So, there are a couple of components here:
1. OpenSSL software installed on the system
2. cURL software (libcurl) installed on the system
3. The cURL PHP extension
4. The OpenSSL PHP extension
Based on this, this and this, I'd guess that you'd need to do the
following (NOT TESTED):
sudo apt-get remove --purge php5-curl && \
sudo apt-get install libcurl4-openssl-dev curl-ssl php5-curl
This will uninstall PHP's cURL, install OpenSSL-enabled versions of
the system's cURL, then reinstall PHP's cURL. You'll need to restart
Apache to pick up the changes in your web server.
( https://forums.aws.amazon.com/thread.jspa?threadID=60899 )
Setting up SSL Certificates on Apache
Apache, imap, and exim all support ssl connections. Because I want webmail connections to be encrypted, so that passwords are not sent over the internet in plain text, I needed to create a key and a certificate for apache. For testing purposes I am going to be my own certificate authority. This will most likely be changed for the production server. You don't have to use any certificate authority - see http://www.tldp.org/HOWTO/SSL-RedHat-HOWTO.html
Note: The author of this page, and owner of this web site, is not to be held liable for any damage or trouble arrising from following these directions. You are responsible for your own security, use, and creation of certificates.
See http://www.eclectica.ca/ssl-cert-howto.php for much more information. (Much of what I cover here was learned from this page.)
Quick steps:
- Setup and create root certificate.
- Create a key and signing request.
- Sign the request.
- Copy to the correct location.
- Edit the apache config file.
- Restart apache.
- Tips.
The following covers the command-line way of doing it. If you are using a GUI, it should be fairly simple to follow along.
Note: I am running Red Hat Linux 8.0, apache 2.x with mod_ssl, and openssl 0.9.x. Steps vary slightly when you are using a certificate authority.
1) Setup and create root certificate
See Setting up OpenSSL to Create Certificates
2) Create a key and signing request
To do this type:
openssl req -new -nodes -out name-req.pem -keyout private/name-key.pem -config ./openssl.cnf
You will be prompted for information. The critical part is the "Common Name". This must be the server's hostname, such as mail.your.domain, or the IP address. If you want to cover all subdomains you can enter *.your.domain. Use the "Organizational Unit" to remind you what the certificate is for, such as "Web Server".
| Name Field | Explanation | Example |
|---|---|---|
| Country Name | The two-letter ISO abbreviation for your country | US = United States |
| State or Province Name | The state or province where your organization is located. Can not be abbreviated. | Georgia |
| City or Locality | The city where your organization is located. | Atlanta |
| Organization Name | The exact legal name of your organization. Do not abbreviate | SSL Secure Inc. |
| Organizational Unit | Optional for additional organization information. | Marketing |
| Common Name | The fully qualified domain name for your web server. You will get a certificate name check warning if this is not an exact match. | www.domain.tld |
| Email address | The server admin's email address | someone@your.domain |
This will generate two files:
name-req.pem - the request
name-key.pem - the private key in the private directory
This will generate the certificate.
Type:
openssl ca -out name-cert.pem -config ./openssl.cnf -infiles name-req.pem
You will be prompted for the password used when creating the root certificate.
Two files are created:
name-cert.pem - which is the certificate
<number>.pem - a copy of it in the certs directory.
4) Copy to the correct location
For apache 2.x on Red Hat using the default location, the directory is:
For the name-key.pem:
cp name-key.pem /etc/httpd/conf/ssl.key/
For the certificate:
cp name-cert.pem /etc/httpd/conf/ssl.crt/
5) Edit the apache config file
For apache on Red Hat using the default location, the config file is /etc/httpd/conf/apache.conf. Note that your apache.conf file may make use of separate config files and you may have an /etc/httpd/conf.d/ssl.conf file. Check for this first before you place the following in your apache.conf file. Create a VirtualHost section for your web server. Basic example:
<VirtualHost 192.168.1.1:443> DocumentRoot /var/www/html ServerName 192.168.1.98 ServerAdmin someone@your.domain ErrorLog /etc/httpd/logs/ssl_error_log TransferLog /etc/httpd/logs/ssl_access_log SSLEngine On SSLCertificateFile /etc/httpd/conf/ssl.crt/name-cert.pem SSLCertificateKeyFile /etc/httpd/conf/ssl.key/name-key.pem <Files ~ "\.(cgi|shtml|php)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog /etc/httpd/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>
Also see http://httpd.apache.org/docs-2.0/mod/mod_ssl.html
Example:
service httpd restart
The certificate we created is only good for 365 days. When it expires visitors to your site will receive a warning message. Don't forget to remake your key each year, or however long you set it for.
For Squirrelmail, get the secure_login plugin. This will force https for login and switch back to http after.
Apache rewrite rules examples
# Site has permanently moved to new domain
# domain.com to domain2.com
RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC]
RewriteRule ^(.*)$ http://www.domain2.com/$1 [R=301,L]
# Page has moved temporarily
# domain.com/page.html to domain.com/new_page.html
RewriteRule ^page.html$ new_page.html [R,NC,L]
# Nice looking URLs (no query string)
# domain.com/category-name-1/ to domain.com/categories.php?name=category-name-1
RewriteRule ^([A-Za-z0-9-]+)/?$ categories.php?name=$1 [L]
# Nice looking URLs (no query string) with pagination
# domain.com/articles/title/5 to domain.com/article.php?name=title&page=5
RewriteRule ^articles/([A-Za-z0-9-]+)/([0-9]+)/?$
article.php?name=$1&page=$2 [L]
# Block referrer spam
RewriteCond %{HTTP_REFERRER} (weight) [NC,OR]
RewriteCond %{HTTP_REFERRER} (drugs) [NC]
RewriteRule .* - [F]
http://borkweb.com/story/apache-rewrite-cheatsheet
# domain.com to domain2.com
RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC]
RewriteRule ^(.*)$ http://www.domain2.com/$1 [R=301,L]
# Page has moved temporarily
# domain.com/page.html to domain.com/new_page.html
RewriteRule ^page.html$ new_page.html [R,NC,L]
# Nice looking URLs (no query string)
# domain.com/category-name-1/ to domain.com/categories.php?name=category-name-1
RewriteRule ^([A-Za-z0-9-]+)/?$ categories.php?name=$1 [L]
# Nice looking URLs (no query string) with pagination
# domain.com/articles/title/5 to domain.com/article.php?name=title&page=5
RewriteRule ^articles/([A-Za-z0-9-]+)/([0-9]+)/?$
article.php?name=$1&page=$2 [L]
# Block referrer spam
RewriteCond %{HTTP_REFERRER} (weight) [NC,OR]
RewriteCond %{HTTP_REFERRER} (drugs) [NC]
RewriteRule .* - [F]
http://borkweb.com/story/apache-rewrite-cheatsheet
perl MySQL based functions
sub db_connect {
my ($dbname, $dbuser, $dbpass) = @_;
my $dbh = DBI->connect("DBI:mysql:$dbname",$dbuser,$dbpass);
#$dbh->do(qq{set character set 'utf8';});
return $dbh;
}
sub do_sql {
# Takes: $dbh, $sql
# Returns: status
my $dbh = shift || die "Database not connected!\n";
my $sql = shift || die "Missing SQL statement???\n";
return $dbh->do($sql);
}
sub execute_sql {
# Takes: $dbh, $sql
# Returns: $result_arrayref
my $dbh = shift || die "Database not connected!\n";
my $sql = shift || die "Missing SQL statement???\n";
my $sth = $dbh->prepare($sql);
$sth->execute;
my $result = $sth->fetchall_arrayref({}); # {} => Return arrayref
of hashrefs
return $result;
}
sub do_insert {
#takes: $dbh, $table, $datahash
#returns: status
my $dbh = shift || die "Database not connected!\n";
my $table = shift || die "Missing table!\n";
my $datahash = shift || die "Nothing to insert!\n";
my $insert = "INSERT INTO $table (" . join(',', keys %$datahash) .
') VALUES (' . join(',', values %$datahash) . ');';
return &do_sql($dbh, $insert);
}
my ($dbname, $dbuser, $dbpass) = @_;
my $dbh = DBI->connect("DBI:mysql:$dbname",$dbuser,$dbpass);
#$dbh->do(qq{set character set 'utf8';});
return $dbh;
}
sub do_sql {
# Takes: $dbh, $sql
# Returns: status
my $dbh = shift || die "Database not connected!\n";
my $sql = shift || die "Missing SQL statement???\n";
return $dbh->do($sql);
}
sub execute_sql {
# Takes: $dbh, $sql
# Returns: $result_arrayref
my $dbh = shift || die "Database not connected!\n";
my $sql = shift || die "Missing SQL statement???\n";
my $sth = $dbh->prepare($sql);
$sth->execute;
my $result = $sth->fetchall_arrayref({}); # {} => Return arrayref
of hashrefs
return $result;
}
sub do_insert {
#takes: $dbh, $table, $datahash
#returns: status
my $dbh = shift || die "Database not connected!\n";
my $table = shift || die "Missing table!\n";
my $datahash = shift || die "Nothing to insert!\n";
my $insert = "INSERT INTO $table (" . join(',', keys %$datahash) .
