# COMP-325 Assignment 3 - System Administration Author: mo khan (3431709) The artifacts used to produce the final result for this assigment can be found at https://gitlab.com/xlgmokha/comp-325. The latest docker image for this assigment can be run using the following command: ```bash $ docker run -it registry.gitlab.com/xlgmokha/comp-325:latest /bin/bash ``` ## Lab 1 1. Research several Linux distributions (CentOS, Debian, Fedora, Gentoo, Mandriva, OpenSUSE, RedHat, Slackware, TurboLinux, Ubuntu, and so on) and recommend a distribution for each of the following applications. Explain your choice. a. A single user working in a home office For a single user working in a home office, I prefer Ubuntu or Fedora. Both distributions offer a version that is compatible for use in a desktop environment. They ship with common software that a user may want to work in a home office such as LibreOffice. They also make it easy to install proprietary software that may be needed for working with or viewing different types of multimedia. Both of these distrubutions have different support cycles for their software and typically run on newer versions of the Linux kernel. This means that the driver support is usually more up to date for newer devices and hardware and newer versions of software packages are usually available. Fedora is a RHEL based distribution and Ubuntu is a Debian based distribution. People who are more familiar with `yum` or `Gnome` will likely prefer Fedora. People who are more familiar with `apt` or `Unity` will likely prefer Ubuntu. Both Ubuntu and Fedora appear to have large communities. Support for both distributions is available through community forums, mailing lists, IRC and community websites. b. A university computer science lab In a university computer science lab, I think there is less of a need for a graphical user interface. OpenBSD is a good choice because it is known as a security focused BSD. This is useful in a university lab setting where multiple users work within the lab. OpenBSD supports running the XOrg X window system if the need for a minimal GUI is needed. c. A corporate web server A corporation may prefer to use either RedHat Enterprise Linux (RHEL) or CentOS. RHEL is an open source operating system but a license must be purchased for the specific flavour of this distribution. The pricing and options are available [here](https://www.redhat.com/en/store/linux-platforms). For a corporate web server I recommend the [Red Hat Enterprise Linux Server](https://www.redhat.com/en/store/red-hat-enterprise-linux-server#?sku=RH00005). A purchase includes different levels of support that is helpful in a corporate environment. Depending on the corporation, they may not need the support that a RHEL purchase provides because they have engineers that can support the web server. In that case, they may choose to use CentOS. [CentOS](https://centos.org) is the Community Enterprise OS, which is a binary compatible distribution of RHEL without the cost or support. Both distributations ship with stable versions of the Linux kernel. This stability is important for key pieces of infrastructure, such as a corporate web server. These operating systems also ship with default yum repos that provide regular security updates. RHEL has the advantage of releasing security patches earlier but CentOS usually [catches up within 24 - 72 hours](https://wiki.centos.org/FAQ/General#head-cea9337e6513cc1567c4d05afbd693f1f7038ccb). RHEL based distros ship with the Security Enhanced (SELinux) Linux modules that provides mechanisms for better management of access controls. To ensure that different users of the system have the appropriate access controls to be able to manage the server. 2. What is the current status of Linux kernel development? What are the hot issues? Who are some of the key players? How is the project managed? The current latest stable Linux kernel is [5.2.13](https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.13). The current mainline is [5.3-rc7](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/rawdiff/?id=v5.3-rc7&id2=v5.2). The current list of maintained kernel versions are: * [4.19.71](https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.71) * [4.14.142](https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.142) * [4.9.191](https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.191) * [4.4.191](https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.191) * [3.16.73](https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.73) The current Linux kernel merge window is closed. [5.3-rc7](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/rawdiff/?id=v5.3-rc7&id2=v5.2) is being stabilized so that a new stable version can be released. Once `5.3` is stabilized and released, the next merge window will open. Once the merge window is open, new feature can be added. [The Big Picture](https://www.kernel.org/doc/html/v5.2/process/2.Process.html#the-big-picture) describes the following process for Kernel development. 1. Stable version is released. 2. Merge window for next release opens. (approximate for 2 weeks) 3. New features, patches are merged. The items that are chosen to be merged into mainline are vetted by several subsystem maintainers. The patches accepted by maintainers are then reviewed and merged into mainline by Linus Torvalds. 4. RC-1 is cut and the merge window closes. Only changes that help stabilize the release candidate are merged during this time. 5. Approximately, 7-9 release candidates are released before a new stable release is cut and released. Go to step 1. One of the most recent pieces of news about Linux kernel development is about [memory optimization in the slab memory controller](https://lkml.org/lkml/2019/9/5/1132). This proposed change has been tested in production at Facebook with memory savings of: 1. web frontend, 650-700 Mb, ~42% of slab memory 2. database cache, 750-800 Mb, ~35% of slab memory 3. dns server, 700 Mb, ~36% of slab memory The Linux kernel is supported by volunteers, RedHat, Packet, Fastly, Google, The Linux Foundation and many other organizations. These organizations donate money, engineers, patches, drivers to help support Linux kernel development. 