ITI-481: Unix Administration Meeting 5 Today’s Agenda • Network Information Service (NIS) • The Cron Program • Syslogd and Logging Network Information Service (NIS) • Permits the sharing and distribution of critical files over the network. • Information such as user accounts, groups, and file systems are maintained in a centralized database. • Key tool for centralizing and simplifying management of multiple systems. • Previously named Yellow Pages (yp). NIS Domains and Roles • Systems using NIS must belong to an NIS domain, which is different from a DNS domain. • Roles for NIS participants: – Master Server – Slave Server – Client NIS Database • NIS Database is composed of map files. • Here are some files that are frequently built into maps: /etc/passwd /etc/shadow /etc/group /etc/hosts /etc/aliases /etc/auto.master • Server pushes map files out to clients. NIS Master Server Configuration • You must have the ypserv package installed. yptools required for NIS based account management. • Set a domainname. – This can be done at the command line: >domainname mydomain – For the domainname to be established after reboot, it needs to be set from the rc scripts. Add an entry to /etc/sysconfig/network: NISDOMAIN=mydomain • Start the ypserv daemon: >/etc/rc.d/init/d/ypserv start This daemon is responsible for handling NIS requests. NIS Master Server Configuration (cont.) • Edit /var/yp/Makefile to define what files will get shared via NIS. The key part is: all: passwd group hosts rpc services netid protocols netgrp mail #shadow publickey # networks ethers bootparams amd.home auto.master auto.home passwd.adjunct This defines what maps will get shared. Put # in front of entries that are not to be shared. • Initialize the yp server to build the maps in /var/yp/domainname: > /usr/lib/yp/ypinit –m • If additional changes are made to any files distributed via NIS, they will need to be pushed out: > cd /var/yp;make Configuring an NIS Client • Requires ypbind package. • Set a domainname. – This can be done at the command line: >domainname mydomain – For the domainname to be established after reboot, it needs to be set from the rc scripts. Add an entry to /etc/sysconfig/network: NISDOMAIN=mydomain Configuring an NIS Client (cont.) • Edit /etc/yp.conf to provide the necessary information to locate the NIS server: – Broadcast Method: domain mydomain broadcast – Server Hostname Method: domain mydomain server servername Use IP address for servername or add host name to /etc/hosts. • Start the NIS client daemon: > /etc/rc.d/init.d/ypbind start • Define what configuration files will use NIS: /etc/nsswitch.conf. /etc/nswitch.conf • Responsible for telling the system the order in which to search for information. • Format: filename: servicename • Sample entry: passwd: files nis • Valid services include files, yp, nis, dns (host only), and nis+. Exercise: Configuring the NIS Master Server • • • • • Work in pairs to complete this exercise. Select one machine to be host1 (master server) and one machine to be host2 (client). On host1, download and install the ypserv package: > rpm –ivh ypserv-1.3.9-1.i386.rpm Set the domainname for the system on host1: >domainname unixtrain# Substitute the number that you will be provided with for #. It is important that each group has a separate NIS domain. Start the ypserv daemon on host1: > /etc/rc.d/init.d/ypserv start Edit /var/yp/Makefile in host1. Put a # in front of netgrp for the all: entry. Initialize the ypserver to build the maps: > /usr/lib/yp/ypinit -m Exercise: Configuring an NIS Client • On host2, set the NIS domainname at the command line: >domainname unixtrain# Substitute the number that you will be provided with for #. • On host2, edit /etc/yp.conf. Uncomment the following line: domain NISDOMAIN server HOSTNAME Set NISDOMAIN to the domainname that you set on host1. Change the hostname to the IP address of host1. • On host2, start ypbind : > /etc/rc.d./init.d/ypbind start • On host2, test your NIS configuration: >ypcat group This should dump the group map to your screen. Exercise: Account Management Through NIS • On host1, use useradd to create a new account: > useradd yptest • On host1,set a password for the account: > passwd yptest • Push out the maps from host1: > cd /var/yp;make • On host1, start yppasswdd: > /etc/rc.d/init.d/yppasswdd • On host2, login to the yptest account (You can get a new console on host2 by typing <CTRL><ALT><F2>). • On host2, change the password for the yptest account: > yppasswd • Logout of host2 and verify that you can log back in with the yptest account password. The Cron Program • Used to schedule jobs to run at particular time. • Useful to to automate system administration tasks. • crond is started at boot time from rc scripts. • User access to cron can be restricted through /etc/cron.allow and /etc/cron.deny. • Log files stored in /var/log/cron. Cron Files • Configuration files defining scheduled jobs are stored in multiple locations: – /var/spool/cron Cron jobs defined according to username. – /etc/crontab Defines cron jobs to be run hourly, daily, weekly, and monthly – /etc/cron.d • Cron files should not be edited directly. Use the crontab: > crontab –u username -e Crontab File Format • Crontab files use the following format: Minute Hour Day Month DayOfWeek Comand • Time fields are as follows: – Minute (0-59) – Hour (0-23) – Day of Month (0-31) – Month (0-12 or names) – Day of Week (0-6 or names) Sample entries: #Push yp maps every 15 minutes 0,15,30,45**** (cd /var/yp;/usr/bin/make)>/dev/null #Mail a disk usage report every Friday at 5:00PM 0 17 * * fri df |/bin/mail root • /etc/crontab • Defines a set of directories that will run scripts or links located in those directories at specified times. • Predefined cron directories: /etc/cron.hourly /etc/cron.daily /etc/cron.weekly /etc/cron.monthly • Non-standard way of using cron. Exercise: Creating Crontab Entries • Edit the root crontab file: > cd /var/spool/cron > crontab –u root -e • Create a crontab entry to run out of the root account to email a disk usage report to your internet.rutgers.edu account or another email address of your choice. • Check /var/log/cron to verify that your job ran. Syslogd • Most system logging is handled through the syslogd. • Configuration file is /etc/sylog.conf. • Log entries are directed to various files in /var/log. • Messages logged by syslogd include a time stamp, the process or facility that delivered the message, and the message itself. • Rotating log files periodically is recommended. /etc/syslog.conf • Format of syslog rule: facility.priority action – facility - system or application generating the message. – priority – level of severity of the message. – Wild cards are accepted. • Sample entries: authpriv.* /var/log/secure mail.err /var/log/maillog • Tab delineated file. • If changes are made need to restart syslog daemon: > kill –HUP `cat /var/run/syslog.pid` Additional Log Files • /var/run/utmp – information about who is currently logged into system. Used by commands such as who and finger. • /var/log/wtmp – login times and duration for each user on the system. Can view with last command. • /var/log/lastlog – similar to wtmp but used by different programs, such as finger. Exercise: Monitoring Log Files • • • Work in pairs to complete this exercise. Select one machine to be host1 and one machine to be host2. From host1, initiate and log in to host2 under the student account with the following applications: > rsh host2 > ssh host2 While the connections are still active, try running the following commands on host2: > who > finger Also try the following from host1: > telnet host2 Review the log files in /var/log. What evidence do you find of the various connections and attempted connections from above? Homework • Read chapters 13, 15, 16, and 21 in Linux Administration: A Beginner’s Guide.