') VALUES (' . join(',', values %$datahash) . ');';
return &do_sql($dbh, $insert);
}
perl DBI - DButils
package GS::DBIUtilities;
require Exporter;
@ISA = ("Exporter");
use DBI;
my $module_dbh;
sub
GetDBH
{
#--------------------------------------------------------------
# Connect to the amt db and return a db
#--------------------------------------------------------------
my $db = shift;
$module_dbh = DBI->connect("DBI:mysql:database=$db", "xxxxx", "xxxxx");
return $module_dbh;
}
sub
DropDBH
{
#---------------------------------------------------------------
# Disconnect from DB
#---------------------------------------------------------------
$module_dbh->disconnect if $module_dbh;
}
sub
InsertMultipleValues
{
#---------------------------------------------------------------
# Inserts contents of a hashref into the db table specified
#---------------------------------------------------------------
my $dbh = shift;
my $table = shift;
my $Inserts = shift;
my @cols = keys %$Inserts;
my @vals = @$Inserts{@cols};
my $cols = join ',', @cols;
my $places = '?,' x @vals;
chop $places;
my $sth = $dbh->prepare("INSERT INTO $table ($cols) VALUES
($places)") or die $dbh->errstr;
$sth->execute(@vals) or die "$dbh->errstr : $table";
}
sub
ReplaceMultipleValues
{
#---------------------------------------------------------------
# Replaces contents of a hashref into the db table specified
#---------------------------------------------------------------
my $dbh = shift;
my $table = shift;
my $Replaces = shift;
my @cols = keys %$Replaces;
my @vals = @$Replaces{@cols};
my $cols = join ',', @cols;
my $places = '?,' x @vals;
chop $places;
my $sth = $dbh->prepare("REPLACE INTO $table ($cols) VALUES
($places)") or die $dbh->errstr;
$sth->execute(@vals) or die $dbh->errstr;
}
sub
FetchSingleItem
{
#---------------------------------------------------------------
# Fetch a single item from a database
#---------------------------------------------------------------
my $dbh = shift;
my $FetchCol = shift;
my $table = shift;
my $SearchCol = shift;
my $SearchVal = shift;
my $sth = $dbh->prepare("SELECT $FetchCol FROM $table WHERE
$SearchCol = ? LIMIT 1") or die $dbh->errstr;
$sth->execute($SearchVal);
my @ref = $sth->fetchrow_array;
return $ref[0];
}
sub
InsertAndGetID
{
#---------------------------------------------------------------
# inserts an entry into a db and gets the auto_increment ID
#---------------------------------------------------------------
my $dbh = shift;
my $table = shift;
my $Inserts = shift;
my $IDCol = shift;
$Inserts->{$IDCol} = 'NULL';
$dbh->do("LOCK TABLES $table WRITE") or die $dbh->errstr;
InsertMultipleValues($dbh,$table,$Inserts);
$sth = $dbh->prepare("SELECT LAST_INSERT_ID() FROM $table") or die
$dbh->errstr;
$sth->execute or die $dbh->errstr;
my @ary = $sth->fetchrow_array or die $dbh->errstr;
$dbh->do("UNLOCK TABLES") or die $dbh->errstr;
$sth->finish;
return $ary[0];
}
sub
FetchStar
{
#---------------------------------------------------------------
# Retrieves the whole of each row that matches the submitted
# criteria. Returns a hashref if there is only one row,
# otherwise a ref to an array of hashes.
#---------------------------------------------------------------
my $dbh = shift;
my $table = shift;
my $SearchCol = shift;
my $SearchVal = shift;
my $sth = $dbh->prepare("SELECT * FROM $table WHERE $SearchCol =
?") or die $dbh->errstr;
$sth->execute($SearchVal);
my @returns;
while (my $ref = $sth->fetchrow_hashref) {
push @returns, $ref;
}
if (@returns <= 1) {
return $returns[0];
}
else {
return \@returns;
}
}
@EXPORT = qw/
GetDBH
DropDBH
InsertMultipleValues
ReplaceMultipleValues
FetchStar
FetchSingleItem
InsertAndGetID
/;
1;#
require Exporter;
@ISA = ("Exporter");
use DBI;
my $module_dbh;
sub
GetDBH
{
#--------------------------------------------------------------
# Connect to the amt db and return a db
#--------------------------------------------------------------
my $db = shift;
$module_dbh = DBI->connect("DBI:mysql:database=$db", "xxxxx", "xxxxx");
return $module_dbh;
}
sub
DropDBH
{
#---------------------------------------------------------------
# Disconnect from DB
#---------------------------------------------------------------
$module_dbh->disconnect if $module_dbh;
}
sub
InsertMultipleValues
{
#---------------------------------------------------------------
# Inserts contents of a hashref into the db table specified
#---------------------------------------------------------------
my $dbh = shift;
my $table = shift;
my $Inserts = shift;
my @cols = keys %$Inserts;
my @vals = @$Inserts{@cols};
my $cols = join ',', @cols;
my $places = '?,' x @vals;
chop $places;
my $sth = $dbh->prepare("INSERT INTO $table ($cols) VALUES
($places)") or die $dbh->errstr;
$sth->execute(@vals) or die "$dbh->errstr : $table";
}
sub
ReplaceMultipleValues
{
#---------------------------------------------------------------
# Replaces contents of a hashref into the db table specified
#---------------------------------------------------------------
my $dbh = shift;
my $table = shift;
my $Replaces = shift;
my @cols = keys %$Replaces;
my @vals = @$Replaces{@cols};
my $cols = join ',', @cols;
my $places = '?,' x @vals;
chop $places;
my $sth = $dbh->prepare("REPLACE INTO $table ($cols) VALUES
($places)") or die $dbh->errstr;
$sth->execute(@vals) or die $dbh->errstr;
}
sub
FetchSingleItem
{
#---------------------------------------------------------------
# Fetch a single item from a database
#---------------------------------------------------------------
my $dbh = shift;
my $FetchCol = shift;
my $table = shift;
my $SearchCol = shift;
my $SearchVal = shift;
my $sth = $dbh->prepare("SELECT $FetchCol FROM $table WHERE
$SearchCol = ? LIMIT 1") or die $dbh->errstr;
$sth->execute($SearchVal);
my @ref = $sth->fetchrow_array;
return $ref[0];
}
sub
InsertAndGetID
{
#---------------------------------------------------------------
# inserts an entry into a db and gets the auto_increment ID
#---------------------------------------------------------------
my $dbh = shift;
my $table = shift;
my $Inserts = shift;
my $IDCol = shift;
$Inserts->{$IDCol} = 'NULL';
$dbh->do("LOCK TABLES $table WRITE") or die $dbh->errstr;
InsertMultipleValues($dbh,$table,$Inserts);
$sth = $dbh->prepare("SELECT LAST_INSERT_ID() FROM $table") or die
$dbh->errstr;
$sth->execute or die $dbh->errstr;
my @ary = $sth->fetchrow_array or die $dbh->errstr;
$dbh->do("UNLOCK TABLES") or die $dbh->errstr;
$sth->finish;
return $ary[0];
}
sub
FetchStar
{
#---------------------------------------------------------------
# Retrieves the whole of each row that matches the submitted
# criteria. Returns a hashref if there is only one row,
# otherwise a ref to an array of hashes.
#---------------------------------------------------------------
my $dbh = shift;
my $table = shift;
my $SearchCol = shift;
my $SearchVal = shift;
my $sth = $dbh->prepare("SELECT * FROM $table WHERE $SearchCol =
?") or die $dbh->errstr;
$sth->execute($SearchVal);
my @returns;
while (my $ref = $sth->fetchrow_hashref) {
push @returns, $ref;
}
if (@returns <= 1) {
return $returns[0];
}
else {
return \@returns;
}
}
@EXPORT = qw/
GetDBH
DropDBH
InsertMultipleValues
ReplaceMultipleValues
FetchStar
FetchSingleItem
InsertAndGetID
/;
1;#
linux tips apache
Q: - What is location of log files for Apache server ?
For testing a new apache version before moving your sites from one version to another, this might be a good option.You just type www.example.com:81 in the browser window and you will be connected to the second apache instance.
/var/log/httpd
Q: - What are the types of virtual hosts ?
name-based and IP-based.
Name-based virtual host means that multiple names are running on each IP address.
IP-based virtual host means that a different IP address exists for each website served. Most configurations are named-based because it only requires one IP address.
name-based and IP-based.
Name-based virtual host means that multiple names are running on each IP address.
IP-based virtual host means that a different IP address exists for each website served. Most configurations are named-based because it only requires one IP address.
Q: - How to restart Apache web server ?
service httpd restart
service httpd restart
Q: - How to check the version of Apache server ?
rpm -qa |grep httpd
rpm -qa |grep httpd
Q: - What is meaning of "Listen" in httpd.conf file ?
Port number on which to listen for nonsecure (http) transfers.
Port number on which to listen for nonsecure (http) transfers.
Q: - What is DocumentRoot ?
it is a location of files which are accessible by clients. By default, the Apache HTTP server in RedHat Enterprise Linux is configured to serve files from the /var/www/html/ directory.
it is a location of files which are accessible by clients. By default, the Apache HTTP server in RedHat Enterprise Linux is configured to serve files from the /var/www/html/ directory.
Q: - On which port Apache server works ?
http - port 80
https - port 443
http - port 80
https - port 443
Q: - Tell me name of main configuration file of Apache server ?
httpd.conf
httpd.conf
Q: - On which version of apache you have worked ?
httpd-2.2.3
httpd-2.2.3
Q: - What do you mean by a valid ServerName directive?
The DNS system is used to associate IP addresses with domain names. The value of ServerName is returned when the server generates a URL. If you are using a certain domain name, you must make sure that it is included in your DNS system and will be available to clients visiting your site.
The DNS system is used to associate IP addresses with domain names. The value of ServerName is returned when the server generates a URL. If you are using a certain domain name, you must make sure that it is included in your DNS system and will be available to clients visiting your site.
Q: - What is the main difference between <Location> and <Directory> sections?
Directory sections refer to file system objects; Location sections refer to elements in the address bar of the Web page
Directory sections refer to file system objects; Location sections refer to elements in the address bar of the Web page
What is the difference between a restart and a graceful restart of a web server?
During a normal restart, the server is stopped and then started, causing some requests to be lost. A graceful restart allows Apache children to continue to serve their current requests until they can be replaced with children running the new configuration.
During a normal restart, the server is stopped and then started, causing some requests to be lost. A graceful restart allows Apache children to continue to serve their current requests until they can be replaced with children running the new configuration.
Q: - What is the use of mod_perl module?
mod_perl scripting module to allow better Perl script performance and easy integration with the Web server.
mod_perl scripting module to allow better Perl script performance and easy integration with the Web server.
Q: - If you have added "loglevel Debug" in httpd.conf file, than what will happen?
It will give you more information in the error log in order to debug a problem.
It will give you more information in the error log in order to debug a problem.
Q: - Can you record the MAC (hardware) address of clients that access your server.
No
No
Q: - Can you record all the cookies sent to your server by clients in Web Server logs?
Yes, add following lines in httpd.conf file.
CustomLog logs/cookies_in.log "%{UNIQUE_ID}e %{Cookie}i" CustomLog logs/cookies2_in.log "%{UNIQUE_ID}e %{Cookie2}i"
Yes, add following lines in httpd.conf file.
