read our earlier article on 20 Netstat
Command Examples in Linux.

5. DIG Command
Dig (domain information groper) query DNS related information like A Record, CNAME, MX
Record etc. This command mainly use to troubleshoot DNS related query.

# dig www.suresh.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> www.suresh.com

;; global options: +cmd
;; Got answer:
;; ->>HEADER<
For more examples of Dig Command, please read the article on 10 Linux Dig Commands to
Query DNS.

6. NSLOOKUP Command
nslookup command also use to find out DNS related query. The following examples shows A
Record (IP Address) of suresh.com.

# nslookup www.suresh.com
Server: 4.2.2.2
Address: 4.2.2.2#53

Non-authoritative answer:
www.suresh.com canonical name = suresh.com.
Name: suresh.com
Address: 50.116.66.136
For more NSLOOKUP Command, read the article on 8 Linux Nslookup Command Examples.

7. ROUTE Command
route command also shows and manipulate ip routing table. To see default routing table in
Linux, type the following command.

# route

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.50.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
default 192.168.50.1 0.0.0.0 UG 0 0 0 eth0
Adding, deleting routes and default Gateway with following commands.

Route Adding

# route add -net 10.10.10.0/24 gw 192.168.0.1

Route Deleting

# route del -net 10.10.10.0/24 gw 192.168.0.1

Adding default Gateway

# route add default gw 192.168.0.1

8. HOST Command
host command to find name to IP or IP to name in IPv4 or IPv6 and also query DNS records.

# host www.google.com

www.google.com has address 173.194.38.180

www.google.com has address 173.194.38.176
www.google.com has address 173.194.38.177
www.google.com has address 173.194.38.178
www.google.com has address 173.194.38.179
www.google.com has IPv6 address 2404:6800:4003:802::1014
Using -t option we can find out DNS Resource Records like CNAME, NS, MX, SOA etc.

# host -t CNAME www.redhat.com

www.redhat.com is an alias for wildcard.redhat.com.edgekey.net.

9. ARP Command
ARP (Address Resolution Protocol) is useful to view / add the contents of the kernel’s ARP
tables. To see default table use the command as.

# arp -e

Address HWtype HWaddress Flags Mask Iface

192.168.50.1 ether 00:50:56:c0:00:08 C eth0
10. ETHTOOL Command
ethtool is a replacement of mii-tool. It is to view, setting speed and duplex of your Network
Interface Card (NIC).
You can set duplex permanently in /etc/sysconfig/network-scripts/ifcfg-eth0 with
ETHTOOL_OPTS variable.
# ethtool eth0

Settings for eth0:

Current message level: 0x00000007 (7)
Link detected: yes
11. IWCONFIG Command
iwconfig command in Linux is use to configure a wireless network interface. You can see and
set the basic Wi-Fi details like SSID channel and encryption.
You can refer man page of iwconfig to know more.

# iwconfig [interface]
12. HOSTNAME Command
hostname is to identify in a network. Execute hostname command to see the hostname of your
box.
You can set hostname permanently in /etc/sysconfig/network. Need to reboot box once set a
proper hostname.

# hostname

suresh.com
13. GUI tool system-config-network
Type system-config-network in command prompt to configure network setting and
you will get nice Graphical User Interface (GUI) which may also use to configure IP Address,
Gateway, DNS etc. as shown below image.

# system-config-network
Linux GUI Network Configuration
Linux GUI Network Configuration Tool
This article can be useful for day to day use of Linux Network administrator in Linux / Unix-like
operating system.

Booting Procedure

6 Stages of Linux Boot Process (Startup Sequence)

Press the power button on your system, and after few moments you see the Linux login prompt.

Have you ever wondered what happens behind the scenes from the time you press the power
button until the Linux login prompt appears?
The following are the 6 high level stages of a typical Linux boot process.

1. BIOS

 BIOS stands for Basic Input/Output System

 Performs some system integrity checks
 Searches, loads, and executes the boot loader program.
 It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically F12 of
F2, but it depends on your system) during the BIOS startup to change the boot sequence.
 Once the boot loader program is detected and loaded into the memory, BIOS gives the
control to it.
 So, in simple terms BIOS loads and executes the MBR boot loader.

2. MBR

 MBR stands for Master Boot Record.

 It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda
 MBR is less than 512 bytes in size. This has three components 1) primary boot loader info in
1st 446 bytes 2) partition table info in next 64 bytes 3) mbr validation check in last 2 bytes.
 It contains information about GRUB (or LILO in old systems).
 So, in simple terms MBR loads and executes the GRUB boot loader.

3. GRUB

 GRUB stands for Grand Unified Bootloader.

 If you have multiple kernel images installed on your system, you can choose which one to be
executed.
 GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads
the default kernel image as specified in the grub configuration file.
 GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand
filesystem).
 Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this). The
following is sample grub.conf of CentOS.

#boot=/dev/sda

default=0

timeout=5

splashimage=(hd0,0)/boot/grub/splash.xpm.gz

hiddenmenu

title CentOS (2.6.18-194.el5PAE)

root (hd0,0)

kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/

initrd /boot/initrd-2.6.18-194.el5PAE.img

 As you notice from the above info, it contains kernel and initrd image.
 So, in simple terms GRUB just loads and executes Kernel and initrd images.

4. Kernel

 Mounts the root file system as specified in the “root=” in grub.conf

 Kernel executes the /sbin/init program
 Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of
1. Do a ‘ps -ef | grep init’ and check the pid.
 initrd stands for Initial RAM Disk.
 initrd is used by kernel as temporary root file system until kernel is booted and the real root
file system is mounted. It also contains necessary drivers compiled inside, which helps it to
access the hard drive partitions, and other hardware.

5. Init

 Looks at the /etc/inittab file to decide the Linux run level.

 Following are the available run levels
 0 – halt
 1 – Single user mode
 2 – Multiuser, without NFS
 3 – Full multiuser mode
 4 – unused
 5 – X11
 6 – reboot
 Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate
program.
 Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
 If you want to get into trouble, you can set the default run level to 0 or 6. Since you know
what 0 and 6 means, probably you might not do that.
 Typically you would set the default run level to either 3 or 5.

6. Runlevel programs
 When the Linux system is booting up, you might see various services getting started. For
example, it might say “starting sendmail …. OK”. Those are the runlevel programs, executed
from the run level directory as defined by your run level.
 Depending on your default init level setting, the system will execute the programs from one
of the following directories.
 Run level 0 – /etc/rc.d/rc0.d/
 Run level 1 – /etc/rc.d/rc1.d/
 Run level 2 – /etc/rc.d/rc2.d/
 Run level 3 – /etc/rc.d/rc3.d/
 Run level 4 – /etc/rc.d/rc4.d/
 Run level 5 – /etc/rc.d/rc5.d/
 Run level 6 – /etc/rc.d/rc6.d/
 Please note that there are also symbolic links available for these directory under /etc
directly. So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.
 Under the /etc/rc.d/rc*.d/ directories, you would see programs that start with S and K.
 Programs starts with S are used during startup. S for startup.
 Programs starts with K are used during shutdown. K for kill.
 There are numbers right next to S and K in the program names. Those are the sequence
number in which the programs should be started or killed.
 For example, S12syslog is to start the syslog deamon, which has the sequence number of 12.
S80sendmail is to start the sendmail daemon, which has the sequence number of 80. So,
syslog program will be started before sendmail.
There you have it. That is what happens during the Linux boot process.

LogRotate

1St Method:
vi /etc/logrotate.conf

/usr/local/tomcat/logs/*.log{

daily

dateext

maxage 90

missingok

2nd Method:

vi /etc/logrotate.conf

/usr/local/tomcat/logs/*.log {

missingok

nomail

postrotate

/usr/bin/find /usr/local/tomcat/logs/ -name "*.log" -type f -mtime +90 -exec rm {} \;

endscript

RAID 0

RAID is Redundant Array of Inexpensive disks, used for high availability and
reliability in large scale environments, where data need to be protected than
normal use. Raid is just a collection of disks in a pool to become a logical
volume and contains an array. A combine drivers makes an array or called as
set of (group).
RAID can be created, if there are minimum 2 number of disk connected to a
raid controller and make a logical volume or more drives can be added in an
array according to defined RAID Levels. Software Raid are available without
using Physical hardware those are called as software raid. Software Raid will
be named as Poor man raid.

Setup RAID0 in Linux

Main concept of using RAID is to save data from Single point of failure, means
if we using a single disk to store the data and if it’s failed, then there is no
chance of getting our data back, to stop the data loss we need a fault
tolerance method. So, that we can use some collection of disk to form a RAID
set.
What is Stripe in RAID 0?
Stripe is striping data across multiple disk at the same time by dividing the
contents. Assume we have two disks and if we save content to logical volume
it will be saved under both two physical disks by dividing the content. For
better performance RAID 0 will be used, but we can’t get the data if one of the
drive fails. So, it isn’t a good practice to use RAID 0. The only solution is to
install operating system with RAID0 applied logical volumes to safe your
important files.
 RAID 0 has High Performance.
 Zero Capacity Loss in RAID 0. No Space will be wasted.
 Zero Fault Tolerance ( Can’t get back the data if any one of disk fails).
 Write and Reading will be Excellent.
Requirements
Minimum number of disks are allowed to create RAID 0 is 2, but you can add
more disk but the order should be twice as 2, 4, 6, 8. If you have a Physical
RAID card with enough ports, you can add more disks.
Here we are not using a Hardware raid, this setup depends only on Software
RAID. If we have a physical hardware raid card we can access it from it’s
utility UI. Some motherboard by default in-build with RAID feature,
there UI can be accessed using Ctrl+I keys.
If you’re new to RAID setups, please read our earlier article, where we’ve
covered some basic introduction of about RAID.

 Introduction to RAID and RAID Concepts

My Server Setup

Operating System : CentOS 6.5 Final

IP Address : 192.168.0.225
Two Disks : 20 GB each

This article is Part 2 of a 9-tutorial RAID series, here in this part, we are going
to see how we can create and setup Software RAID0 or striping in Linux
systems or servers using two 20GB disks named sdb and sdc.
Step 1: Updating System and Installing mdadm
for Managing RAID
1. Before setting up RAID0 in Linux, let’s do a system update and then install
‘mdadm‘ package. The mdadm is a small program, which will allow us to
configure and manage RAID devices in Linux.

# yum clean all && yum update

# yum install mdadm -y

Install mdadm Tool

Step 2: Verify Attached Two 20GB Drives

2. Before creating RAID 0, make sure to verify that the attached two hard
drives are detected or not, using the following command.
# ls -l /dev | grep sd

Check Hard Drives

3. Once the new hard drives detected, it’s time to check whether the attached
drives are already using any existing raid with the help of following ‘mdadm’
command.

# mdadm --examine /dev/sd[b-c]

Check RAID Devices

In the above output, we come to know that none of the RAID have been
applied to these two sdb and sdc drives.
Step 3: Creating Partitions for RAID
4. Now create sdb and sdc partitions for raid, with the help of following fdisk
command. Here, I will show how to create partition on sdb drive.
# fdisk /dev/sdb

Follow below instructions for creating partitions.

 Press ‘n‘ for creating new partition.

 Then choose ‘P‘ for Primary partition.
 Next select the partition number as 1.
 Give the default value by just pressing two times Enter key.
 Next press ‘P‘ to print the defined partition.

Create Partitions

Follow below instructions for creating Linux raid auto on partitions.

 Press ‘L‘ to list all available types.

 Type ‘t‘to choose the partitions.
 Choose ‘fd‘ for Linux raid auto and press Enter to apply.
 Then again use ‘P‘ to print the changes what we have made.
 Use ‘w‘ to write the changes.

Create RAID Partitions in Linux

Note: Please follow same above instructions to create partition on sdc drive
now.
5. After creating partitions, verify both the drivers are correctly defined for
RAID using following command.

# mdadm --examine /dev/sd[b-c]

# mdadm --examine /dev/sd[b-c]1

 Verify RAID Partitions

Step 4: Creating RAID md Devices

6. Now create md device (i.e. /dev/md0) and apply raid level using below
command.

# mdadm -C /dev/md0 -l raid0 -n 2 /dev/sd[b-c]1

# mdadm --create /dev/md0 --level=stripe --raid-devices=2 /dev/sd[b-c]1

 -C – create
 -l – level
 -n – No of raid-devices
7. Once md device has been created, now verify the status of RAID
Level, Devices and Array used, with the help of following series of commands
as shown.

# cat /proc/mdstat
 Verify RAID Level

# mdadm -E /dev/sd[b-c]1
 Verify RAID Device

# mdadm --detail /dev/md0

Verify RAID Array

Step 5: Assiging RAID Devices to Filesystem

8. Create a ext4 filesystem for a RAID device /dev/md0 and mount it
under /dev/raid0.

# mkfs.ext4 /dev/md0
 Create ext4 Filesystem

9. Once ext4 filesystem has been created for Raid device, now create a mount
point directory (i.e. /mnt/raid0) and mount the device /dev/md0 under it.

# mkdir /mnt/raid0

# mount /dev/md0 /mnt/raid0/

10. Next, verify that the device /dev/md0 is mounted

under /mnt/raid0 directory using df command.

# df -h
11. Next, create a file called ‘suresh.txt‘ under the mount point /mnt/raid0,
add some content to the created file and view the content of a file and
directory.

# touch /mnt/raid0/suresh.txt

# echo "Hi everyone how you doing ?" > /mnt/raid0/suresh.txt

# cat /mnt/raid0/suresh.txt

# ls -l /mnt/raid0/

Verify Mount Device

12. Once you’ve verified mount points, it’s time to create an fstab entry
in /etc/fstab file.

# vim /etc/fstab

Add the following entry as described. May vary according to your mount
location and filesystem you using.

/dev/md0 /mnt/raid0 ext4 defaults 0 0

Add Device to Fstab

13. Run mount ‘-a‘ to check if there is any error in fstab entry.

# mount -av
 Check Errors in Fstab

Step 6: Saving RAID Configurations

14. Finally, save the raid configuration to one of the file to keep the
configurations for future use. Again we use ‘mdadm’ command with ‘-s‘ (scan)
and ‘-v‘ (verbose) options as shown.

# mdadm -E -s -v >> /etc/mdadm.conf

# mdadm --detail --scan --verbose >> /etc/mdadm.conf

# cat /etc/mdadm.conf

Save RAID Configurations

That’s it, we have seen here, how to configure RAID0 striping with raid levels
by using two hard disks. In next article, we will see how to setup RAID5.
 RAID 1

RAID Mirroring means an exact clone (or mirror) of the same data writing to
two drives. A minimum two number of disks are more required in an array to
create RAID1 and it’s useful only, when read performance or reliability is more
precise than the data storage capacity.

Setup Raid1 in Linux

Mirrors are created to protect against data loss due to disk failure. Each disk
in a mirror involves an exact copy of the data. When one disk fails, the same
data can be retrieved from other functioning disk. However, the failed drive
can be replaced from the running computer without any user interruption.

Features of RAID 1
 Mirror has Good Performance.
 50% of space will be lost. Means if we have two disk with 500GB size total, it
will be 1TB but in Mirroring it will only show us 500GB.
 No data loss in Mirroring if one disk fails, because we have the same content
in both disks.
 Reading will be good than writing data to drive.
Requirements
Minimum Two number of disks are allowed to create RAID 1, but you can add
more disks by using twice as 2, 4, 6, 8. To add more disks, your system must
have a RAID physical adapter (hardware card).

Here we’re using software raid not a Hardware raid, if your system has an
inbuilt physical hardware raid card you can access it from it’s utility UI or
using Ctrl+I key.
Read Also: Basic Concepts of RAID in Linux
My Server Setup

Operating System : CentOS 6.5 Final

IP Address : 192.168.0.226

Hostname : rd1.sureshlocal.com

Disk 1 [20GB] : /dev/sdb

Disk 2 [20GB] : /dev/sdc

This article will guide you through a step-by-step instructions on how to setup
a software RAID 1 or Mirror usingmdadm (creates and manages raid) on
Linux Platform. Although the same instructions also works on other Linux
distributions such as RedHat, CentOS, Fedora, etc.
Step 1: Installing Prerequisites and Examine
Drives
1. As I said above, we’re using mdadm utility for creating and managing RAID
in Linux. So, let’s install themdadm software package on Linux using yum or
apt-get package manager tool.

# yum install mdadm [on RedHat systems]

# apt-get install mdadm [on Debain systems]

2. Once ‘mdadm‘ package has been installed, we need to examine our disk
drives whether there is already any raid configured using the following
command.

# mdadm -E /dev/sd[b-c]

Check RAID on Disks

As you see from the above screen, that there is no any super-block detected
yet, means no RAID defined.
Step 2: Drive Partitioning for RAID
3. As I mentioned above, that we’re using minimum two
partitions /dev/sdb and /dev/sdc for creating RAID1. Let’s create partitions on
these two drives using ‘fdisk‘ command and change the type to raid during
partition creation.

# fdisk /dev/sdb

Follow the below instructions

 Press ‘n‘ for creating new partition.

 Then choose ‘P‘ for Primary partition.
 Next select the partition number as 1.
 Give the default full size by just pressing two times Enter key.
 Next press ‘p‘ to print the defined partition.
 Press ‘L‘ to list all available types.
 Type ‘t‘to choose the partitions.
 Choose ‘fd‘ for Linux raid auto and press Enter to apply.
 Then again use ‘p‘ to print the changes what we have made.
 Use ‘w‘ to write the changes.
 Create Disk Partitions

After ‘/dev/sdb‘ partition has been created, next follow the same instructions
to create new partition on/dev/sdc drive.

# fdisk /dev/sdc
 Create Second Partitions

4. Once both the partitions are created successfully, verify the changes on
both sdb & sdc drive using the same ‘mdadm‘ command and also confirm the
RAID type as shown in the following screen grabs.

# mdadm -E /dev/sd[b-c]
 Verify Partitions Changes

Check RAID Type

Note: As you see in the above picture, there is no any defined RAID on
the sdb1 and sdc1 drives so far, that’s the reason we are getting as no super-
blocks detected.
Step 3: Creating RAID1 Devices
5. Next create RAID1 Device called ‘/dev/md0‘ using the following command
and verity it.

# mdadm --create /dev/md0 --level=mirror --raid-devices=2 /dev/sd[b-c]1

# cat /proc/mdstat
 Create RAID Device

6. Next check the raid devices type and raid array using following commands.

# mdadm -E /dev/sd[b-c]1

# mdadm --detail /dev/md0

Check RAID Device type
 Check RAID Device Array

From the above pictures, one can easily understand that raid1 have been
created and using /dev/sdb1 and/dev/sdc1 partitions and also you can see
the status as resyncing.
Step 4: Creating File System on RAID Device
7. Create file system using ext4 for md0 and mount under /mnt/raid1.

# mkfs.ext4 /dev/md0
 Create RAID Device Filesystem

8. Next, mount the newly created filesystem under ‘/mnt/raid1‘ and create
some files and verify the contents under mount point.

# mkdir /mnt/raid1

# mount /dev/md0 /mnt/raid1/

# touch /mnt/raid1/suresh.txt

# echo "suresh raid setups" > /mnt/raid1/suresh.txt

 Mount Raid Device

9. To auto-mount RAID1 on system reboot, you need to make an entry in fstab

file. Open ‘/etc/fstab‘ file and add the following line at the bottom of the file.

/dev/md0 /mnt/raid1 ext4 defaults 0 0

 Raid Automount Device

10. Run ‘mount -a‘ to check whether there are any errors in fstab entry.

# mount -av

Check Errors in fstab

11. Next, save the raid configuration manually to ‘mdadm.conf‘ file using the
below command.

# mdadm --detail --scan --verbose >> /etc/mdadm.conf

 Save Raid Configuration

The above configuration file is read by the system at the reboots and load the
RAID devices.

Step 5: Verify Data After Disk Failure

12. Our main purpose is, even after any of hard disk fail or crash our data
needs to be available. Let’s see what will happen when any of disk disk is
unavailable in array.

# mdadm --detail /dev/md0

 Raid Device Verify

In the above image, we can see there are 2 devices available in our RAID and
Active Devices are 2. Now let us see what will happen when a disk plugged
out (removed sdc disk) or fails.

# ls -l /dev | grep sd

# mdadm --detail /dev/md0

 Test RAID Devices

Now in the above image, you can see that one of our drive is lost. I unplugged
one of the drive from my Virtual machine. Now let us check our precious data.

# cd /mnt/raid1/

# cat suresh.txt
 Verify RAID Data

Did you see our data is still available. From this we come to know the
advantage of RAID 1 (mirror). In next article, we will see how to setup a RAID
5 striping with distributed Parity. Hope this helps you to understand how the
RAID 1 (Mirror) Works.

RAID 5

In RAID 5, data strips across multiple drives with distributed parity. The
striping with distributed parity means it will split the parity information and
stripe data over the multiple disks, which will have good data redundancy.
 Setup Raid 5 in Linux

For RAID Level it should have at least three hard drives or more. RAID 5 are
being used in the large scale production environment where it’s cost effective
and provide performance as well as redundancy.

