Powered by Blogger.

RHCSA Study Sessions -III


user accounts management via LDAP
like we can get account info from remote server on which accounts are configured
ldaps://<ip of our ldap server>

Basic file permissions:
Owner, Group, Others
OGO
rwx-r-x---x
umask , default file permissions


One very handy command is lsattr. List attribute command, list the immune bit attirbutes ( like a file is immune to deletion etc)


[root@localhost src]# lsattr
----i--------e- ./index.html
-------------e- ./asterisk-1.8-current.tar.gz.1
-------------e- ./jitsi-2.4-latest.x86_64.rpm
-------------e- ./asterisk-1.8-current.tar.gz
-------------e- ./sipp-3.3
-------------e- ./debug
-------------e- ./sipp_packages
-------------e- ./sipp-3.2-Linux_RHEL5U2.tar.gz
-------------e- ./asterisk-1.8.25.0
-------------e- ./kernels
-------------e- ./sipp-3.3.tar.gz

here all files are prone to delete in my current src directory.

chattr command is used to apply or remove the immunity bit. by using chattr + <file-name or path>  : Attribute is applied
chattr - <file-name or path>  : Attribute is removed


its quite helpful, if we want to protect some file from accidental deletion or for high protection.

Directory setup for group collaboration.
mkdir /home/research

sgid bit - set group id bit , is for the setting of a directory for a group, to be used by that group
ugid bit

Some command history , as its helpful to view what commands i have applied :)

 592  chown shah:research /tmp/research/
  593  ls
  594  ls -l
  595  ls -ld
  596  ls -ld research
  597  ls -ld /home/
  598  # sgid
  599  ls -l resear*
  600  ls -ld resear*
  601  chmod 2070 research/
  602  ls -ld resear*
  603  groups
  604  cd /home/
  605  ls
  606  su shah-re
  607  history

Linux Kernel Part II

Some notes from my study sessions.

Below notes describe the procedure to Configure, compile and install Linux Kernel ( this process is also called building Linux Kernel)

download the new kernel source from the redhat

make mrproper : execute a script make file
.config file, in usr/linux-2.4

take .config file and save it somewhere else

make mrproper : go through the source tree, to make sure all configs are in right order

after build, copy back the .config file into the /usr/linux-2.4/ directory
smart to at least have some base configurations

copy the config file back to the linux kernel directory

then run

make config [Enter] test based

make menuconfig [Enter] graphical

to use menuconfig, we need ncurses-devel- and ncureses4-* packages

make xconfig [Enter] , only required tck and tkl packages

make dep : to check the dependencies for us

make clean: will get the source for compilation

make bzimage : to install the kernel

make modules

make modules_install : install kernel modules

make install : will copy the kernel files to appropriate directories

check Makefile scripting detai

Linux Kernel Part 1: Study Notes


Monolithic and modular kernal update

source rpm and binary rpm ( for our basic needs binary rpms are great, source rpms are good if we want to tinker with the system changes)

smp : symetric multiprocessor

Kernal update and installation
we need to go to the redhad website, to download the kernel, once the kernel is downloaded

cat /proc/cpuinfo


md5sum : to check the files wether they are being tamprered with or not.
md5 checksum is really helpful in tracing out if the file is safe to us or not, and its very good to use , in order to avoid using any harmful software.


cd /boot

cat /etc/grub.conf : to check the kernel loading parameters in the grub loader

uname -r : to check the kernel version

Resetting root password on Linux


Suppose, if you have forgotten your linux root password. You seems to be in a little trouble, but dont worry, use below steps to recover your linux password with a few clicks:

1. During boot, highlight the installation for which you want to change the root password. Once the installation is highlighted, press a and Enter, a = append.

2. You will be taken to a prompt, that will look like this:

  
Press Enter once more, and you will see after some processing a prompt like:

sh-2.05b#
 
Here on this prompt you can use all basic commands of Linux. Just type your new password here by using passwd root command and enjoy :)
 
I hope this article was helpful to you guys. See you with some more stuff in future.  



VoIP Bandwidth Calculator and Erlang


Different protocols consume different amount of bandwidth. In most of the cases the bandwidth consumed by VoIP codec is not that much, the extra burden is caused by different protocol headers. VoIP bandwidth calculation and planning is one of the most important part in designing a VoIP Network.

To make this task easy, i cam across a very interesting website. The website is:

http://www.bandcalc.com

This is an interesting site, which you can use to calculate the bandwidth required for a VoIP network using different parameters like, payload size, frames per second etc. Please explore and enjoy this interesting website.

What is an Erlang?

Erlang is a traffic measurement unit commonly used in telecom. It is used to describe a traffic volume of one hour.

Example: 20 calls in an hour with 5 minutes of conversation average.

You calculate the number of Erlangs as below:

Traffic minutes in the hour: 20 x 5 = 100 minutes
Hour of traffic inside one hour: 100/60 = 1.66 Erlangs

You can get these measures from a call logger and use it to design your network to calculate the number of lines required. Once the number of lines is known, it is possible to calculate the bandwidth requirements.