CustomLog logs/cookies_in.log "%{UNIQUE_ID}e %{Cookie}i" CustomLog logs/cookies2_in.log "%{UNIQUE_ID}e %{Cookie2}i"
Q: - Can we do automatically roll over the Apache logs at specific times without having to shut down and restart the server?
Yes
Yes
Use CustomLog and the rotatelogs programs
Add following line in httpd.conf file. CustomLog "| /path/to/rotatelogs/path/to/logs/access_log.%Y-%m-%d 86400" combined
Add following line in httpd.conf file. CustomLog "| /path/to/rotatelogs/path/to/logs/access_log.%Y-%m-%d 86400" combined
Q: - What we can do to find out how people are reaching your site?
Add the following effector to your activity log format. %{Referer}
Add the following effector to your activity log format. %{Referer}
Q: - If you have only one IP address, but you want to host two web sites on your server. What will you do?
In this case I will use Name Based Virtual hosting.
In this case I will use Name Based Virtual hosting.
ServerName 10.111.203.25
NameVirtualHost *:80
NameVirtualHost *:80
<VirtualHost *:80>
ServerName web1.test.com
DocumentRoot /var/www/html/web1
</VirtualHost>
<VirtualHost *:80>
ServerName web2.test2.com
DocumentRoot /var/www/html/web2
</VirtualHost>
ServerName web1.test.com
DocumentRoot /var/www/html/web1
</VirtualHost>
<VirtualHost *:80>
ServerName web2.test2.com
DocumentRoot /var/www/html/web2
</VirtualHost>
Q: - Can I serve content out of a directory other than the DocumentRootdirectory?
Yes, by using "Alias" we can do this.
Yes, by using "Alias" we can do this.
Q: - If you have to more than one URL map to the same directory but you don't have multiple Alias directives. What you will do?
In this case I will use "AliasMatch" directives.
The AliasMatch directive allows you to use regular expressions to match arbitrary patterns in URLs and map anything matching the pattern to the desired URL.
In this case I will use "AliasMatch" directives.
The AliasMatch directive allows you to use regular expressions to match arbitrary patterns in URLs and map anything matching the pattern to the desired URL.
Q: - How you will put a limit on uploads on your web server?
This can be achieved by LimitRequestBody directive.
This can be achieved by LimitRequestBody directive.
<Directory "/var/www/html/data_uploads">
LimitRequestBody 100000
</Directory>
LimitRequestBody 100000
</Directory>
Here I have put limit of 100000 Bytes
Q: - I want to stop people using my site by Proxy server. Is it possible?
<Directory proxy:http://www.test.com/myfiles>
Order Allow,Deny
Deny from all
Satisfy All
</Directory>
<Directory proxy:http://www.test.com/myfiles>
Order Allow,Deny
Deny from all
Satisfy All
</Directory>
Q: - What is mod_evasive module?
mod_evasive is a third-party module that performs one simple task, and performs it very well. It detects when your site is receiving a Denial of Service (DoS) attack, and it prevents that attack from doing as much damage. mod_evasive detects when a single client is making multiple requests in a short period of time, and denies further requests from that client. The period for which the ban is in place can be very short, because it just gets renewed the next time a request is detected from that same host.
mod_evasive is a third-party module that performs one simple task, and performs it very well. It detects when your site is receiving a Denial of Service (DoS) attack, and it prevents that attack from doing as much damage. mod_evasive detects when a single client is making multiple requests in a short period of time, and denies further requests from that client. The period for which the ban is in place can be very short, because it just gets renewed the next time a request is detected from that same host.
Q: - How t to enable PHP scripts on your server?
If you have mod_php installed, use AddHandler to map .php and .phtml files to the PHP handler. AddHandler application/x-httpd-php .phtml .php
If you have mod_php installed, use AddHandler to map .php and .phtml files to the PHP handler. AddHandler application/x-httpd-php .phtml .php
Q: - Which tool you have used for Apache benchmarking?
ab (Apache bench)
ab (Apache bench)
ab -n 1000 -c 10 http://www.test.com/test.html
Q: - Can we cache files which are viewed frequently?
Yes we can do it by using mod_file_cache module.
CacheFile /www/htdocs/index.html
Yes we can do it by using mod_file_cache module.
CacheFile /www/htdocs/index.html
Q: - Can we have two apache servers having diff versions?
Yes, you can have two different apache servers on one server, but they can't listen to the same port at the same time.Normally apache listens to port 80 which is the default HTTP port. The second apache version should listen to another port with the Listen option in httpd.conf, for example to port 81.
For testing a new apache version before moving your sites from one version to another, this might be a good option.You just type www.example.com:81 in the browser window and you will be connected to the second apache instance.
linux tips
1)Are you working as Primary OR Secondary support system admin? primary
2)Linux and Windows Server setup from scratch in black box. yes
3)Have you closely worked with web developer to resolve the server issue faced during development. yes ( for all major websites of india.com )
4)SSL configuration? yes
5)SVN repository for multiple developers on multiple project. yes ( set up for the india.com office)
6)Name based Virtual Host on development server. yes
7)Major Apache Modules installation & configuration. yes
8)Major PHP Extension installation & Configuration yes
9)Server Performance Optimization and enhancement. yes
10)Proficient in Major Linux command without searching on internet. yes
11)What kind of projects have you worked on?
Setting up entire datacenter for india.com
setting up of the xen servers on the blade hardware .
setting up automated deployments scripts ( written in perl and shell)
setting up of automated backup systems .
and much more ( do refer my resume )
12)Multitire server architecture for high volume project ... yes ( for india.com & netcore solutions )
13)Technical Expertise for database installation and configuration. yes
14)Identify and resolve server security issue with prior information to Head. yes
15)Define the timeline for given work. yes
16)Inform status of work and implementation status everyday by Email.
* Maintain site servers and hosted web applications, ensuring up-time and site responsiveness.
* Troubleshoot problems and issues, escalating issues within the organization.
* Maintain system and network procedure documentation.
* Communication of system and network events and root cause analysis after resolution
* Diagnose and resolve LINUX server, OS, network and other failures and engage internal specialists and vendors in the respective areas as required.
* Provide daily site operations reports to Operations Management.
* Configure new LINUX servers using automated deployment tools.
* Manage Data Center racking, cabling, power, servers, and other devices.
* 3+ years of experience operating a large-scale, 24x7 web environment
* 3+ years experience with Linux or other Windows based operating system
* Familiarity with network management tools.
* Work closely with developers / vendor teams to ensure business and technical compatibility to the functional specification.
* Coordinate with developers and testers to resolve issues during testing phase.
linux tips 2
linux info
1. understanding LVM -
http://adminlinux.blogspot.in/2008/09/understanding-lvm.html
http://www.howtoforge.com/linux_lvm
2. mysql version 5.5
php version 5.4
apache version 2.4
3. what is memcached
4. Nambased vs ip based vitual hosting .
http://www.onlinux.in/2010/08/difference-between-ip-virtual-hosting.html
a
--
Regards
Agnello D'souza
1. understanding LVM -
http://adminlinux.blogspot.in/2008/09/understanding-lvm.html
http://www.howtoforge.com/linux_lvm
2. mysql version 5.5
php version 5.4
apache version 2.4
3. what is memcached
4. Nambased vs ip based vitual hosting .
http://www.onlinux.in/2010/08/difference-between-ip-virtual-hosting.html
a
--
Regards
Agnello D'souza
linux tips
Linux Tips
************
What command should you use to check your filesystem?
Answer: fsck
The fsck command is used to check the integrity of the filesystem on your disk.
You want to print out a text file called vacations however the lines
are of varying length. What text filter could you use to even out the
length of the lines?
Answer: fmt
The fmt text utility attempts to make all the lines the same lenght by
joining or splitting lines.
You need to locate a file called salesdata that one of your user's
created in his home directory but you do not know which one. How could
you use the find command to locate this file?
Answer: find /home -name salesdata
When using the find command to locate a file by name you must specify
the starting place in the directory heirarchy and the -name option to
specify the file to search for.
What command would you type to use the cpio to create a backup called
backup.cpio of all the users' home directories?
Answer: find /home | cpio -o > backup.cpio
The find command is used to create a list of the files and directories
contained in home. This list is then piped to the cpio utility as a
list of files to include and the output is saved to a file called
backup.cpio.
You want to create a compressed backup of the users' home directories
so you issue the command gzip /home/* backup.gz but it fails. The
reason that it failed is that gzip will only compress one _______ at a
time.
Answer: file
The gzip utility cannot compress multiple files in a single operation.
You have three files in the /home/ben/memos directory called letters,
tom, betty. How could you determine each file's type by issuing only
one command?
Answer: file letters tom betty
The file utility will display the file's type for each filename that
is passed as an argument.
In order to display the last five commands you have entered using the
fc command, you would type ___________.
Answer: fc -5
The fc command can be used to edit or rerun commands you have
previously entered. To specify the number of commands to list, use -n.
Each command has two types of output. There are standard output and
standard __________.
Answer: error
By default, each command sends its result as standard output and any
error messages as standard error.
What can you type at a command line to determine which shell you are using?
Answer: echo $SHELL
The name and path to the shell you are using is saved to the SHELL
environment variable. You can then use the echo command to print out
the value of any variable by preceding the variable's name with $.
Therefore,
typing echo $SHELL will display the name of your shell.
What type of local file server can you use to provide the distribution
installation materials to the new machine during a network
installation?
A) Inetd
B) FSSTND
C) DNS
D) NNTP
E) NFS
Answer: E – You can use an NFS server to provide the distribution
installation materials to the machine on which you are performing the
installation. Answers a, b, c, and d are all valid items but none of
them are file servers. Inetd is the superdaemon which controls all
intermittently used network services. The FSSTND is the Linux File
System Standard. DNS provides domain name resolution, and NNTP is the
transfer protocol for usenet news.
What would you type to send the last 20 lines of a text file to STDIN?
A) end -n 20 filename
B) last -n 20 filename
C) head -20 filename
D) end -20 filename
E) tail -20 filename
Answer: E – Use the command tail -20 filename to see the last 20 lines
of a file. The answers for a and d both point to an invalid command.
The answer for b points to a valid command. Typing this answer in with
a valid file name will even give you some output. However, the last
command tells you who is logged in, it does not actually list the
contents of any file named in the command. The answer for c, the head
command, is used to look at the beginning of a file, not the end.
Which command works in almost all distributions to create a boot disk?