What is Parity?
Parity is a simplest common method of detecting errors in data storage. Parity
stores information in each disks, Let’s say we have 4 disks, in 4 disks one disk
space will be split to all disks to store the parity information’s. If any one of the
disks fails still we can get the data by rebuilding from parity information after
replacing the failed disk.
Pros and Cons of RAID 5
 Gives better performance
 Support Redundancy and Fault tolerance.
 Support hot spare options.
 Will loose a single disk capacity for using parity information.
 No data loss if a single disk fails. We can rebuilt from parity after replacing
the failed disk.
 Suits for transaction oriented environment as the reading will be faster.
 Due to parity overhead, writing will be slow.
 Rebuild takes long time.
Requirements
Minimum 3 hard drives are required to create Raid 5, but you can add more
disks, only if you’ve a dedicated hardware raid controller with multi ports.
Here, we are using software RAID and ‘mdadm‘ package to create raid.
mdadm is a package which allow us to configure and manage RAID devices in
Linux. By default there is no configuration file is available for RAID, we must
save the configuration file after creating and configuring RAID setup in
separate file called mdadm.conf.
Before moving further, I suggest you to go through the following articles for
understanding the basics of RAID in Linux.

 Basic Concepts of RAID in Linux – Part 1

 Creating RAID 0 (Stripe) in Linux – Part 2
 Setting up RAID 1 (Mirroring) in Linux – Part 3
My Server Setup

Operating System : CentOS 6.5 Final

IP Address : 192.168.0.227

Hostname : rd5.sureshlocal.com

Disk 1 [20GB] : /dev/sdb

Disk 2 [20GB] : /dev/sdc

Disk 3 [20GB] : /dev/sdd

This article is a Part 4 of a 9-tutorial RAID series, here we are going to setup a
software RAID 5 with distributed parity in Linux systems or servers using three
20GB disks named /dev/sdb, /dev/sdc and /dev/sdd.
Step 1: Installing mdadm and Verify Drives
1. As we said earlier, that we’re using CentOS 6.5 Final release for this raid
setup, but same steps can be followed for RAID setup in any Linux based
distributions.

# lsb_release -a

# ifconfig | grep inet

CentOS 6.5 Summary

2. If you’re following our raid series, we assume that you’ve already installed
‘mdadm‘ package, if not, use the following command according to your Linux
distribution to install the package.

# yum install mdadm [on RedHat systems]

# apt-get install mdadm [on Debain systems]

3. After the ‘mdadm‘ package installation, let’s list the three 20GB disks which
we have added in our system using ‘fdisk‘ command.

# fdisk -l | grep sd

Install mdadm Tool

4. Now it’s time to examine the attached three drives for any existing RAID
blocks on these drives using following command.
# mdadm -E /dev/sd[b-d]

# mdadm --examine /dev/sdb /dev/sdc /dev/sdd

Examine Drives For Raid

Note: From the above image illustrated that there is no any super-block
detected yet. So, there is no RAID defined in all three drives. Let us start to
create one now.
Step 2: Partitioning the Disks for RAID
5. First and foremost, we have to partition the disks (/dev/sdb, /dev/sdc
and /dev/sdd) before adding to a RAID, So let us define the partition using
‘fdisk’ command, before forwarding to the next steps.

# fdisk /dev/sdb

# fdisk /dev/sdc

# fdisk /dev/sdd

Create /dev/sdb Partition

Please follow the below instructions to create partition on /dev/sdb drive.
 Press ‘n‘ for creating new partition.
 Then choose ‘P‘ for Primary partition. Here we are choosing Primary because
there is no partitions defined yet.
 Then choose ‘1‘ to be the first partition. By default it will be 1.
 Here for cylinder size we don’t have to choose the specified size because we
need the whole partition for RAID so just Press Enter two times to choose the
default full size.
 Next press ‘p‘ to print the created partition.
 Change the Type, If we need to know the every available types Press ‘L‘.
 Here, we are selecting ‘fd‘ as my type is RAID.
 Next press ‘p‘ to print the defined partition.
 Then again use ‘p‘ to print the changes what we have made.
 Use ‘w‘ to write the changes.
 Create sdb Partition

Note: We have to follow the steps mentioned above to create partitions

for sdc & sdd drives too.
Create /dev/sdc Partition

Now partition the sdc and sdd drives by following the steps given in the
screenshot or you can follow above steps.

# fdisk /dev/sdc

Create sdc Partition

Create /dev/sdd Partition

# fdisk /dev/sdd

Create sdd Partition

6. After creating partitions, check for changes in all three drives sdb, sdc, &
sdd.

# mdadm --examine /dev/sdb /dev/sdc /dev/sdd

or
# mdadm -E /dev/sd[b-c]

Check Partition Changes

Note: In the above pic. depict the type is fd i.e. for RAID.
7. Now Check for the RAID blocks in newly created partitions. If no super-
blocks detected, than we can move forward to create a new RAID 5 setup on
these drives.

Check Raid on Partition

Step 3: Creating md device md0

8. Now create a Raid device ‘md0‘ (i.e. /dev/md0) and include raid level on all
newly created partitions (sdb1, sdc1 and sdd1) using below command.

# mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/sdb1 /dev/sdc1

/dev/sdd1
or

# mdadm -C /dev/md0 -l=5 -n=3 /dev/sd[b-d]1

9. After creating raid device, check and verify the RAID, devices included and
RAID Level from the mdstat output.

# cat /proc/mdstat

Verify Raid Device

If you want to monitor the current building process, you can use ‘watch‘
command, just pass through the ‘cat /proc/mdstat‘ with watch command
which will refresh screen every 1 second.

# watch -n1 cat /proc/mdstat

 Monitor Raid 5 Process

Raid 5 Process Summary

10. After creation of raid, Verify the raid devices using the following command.

# mdadm -E /dev/sd[b-d]1
 Verify Raid Level

Note: The Output of the above command will be little long as it prints the
information of all three drives.
11. Next, verify the RAID array to assume that the devices which we’ve
included in the RAID level are running and started to re-sync.

# mdadm --detail /dev/md0

 Verify Raid Array

Step 4: Creating file system for md0

12. Create a file system for ‘md0‘ device using ext4 before mounting.

# mkfs.ext4 /dev/md0
 Create md0 Filesystem

13. Now create a directory under ‘/mnt‘ then mount the created filesystem
under /mnt/raid5 and check the files under mount point, you will
see lost+found directory.

# mkdir /mnt/raid5

# mount /dev/md0 /mnt/raid5/

# ls -l /mnt/raid5/

14. Create few files under mount point /mnt/raid5 and append some text in
any one of the file to verify the content.
# touch /mnt/raid5/raid5_suresh_{1..5}

# ls -l /mnt/raid5/

# echo "suresh raid setups" > /mnt/raid5/raid5_suresh_1

# cat /mnt/raid5/raid5_suresh_1

# cat /proc/mdstat

Mount Raid Device

15. We need to add entry in fstab, else will not display our mount point after
system reboot. To add an entry, we should edit the fstab file and append the
following line as shown below. The mount point will differ according to your
environment.

# vim /etc/fstab

/dev/md0 /mnt/raid5 ext4 defaults 0 0

Raid 5 Automount

16. Next, run ‘mount -av‘ command to check whether any errors in fstab entry.

# mount -av
 Check Fstab Errors

Step 5: Save Raid 5 Configuration

17. As mentioned earlier in requirement section, by default RAID don’t have a
config file. We have to save it manually. If this step is not followed RAID
device will not be in md0, it will be in some other random number.
So, we must have to save the configuration before system reboot. If the
configuration is saved it will be loaded to the kernel during the system reboot
and RAID will also gets loaded.

# mdadm --detail --scan --verbose >> /etc/mdadm.conf

Save Raid 5 Configuration

Note: Saving the configuration will keep the RAID level stable in md0 device.
Step 6: Adding Spare Drives
18. What the use of adding a spare drive? its very useful if we have a spare
drive, if any one of the disk fails in our array, this spare drive will get active
and rebuild the process and sync the data from other disk, so we can see a
redundancy here.
For more instructions on how to add spare drive and check Raid 5 fault
tolerance, read #Step 6 and #Step 7 in the following article.
 Add Spare Drive to Raid 5 Setup
So let's begin this tutorial by creating partitions (Which will be acting as a physical disk in
software raid level 5)
?

[root@localhost ~]# fdisk /dev/sda

1
2
The number of cylinders for this disk is set to 19457.
3
There is nothing wrong with that, but this is larger than 1024,
4
and could in certain setups cause problems with:
5
1) software that runs at boot time (e.g., old versions of LILO)
6
2) booting and partitioning software from other OSs
7 (e.g., DOS FDISK, OS/2 FDISK)
8

9 Command (m for help): n

10 First cylinder (18934-19457, default 18934):

11 Using default value 18934

12 Last cylinder or +size or +sizeM or +sizeK (18934-19457, default 19457): +100M

13
Command (m for help): n
14
First cylinder (18947-19457, default 18947):
15
Using default value 18947
16
Last cylinder or +size or +sizeM or +sizeK (18947-19457, default 19457): +100M
17

18
Command (m for help): n
19 First cylinder (18960-19457, default 18960):
20 Using default value 18960

21 Last cylinder or +size or +sizeM or +sizeK (18960-19457, default 19457): +100M

22
Command (m for help): w
23
The partition table has been altered!
24

25
Calling ioctl() to re-read partition table.
26

27
WARNING: Re-reading the partition table failed with error 16: Device or resource
28 busy.

29 The kernel still uses the old table.

The new table will be used at the next reboot.

30
Syncing disks.
31
[root@localhost ~]#
32

33

34

Next thing that we need to do after creating the partitions is to inform the linux system that
these partitions will be used for raid. This is acheived by changing the partition types to
RAID.
CHANGE THE TYPE OF PARTITION TO RAID TYPE:
?

1 [root@localhost ~]# fdisk /dev/sda

2

3 The number of cylinders for this disk is set to 19457.

4 There is nothing wrong with that, but this is larger than 1024,

5 and could in certain setups cause problems with:

6 1) software that runs at boot time (e.g., old versions of LILO)

7 2) booting and partitioning software from other OSs

(e.g., DOS FDISK, OS/2 FDISK)

8

9
10 Command (m for help): t

11 Partition number (1-13): 13

Hex code (type L to list codes): fd

12
Changed system type of partition 13 to fd (Linux raid autodetect)
13

14
Command (m for help): t
15
Partition number (1-13): 12
16
Hex code (type L to list codes): fd
17 Changed system type of partition 12 to fd (Linux raid autodetect)
18

19 Command (m for help): t

20 Partition number (1-13): 11

21 Hex code (type L to list codes): fd

22 Changed system type of partition 11 to fd (Linux raid autodetect)

23
Command (m for help): w
24
The partition table has been altered!
25

26
Calling ioctl() to re-read partition table.
27

28
WARNING: Re-reading the partition table failed with error 16: Device or resource
29 busy.

30 The kernel still uses the old table.

The new table will be used at the next reboot.

31
Syncing disks.
32
[root@localhost ~]# partprobe
33

34
CREATE RAID 5 DEVICE:

[root@localhost ~]# mdadm --create /dev/md5 --level=5 --raid-devices=3 /dev/sda11

1
/dev/sda12 /dev/sda13
2 mdadm: array /dev/md5 started.

VIEW RAID DEVICE INFORMATION IN DETAIL:

?

1
[root@localhost ~]# mdadm --detail /dev/md5
2
/dev/md5:
3 Version : 0.90
4 Creation Time : Tue Apr 9 17:22:18 2013

5 Raid Level : raid5

6 Array Size : 208640 (203.78 MiB 213.65 MB)

7 Used Dev Size : 104320 (101.89 MiB 106.82 MB)

Raid Devices : 3
8
Total Devices : 3
9
Preferred Minor : 5
10
Persistence : Superblock is persistent
11

12
Update Time : Tue Apr 9 17:22:31 2013
13 State : clean
14 Active Devices : 3

15 Working Devices : 3

16 Failed Devices : 0

17 Spare Devices : 0

18
Layout : left-symmetric
19
Chunk Size : 64K
20
21

22 UUID : d4e4533d:3b19751a:82304262:55747e53

23 Events : 0.2

24

25 Number Major Minor RaidDevice State

26 0 8 11 0 active sync /dev/sda11

27 1 8 12 1 active sync /dev/sda12

28 2 8 13 2 active sync /dev/sda13

29

1
[root@localhost ~]# cat /proc/mdstat
2 Personalities : [raid0] [raid1] [raid6] [raid5] [raid4]
3 md5 : active raid5 sda13[2] sda12[1] sda11[0]
4 208640 blocks level 5, 64k chunk, algorithm 2 [3/3] [UUU]

6 md1 : active raid1 sda10[2](F) sda9[3](F) sda8[0]

7 104320 blocks [2/1] [U_]

8
md0 : active raid0 sda7[1] sda6[0]
9
208640 blocks 64k chunks
10

format the raid device with ext4 journaling method:

?

1 [root@localhost ~]# mke2fs -j /dev/md5

MOUNT THE RAID FILE SYSTEM:

?

1 [root@localhost ~]# mkdir /raid5

2 [root@localhost ~]# mount /dev/md5 /raid5

PERMANENT MOUNTING:
To make the mounting exist even after reboot make entry in /etc/fstab file.
?

1 /dev/md5 /raid5 ext4 defaults 00

REMOVE A PARTITION /dev/sda13 FROM RAID DEVICE:

?

1 [root@localhost ~]# mdadm /dev/md5 --fail /dev/sda13

2 mdadm: set /dev/sda13 faulty in /dev/md5

1 [root@localhost ~]# mdadm --detail /dev/md5

/dev/md5:
2
Version : 0.90
3
Creation Time : Tue Apr 9 17:22:18 2013
4
Raid Level : raid5
5
Array Size : 208640 (203.78 MiB 213.65 MB)
6 Used Dev Size : 104320 (101.89 MiB 106.82 MB)
7 Raid Devices : 3
8 Total Devices : 3

9 Preferred Minor : 5

10 Persistence : Superblock is persistent

11
Update Time : Wed Apr 10 08:53:03 2013
12
State : clean, degraded
13
Active Devices : 2
14
Working Devices : 2
15
Failed Devices : 1
16 Spare Devices : 0
17

18 Layout : left-symmetric
19 Chunk Size : 64K

20

21 UUID : d4e4533d:3b19751a:82304262:55747e53

Events : 0.4
22

23
Number Major Minor RaidDevice State
24
0 8 11 0 active sync /dev/sda11
25
1 8 12 1 active sync /dev/sda12
26
2 0 0 2 removed
27

28
3 8 13 - faulty spare /dev/sda13
29

30

31

now we can see that /dev/sda13 is now in faulty spare.

HOW TO ADD A PARTITION TO RAID?

?

1 [root@localhost ~]# mdadm /dev/md5 --add /dev/sda14

2 mdadm: added /dev/sda14

Above command will add partition /dev/sda14 to raid5 i.e /dev/raid5.

HOW TO VIEW OR CHECK WHETHER NEW PARTITION WAS ADDED OR

NOT TO RAID?

1 [root@localhost ~]# mdadm --detail /dev/md5

3 Number Major Minor RaidDevice State

4 0 8 11 0 active sync /dev/sda11

5 1 8 12 1 active sync /dev/sda12

6 2 8 14 2 active sync /dev/sda14

8 3 8 13 - faulty spare /dev/sda13

Now you can clearly see that /dev/sda14 is successfully added to raid5 its showing active.
To see what happens with your raid devices in details you can use this command.
?

1
[root@localhost ~]# dmesg | grep -w md
2
md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27
3 md: bitmap version 4.39
4 md: Autodetecting RAID arrays.

5 md: autorun ...

6 md: considering sda14 ...

7 md: adding sda14 ...

md: adding sda13 ...

8
md: adding sda12 ...
9

To get the information about a particular raid device you can use this command.
?

1
[root@localhost ~]# dmesg | grep -w md5
2 md: created md5
3 md5: WARNING: sda12 appears to be on the same physical disk as sda11. True
4 md5: WARNING: sda13 appears to be on the same physical disk as sda12. True

5 md5: WARNING: sda14 appears to be on the same physical disk as sda13. True

6 raid5: allocated 3163kB for md5

raid5: raid level 5 set md5 active with 2 out of 3 devices, algorithm 2
7
EXT4 FS on md5, internal journal
8

If you have configured more than one raid in your machine and you want to know detail
about all of them you can use below command.
?

1 [root@localhost ~]# mdadm --examine --scan

 2 ARRAY /dev/md0 level=raid0 num-devices=2 UUID=db877de6:0a0be5f2:c22d99c7:e07fda85

3 ARRAY /dev/md1 level=raid1 num-devices=2 UUID=034c85f3:60ce1191:3b61e8dc:55851162

ARRAY /dev/md5 level=raid5 num-devices=3 UUID=d4e4533d:3b19751a:82304262:55747e5

4

The above command showa you the all the raid configured in your machine along with the
number disk devices each raid is using,It also shows the UUID of the parition
Read: What is UUID of a partition

KNOW THE ADVANTAGES OF RAID 5:

 READ Data Transaction rate of RAID 5 is very fast.

 RAID-5 have capacity to change the number of devices.
 It is also capable of changing the size of individual devices.
 RAID5 can also change the chunk size.
 It is also capable of changing the layout.
 WRITE Data Transaction rate is a bit slow because of the parity involved.
 You can get the redundancy without wasting any disk.
 We can also convert A 2-drive RAID5 to RAID1 & A 3 or more Drive RAID5 to RAID6.
 A 4-drive RAID5 can be easily converted to A 6-drive RAID6 if you have 4-drive.

Conclusion
Here, in this article, we have seen how to setup a RAID 5 using three number
of disks. Later in my upcoming articles, we will see how to troubleshoot when
a disk fails in RAID 5 and how to replace for recovery.

SWAP MEMORY

Extending the swap filesystem:

We have 20gb of enough space is there in RootVolGroup00 vg

==============================

crptdb-ch2-a1p.sys.suresh.net

==============================

To check the existing swap space

#free -m

Create the LVM with size 8gb(already 8gb is there requirement -16gb)

#lvcreate -L 8G -n lv_swap2 RootVolGroup00

Format with swap filesystem

#mkswap /dev/RootVolGroup00/lv_swap2

Add the entry in /etc/fstab

#vi /etc/fstab

/dev/RootVolGroup00/lv_swap2 swap swap defaults 00

Turn on the new swap

swapon -v /dev/RootVolGroup00/lv_swap2

#free -m ( Check 16gb extended or not )

echo 1 > /proc/sys/kernel/softlockup_panic

==============================

crptdb-wc-a1p.sys.suresh.net

==============================
We have 20gb of enough space is there in RootVolGroup00 vg

To check the existing swap space

#free -m

Create the LVM with size 8gb(already 8gb is there requirement -16gb)

#lvcreate -L 8G -n lv_swap2 RootVolGroup00

Format with swap filesystem

#mkswap /dev/RootVolGroup00/lv_swap2

Add the entry in /etc/fstab

#vi /etc/fstab

/dev/RootVolGroup00/lv_swap2 swap swap defaults 00

Turn on the new swap

swapon -v /dev/RootVolGroup00/lv_swap2

#free -m ( Check 16gb extended or not )

RollBack Plan

=============

Delete the existing created lvm

#lvremove /dev/RootVolGroup00/lv_swap2
Remove the entry in /etc/fstab that what you have added

/dev/RootVolGroup00/lv_swap2 swap swap defaults 00

To check the existing swap space

#free -m

TIME ZONE

Method for Changing TimeZone in RHEL/CENTOS 6 and below version

For this example, assume that your current timezone is UTC as shown below. You would like to
change this to ET.

# date

Wed Jun 8 05:28:56 UTC 2016

Edit the file “/etc/sysconfig/clock” and set the required zone in first line
of the file(Sometimes there may be an additional entry “UTC=true”, if yes
leave this entry as it is – This is for supporting day light changes in some
OS versions

Example

cp /etc/sysconfig/clock /etc/sysconfig/clock_bkp

#vi /etc/sysconfig/clock

ZONE=”EST5EDT”

All time zones are located under the /usr/share/zoneinfo/ directory.

To Take Effect the time zone run below command

#tzdata-update

(or)

#/usr/sbin/tzdata-update
verify the changes by executing “date” command
# date

Tue Jun 14 04:56:57 EDT 2016

Method for Changing TimeZone in RHEL/CENTOS 7

For this example, assume that your current timezone is UTC as shown below. You would like to
change this to ET.