Some Random Notes about EIGRP, OSPF, DV Protocols and Linkstate Protocols

Some Random notes, that are still very useful :) 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
EIGRP = Enhance Interior Gateway Routing Protocol
Ok, what are the most common words that I hear about EIGRP?
Neighbor table, Topology table, Routing table, successor (primary route), feasible successor(secondary route), backup routes, DUAL, Diffused Update Algorithm, auto summarization, unequal cost load balancing, easy to configure.
Routing protocol based on: DV plus some features of Link State protocol
Hello sent every 5 seconds = >
Hold down timer = > set according to hello packets received
Have very speedy convergence time and easy on processor.
#router eigrp 10
#network <network to be advertised>  <eigrp wild card bits- optional>
Some commands to remember:
#show ip eigrp neighbors
#show ip eigrp topology
#show ip eigrp route
In EIGRP we can summarize anywhere. Load balance over unequal cost paths. Null0 created automatically to tackle the routing efficiently, in other words null garbage container, to through away the garbage routes.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Distance Vector Routing Protocols, Linkstate routing protocol. Hybrid protocols.
DV protocols send their entire routing table after a specific interval, while linkstate protocols make neighbor adjacencies and event triggered updates are sent.
DV protocols have looping issues
Count down to infinity loop!
Loop preventions mechanism in a CISCO router: like route poisoning, split horizon, hold down timer,
Link state routing protocol: OSPF: not more than 50 routers/area
ABR, ASBR, Backbone router
All routers in an area have the same topology table but they will have different routing table.
Localize updates within an area. Requires a hierarchical design, you must design network keeping in mind the hierarchical design!
Hello messages in ospf: sent every 10 seconds on broadcast/p-2-p links, once every 30 seconds on NBMA networks ie frame relay. Best practice is to tune the hello packet sending time, most case its set to 1 second.
And to make adjacency routers must agree on some specific parameters
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
OSPF general syntax and configurations
Modifying the router ID
#router ospf < processs ID>
#network <Network> <wildcard mask> area <area #>
#show ip ospf
#show ip protocols
#show ip ospf neighbors
To advertise a summary route:

#area <area #>  range  <sumar ip> <mask>

GENERAL: The Art of reading Technical stuff

Today I want to share a very useful technique with you, which I learned during my University times. Most of the time, when we read some new technical stuff, we are not able to understand it in the first go. Suppose if you are reading some great article in Scientific American or in the Economist, you will not be able to understand the article thoroughly in the first go. If you are not a native English speaker like me, you may need to read that article several times to understand it completely.

When I was in university, I was struggling hard to understand the Signals and Systems book by Oppenheim (http://www.amazon.com/Signals-Systems-Edition-Alan-Oppenheim/dp/0138147574). I talked to my professor, and discussed my problem with him. He gave me a wonderful advice. He asked me to us the “re-read” technique. Like if you read a passage and didn't understand it, then re-read that passage. In the first phase, our brain might not be able to understand it. It’s like the baby steps, but once we process the same technical stuff again and again by our brain, you will be amazed to know that you will understand the same stuff which was difficult before.

Believe me Signals and Systems is one of the tough subjects during an engineering degree, but when I begin to use my professor technique to not give up and re-read the passage again and again, then it was the moment of enlightenment. I begin to master and learn the concepts from which I was running.

When I begin my Networking journey, I used the same technique, like I will not leave a highly technical paragraph, until I thoroughly understand it. How many times I will get lost in the technicality of a topic, but I won't stop. Sometimes I feel bored, sometimes I feel that I will not be able to understand this stuff anyhow, but if I stick a little longer and re-read again and again, then believe me the meanings will get open for you and you will master it definitely.

As I am not a native English speaker, I had to struggle hard to understand the highly technical stuff sometimes, but this re-read advice comes in handy and at the end of the day I do understand it. So as a conclusion:

Some difficult passage/technical stuff
                      Re-read it, again and again, don’t give up, don’t feel bad, and don’t get depressed
                                                                                           The End result, you will understand it

At the end of the day, it’s you who need to understand it; no one else will come to put it into your mind J


General: From world first Router to Quantum Internet

It's really amazing, how technology improves with the passage of time. It seems Moors law will be in action for a long time to come. The things are improving very fast from a processing perspective as well as improvements in design. Have you ever imagined how did the first packet router look? Back then it was called a packet switch as said by Leonard Kleinrock, the pioneer of packet switching. Do you know where did this revolution start? It was UCLA where the first packet switch was created. And now the time has gone so fast and we are moving towards Quantum Internet.  


It is always a simple beginning. 



Back then the speed of this packet switch was 50kbps!! It was the speed of the first router. This speed was considered the DSL like speed at that time. With the passage of time, the requirements for more speed and the huge amount of data processing pushed the tech minds to create more sophisticated packet switches.