A) mkboot
B) make bootdsk
C) make boot
D) mkbootdsk
E) mkbootdisk
Answer: E – The mkbootdisk command creates a boot disk. Answers b and
c are incorrect. The make package is used to compile software, not
create boot disks. Answers a and d point to invalid commands.
Which command do you use to change runlevels?
A) initlevel
B) runlevel
C) level
D) run
E) init
Answer: E – The command used to change runlevels is init. Answers a,
c, and d point to invalid commands. Answer b is a valid command, but
does not set the current runlevel. The runlevel command displays the
current runlevel, and the one that was used directly before entering
this one.
You have a new, empty hard drive that you will use for Linux. What is
the first step you use.
Choose one:
a. Create an extended partition to be used for data.
b. Format the hard drive to use the ext2 filesystem.
c. Create a swap partition of type 82.
d. Create a primary partition using fdisk.
Answer: d
You must always first create a primary partition. Operating systems,
including Linux, can only be booted from a primary partition.
You have configured logrotate to rotate your logs weekly and keep them
for eight weeks. You are running our of disk space. What should you
do?
Choose one:
a. Quit using logrotate and manually save old logs to another location.
b. Reconfigure logrotate to only save logs for four weeks.
c. Configure logrotate to save old files to another location.
d. Use the prerotate command to run a script to move the older logs to
another location.
Answer: d
You can use the prerotate command to run a script before logs are
rotated. You could have this script move the older logs to another
location before rotation occurs.
If you type the command cat dog &> cat what would you see on your display?
Choose one:
a. Any error messages only.
b. The contents of the file dog.
c. The contents of the file dog and any error messages.
d. Nothing as all output is saved to the file cat.
Answer: d
When you use &> for redirection, it redirects both the standard output
and standard error. The output would be saved to the file cat.
You have a directory with the following permissions
drw-rw–w- 1 root admin 7202 Sep 17 9:10 administration
and need to give everyone except root read only access to it. Which of
the following commands will accomplish this?
Choose one:
a. chmod uo=r administration
b. chmod ug+r administration
c. chmod uo+r administration
d. chmod ug=r administration
Answer: d
When using symbols, the equal sign explicitly sets permissions and
revokes any pre-existing permissions.
You want to know how much space is being occupied by your user's home
directories. Which of the following will provide you with this
information?
Choose one:
a. du -l /home
b. du -b /home
c. du -m /home
d. du -c /home
Answer: d
Using the -c option with the du command will show the grand total of
used space for the designated directory.
You have entered the following cronjob. When will it run? 15 * * *
1,3,5 myscript
Choose one:
a. at 15 minutes after every hour on the 1st, 3rd and 5th of each month.
b. at 1:15 am, 3:15 am, and 5:15 am every day
c. at 3:00 pm on the 1st, 3rd, and 5th of each month
d. at 15 minutes after every hour every Monday, Wednesday, and Friday
Answer: d
This would run at 15 minutes after the hour on every Monday,
Wednesday, and Friday of every month no matter what the date.
You need to see the last fifteen lines of the files dog, cat and
horse. What command should you use?
Answer: tail -15 dog cat horse
The tail utility displays the end of a file. The -15 tells tail to
display the last fifteen lines of each specified file.
Who owns the data dictionary?
Answer: The SYS user owns the data dictionary. The SYS and SYSTEM
users are created when the database is created.
You routinely compress old log files. You now need to examine a log
from two months ago. In order to view its contents without first
having to decompress it, use the _________ utility.
Answer: zcat
The zcat utility allows you to examine the contents of a compressed
file much the same way that cat displays a file.
You suspect that you have two commands with the same name as the
command is not producing the expected results. What command can you
use to determine the location of the command being run?
Answer: which
The which command searches your path until it finds a command that
matches the command you are looking for and displays its full path.
You locate a command in the /bin directory but do not know what it
does. What command can you use to determine its purpose.
Answer: whatis
The whatis command displays a summary line from the man page for the
specified command.
You wish to create a link to the /data directory in bob's home
directory so you issue the command ln /data /home/bob/datalink but the
command fails. What option should you use in this command line to be
successful.
Answer: Use the -F option
In order to create a link to a directory you must use the -F option.
When you issue the command ls -l, the first character of the
resulting display represents the file's ___________.
Answer: type
The first character of the permission block designates the type of
file that is being displayed.
What utility can you use to show a dynamic listing of running processes?
Answer: top
The top utility shows a listing of all running processes that is
dynamically updated.
Where is standard output usually directed?
Answer: to the screen or display
By default, your shell directs standard output to your screen or display.
You want to create a compressed backup of the users' home
directories. What utility should you use?
Answer: tar
You can use the z modifier with tar to compress your archive at the
same time as creating it.
You wish to restore the file memo.ben which was backed up in the
tarfile MyBackup.tar. What command should you type?
Answer: tar xf MyBackup.tar memo.ben
This command uses the x switch to extract a file. Here the file
memo.ben will be restored from the tarfile MyBackup.tar.
You need to view the contents of the tarfile called MyBackup.tar.
What command would you use?
Answer: tar tf MyBackup.tar
The t switch tells tar to display the contents and the f modifier
specifies which file to examine.
What daemon is responsible for tracking events on your system?
Answer: syslogd
The syslogd daemon is responsible for tracking system information and
saving it to specified log files.
You have a file called phonenos that is almost 4,000 lines long.
What text filter can you use to split it into four pieces each 1,000
lines long?
Answer: split
The split text filter will divide files into equally sized pieces. The
default length of each piece is 1,000 lines.
You would like to temporarily change your command line editor to be
vi. What command should you type to change it?
Answer: set -o vi
The set command is used to assign environment variables. In this case,
you are instructing your shell to assign vi as your command line
editor. However, once you log off and log back in you will return to
the previously defined command line editor.
What account is created when you install Linux?
Answer: root
Whenever you install Linux, only one user account is created. This is
the superuser account also known as root.
What command should you use to check the number of files and disk
space used and each user's defined quotas?
Answer: repquota
The repquota command is used to get a report on the status of the
quotas you have set including the amount of allocated space and amount
of used space.
In order to run fsck on the root partition, the root partition must
be mounted as ___________.
Answer: readonly
You cannot run fsck on a partition that is mounted as read-write.
In order to improve your system's security you decide to implement
shadow passwords. What command should you use?
Answer: pwconv
The pwconv command creates the file /etc/shadow and changes all
passwords to 'x' in the /etc/passwd file.
Bob Armstrong, who has a username of boba, calls to tell you he
forgot his password. What command should you use to reset his command?
Answer: passwd boba
The passwd command is used to change your password. If you do not
specify a username, your password will be changed.
When you look at the /etc/group file you see the group kmem listed.
Since it does not own any files and no one is using it as a default
group, can you delete this group?
Answer: no
The kmem group manages direct access to kernel memory and is necessary
for your system's health.
What text filter can you use to display a multi-page file and place
numbers at the beginning of each line.
DirContents
Using the > will redirect the output of the ls /etc command to the
file DirContents.
What file defines the levels of messages written to system log files?
Answer: kernel.h
To determine the various levels of messages that are defined on your
system, examine the kernel.h file.
You have two files each ten lines long. What text filter could you
use to combine the two files so that each line of the output contains
the corresponding line from each file?
Answer: join
The join text filter will display one line for each pair of input
lines from two files.
You have two files in two different directories with the same
inode. What type of link is involved?
",1] ); //–>
Answer: nl
The nl text filter will divide a file into logical pages and number each line.
Question The top utility can be used to change the priority of a
running process? Another utility that can also be used to change
priority is ___________?
Answer: nice
Both the top and nice utilities provide the capability to change the
priority of a running process.
In order to apply a filesystem to your new partitions you must
format them. What command would you use to create the ext2 filesystem?
Answer: mke2fs
The mke2fs command creates the new filesystem on your partition.
What command should you type to see all the files with an
extension of 'mem' listed in reverse alphabetical order in the
/home/ben/memos directory.
Answer: ls -r /home/ben/memos/*.mem
The -c option used with ls results in the files being listed in
chronological order. You can use wildcards with the ls command to
specify a pattern of filenames.
In order to create a file called DirContents containing the
contents of the /etc directory you would type ____________.
Answer: ls /etc > DirContents
Using the > will redirect the output of the ls /etc command to the
file DirContents.
What file defines the levels of messages written to system log files?
Answer: kernel.h
To determine the various levels of messages that are defined on your
system, examine the kernel.h file.
You have two files each ten lines long. What text filter could you
use to combine the two files so that each line of the output contains
the corresponding line from each file?
Answer: join
The join text filter will display one line for each pair of input
lines from two files.
You have two files in two different directories with the same
inode. What type of link is involved?
Answer: hard
Hard links all have the same inode number, unlike symbolic links.
What command is used to remove the password assigned to a group?
Answer: gpasswd -r
The gpasswd command is used to change the password assigned to a
group. Use the -r option to remove the password from the group.
1.What is the best RAID level?
RAID 0 for performance
RAID 5 for High availability
RAID 6 even better HA if the budget is fine
2.What is MAC address and How to check the MAC address in linux?
A mac address means media access control address.It is a unique
address assigned to almost all networking hardware such as Ethernet
cards, router etc.
Most layer 2 network protocols use one of three numbering spaces which
are designed to be globally unique.
Linux Command to see MAC address:
Ifconfig is used to configure network interfaces.
$ /sbin/ifconfig grep HWaddr
Output: eth0 Link encap:Ethernet HWaddr 00:0F:EA:91:04:07
OR
$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:0F:EA:91:04:07 <<< THIS IS THE MAC ADDRESS
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20f:eaff:fe91:407/64 Scope:Link
OR as a root user type following command:
# grep eth0 /var/log/dmesg
eth0: RealTek RTL8139 at 0xc000, 00:0f:ea:91:04:07, IRQ 18 <<< this
line 2 component from this side is MAC address
eth0: Identified 8139 chip type 'RTL-8100B/8139D'
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
3.how to assign a permanent IP to a client which is presently in DHCP in Linux?
/sbin/ifconfig eth0 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255
In this command we are assigning 192.168.10.1 IP to ethernet
interface(NIC card) eth0.