3. Draw a dependency graph that shows which daemons must be started before other daemons on your Linux system. Since 2015, most Linux distributations have moved away from `UNIX System V` to `systemd`. [systemd](https://en.wikipedia.org/wiki/Systemd) provides: 1. A system and service manager. 1. A software platform. 1. A bridge between applications and the kernel via interfaces that expose Kernal API's. ```bash $ systemd-analyze critical-chain The time when unit became active or started is printed after the "@" character. The time the unit took to start is printed after the "+" character. graphical.target @9.797s └─multi-user.target @9.796s └─docker.service @6.941s +2.557s └─network-online.target @6.938s └─NetworkManager-wait-online.service @3.580s +3.357s └─NetworkManager.service @3.529s +49ms └─network-pre.target @3.527s └─firewalld.service @2.099s +1.427s └─polkit.service @2.671s +406ms └─basic.target @2.095s └─dbus-broker.service @2.135s +212ms └─dbus.socket @2.087s └─sysinit.target @2.085s └─sys-fs-fuse-connections.mount @15.058s +5ms └─systemd-journald.socket └─-.mount └─system.slice └─-.slice ``` Or we can plot the dependencies between all known target units. ```bash $ systemd-analzye dot --to-pattern='*.target' --from-pattern='*.target' | dot -Tsvg > systemd.svg ``` ![systemd](systemd.svg) ## Lab 2 Linux installation can happen smoothly and automatically, but sometimes there are problems to be solved. Write a professional report on the installation process of Linux/UNIX on your system. Include as much of the following as is relevant to your installation. There may be many other issues not listed below that you had to deal with. Include those as well. Your report should include advice to other people attempting to do the same. 1. List required hardware and the hardware provided by your system. In particular, the * CPU * floppy disk drive * bootable CD drive * RAM * space allocated on the hard disk drive 2. Indicate software requirements according to the system you have used: * Windows * stand-alone Linux * separate partition * dedicated hard disk * resized Windows partition 3. Provide details of CD ROM, hard disk, and mouse information: * SCSI CD-ROM * swap partition * mouse model * time zone * the port that the mouse uses 4. Provide video and monitor details: * monitor manufacturer and model * X-windows configuration * chipset used by the video * the vertical refresh rate 5. Include network configuration: * DHCP server * computer name * domain name * IP address * the netmask * the broadcast address g. the NIS domain * the Samba server ### Installing Fedora Workstation To install the latest Fedora 30 workstation operating system your computer must meet the following mimimum system requirements. 1. CPU: 1GHz 1. Floppy disk drive: Not required 1. Bootable CD drive: Not required 1. RAM: 1GB 1. HDD: 10GB unallocated 1. USB: Minimum of 1 USB 2.0 port is recommended For this installation a USB flash drive is required. This installation will describe how to setup a stand-alone Linux environment. Dual boot is possible but will not be covered in this document. * Download the latest Fedora 30 DVD ISO from https://getfedora.org/en/workstation/download/ * Verify the download by verifying the checksum of the downloaded image. https://getfedora.org/en/security/ * Write the DVD ISO to a flash drive. ```bash $ dd if=/path/to/image.iso of=/dev/sdX bs=8M # use lsblk to identify the usb flash storage device ``` * After the ISO is written to the flash drive you will need to reboot the machine with the flash drive inserted. You might need to tweak the boot settings to boot from the flash drive before the hard disk. Accessing the BIOS configuration is dependent on the device. On my machine pressing F2 during startup will take me to the boot configuration menu. * Once the system boots from the USB flash drive follow the on screen instructions for installing Fedora 30. * After installation is complete, remove the USB flash storage device and restart the computer. * Use the credentials created during the setup process to login. * Open a terminal and type: ```bash $ sudo yum update $ sudo yum upgrade ``` Your system is now ready and up to date. The system that I am using to prepare this document has the following configuration: ### System information * CPU ```bash モ lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian Address sizes: 36 bits physical, 48 bits virtual CPU(s): 8 On-line CPU(s) list: 0-7 Thread(s) per core: 2 Core(s) per socket: 4 Socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 58 Model name: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz Stepping: 9 CPU MHz: 1604.968 CPU max MHz: 3900.0000 CPU min MHz: 1600.0000 BogoMIPS: 7021.40 Virtualization: VT-x L1d cache: 32K L1i cache: 32K L2 cache: 256K L3 cache: 8192K NUMA node0 CPU(s): 0-7 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm cpuid_fault epb pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt dtherm ida arat pln pts md_clear flush_l1d ``` * PCI ```bash モ lspci 00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor DRAM Controller (rev 09) 00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor PCI Express Root Port (rev 09) 00:14.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset Family USB xHCI Host Controller (rev 04) 00:16.0 Communication controller: Intel Corporation 7 Series/C216 Chipset Family MEI Controller #1 (rev 04) 00:19.0 Ethernet controller: Intel Corporation 82579V Gigabit Network Connection (rev 04) 00:1a.0 USB controller: Intel Corporation 7 Series/C216 Chipset Family USB Enhanced Host Controller #2 (rev 04) 00:1b.0 Audio device: Intel Corporation 7 Series/C216 Chipset Family High Definition Audio Controller (rev 04) 00:1c.0 PCI bridge: Intel Corporation 7 Series/C216 Chipset Family PCI Express Root Port 1 (rev c4) 00:1c.2 PCI bridge: Intel Corporation 7 Series/C210 Series Chipset Family PCI Express Root Port 3 (rev c4) 00:1c.3 PCI bridge: Intel Corporation 7 Series/C216 Chipset Family PCI Express Root Port 4 (rev c4) 00:1c.4 PCI bridge: Intel Corporation 82801 PCI Bridge (rev c4) 00:1c.6 PCI bridge: Intel Corporation 7 Series/C210 Series Chipset Family PCI Express Root Port 7 (rev c4) 00:1c.7 PCI bridge: Intel Corporation 7 Series/C210 Series Chipset Family PCI Express Root Port 8 (rev c4) 00:1d.0 USB controller: Intel Corporation 7 Series/C216 Chipset Family USB