# date

Wed Jun 8 05:28:56 UTC 2016

To Take Effect the time zone run below command

timedatectl set-timezone EST5EDT

verify the changes by executing “date” command

# date

Tue Jun 14 04:56:57 EDT 2016

PASSWORD LESS AUTHENTICATION

Step 1: Create Authentication SSH-Kegen Keys on –
(192.168.1.1)
First login into server 192.168.1.1 with user suresh and generate a pair of public keys using following command.
[[email protected] ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key
(/home/suresh/.ssh/id_rsa): [Press enter key]
Created directory '/home/suresh/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in
/home/suresh/.ssh/id_rsa.
Your public key has been saved in
/home/suresh/.ssh/id_rsa.pub.
The key fingerprint is:
af:bc:25:72:d4:04:65:d9:5d:11:f0:eb:1d:89:50:4c
[email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| ..oooE.++|
| o. o.o |
| .. . |
| o . . o|
| S . . + |
| . . . o|
| . o o ..|
| + + |
| +. |
+-----------------+
Step 2: Create .ssh Directory on – 192.168.1.2
Use SSH from server 192.168.1.1 to connect server 192.168.1.2 using sheena as user and create.ssh directory
under it, using following command.
[suresh@suresh ~]$ ssh [email protected] mkdir -p .ssh

The authenticity of host '192.168.1.2 (192.168.1.2)' can't

be established.
RSA key fingerprint is
d6:53:94:43:b3:cf:d7:e2:b0:0d:50:7b:17:32:29:2a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.2' (RSA) to the list
of known hosts.
[email protected]'s password: [Enter Your Password Here]

Step 3: Upload Generated Public Keys to – 192.168.1.2

Use SSH from server 192.168.1.1 and upload new generated public key (id_rsa.pub) on
server192.168.1.2 under sheena‘s .ssh directory as a file name authorized_keys.
[suresh@suresh ~]$ cat .ssh/id_rsa.pub | ssh [email protected] 'cat >>
.ssh/authorized_keys'

[email protected]'s password: [Enter Your Password Here]

Step 4: Set Permissions on – 192.168.1.2

Due to different SSH versions on servers, we need to set permissions on .ssh directory and authorized_keys file.
[suresh@suresh ~]$ ssh [email protected] "chmod 700 .ssh; chmod 640
.ssh/authorized_keys"

[email protected]'s password: [Enter Your Password Here]

Step 5: Login from 192.168.1.1 to 192.168.1.2 Server without
Password
From now onwards you can log into 192.168.1.2 as sheena user from server 192.168.1.1 assuresh user without
password.

TCP COMMANDS

12 Tcpdump Commands – A Network

Sniffer Tool
This is our another ongoing series of packet sniffer tool called tcpdump. Here, we
are going to show you how to install tcpdump and then we discuss and cover
some useful commands with their practical examples.

Linux tcpdump command examples

tcpdump is a most powerful and widely used command-line packets sniffer or

package analyzer tool which is used to capture or filter TCP/IP packets that
received or transferred over a network on a specific interface. It is available
under most of the Linux/Unix based operating systems. tcpdump also gives us a
option to save captured packets in a file for future analysis. It saves the file in
a pcap format, that can be viewed by tcpdump command or a open source GUI
based tool called Wireshark (Network Protocol Analyzier) that reads
tcpdump pcap format files.

How to Install tcpdump in Linux

Many of Linux distributions already shipped with tcpdump tool, if in case you
don’t have it on systems, you can install it using following Yum command.
# yum install tcpdump
Once tcpdump tool is installed on systems, you can continue to browse following
commands with their examples.
1. Capture Packets from Specific Interface
The command screen will scroll up until you interrupt and when we
execute tcpdump command it will captures from all the interfaces, however
with -i switch only capture from desire interface.
# tcpdump -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:33:31.976358 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 3500440357:3500440553, ack 3652628334, win 18760, length 196
11:33:31.976603 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags
[.], ack 196, win 64487, length 0
11:33:31.977243 ARP, Request who-has suresh.com tell 172.16.25.126, length 28
11:33:31.977359 ARP, Reply suresh.com is-at 00:14:5e:67:26:1d (oui Unknown),
length 46
11:33:31.977367 IP 172.16.25.126.54807 > suresh.com: 4240+ PTR?
125.25.16.172.in-addr.arpa. (44)
11:33:31.977599 IP suresh.com > 172.16.25.126.54807: 4240 NXDomain 0/1/0
(121)
11:33:31.977742 IP 172.16.25.126.44519 > suresh.com: 40988+ PTR?
126.25.16.172.in-addr.arpa. (44)
11:33:32.028747 IP 172.16.20.33.netbios-ns > 172.16.31.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
11:33:32.112045 IP 172.16.21.153.netbios-ns > 172.16.31.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
11:33:32.115606 IP 172.16.21.144.netbios-ns > 172.16.31.255.netbios-ns: NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
11:33:32.156576 ARP, Request who-has 172.16.16.37 tell old-
oraclehp1.midcorp.mid-day.com, length 46
11:33:32.348738 IP suresh.com > 172.16.25.126.44519: 40988 NXDomain 0/1/0
(121)

2. Capture Only N Number of Packets

When you run tcpdump command it will capture all the packets for specified
interface, until you Hit cancel button. But using -c option, you can capture
specified number of packets. The below example will only capture 6 packets.
# tcpdump -c 5 -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:40:20.281355 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 3500447285:3500447481, ack 3652629474, win 18760, length 196
11:40:20.281586 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags
[.], ack 196, win 65235, length 0
11:40:20.282244 ARP, Request who-has suresh.com tell 172.16.25.126, length 28
11:40:20.282360 ARP, Reply suresh.com is-at 00:14:5e:67:26:1d (oui Unknown),
length 46
11:40:20.282369 IP 172.16.25.126.53216 > suresh.com.domain: 49504+ PTR?
125.25.16.172.in-addr.arpa. (44)
11:40:20.332494 IP suresh.com.netbios-ssn > 172.16.26.17.nimaux: Flags [P.],
seq 3058424861:3058424914, ack 693912021, win 64190, length 53 NBT Session
Packet: Session Message
6 packets captured
23 packets received by filter
0 packets dropped by kernel

3. Print Captured Packets in ASCII

The below tcpdump command with option -A displays the package
in ASCII format. It is a character-encoding scheme format.
# tcpdump -A -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:31:31.347508 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.],
seq 3329372346:3329372542, ack 4193416789, win 17688, length 196
M.r0...vUP.E.X.......~.%..>N..oFk.........KQ..)Eq.d.,....r^l......m\.oyE....-
[email protected]_..J....i.*.....2f.mQH...Q.c...6....9.v.gb.....
...;..4.).UiCY]..9..x.)..Z.XF....'|..E......M..u.5.......ul
09:31:31.347760 IP 192.168.0.1.nokia-ann-ch1 > 192.168.0.2.ssh: Flags [.],
ack 196, win 64351, length 0
M....vU.r1~P.._..........
^C09:31:31.349560 IP 192.168.0.2.46393 > b.resolvers.Level3.net.domain:
11148+ PTR? 1.0.168.192.in-addr.arpa. (42)
E..F..@[email protected]+............1.0.168.192.in-addr.arpa.....
3 packets captured
11 packets received by filter
0 packets dropped by kernel

4. Display Available Interfaces

To list number of available interfaces on the system, run the following command
with -D option.
# tcpdump -D
1.eth0
2.eth1
3.usbmon1 (USB bus number 1)
4.usbmon2 (USB bus number 2)
5.usbmon3 (USB bus number 3)
6.usbmon4 (USB bus number 4)
7.usbmon5 (USB bus number 5)
8.any (Pseudo-device that captures on all interfaces)
9.lo

5. Display Captured Packets in HEX and ASCII

The following command with option -XX capture the data of each packet,
including its link level header in HEX and ASCII format.
# tcpdump -XX -i eth0
11:51:18.974360 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 3509235537:3509235733, ack 3652638190, win 18760, length 196
0x0000: b8ac 6f2e 57b3 0001 6c99 1468 0800 4510 ..o.W...l..h..E.
0x0010: 00ec 8783 4000 4006 275d ac10 197e ac10 ....@.@.']...~..
0x0020: 197d 0016 1129 d12a af51 d9b6 d5ee 5018 .}...).*.Q....P.
0x0030: 4948 8bfa 0000 0e12 ea4d 22d1 67c0 f123 IH.......M".g..#
0x0040: 9013 8f68 aa70 29f3 2efc c512 5660 4fe8 ...h.p).....V`O.
0x0050: 590a d631 f939 dd06 e36a 69ed cac2 95b6 Y..1.9...ji.....
0x0060: f8ba b42a 344b 8e56 a5c4 b3a2 ed82 c3a1 ...*4K.V........
0x0070: 80c8 7980 11ac 9bd7 5b01 18d5 8180 4536 ..y.....[.....E6
0x0080: 30fd 4f6d 4190 f66f 2e24 e877 ed23 8eb0 0.OmA..o.$.w.#..
0x0090: 5a1d f3ec 4be4 e0fb 8553 7c85 17d9 866f Z...K....S|....o
0x00a0: c279 0d9c 8f9d 445b 7b01 81eb 1b63 7f12 .y....D[{....c..
0x00b0: 71b3 1357 52c7 cf00 95c6 c9f6 63b1 ca51 q..WR.......c..Q
0x00c0: 0ac6 456e 0620 38e6 10cb 6139 fb2a a756 ..En..8...a9.*.V
0x00d0: 37d6 c5f3 f5f3 d8e8 3316 d14f d7ab fd93 7.......3..O....
0x00e0: 1137 61c1 6a5c b4d1 ddda 380a f782 d983 .7a.j\....8.....
0x00f0: 62ff a5a9 bb39 4f80 668a b....9O.f.
11:51:18.974759 IP 172.16.25.126.60952 > mddc-01.midcorp.mid-day.com.domain:
14620+ PTR? 125.25.16.172.in-addr.arpa. (44)
0x0000: 0014 5e67 261d 0001 6c99 1468 0800 4500 ..^g&...l..h..E.
0x0010: 0048 5a83 4000 4011 5e25 ac10 197e ac10 .HZ.@.@.^%...~..
0x0020: 105e ee18 0035 0034 8242 391c 0100 0001 .^...5.4.B9.....
0x0030: 0000 0000 0000 0331 3235 0232 3502 3136 .......125.25.16
0x0040: 0331 3732 0769 6e2d 6164 6472 0461 7270 .172.in-addr.arp
0x0050: 6100 000c 0001 a.....

6. Capture and Save Packets in a File

As we said, that tcpdump has a feature to capture and save the file in
a .pcap format, to do this just execute command with -w option.
# tcpdump -w 0001.pcap -i eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
bytes
4 packets captured
4 packets received by filter
0 packets dropped by kernel

7. Read Captured Packets File

To read and analyze captured packet 0001.pcap file use the command with -
r option, as shown below.
# tcpdump -r 0001.pcap
reading from file 0001.pcap, link-type EN10MB (Ethernet)
09:59:34.839117 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.],
seq 3353041614:3353041746, ack 4193563273, win 18760, length 132
09:59:34.963022 IP 192.168.0.1.nokia-ann-ch1 > 192.168.0.2.ssh: Flags [.],
ack 132, win 65351, length 0
09:59:36.935309 IP 192.168.0.1.netbios-dgm > 192.168.0.255.netbios-dgm: NBT
UDP PACKET(138)
09:59:37.528731 IP 192.168.0.1.nokia-ann-ch1 > 192.168.0.2.ssh: Flags [P.],
seq 1:53, ack 132, win 65351, length 5

8. Capture IP address Packets

To capture packets for a specific interface, run the following command with
option -n.
# tcpdump -n -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:07:03.952358 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 3509512873:3509513069, ack 3652639034, win 18760, length 196
12:07:03.952602 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags
[.], ack 196, win 64171, length 0
12:07:03.953311 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 196:504, ack 1, win 18760, length 308
12:07:03.954288 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 504:668, ack 1, win 18760, length 164
12:07:03.954502 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags
[.], ack 668, win 65535, length 0
12:07:03.955298 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 668:944, ack 1, win 18760, length 276
12:07:03.955425 IP 172.16.23.16.netbios-ns > 172.16.31.255.netbios-ns: NBT
UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
12:07:03.956299 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 944:1236, ack 1, win 18760, length 292
12:07:03.956535 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags
[.], ack 1236, win 64967, length 0

9. Capture only TCP Packets.

To capture packets based on TCP port, run the following command with
option tcp.
# tcpdump -i eth0 tcp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:10:36.216358 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 3509646029:3509646225, ack 3652640142, win 18760, length 196
12:10:36.216592 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags
[.], ack 196, win 64687, length 0
12:10:36.219069 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 196:504, ack 1, win 18760, length 308
12:10:36.220039 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 504:668, ack 1, win 18760, length 164
12:10:36.220260 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags
[.], ack 668, win 64215, length 0
12:10:36.222045 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 668:944, ack 1, win 18760, length 276
12:10:36.223036 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags
[P.], seq 944:1108, ack 1, win 18760, length 164
12:10:36.223252 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags
[.], ack 1108, win 65535, length 0
^C12:10:36.223461 IP mid-pay.midcorp.mid-day.com.netbios-ssn >
172.16.22.183.recipe: Flags [.], seq 283256512:283256513, ack 550465221, win
65531, length 1[|SMB]

10. Capture Packet from Specific Port

Let’s say you want to capture packets for specific port 22, execute the below
command by specifying port number 22 as shown below.
# tcpdump -i eth0 port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:37:49.056927 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.],
seq 3364204694:3364204890, ack 4193655445, win 20904, length 196
10:37:49.196436 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.],
seq 4294967244:196, ack 1, win 20904, length 248
10:37:49.196615 IP 192.168.0.1.nokia-ann-ch1 > 192.168.0.2.ssh: Flags [.],
ack 196, win 64491, length 0
10:37:49.379298 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.],
seq 196:616, ack 1, win 20904, length 420
10:37:49.381080 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.],
seq 616:780, ack 1, win 20904, length 164
10:37:49.381322 IP 192.168.0.1.nokia-ann-ch1 > 192.168.0.2.ssh: Flags [.],
ack 780, win 65535, length 0

11. Capture Packets from source IP

To capture packets from source IP, say you want to capture packets
for 192.168.0.2, use the command as follows.
# tcpdump -i eth0 src 192.168.0.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:49:15.746474 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.],
seq 3364578842:3364579038, ack 4193668445, win 20904, length 196
10:49:15.748554 IP 192.168.0.2.56200 > b.resolvers.Level3.net.domain: 11289+
PTR? 1.0.168.192.in-addr.arpa. (42)
10:49:15.912165 IP 192.168.0.2.56234 > b.resolvers.Level3.net.domain: 53106+
PTR? 2.0.168.192.in-addr.arpa. (42)
10:49:16.074720 IP 192.168.0.2.33961 > b.resolvers.Level3.net.domain: 38447+
PTR? 2.2.2.4.in-addr.arpa. (38)

12. Capture Packets from destination IP

To capture packets from destination IP, say you want to capture packets
for 50.116.66.139, use the command as follows.
# tcpdump -i eth0 dst 50.116.66.139
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:55:01.798591 IP 192.168.0.2.59896 > 50.116.66.139.http: Flags [.], ack
2480401451, win 318, options [nop,nop,TS val 7955710 ecr 804759402], length 0
10:55:05.527476 IP 192.168.0.2.59894 > 50.116.66.139.http: Flags [F.], seq
2521556029, ack 2164168606, win 245, options [nop,nop,TS val 7959439 ecr
804759284], length 0
10:55:05.626027 IP 192.168.0.2.59894 > 50.116.66.139.http: Flags [.], ack 2,
win 245, options [nop,nop,TS val 7959537 ecr 804759787], length 0

This article may help you to explore tcpdump command in depth and also to
capture and analysis packets in future.

tcpdump command is also called as packet analyzer.

tcpdump command will work on most flavors of unix operating system. tcpdump allows
us to save the packets that are captured, so that we can use it for future analysis. The
saved file can be viewed by the same tcpdump command. We can also use open source
software like wireshark to read the tcpdump pcap files.

In this tcpdump tutorial, let us discuss some practical examples on how to use the
tcpdump command.

1. Capture packets from a particular ethernet interface

using tcpdump -i
When you execute tcpdump command without any option, it will capture all the packets
flowing through all the interfaces. -i option with tcpdump command, allows you to filter
on a particular ethernet interface.

$ tcpdump -i eth1

14:59:26.608728 IP xx.domain.netbcp.net.52497 > valh4.lell.net.ssh: . ack 540 win

16554

14:59:26.610602 IP resolver.lell.net.domain > valh4.lell.net.24151: 4278 1/0/0 (73)

14:59:26.611262 IP valh4.lell.net.38527 > resolver.lell.net.domain: 26364+ PTR?

244.207.104.10.in-addr.arpa. (45)
In this example, tcpdump captured all the packets flows in the interface eth1 and
displays in the standard output.

Note: Editcap utility is used to select or remove specific packets from dump file and
translate them into a given format.

2. Capture only N number of packets using tcpdump -c

When you execute tcpdump command it gives packets until you cancel the tcpdump
command. Using -c option you can specify the number of packets to capture.

$ tcpdump -c 2 -i eth0

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

14:38:38.184913 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006: P

1457255642:1457255758(116) ack 1561463966 win 63652

14:38:38.690919 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006: P 116:232(116)

ack 1 win 63652

2 packets captured

13 packets received by filter

0 packets dropped by kernel

The above tcpdump command captured only 2 packets from interface eth0.

Note: Mergecap and TShark: Mergecap is a packet dump combining tool, which will
combine multiple dumps into a single dump file. Tshark is a powerful tool to capture
network packets, which can be used to analyze the network traffic. It comes with
wireshark network analyzer distribution.

3. Display Captured Packets in ASCII using tcpdump -A

The following tcpdump syntax prints the packet in ASCII.

$ tcpdump -A -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

14:34:50.913995 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006: P

1457239478:1457239594(116) ack 1561461262 win 63652

E.....@.@..]..i...9...*.V...]...P....h....E...>{..U=...g.

......G..7\+KA....A...L.

14:34:51.423640 IP valh4.lell.net.ssh > yy.domain.innetbcp.net.11006: P 116:232(116)

ack 1 win 63652

E.....@.@..\..i...9...*.V..*]...P....h....7......X..!....Im.S.g.u:*..O&....^#Ba...

E..(R.@.|.....9...i.*...]...V..*P..OWp........

Note: Ifconfig command is used to configure network interfaces

4. Display Captured Packets in HEX and ASCII using

tcpdump -XX
Some users might want to analyse the packets in hex values. tcpdump provides a way to
print packets in both ASCII and HEX format.

$tcpdump -XX -i eth0

18:52:54.859697 IP zz.domain.innetbcp.net.63897 > valh4.lell.net.ssh: . ack 232 win

16511

0x0000: 0050 569c 35a3 0019 bb1c 0c00 0800 4500 .PV.5.........E.

0x0010: 0028 042a 4000 7906 c89c 10b5 aaf6 0f9a .(.*@.y.........

0x0020: 69c4 f999 0016 57db 6e08 c712 ea2e 5010 i.....W.n.....P.

0x0030: 407f c976 0000 0000 0000 0000 @..v........

18:52:54.877713 IP 10.0.0.0 > all-systems.mcast.net: igmp query v3 [max resp time 1s]
 0x0000: 0050 569c 35a3 0000 0000 0000 0800 4600 .PV.5.........F.

0x0010: 0024 0000 0000 0102 3ad3 0a00 0000 e000 .$......:.......

0x0020: 0001 9404 0000 1101 ebfe 0000 0000 0300 ................

0x0030: 0000 0000 0000 0000 0000 0000 ............

5. Capture the packets and write into a file using tcpdump -

w
tcpdump allows you to save the packets to a file, and later you can use the packet file for
further analysis.

$ tcpdump -w 08232010.pcap -i eth0

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

32 packets captured

32 packets received by filter

0 packets dropped by kernel

-w option writes the packets into a given file. The file extension should be .pcap, which
can be read by any network protocol
analyzer.

6. Reading the packets from a saved file using tcpdump -r

You can read the captured pcap file and view the packets for analysis, as shown below.

$tcpdump -tttt -r data.pcap

2010-08-22 21:35:26.571793 00:50:56:9c:69:38 (oui Unknown) > Broadcast, ethertype

Unknown (0xcafe), length 74:

0x0000: 0200 000a ffff 0000 ffff 0c00 3c00 0000 ............<...
 0x0010: 0000 0000 0100 0080 3e9e 2900 0000 0000 ........>.).....

0x0020: 0000 0000 ffff ffff ad00 996b 0600 0050 ...........k...P

0x0030: 569c 6938 0000 0000 8e07 0000 V.i8........

2010-08-22 21:35:26.571797 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.50570: P

800464396:800464448(52) ack 203316566 win 71

2010-08-22 21:35:26.571800 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.50570: P

52:168(116) ack 1 win 71

2010-08-22 21:35:26.584865 IP valh5.lell.net.ssh > 11.154.12.255.netbios-ns: NBT UDP

PACKET(137): QUERY; REQUEST; BROADC

7. Capture packets with IP address using tcpdump -n

In all the above examples, it prints packets with the DNS address, but not the ip address.
The following example captures the packets and it will display the IP address of the
machines involved.