Also in redhat linux terminal you can type comand "setup" & launch a
Wizard type interface in which u can choose network & configure IP
You can use the GUI tool /usr/bin/neat - Gnome GUI network
administration tool. It handles all interfaces and configures for both
static assignment as well as dynamic assignment using DHCP.
4. How to exclude some ip address range in DHCP?
To exclude the range of IP address in a subnet is to split the address
range of subnet into two.
Example:
subnet 1.1.1.0 netmask 255.255.255.0
{
range 1.1.1.10 1.1.1.15
range 1.1.1.21 1.1.1.40
}
so in the above example automatically the IP 16-20 will be excluded
from the list.
5.What is the default serial number of DNS ?
Are based on ISO dates. Every time the data in the database is
changed, the serial number must be increased in order that the slave
servers know the zone has changed
6.how to pull the data to the secondary nis server from master server?
ypxfr is a pull command which runs on each slave server to make that
server import the map from master nis server
7.what file need to be changed in nis client if you are changing the
machine from one subnetwork to other subnetwork?
/etc/yp.conf
8.how to see memory usage?
Commands "top" and "free -m"
9.how to increase the filesystem ?
Using command # fdisk
How to Manually Create Machine Trust Accounts ?
/usr/sbin/useradd -g machines -d /var/lib/nobody -c "machine nickname"
-s /bin/false machine_name$
passwd -l machine_name$
Q: – What are the SAMBA server Types ?
- Primary Domain Controller (PDC)
- Backup Domain Controller (BDC)
- ADS Domain Controller
Q: – Which protocol SAMBA server uses ?
SMB, which stands for Server Message Block, is a protocol for sharing
files, printers, serial ports, and communications abstractions such as
named pipes and mail slots between computers.
Q: – Which SELinux security context used for SAMBA ?
samba_share_t
Q: – On which ports SAMBA server works ?
- UDP port 137 for netbios-ns, the NETBIOS Name Service
- UDP port 138 for netbios-dgm, the NETBIOS Datagram Service
- TCP port 139 for netbios-ssn, the NETBIOS session service
- TCP port 445 for microsoft-ds, the Microsoft Domain Service
Q: – What are the Secrity or Authentication Mode for SAMBA server?
ADS
DOMAIN
SERVER
USER
SHARE
Q: – How Does a Workstation find its Domain Controller?
There are two different mechanisms to locate a domain controller: one
method is used when NetBIOS over TCP/IP is enabled and the other when
it has been disabled in the TCP/IP network configuration. Where
NetBIOS over TCP/IP is disabled, all name resolution involves the use
of DNS, broadcast messaging over UDP, as well as Active Directory
communication technologies.
Q: – Can Samba Be a Backup Domain Controller to an NT4 PDC?
No. The native NT4 SAM replication protocols have not yet been fully
implemented.
Q: – How Do I Replicate the smbpasswd File?
Replication of the smbpasswd file is sensitive. It has to be done
whenever changes to the SAM are made. Every user's password change is
done in the smbpasswd file and has to be replicated to the BDC. So
replicating the smbpasswd file very often is necessary.As the
smbpasswd file contains plaintext password equivalents, it must not be
sent unencrypted over the wire. The best way to set up smbpasswd
replication from the PDC to the BDC is to use the utility rsync. rsync
can use ssh as a transport. ssh itself can be set up to accept only
rsync transfer without requiring the user to type a password.As said a
few times before, use of this method is broken and awed. Machine trust
accounts will go out of sync, resulting in a broken domain. This
method is not recommended. Try using LDAP instead.
Q: – Can Samba fully replace my Windows NT server that is not a
Primary Domain Controller (PDC)?
Samba can completely serve files and printers to Windows, just as a
Windows NT server would.
Q2 Can Samba replaces my Windows NT PDC?
Not completely. Samba domain control capabilities for a Windows 9x client are
solid and complete, and so these clients would probably never know the
difference. The domain control support for Windows NT/2000 clients is
still being developed. Currently, enough has been implemented to allow
a Windows NT client to join a Samba-controlled domain, but there is
more to domain control than that. The most conspicuous absence is the
lack of support for Windows NT trust relationships and the SAM
replication protocol used between NT PDCs and Backup Domain
Controllers (BDCs).
Q: What TCP and UDP ports required for NetBIOS over TCP/IP use?
The NBT name service uses port 137/udp, the NBT session service uses port
139/tcp, and the NBT datagram service uses port 138/udp.
Q: - How SMB protocol works?
There will be three stages in creating an SMB connection between a
client and a specific share on a server.
The first stage in connecting to an SMB share is to negotiate the SMB
protocol dialect to use. In the request packet, the client sends a
text listing of all the SMB dialects that it understands. The server
selects the most advanced protocol that it knows and responds to the
client, specifying the protocol number from the list. At this point,
the client and server have agreed that SMB commands can be used for
the remainder of the conversation.
The second stage is to create a session connection between the client
and server. To do this, the client issues a session setup request,
which includes a sername and some proof of validity, such as a
password. The server attempts to validate requesting user. If
successful, the server then returns a session UID to client. This UID
is unique for each session and has no relation to the server internal
representation of users.
The third stage before access to files on a remote share is allowed is
for the client to make a successful tree connection to the shared
resource. The client sends to the server a tree connect request, which
includes the UID previously issued by the server. At this stage the
server verifies that the authenticated user is authorized to access
the requested resource. If the user has sufficient privileges to
access the share, the client is issued a tree connection ID (TID). The
TID is used in all requests to access files contained in the resource
to which the TID refers.
In this way SMB protocol works.
Q: – How man sections samba configuration file (smb.conf) contains?
smb.conf file contains three sections.
1. [global] Contains settings that determine Samba overall behavior.
2. [homes] A default share for providing a home directory for all users.
3. [printers] A default share for exporting all printers on the host via CIFS.
Q: – If a netbios name is not defined in smb.conf, than what will be
netbios name?
If a netbios name is not defined, Samba will use the IP hostname of
the server by default.
Q: - I want to use User level security for my samba server than what
i have to add in smb.conf file?
security = user
Q: - How you will verify that your smb.conf file doesn't have any
mistakes and misspellings?
"testparm " tool that verifies the syntax of a configuration file(smb.conf).
testparm -s smb.conf
Q: - What is the use of "smbclient" command?
"smbclient" is used to display the list of shares on your server. This
verifies that smbd is running and functioning correctly. The -L option
instructs smbclient to enumerate the shares on the server rather than
actually connecting to one. The -N switch instructs smbclient to use
an anonymous login rather than the login name of the current user.
smbclient -L localhost -N
Antother use of "smbclient" command to connect the samba share.
smbclient //<server>/<share> -U <username>
Q: - Explain "smbstatus" command?
The smbstatus utility displays information about connected users and
currently locked files.
Q: – Is it possible for Samba to share file systems that have been
mounted using NFS?
Yes. However, this can be problematic if the NFS server that provides
the file system fails, causing the Samba server to hang. It is always
safer to use Samba to share a local file system.
Q: – How many simultaneous connections can a Samba server support?
In theory, there is no limit. In practice, the limit is determined by
the server's hardware, specifically the total amount of available RAM
and the CPU power. It might also depend on the amount of activity from
the smbd processes.
Q: – Can Samba be a member of more than one workgroup at the same time?
No, Samba can be a member of only one workgroup.
Q: – What is SWAT?
SWAT is GUI Based administration tool for samba server.
Q: – I am trying to use SWAT, but I keep getting the message There was
no response. The server could be down or not responding. What is the
problem?
The most likely cause is that SWAT is not listening to connections, or
you have used the wrong URL in trying to connect to SWAT. SWAT usually
lives behind port 901, so the URL you should use is
http://ID_ADDRESS_OF_SERVER:901/
Q: – Can i set empty password for samba user?
yes, If you want to set the value to an empty password, you must change
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
to
NOPASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
in your smbpasswd file.
Note: – if you have edited the smbpasswd file by hand, make sure that
the LAN Manager and NT password fields contain exactly 32 characters,
no more and no fewer. If these fields do not have exactly 32
characters, Samba will not be able to correctly read the entry.
or You can modify by "smbpasswd" command.
smbpasswd -n USER_NAME
Also you have to set the null passwords parameter to yes in the
[global] section of smb.conf:
null passwords = yes
Q: – Does Samba support PAM?
Yes
Q: – What is role of "NTLM"?
The challenge/response authentication protocol available to Windows
clients and servers for validating connection requests.
Q: – Explain "force group" parameter used in smb.conf?
It will define the group id to be used for all file access in the
place of the user's primary group.
Q: – Explain "force user" parameter used in smb.conf?
It will define the user id to be used for all file access.
Q: – Explain "write list" parameter used in smb.conf?
A list of users and/or groups that should be given write access even
if the read only parameter has been enabled.
Q: – My clients are getting the error message that the Disk is Full
when trying to print to my Samba server, but there is plenty of space.
What is the problem?
If smbd is unable to write the spooled file to the directory defined
by the path parameter for a printer if the write permission were
denied, for example it would respond to the client with the message,
Disk is Full. Samba will also return this error message if the amount
of free disk space in the spool directory has fallen below the value
specified by the min print space parameter.
Q: – When I click on my Samba server in the network neighborhood, I am
continually prompted for a password to the IPC$ share no matter what I
enter.
The Windows client is attempting to use encrypted passwords. However,
the Samba server is configured to support only clear-text passwords.
You should either enable encrypted passwords on the server or enable
clear-text passwords on the Windows client.
Q: – Why is security = domain better than security = server?
There are three reasons why security = domain is better. The first is
because this method enables the Samba server to participate in domain
trust relationships. This is impossible with server-level security.
The second reason is that, under server-level security, each smbd
process must keep an open connection with the authentication server.
This can drain a Windows NT PDC quickly. Under domain-level security,
this connection is maintained only long enough to perform the
validation, thus conserving valuable resources. The final reason is
that, as a domain member, the Samba server has access to much more
information about user accounts, which can be used to automate the
creation and deletion of user accounts upon demand.
Q: – Explain the parameter "wins support = Yes" used in smb.conf?
If the Samba server was configured to provide WINS support ("wins
support = Yes"), then the WINS server is able to provide name
resolution for all of the hosts that are not listed in the /etc/hosts
file or within the DNS. Making this adjustment in the Name Service
Switch configuration file (/etc/nsswitch.conf) allows the Linux system
to query the WINS server for local name resolution. This saves manual
adjustments to host files.
