Linux Basics

1
Linux Basics

• Reading
• Chap 1-2 WFR05
• Linux Command Manual

2
About Linux

• Linux is the name of the kernel
• Linux is Open Source Software (OSS)
• Linux is licensed through the General Public
  License (version 2, aka GPL2)
• The right to redistribute is granted only if the
  distribution is licensed under the terms of the
  GPL and either includes, or unconditionally
  offers to include at the moment of distribution,
  the source code
• The Linux kernel by itself can serve as a
  firewall, router, access point, and even a static
  web page server
• Typically, Linux is packaged with a great number
  of applications and utilities, also OSS

3
Components of a Linux System

• Kernel (can be monolithic or modular)
• Modules (if modular kernel)
• Filesystem(s)
• Boot Loader
• Libraries and Dynamic Linker
• Init and rc system
• Utilities
• Applications

4
Components of a Linux System

• Kernel (can be monolithic or modular)
• Modules (if modular kernel)
• Filesystem(s)
• Boot Loader
• Libraries and Dynamic Linker
• Init and rc system
• Utilities
• Applications

5
Linux Kernel

• A kernel is the central component of most
  computer operating systems (OS). Its
  responsibilities include managing the system's
  resources
• Monolithic architecture includes much of OS
  functionality in kernel
• Memory and process management
• Device drivers
• File systems
• Network
• In contrast, microkernels (e.g., Mach and NT)
  includes minimal functionality
• Inter-process communication and memory management
• Pros and cons

6
Linux Kernel

• Since V1.2, a combination of
• Base kernel
• Loadable kernel modules

7
Linux Kernel Configuration

• Monolithic architecture includes much of OS
  functionality in kernel
• Memory and process management
• Device drivers
• File systems
• Network

8
Linux Kernel Configuration

• Configuration in a tree structure to decide which
  files to be compiled into the kernel

9
Linux Kernel Configuration

• Configuration in a tree structure to decide which
  files to be compiled into the kernel
• Options to compile directly in or as a module

10
Linux Kernel Configuration

• Configuration in a tree structure to decide which
  files to be compiled into the kernel
• Options to compile directly in or as a module
• Online help to explain choices

11
Components of a Linux System

• Kernel (can be monolithic or modular)
• Modules (if modular kernel)
• Filesystem(s)
• Boot Loader
• Libraries and Dynamic Linker
• Init and rc system
• Utilities
• Applications

12
Linux Loadable Kernel Modules (LKM)

• Linux supports kernel modules as an option
• Modules are loaded at run time
• Reduce memory requirements
• Add functionality to Linux kernel
• Run in privileged kernel mode
• As fast as base kernel
• Doesn't require a reboot to add or remove
  functionality or develop your own module
• LKMs are used for
• Device drivers
• Filesystem drivers
• Network drivers

13
LKM utilities

• ismod insert LKM
• rmmod remove LKM
• lsmod list LKM
• modinfo
• modprob can read /etc/modules insert/remove a
  set of LKMs intelligently

14
Components of a Linux System

• Kernel (can be monolithic or modular)
• Modules (if modular kernel)
• File system(s)
• Boot Loader
• Libraries and Dynamic Linker
• Init and rc system
• Utilities
• Applications

15
Linux File System Support

• Linux uses the virtual file system (VFS)
  interface to modularize file system support
• File systems may be compiled in as modules (but
  watch out for catch-22)
• you need to mount the root filesystem to add the
  module that lets you mount the root filesystem
• In addition to file systems that manage disk
  partitions, there are also pseudo file systems

16
Pseudo File Systems

• A 'pseudo' file system provides a file style
  interface to the inner workings of the kernel.
• Most important is the /proc file system which
  provides many important interfaces to the kernel
  and running processes
• /proc can be used to set parameters in the
  running kernel as well as to read states
• e.g. echo 1 gt /proc/sys/net/ipv4/ip_forward

17
Components of a Linux System

• Kernel (can be monolithic or modular)
• Modules (if modular kernel)
• Filesystem(s)
• Boot Loader
• Libraries and Dynamic Linker
• Init and rc system
• Utilities
• Applications

18
Boot Loader

• Takes over from BIOS after POST
• Usually on master boot record (MBR) of hard drive
• the 512-byte boot sector that is the first sector
  of a partitioned disk
• Can offer choice of different OSes (dual boot)
• Linux typically uses GRUB (LILO in the past)