$ tcpdump -n -i eth0

15:01:35.170763 IP 10.0.19.121.52497 > 11.154.12.121.ssh: P 105:157(52) ack 18060 win

16549

15:01:35.170776 IP 11.154.12.121.ssh > 10.0.19.121.52497: P 23988:24136(148) ack 157

win 113

15:01:35.170894 IP 11.154.12.121.ssh > 10.0.19.121.52497: P 24136:24380(244) ack 157

win 113

8. Capture packets with proper readable timestamp using

tcpdump -tttt
$ tcpdump -n -tttt -i eth0
2010-08-22 15:10:39.162830 IP 10.0.19.121.52497 > 11.154.12.121.ssh: . ack 49800 win
16390

2010-08-22 15:10:39.162833 IP 10.0.19.121.52497 > 11.154.12.121.ssh: . ack 50288 win

16660

2010-08-22 15:10:39.162867 IP 10.0.19.121.52497 > 11.154.12.121.ssh: . ack 50584 win

16586

9. Read packets longer than N bytes

You can receive only the packets greater than n number of bytes using a filter ‘greater’
through tcpdump command

$ tcpdump -w g_1024.pcap greater 1024

10. Receive only the packets of a specific protocol type

You can receive the packets based on the protocol type. You can specify one of these
protocols — fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. The following example
captures only arp packets flowing through the eth0 interface.

$ tcpdump -i eth0 arp

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

19:41:52.809642 arp who-has valh5.lell.net tell valh9.lell.net

19:41:52.863689 arp who-has 11.154.12.1 tell valh6.lell.net

19:41:53.024769 arp who-has 11.154.12.1 tell valh7.lell.net

11. Read packets lesser than N bytes

You can receive only the packets lesser than n number of bytes using a filter ‘less’
through tcpdump command
$ tcpdump -w l_1024.pcap less 1024

12. Receive packets flows on a particular port using

tcpdump port
If you want to know all the packets received by a particular port on a machine, you can
use tcpdump command as shown below.

$ tcpdump -i eth0 port 22

19:44:44.934459 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P

18932:19096(164) ack 105 win 71

19:44:44.934533 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P

19096:19260(164) ack 105 win 71

19:44:44.934612 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P

19260:19424(164) ack 105 win 71

13. Capture packets for particular destination IP and Port

The packets will have source and destination IP and port numbers. Using tcpdump we
can apply filters on source or destination IP and port number. The following command
captures packets flows in eth0, with a particular destination ip and port number 22.

$ tcpdump -w xpackets.pcap -i eth0 dst 10.181.140.216 and port 22

14. Capture TCP communication packets between two

hosts
If two different process from two different machines are communicating through tcp
protocol, we can capture those packets using tcpdump as shown below.

$tcpdump -w comm.pcap -i eth0 dst 16.181.170.246 and port 22

You can open the file comm.pcap using any network protocol analyzer tool to debug any
potential issues.
15. tcpdump Filter Packets – Capture all the packets other
than arp and rarp
In tcpdump command, you can give “and”, “or” and “not” condition to filter the packets
accordingly.

$ tcpdump -i eth0 not arp and not rarp

20:33:15.479278 IP resolver.lell.net.domain > valh4.lell.net.64639: 26929 1/0/0 (73)

20:33:15.479890 IP valh4.lell.net.16053 > resolver.lell.net.domain: 56556+ PTR?

255.107.154.15.in-addr.arpa. (45)

20:33:15.480197 IP valh4.lell.net.ssh > zz.domain.innetbcp.net.63897: P 540:1504(964)

ack 1 win 96

20:33:15.487118 IP zz.domain.innetbcp.net.63897 > valh4.lell.net.ssh: . ack 540 win

16486

20:33:15.668599 IP 10.0.0.0 > all-systems.mcast.net: igmp query v3 [max resp tim

SUPER BLOCK

Linux: Recover Corrupted Partition From A Bad Superblock

by VIVEK GITE on AUGUST 15, 2008 last updated AUGUST 15, 2008

in CENTOS, DEBIAN / UBUNTU, FILE SYSTEM, HARDWARE, LINUX, REDHAT AND FRIENDS,
TROUBLESHOOTING, UBUNTU LINUX

Q. How can I Recover a bad superblock from a corrupted ext3 partition to get back my data? I’m getting
following error:
/dev/sda2: Input/output error

mount: /dev/sda2: can’t read superblock

How do I fix this error?

A. Linux ext2/3 filesystem stores superblock at different backup location so it is possible to get back data
from corrupted partition.

Warning examples may crash your computerWARNING! Make sure file system is UNMOUNTED.

If your system will give you a terminal type the following command, else boot Linux system from rescue
disk (boot from 1st CD/DVD. At boot: prompt type command linux rescue).

Mount partition using alternate superblock

Find out superblock location for /dev/sda2:

# dumpe2fs /dev/sda2 | grep superblock

Sample output:

Primary superblock at 0, Group descriptors at 1-6

Backup superblock at 32768, Group descriptors at 32769-32774

Backup superblock at 98304, Group descriptors at 98305-98310

Backup superblock at 163840, Group descriptors at 163841-163846

Backup superblock at 229376, Group descriptors at 229377-229382

Backup superblock at 294912, Group descriptors at 294913-294918

Backup superblock at 819200, Group descriptors at 819201-819206

Backup superblock at 884736, Group descriptors at 884737-884742

 Backup superblock at 1605632, Group descriptors at 1605633-1605638

Backup superblock at 2654208, Group descriptors at 2654209-2654214

Backup superblock at 4096000, Group descriptors at 4096001-4096006

Backup superblock at 7962624, Group descriptors at 7962625-7962630

Backup superblock at 11239424, Group descriptors at 11239425-11239430

Backup superblock at 20480000, Group descriptors at 20480001-20480006

Backup superblock at 23887872, Group descriptors at 23887873-23887878

Now check and repair a Linux file system using alternate superblock # 32768:

# fsck -b 32768 /dev/sda2

Sample output:

fsck 1.40.2 (12-Jul-2007)

e2fsck 1.40.2 (12-Jul-2007)

/dev/sda2 was not cleanly unmounted, check forced.

Pass 1: Checking inodes, blocks, and sizes

Pass 2: Checking directory structure

Pass 3: Checking directory connectivity

Pass 4: Checking reference counts

Pass 5: Checking group summary information

Free blocks count wrong for group #241 (32254, counted=32253).

Fix? yes

Free blocks count wrong for group #362 (32254, counted=32248).

Fix? yes

Free blocks count wrong for group #368 (32254, counted=27774).

Fix? yes

..........

/dev/sda2: ***** FILE SYSTEM WAS MODIFIED *****

/dev/sda2: 59586/30539776 files (0.6% non-contiguous), 3604682/61059048 blocks

Now try to mount file system using mount command:

# mount /dev/sda2 /mnt

You can also use superblock stored at 32768 to mount partition, enter:

# mount sb={alternative-superblock} /dev/device /mnt

# mount sb=32768 /dev/sda2 /mnt

Try to browse and access file system:

# cd /mnt

# mkdir test

# ls -l

# cp file /path/to/safe/location

TSM

Skip to main content

Login

Using the TSM Client Command Line

Interface for Backup & Restore
Printer-friendly version

1. Introduction
This section will first provide an introduction to the TSM Command Line Interface (CLI) and then
describe how to manually back up and restore files on the local machine. The screen shots and
descriptions that follow may refer to older TSM clients, but with the exception of the file specifications
the syntax is generic to all platforms.

2. Starting the TSM Command Line client

2.1. Windows
Run [Backup-Archive Command Line] from [Start] | [All Programs] | [Tivoli Storage
Manager]. The TSM command line interface will open in a window on the Windows desktop. This
window will be small but you can change its size, colour, or font by right clicking on the icon in the top
left corner and selecting [Properties]. You should see a prompt of the form:

2.2. Mac
Open [Terminal] from [Applications] | [Utilities] and type sudo dsmc. You will be
prompted for your Mac password then should see a prompt of the form:
IBM Tivoli Storage Manager

Command Line Backup-Archive Client Interface

Client Version 6, Release 4, Level 1.5

Client date/time: 13-03-2014 14:57:05

(c) Copyright by IBM Corporation and other(s) 1990, 2013. All Rights
Reserved.

Node Name: ABCD1234-LAPTOP-ITSERV

Session established with server OX_HFS_B1: AIX

Server Version 6, Release 3, Level 4.200

Server date/time: 13-03-2014 14:57:05 Last access: 10-03-2014 12:34:35

tsm>

2.3. Unix/Linux
Run dsmc as root from the shell prompt (e.g., in Ubuntu, run sudo dsmc). You should see a prompt of
the form:
IBM Tivoli Storage Manager

Command Line Backup-Archive Client Interface

Client Version 6, Release 4, Level 1.7

Client date/time: 13-03-2014 15:01:20

(c) Copyright by IBM Corporation and other(s) 1990, 2014. All Rights
Reserved.

Node Name: TEST-UBUNTU-OUCS

Session established with server OX_HFS_B1: AIX

Server Version 6, Release 3, Level 4.200

Server date/time: 13-03-2014 15:01:15 Last access: 13-03-2014 13:01:04

tsm>

2.4. Netware
Type load dsmc at the console.

3. Accessing Help
Online help for TSM commands, options and error messages is available by typing help at
the tsm> prompt. The result will be similar to below:
1.0 New for IBM Tivoli Storage Manager Version 6.4

2.0 Using commands

2.1 Start and end a client command session

2.1.1 Process commands in batch mode

2.1.2 Process commands in interactive mode

2.2 Enter client command names, options, and parameters

2.2.1 Command name

2.2.2 Options

2.2.3 Parameters

2.2.4 File specification syntax

2.3 Wildcard characters

2.4 Client commands reference

2.5 Archive

2.6 Archive FastBack

Enter 'q' to exit help, 't' to display the table of contents,

press enter or 'd' to scroll down, 'u' to scroll up or

enter a help topic section number, message number, option name,

command name, or command and subcommand:

Note that commands and options may be abbreviated to a short form as indicated by capitalisation of
words in the syntax entry for a command. Thus, for example, query filespace can be abbreviated
to q fi. Options and commands can also be included on the original command line so, using the above
example, on a Netware machine you can run load dsmc q fi to just run a query of the current
partitions backed up. Obviously, more complex queries and commands can be similarly run in the same
manner.

4. Querying the server

The following query commands illustrate typical command syntax and output.

4.1. Querying your scheduled backup slot

To query your scheduled backup slot enter q sched (which is short for query schedule). The output
should look similar to that below:
tsm> q sched

Schedule Name: WEEKLY_ITSERV

Description: ITSERV weekly incremental backup

Schedule Style: Classic

Action: Incremental

Options:

Objects:

Priority: 5

Next Execution: 149 Hours and 35 Minutes

Duration: 15 Minutes

Period: 1 Week
 Day of Week: Wednesday

Month:

Day of Month:

Week of Month:

Expire: Never

4.2. Querying what files are included/excluded for backup

At the tsm> prompt enter q inclexcl to list output similar to the following:
tsm> q inclexcl

*** FILE INCLUDE/EXCLUDE ***

Mode Function Pattern (match from top down) Source File

---- --------- ------------------------------ -----------------

Excl Filespace /var/run

/opt/tivoli/tsm/client/ba/bin/incl.excl

Excl Filespace /tmp

/opt/tivoli/tsm/client/ba/bin/incl.excl

Excl Directory /.../.opera/.../cache4

/opt/tivoli/tsm/client/ba/bin/incl.excl

Excl Directory /.../.mozilla/.../Cache

/opt/tivoli/tsm/client/ba/bin/incl.excl

Excl Directory /.../.netscape/.../cache

/opt/tivoli/tsm/client/ba/bin/incl.excl

Excl Directory /var/tmp

/opt/tivoli/tsm/client/ba/bin/incl.excl

Excl All /.../dsmsched.log

/opt/tivoli/tsm/client/ba/bin/incl.excl
Excl All /.../core
/opt/tivoli/tsm/client/ba/bin/incl.excl

Excl All /.../a.out

/opt/tivoli/tsm/client/ba/bin/incl.excl

No DFS include/exclude statements defined.

Note that the include/exclude directives are listed at the partition level first, then the directory/folder
level and finally at the file level. The order they are displayed above is the order in which these
directives are applied by TSM. You will note that the order of the directives at any one level is the
opposite of the order in which they appear in the options file. That is, TSM reads the directives listed in
options file from the bottom up.
4.3. Querying what partitions have been backed up
At the tsm> prompt enter q fi to list which partitions have been backed up:
Windows:

# Last Incr Date Type File Space Name

--- -------------- ---- ---------------

1 01-05-2012 19:46:59 NTFS \\tentacles.oucs\c$

Mac:

tsm> q fi

# Last Incr Date Type File Space Name

--- -------------- ---- ---------------

1 02-05-2012 02:13:13 HFS /

2 25-07-2011 12:26:09 HFS /Volumes/Disk 2

Linux:

tsm> q fi

# Last Incr Date Type File Space Name

--- -------------- ---- ---------------

 1 02-05-2013 02:13:13 EXT4 /

2 25-07-2014 12:26:09 EXT3 /home

Solaris:

tsm> q fi

# Last Incr Date Type File Space Name

--- -------------- ---- ---------------

1 02-05-2012 02:13:13 UFS /

2 25-07-2011 12:26:09 UFS /export/home

Netware:

# Last Incr Date Type File Space Name

--- -------------- ---- ---------------

1 02-05-2012 00:23:46 NTW:LONG NSMS1\SYS:

2 02-05-2012 00:22:42 NDS NSMS1\NDS:

3 02-05-2012 00:25:33 NTW:LONG NSMS1\USR:

4 02-05-2012 00:25:11 NTW:LONG NSMS1\APPS:

4.4. Querying what files have been backed up

The syntax for querying what files you have backed up involves giving a file specification which is
necessarily OS specific. Also, if an incorrect file specification is given it may appear that you have no
backups. Consequently, several worked examples are displayed below for Windows, Mac, Linux/Unix
and Netware environments.

If you give just a path to a directory/folder you will only get the folder returned as the output:

Windows:

tsm> q ba c:\Downloads
 Size Backup Date Mgmt Class A/I File

---- ----------- ---------- --- ----

0 B 03-04-2012 19:57:54 STANDARD A

\\tentacles.oucs\c$\Downloads

Mac:

tsm> q ba /Users

Size Backup Date Mgmt Class A/I File

---- ----------- ---------- --- ----

72 B 24-04-2012 02:52:09 STANDARD A /Users

Linux:

tsm> q ba /home/ians/projects

Size Backup Date Mgmt Class A/I File

---- ----------- ---------- --- ----

512 B 24-04-2012 02:52:09 STANDARD A

/home/ians/projects

Netware:

tsm> q ba USR:/ians

Size Backup Date Mgmt Class A/I File

---- ----------- ---------- --- ----

0 B 02-05-2012 00:25:32 STANDARD A USR:/ians

Note that the Windows client lists the directory in UNC format. This format can also be used for the file
specification in the query.

If you just add a trailing * (star) as a wildcard in the above query, TSM will only return those files and
directories backed up immediately belowthe directory path given in the query
tsm>q ba /home/ians/projects/*

Size Backup Date Mgmt Class A/I File

---- ----------- ---------- --- ----

512 12-09-2011 19:57:09 STANDARD A /home/ians/projects/hfs0106

1,024 08-12-2011 02:46:53 STANDARD A /home/ians/projects/hsm41perf

512 12-09-2011 19:57:09 STANDARD A /home/ians/projects/hsm41test

512 24-04-2012 00:22:56 STANDARD A /home/ians/projects/hsm42upg

If you want to query all the current files and directories backed up under a directory and all its
subdirectories you need to add the -subdir=yesoption as below:
tsm> q ba /home/ians/projects/* -subdir=yes

Size Backup Date Mgmt Class A/I File

---- ----------- ---------- --- ----

512 12-09-2011 19:57:09 STANDARD A /home/ians/projects/hfs0106

1,024 08-12-2011 02:46:53 STANDARD A /home/ians/projects/hsm41perf

512 12-09-2011 19:57:09 STANDARD A /home/ians/projects/hsm41test

512 24-04-2012 00:22:56 STANDARD A /home/ians/projects/hsm42upg

1,024 12-09-2011 19:57:09 STANDARD A

/home/ians/projects/hfs0106/test

1,024 12-09-2011 19:57:09 STANDARD A

/home/ians/projects/hfs0106/test/test2

12,048 04-12-2011 02:01:29 STANDARD A

/home/ians/projects/hsm41perf/tables

50,326 30-04-2012 01:35:26 STANDARD A

/home/ians/projects/hsm42upg/PMR70023
 50,326 27-04-2012 00:28:15 STANDARD A
/home/ians/projects/hsm42upg/PMR70099

11,013 24-04-2012 00:22:56 STANDARD A

/home/ians/projects/hsm42upg/md5check

Note that file specifications with spaces in them will need to be quoted. Thus to query all the files backed
up under C:\My Documents and any sub-directories below it, the following input would be required:
tsm> q ba "C:\My Documents\*" -subdir=yes

By default only the current versions of files are listed. In order to query both current active and
previous inactive versions of files, add the -inactive option to the query:
tsm> q ba /home/ians/projects/* -subdir=yes -inactive

Size Backup Date Mgmt Class A/I File

---- ----------- ---------- --- ----

512 12-09-2011 19:57:09 STANDARD A /home/ians/projects/hfs0106

1,024 08-12-2011 02:46:53 STANDARD A /home/ians/projects/hsm41perf

512 12-09-2011 19:57:09 STANDARD A /home/ians/projects/hsm41test

512 24-04-2012 00:22:56 STANDARD A /home/ians/projects/hsm42upg

1,024 12-09-2011 19:57:09 STANDARD A

/home/ians/projects/hfs0106/test

1,024 12-09-2011 19:57:09 STANDARD A

/home/ians/projects/hfs0106/test/test2

12,048 04-12-2011 02:01:29 STANDARD A

/home/ians/projects/hsm41perf/tables

8,448 03-12-2011 01:31:18 STANDARD I

/home/ians/projects/hsm41perf/tables

50,326 30-04-2012 01:35:26 STANDARD A

/home/ians/projects/hsm42upg/PMR70023

50,326 27-04-2012 00:28:15 STANDARD A

/home/ians/projects/hsm42upg/PMR70099
 11,013 24-04-2012 00:22:56 STANDARD A
/home/ians/projects/hsm42upg/md5check

11,013 23-04-2012 17:10:08 STANDARD I

/home/ians/projects/hsm42upg/md5check

Note how the previous versions of files are marked by an I (for Inactive) in the A/I column.
Unix and Linux users should be aware of potential confusion of how TSM stores files in nested file
spaces. This can arise in the following situation: A user backs-up a file myconf.txt on
the /usr partition in the /usr/local/etc directory. Subsequently, a new disk partition is mounted
at /usr/local, or it is defined as a virtualmountpoint. Running the command:
tsm> q ba /usr/local/etc/*

will not list the myconf.txt file. This is because TSM always looks for a file in the filespace (partition)
with the longest name that matches the file specification you include in the command. In the above
example, the file was not backed up under the /usr/local filespace but under the/usr filespace. To
tell TSM to look for a file in latter filespace you must specify the filespace explicitly using braces, as
below:
tsm> q ba {/usr}/local/etc/*

5. Backing up your data

5.1. Backing up local disks
The basic syntax for backing up local disk volumes is dsmc backup-type disk volume(s),
where backup-type is one of incremental orselective. We recommend incremental backups only;
selective backups cause data to be sent even if it already exists on the HFS. By default, if the disk
volume is omitted, TSM will backup those volumes specified by the Domain option in
the dsm.opt options file. If Domain is set toAll-Local, then to backup all local volumes enter:
tsm> incr

where incr is an abbreviation for incremental.

To incrementally back up specific volumes enter:

tsm> incr C: D: F: ** Windows

tsm> incr / ** Mac

tsm> incr / /usr /usr/local /home ** Unix/Linux

tsm> incr NDS: USR: SYS: APPS: ** Netware

To run an incremental by date backup of the above, add the -incrbydate option, as in:
tsm> incr C: D: F: -incrbydate
To back up entire disk volumes irrespective of whether files have changed since the last backup, use
the selective command with a wildcard and -subdir=yes as below:
tsm> sel C:\* D:\* F:\* -su=yes ** Windows

tsm> sel /* -su=yes ** Mac

tsm> sel /* /usr/* /home/* -su=yes ** Unix/Linux

tsm> sel USR:* SYS:* APPS:* -su=yes ** Netware

5.2. Backing up selected files

The basic syntax for backing up selected files is similar to that for backing up disk partitions. Be aware,
however, that you cannot use wildcards in directory/folder names:

tsm> incr /home/ians/projects/hsm*/* -su=yes

ANS1071E Invalid domain name entered: '/home/ians/projects/hsm*/*'

tsm> sel /home/ians/projects/hsm*/* -su=yes

Selective Backup function invoked.

