available here

advertisement
ITI-481: Unix Administration
Meeting 5
Today’s Agenda
• Network Information Service (NIS)
• The Cron Program
• Syslogd and Logging
Network Information Service (NIS)
• Permits the sharing and distribution of
critical files over the network.
• Information such as user accounts,
groups, and file systems are maintained
in a centralized database.
• Key tool for centralizing and simplifying
management of multiple systems.
• Previously named Yellow Pages (yp).
NIS Domains and Roles
• Systems using NIS must belong to an
NIS domain, which is different from a
DNS domain.
• Roles for NIS participants:
– Master Server
– Slave Server
– Client
NIS Database
• NIS Database is composed of map files.
• Here are some files that are frequently built
into maps:
/etc/passwd
/etc/shadow
/etc/group
/etc/hosts
/etc/aliases
/etc/auto.master
• Server pushes map files out to clients.
NIS Master Server Configuration
• You must have the ypserv package installed. yptools required for NIS based account management.
• Set a domainname.
– This can be done at the command line:
>domainname mydomain
– For the domainname to be established after reboot, it needs
to be set from the rc scripts. Add an entry to
/etc/sysconfig/network:
NISDOMAIN=mydomain
• Start the ypserv daemon:
>/etc/rc.d/init/d/ypserv start
This daemon is responsible for handling NIS
requests.
NIS Master Server Configuration
(cont.)
• Edit /var/yp/Makefile to define what files will get shared via
NIS. The key part is:
all: passwd group hosts rpc services netid
protocols netgrp mail #shadow publickey #
networks ethers bootparams amd.home auto.master
auto.home passwd.adjunct
This defines what maps will get shared. Put # in front of entries
that are not to be shared.
• Initialize the yp server to build the maps in
/var/yp/domainname:
> /usr/lib/yp/ypinit –m
• If additional changes are made to any files distributed via NIS,
they will need to be pushed out:
> cd /var/yp;make
Configuring an NIS Client
• Requires ypbind package.
• Set a domainname.
– This can be done at the command line:
>domainname mydomain
– For the domainname to be established after
reboot, it needs to be set from the rc scripts. Add
an entry to /etc/sysconfig/network:
NISDOMAIN=mydomain
Configuring an NIS Client (cont.)
• Edit /etc/yp.conf to provide the necessary
information to locate the NIS server:
– Broadcast Method:
domain mydomain broadcast
– Server Hostname Method:
domain mydomain server servername
Use IP address for servername or add host name to
/etc/hosts.
• Start the NIS client daemon:
> /etc/rc.d/init.d/ypbind start
• Define what configuration files will use NIS:
/etc/nsswitch.conf.
/etc/nswitch.conf
• Responsible for telling the system the
order in which to search for information.
• Format:
filename: servicename
• Sample entry:
passwd: files nis
• Valid services include files, yp, nis, dns
(host only), and nis+.
Exercise: Configuring the NIS Master
Server
•
•
•
•
•
Work in pairs to complete this exercise. Select one machine to
be host1 (master server) and one machine to be host2 (client).
On host1, download and install the ypserv package:
> rpm –ivh ypserv-1.3.9-1.i386.rpm
Set the domainname for the system on host1:
>domainname unixtrain#
Substitute the number that you will be provided with for #. It is
important that each group has a separate NIS domain.
Start the ypserv daemon on host1:
> /etc/rc.d/init.d/ypserv start
Edit /var/yp/Makefile in host1. Put a # in front of netgrp for the
all: entry.
Initialize the ypserver to build the maps:
> /usr/lib/yp/ypinit -m
Exercise: Configuring an NIS Client
• On host2, set the NIS domainname at the command line:
>domainname unixtrain#
Substitute the number that you will be provided with for #.
• On host2, edit /etc/yp.conf. Uncomment the following line:
domain NISDOMAIN server HOSTNAME
Set NISDOMAIN to the domainname that you set on host1.
Change the hostname to the IP address of host1.