19
GRUB

• GRand Unified Boot loader
• Two stages
• The first being small with the sole purpose of
  loading the second one.
• Understands several file system types
• Provides for changing of boot options at boot
  time (useful for testing new kernel features)
• For more information http//www.gnu.org/software/
  grub/

Which partition contains the kernel
1st partition on first hard disk
root (hd0,0)kernel /vmlinuz-i686-up-4GB
root/dev/hda9boot
Partition containing /sbin/init, which becomes
the root partition
File name of the kernel
20
Boot process on Linux

• BIOS -gt bootloader -gt kernel
• The first process to start is a script
  /etc/rc.d/rc.sysinit
• 6 run-time levels
• /etc/rc.d/rc?.d/
• Runtime 5 is used for boot the system into GUI
  mode using XDM and X-Windows.
• Runtime 3 is used for single-user mode
• Scripts with S for startup and K for shutdown

21
Init and RC System

• Takes over once kernel loads
• Brings system up to ready state
• Starts different services
• Can be used after boot to start and stop services
  e.g. /etc/init.d/httpd start
• boot the system into GUI mode using XDM and
  X-Windows.

22
Components of a Linux System

• Kernel (can be monolithic or modular)
• Modules (if modular kernel)
• Filesystem(s)
• Boot Loader
• Libraries and Dynamic Linker
• Init and rc system
• Utilities
• Applications

23

• Unix and the toolkit approach
• /bin and /sbin (/usr/bin and /usr/sbin too)
• STDIN, STDOUT, STDERR
• Redirection and Pipes
• e.g. dmesg head -l

24
Practices (contd)

• Hints
• If the commands are not in the default paths, try
  /sbin or /usr/sbin
• A number of ways for finding out linux
  distributions
• dmesg head l
• Cat /proc/versions
• man is your friend!

25
Top Network Utilities

• ifconfig
• route
• ping
• traceroute (tcptraceroute)
• nmap
• netstat
• ssh (scp, sftp)
• telnet
• nc
• tcpdump

26
Components of a Linux System

• Kernel (can be monolithic or modular)
• Modules (if modular kernel)
• Filesystem(s)
• Boot Loader
• Libraries and Dynamic Linker
• Init and rc system
• Utilities
• Applications

27
Applications

• Anything more complex than a utility?
• System services (daemons)
• X Windowing system
• Interactive programs

28
Practices

• ssh to linux0104.cs.uh.edu
• Find out the followings
• what Linux distribution is used?
• Processor type, memory, CPU speed, of CPUs
• Which boot loader is used?
• Try the following command
• ifconfig
• route
• ping www.uh.edu
• traceroute www.google.com
• Netstat
• Explain the results from ping, netstat

29
Linux Networking Tools
30
Top Network Utilities

• ifconfig
• iwconfig
• route
• iptables
• iwconfig
• netstat
• ssh (scp, sftp)
• tcpdump

• ping
• traceroute
• host, (nslookup)
• dig
• nmap
• telnet

31
ifconfig

• Configure a network interface
• Without options, ifconfig shows current settings
• can bring interface up or down
• example
• ifconfig eth1 up
• pump -i eth1 --- dhcp client program
• ifconfig eth1

32
ifconfig (CS Firewall)

• eth0 Link encapEthernet HWaddr
  00E0812A9DC3
• inet addr129.7.240.254
  Bcast129.7.240.255 Mask255.255.255.192
• inet6 addr fe802e081fffe2a9dc3/64
  ScopeLink
• UP BROADCAST RUNNING MULTICAST
  MTU1500 Metric1
• RX packets222210314 errors0 dropped0
  overruns0 frame0
• TX packets194237844 errors0 dropped0
  overruns0 carrier0
• collisions0 txqueuelen1000
• RX bytes2468437723 (2354.0 Mb) TX
  bytes1403836636 (1338.8 Mb)
• Base address0xdc00 Memoryfe9e0000-fea0
  0000
• eth1 Link encapEthernet HWaddr
  000423A85882
• inet addr129.7.254.188
  Bcast129.7.254.191 Mask255.255.255.192
• inet6 addr fe8020423fffea85882/64
  ScopeLink
• UP BROADCAST RUNNING MULTICAST
  MTU1500 Metric1
• RX packets397766811 errors0 dropped0
  overruns0 frame0
• TX packets521981776 errors0 dropped0
  overruns0 carrier0
• collisions0 txqueuelen1000
• RX bytes2719493949 (2593.5 Mb) TX
  bytes217572585 (207.4 Mb)
• Base address0xc880 Memoryfe8c0000-fe8e
  0000