ANS1081E Invalid search file specification '/home/ians/projects/hsm*/*'

entered

You can, however, enter several file specifications on the command line, as below:

** Windows **

tsm> incr "C:\My Documents\Word docs\*" "C:\My Documents\html docs\*" -

su=yes
** Mac **

tsm> incr /Users/ians/* /Users/test/* -su=yes

** Linux/Unix **

tsm> incr /home/ians/projects/hsm41test/* /home/ians/projects/hsm41perf/* -

su=yes

** Netware **

tsm> incr USR:ians/projects/tsm/* "USR:ians/projects/new html/*" -su=yes

6. Restoring your data

The basic syntax for restoring your data is dsmc restore source-file destination-file. If
the destination-file is omitted then TSM will restore the file(s) to their original location. Be aware
that, as with backup, you cannot use wildcards in directory/folder names. By default, TSM will restore
the most current active version of a file.
6.1. Restoring selected files
** Windows **

tsm> rest "C:\My Documents\Word docs\mydoc.doc" "C:\My Documents\restore\"

tsm> rest "C:\My Documents\Word docs\mydoc.doc" "C:\My

Documents\restore\myolddoc.doc"

** Mac **
tsm> rest /Users/ians/myfile.txt /Users/ians/restore/

tsm> rest /Users/ians/myfile.txt /Users/ians/restore/myoldfile.txt

** Linux/Unix **

tsm> rest /home/ians/myfile.txt /home/ians/restore/

tsm> rest /home/ians/myfile.txt /home/ians/restore/myoldfile.txt

** Netware **

tsm> rest USR:ians/myfile.txt* "USR:ians/restore/"

tsm> rest USR:ians/myfile.txt* "USR:ians/restore/myoldfile.txt"

Note from the first example of each restore above that in order to specify a directory as a destination,
you need a trailing / (slash) at the end of the destination-filespec. Otherwise TSM may overwrite a file of
the same name. The second example demonstrates a filename in the destination-filespec.

Restores of single files cannot be restarted if interrupted. In this case you will need to restore the file
afresh.

6.2. Restoring multiple files and directories

** Windows **

tsm> rest "C:\My Documents\Word docs\*" "C:\My Documents\restore\" -su=yes

** Mac **

tsm> rest /Users/ians/projects/hsm41test/* /Users/ians/projects/restore/ -

su=yes

** Linux/Unix **

tsm> rest /home/ians/projects/hsm41test/* /home/ians/projects/restore/ -

su=yes

** Netware **

tsm> rest USR:ians/projects/tsm/* "USR:ians/projects/restore/" -su=yes

Note that in order to restore a full directory and the contents of all its sub-directories you need the -
su=yes option. It is always good practice to terminate the destination-filespec with a trailing / (slash) if
the element in the destination-filespec is a directory.
As this restore is wild-carded, it can be restarted if interrupted due to user input (Ctrl-C), server error or
communications error. Restartable restores can be queried via q rest and will restart at the point of
interruption.
6.3. Restoring entire partitions
Essentially, the syntax is the same as in 'Restoring multiple files and directories' above. However, the
obvious caveats are to ensure enough space in the destination partition and to allow enough time.

** Windows **

tsm> rest C:\* D:\restore\" -su=yes

** Mac **

tsm> rest /Users/* /tmp/restore/ -su=yes

** Linux/Unix **

tsm> rest /home/* /tmp/restore/ -su=yes

** Netware **

tsm> rest USR:* USR:restore/ -su=yes

As with 'Restoring multiple files and directories' above, this restore is wild-carded and thus can be
restarted if interrupted.

6.4. Restoring old and/or deleted files

As with the GUI, TSM does not, by default, list or restore old and deleted inactive versions of files and
directories. If you need to restore such a file, you need the -inactive -pick options. The -pick option,
while not strictly necessary, causes TSM to display a list of files from which to pick. Issuing a restore as
below will display the following pick window:
tsm> rest /home/ians/projects/* /tmp/restore/ -su=yes -inactive -pick

TSM Scrollable PICK Window - Restore

# Backup Date/Time File Size A/I File

--------------------------------------------------------------------------
------------------------
 170. | 12-09-2011 19:57:09 650 B A
/home/ians/projects/hsm41test/inclexcl.test

171. | 12-09-2011 19:57:09 2.74 KB A

/home/ians/projects/hsm41test/inittab.ORIG

172. | 12-09-2011 19:57:09 2.74 KB A

/home/ians/projects/hsm41test/inittab.TEST

173. | 12-09-2011 19:57:09 1.13 KB A

/home/ians/projects/hsm41test/md5.out

174. | 30-04-2012 01:35:26 512 B A

/home/ians/projects/hsm42125upg/PMR70023

175. | 26-04-2012 01:02:08 512 B I

/home/ians/projects/hsm42125upg/PMR70023

176. | 27-04-2012 00:28:15 512 B A

/home/ians/projects/hsm42125upg/PMR70099

177. | 24-04-2012 19:17:34 512 B I

/home/ians/projects/hsm42125upg/PMR70099

178. | 24-04-2012 00:22:56 1.35 KB A

/home/ians/projects/hsm42125upg/dsm.opt

179. | 24-04-2012 00:22:56 4.17 KB A

/home/ians/projects/hsm42125upg/dsm.sys

180. | 24-04-2012 00:22:56 1.13 KB A

/home/ians/projects/hsm42125upg/dsmmigfstab

181. | 24-04-2012 00:22:56 7.30 KB A

/home/ians/projects/hsm42125upg/filesystems

182. | 24-04-2012 00:22:56 1.25 KB A

/home/ians/projects/hsm42125upg/inclexcl

183. | 24-04-2012 00:22:56 198 B A

/home/ians/projects/hsm42125upg/inclexcl.dce
 184. | 24-04-2012 00:22:56 291 B A
/home/ians/projects/hsm42125upg/inclexcl.ox_sys

185. | 24-04-2012 00:22:56 650 B A

/home/ians/projects/hsm42125upg/inclexcl.test

186. | 24-04-2012 00:22:56 670 B A

/home/ians/projects/hsm42125upg/inetd.conf

187. | 24-04-2012 00:22:56 2.71 KB A

/home/ians/projects/hsm42125upg/inittab

188. | 24-04-2012 00:22:56 1.00 KB A

/home/ians/projects/hsm42125upg/md5check

189. | 24-04-2012 00:22:56 79.23 KB A

/home/ians/projects/hsm42125upg/mkreport.020423.out

190. | 24-04-2012 00:22:56 4.27 KB A

/home/ians/projects/hsm42125upg/ssamap.020423.out

191. | 26-04-2012 01:02:08 12.78 MB A

/home/ians/projects/hsm42125upg/PMR70023/70023.tar

192. | 25-04-2012 16:33:36 12.78 MB I

/home/ians/projects/hsm42125upg/PMR70023/70023.tar

0---------10--------20--------30--------40--------50--------60-------
-70--------80--------90--

<U>=Up <D>=Down <T>=Top <B>=Bottom <R#>=Right <L#>=Left

<G#>=Goto Line # <#>=Toggle Entry <+>=Select All <->=Deselect All

<#:#+>=Select A Range <#:#->=Deselect A Range <O>=Ok <C>=Cancel

pick>

You are now in the pick interface and can select individual files to restore via the number to the left,
scroll up or down via U and D as described at the bottom of each listing of files.
Remember to issue the destination-filespec with the original restore command if you want to prevent
overwriting current versions of files with older versions.
7. Restoring your data to another machine
In certain circumstances, it may be necessary to restore some, or all, of your data onto a machine other
than the original from which it was backed up. Ideally the machine platform should be identical to that
of the original machine. Where this is not possible or practical please note that restores are only possible
for partition types that the operating system supports. Thus a restore of an NTFS partition to a Windows
9x machine with just FAT support may succeed but the file permissions will be lost. Please do not
attempt cross-platform restores, e.g. by trying to restore files onto a Windows machine that have
previously been backed up with a non-Windows one: using TSM for Windows to try to access backups
sent by other OS platforms can cause those backups to become inaccessible from the host system.

To restore your data to another machine you will need the TSM software installed on the target
machine. Entries in dsm.sys and/or dsm.optwill need to be edited if the node that you are restoring
from does not reside on the same HFS server as the one that you are restoring to. Please see our help
page section on TSM configuration files for their locations for your operating system. To check which
HFS server is required, please go to View TSM Client Details, where the listed HFS Server will be the
one needed for the Servername field in both dsm.sys(Mac/Unix/Linux only) and dsm.opt (all
operating systems). If you do need to edit these files, it is recommended that you first of all make copies
so that you can get your old settings back later. The other two values which need to be changed
are TCPServer and TCPPort, in dsm.sys(Mac/Unix/Linux) or dsm.opt (Windows/Netware): these
can be got from our page on connecting to the HFS through a firewall, where the relevant fields are in
the 'DNS Name' and 'Port' columns respectively.
To access files from another machine you should then start the TSM client as below:

dsmc -virtualnodename=DEAD.MACHINE ** Windows, Mac, Unix/Linux

load dsmc -virtualnodename=DEAD.MACHINE ** Netware

where DEAD.MACHINE should be substituted for the nodename of the machine to be restored. You will
then be prompted for the TSM password for this machine.

Querying and restoring the filestore is then as in the previous section, 6. Restoring your data. You will
probably want to restore to a different destination to the original files to prevent overwriting files on the
local machine, as below:
tsm> rest D:\* D:\RESTORE\ -su=yes ** Windows

tsm> rest /home/* /scratch/ -su=yes ** Mac, Unix/Linux

tsm> rest SOURCE-SERVER\USR:* USR:restore/ -su=yes ** Netware

8. Changing your TSM password

The TSM password is set to expire approximately one year after registration and at one-yearly intervals
after that. Prior to this automatic expiry, you will be contacted to remind you to re-set this password.
Note that even if you have the option

PASSWORDACCESS Generate

set in your options file, it is recommended you manually re-set your TSM password. To do this at
the tsm> prompt enter:
tsm> set password oldpassword newpassword

TSM (Tivoli Storage Manager) is a centralized, policy-based, enterprise class, data backup and
recovery package from IBM Corporation.The software enables the user to insert objects not only via
backup, but also through space management and archive tools. It also allows retrieval of the same data via
similar restore, recall, and retrieve methods.

As Unix Admins we used to get lot of requests from the application teams for tsm backup restores.I would
like to discuss about the the best 14 best use-full TSM client commands.

I will go by the a category wise "Query,Backup & Restore".

Generally we use dsmc/dsm for the TSM client commands.

In this article we are going to discuss about the following contents with practice examples.

1) Querying the server

A. Querying your scheduled backup slot
B. Querying what files are included / excluded for backup
C.Querying what partitions have been backed up
D.Querying what files have been backed up

2) Backing Up data
A. Backing your local filesystems
B. Backing up selected files

3) Restore Data
A. Restore a file to its original directory
B. Restore the most recent backup version of a file
C. Display a list of active and inactive backup versions of files from which you can select versions
to restore
 D. Restore with a directory including subdirectories
E. Restore the file under a new name and directory
F. Restore all files in a directory as of their current state
G. Restore all files from a directory that end with .xyz to the another directory
H. Restore files specified in the text file to a different location

1) Querying the server

A. Querying your scheduled backup slot
To query your scheduled backup slot enter dsmc q sched (which is short for query schedule). The output
should look similar to that below:
#dsmc q sched

Schedule Name: WEEKLY_UM

Description: UM weekly incremental backup
Schedule Style: Classic
Action: Incremental
Options:
Objects:
Priority: 5
Next Execution: 135 Hours and 25 Minutes
Duration: 20 Minutes
Period: 1 Week
Day of Week: Thursday
Expire: Never

B. Querying what files are included / excluded for backup

"q inclexcl" to list output similar to the following:
#dsmc q inclexcl
*** FILE INCLUDE/EXCLUDE ***
Mode Function Pattern (match from top down) Source File
---- --------- ------------------------------ -----------------
Excl Filespace /var/run /opt/tivoli/tsm/client/ba/bin/incl.excl
Excl Filespace /tmp /opt/tivoli/tsm/client/ba/bin/incl.excl
Excl Directory /.../.opera/.../cache4 /opt/tivoli/tsm/client/ba/bin/incl.excl
Excl Directory /.../.mozilla/.../Cache /opt/tivoli/tsm/client/ba/bin/incl.excl
Excl Directory /.../.netscape/.../cache /opt/tivoli/tsm/client/ba/bin/incl.excl
Excl Directory /var/tmp /opt/tivoli/tsm/client/ba/bin/incl.excl
Excl All /.../dsmsched.log /opt/tivoli/tsm/client/ba/bin/incl.excl
Excl All /.../core /opt/tivoli/tsm/client/ba/bin/incl.excl
Excl All /.../a.out /opt/tivoli/tsm/client/ba/bin/incl.excl

C.Querying what partitions have been backed up

"q fi" to list which partitions have been backed up:
** Unix/Linux **

#dsmc q fi
# Last Incr Date Type File Space Name
--- -------------- ---- ---------------
1 02-05-2013 02:13:13 UFS /
2 25-07-2012 12:26:09 UFS /export/home
3 02-05-2013 02:13:26 UFS /home
4 16-01-2013 11:26:37 UFS /scratch
5 02-05-2013 02:13:54 UFS /usr/local
6 12-02-2013 02:52:41 UFS /var

** Netware **

# Last Incr Date Type File Space Name

--- -------------- ---- ---------------
1 02-05-2013 00:23:46 NTW:LONG Oracle_data\usr:
2 02-07-2013 00:22:42 NDS Oracle_data\bin:
3 02-07-2013 00:25:33 NTW:LONG Oracle_data\apps:
4 02-07-2013 00:25:11 NTW:LONG Oracle_data\usr:

D.Querying what files have been backed up

In order to query the files or directories that are backed-up earlier you can use "q ba".

The below example gives you only the directory information.

#dsmc q ba /home/oraadmin
Size Backup Date Mgmt Class A/I File
---- ----------- ---------- --- ----
1024 B 15-10-2013 02:52:09 STANDARD A /home/oraadmin

If you just add a trailing * (star) as a wildcard in the above query, TSM will only return those files and
directories backed up immediately below the directory path given in the query
#dsmc q ba /home/oraadm/*
Size Backup Date Mgmt Class A/I File
---- ----------- ---------- --- ----
512 12-09-2012 19:57:09 STANDARD A /home/oraadm/data1.dtf
1,024 08-12-2012 02:46:53 STANDARD A /home/oraadm/data2.dtf
512 12-09-2012 19:57:09 STANDARD A /home/oraadm/data3.dtf
512 24-04-2002 00:22:56 STANDARD A /home/oraadm/data4.dtf

If you want to query all the current files and directories backed up under a directory and all its sub-directories
you need to add the -subdir=yes option as below:

#dsmc q ba /home/oraadm/* -subdir=yes

Size Backup Date Mgmt Class A/I File
---- ----------- ---------- --- ----
512 12-09-2012 19:57:09 STANDARD A /home/oraadm/data1.dtf
1,024 08-12-2012 02:46:53 STANDARD A /home/oraadm/data2.dtf
512 12-09-2012 19:57:09 STANDARD A /home/oraadm/data3.dtf
512 24-04-2002 00:22:56 STANDARD A /home/oraadm/data4.dtf
1,024 12-09-2012 19:57:09 STANDARD A /home/oraadm/datasmart1/test
1,024 12-09-2012 19:57:09 STANDARD A /home/oraadm/datasmart1/test/test2
12,048 04-12-2012 02:01:29 STANDARD A /home/oraadm/datasmart2/tables
50,326 30-04-2013 01:35:26 STANDARD A /home/oraadm/datasmart3/data_file1
50,326 27-04-2013 00:28:15 STANDARD A /home/oraadm/datasmart3/data_file2
11,013 24-04-2013 00:22:56 STANDARD A /home/oraadm/datasmart3/data_file3

2. Backing Up data
A. Backing your local filesystems
The syntax for this is "dsmc backup-type filesystem" , where backup-type is one of incremental or
selective.

Incremental Backup : It is one that backs up only the data that changed since the last backup — be it a
full or incremental backup
Selective Backup : A type of backup where only the user specified files and directories are backed up. A
selective backup is commonly used for backing up files which change frequently or in situations where the
space available to store backups is limited. Also called a partial backup.

I would always suggest you always go with incremental. The command is "dsmc incremental" or "dsmc
incr" Where "incr" is an abbreviation for incremental.

Perform an incremental backup of your client server.

#dsmc incr

Make this will omit the filesystems which were mention in the exclude file.
To incrementally back up specific file-systems enter:
#dsmc incr / /usr /usr/local /home

To back up entire filesystem irrespective of whether files have changed since the last backup, use the
selective command with a wild-card and -subdir=yes as below:
#dsmc sel /* /usr/* /home/* -su=yes

B. Backing up selected files

For backing up selected files is similar to that for backing up filesystems. Be aware, however, that you
cannot use wildcards in directory / folder names:
#dsmc incr /home/oradm/data*/* -su=yes
ANS1071E Invalid domain name entered: '/home/oradm/data*/*'

#dsmc sel /home/oradm/data*/* -su=yes

Selective Backup function invoked.
ANS1081E Invalid search file specification '/home/oradm/data*/*' entered

You can, however, enter several file specifications on the command line, as below:
#dsmc incr /home/surya/* /usr/bin/* -su=yes

3) Restore Data
We use the "restore" command to restore files

A. Restore a file to its original directory

Restore the /home/oraadm/data.txt file to its original directory.
 #dsmc restore /home/oraadm/data.txt

If you do not specify a destination, the files are restored to their original location.

B. Restore the most recent backup version of a file

Here is an example to restore /home/oraadm/data.txt file, even if the backup is inactive.
#dsmc restore /home/oraadm/data.txt -latest

If the file you are restoring no longer resides on your client machine, and you have run an incremental
backup since deleting the file, there is no active backup of the file on the server. In this case, use the
latest option to restore the most recent backup version. Tivoli Storage Manager restores the latest backup
version, whether it is active or inactive.

C. Display a list of active and inactive backup versions of files from

which you can select versions to restore
#dsmc restore "/home/oraadmin/*"-pick -inactive

D. Restore with a directory including subdirectories

Restore the files in the /oradata1 directory and all of its sub-directories (-sub=yes)
#dsmc restore /oradata1/ -subdir=yes

When restoring a specific path and file, Tivoli Storage Manager recursively restores all sub-directories
under that path, and any instances of the specified file that exist under any of those sub-directories.

E. Restore the file under a new name and directory

In-order to restore the /home/oraadm/data.txt file under a new name and directory.

#dsmc restore /home/oraadm/data.txt /tmp/data-renamed.txt

F. Restore all files in a directory as of their current state

 Restore all files in the /usr/oradata/docs directory to their state as of 5:00 PM on October 16, 2013.
#dsmc restore -pitd=10/16/2013 -pitt=17:00:00 /usr/oradata/docs/

Use the pitdate option with the pittime option to establish a point in time for which you want to display or
restore the latest version of your backups. Files that were backed up on or before the date and time you
specified, and which were not deleted before the date and time you specified, are processed. Backup
versions that you create after this date and time are ignored.

G. Restore all files from a directory that end with .xyz to the another
directory
Restore all files from the /usr/oradata/docs/ directory that end with .bak to the /usr/oradata/projects/
directory.

# dsmc restore "/usr/oradata/docs/*.bak" /usr/oradata/projects/

If the destination is a directory, specify the delimiter (/) as the last character of the destination. If you omit
the delimiter and your specified source is a directory or a file spec with a wildcard, you will receive an
error. If the projects directory does not exist, it is created.