Enhanced Host Controller #1 (rev 04) 00:1f.0 ISA bridge: Intel Corporation Z77 Express Chipset LPC Controller (rev 04) 00:1f.2 SATA controller: Intel Corporation 7 Series/C210 Series Chipset Family 6-port SATA Controller [AHCI mode] (rev 04) 00:1f.3 SMBus: Intel Corporation 7 Series/C216 Chipset Family SMBus Controller (rev 04) 01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/570X/580/580X/590] (rev e7) 01:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere HDMI Audio [Radeon RX 470/480 / 570/580/590] 03:00.0 USB controller: ASMedia Technology Inc. ASM1042 SuperSpeed USB Host Controller 04:00.0 SATA controller: ASMedia Technology Inc. ASM1062 Serial ATA Controller (rev 01) 05:00.0 PCI bridge: ASMedia Technology Inc. ASM1083/1085 PCIe to PCI Bridge (rev 03) 07:00.0 Network controller: Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01) 08:00.0 USB controller: ASMedia Technology Inc. ASM1042 SuperSpeed USB Host Controller ``` * Memory ```bash モ lsmem | tail -n3 Memory block size: 128M Total online memory: 32G Total offline memory: 0B ``` * USB devices ```bash モ lsusb Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 008 Device 004: ID 2109:0812 VIA Labs, Inc. VL812 Hub Bus 008 Device 003: ID 2109:0812 VIA Labs, Inc. VL812 Hub Bus 008 Device 002: ID 2109:0812 VIA Labs, Inc. VL812 Hub Bus 008 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 007 Device 007: ID 045e:00db Microsoft Corp. Natural Ergonomic Keyboard 4000 V1.0 Bus 007 Device 005: ID 2109:2812 VIA Labs, Inc. VL812 Hub Bus 007 Device 006: ID 045e:0029 Microsoft Corp. IntelliMouse Optical Bus 007 Device 004: ID 2109:2812 VIA Labs, Inc. VL812 Hub Bus 007 Device 003: ID 046d:085c Logitech, Inc. C922 Pro Stream Webcam Bus 007 Device 002: ID 2109:2812 VIA Labs, Inc. VL812 Hub Bus 007 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 003 Device 002: ID 0a5c:21e8 Broadcom Corp. BCM20702A0 Bluetooth 4.0 Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub ``` * Block devices ```bash モ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 931.5G 0 disk └─sda1 8:1 0 931.5G 0 part sdb 8:16 0 232.9G 0 disk ├─sdb1 8:17 0 1G 0 part /boot └─sdb2 8:18 0 231.9G 0 part ├─fedora_localhost--live-root 253:0 0 70G 0 lvm / ├─fedora_localhost--live-swap 253:1 0 15.7G 0 lvm [SWAP] └─fedora_localhost--live-home 253:2 0 146.2G 0 lvm /home ``` * Time and date settings ```bash モ timedatectl Local time: Sat 2019-09-28 15:12:16 MDT Universal time: Sat 2019-09-28 21:12:16 UTC RTC time: Sat 2019-09-28 21:12:16 Time zone: America/Edmonton (MDT, -0600) System clock synchronized: yes NTP service: active RTC in local TZ: no ``` * Hostname ```bash モ hostname localhost.localdomain ``` * Network addresses ```bash モ ip addr show 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno1: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 10:bf:48:7c:c8:9b brd ff:ff:ff:ff:ff:ff inet 192.168.128.58/24 brd 192.168.128.255 scope global dynamic noprefixroute eno1 valid_lft 583485sec preferred_lft 583485sec inet6 fe80::bdb7:fce0:3736:ce93/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: wlp7s0: mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether ce:77:3a:58:2c:0a brd ff:ff:ff:ff:ff:ff 4: virbr0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:ce:7b:4d brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 5: virbr0-nic: mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:ce:7b:4d brd ff:ff:ff:ff:ff:ff 6: docker0: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:44:ef:dc:62 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:44ff:feef:dc62/64 scope link valid_lft forever preferred_lft forever ``` * Full hardware report ```bash モ sudo lshw -short H/W path Device Class Description ============================================================= system System Product Name (SKU) /0 bus P8Z77-V PRO /0/0 memory 64KiB BIOS /0/4 processor Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz /0/4/5 memory 32KiB L1 cache /0/4/6 memory 256KiB L2 cache /0/4/7 memory 8MiB L3 cache /0/1 memory 32GiB System memory /0/1/0 memory 8GiB DIMM DDR3 Synchronous 1333 MHz (0.8 ns) /0/1/1 memory 8GiB DIMM DDR3 Synchronous 1333 MHz (0.8 ns) /0/1/2 memory 8GiB DIMM DDR3 Synchronous 1333 MHz (0.8 ns) /0/1/3 memory 8GiB DIMM DDR3 Synchronous 1333 MHz (0.8 ns) /0/100 bridge Xeon E3-1200 v2/3rd Gen Core processor DRAM Controller /0/100/1 bridge Xeon E3-1200 v2/3rd Gen Core processor PCI Express Root Port /0/100/1/0 display Ellesmere [Radeon RX 470/480/570/570X/580/580X/590] /0/100/1/0.1 multimedia Ellesmere HDMI Audio [Radeon RX 470/480 / 570/580/590] /0/100/14 bus 7 Series/C210 Series Chipset Family USB xHCI Host Controller /0/100/14/0 usb3 bus xHCI Host Controller /0/100/14/0/1 generic BCM20702A0 /0/100/14/1 usb4 bus xHCI Host Controller /0/100/16 communication 7 Series/C216 Chipset Family MEI Controller #1 /0/100/19 eno1 network 82579V Gigabit Network Connection /0/100/1a bus 7 Series/C216 Chipset Family USB Enhanced Host Controller #2 /0/100/1a/1 usb1 bus EHCI Host Controller /0/100/1a/1/1 bus Integrated Rate Matching Hub /0/100/1b multimedia 7 Series/C216 Chipset Family High Definition Audio Controller /0/100/1c bridge 7 Series/C216 Chipset Family PCI Express Root Port 1 /0/100/1c.2 bridge 7 Series/C210 Series Chipset Family PCI Express Root Port 3 /0/100/1c.2/0 bus ASM1042 SuperSpeed USB Host Controller /0/100/1c.2/0/0 usb5 bus xHCI Host Controller /0/100/1c.2/0/1 usb6 bus xHCI Host Controller /0/100/1c.3 bridge 7 Series/C216 Chipset Family PCI Express Root Port 4 /0/100/1c.3/0 scsi6 storage ASM1062 Serial ATA Controller /0/100/1c.3/0/0 /dev/sda disk 1TB ST31000340AS /0/100/1c.3/0/0/1 /dev/sda1 volume 931GiB EXT4 volume /0/100/1c.3/0/1 /dev/sdb disk 250GB Samsung SSD 840 /0/100/1c.3/0/1/1 /dev/sdb1 volume 1GiB EXT4 volume /0/100/1c.3/0/1/2 /dev/sdb2 volume 231GiB Linux LVM Physical Volume partition /0/100/1c.4 bridge 82801 PCI Bridge /0/100/1c.4/0 bridge ASM1083/1085 PCIe to PCI Bridge /0/100/1c.6 bridge 7 Series/C210 Series Chipset Family PCI Express Root Port 7 /0/100/1c.6/0 wlp7s0 network AR9485 Wireless Network Adapter /0/100/1c.7 bridge 7 Series/C210 Series Chipset Family PCI Express Root Port 8 /0/100/1c.7/0 bus ASM1042 SuperSpeed USB Host Controller /0/100/1c.7/0/0 usb7 bus xHCI Host Controller /0/100/1c.7/0/0/1 bus USB2.0 Hub /0/100/1c.7/0/0/1/1 