33
IP-Aliasing

• IP-aliases are additional IP-addresses/masks
  hooked up to a base interface by adding a colon
  and a string when running ifconfig.
• example
• ifconfig eth00 192.168.100.1
• ifconfig eth01 192.168.101.1
• Remove an aliasing
• Ifconfig eth00 down
• linux/Documentation/networking/alias.txt

34
route

• Show and/or manipulate the IP routing table
• Commonly used in determining or setting default
  routers for a machine on network
• example
• route add default gw 129.7.243.254
• route add -net 192.168.1.0 gw 10.0.0.10 netmask
  255.255.0.0
• route del -net 192.168.1.0 gw 10.0.0.10 netmask
  255.255.0.0
• To remove all routes ifconfig eth0 down

35
Static Routes

• Routes can be static or dynamic
• Most host-based routes are static
• Static routes are layer 3 clues as to where to
  find hosts on a complicated network.
• They include a destination network and a next-hop
  IP address.
• The default route's destination network is a
  wildcard

36
route (CS Firewall)

• Computer Science department firewall
  configuration
• /sbin/route
• Kernel IP routing table
• Destination Gateway Genmask
  Flags Metric Ref Use Iface
• 129.7.240.0 192.168.10.253 255.255.255.192
  UG 0 0 0 eth2
• 129.7.240.64 192.168.10.253 255.255.255.192
  UG 0 0 0 eth2
• 129.7.240.128 192.168.10.253 255.255.255.192
  UG 0 0 0 eth2
• 129.7.240.192 0.0.0.0 255.255.255.192 U
  0 0 0 eth0
• 129.7.241.0 192.168.10.253 255.255.255.192
  UG 0 0 0 eth2
• 129.7.254.128 0.0.0.0 255.255.255.192 U
  0 0 0 eth1
• 129.7.242.0 192.168.10.253 255.255.255.0
  UG 0 0 0 eth2
• 129.7.243.0 192.168.10.253 255.255.255.0
  UG 0 0 0 eth2
• 192.168.10.0 0.0.0.0 255.255.255.0 U
  0 0 0 eth2
• loopback 127.0.0.1 255.0.0.0
  UG 0 0 0 lo
• 0.0.0.0 129.7.254.190 0.0.0.0
  UG 0 0 0 eth1

Flag U. This flag indicates that the route entry
is up and running or ACTIVE. Flag G. This flag
indicates that the route entry specifies an
indirect route. Flag H. This flag indicates that
the destination field in this route entry
specifies a host route.
37
tcpdump

• Prints out headers of packets on a network
  interface
• Provides for filtering output, and can also do
  some protocol analysis
• example
• tcpdump -i eth0
• tcpdump -i eth0 host hostname

38
init scripts

• Scripts for starting services are in /etc/init.d/
• Arguments are required for these scripts
• (start, stop, restart, status)
• To run a service at boot time
• update-rc.d xxx defaults
• To remove a service at boot time
• update-rc.d -f xxx remove

39
netstat

• Prints information about various parts of the
  networking subsystem
• Current network connections
• Routing tables
• Interface statistics
• Masqueraded connections
• Multicast memberships

Alternatively, cat /proc/net/xxx
40
netstat examples

• netstat -r (provides same result as route
  command)
• netstat -a (shows all connections)
• netstat -tulp (shows all services)
• gives programs listening for TCP and UDP
  connections
• t for TCP, u for udp, l for listening sockets, -p
  for program (show the PIC and name of the program)

41
Try this

• Run as root
• netstat -tulp
• /etc/init.d/apache start
• netstat -tulp
• Compare the results

42
HTTP (WWW)

• HyperText Transport Protocol
• Uses TCP connections on port 80
• Commands are plaintext human readable (if you
  don't mind html)
• example telnet www.uh.edu 80
• Try the following
• telnet localhost 80
• Trying 127.0.0.1...
• Connected to Cougar.
• Escape character is ''.
• GET /apache2-default/ HTTP/1.1
• Typically. Other ports such as 8080, 443 for
  SSL, etc. can also be used.