In the early to mid-1980s, most Internet access was from personal computers and workstations directly connected to local area networks or from dial-up connections using modems and analog telephone lines. LANs typically operated at 10 Mbit/s and grew to support 100 and 1000 Mbit/s, while modem data rates grew from 1200 and 2400 bit/s in the 1980s, to 28 and 56 kbit/s by the mid to late 1990s.
You will be amazed to see how much the internet has progressed. Just check below the internet routing map:


--- to be continued

CCNA- How to configure Cisco IOS Banners

Cisco IOS devices support a number of banners that are presented to users when they use the console line or when they connect remotely using telnet or SSH. They are often used to inform users about their legal rights. It might be a good idea to present a banner to users who are trying to connect to your device, here are some items you might want to think about:
  • To show that only authorized users are allowed to connect.
  • That all traffic will be monitored.
  • That there is no expectation of privacy.
  • Don’t use anything that says “welcome”.
  • Don’t add any contact information or information about the router in the banner.
here’s a good example on the website of the California Technology Agency that gives you more information about what a good banner should contain and some sample texts. Before you implement any banners, make sure to check your legal council first. Having said that, let’s look at the different banners…

Different Banners

Cisco IOS routers support a number of banners, here they are:
  • MOTD banner: the “message of the day” banner is presented to everyone that connects to the router.
  • Login banner: this one is displayed just before the authentication prompt.
  • Exec banner: displayed before the user sees the exec prompt.
  • Incoming banner: used for users that connect through reverse telnet.
We’ll take a look at how to configure these different banners now.

MOTD Banner

We’ll start with the message of the day banner that will be presented to anyone accessing the router:
R1(config)#banner motd #
Enter TEXT message.  End with the character '#'.
Authorized users only, violaters will be shot on sight! #
The # symbol is a start and stop character. You can use any other character if you want. This is what the MOTD banner looks like:
R1#exit

R1 con0 is now available

Press RETURN to get started.

Authorized users only, violaters will be shot on sight!
A nice and welcome banner that everyone will see…let’s move on to the login banner now.

Login banner

The login banner is presented to users that access the router remotely using telnet or SSH:
R1(config)#banner login $ Authenticate yourself! $
Let’s try it out:
R1#telnet 1.1.1.1
Trying 1.1.1.1 ... Open

Authorized users only, violaters will be shot on sight!  Authenticate yourself!
Above you see that the login banner is displayed after the MOTD banner. It would have been better if I added some empty lines so that the login banner would show up below the MOTD banner.

Exec banner

The exec banner is shown just before the exec prompt:
R1(config)#banner exec #
Enter TEXT message.  End with the character '#'.
You are connected to line $(line) at router $(hostname)
#
This time I added an extra line in the banner and I also used some operators like $(line) and $(hostname). Let’s see what that looks like:
R1#exit

R1 con0 is now available

Press RETURN to get started.

Authorized users only, violaters will be shot on sight!
You are connected to line 0 at router R1
As you can see it shows to which line I am connected (line 0 is the console) and the hostname of my router (R1). One more banner to go!

Banner incoming

The last banner is used for reverse telnet connections. Reverse telnet can be used to access the console of another device by connecting the AUX port of the router to the console port of another router. This allows you to ‘telnet’ into the console port of another router.
R1(config)#banner incoming $
Enter TEXT message.  End with the character '$'.
This is a banner for Reverse Telnet
$
We’ll have to configure the AUX port in order to test it:
R1(config)#line aux 0
R1(config-line)#transport input telnet
We will enable telnet on the aux port, now we’ll have to check what line our AUX port uses:
R1#show line 
*Mar  1 01:48:09.495: %SYS-5-CONFIG_I: Configured from console by console
R1#show line 
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
*     0 CTY              -    -      -    -    -      2       1     0/0       -
     97 AUX   9600/9600  -    -      -    -    -      0       0     0/0       -
     98 VTY              -    -      -    -    -      2       0     0/0       -
     99 VTY              -    -      -    -    -      0       0     0/0       -
    100 VTY              -    -      -    -    -      0       0     0/0       -
    101 VTY              -    -      -    -    -      0       0     0/0       -
    102 VTY              -    -      -    -    -      0       0     0/0       -
Now we can reverse telnet to the AUX port like this:
R1#telnet 1.1.1.1 6097
Trying 1.1.1.1, 6097 ... Open

Authorized users only, violaters will be shot on sight! 
This is a banner for Reverse Telnet
As you can see it presents us the “incoming banner”. I hope this has been helpful to you to understand the banners!
This great, post has been taken from Rene Molenaar website. Please visit and do support his awesome and brilliant website: http://networklessons.com/network-management/how-to-configure-cisco-ios-banners/

General: An off-Networking Post

I came across this interesting snapshot while studying some Linux slides. This snapshot contains the best advice anyone can give to you!


CSE 265: System and Network Administration ©2004-2012 Brian D. Davison