multimedia C922 Pro Stream Webcam /0/100/1c.7/0/0/1/2 bus USB2.0 Hub /0/100/1c.7/0/0/1/2/1 input Microsoft IntelliMouse /0/100/1c.7/0/0/1/3 bus USB2.0 Hub /0/100/1c.7/0/0/1/3/1 input Natural /0/100/1c.7/0/1 usb8 bus xHCI Host Controller /0/100/1c.7/0/1/1 bus USB3.0 Hub /0/100/1c.7/0/1/1/2 bus USB3.0 Hub /0/100/1c.7/0/1/1/3 bus USB3.0 Hub /0/100/1d bus 7 Series/C216 Chipset Family USB Enhanced Host Controller #1 /0/100/1d/1 usb2 bus EHCI Host Controller /0/100/1d/1/1 bus Integrated Rate Matching Hub /0/100/1f bridge Z77 Express Chipset LPC Controller /0/100/1f.2 storage 7 Series/C210 Series Chipset Family 6-port SATA Controller [AHCI mod /0/100/1f.3 bus 7 Series/C216 Chipset Family SMBus Controller /0/2 system PnP device PNP0c01 /0/3 system PnP device PNP0c02 /0/5 system PnP device PNP0b00 /0/6 generic PnP device INT3f0d /0/7 system PnP device PNP0c02 /0/8 system PnP device PNP0c02 /0/9 system PnP device PNP0c02 /1 power To Be Filled By O.E.M. /2 docker0 network Ethernet interface /3 virbr0-nic network Ethernet interface /4 virbr0 network Ethernet interface ``` * Monitor information ```bash モ edid-decode /sys/class/drm/card0-HDMI-A-1/edid Extracted contents: header: 00 ff ff ff ff ff ff 00 serial number: 4c 2d cc 08 52 4e 34 5a 23 16 version: 01 03 basic params: 80 34 1d 78 2a chroma info: 7d d1 a4 56 50 a1 28 0f 50 54 established: bf ef 80 standard: 71 4f 81 c0 81 00 81 80 95 00 a9 c0 b3 00 01 01 descriptor 1: 02 3a 80 18 71 38 2d 40 58 2c 45 00 09 25 21 00 00 1e descriptor 2: 01 1d 00 72 51 d0 1e 20 6e 28 55 00 09 25 21 00 00 1e descriptor 3: 00 00 00 fd 00 32 4b 1e 51 11 00 0a 20 20 20 20 20 20 descriptor 4: 00 00 00 fc 00 53 32 34 42 33 30 30 0a 20 20 20 20 20 extensions: 01 checksum: 03 EDID version: 1.3 Manufacturer: SAM Model 8cc Serial Number 1513377362 Made in week 35 of 2012 Digital display Maximum image size: 52 cm x 29 cm Gamma: 2.20 DPMS levels: Off RGB color display First detailed timing is preferred timing Display x,y Chromaticity: Red: 0.6416, 0.3388 Green: 0.3154, 0.6298 Blue: 0.1591, 0.0595 White: 0.3125, 0.3291 Established timings supported: 720x400@70Hz 9:5 HorFreq: 31469 Hz Clock: 28.320 MHz 640x480@60Hz 4:3 HorFreq: 31469 Hz Clock: 25.175 MHz 640x480@67Hz 4:3 HorFreq: 35000 Hz Clock: 30.240 MHz 640x480@72Hz 4:3 HorFreq: 37900 Hz Clock: 31.500 MHz 640x480@75Hz 4:3 HorFreq: 37500 Hz Clock: 31.500 MHz 800x600@56Hz 4:3 HorFreq: 35200 Hz Clock: 36.000 MHz 800x600@60Hz 4:3 HorFreq: 37900 Hz Clock: 40.000 MHz 800x600@72Hz 4:3 HorFreq: 48100 Hz Clock: 50.000 MHz 800x600@75Hz 4:3 HorFreq: 46900 Hz Clock: 49.500 MHz 832x624@75Hz 4:3 HorFreq: 49726 Hz Clock: 57.284 MHz 1024x768@60Hz 4:3 HorFreq: 48400 Hz Clock: 65.000 MHz 1024x768@70Hz 4:3 HorFreq: 56500 Hz Clock: 75.000 MHz 1024x768@75Hz 4:3 HorFreq: 60000 Hz Clock: 78.750 MHz 1280x1024@75Hz 5:4 HorFreq: 80000 Hz Clock: 135.000 MHz 1152x870@75Hz 192:145 HorFreq: 67500 Hz Clock: 108.000 MHz Standard timings supported: 1152x864@75Hz 4:3 HorFreq: 67500 Hz Clock: 108.000 MHz 1280x720@60Hz 16:9 1280x800@60Hz 16:10 1280x1024@60Hz 5:4 HorFreq: 64000 Hz Clock: 108.000 MHz 1440x900@60Hz 16:10 HorFreq: 55500 Hz Clock: 88.750 MHz 1600x900@60Hz 16:9 1680x1050@60Hz 16:10 HorFreq: 64700 Hz Clock: 119.000 MHz Detailed mode: Clock 148.500 MHz, 521 mm x 293 mm 1920 2008 2052 2200 hborder 0 1080 1084 1089 1125 vborder 0 +hsync +vsync VertFreq: 60 Hz, HorFreq: 67500 Hz Detailed mode: Clock 74.250 MHz, 521 mm x 293 mm 1280 1390 1430 1650 hborder 0 720 725 730 750 vborder 0 +hsync +vsync VertFreq: 60 Hz, HorFreq: 45000 Hz Monitor ranges (GTF): 50-75Hz V, 30-81kHz H, max dotclock 170MHz Monitor name: S24B300 Has 1 extension blocks Checksum: 0x3 (valid) CTA extension block Extension version: 3 13 bytes of CTA data Video data block VIC 16 1920x1080@60Hz 16:9 (native) HorFreq: 67500 Hz Clock: 148.500 MHz VIC 4 1280x720@60Hz 16:9 HorFreq: 45000 Hz Clock: 74.250 MHz VIC 31 1920x1080@50Hz 16:9 HorFreq: 56250 Hz Clock: 148.500 MHz VIC 19 1280x720@50Hz 16:9 HorFreq: 37500 Hz Clock: 74.250 MHz VIC 18 720x576@50Hz 16:9 HorFreq: 31250 Hz Clock: 27.000 MHz VIC 3 720x480@60Hz 16:9 HorFreq: 31469 Hz Clock: 27.000 MHz Vendor-specific data block, OUI 000c03 (HDMI) Source physical address 1.0.0.0 Underscans PC formats by default Supports YCbCr 4:4:4 Supports YCbCr 4:2:2 1 native detailed modes Detailed mode: Clock 74.250 MHz, 521 mm x 293 mm 1280 1720 1760 1980 hborder 0 720 725 730 750 vborder 0 +hsync +vsync VertFreq: 50 Hz, HorFreq: 37500 Hz Detailed mode: Clock 27.000 MHz, 521 mm x 293 mm 720 732 796 864 hborder 0 576 581 586 625 vborder 0 -hsync -vsync VertFreq: 50 Hz, HorFreq: 31250 Hz Detailed mode: Clock 27.000 MHz, 521 mm x 293 mm 720 736 798 858 hborder 0 480 489 495 525 vborder 0 -hsync -vsync VertFreq: 59 Hz, HorFreq: 31468 Hz Checksum: 0x51 (valid) ``` ## Lab 3 1. Study the system configuration files and answer the following questions: a. What startup style does your system most resemble, BSD or AT&T? [System V](https://en.wikipedia.org/wiki/UNIX_System_V) is the init system that evolved from [System III](https://en.wikipedia.org/wiki/UNIX_System_III). For quite some time many Linux distrubitions including [Fedora](https://getfedora.org) used the System V init system. I am running Fedora 30 Workstation which currently uses the [systemd](https://en.wikipedia.org/wiki/Systemd) [init](https://en.wikipedia.org/wiki/Init) system. The [systemd](https://en.wikipedia.org/wiki/Systemd) init system is meant to replace the System V and BSD init systems. b. Why? Give at least two reasons for your answer above. (Examples would be presence or absence of /etc/inittab, init.d scripts, etc.) Most of the binaries that ship with the system are stored in `/usr/bin/` and `/usr/sbin` instead of `/bin` and `/sbin/`. Fedora also has a `/etc/inittab` and `/etc/init.d`. Fedora doesn't have an `/etc/rc.conf`. An OpenBSD system has startup scripts defined in `/etc/rc.d`. ```bash モ tree /etc/rc.d/ /etc/rc.d/ ├── init.d │ ├── functions │ ├── livesys │ ├── livesys-late │ └── README ├── rc0.d │ ├── K01livesys-late -> ../init.d/livesys-late │ └── K99livesys -> ../init.d/livesys ├── rc1.d │ ├── K01livesys-late -> ../init.d/livesys-late │ └── K99livesys -> ../init.d/livesys ├── rc2.d │ ├── K01livesys-late -> ../init.d/livesys-late │ └── K99livesys -> ../init.d/livesys ├── rc3.d │ ├── S00livesys -> ../init.d/livesys │ └── S99livesys-late -> ../init.d/livesys-late ├── rc4.d │ ├── S00livesys -> ../init.d/livesys │ └── S99livesys-late -> ../init.d/livesys-late ├── rc5.d │ ├── S00livesys -> ../init.d/livesys │ └── S99livesys-late -> ../init.d/livesys-late └── rc6.d ├── K01livesys-late -> ../init.d/livesys-late └── K99livesys -> ../init.d/livesys 8 directories, 18 files ``` Fedora attemps to map the System V init system to the systemd, but the bulk of the processes that are started during init are managed by systemd. c. Which directory contains the rc.d (or similar file)? Explain the contents of the rc.d (or the file/s) that does the same in your setup. On Fedora, the `/etc/rc.d` is mostly empty. There's a couple of shell scripts but it looks like it might be used for running Fedora from a live CD. ```bash モ tree /etc/rc.d/ /etc/rc.d/ ├── init.d │ ├── functions │ ├── livesys │ ├── livesys-late │ └── README ├── rc0.d │ ├── K01livesys-late -> ../init.d/livesys-late │ └── K99livesys -> ../init.d/livesys ├── rc1.d │ ├── K01livesys-late -> ../init.d/livesys-late │ └── K99livesys -> ../init.d/livesys ├── rc2.d │ ├── K01livesys-late -> ../init.d/livesys-late │ └── K99livesys -> ../init.d/livesys ├── rc3.d │ ├── S00livesys -> ../init.d/livesys │ └── S99livesys-late -> ../init.d/livesys-late ├── rc4.d │ ├── S00livesys -> ../init.d/livesys │ └── S99livesys-late -> ../init.d/livesys-late ├── rc5.d │ ├── S00livesys -> ../init.d/livesys │ └── S99livesys-late -> ../init.d/livesys-late └── rc6.d ├── K01livesys-late -> ../init.d/livesys-late └── K99livesys -> ../init.d/livesys 8 directories, 18 files ``` The latest version of Fedora uses `systemd` for managing startup daemons. `systemd` is configured using unit files. ```bash モ tree /etc/systemd/system/ /etc/systemd/system/ ├── bluetooth.target.wants │ └── bluetooth.service -> /usr/lib/systemd/system/bluetooth.service ├── ctrl-alt-del.target -> /usr/lib/systemd/system/reboot.target ├── dbus-org.bluez.service -> /usr/lib/systemd/system/bluetooth.service ├── dbus-org.fedoraproject.FirewallD1.service -> /usr/lib/systemd/system/firewalld.service ├── dbus-org.freedesktop.Avahi.service -> /usr/lib/systemd/system/avahi-daemon.service ├── dbus-org.freedesktop.ModemManager1.service -> /usr/lib/systemd/system/ModemManager.service ├── dbus-org.freedesktop.nm-dispatcher.service -> /usr/lib/systemd/system/NetworkManager-dispatcher.service ├── dbus-org.freedesktop.timedate1.service -> /usr/lib/systemd/system/timedatex.service ├── dbus.service -> /usr/lib/systemd/system/dbus-broker.service ├── default.target -> /lib/systemd/system/graphical.target ├── dev-virtio\x2dports-org.qemu.guest_agent.0.device.wants │ └── qemu-guest-agent.service -> /usr/lib/systemd/system/qemu-guest-agent.service ├── display-manager.service -> /usr/lib/systemd/system/gdm.service ├── getty.target.wants │ └── getty@tty1.service -> /usr/lib/systemd/system/getty@.service ├── graphical.target.wants │ ├── accounts-daemon.service -> /usr/lib/systemd/system/accounts-daemon.service │ ├── rtkit-daemon.service -> /usr/lib/systemd/system/rtkit-daemon.service │ ├── switcheroo-control.service -> /usr/lib/systemd/system/switcheroo-control.service │ └── udisks2.service -> /usr/lib/systemd/system/udisks2.service ├── messagebus.service -> /usr/lib/systemd/system/dbus-broker.service ├── multi-user.target.wants │ ├── abrtd.service -> /usr/lib/systemd/system/abrtd.service │ ├── abrt-journal-core.service -> /usr/lib/systemd/system/abrt-journal-core.service │ ├── abrt-oops.service -> /usr/lib/systemd/system/abrt-oops.service │ ├── abrt-vmcore.service -> /usr/lib/systemd/system/abrt-vmcore.service │ ├── abrt-xorg.service -> /usr/lib/systemd/system/abrt-xorg.service │ ├── atd.service -> /usr/lib/systemd/system/atd.service │ ├── auditd.service -> /usr/lib/systemd/system/auditd.service │ ├── avahi-daemon.service -> /usr/lib/systemd/system/avahi-daemon.service │ ├── chronyd.service -> /usr/lib/systemd/system/chronyd.service │ ├── crond.service -> /usr/lib/systemd/system/crond.service │ ├── cups.path -> /usr/lib/systemd/system/cups.path │ ├── dbxtool.service -> /usr/lib/systemd/system/dbxtool.service │ ├── dkms.service -> /usr/lib/systemd/system/dkms.service │ ├── dnf-makecache.timer -> /usr/lib/systemd/system/dnf-makecache.timer │ ├── docker.service -> /usr/lib/systemd/system/docker.service │ ├── firewalld.service -> /usr/lib/systemd/system/firewalld.service │ ├── libvirtd.service -> /usr/lib/systemd/system/libvirtd.service │ ├── mcelog.service -> /usr/lib/systemd/system/mcelog.service │ ├── mdmonitor.service -> /usr/lib/systemd/system/mdmonitor.service │ ├── ModemManager.service -> /usr/lib/systemd/system/ModemManager.service │ ├── NetworkManager.service -> /usr/lib/systemd/system/NetworkManager.service │ ├── nfs-client.target -> /usr/lib/systemd/system/nfs-client.target │ ├── remote-fs.target -> /usr/lib/systemd/system/remote-fs.target │ ├── rngd.service -> /usr/lib/systemd/system/rngd.service │ ├── sssd.service -> /usr/lib/systemd/system/sssd.service │ ├── vboxautostart-service.service -> /usr/lib/systemd/system/vboxautostart-service.service │ ├── vboxballoonctrl-service.service -> /usr/lib/systemd/system/vboxballoonctrl-service.service │ ├── vboxdrv.service -> /usr/lib/systemd/system/vboxdrv.service │ ├── vboxservice.service -> /usr/lib/systemd/system/vboxservice.service │ ├── vboxweb-service.service -> /usr/lib/systemd/system/vboxweb-service.service │ └── vmtoolsd.service -> /usr/lib/systemd/system/vmtoolsd.service ├── network-online.target.wants │ └── NetworkManager-wait-online.service -> /usr/lib/systemd/system/NetworkManager-wait-online.service ├── nfs-blkmap.service.requires │ └── nfs-convert.service -> /usr/lib/systemd/system/nfs-convert.service ├── nfs-idmapd.service.requires │ └── nfs-convert.service -> /usr/lib/systemd/system/nfs-convert.service ├── nfs-mountd.service.requires │ └── nfs-convert.service -> /usr/lib/systemd/system/nfs-convert.service ├── nfs-server.service.requires │ └── nfs-convert.service -> /usr/lib/systemd/system/nfs-convert.service ├── nginx.service.d ├── printer.target.wants │ └── cups.service -> /usr/lib/systemd/system/cups.service ├── redis-sentinel.service.d │ └── limit.conf ├── redis.service.d │ └── limit.conf ├── remote-fs.target.wants │ └── nfs-client.target -> /usr/lib/systemd/system/nfs-client.target ├── rpc-gssd.service.requires │ └── nfs-convert.service -> /usr/lib/systemd/system/nfs-convert.service ├── rpc-statd-notify.service.requires │ └── nfs-convert.service -> /usr/lib/systemd/system/nfs-convert.service ├── rpc-statd.service.requires │ └── nfs-convert.service -> /usr/lib/systemd/system/nfs-convert.service ├── sockets.target.wants │ ├── avahi-daemon.socket -> /usr/lib/systemd/system/avahi-daemon.socket │ ├── cups.socket -> /usr/lib/systemd/system/cups.socket │ ├── dbus.socket -> /usr/lib/systemd/system/dbus.socket │ ├── dm-event.socket -> /usr/lib/systemd/system/dm-event.socket │ ├── iscsid.socket -> /usr/lib/systemd/system/iscsid.socket │ ├── iscsiuio.socket -> /usr/lib/systemd/system/iscsiuio.socket │ ├── multipathd.socket -> /usr/lib/systemd/system/multipathd.socket │ ├── spice-vdagentd.socket -> /usr/lib/systemd/system/spice-vdagentd.socket │ ├── sssd-kcm.socket -> /usr/lib/systemd/system/sssd-kcm.socket │ ├── virtlockd.socket -> /usr/lib/systemd/system/virtlockd.socket │ └── virtlogd.socket -> /usr/lib/systemd/system/virtlogd.socket ├── sysinit.target.wants │ ├── dmraid-activation.service -> /usr/lib/systemd/system/dmraid-activation.service │ ├── import-state.service -> /usr/lib/systemd/system/import-state.service │ ├── iscsi.service -> /usr/lib/systemd/system/iscsi.service │ ├── lvm2-lvmetad.socket -> /usr/lib/systemd/system/lvm2-lvmetad.socket │ ├── lvm2-lvmpolld.socket -> /usr/lib/systemd/system/lvm2-lvmpolld.socket │ ├── lvm2-monitor.service -> /usr/lib/systemd/system/lvm2-monitor.service │ ├── multipathd.service -> /usr/lib/systemd/system/multipathd.service │ └── selinux-autorelabel-mark.service -> /usr/lib/systemd/system/selinux-autorelabel-mark.service ├── systemd-timedated.service -> /dev/null ├── timers.target.wants │ ├── mlocate-updatedb.timer -> /usr/lib/systemd/system/mlocate-updatedb.timer │ └── unbound-anchor.timer -> /usr/lib/systemd/system/unbound-anchor.timer └── vmtoolsd.service.requires ├── vgauthd.service -> /usr/lib/systemd/system/vgauthd.service └── vmtoolsd-init.service -> /usr/lib/systemd/system/vmtoolsd-init.service ``` d. What is stored in rc0.d? Execute the ls command while in rc0.d, and say what is common among all the files stored there. ```bash モ ls -alh /etc/rc0.d/ total 8.0K drwxr-xr-x. 2 root 4.0K Jun 28 07:45 ./ drwxr-xr-x. 10 root 4.0K Sep 3 07:01 ../ lrwxrwxrwx. 1 root 22 Apr 25 20:30 K01livesys-late -> ../init.d/livesys-late* lrwxrwxrwx. 1 root 17 Apr 25 20:30 K99livesys -> ../init.d/livesys* ``` On this system there is two shell scripts defined in the `/etc/rc0.d` directory. These two scripts are used for adding late init scripts for running the live image. e. What is the function of files stored in init.d and the /etc/inittab? On older systems the `init.d` is the directory where you place startup shell scripts. They typically respond to `start`, `stop` and sometimes `restart`. The `/etc/inittab` was used by the System V init system. It would define what processes to start and monitor. Fedora now uses `systemd`. ```bash モ cat /etc/inittab # inittab is no longer used. # # ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM. # # Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target # # systemd uses 'targets' instead of runlevels. By default, there are two main targets: # # multi-user.target: analogous to runlevel 3 # graphical.target: analogous to runlevel 5 # # To view current default target, run: # systemctl get-default # # To set a default target, run: # systemctl set-default TARGET.target ``` ```bash モ ls -alh /etc/init.d/ total 44K drwxr-xr-x. 2 root 4.0K Sep 3 07:01 ./ drwxr-xr-x. 10 root 4.0K Sep 3 07:01 ../ -rw-r--r--. 1 root 18K Jun 28 06:46 functions -rwxr-xr-x. 1 root 7.3K Apr 25 20:31 livesys* -rwxr-xr-x. 1 root 1.1K Apr 25 20:30 livesys-late* -rw-r--r--. 1 root 1.2K Sep 3 06:59 README ``` ```bash モ cat /etc/init.d/README You are looking for the traditional init scripts in /etc/rc.d/init.d, and they are gone? Here's an explanation on what's going on: You are running a systemd-based OS where traditional init scripts have been replaced by native systemd services files. Service files provide very similar functionality to init scripts. To make use of service files simply invoke "systemctl", which will output a list of all currently running services (and other units). Use "systemctl list-unit-files" to get a listing of all known unit files, including stopped, disabled and masked ones. Use "systemctl start foobar.service" and "systemctl stop foobar.service" to start or stop a service, respectively. For further details, please refer to systemctl(1). Note that traditional init scripts continue to function on a systemd system. An init script /etc/rc.d/init.d/foobar is implicitly mapped into a service unit foobar.service during system initialization. Thank you! Further reading: man:systemctl(1) man:systemd(1) http://0pointer.de/blog/projects/systemd-for-admins-3.html https://www.freedesktop.org/wiki/Software/systemd/Incompatibilities ``` f. How do you enable/disable the CTRL-ALT-DELETE as an alternative to shutdown? To start and stop the service you can use `systemctl`. ```bash モ systemctl start ctrl-alt-del.target ``` ```bash モ systemctl stop ctrl-alt-del.target ``` ```bash モ systemctl status ctrl-alt-del.target ● reboot.target - Reboot Loaded: loaded (/usr/lib/systemd/system/reboot.target; enabled; vendor preset: enabled) Active: inactive (dead) Docs: man:systemd.special(7) ``` ```bash モ systemctl list-unit-files | grep ctrl-alt ctrl-alt-del.target enabled ``` 2. Read the man page for the shutdown command. a. How do you shut down the system to a single-user mode? Try it and present results. On a systemd based system you need to change the current run-level. 