H. Restore files specified in the text file to a different location

Restore files specified in the restorelist.txt file to a different location.
# dsmc restore -filelist=/tmp/restorelist.txt /usr/ora_backup/

The files (entries) listed in the filelist must adhere to the following rules:

 Each entry must be a fully or partially qualified path to a file or directory or a relative path.
 Each entry must be on a new line.
 Do not use wildcard characters.
 Each entry results in the processing of only one object (file or directory).
 If the file name contains any spaces, enclose the file name with quotes.
 The filelist can be an MBCS file or a Unicode file with all Unicode entries.
 Tivoli Storage Manager ignores any entry that is not valid.
 IP TABLES

#1: Displaying the Status of Your Firewall

Type the following command as root:
# iptables -L -n -v
Sample outputs:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination

Above output indicates that the firewall is not active. The following sample shows an active
firewall:
# iptables -L -n -v
Sample outputs:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
394 43586 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
93 17292 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
1 142 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 wanin all -- vlan2 * 0.0.0.0/0 0.0.0.0/0
0 0 wanout all -- * vlan2 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 425 packets, 113K bytes)
pkts bytes target prot opt in out source
destination
Chain wanin (1 references)
pkts bytes target prot opt in out source
destination
Chain wanout (1 references)
pkts bytes target prot opt in out source
destination

Where,
• -L : List rules.
• -v : Display detailed information. This option makes the list command show the interface
name, the rule options, and the TOS masks. The packet and byte counters are also listed,
with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and 1,000,000,000 multipliers
respectively.
• -n : Display IP address and port in numeric format. Do not use DNS to resolve names.
This will speed up listing.
#1.1: To inspect firewall with line numbers, enter:
# iptables -n -L -v --line-numbers
Sample outputs:
Chain INPUT (policy DROP)
num target prot opt source destination
1 DROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 DROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID
3 TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x02 TCPMSS clamp to PMTU
4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
5 wanin all -- 0.0.0.0/0 0.0.0.0/0
6 wanout all -- 0.0.0.0/0 0.0.0.0/0
7 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain wanin (1 references)
num target prot opt source destination
Chain wanout (1 references)
num target prot opt source destination

You can use line numbers to delete or insert new rules into the firewall.
#1.2: To display INPUT or OUTPUT chain rules, enter:
# iptables -L INPUT -n -v
# iptables -L OUTPUT -n -v --line-numbers
#2: Stop / Start / Restart the Firewall
If you are using CentOS / RHEL / Fedora Linux, enter:
# service iptables stop
# service iptables start
# service iptables restart
You can use the iptables command itself to stop the firewall and delete all rules:
# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -P FORWARD ACCEPT
Where,
• -F : Deleting (flushing) all the rules.
• -X : Delete chain.
• -t table_name : Select table (called nat or mangle) and delete/flush rules.
• -P : Set the default policy (such as DROP, REJECT, or ACCEPT).
#3: Delete Firewall Rules
To display line number along with other information for existing rules, enter:
# iptables -L INPUT -n --line-numbers
# iptables -L OUTPUT -n --line-numbers
# iptables -L OUTPUT -n --line-numbers | less
# iptables -L OUTPUT -n --line-numbers | grep 202.54.1.1
You will get the list of IP. Look at the number on the left, then use number to delete it. For
example delete line number 4, enter:
# iptables -D INPUT 4
OR find source IP 202.54.1.1 and delete from rule:
# iptables -D INPUT -s 202.54.1.1 -j DROP
Where,
• -D : Delete one or more rules from the selected chain
#4: Insert Firewall Rules
To insert one or more rules in the selected chain as the given rule number use the following
syntax. First find out line numbers, enter:
# iptables -L INPUT -n --line-numbers
Sample outputs:
Chain INPUT (policy DROP)
num target prot opt source destination
1 DROP all -- 202.54.1.1 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
To insert rule between 1 and 2, enter:
# iptables -I INPUT 2 -s 202.54.1.2 -j DROP
To view updated rules, enter:
# iptables -L INPUT -n --line-numbers
Sample outputs:
Chain INPUT (policy DROP)
num target prot opt source destination
1 DROP all -- 202.54.1.1 0.0.0.0/0
2 DROP all -- 202.54.1.2 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED

#5: Save Firewall Rules

To save firewall rules under CentOS / RHEL / Fedora Linux, enter:
# service iptables save
In this example, drop an IP and save firewall rules:
# iptables -A INPUT -s 202.5.4.1 -j DROP
# service iptables save
For all other distros use the iptables-save command:
# iptables-save > /root/my.active.firewall.rules
# cat /root/my.active.firewall.rules
#6: Restore Firewall Rules
To restore firewall rules form a file called /root/my.active.firewall.rules, enter:
# iptables-restore < /root/my.active.firewall.rules
To restore firewall rules under CentOS / RHEL / Fedora Linux, enter:
# service iptables restart
#7: Set the Default Firewall Policies
To drop all traffic:
# iptables -P INPUT DROP
# iptables -P OUTPUT DROP
# iptables -P FORWARD DROP
# iptables -L -v -n
#### you will not able to connect anywhere as all traffic is
dropped ###
# ping cyberciti.biz
# wget
http://www.kernel.org/pub/linux/kernel/v3.0/testing/linux-3.2-
rc5.tar.bz2
#7.1: Only Block Incoming Traffic
To drop all incoming / forwarded packets, but allow outgoing traffic, enter:
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
# iptables -P OUTPUT ACCEPT
# iptables -A INPUT -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -L -v -n
### *** now ping and wget should work *** ###
# ping cyberciti.biz
# wget
http://www.kernel.org/pub/linux/kernel/v3.0/testing/linux-3.2-
rc5.tar.bz2
#8:Drop Private Network Address On Public Interface
IP spoofing is nothing but to stop the following IPv4 address ranges for private networks on your
public interfaces. Packets with non-routable source addresses should be rejected using the
following syntax:
# iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j DROP
# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP
#8.1: IPv4 Address Ranges For Private Networks (make sure you block them on public interface)
• 10.0.0.0/8 -j (A)
• 172.16.0.0/12 (B)
• 192.168.0.0/16 (C)
• 224.0.0.0/4 (MULTICAST D)
• 240.0.0.0/5 (E)
• 127.0.0.0/8 (LOOPBACK)
#9: Blocking an IP Address (BLOCK IP)
To block an attackers ip address called 1.2.3.4, enter:
# iptables -A INPUT -s 1.2.3.4 -j DROP
# iptables -A INPUT -s 192.168.0.0/24 -j DROP
#10: Block Incoming Port Requests (BLOCK PORT)
To block all service requests on port 80, enter:
# iptables -A INPUT -p tcp --dport 80 -j DROP
# iptables -A INPUT -i eth1 -p tcp --dport 80 -j DROP
To block port 80 only for an ip address 1.2.3.4, enter:
# iptables -A INPUT -p tcp -s 1.2.3.4 --dport 80 -j DROP
# iptables -A INPUT -i eth1 -p tcp -s 192.168.1.0/24 --dport 80
-j DROP
#11: Block Outgoing IP Address
To block outgoing traffic to a particular host or domain such as cyberciti.biz, enter:
# host -t a cyberciti.biz
Sample outputs:
cyberciti.biz has address 75.126.153.206

Note down its ip address and type the following to block all outgoing traffic to 75.126.153.206:
# iptables -A OUTPUT -d 75.126.153.206 -j DROP
You can use a subnet as follows:
# iptables -A OUTPUT -d 192.168.1.0/24 -j DROP
# iptables -A OUTPUT -o eth1 -d 192.168.1.0/24 -j DROP
#11.1: Example - Block Facebook.com Domain
First, find out all ip address of facebook.com, enter:
# host -t a www.facebook.com
Sample outputs:
www.facebook.com has address 69.171.228.40

Find CIDR for 69.171.228.40, enter:

# whois 69.171.228.40 | grep CIDR
Sample outputs:
CIDR: 69.171.224.0/19

To prevent outgoing access to www.facebook.com, enter:

# iptables -A OUTPUT -p tcp -d 69.171.224.0/19 -j DROP
You can also use domain name, enter:
# iptables -A OUTPUT -p tcp -d www.facebook.com -j DROP
# iptables -A OUTPUT -p tcp -d facebook.com -j DROP
From the iptables man page:
... specifying any name to be resolved with a remote query such as DNS (e.g.,
facebook.com is a really bad idea), a network IP address (with /mask), or a plain IP
address ...

#12: Log and Drop Packets

Type the following to log and block IP spoofing on public interface called eth1
# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j LOG --log-prefix
"IP_SPOOF A: "
# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP
By default everything is logged to /var/log/messages file.
# tail -f /var/log/messages
# grep --color 'IP SPOOF' /var/log/messages
#13: Log and Drop Packets with Limited Number of Log Entries
The -m limit module can limit the number of log entries created per time. This is used to prevent
flooding your log file. To log and drop spoofing per 5 minutes, in bursts of at most 7 entries .
# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -m limit --limit 5/m -
-limit-burst 7 -j LOG --log-prefix "IP_SPOOF A: "
# iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP
#14: Drop or Accept Traffic From Mac Address
Use the following syntax:
# iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j
DROP
## *only accept traffic for TCP port # 8080 from mac
00:0F:EA:91:04:07 * ##
# iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-
source 00:0F:EA:91:04:07 -j ACCEPT
#15: Block or Allow ICMP Ping Request
Type the following command to block ICMP ping requests:
# iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
# iptables -A INPUT -i eth1 -p icmp --icmp-type echo-request -j
DROP
Ping responses can also be limited to certain networks or hosts:
# iptables -A INPUT -s 192.168.1.0/24 -p icmp --icmp-type echo-
request -j ACCEPT
The following only accepts limited type of ICMP requests:
### ** assumed that default INPUT policy set to DROP **
#############
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j
ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
## ** all our server to respond to pings ** ##
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#16: Open Range of Ports
Use the following syntax to open a range of ports:
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport
7000:7010 -j ACCEPT
#17: Open Range of IP Addresses
Use the following syntax to open a range of IP address:
## only accept connection to tcp port 80 (Apache) if ip is
between 192.168.1.100 and 192.168.1.200 ##
iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-
range 192.168.1.100-192.168.1.200 -j ACCEPT
## nat example ##
iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.1.20-
192.168.1.25
#18: Established Connections and Restaring The Firewall
When you restart the iptables service it will drop established connections as it unload modules
from the system under RHEL / Fedora / CentOS Linux. Edit, /etc/sysconfig/iptables-config and
set IPTABLES_MODULES_UNLOAD as follows:
IPTABLES_MODULES_UNLOAD = no

#19: Help Iptables Flooding My Server Screen

Use the crit log level to send messages to a log file instead of console:
iptables -A INPUT -s 1.2.3.4 -p tcp --destination-port 80 -j LOG
--log-level crit
#20: Block or Open Common Ports
The following shows syntax for opening and closing common TCP and UDP ports:
Replace ACCEPT with DROP to block port:
## open port ssh tcp port 22 ##
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 22 -j
ACCEPT

## open cups (printing service) udp/tcp port 631 for LAN users ##
iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 631 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 631 -j ACCEPT

## allow time sync via NTP for lan users (open udp port 123) ##
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -
j ACCEPT

## open tcp port 25 (smtp) for all ##

iptables -A INPUT -m state --state NEW -p tcp --dport 25 -j ACCEPT

# open dns server ports for all ##

iptables -A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT

## open http/https (Apache) server port to all ##

iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT

## open tcp port 110 (pop3) for all ##

iptables -A INPUT -m state --state NEW -p tcp --dport 110 -j ACCEPT

## open tcp port 143 (imap) for all ##

iptables -A INPUT -m state --state NEW -p tcp --dport 143 -j ACCEPT

## open access to Samba file server for lan users only ##

iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 137 -
j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 138 -
j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 139 -
j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 445 -
j ACCEPT

## open access to proxy server for lan users only ##

iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 3128
-j ACCEPT

## open access to mysql server for lan users only ##

iptables -I INPUT -p tcp --dport 3306 -j ACCEPT

#21: Restrict the Number of Parallel Connections To a Server Per Client IP

You can use connlimit module to put such restrictions. To allow 3 ssh connections per client host,
enter:
# iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --
connlimit-above 3 -j REJECT
Set HTTP requests to 20:
# iptables -p tcp --syn --dport 80 -m connlimit --connlimit-
above 20 --connlimit-mask 24 -j DROP
Where,
1. --connlimit-above 3 : Match if the number of existing connections is above 3.
2. --connlimit-mask 24 : Group hosts using the prefix length. For IPv4, this must be a
number between (including) 0 and 32.
#22: HowTO: Use iptables Like a Pro
For more information about iptables, please see the manual page by typing man iptables from the
command line:
$ man iptables
You can see the help using the following syntax too:
# iptables -h
To see help with specific commands and targets, enter:
# iptables -j DROP -h
#22.1: Testing Your Firewall
Find out if ports are open or not, enter:
# netstat -tulpn
Find out if tcp port 80 open or not, enter:
# netstat -tulpn | grep :80
If port 80 is not open, start the Apache, enter:
# service httpd start
Make sure iptables allowing access to the port 80:
# iptables -L INPUT -v -n | grep 80
Otherwise open port 80 using the iptables for all users:
# iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j
ACCEPT
# service iptables save
Use the telnet command to see if firewall allows to connect to port 80:
$ telnet www.cyberciti.biz 80
Sample outputs:
Trying 75.126.153.206...
Connected to www.cyberciti.biz.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

KICK START
Go to the url https://cbm.sys.suresh.net/

Enter the Hostname, IP Address, Netmask/CIDR, MAC Address, OS Sequence

Click the Submit button

Login the server console and reboot the server.

Select the boot option- Press F11 key

Select the option 5 for PXE boot

Or Press F12 key for PXE boot..

After boot PXE mode it will automatically complete the OS installation.

IO STAT , VMSTAT & MPSTAT

IOSTAT EXAMPLES
1. iostat – Basic example
Iostat without any argument displays information about the CPU usage, and I/O statistics about
all the partitions on the system as shown below.
$ iostat
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011

avg-cpu: %user %nice %system %iowait %steal %idle

5.68 0.00 0.52 2.03 0.00 91.76

Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn

sda 194.72 1096.66 1598.70 2719068704 3963827344
sda1 178.20 773.45 1329.09 1917686794 3295354888
sda2 16.51 323.19 269.61 801326686 668472456
sdb 371.31 945.97 1073.33 2345452365 2661206408
sdb1 371.31 945.95 1073.33 2345396901 2661206408
sdc 408.03 207.05 972.42 513364213 2411023092
sdc1 408.03 207.03 972.42 513308749 2411023092

2. iostat – Display only cpu statistics

iostat option -c, displays only the CPU usage statistics as shown below.
$ iostat -c
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011

avg-cpu: %user %nice %system %iowait %steal %idle

5.68 0.00 0.52 2.03 0.00 91.76

3. iostat – Display only disk I/O statistics

iostat option -d, displays only the disk I/O statistics as shown below.
$ iostat -d
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011

Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn

sda 194.71 1096.61 1598.63 2719068720 3963827704
sda1 178.20 773.41 1329.03 1917686810 3295355248
sda2 16.51 323.18 269.60 801326686 668472456
sdb 371.29 945.93 1073.28 2345452365 2661209192
sdb1 371.29 945.91 1073.28 2345396901 2661209192
sdc 408.01 207.04 972.38 513364213 2411024484
sdc1 408.01 207.02 972.38 513308749 2411024484

4. iostat – Display only network statistics

iostat option -n, displays only the device and NFS statistics as shown below.
$ iostat -n
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011

avg-cpu: %user %nice %sys %iowait %idle

4.33 0.01 1.16 0.31 94.19
Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn
sda 2.83 0.35 5.39 29817402 457360056
sda1 3.32 50.18 4.57 4259963994 387641400
sda2 0.20 0.76 0.82 64685128 69718576
sdb 6.59 15.53 42.98 1318931178 3649084113
sdb1 11.80 15.53 42.98 1318713382 3649012985

Device: rBlk_nor/s wBlk_nor/s rBlk_dir/s wBlk_dir/s

rBlk_svr/s wBlk_svr/s
192.168.1.4:/home/data 90.67 0.00 0.00 0.00
5.33 0.00
192.168.1.4:/backup 8.74 0.00 0.00 0.00
8.74 0.00
192.168.1.8:/media 0.02 0.00 0.00 0.00
0.01 0.00

5. iostat – Display I/O data in MB/second

By default iostat, displays the device I/O statistics in Blocks. To change it to MB, use -m as
shown below.
$ iostat -m
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011

avg-cpu: %user %nice %system %iowait %steal %idle

5.68 0.00 0.52 2.03 0.00 91.76

Device: tps MB_read/s MB_wrtn/s MB_read MB_wrtn

sda 194.70 0.54 0.78 1327670 1935463
sda1 178.19 0.38 0.65 936370 1609060
sda2 16.51 0.16 0.13 391272 326402
sdb 371.27 0.46 0.52 1145240 1299425
sdb1 371.27 0.46 0.52 1145213 1299425
sdc 407.99 0.10 0.47 250666 1177259
sdc1 407.99 0.10 0.47 250639 1177259

6. iostat – Display I/O statistics only for a device

By default iostat displays I/O data for all the disks available in the system. To view statistics for a
specific device (For example, /dev/sda), use the option -p as shown below.
$ iostat -p sda
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011

avg-cpu: %user %nice %system %iowait %steal %idle

5.68 0.00 0.52 2.03 0.00 91.76

Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn

sda 194.69 1096.51 1598.48 2719069928 3963829584
sda2 336.38 27.17 54.00 67365064 133905080
sda1 821.89 0.69 243.53 1720833 603892838

7. iostat – Display timestamp information

By default iostat displays only the current date. To display the current time, use the option -t as
shown below.
$ iostat -t
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011

Time: 08:57:52 AM
avg-cpu: %user %nice %system %iowait %steal %idle
5.68 0.00 0.52 2.03 0.00 91.76

Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn

sda 194.69 1096.49 1598.45 2719070384 3963829704
sda1 178.18 773.32 1328.88 1917688474 3295357248
sda2 16.51 323.14 269.57 801326686 668472456
sdb 371.25 945.82 1073.16 2345452741 2661228872
sdb1 371.25 945.80 1073.16 2345397277 2661228872
sdc 407.97 207.02 972.27 513364233 2411030200
sdc1 407.97 207.00 972.27 513308769 2411030200

8. iostat – Display Extended status

Use option -x, which will displays extended disk I/O statistics information as shown below.
$ iostat -x
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011

avg-cpu: %user %nice %system %iowait %steal %idle

5.68 0.00 0.52 2.03 0.00 91.76

Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-

sz await svctm %util
sda 27.86 63.53 61.77 132.91 1096.46 1598.40 13.84
0.21 1.06 2.28 44.45
sda1 0.69 33.22 48.54 129.63 773.30 1328.84 11.80
1.39 7.82 2.28 40.57
sda2 27.16 30.32 13.23 3.28 323.13 269.56 35.90
0.55 32.96 3.44 5.68
sdb 39.15 215.16 202.20 169.04 945.80 1073.13 5.44
1.05 2.78 1.64 60.91
sdb1 39.15 215.16 202.20 169.04 945.77 1073.13 5.44
1.05 2.78 1.64 60.91
sdc 8.90 3.63 356.56 51.40 207.01 972.24 2.89
1.04 2.56 1.55 63.30
sdc1 8.90 3.63 356.55 51.40 206.99 972.24 2.89
1.04 2.56 1.55 63.30

To display extended information for a specific partition (For example, /dev/sda1), do the
following.
$ iostat -x sda1
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011

avg-cpu: %user %nice %system %iowait %steal %idle

5.68 0.00 0.52 2.03 0.00 91.76

Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-

sz await svctm %util
sda1 0.69 33.21 48.54 129.62 773.23 1328.76 11.80
1.39 7.82 2.28 40.56
9. iostat – Execute Every x seconds (for y number of times)
To execute iostat every 2 seconds (until you press Ctl-C), do the following.
$ iostat 2
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011

avg-cpu: %user %nice %system %iowait %steal %idle

5.68 0.00 0.52 2.03 0.00 91.76

Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn

sda 194.67 1096.39 1598.33 2719070584 3963891256
sda1 178.16 773.26 1328.79 1917688482 3295418672
sda2 16.51 323.11 269.54 801326878 668472584
sdb 371.22 945.74 1073.08 2345454041 2661251200
sdb1 371.22 945.72 1073.08 2345398577 2661251200
sdc 407.93 207.00 972.19 513366813 2411036564
sdc1 407.93 206.98 972.19 513311349 2411036564
..

To execute every 2 seconds for a total of 3 times, do the following.

$ iostat 2 3

10. iostat – Display LVM statistic (and version)

To display the LVM statistics use option -N as shown below.
$ iostat -N

To display the version of iostat, use -V. This will really display the version information of sysstat,
as iostat is part of sysstat package.
$ iostat -V
sysstat version 7.0.2
(C) Sebastien Godard

VMSTAT EXAMPLES
11. vmstat – Basic example
vmstat by default will display the memory usage (including swap) as shown below.
$ vmstat
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu--
----
r b swpd free buff cache si so bi bo in cs us sy id wa
st
0 0 305416 260688 29160 2356920 2 2 4 1 0 0 6 1 92
2 0

vmstat output contains the following fields:

• Procs – r: Total number of processes waiting to run
• Procs – b: Total number of busy processes
• Memory – swpd: Used virtual memory
• Memory – free: Free virtual memory
 • Memory – buff: Memory used as buffers
• Memory – cache: Memory used as cache.
• Swap – si: Memory swapped from disk (for every second)
• Swap – so: Memory swapped to disk (for every second)
• IO – bi: Blocks in. i.e blocks received from device (for every second)
• IO – bo: Blocks out. i.e blocks sent to the device (for every second)
• System – in: Interrupts per second
• System – cs: Context switches
• CPU – us, sy, id, wa, st: CPU user time, system time, idle time, wait time
12. vmstat – Display active and inactive memory
By default vmstat doesn’t display this information. Use option -a, to display active and inactive
memory information as shown below.