43
Configuring Apache

• Typically, Apache configuration files can be
  found under /etc/apache/conf
• Knoppix and Debian create a symbolic link so
  everything is under /etc/apache
• Most of the configuration is in httpd.conf
• Additional configurations can be included from
  other files with the Include directive
• Most distributions break this up into multiple
  files to provide for ease of management

44
Common Apache Directives

• Apache.conf contains two basic types of options
• Directives are one-liner Attribute Value pairs
• DocumentRoot /var/www
• ServerName www.example.com
• Blocks (also considered directives in apache
  documentation) define sections where directives
  have a limited scope
• ltDirectory /var/www/gt ... lt/Directorygt
• ltIfModule SSLgt ... lt/IfModulegt

45
Name Services

• Provides a map from human readable address space
  (hostnames) to machine readable address space
  (IP)
• Hierarchical system checks local resources before
  querying remote ones
• /etc/hosts
• optional local network naming systems
• DNS
• DNS works off a hierarchy as well.

46
DNS and BIND

• The internet's most common DNS server is BIND.
• BIND consists of a set of configuration under
  /etc/bind and a daemon called named
• For further information, O'Reilly has a great
  book, DNS and BIND (4th ed.)
• The default install creates a caching nameserver

47
Querying DNS

• Several utilities provide the ability to perform
  name resolution using DNS
• The most simple is the host command.
• example
• host www.uh.edu
• host 129.7.1.1
• For more power and flexibility in interrogating
  DNS servers, use the dig command.

48
dig

• dig _at_129.7.240.1 www.cs.uh.edu
• ltltgtgt DiG 9.2.5 ltltgtgt _at_129.7.240.1 www.cs.uh.edu
• (1 server found)
• global options printcmd
• Got answer
• -gtgtHEADERltlt- opcode QUERY, status NOERROR,
  id 35927
• flags qr aa rd ra QUERY 1, ANSWER 1,
  AUTHORITY 2, ADDITIONAL 2
• QUESTION SECTION
• www.cs.uh.edu. IN A
• ANSWER SECTION
• www.cs.uh.edu. 3600 IN A
  129.7.228.92
• AUTHORITY SECTION
• cs.uh.edu. 3600 IN NS
  dns.cs.uh.edu.
• cs.uh.edu. 3600 IN NS
  ns2.uh.edu.

49
DHCP server

• Set up the configuration file
• Edit /etc/dhcp3/dhcpd.conf
• /etc/init.d/dhcp3-server start
• Set route to broadcast address
• route add 255.255.255.255 dev eth0

50
Formation of an Ad Hoc Network

• Plug in the wireless card.
• Bring your wireless card online using ifconfig
  eth1 up, but do not set it up with an IP address.
  (Don't use pump)
• Set the card in ad-hoc mode using
• iwconfig eth1 mode "ad-hoc"
• iwconfig eth1 essid COSC6397sp07 channel 6
• ifconfig eth1 192.168.0.x
• route add default gw 192.168.0.1

51
Firewalls
isolates organizations internal net from larger
Internet, allowing some packets to pass, blocking
others.

• two types of firewalls
• application-level
• packet-filtering

public Internet
administered network




firewall


52
Basic functionalities

• IP Filter
• Used to filter packets
• Full matching on IP, TCP, UDP and ICMP packet
  headers
• Stateful firewalls, NAT
• Certain protocols are "complex and require extra
  modules called "conntrack helpers"
• Ex ftp connection, NAT
• Packet mangling
• Modify IP header fields of a packet

Comm Port 21
PORT 1051
Port 1050
Port 1051
client
Data Port 20
server
53
Linux Implementation

• The iptables command to enter a rule
• Use iptables-save and iptables restore script to
  save them
• The framework inside the kernel is called
  netfilter
• Five hooks defined in IPv4
• PRE_ROUTING, LOCAL_IN, FORWARD, LOCAL_OUT,
  POST_ROUTING.

54
The Hooks (cont.)
PRE_ROUTING
POST_ROUTING
FORWARD
LOCAL_IN
LOCAL_OUT
55
Netfilter Hooks

• PRE_ROUTING
• Incoming packets pass this hook in ip_rcv()
  before routing
• LOCAL_IN
• All incoming packets addressed to the local host
  pass this hook in ip_local_deliver()
• FORWARD
• All incoming packets not addressed to the local
  host pass this hook in ip_forward()
• LOCAL_OUT
• All outgoing packets created by this local
  computer pass this hook in ip_build_and_send_pkt()
  
• POST_ROUTING
• All outgoing packets (forwarded or locally
  created) will pass this hook in ip_finish_output()