Q: – How to automate SMB share mounting during system startup?
Add smb share entry in /etc/fstab file.
//IP_ADDRESS_OF_SERVER/Shared /shared smbfs noauto,defaults 0 0
Q: – how to start and stop samba server?
/etc/init.d/smb restart
Sunday, February 6, 2011
unix/linux System Admin Interview Questions And Answers 6
unix/linux System Admin Interview Questions And Answers 5
Q: - What "neat" command will do?
neat command provides Graphical interface to change network settings
for network devices.
Q: - Which protocol is required to allow local printing and print sharing?
Internet Printing Protocol (IPP) is required to allow local printing
and print sharing.
Q: - What is CUPS?
CUPS stands for "Common UNIX Printing System". CUPS is a open source
printing system developed by Apple Inc. CUPS uses the Internet
Printing Protocol (IPP) to allow local printing and print sharing.
Q: -What is the location of log files for CUPS?
The log files for the CUPS printing system are located in the
/var/log/cups/ directory.
Q: - What is YUM?
YUM stands for Yellow dog Updater, Modified because it is based on
YUP, the Yellow dog Updater. Where does the name Yellow dog come from?
Yellow Dog is a version of Linux for the Power Architecture hardware
and is RPM-based, just like Red Hat Enterprise Linux and Fedora. YUP,
and later YUM, were written by the Linux community as a way to
maintain an RPM-based system.
Q: - What are the advantages of YUM?
- Automatic resolution of software dependencies.
- Multiple software locations at one time.
- Ability to specify particular software versions or architectures.
Q: - How you will install software by YUM?
yum install <pkgname>
Q: - Which option is required to assume the answer "yes" to any
questions asked during installation of package dependencies for YUM?
The "-y" option is used to assume the answer "yes".
For Example
yum -y install squid
Q: - How to remove a software by YUM?
yum remove <pkgname>
Q: - How Many Run Levels present in Linux?
There are 7 run levels, with each having its own properties.
- 0: Halt the system
- 1: Single-user mode
- 2: Not used
- 3: Multi-user mode with text login
- 4: Not used
- 5: Multi-user mode with graphical login
- 6: Reboot
Q: - Which configuration file is required to change the Run Level of
Server or system?
/etc/inittab
To change the default run level, modify this line.
id:5:initdefault:
Q: - Explain architectures required for RPMs?
noarch Architecture-independent, can run on any architecture
i386 Generic build for a 32-bit x86 system
i586 Sometimes used when building kernels for older x86 processors
Intel® Pentium ® II, Intel Pentium III, Intel Pentium 4, AMD Athlon, and
i686 AMD Duron systems (Most RPMs for these architectures are built
using the i386 architecture, with the kernel for these architectures
being built with the
i686 for optimal performance.)
x86_64 64-bit processors such as AMD Athlon64, AMD Opteron, and Intel EM64T
ia64 Intel® Itanium
ppc 32-bit IBM® POWER, IBM eServer„ pSeries®, and IBM eServer iSeries
s390x 64-bit IBM eServer System z
Q: - How to install Linux software's by RPM?
rpm -ivh test-1.0-1.i386.rpm
test ######################### [100%]
Q: - If a file associated with test-1.0-1.i386.rpm deleted, than How
we will recover that file?
We can reinstall this rpm again.
Q: - If you are getting error "package is already installed" but you
have to install package any how. what option you will use?
rpm -ivh test-1.0-1.i386.rpm
Preparing... ########################################### [100%]
package test-1.0-1 is already installed
In this case you can use "--replacepkgs" option.
rpm -ivh –replacepkgs test-1.0-1.i386.rpm
Amazxing site
http://venkataraoss.blogspot.in/
************
What command should you use to check your filesystem?
Answer: fsck
The fsck command is used to check the integrity of the filesystem on your disk.
You want to print out a text file called vacations however the lines
are of varying length. What text filter could you use to even out the
length of the lines?
Answer: fmt
The fmt text utility attempts to make all the lines the same lenght by
joining or splitting lines.
You need to locate a file called salesdata that one of your user's
created in his home directory but you do not know which one. How could
you use the find command to locate this file?
Answer: find /home -name salesdata
When using the find command to locate a file by name you must specify
the starting place in the directory heirarchy and the -name option to
specify the file to search for.
What command would you type to use the cpio to create a backup called
backup.cpio of all the users' home directories?
Answer: find /home | cpio -o > backup.cpio
The find command is used to create a list of the files and directories
contained in home. This list is then piped to the cpio utility as a
list of files to include and the output is saved to a file called
backup.cpio.
You want to create a compressed backup of the users' home directories
so you issue the command gzip /home/* backup.gz but it fails. The
reason that it failed is that gzip will only compress one _______ at a
time.
Answer: file
The gzip utility cannot compress multiple files in a single operation.
You have three files in the /home/ben/memos directory called letters,
tom, betty. How could you determine each file's type by issuing only
one command?
Answer: file letters tom betty
The file utility will display the file's type for each filename that
is passed as an argument.
In order to display the last five commands you have entered using the
fc command, you would type ___________.
Answer: fc -5
The fc command can be used to edit or rerun commands you have
previously entered. To specify the number of commands to list, use -n.
Each command has two types of output. There are standard output and
standard __________.
Answer: error
By default, each command sends its result as standard output and any
error messages as standard error.
What can you type at a command line to determine which shell you are using?
Answer: echo $SHELL
The name and path to the shell you are using is saved to the SHELL
environment variable. You can then use the echo command to print out
the value of any variable by preceding the variable's name with $.
Therefore,
typing echo $SHELL will display the name of your shell.
What type of local file server can you use to provide the distribution
installation materials to the new machine during a network
installation?
A) Inetd
B) FSSTND
C) DNS
D) NNTP
E) NFS
Answer: E – You can use an NFS server to provide the distribution
installation materials to the machine on which you are performing the
installation. Answers a, b, c, and d are all valid items but none of
them are file servers. Inetd is the superdaemon which controls all
intermittently used network services. The FSSTND is the Linux File
System Standard. DNS provides domain name resolution, and NNTP is the
transfer protocol for usenet news.
What would you type to send the last 20 lines of a text file to STDIN?
A) end -n 20 filename
B) last -n 20 filename
C) head -20 filename
D) end -20 filename
E) tail -20 filename
Answer: E – Use the command tail -20 filename to see the last 20 lines
of a file. The answers for a and d both point to an invalid command.
The answer for b points to a valid command. Typing this answer in with
a valid file name will even give you some output. However, the last
command tells you who is logged in, it does not actually list the
contents of any file named in the command. The answer for c, the head
command, is used to look at the beginning of a file, not the end.
Which command works in almost all distributions to create a boot disk?
A) mkboot
B) make bootdsk
C) make boot
D) mkbootdsk
E) mkbootdisk
Answer: E – The mkbootdisk command creates a boot disk. Answers b and
c are incorrect. The make package is used to compile software, not
create boot disks. Answers a and d point to invalid commands.
Which command do you use to change runlevels?
A) initlevel
B) runlevel
C) level
D) run
E) init
Answer: E – The command used to change runlevels is init. Answers a,
c, and d point to invalid commands. Answer b is a valid command, but
does not set the current runlevel. The runlevel command displays the
current runlevel, and the one that was used directly before entering
this one.
You have a new, empty hard drive that you will use for Linux. What is
the first step you use.
Choose one:
a. Create an extended partition to be used for data.
b. Format the hard drive to use the ext2 filesystem.
c. Create a swap partition of type 82.
d. Create a primary partition using fdisk.
Answer: d
You must always first create a primary partition. Operating systems,
including Linux, can only be booted from a primary partition.
You have configured logrotate to rotate your logs weekly and keep them
for eight weeks. You are running our of disk space. What should you
do?
Choose one:
a. Quit using logrotate and manually save old logs to another location.
b. Reconfigure logrotate to only save logs for four weeks.
c. Configure logrotate to save old files to another location.
d. Use the prerotate command to run a script to move the older logs to
another location.
Answer: d
You can use the prerotate command to run a script before logs are
rotated. You could have this script move the older logs to another
location before rotation occurs.
If you type the command cat dog &> cat what would you see on your display?
Choose one:
a. Any error messages only.
b. The contents of the file dog.
c. The contents of the file dog and any error messages.
d. Nothing as all output is saved to the file cat.
Answer: d
When you use &> for redirection, it redirects both the standard output
and standard error. The output would be saved to the file cat.
You have a directory with the following permissions
drw-rw–w- 1 root admin 7202 Sep 17 9:10 administration
and need to give everyone except root read only access to it. Which of
the following commands will accomplish this?
Choose one:
a. chmod uo=r administration
b. chmod ug+r administration
c. chmod uo+r administration
d. chmod ug=r administration
Answer: d
When using symbols, the equal sign explicitly sets permissions and
revokes any pre-existing permissions.
You want to know how much space is being occupied by your user's home
directories. Which of the following will provide you with this
information?
Choose one:
a. du -l /home
b. du -b /home
c. du -m /home
d. du -c /home
Answer: d
Using the -c option with the du command will show the grand total of
used space for the designated directory.
You have entered the following cronjob. When will it run? 15 * * *
1,3,5 myscript
Choose one:
a. at 15 minutes after every hour on the 1st, 3rd and 5th of each month.
b. at 1:15 am, 3:15 am, and 5:15 am every day
c. at 3:00 pm on the 1st, 3rd, and 5th of each month
d. at 15 minutes after every hour every Monday, Wednesday, and Friday
Answer: d
This would run at 15 minutes after the hour on every Monday,
Wednesday, and Friday of every month no matter what the date.
You need to see the last fifteen lines of the files dog, cat and
horse. What command should you use?
Answer: tail -15 dog cat horse
The tail utility displays the end of a file. The -15 tells tail to
display the last fifteen lines of each specified file.
Who owns the data dictionary?
Answer: The SYS user owns the data dictionary. The SYS and SYSTEM
users are created when the database is created.
You routinely compress old log files. You now need to examine a log
from two months ago. In order to view its contents without first
having to decompress it, use the _________ utility.
Answer: zcat
The zcat utility allows you to examine the contents of a compressed
file much the same way that cat displays a file.
You suspect that you have two commands with the same name as the
command is not producing the expected results. What command can you
use to determine the location of the command being run?