$ vmstat -a
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu--
----
r b swpd free inact active si so bi bo in cs us sy id wa
st
0 0 305416 253820 1052680 2688928 2 2 4 1 0 0 6 1 92
2 0

13. vmstat – Display number of forks since last boot

This displays all the fork system calls made by the system since the last boot. This displays all
fork, vfork, and clone system call counts.
$ vmstat -f
81651975 forks

14. vmstat – Execute Every x seconds (for y number of times)

To execute every 2 seconds, do the following. You have to press Ctrl-C to stop this.
$ vmstat 2
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu--
---
r b swpd free buff cache si so bi bo in cs us sy id wa
st
1 0 0 537144 182736 6789320 0 0 0 0 1 1 0 0 100
0 0
0 0 0 537004 182736 6789320 0 0 0 0 50 32 0 0 100
0 0
..

To execute every 2 seconds for 10 times, do the following. You don’t need to press Ctrl-C in this
case. After executing 10 times, it will stop automatically.
$ vmstat 2 10
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu--
---
r b swpd free buff cache si so bi bo in cs us sy id wa
st
 1
0 0 537144 182736 6789320 0 0 0 0 1 1 0 0 100
0 0
0 0 0 537004 182736 6789320 0 0 0 0 50 32 0 0 100
0 0
..

15. vmstat – Display timestamp

When you use vmstat to monitor the memory usage repeately, it would be nice to see the
timestap along with every line item. Use option -t to display the time stamp as shown below.
$ vmstat -t 1 100
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu--
---- ---timestamp---
r b swpd free buff cache si so bi bo in cs us sy id wa
st
0 0 0 3608728 148368 3898200 0 0 0 0 1 1 0 0 100
0 0 2011-07-09 21:16:28 PDT
0 0 0 3608728 148368 3898200 0 0 0 0 60 15 0 0 100
0 0 2011-07-09 21:16:29 PDT
0 0 0 3608712 148368 3898200 0 0 0 0 32 28 0 0 100
0 0 2011-07-09 21:16:30 PDT

For me, the timestamp option worked in the following version.

$ vmstat -V
procps version 3.2.8

Note: If you use a older version of vmstat, option -t might not be available. In that case, use the
method we suggested earlier to display timestamp in vmstat output.
16. vmstat – Display slab info
Use option -m, to display the slab info as shown below.
$ vmstat -m
Cache Num Total Size Pages
fib6_nodes 5 113 32 113
ip6_dst_cache 4 15 256 15
ndisc_cache 1 15 256 15
RAWv6 7 10 768 5
UDPv6 0 0 640 6
tw_sock_TCPv6 0 0 128 30
...

17. vmstat – Display statistics in a table format

Instead of displays the values in the record format, you can display the output of vmstat in table
format using option -s as shown below.
$ vmstat -s
4149928 total memory
3864824 used memory
2606664 active memory
1098180 inactive memory
285104 free memory
19264 buffer memory
 2326692 swap cache
4192956 total swap
274872 used swap
3918084 free swap
1032454000 non-nice user cpu ticks
14568 nice user cpu ticks
89482270 system cpu ticks
16674327143 idle cpu ticks
368965706 IO-wait cpu ticks
1180468 IRQ cpu ticks
..

18. vmstat – Display disk statistics

Use option -d to display the disk statistics as shown below. This displays the reads, writes, and
I/O statistics of the disk.
$ vmstat -d
disk- ------------reads------------ ------------writes----------- -----IO----
--
total merged sectors ms total merged sectors ms cur
sec
sda 153189971 69093708 2719150864 737822879 329617713 157559204 3965687592
4068577985 0 1102243
sdb 501426305 97099356 2345472425 731613156 419220973 533565961 2661869460
1825174087 0 1510434
sdc 884213459 22078974 513390701 452540172 127474901 8993357 2411187300
2133226954 0 1569758

19. vmstat – Increase the width of the display

The default output without increasing the width is shown below.
$ vmstat 1 3
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu--
---
r b swpd free buff cache si so bi bo in cs us sy id wa
st
0 0 0 3608688 148368 3898204 0 0 0 0 1 1 0 0 100
0 0
0 0 0 3608804 148368 3898204 0 0 0 0 72 30 0 0 100
0 0
0 0 0 3608804 148368 3898204 0 0 0 0 60 27 0 0 100
0 0

Use option -w to increase the width of the output columns as shown below. This give better
readability.
$ vmstat -w 1 3
procs -------------------memory------------------ ---swap-- -----io---- --
system-- -----cpu-------
r b swpd free buff cache si so bi bo in
cs us sy id wa st
0 0 0 3608712 148368 3898204 0 0 0 0 1
1 0 0 100 0 0
0 0 0 3608712 148368 3898204 0 0 0 0 93
23 0 0 100 0 0
0 0 0 3608696 148368 3898204 0 0 0 0 35
34 0 0 100 0 0

20. vmstat – Display statistics for a partition

To display the disk I/O statistics of a specific disk partition use option -p as shown below.
$ vmstat -p sdb1
sdb1 reads read sectors writes requested writes
501423248 2345417917 419221612 2661885948

21. vmstat – Display in MB

By default vmstat displays the memory information in kb. To disply in MB, use the option “-S
m” as shown below.
$ vmstat -S m
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu--
----
r b swpd free buff cache si so bi bo in cs us sy id wa
st
0 0 281 288 19 2386 0 0 4 1 0 0 6 1 92 2
0

MPSTAT EXAMPLES
22. mpstat – Display basic info
By default mpstat displays CPU statistics as shown below.
$ mpstat
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011

10:25:32 PM
CPU %user %nice %sys %iowait %irq %soft %steal %idle intr/s
10:25:32 PM all 5.68 0.00 0.49 2.03 0.01 0.02 0.00
91.77 146.55

23. mpstat – Display all information

Option -A, displays all the information that can be displayed by the mpstat command as shown
below. This is really equalivalent to “mpstat -I ALL -u -P ALL” command.
$ mpstat -A
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011 _x86_64_
(4 CPU)

10:26:34 PM
CPU %usr %nice %sys %iowait %irq %soft %steal %guest %idle
10:26:34 PM all 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 99.99
10:26:34 PM 0 0.01 0.00 0.01 0.01 0.00 0.00 0.00
0.00 99.98
10:26:34 PM 1 0.00 0.00 0.01 0.00 0.00 0.00 0.00
0.00 99.98
10:26:34 PM 2 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 100.00
10:26:34 PM 3 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 100.00

10:26:34 PM CPU intr/s

10:26:34 PM all 36.51
10:26:34 PM 0 0.00
10:26:34 PM 1 0.00
10:26:34 PM 2 0.04
10:26:34 PM 3 0.00

10:26:34 PM CPU 0/s 1/s 8/s 9/s 12/s 14/s 15/s

16/s 19/s 20/s 21/s 33/s NMI/s LOC/s SPU/s PMI/s PND/s
RES/s CAL/s TLB/s TRM/s THR/s MCE/s MCP/s ERR/s MIS/s
10:26:34 PM 0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 7.47 0.00 0.00 0.00
0.00 0.02 0.00 0.00 0.00 0.00 0.00 0.00 0.00
10:26:34 PM 1 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 4.90 0.00 0.00 0.00
0.00 0.03 0.00 0.00 0.00 0.00 0.00 0.00 0.00
10:26:34 PM 2 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.04 0.00 0.00 0.00 0.00 0.00 3.32 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
10:26:34 PM 3 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00 0.00 0.00 0.00 4.17 0.00 0.00 0.00
0.00 0.01 0.00 0.00 0.00 0.00 0.00 0.00 0.00

24. mpstat – Display CPU statistics of individual CPU (or) Core

Option -P ALL, displays all the individual CPUs (or Cores) along with its statistics as shown
below.
$ mpstat -P ALL
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011 _x86_64_
(4 CPU)

10:28:04 PM
CPU %usr %nice %sys %iowait %irq %soft %steal %guest %idle
10:28:04 PM all 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 99.99
10:28:04 PM 0 0.01 0.00 0.01 0.01 0.00 0.00 0.00
0.00 99.98
10:28:04 PM 1 0.00 0.00 0.01 0.00 0.00 0.00 0.00
0.00 99.98
10:28:04 PM 2 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 100.00
10:28:04 PM 3 0.00 0.00 0.00 0.00 0.00 0.00 0.00
0.00 100.00

To display statistics information of a particular CPU (or core), use option -P as shown below.
$ mpstat -P 0
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011 _x86_64_
(8 CPU)

10:28:53 PM
CPU %usr %nice %sys %iowait %irq %soft %steal %guest %idle
10:28:53 PM 0 0.01 0.00 0.01 0.01 0.00 0.00 0.00
0.00 99.98

$ mpstat -P 1
Linux 2.6.32-100.28.5.el6.x86_64 (dev-db) 07/09/2011 _x86_64_
(8 CPU)

10:28:55 PM
CPU %usr %nice %sys %iowait %irq %soft %steal %guest %idle
10:28:55 PM 1 0.00 0.00 0.01 0.00 0.00 0.00 0.00
0.00 99.98

Finally, as we mentioned earlier mpstat is part of the sysstat package. When you do mpstat -V, it
will really display the version number of the systat package as shown below.
$ mpstat -V
sysstat version 9.0.4
(C) Sebastien Godard (sysstat orange.fr)

Restore the GRUB Bootloader

Jump to: navigation, search

Contents
 1 Overview
 2 Boot the Manjaro Installation Media
 3 Chroot into your existing Manjaro Installation
o 3.1 Use mhwd-chroot
o 3.2 Manually Identify and Prepare the Installed Partition(s)
 4 Restore GRUB
o 4.1 For BIOS Systems
o 4.2 For UEFI Systems
 4.2.1 Note
 4.2.2 Alternative method
 5 Troubleshooting
o 5.1 Arch Linux is not recognized
 6 More
Overview
As with any Linux operating system, the GRUB (GRand Unified Bootloader) is responsible for
booting up Manjaro. If for any reason your GRUB is not working --perhaps due to being
corrupted, mis-configured, or even deleted-- then it may not be necessary to reinstall Manjaro.
The GRUB can instead be fully repaired and restored, retaining your installed Manjaro
system. To undertake this task, you will need to use your Manjaro installation media, such as, a
CD/DVD or USB Flashdrive.

Boot the Manjaro Installation Media

1. Insert and boot your Manjaro installation media.

2. Select your preferred language (F2) and keyboard layout (F3).

Tip: Setting the language and keyboard layout are undertaken by pressing the Function (F) keys.
As many computers have multiple functions assigned to each function key, it may be necessary
to hold down another key first to use them. For example, on a HP G62 laptop, to use the function
keys, the 'fn' key must first be pressed and held.

3. Boot Manjaro Linux. It does not matter which boot option you choose, as the installation
media is being used solely to repair/reinstate the GRUB, and not to install a fresh system.

4. Open the terminal or access the command line of the live CD.

 From the desktop environment: open a terminal from your desktop menu, and enter
sudo su in the terminal.

or

 From the command line of the NET-Edition or having used the Boot in Text mode
option: enter the default login username root and then the password "manjaro" to log in.

Chroot into your existing Manjaro

Installation
note: Look here to read more about chroot(ing).
There are 2 different ways to chroot into your exising Manjaro installation: Using mhwd-chroot
or doing it manually. Please choose one:

Use mhwd-chroot
1. First, use an application called gparted, which should be in Menu > System > GPartEd. This
will provide a simple visual illustration of the partitions on your hard drive(s).

Alternatively, you can use

lsblk -f

to list all your partitions.

2. mhwd-chroot is a tool to easily chroot into an installed Linux installation from a live boot of a
Manjaro Installation Media. Install it with

yaourt -S mhwd-chroot

Start mhwd-chroot from your Start Menu or in your terminal one of the following commands:

sudo mhwd-chroot
sudo mhwd-chroot-shell

Next, choose the root partition of your existing Manjaro installation.

Manually Identify and Prepare the Installed Partition(s)

1. Ensure that you are using the Root account, which is identified by a hash ('#') at the beginning
of the command line, rather than a dollar ('$'). To switch to Root, enter the command:

sudo su

2. List your partitions. This is necessary in order to identify the partition your Manjaro system is
installed on. If you have used a separate boot partition, it will be necessary to identify this as
well. For a list of your paritions, enter the command:

lsblk -f
or
sudo blkid -o list -c /dev/nul
In this particular instance, having used the assisted preparation method to install Manjaro
earlier, the partitions for the author's Manjaro system are as follows:

 /dev/sda1: Boot partition

 /dev/sda2: Swap partition
 /dev/sda3: Manjaro system
 /dev/sda4: Space for personal files.

If you are still unsure, then you can also use an application called gparted, which should be in
Menu > System > GPartEd. This will provide a simple visual illustration of the partitions on your
hard drive(s). If a separate partition for the GRUB exists, it will be marked as 'bootable', and
should only be about 100MB in size.

3. Mount your Manjaro system partition. The syntax to mount the Manjaro system partition is:

mount /dev/[partition used for Manjaro system] /mnt

In this instance, as the Manjaro system partition is /dev/sda3, this will be mounted using the
following command:

mount /dev/sda3 /mnt

IF you have used a separate partition for your GRUB bootloader, then this must also be
mounted. The syntax to mount a separate partition used to boot is:

mount /dev/[partition used for GRUB] /mnt/boot

In this instance, a separate partition --/dev/sda1-- has been used for the GRUB, and will be
mounted using the following command:

mount /dev/sda1 /mnt/boot

note: Again, if you have not used a separate boot partition, then it (obviously) does not need to
be mounted!

4. Change to the root directory of your mounted partitions.

cd /mnt
This is undertaken so that you are working from --and with-- your installed system, rather than
the installation media. To do so, it will be necessary to enter a series of commands in the
following order:

mount -t proc proc /mnt/proc

mount -t sysfs sys /mnt/sys
mount -o bind /dev /mnt/dev
mount -t devpts pts /mnt/dev/pts/
chroot /mnt

Restore GRUB
First, install the software applications mtools and os-prober. mtools is a collection of tools to
access MS-DOS disks from GNU/Linux and Unix without mounting them. os-prober is a utility
that detects if there are any other operating systems present. Install them both with the following
command:

pacman -S mtools os-prober

For BIOS Systems

1. Install a new GRUB bootloader with the following command:

grub-install /dev/sda
note: sda is the disk device where you want to install GRUB. You can check it using lsblk -f or
using GParted as explained before.

2. Recheck to ensure the that installation has completed without any errors:

grub-install --recheck /dev/sda

3. Finally, configure the freshly installed GRUB bootloader:

update-grub

All done! Now close the terminal and reboot your system to use your freshly re-installed GRUB.
For UEFI Systems
Warning: You need to be chrooted for this procedure as mentioned in the previous step.

1.) First of all check the partition for the ESP (EFI System Partition). An ESP is a fat32 partition
and contains .efi files for booting.

It can be checked using Gparted or from the terminal using fdisk -l

(Note: If you do not have a EFI partition, you will need to create it. Use Gparted for that.

Type- fat32

Size- 512 mb to 1 gb)

2.) Create the /boot/efi directory

sudo mkdir /boot/efi

3.) Mount the EFI partition as /boot/efi

sudo mount /dev/sdXY /boot/efi

X = Alphabet of the drive = a,b,c ... Y = Partition number of the EFI partition = 1,2,3,4...

Example - /dev/sda4

4.) Re-install Grub.

sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-

id=manjaro --recheck

5.) Update Grub configuration file.

sudo update-grub
Note

If you get something like

EFI variables are not supported on this system.

Then install the efibootmgr, dosfstools and grub packages and try steps 4 and 5 again.

If it still doesn't work, then try exiting the chroot environnment by typing exit, then loading the
efivarfs module:

sudo modprobe efivarfs

and in the chroot

mount -t efivarfs efivarfs /sys/firmware/efi/efivars

And if you get something like

grub-install: error: failed to get canonical path of `union'.

means that probably you forgot to chroot.

See also

UEFI Install Guide

Arch Wiki:GRUB#UEFI_systems_2

Alternative method

Mount the ext4 Manjaro root partition at /install

Mount the vfat Manjaro efi partition at /install/boot/efi

And then install Grub as:

grub-install --target=x86_64-efi --efi-directory=/install/boot/efi --

bootloader-id=manjaro --boot-directory=/install/boot --recheck --debug

After the above you could chroot and try the update-grub command as earlier.
 SCP COMMAND

1. Verbose output
With verbose output, the scp program would output lots of information about what it does in the
background. This is often useful when the program fails or is unable to complete the request.
The verbose output would then indicate the exact point where the program ran into issues.

$ scp -v ~/test.txt [email protected]:/root/help2356.txt

Executing: program /usr/bin/ssh host 192.168.1.3, user root, command scp -v -

t /root/help2356.txt

OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013

debug1: Reading configuration data /home/enlightened/.ssh/config

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: Applying options for *

debug1: Connecting to 192.168.1.3 [192.168.1.3] port 22.

debug1: Connection established.

..... OUTPUT TRUNCATED

The output would be big and contain detailed information about how the connection is made,
what configuration and identity files are being used and so on.

2. Transfer multiple files

Multiple files can be specified separated by a space like this

$ scp foo.txt bar.txt username@remotehost:/path/directory/

To copy multiple files from remote host to current local directory

$ scp username@remotehost:/path/directory/\{foo.txt,bar.txt\} .

$ scp [email protected]:~/\{abc.log,cde.txt\} .
3. Copy entire directory (recursively)
To copy an entire directory from one host to another use the r switch and specify the directory

$ scp -v -r ~/Downloads [email protected]:/root/Downloads

4. Copy files across 2 remote hosts

Scp can copy files from 1 remote host to another remote host as well.

$ scp user1@remotehost1:/some/remote/dir/foobar.txt
user2@remotehost2:/some/remote/dir/

5. Speed up the transfer with compression

A super cool option to speed up the transfer to save time and bandwidth. All you need to do is
use the C option to enable compression. The files are compressed on the fly and decompressed
on the destination.

$ scp -vrC ~/Downloads [email protected]:/root/Downloads

In the above example we moved the entire directory with compression enabled. The speed gain
would depend on how much the files could be compressed.

6. Limit the bandwidth usage

If you do not want scp to take up the entire available bandwidth, then use the l option to limit the
maximum speed in Kbit/s.

$ scp -vrC -l 400 ~/Downloads [email protected]:/root/Downloads

7. Connect to a different port number on remote host

If the remote server has ssh daemon running on a different port (default is 22), then you need to
tell scp to use that particular port number using the '-P' option.

$ scp -vC -P 2200 ~/test.txt [email protected]:/some/path/test.txt

8. Preserve file attributes

The '-p' option (smallcase), would preserve modification times, access times, and modes from
the original file.

$ scp -C -p ~/test.txt [email protected]:/some/path/test.txt

9. Quiet mode
In quiet mode ( '-q' option ), the scp output would get suppressed, and would disable the
progress meter as well as warning and diagnostic messages.

$ scp -vCq ~/test.txt [email protected]:/some/path/test.txt

10. Specify identity file

When using key based (passwordless) authentication, you would need to specify the identity file
which contains the private key. This option is directly passed to the ssh command and works the
same way.

$ scp -vCq -i private_key.pem ~/test.txt [email protected]:/some/path/test.txt

11. Use a different ssh_config file

Use the '-F' option to specify a different ssh_config file.

$ scp -vC -F /home/user/my_ssh_config ~/test.txt

[email protected]:/some/path/test.txt

12. Use different cipher

Scp by default uses the AES cipher/encryption. Sometimes you might want to use a different
cipher. Using a different cipher can speed up the transfer process. For example blowfish and
arcfour are known to be faster than AES (but less secure).

$ scp -c blowfish -C ~/local_file.txt

username@remotehost:/remote/path/file.txt

NIC BONDING
1 Procedure for NIC bonding

1.1 Procedure

i. Create a bond0 config file by using vi editor as follows

vi /etc/sysconfig/network-scripts/ifcfg-bond0

Append the following lines

 DEVICE=bond0
IPADDR=10.46.31.17
GATEWAY=10.46.31.1
NETMASK=255.255.255.0
USERCTL=no
BOOTPROTO=static
ONBOOT=yes

ii. Open eth1 configuration file using vi text editor

vi /etc/sysconfig/network-scripts/ifcfg-eth1

Append the lines shown below for eth1 interface

DEVICE=eth1
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

iii. Open eth2 configuration file using vi text editor as follows

vi /etc/sysconfig/network-scripts/ifcfg-eth2

Append the lines shown below

DEVICE=eth2
USERCTL=no
 ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

iv. Make sure bonding module is loaded when the channel-bonding interface (bond0) is
brought up. You need to modify kernel modules configuration file.

vi /etc/modprobe.conf

Append following two lines:

alias bond0 bonding

options bond0 mode=balance-alb miimon=100

v. First, load the bonding module by using below command.

modprobe bonding

vi. Restart the networking service in order to bring up bond0 interface by using below
command.

service network restart

 vii. Make sure everything is working. Type the following command to query the current status of
Linux kernel bounding driver.

cat /proc/net/bonding/bond0

viii. Then list all network interfaces using below command

ifconfig

FTP SERVER
Configure FTP Server on RHEL6
vsftpd package is required for FTP Server. Check whether package is installed or not. If package
is missing install it first.