56
Basic iptables syntax

• iptables -A INPUT -p tcp --dport 801024 -j DROP
• iptables -t table commands options
  ltmatchesgt -j lttargetgt
• Table filter (default), nat, mangle
• Commands
• append, insert, replace, delete, list, policy,
  etc
• Built-in chains INPUT, OUTPUT, FORWARD,
  PREROUTING, POSTROUTING
• Options
• verbose, line numbers, exact, etc.
• Matches
• -p for dport, dst, sport, src, states, TCP
  options
• -m for matching module name
• ! to invert the sense of the match.
• Targets
• Immediate actions ACCEPT, DROP, REJECT, SNAT,
  DNAT, TOS, LOG, etc.
• User defined chain
• Extentions -p

57
Iptables syntax

• Listing the rules
• -L, --list chain
• -F, --flush chain
• Flushes (erases) all rules in a chain
• Or a table
• -N, --new chain
• Creates a user-specified chain
• There must be no target with that name previously
• -X, --delete-chain chain
• Deletes a user-created chain
• No rules may reference the chain
• Can delete all user-created chains in a table

58
Iptables syntax - Creating Deleting
user-created chains

• Creating...
• iptables -t filter -N badtcppackets
• and Deleting a chain
• iptables -t filter -X badtcppackets
• and Deleting all user-created chains
• iptables -t filter -X

59
Iptables syntax - A few matches

• Protocol
• -p, --protocol ! protocol
• tcp, udp, icmp or all
• Numeric value
• /etc/protocols
• Destination IP Port
• -d, --destination ! address/mask
• Destination address
• Resolvable (/etc/resolve.conf)
• --dport, --destination-port ! portport
• Destination port
• Numeric or resolvable (/etc/services)
• Port range

60
Iptables syntax - A few matches (cont.)

• Source IP Port
• -s, --source ! address/mask
• Source address
• Resolvable (/etc/resolve.conf)
• --sport, --source-port ! portport
• Source port
• Numeric or resolvable (/etc/services)
• Port range

61
Iptables syntax - A few matches (cont.)

• Incoming and Outgoing interface
• -i, --in-interface ! interface
• -o, --out-interface ! interface

62
State module

• --state state
• INVALID the  packet  is associated  with  no
  known connection
• ESTABLISHED the packet is associated with a
  connection which has  seen  packets  in both
  directions
• NEW the packet has started a new connection, or
  otherwise associated with a connection which 
  has  not seen  packets  in  both  directions
• RELATED the packet is starting a new
  connection,  but  is  associated  with  an
  existing  connection,  such  as  an  FTP  data
  transfer, or an ICMP error

iptables -A INPUT -p tcp -m state --state NEW !
--syn -j REJECT --reject-with-tcp-reset
63
Iptables syntax - Some targets

• ACCEPT
• Accepts the packet
• Ends further processing of the specific chain
• Ends processing of all previous chains
• Except other main chains and tables
• DROP
• Drops the packet
• No reply
• Ends all further processing

64
Iptables syntax - Some targets (cont.)

• REJECT
• Drops packet
• Returns a reply
• User specified reply
• Calculated reply
• TCP-RST or ICMP errors
• Ends all further processing
• RETURN
• Returns from a chain to the calling chain

65
Iptables syntax - ... and a few simple rules

• iptables -A INPUT -p tcp --dport 801024 -j DROP
• iptables -A FORWARD -p tcp --dport 22113 -j DROP
• iptables -A FORWARD -p tcp --dport ftp-dataftp
  -j DROP
• iptables -A OUTPUT -p tcp -o eth0 -j ACCEPT
• iptables -A OUTPUT -p tcp -o lo -j ACCEPT
• iptables -P OUTPUT DROP

66
Iptables syntax - Some targets (cont.)

• SNAT
• only valid in the nat table, in the POSTROUTING
  chain.
• specifies that the source address of the packet
  should be modified
• --to-source ipaddr-ipaddrport-port
• iptables -t nat -A POSTROUTING -p tcp -o eth0 -j
  SNAT --to-source 194.236.50.155-194.236.50.160102
  4-32000

67
Iptables syntax - Some targets (cont.)

• DNAT
• only valid in the nat table, in the PREROUTING
  and OUTPUT chain.
• specifies that the destination address of the
  packet should be modified
• --to-destination ipaddr-ipaddrport-port
• iptables -t nat -A PREROUTING -d 10.10.20.99 -j
  DNAT --to-destination 10.10.14.2
• iptables -t nat -A PREROUTING -p tcp -d
  10.10.20.99 --dport 80 -j DNAT --to-destination
  10.10.14.2

68
A simple example ruleset The Goals

• See handout