• On host2, start ypbind :
> /etc/rc.d./init.d/ypbind start
• On host2, test your NIS configuration:
>ypcat group
This should dump the group map to your screen.
Exercise: Account Management
Through NIS
• On host1, use useradd to create a new account:
> useradd yptest
• On host1,set a password for the account:
> passwd yptest
• Push out the maps from host1:
> cd /var/yp;make
• On host1, start yppasswdd:
> /etc/rc.d/init.d/yppasswdd
• On host2, login to the yptest account (You can get a new
console on host2 by typing <CTRL><ALT><F2>).
• On host2, change the password for the yptest account:
> yppasswd
• Logout of host2 and verify that you can log back in with the
yptest account password.
The Cron Program
• Used to schedule jobs to run at particular
time.
• Useful to to automate system administration
tasks.
• crond is started at boot time from rc scripts.
• User access to cron can be restricted through
/etc/cron.allow and /etc/cron.deny.
• Log files stored in /var/log/cron.
Cron Files
• Configuration files defining scheduled jobs are stored
in multiple locations:
– /var/spool/cron
Cron jobs defined according to username.
– /etc/crontab
Defines cron jobs to be run hourly, daily, weekly, and monthly
– /etc/cron.d
• Cron files should not be edited directly. Use the
crontab:
> crontab –u username -e
Crontab File Format
•
Crontab files use the following format:
Minute Hour Day Month DayOfWeek Comand
•
Time fields are as follows:
– Minute (0-59)
– Hour (0-23)
– Day of Month (0-31)
– Month (0-12 or names)
– Day of Week (0-6 or names)
Sample entries:
#Push yp maps every 15 minutes
0,15,30,45**** (cd /var/yp;/usr/bin/make)>/dev/null
#Mail a disk usage report every Friday at 5:00PM
0 17 * * fri df |/bin/mail root
•
/etc/crontab
• Defines a set of directories that will run scripts
or links located in those directories at
specified times.
• Predefined cron directories:
/etc/cron.hourly
/etc/cron.daily
/etc/cron.weekly
/etc/cron.monthly
• Non-standard way of using cron.
Exercise: Creating Crontab Entries
• Edit the root crontab file:
> cd /var/spool/cron
> crontab –u root -e
• Create a crontab entry to run out of the root account
to email a disk usage report to your
internet.rutgers.edu account or another email
address of your choice.
• Check /var/log/cron to verify that your job ran.
Syslogd
• Most system logging is handled through the syslogd.
• Configuration file is /etc/sylog.conf.
• Log entries are directed to various files in /var/log.
• Messages logged by syslogd include a time stamp,
the process or facility that delivered the message,
and the message itself.
• Rotating log files periodically is recommended.
/etc/syslog.conf
• Format of syslog rule:
facility.priority
action
– facility - system or application generating the message.
– priority – level of severity of the message.
– Wild cards are accepted.
• Sample entries:
authpriv.*
/var/log/secure
mail.err
/var/log/maillog
• Tab delineated file.
• If changes are made need to restart syslog daemon:
> kill –HUP `cat /var/run/syslog.pid`
Additional Log Files
• /var/run/utmp – information about who
is currently logged into system. Used by
commands such as who and finger.
• /var/log/wtmp – login times and duration
for each user on the system. Can view with
last command.
• /var/log/lastlog – similar to wtmp but
used by different programs, such as finger.
Exercise: Monitoring Log Files
•
•
•
Work in pairs to complete this exercise. Select one machine to be
host1 and one machine to be host2.
From host1, initiate and log in to host2 under the student account with
the following applications:
> rsh host2
> ssh host2
While the connections are still active, try running the following
commands on host2:
> who
> finger
Also try the following from host1:
> telnet host2
Review the log files in /var/log. What evidence do you find of the
various connections and attempted connections from above?
Homework
• Read chapters 13, 15, 16, and 21 in
Linux Administration: A Beginner’s
Guide.
Download