1. run level 0: poweroff.target 1. run level 1: rescue.target 1. run level 3: multi-user.target 1. run level 5: graphical.target 1. run level 6: reboot.target The default run level on my system is: ```bash モ systemctl get-default graphical.target ``` To change the run level for a running system to single user mode, I need to change the run level to 1. ```bash モ systemctl isolate rescue.target ``` After running the above command the GUI's dissappeared and it looked like my system was rebooted. A single shell was shown with the following output: ```bash Fedora 30 (Workstation Edition) Kernel 5.2.13-200.fc30.x86_64 on an x86_64 (tty2) localhost login: mokha Password: System is going down. Unprivileged users are not permitted to log in anymore. For technical details, see pam_nologin(8). Authentication failure ``` The man page for `pam_nologin` says: ```bash DESCRIPTION pam_nologin is a PAM module that prevents users from logging into the system when /var/run/nologin or /etc/nologin exists. The contents of the file are displayed to the user. The pam_nologin module has no effect on the root user's ability to log in. ``` So I tried to enable logins for the root user. ```bash モ sudo -i [sudo] password for mokha: [root@localhost ~]# whoami root [root@localhost ~]# passwd Changing password for user root. New password: Retype new password: passwd: all authentication tokens updated successfully. ``` Then I tried to change the run level again. This time it would return me to the graphical login prompt. Next, I tried to look at the help for `init`. ```bash モ init --help init [OPTIONS...] {COMMAND} Send control commands to the init daemon. --help Show this help --no-wall Don't send wall message before halt/power-off/reboot Commands: 0 Power-off the machine 6 Reboot the machine 2, 3, 4, 5 Start runlevelX.target unit 1, s, S Enter rescue mode q, Q Reload init daemon configuration u, U Reexecute init daemon See the telinit(8) man page for details. ``` I decided to try using `init` to set the run level to recue mode. ```bash モ init 1 ``` This produced the same affect as earlier. So I was unable to switch into single user mode from Fedora. b. What’s difference between single-user mode and how the system normally runs? > Single-user mode is a mode where only the administrator (root) has access to the computer, > the mode is designed for maintenance and is often used for repairs. > - https://www.tldp.org/LDP/GNU-Linux-Tools-Summary/html/x5152.htm c. Explain options in the command "shutdown -t 100 +3 -h". [shutdown](https://ss64.com/bash/shutdown.html) says: ```text Shutdown or restart linux Syntax shutdown [options] when [message] Options -c Cancel a shutdown that is in progress. -f Reboot fast, by suppressing the normal call to fsck when rebooting. -h Halt the system when shutdown is complete. -k Print the warning message, but suppress actual shutdown. -n Perform shutdown without a call to init. -r Reboot the system when shutdown is complete. -t sec Ensure a sec-second delay between killing processes and changing the runlevel. Examples Shutdown immediately: shutdown -h now Reboot immediately: shutdown -r now Shutdown at 8 pm: shutdown -h 20:00 Shutdown in 10 minutes: shutdown -h +10 ``` The command `shutdown -t 100 +3 -h` will halt the system in 3 minutes and ensure a 100 second delay between killing processes and changing the runlevel. d. How do you boot into single-user mode? > 1. At the GRUB splash screen at boot time, press any key to enter the GRUB interactive menu. > 1. Select Fedora with the version of the kernel that you wish to boot and type `a` to append the line. > 1. Go to the end of the line and type `single` as a separate word (press the `Spacebar` and then type `single`). > Press `Enter` to exit edit mode. > - https://docs.fedoraproject.org/en-US/Fedora/13/html/Installation_Guide/s1-rescuemode-booting-single.html e. What, if anything, do you notice that is different about booting into single-user mode compared to shutting down to single-user mode? When booting into single user mode everthing appears to be the same. However, when I look at the process listing many processes aren't started. For example many services that usually start up with systemd are not running. However, I was not able to switch to runlevel 1. f. Shut the system down; then boot it normally. Look in the file /var/log/messages (often /var/adm/messages on some systems). How does the information in the “messages” file compare with what appears on the screen during boot? The file `/var/log/messages` and `/var/adm/messages` does not exist. A `/var/log/README` has the following explanation. ```text You are looking for the traditional text log files in /var/log, and they are gone? Here's an explanation on what's going on: You are running a systemd-based OS where traditional syslog has been replaced with the Journal. The journal stores the same (and more) information as classic syslog. To make use of the journal and access the collected log data simply invoke "journalctl", which will output the logs in the identical text-based format the syslog files in /var/log used to be. For further details, please refer to journalctl(1). Alternatively, consider installing one of the traditional syslog implementations available for your distribution, which will generate the classic log files for you. Syslog implementations such as syslog-ng or rsyslog may be installed side-by-side with the journal and will continue to function the way they always did. Thank you! Further reading: man:journalctl(1) man:systemd-journald.service(8) man:journald.conf(5) http://0pointer.de/blog/projects/the-journal.html ``` Running `journalctl --folow -k` includes logs from the kernel which is similar to what appears on screen during the boot process. 3. Linux Startup a. Run the dmesg command, and list which devices are assigned to each of CD-ROM, HD, and floppy disk. This system does not have a CD-ROM or floppy disk. `dmesg` shows that the kernel identifier two disks. `sda` assigned to a 1TB disk and `sdb` assigned to a 250 GB disk. ```bash モ dmesg | grep -E 'sd[ab]' [ 1.406725] sd 6:0:0:0: [sda] 1953525168 512-byte logical blocks: (1.00 TB/932 GiB) [ 1.406763] sd 6:0:0:0: [sda] Write Protect is off [ 1.406766] sd 6:0:0:0: [sda] Mode Sense: 00 3a 00 00 [ 1.406796] sd 6:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 1.421233] sda: sda1 [ 1.421910] sd 6:0:0:0: [sda] Attached SCSI disk [ 1.870382] sd 7:0:0:0: [sdb] 488397168 512-byte logical blocks: (250 GB/233 GiB) [ 1.870394] sd 7:0:0:0: [sdb] Write Protect is off [ 1.870396] sd 7:0:0:0: [sdb] Mode Sense: 00 3a 00 00 [ 1.870414] sd 7:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 1.870965] sdb: sdb1 sdb2 [ 1.871492] sd 7:0:0:0: [sdb] Attached SCSI disk [ 6.869352] EXT4-fs (sdb1): mounted filesystem with ordered data mode. Opts: (null) ``` b. What do you think the following (or a