Answer: which
The which command searches your path until it finds a command that
matches the command you are looking for and displays its full path.
You locate a command in the /bin directory but do not know what it
does. What command can you use to determine its purpose.
Answer: whatis
The whatis command displays a summary line from the man page for the
specified command.
You wish to create a link to the /data directory in bob's home
directory so you issue the command ln /data /home/bob/datalink but the
command fails. What option should you use in this command line to be
successful.
Answer: Use the -F option
In order to create a link to a directory you must use the -F option.
When you issue the command ls -l, the first character of the
resulting display represents the file's ___________.
Answer: type
The first character of the permission block designates the type of
file that is being displayed.
What utility can you use to show a dynamic listing of running processes?
Answer: top
The top utility shows a listing of all running processes that is
dynamically updated.
Where is standard output usually directed?
Answer: to the screen or display
By default, your shell directs standard output to your screen or display.
You want to create a compressed backup of the users' home
directories. What utility should you use?
Answer: tar
You can use the z modifier with tar to compress your archive at the
same time as creating it.
You wish to restore the file memo.ben which was backed up in the
tarfile MyBackup.tar. What command should you type?
Answer: tar xf MyBackup.tar memo.ben
This command uses the x switch to extract a file. Here the file
memo.ben will be restored from the tarfile MyBackup.tar.
You need to view the contents of the tarfile called MyBackup.tar.
What command would you use?
Answer: tar tf MyBackup.tar
The t switch tells tar to display the contents and the f modifier
specifies which file to examine.
What daemon is responsible for tracking events on your system?
Answer: syslogd
The syslogd daemon is responsible for tracking system information and
saving it to specified log files.
You have a file called phonenos that is almost 4,000 lines long.
What text filter can you use to split it into four pieces each 1,000
lines long?
Answer: split
The split text filter will divide files into equally sized pieces. The
default length of each piece is 1,000 lines.
You would like to temporarily change your command line editor to be
vi. What command should you type to change it?
Answer: set -o vi
The set command is used to assign environment variables. In this case,
you are instructing your shell to assign vi as your command line
editor. However, once you log off and log back in you will return to
the previously defined command line editor.
What account is created when you install Linux?
Answer: root
Whenever you install Linux, only one user account is created. This is
the superuser account also known as root.
What command should you use to check the number of files and disk
space used and each user's defined quotas?
Answer: repquota
The repquota command is used to get a report on the status of the
quotas you have set including the amount of allocated space and amount
of used space.
In order to run fsck on the root partition, the root partition must
be mounted as ___________.
Answer: readonly
You cannot run fsck on a partition that is mounted as read-write.
In order to improve your system's security you decide to implement
shadow passwords. What command should you use?
Answer: pwconv
The pwconv command creates the file /etc/shadow and changes all
passwords to 'x' in the /etc/passwd file.
Bob Armstrong, who has a username of boba, calls to tell you he
forgot his password. What command should you use to reset his command?
Answer: passwd boba
The passwd command is used to change your password. If you do not
specify a username, your password will be changed.
When you look at the /etc/group file you see the group kmem listed.
Since it does not own any files and no one is using it as a default
group, can you delete this group?
Answer: no
The kmem group manages direct access to kernel memory and is necessary
for your system's health.
What text filter can you use to display a multi-page file and place
numbers at the beginning of each line.
DirContents
Using the > will redirect the output of the ls /etc command to the
file DirContents.
What file defines the levels of messages written to system log files?
Answer: kernel.h
To determine the various levels of messages that are defined on your
system, examine the kernel.h file.
You have two files each ten lines long. What text filter could you
use to combine the two files so that each line of the output contains
the corresponding line from each file?
Answer: join
The join text filter will display one line for each pair of input
lines from two files.
You have two files in two different directories with the same
inode. What type of link is involved?
",1] ); //–>
Answer: nl
The nl text filter will divide a file into logical pages and number each line.
Question The top utility can be used to change the priority of a
running process? Another utility that can also be used to change
priority is ___________?
Answer: nice
Both the top and nice utilities provide the capability to change the
priority of a running process.
In order to apply a filesystem to your new partitions you must
format them. What command would you use to create the ext2 filesystem?
Answer: mke2fs
The mke2fs command creates the new filesystem on your partition.
What command should you type to see all the files with an
extension of 'mem' listed in reverse alphabetical order in the
/home/ben/memos directory.
Answer: ls -r /home/ben/memos/*.mem
The -c option used with ls results in the files being listed in
chronological order. You can use wildcards with the ls command to
specify a pattern of filenames.
In order to create a file called DirContents containing the
contents of the /etc directory you would type ____________.
Answer: ls /etc > DirContents
Using the > will redirect the output of the ls /etc command to the
file DirContents.
What file defines the levels of messages written to system log files?
Answer: kernel.h
To determine the various levels of messages that are defined on your
system, examine the kernel.h file.
You have two files each ten lines long. What text filter could you
use to combine the two files so that each line of the output contains
the corresponding line from each file?
Answer: join
The join text filter will display one line for each pair of input
lines from two files.
You have two files in two different directories with the same
inode. What type of link is involved?
Answer: hard
Hard links all have the same inode number, unlike symbolic links.
What command is used to remove the password assigned to a group?
Answer: gpasswd -r
The gpasswd command is used to change the password assigned to a
group. Use the -r option to remove the password from the group.
1.What is the best RAID level?
RAID 0 for performance
RAID 5 for High availability
RAID 6 even better HA if the budget is fine
2.What is MAC address and How to check the MAC address in linux?
A mac address means media access control address.It is a unique
address assigned to almost all networking hardware such as Ethernet
cards, router etc.
Most layer 2 network protocols use one of three numbering spaces which
are designed to be globally unique.
Linux Command to see MAC address:
Ifconfig is used to configure network interfaces.
$ /sbin/ifconfig grep HWaddr
Output: eth0 Link encap:Ethernet HWaddr 00:0F:EA:91:04:07
OR
$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:0F:EA:91:04:07 <<< THIS IS THE MAC ADDRESS
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20f:eaff:fe91:407/64 Scope:Link
OR as a root user type following command:
# grep eth0 /var/log/dmesg
eth0: RealTek RTL8139 at 0xc000, 00:0f:ea:91:04:07, IRQ 18 <<< this
line 2 component from this side is MAC address
eth0: Identified 8139 chip type 'RTL-8100B/8139D'
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
3.how to assign a permanent IP to a client which is presently in DHCP in Linux?
/sbin/ifconfig eth0 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255
In this command we are assigning 192.168.10.1 IP to ethernet
interface(NIC card) eth0.
Also in redhat linux terminal you can type comand "setup" & launch a
Wizard type interface in which u can choose network & configure IP
You can use the GUI tool /usr/bin/neat - Gnome GUI network
administration tool. It handles all interfaces and configures for both
static assignment as well as dynamic assignment using DHCP.
4. How to exclude some ip address range in DHCP?
To exclude the range of IP address in a subnet is to split the address
range of subnet into two.
Example:
subnet 1.1.1.0 netmask 255.255.255.0
{
range 1.1.1.10 1.1.1.15
range 1.1.1.21 1.1.1.40
}
so in the above example automatically the IP 16-20 will be excluded
from the list.
5.What is the default serial number of DNS ?
Are based on ISO dates. Every time the data in the database is
changed, the serial number must be increased in order that the slave
servers know the zone has changed
6.how to pull the data to the secondary nis server from master server?
ypxfr is a pull command which runs on each slave server to make that
server import the map from master nis server
7.what file need to be changed in nis client if you are changing the
machine from one subnetwork to other subnetwork?
/etc/yp.conf
8.how to see memory usage?
Commands "top" and "free -m"
9.how to increase the filesystem ?
Using command # fdisk
How to Manually Create Machine Trust Accounts ?
/usr/sbin/useradd -g machines -d /var/lib/nobody -c "machine nickname"
-s /bin/false machine_name$
passwd -l machine_name$
Q: – What are the SAMBA server Types ?
- Primary Domain Controller (PDC)
- Backup Domain Controller (BDC)
- ADS Domain Controller
Q: – Which protocol SAMBA server uses ?
SMB, which stands for Server Message Block, is a protocol for sharing
files, printers, serial ports, and communications abstractions such as
named pipes and mail slots between computers.
Q: – Which SELinux security context used for SAMBA ?
samba_share_t
Q: – On which ports SAMBA server works ?
- UDP port 137 for netbios-ns, the NETBIOS Name Service
- UDP port 138 for netbios-dgm, the NETBIOS Datagram Service
- TCP port 139 for netbios-ssn, the NETBIOS session service
- TCP port 445 for microsoft-ds, the Microsoft Domain Service
Q: – What are the Secrity or Authentication Mode for SAMBA server?
ADS
DOMAIN
SERVER
USER
SHARE
Q: – How Does a Workstation find its Domain Controller?
There are two different mechanisms to locate a domain controller: one
method is used when NetBIOS over TCP/IP is enabled and the other when
it has been disabled in the TCP/IP network configuration. Where
NetBIOS over TCP/IP is disabled, all name resolution involves the use
of DNS, broadcast messaging over UDP, as well as Active Directory
communication technologies.
Q: – Can Samba Be a Backup Domain Controller to an NT4 PDC?
No. The native NT4 SAM replication protocols have not yet been fully
implemented.
Q: – How Do I Replicate the smbpasswd File?
Replication of the smbpasswd file is sensitive. It has to be done
whenever changes to the SAM are made. Every user's password change is
done in the smbpasswd file and has to be replicated to the BDC. So
replicating the smbpasswd file very often is necessary.As the
smbpasswd file contains plaintext password equivalents, it must not be
sent unencrypted over the wire. The best way to set up smbpasswd
replication from the PDC to the BDC is to use the utility rsync. rsync
can use ssh as a transport. ssh itself can be set up to accept only
rsync transfer without requiring the user to type a password.As said a
few times before, use of this method is broken and awed. Machine trust
accounts will go out of sync, resulting in a broken domain. This
method is not recommended. Try using LDAP instead.
Q: – Can Samba fully replace my Windows NT server that is not a
Primary Domain Controller (PDC)?
Samba can completely serve files and printers to Windows, just as a
Windows NT server would.
Q2 Can Samba replaces my Windows NT PDC?