Configure vsftpd service to start at boot

Current status of vsftpd service must be running. Start if it is stopped. Restart vsftpd service
whenever you made any change in configuration file.

FTP Server is by default configured to listen on port 21. Port 21 must be opened if you have
configured firewall. The configuration of a firewall for an FTP server is a relatively simple
process.

#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

Create 2 normal user accounts for testing. Create a normal user

create another normal user

That’s all configure we need on server right now.

Configure FTP client on RHEL 6

From RHEL version 6 you will not be able to run ftp command. By default you will get
following error

-bash: ftp: command not found error

To run ftp command ftp package is required. Install it if it is not installed.

Check connectivity with FTP Server.

Now try again to run ftp command

We have successfully connected with FTP server.

LAB Exercises

 Configure anonymous-only download [RHCE 6 exam objective]

 Configure FTP server to allow anonymous access, chrooted to /var/ftp
 Configure FTP Server to all local users except user vikram to ftp in server
 Download/upload must be allowed for these users and the users must be chrooted on their
home directory

Configure anonymous-only download [RHCE 6 exam objective]

Go on Server system and open main ftp configuration file /etc/vsftpd/vsftpd.conf

vsftpd.conf is the main configuration file of FTP server and it contains lot of directives.
Configuration of an anonymous-only download is relatively simple. Default configuration of
vsftpd.conf already supports anonymous-only download. But it also supports access from local
users. All you need to do is disable the directive which allows locally configured users to login
with their accounts.

Comment following directives and save the file

Restart the vsftpd service

When a user connects on the FTP server with anonymous username, actually that user connects
on the server as a user named ftp. RHEL6 automatically create this account with following
setting.

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

With these setting users are not allowed to login as the user named ftp. So they need to use
anonymous as user name. So whenever an anonymous user logged in, he is taken to ftp user’s
home directory /var/ftp. So if you want to change the default directory associated with
anonymous logins, change the home directory associated with the local user named ftp. Create a
file on the root of the ftp directory /var/ftp/pub. This file will be downloaded by anonymous
user.

# dd if=/dev/null of=/var/ftp/pub/file bs=1024 count=1000

If you are running Linux without SELinux that’s all setting which we need for this exercise.
SELinux is listed in RHCE6 exam objective. So if you have configured SELinux, also configure
following boolean option.

# chcon -R -t public_content_t /var/ftp/pub/

In this exercise we are asked to configure anonymous download only. So we should be

 Able to download anonymous

 Fail to upload
 Fail to login form other account except anonymous

Go on linuxclient system and login to the FTP server as anonymous user and download test_file
Most commonly commands used on ftp prompt are
put To upload files on server
get To download files from server
mput To upload all files
mget To download all files
? To see all available command on ftp prompts
cd To change remote directory
lcd To change local directory.

Create a sample file

Login from anonymous again and try to upload

Try to login form normal user

Restrict anonymous user to ftp directory.

To test this login form anonymous user again

Try to change parent directory

Configure FTP Server to all local users except user vikram to ftp in server

FTP non-anonymous server

In this exercise we will configure FTP server that allow local users logins to their home
directories. Download/upload must be allowed for these users. Go on server system and open
/etc/vsftpd/vsftpd.conf file

Comment anonymous_login=YES, uncomment local_enable and save the file

open /etc/vsftpd/user_list file

Users listed on /etc/vsftpd/user_list are not allowed to login on FTP server. Add user vikarm in
it. This file also have an entry for root user that why root user is denied from FTP login. If you
want to enable root user for ftp session just remove its entry from this file [Enable root for FTP
session is not recommended in any circumstances, change at your own risk].

Configure SELinux to allow upload/download in user’s home directory

Restart the vsftpd service

Login from normal user sanjay and create a example_file

Come back on linuxclient system and try to login from user vikram

Now try to login from user sanjay

upload/download file
Login again from normal user and try to change parent directory

It allows you to navigate the / directory which serious security issue.

Configure FTP to chroot local users in their home directory

Go on server and open /etc/vsftpd/vsftpd.conf file

Uncomment following directive and save the file

chroot_local_user=YES

Restart the vsftpd restart

Come back on linux client system and login form sanjay and try again to change directory to /

Now normal user will not be able to navigate outside the home directory.

Important directives of vsftpd.conf

anonymous_enable=YES

Enable anonymous login

local_enable=YES
Enable local users login with their regular password

chroot_local_user=YES

Users are restricted in their home directory

write_enable=YES

Enables write operations on FTP

local_umask=022

If write is enabled permissions will be based on the value of umask

#anon_upload_enable=YES

Enable anonymous user to upload file

#anon_mkdir_write_enable=YES

Allow anonymous users to create directories

ftpd_banner=Welcome to blah FTP service

Set FTP banner

pam_service_name=vsftpd

Configures Pluggable Authentication Modules (PAM) security for FTP

userlist_enable=YES

block users listed in /etc/vsftpd/user_list

tcp_wrappers=YES

Supports the use of security commands in /etc/hosts.allow and /etc/hosts.deny through

tcpwrappers

SElinux boolean associated with vsftpd daemons

There are five SElinux boolean associated with vsftpd daemons

# setsebool allow_ftpd_full_access 1

vsftpd daemons will run on a SElinux context without any restriction

# setsebool allow_ftpd_anon_write 1
Supports the writing of files to directories configured with the public_content_rw_t SELinux
setting

# setsebool allow_ftpd_use_cifs 1

Allows the use of files shared via CIFS on an FTP server

# setsebool allow_ftpd_use_nfs 1

Allows the use of files shared via NFS on an FTP server

# setsebool ftp_home_directory 1

Supports FTP read/write access to user home directories

# chcon -R -t public_content_t /var/ftp/pub/

Any directory that is going to be used on read FTP operations it must be labelled as
public_content_rw_t

# chcon -R -t public_content_rw_t /var/pub/ftp

Any directory that is going to be used on read-write FTP operations it must be labelled as
public_content_rw_t

SAMBA SERVER

Samba is a free software re-implementation of the SMB/CIFS networking protocol, originally

developed by Andrew Tridgell. As of version 3, Samba provides file and print services for various
Microsoft Windows clients and can integrate with a Windows Server domain, either as a Primary
Domain Controller (PDC) or as a domain member. It can also be part of an Active Directory
domain.

Samba runs on most Unix and Unix-like systems, such as Linux, Solaris, AIX and the BSD
variants, including Apple’s Mac OS X Server and Mac OS X client (version 10.2 and greater).
Samba is standard on nearly all distributions of Linux and is commonly included as a basic system
service on other Unix-based operating systems as well. Samba is released under the terms of the
GNU General Public License. The name Samba comes from SMB (Server Message Block), the
name of the standard protocol used by the Microsoft Windows network file system.
Configure samba server

In this example we will configure a samba server and will transfer files from client side.For this
example we are using two systems one linux server one window clients.

per quest of samba server

 A linux server with ip address 192.168.0.254 and hostname Server

 A window client with ip address 192.168.0.2 and hostname Client2
 Updated /etc/hosts file on linux system
 Running portmap and xinetd services
 Firewall should be off on server

samba rpm is required to configure samba server. check them if not found then install

Now check smb, portmap, xinetd service in system service it should be on

#setup Select System service from list

[*]portmap
[*]xinetd
[*]smb

Now restart xinetd and portmap and smb service

To keep on these services after reboot on then via chkconfig command

After reboot verify their status. It must be in running condition

Create a normal user named vinita

now create /data directory and grant it full permission

open /etc/samba/smb.conf main samba configuration files

By default name of workgroup is MYGROUP in smb.conf file. you can change it with desire
name

our task is to share data folder for vinita user so go in the end of file and do editing as shown
here in this image

save file with :wq and exit

Now add vinita user to samba user

we have made necessary change now on smb service and check it status
if you already have on this service then restart it with service smb restart commands.

Client configuration for samba server

Go on windows system and ping samba server, change computer name to client2 and workgroup
name to MYGROUP

reboot system after changing workgroup name

After reboot open my network place here you can see samba server [ if not see then click on
view workgroup computer in right pane, if still not see then use search button from tool bar and
search computer samba server form ip ]

First try to login from user nikita she will not successes as nikita have not permission to login
Now login from user vinita [ give the password which you set with smbpasswd command ]

As you can see in image user vinita gets the /data folder which we share from samba server
 Copy some window files in data folder

Check status on samba server

on samba server you can check runtime status of samba server to check it run smbstatus
command

in output you see that one samba shared directory is used on window system

NFS SERVER
Configure nfs server
In this example we will configure a nfs server and will mount shared directory from client side.
For this example we are using two systems one linux server one linux clients . To complete these per quest of
nfs server Follow this link
Network configuration in Linux
 A linux server with ip address 192.168.0.254 and hostname Server
 A linux client with ip address 192.168.0.1 and hostname Client1
 Updated /etc/hosts file on both linux system
 Running portmap and xinetd services
 Firewall should be off on server
We suggest you to review that article before start configuration of nfs server. Once you have completed the
necessary steps follow this guide.
Three rpm are required to configure nfs server. nfs, portmap, xinetd check them if not found then install

Now check nfs, portmap, xinetd service in system service it should be on

#setup
Select System service
from list
[*]portmap [*]xinetd [*]nfs
Now restart xinetd and portmap service

To keep on these services after reboot on then via chkconfig command

After reboot verify their status. It must be in running condition

now create a /data directory and grant full permission to it

now open /etc/exports file

share data folder for the network of 192.168.0.254/24 with read and write access

save file with :wq and exit

now restart the nfs service and also on it with chkconfig

also restart nfs daemons with expotfs

verify with showmount command that you have successfully shared data folder

configure client system

ping form nfs server and check the share folder

now mount this share folder on mnt mount point. To test this share folder change directory to mnt and create
a test file

After use you should always unmount from mnt mount point

In this way you can use shared folder. But this share folder will be available till system is up. It will not be
available after reboot. To keep it available after reboot make its entry in fstab
create a mount point, by making a directory
now open /etc/fstab file

make entry for nfs shared directory and define /temp to mount point

save the with :wq and exit reboot the system with reboot -f command
#reboot -f
after reboot check /temp directory it should show all the shared data

Using NFS to Share Files

NFS (Network File System) is another way of sharing files across a network. It is used primarily in
Linux and UNIX systems, although there are NFS clients for Windows.

Installing NFS

1. Use the following command to install NFS:

yum -y install nfs-utils nfs-utils-lib

Configuring NFS

Configuration of NFS is pretty simple. You add the directories you wish to export to the
file/etc/exports.

2. Create a directory called /public with the following command:

mkdir /public

3. Populate it with three empty files:

touch /public/nfs1 /public/nfs2 /public/nfs3

4. Next, edit the file /etc/exports:

vi /etc/exports

5. Add the following line to /etc/exports:

/public *(ro,sync)

Here's an explanation of the fields in the command:

/public--The directory to be shared

*--The clients allowed to access the share. You can restrict it by IP address. For example, you could,
instead of the asterisk, put

192.168.0.0/24 to restrict it to clients on the 192.168.0.0/24 network.

ro--Read only access

sync--Reply to requests only after any changes have been committed to stable storage. This is a
slower, but more stable option than alternatives.

In the following screen capture, you can see how I configured /etc/exports to share /public:
 Figure 7: Configuring an NFS shared directory in /etc/exports.

6. NFS requires the rpcbind service to be running. Start it with the following command:

service rpcbind start

7. Then, start the nfs server:

/etc/init.d/nfs start

(You could also use service nfs start.

8. If you want NFS to start at boot, use the following command:

chkconfig --levels 235 nfs on

9. Enable the export immediately with the command exportfs -v. You can view the export with the
command showmount -e.

If you are using a firewall, you must explicitly allow traffic from your local subnet to access the
server.

For more information, see chapter 10 on Linux security.

Configuring the NFS Client

You must install the nfs package on the client with this command:

yum -y install nfs-utils nfs-utils-lib

Once the package is installed, you can use the showmount command to view exports on an NFS
server:

Figure 8: Viewing NFS shares with the showmount command.

You can also create a new directory on your client and mount the NFS export to the directory, thus
giving you access to the files in the directory:

Figure 9: Creating and viewing a mount point for the NFS share.

In the above example, I mounted the export from LinuxServer01 (/public) to a directory on my local
client machine, called ubuntuServer02. As you can see, after it was mounted, I was able to view the
contents of the exported directory locally.

DNS SERVER
DNS

domain name system is the crucial glue that keeps computer networks in harmony by
converting human friendly hostnames to the numerical ip addresses computers require to communicate
with each other.

Profie of DNS Server:

Usage : To resolve IP into hostname and vice versa

Package : bind, caching-name

Script : /etc/init.d/named

Port : 53

Configuration file : /etc/named.conf, /etc/named.rfc1912.zones

Document root : /var/named

Daemon : named

Step by step configuration of DNS Server:

Step1: Check and install the package for DNS

#rpm -qa |grep bind

Package bind is not installed

To install the package use yum or rpm command

#yum install bind*

Loaded plugins: product-id, refresh-packagekit, security, subscription-manager

Updating certificate-based repositories.

Unable to read consumer identity

redhat | 4.0 kB 00:00 ...

Setting up Install Process

Package 32:bind-utils-9.8.2-0.10.rc1.el6.x86_64 already installed and latest version

Package 32:bind-libs-9.8.2-0.10.rc1.el6.x86_64 already installed and latest version

Resolving Dependencies

--> Running transaction check

---> Package bind.x86_64 32:9.8.2-0.10.rc1.el6 will be installed

--> Processing Dependency: portreserve for package: 32:bind-9.8.2-0.10.rc1.el6.x86_64

---> Package bind-chroot.x86_64 32:9.8.2-0.10.rc1.el6 will be installed

---> Package bind-dyndb-ldap.x86_64 0:1.1.0-0.9.b1.el6 will be installed

--> Running transaction check

---> Package portreserve.x86_64 0:0.0.4-9.el6 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================
========================================
Package Arch Version Repository Size

=====================================================================================
========================================

Installing:

bind x86_64 32:9.8.2-0.10.rc1.el6 redhat 4.0 M

bind-chroot x86_64 32:9.8.2-0.10.rc1.el6 redhat 70 k

bind-dyndb-ldap x86_64 1.1.0-0.9.b1.el6 redhat 63 k

Installing for dependencies:

portreserve x86_64 0.0.4-9.el6 redhat 23 k

Transaction Summary

=====================================================================================
========================================

Install 4 Package(s)

Total download size: 4.1 M

Installed size: 7.4 M

Is this ok [y/N]: y

Downloading Packages:

-----------------------------------------------------------------------------------------------------------------------------

Total 13 MB/s | 4.1 MB 00:00

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : portreserve-0.0.4-9.el6.x86_64 1/4

Installing : 32:bind-9.8.2-0.10.rc1.el6.x86_64 2/4

Installing : bind-dyndb-ldap-1.1.0-0.9.b1.el6.x86_64 3/4

Installing : 32:bind-chroot-9.8.2-0.10.rc1.el6.x86_64 4/4

Installed products updated.

Verifying : bind-dyndb-ldap-1.1.0-0.9.b1.el6.x86_64 1/4

Verifying : 32:bind-chroot-9.8.2-0.10.rc1.el6.x86_64 2/4

Verifying : portreserve-0.0.4-9.el6.x86_64 3/4

Verifying : 32:bind-9.8.2-0.10.rc1.el6.x86_64 4/4

Installed:

bind.x86_64 32:9.8.2-0.10.rc1.el6 bind-chroot.x86_64 32:9.8.2-0.10.rc1.el6 bind-dyndb-ldap.x86_64

0:1.1.0-0.9.b1.el6

Dependency Installed:

portreserve.x86_64 0:0.0.4-9.el6

Complete!

Step2: update /etc/sysconfig/network, /etc/hosts file with the server’s ip address ad change the
hostname with fully qualified domain name

#ifconfig –a

eth0 Link encap:Ethernet HWaddr 00:0C:29:61:7A:AC

inet addr:192.168.190.166 Bcast:192.168.190.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fe61:7aac/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:8923 errors:0 dropped:0 overruns:0 frame:0

TX packets:656 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:644510 (629.4 KiB) TX bytes:70458 (68.8 KiB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

 UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:286 errors:0 dropped:0 overruns:0 frame:0

TX packets:286 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:17532 (17.1 KiB) TX bytes:17532 (17.1 KiB)

1.change the hostname by adding fully qualified domain name

To see the gateway

#netstat -rn

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

192.168.190.0 0.0.0.0 255.255.255.0 U 00 0 eth0

0.0.0.0 192.168.190.2 0.0.0.0 UG 00 0 eth0

#vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"

BOOTPROTO="dhcp"

IPADDR = “192.168.190.166”

NETMASK = “255.255.255.0”

DNS1 = “192.168.190.166”

GATWAY =”192.168.190.2”

HWADDR="00:0C:29:61:7A:AC"

IPV6INIT="yes"

NM_CONTROLLED="yes"

ONBOOT="yes"

TYPE="Ethernet"

UUID="9dab5157-aba7-42ec-869b-2f92e45315fe"

Update /etc/hosts on DNS server with hostname and IP address

#Vi /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

 192.168.190.166 suresh suresh.tcs.com

Update /etc/sysconfig/network change the hostname

#vi /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=suresh.tcs.com

#vi /etc/resolv.conf

# Generated by NetworkManager

domain localdomain

search localdomain tcs.com

nameserver 192.168.190.2

#service network restart

Shutting down interface eth0: Device state: 3 (disconnected) [ OK ]

Shutting down loopback interface: [ OK ]

Bringing up loopback interface: [ OK ]

Bringing up interface eth0: Active connection state: activating

Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/10 state: activated

Connection activated [ OK ]

Step3: Edit the configuration file /etc/named.conf

#vi /etc/named.conf

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

listen-on port 53 { 192.168.190.166; };

 #listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};
include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

Step4: Edit the other zone configuration file i.e /etc/named.rfc1912.zones

# vi /etc/named.rfc1912.zones

// named.rfc1912.zones:

//

// Provided by Red Hat caching-nameserver package

//

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt

// (c)2007 R W Franks

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

zone "tcs.com" IN {

type master;

file "forward.zone"; #assign the forward file zone name

allow-update { none; };

};

zone "localhost" IN {

type master;

file "named.localhost";

allow-update { none; };

};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.loopback";

allow-update { none; };

};

zone "190.168.192.in-addr.arpa" IN {

type master;

file "reverse.zone"; #assign the reverse zone file name

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.empty";

allow-update { none; };

};

Step5: navigate to /var/named directory and create a forward and reverse zone files

#cd /var/named

#ls

chroot data dynamic hari.rlz kt.flz kt.rlz named.ca named.empty named.localhost

named.loopback slaves

#cp named.localhost forward.zone

#cp named.localhost reverse.zone

Edit the forward.zone file

#vi forward.zone

$TTL 1D

@ IN SOA suresh.tcs.com. root.suresh.tcs.com. (

0 ; serial
 1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS suresh.tcs.com

Suresh IN A 192.168.190.166

AAAA ::1

Copy again named.localhost, this time as reverse.zone and edit it as shown below

#vi reverse.zone

$TTL 1D

@ IN SOA suresh.tcs.com. root.suresh.tcs.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS suresh.tcs.com.

166 IN PTR suresh.tcs.com.

Step 6: change the group named to the forward.zone and reverse.zone file

#chgrp named forward.zone

#chgrp named reverse.zone

Step 7: restart the appropriate services

#service named restart

Stopping named: [ ok ]

Starting named : [ ok ]

Now we are done with DNS server configuration ,check whether it is resolving IP to hostname and
hostname to IP using various commands

#dig suresh.tcs.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> suresh.tcs.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45074

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;suresh.tcs.com. IN A

;; AUTHORITY SECTION:

tcs.com. 5 IN SOA ns4.tcs.com. hostmaster.tcs.com. 2010061556 43200

3600 604800 86400

;; Query time: 2026 msec

;; SERVER: 192.168.190.2#53(192.168.190.2)

;; WHEN: Sat Apr 8 01:17:59 2017

;; MSG SIZE rcvd: 84

Checking with giving Ip of hostname

#dig -x 192.168.190.166

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> -x 192.168.190.166

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34138

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;166.190.168.192.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
168.192.IN-ADDR.ARPA. 5 IN SOA 168.192.IN-ADDR.ARPA. . 0 28800 7200 604800
86400

;; Query time: 4895 msec

;; SERVER: 192.168.190.2#53(192.168.190.2)

;; WHEN: Sat Apr 8 01:21:41 2017

;; MSG SIZE rcvd: 101

Using host command with IP address of server as well as client

#host 192.168.190.166

Host 166.190.168.192.in-addr.arpa. not found: 3(NXDOMAIN)

Using nslookup command to check the DNS resolvation

#nslookup suresh

Server: 192.168.190.2

Address: 192.168.190.2#53

** server can't find 166.190.168.192.in-addr.arpa.: NXDOMAIN