similar line) in dmesg output means? `Linux version 2.6.5-1.358 (bhcompile@bugs.build.redhat.com) (gcc version 3.3.3 20040412 (Red Hat Linux 3.3.3-7)) #1 Sat May 8 09:04:50 DT 2004`. It means that the system booted up with version `2.6.5-1.358` of the linux kernel. The kernel was compiled with `gcc` version 3.3.3 and the running linux distribution if a flavour of `Red Hat Linux`. c. Is there an Ethernet card detected on the system? Yes. ```bash モ lspci | grep Ethernet 00:19.0 Ethernet controller: Intel Corporation 82579V Gigabit Network Connection (rev 04) モ dmesg | grep eth0 [ 2.658654] e1000e 0000:00:19.0 eth0: (PCI Express:2.5GT/s:Width x1) 10:bf:48:7c:c8:9b [ 2.658655] e1000e 0000:00:19.0 eth0: Intel(R) PRO/1000 Network Connection [ 2.658689] e1000e 0000:00:19.0 eth0: MAC: 10, PHY: 11, PBA No: FFFFFF-0FF [ 2.659713] e1000e 0000:00:19.0 eno1: renamed from eth0 ``` ## Lab 4 Rootly Powers and Processes 1. Use the find command with the -perm option to locate five setuid files on your system. For each file, explain why the setuid mechanism is necessary for the command to function properly. ```bash モ find /usr/bin -perm /u=s,g=s /usr/bin/fusermount-glusterfs /usr/bin/pkexec /usr/bin/locate /usr/bin/at /usr/bin/write /usr/bin/keybase-redirector /usr/bin/su /usr/bin/chsh /usr/bin/chage /usr/bin/newgrp /usr/bin/crontab /usr/bin/sudo /usr/bin/gpasswd /usr/bin/passwd /usr/bin/umount /usr/bin/mount /usr/bin/staprun /usr/bin/fusermount /usr/bin/chfn ``` * `/usr/bin/su` needs the setuid permission so that any user can attempt to run commands as another user. In order to verify this attempt, the program needs root privilege to verify credentials and access. * `/usr/bin/chsh` needs permission to edit the `/etc/passwd` file which is owned by root. Any user on the system should be able to choose what shell they want to use but they do not need to be able to edit the `/etc/passwd` file. * `/usr/bin/passwd` needs permission to change a users password. Any user on the system should be able to change their own password without requiring root permission to do so. * `/usr/bin/sudo` needs root privilege to execute a command as another user and very credentials and access. This program can be run by any user to try to escalate their privilege. * `/usr/bin/crontab` can be executed by any user because every user can have their own crontab entries. The crontab files are only writable by the root user so the crontab program needs to run as root. 2. Enumerate a sequence of commands that let you modify someone’s password entry, and show how you could cover your tracks. Assume you had only sudo power (all commands allowed, but not shells or su). ```bash $ sudo -i $ passwd otheruser ``` The `passwd` command would appear in the history of the root user but it's difficult to see who was acting as the root user when the password was changed. 3. Create two entries for the sudoers configuration file: a. One entry that allows users Matt, Adam, and Drew to service the printer, to unjam the printer, and to restart printer daemons on the machine printerserver. ```text User_Alias PRINT_ADMINS = matt, adam, drew Cmnd_Alias PRINTER_MGMT = /usr/bin/lp, /usr/sbin/lpc, /usr/bin/lprm, /usr/bin/lpq, /usr/sbin/lpmove, /usr/bin/lpstat, /usr/bin/systemctl restart cups.service PRINT_ADMINS printerserver= PRINTER_MGMT ``` b. One entry that allows Drew, Smihgr, and Jim Lane to kill jobs and then reboot the machine. ```text User_Alias ADMINS = Drew, Smihgr, Jim Lane Cmnd_Alias REBOOT = /usr/sbin/shutdown, /usr/bin/kill ADMINS localhost = REBOOT ``` ## Lab 5 1. Write a shell script to help monitor the health of your /etc/passwd file. a. Find entries that have UID 0. ```bash #!/bin/bash cd "$(dirname "$0")/.." FILE=${1:-'/etc/passwd'} cat "$FILE" | cut -d: -f1,3 | grep ':0' ``` b. Find entries that have no password (needs /etc/shadow). ```bash #!/bin/bash cd "$(dirname "$0")/.." FILE=${1:-'/etc/passwd'} grep -E '^\w+::.*' "$FILE" ``` c. Find any sets of entries that have duplicate UIDs. ```bash #!/bin/bash cd "$(dirname "$0")/.." FILE=${1:-'/etc/passwd'} ids=$(grep -v -E '^#' "$FILE" | awk -F: '{ print $3 }' | sort -n | uniq -d) for id in $ids; do grep -v -E '^#' "$FILE" | awk -F: '{ print $3 " " $1 }' | grep -E "^$id " done if [ -z "$ids" ]; then exit 0 else exit 1 fi ``` d. Find entries that have duplicate login names. ```bash #!/bin/bash cd "$(dirname "$0")/.." FILE=${1:-'/etc/passwd'} DUPLICATES=$(grep -v -E '^#' "$FILE" | awk -F: '{ print $1 }' | sort | uniq -d) echo $DUPLICATES if [ -z "$DUPLICATES" ]; then exit 0 else exit 1 fi ``` e. Find entries that have no expiration date (needs /etc/shadow). ```bash #!/bin/bash cd "$(dirname "$0")/.." FILE=${1:-'/etc/shadow'} EXITSTATUS=0 while read entry; do login=$(echo $entry | cut -d: -f1) expiration=$(echo $entry | cut -d: -f8) if [ -z "$expiration" ]; then echo $login: does not have an expiration date let "EXITSTATUS++" fi done < "$FILE" exit $EXITSTATUS ``` ## References * https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.73 * https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.142 * https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.71 * https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.191 * https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.13 * https://centos.org * https://docs.fedoraproject.org/en-US/Fedora/13/html/Installation_Guide/s1-rescuemode-booting-single.html * https://en.wikipedia.org/wiki/Init * https://en.wikipedia.org/wiki/Systemd * https://en.wikipedia.org/wiki/UNIX_System_III * https://en.wikipedia.org/wiki/UNIX_System_V * https://getfedora.org * https://getfedora.org/en/security/ * https://getfedora.org/en/workstation/download/ * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/rawdiff/?id=v5.3-rc7&id2=v5.2 * https://lkml.org/lkml/2019/9/5/1132 * https://ss64.com/bash/shutdown.html * https://wiki.centos.org/FAQ/General#head-cea9337e6513cc1567c4d05afbd693f1f7038ccb * https://www.kernel.org/doc/html/v5.2/process/2.Process.html#the-big-picture * https://www.pearson.com/us/higher-education/program/Sarwar-Unix-The-Textbook-2nd-Edition/PGM2571730.html * https://www.redhat.com/en/store/linux-platforms * https://www.redhat.com/en/store/red-hat-enterprise-linux-server#?sku=RH00005 * https://www.tldp.org/LDP/GNU-Linux-Tools-Summary/html/x5152.htm