Not completely. Samba domain control capabilities for a Windows 9x client are
solid and complete, and so these clients would probably never know the
difference. The domain control support for Windows NT/2000 clients is
still being developed. Currently, enough has been implemented to allow
a Windows NT client to join a Samba-controlled domain, but there is
more to domain control than that. The most conspicuous absence is the
lack of support for Windows NT trust relationships and the SAM
replication protocol used between NT PDCs and Backup Domain
Controllers (BDCs).
Q: What TCP and UDP ports required for NetBIOS over TCP/IP use?
The NBT name service uses port 137/udp, the NBT session service uses port
139/tcp, and the NBT datagram service uses port 138/udp.
Q: - How SMB protocol works?
There will be three stages in creating an SMB connection between a
client and a specific share on a server.
The first stage in connecting to an SMB share is to negotiate the SMB
protocol dialect to use. In the request packet, the client sends a
text listing of all the SMB dialects that it understands. The server
selects the most advanced protocol that it knows and responds to the
client, specifying the protocol number from the list. At this point,
the client and server have agreed that SMB commands can be used for
the remainder of the conversation.
The second stage is to create a session connection between the client
and server. To do this, the client issues a session setup request,
which includes a sername and some proof of validity, such as a
password. The server attempts to validate requesting user. If
successful, the server then returns a session UID to client. This UID
is unique for each session and has no relation to the server internal
representation of users.
The third stage before access to files on a remote share is allowed is
for the client to make a successful tree connection to the shared
resource. The client sends to the server a tree connect request, which
includes the UID previously issued by the server. At this stage the
server verifies that the authenticated user is authorized to access
the requested resource. If the user has sufficient privileges to
access the share, the client is issued a tree connection ID (TID). The
TID is used in all requests to access files contained in the resource
to which the TID refers.
In this way SMB protocol works.
Q: – How man sections samba configuration file (smb.conf) contains?
smb.conf file contains three sections.
1. [global] Contains settings that determine Samba overall behavior.
2. [homes] A default share for providing a home directory for all users.
3. [printers] A default share for exporting all printers on the host via CIFS.
Q: – If a netbios name is not defined in smb.conf, than what will be
netbios name?
If a netbios name is not defined, Samba will use the IP hostname of
the server by default.
Q: - I want to use User level security for my samba server than what
i have to add in smb.conf file?
security = user
Q: - How you will verify that your smb.conf file doesn't have any
mistakes and misspellings?
"testparm " tool that verifies the syntax of a configuration file(smb.conf).
testparm -s smb.conf
Q: - What is the use of "smbclient" command?
"smbclient" is used to display the list of shares on your server. This
verifies that smbd is running and functioning correctly. The -L option
instructs smbclient to enumerate the shares on the server rather than
actually connecting to one. The -N switch instructs smbclient to use
an anonymous login rather than the login name of the current user.
smbclient -L localhost -N
Antother use of "smbclient" command to connect the samba share.
smbclient //<server>/<share> -U <username>
Q: - Explain "smbstatus" command?
The smbstatus utility displays information about connected users and
currently locked files.
Q: – Is it possible for Samba to share file systems that have been
mounted using NFS?
Yes. However, this can be problematic if the NFS server that provides
the file system fails, causing the Samba server to hang. It is always
safer to use Samba to share a local file system.
Q: – How many simultaneous connections can a Samba server support?
In theory, there is no limit. In practice, the limit is determined by
the server's hardware, specifically the total amount of available RAM
and the CPU power. It might also depend on the amount of activity from
the smbd processes.
Q: – Can Samba be a member of more than one workgroup at the same time?
No, Samba can be a member of only one workgroup.
Q: – What is SWAT?
SWAT is GUI Based administration tool for samba server.
Q: – I am trying to use SWAT, but I keep getting the message There was
no response. The server could be down or not responding. What is the
problem?
The most likely cause is that SWAT is not listening to connections, or
you have used the wrong URL in trying to connect to SWAT. SWAT usually
lives behind port 901, so the URL you should use is
http://ID_ADDRESS_OF_SERVER:901/
Q: – Can i set empty password for samba user?
yes, If you want to set the value to an empty password, you must change
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
to
NOPASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
in your smbpasswd file.
Note: – if you have edited the smbpasswd file by hand, make sure that
the LAN Manager and NT password fields contain exactly 32 characters,
no more and no fewer. If these fields do not have exactly 32
characters, Samba will not be able to correctly read the entry.
or You can modify by "smbpasswd" command.
smbpasswd -n USER_NAME
Also you have to set the null passwords parameter to yes in the
[global] section of smb.conf:
null passwords = yes
Q: – Does Samba support PAM?
Yes
Q: – What is role of "NTLM"?
The challenge/response authentication protocol available to Windows
clients and servers for validating connection requests.
Q: – Explain "force group" parameter used in smb.conf?
It will define the group id to be used for all file access in the
place of the user's primary group.
Q: – Explain "force user" parameter used in smb.conf?
It will define the user id to be used for all file access.
Q: – Explain "write list" parameter used in smb.conf?
A list of users and/or groups that should be given write access even
if the read only parameter has been enabled.
Q: – My clients are getting the error message that the Disk is Full
when trying to print to my Samba server, but there is plenty of space.
What is the problem?
If smbd is unable to write the spooled file to the directory defined
by the path parameter for a printer if the write permission were
denied, for example it would respond to the client with the message,
Disk is Full. Samba will also return this error message if the amount
of free disk space in the spool directory has fallen below the value
specified by the min print space parameter.
Q: – When I click on my Samba server in the network neighborhood, I am
continually prompted for a password to the IPC$ share no matter what I
enter.
The Windows client is attempting to use encrypted passwords. However,
the Samba server is configured to support only clear-text passwords.
You should either enable encrypted passwords on the server or enable
clear-text passwords on the Windows client.
Q: – Why is security = domain better than security = server?
There are three reasons why security = domain is better. The first is
because this method enables the Samba server to participate in domain
trust relationships. This is impossible with server-level security.
The second reason is that, under server-level security, each smbd
process must keep an open connection with the authentication server.
This can drain a Windows NT PDC quickly. Under domain-level security,
this connection is maintained only long enough to perform the
validation, thus conserving valuable resources. The final reason is
that, as a domain member, the Samba server has access to much more
information about user accounts, which can be used to automate the
creation and deletion of user accounts upon demand.
Q: – Explain the parameter "wins support = Yes" used in smb.conf?
If the Samba server was configured to provide WINS support ("wins
support = Yes"), then the WINS server is able to provide name
resolution for all of the hosts that are not listed in the /etc/hosts
file or within the DNS. Making this adjustment in the Name Service
Switch configuration file (/etc/nsswitch.conf) allows the Linux system
to query the WINS server for local name resolution. This saves manual
adjustments to host files.
Q: – How to automate SMB share mounting during system startup?
Add smb share entry in /etc/fstab file.
//IP_ADDRESS_OF_SERVER/Shared /shared smbfs noauto,defaults 0 0
Q: – how to start and stop samba server?
/etc/init.d/smb restart
Sunday, February 6, 2011
unix/linux System Admin Interview Questions And Answers 6
unix/linux System Admin Interview Questions And Answers 5
Q: - What "neat" command will do?
neat command provides Graphical interface to change network settings
for network devices.
Q: - Which protocol is required to allow local printing and print sharing?
Internet Printing Protocol (IPP) is required to allow local printing
and print sharing.
Q: - What is CUPS?
CUPS stands for "Common UNIX Printing System". CUPS is a open source
printing system developed by Apple Inc. CUPS uses the Internet
Printing Protocol (IPP) to allow local printing and print sharing.
Q: -What is the location of log files for CUPS?
The log files for the CUPS printing system are located in the
/var/log/cups/ directory.
Q: - What is YUM?
YUM stands for Yellow dog Updater, Modified because it is based on
YUP, the Yellow dog Updater. Where does the name Yellow dog come from?
Yellow Dog is a version of Linux for the Power Architecture hardware
and is RPM-based, just like Red Hat Enterprise Linux and Fedora. YUP,
and later YUM, were written by the Linux community as a way to
maintain an RPM-based system.
Q: - What are the advantages of YUM?
- Automatic resolution of software dependencies.
- Multiple software locations at one time.
- Ability to specify particular software versions or architectures.
Q: - How you will install software by YUM?
yum install <pkgname>
Q: - Which option is required to assume the answer "yes" to any
questions asked during installation of package dependencies for YUM?
The "-y" option is used to assume the answer "yes".
For Example
yum -y install squid
Q: - How to remove a software by YUM?
yum remove <pkgname>
Q: - How Many Run Levels present in Linux?
There are 7 run levels, with each having its own properties.
- 0: Halt the system
- 1: Single-user mode
- 2: Not used
- 3: Multi-user mode with text login
- 4: Not used
- 5: Multi-user mode with graphical login
- 6: Reboot
Q: - Which configuration file is required to change the Run Level of
Server or system?
/etc/inittab
To change the default run level, modify this line.
id:5:initdefault:
Q: - Explain architectures required for RPMs?
noarch Architecture-independent, can run on any architecture
i386 Generic build for a 32-bit x86 system
i586 Sometimes used when building kernels for older x86 processors
Intel® Pentium ® II, Intel Pentium III, Intel Pentium 4, AMD Athlon, and
i686 AMD Duron systems (Most RPMs for these architectures are built
using the i386 architecture, with the kernel for these architectures
being built with the
i686 for optimal performance.)
x86_64 64-bit processors such as AMD Athlon64, AMD Opteron, and Intel EM64T
ia64 Intel® Itanium
ppc 32-bit IBM® POWER, IBM eServer„ pSeries®, and IBM eServer iSeries
s390x 64-bit IBM eServer System z
Q: - How to install Linux software's by RPM?
rpm -ivh test-1.0-1.i386.rpm
test ######################### [100%]
Q: - If a file associated with test-1.0-1.i386.rpm deleted, than How
we will recover that file?
We can reinstall this rpm again.
Q: - If you are getting error "package is already installed" but you
have to install package any how. what option you will use?
rpm -ivh test-1.0-1.i386.rpm
Preparing... ########################################### [100%]
package test-1.0-1 is already installed
In this case you can use "--replacepkgs" option.
rpm -ivh –replacepkgs test-1.0-1.i386.rpm
Amazxing site
http://venkataraoss.blogspot.in/
Subscribe to:
Posts (Atom)