Cheat Sheet
Articles and Tips: article
01 Jun 2005
In the March/April issue, we introduced the certifications from LPI-the Linux Professional Institute (www.lpi.org). As Novell has come to embrace Linux in its product line, marketing and strategy, it has also come to support and even endorse the various Level 1 and Level 2 certifications from LPI. These vendor-neutral certifications verify that you know and understand the basics of Linux administration.
The previous article offered an overview of the certifications and focused on the first of the exams you must pass to become certified. This article focuses on exam 102 and is the only other one you must pass to be certified at Level 1 (junior level administrator).
While predominantly multiple-choice, one of the items that makes this exam so difficult is the fill-in-the-blank questions. Most of these correlate to commands and syntax for command-line utilities. In order to pass, it is essential that you have a fair amount of realworld experience working with the key commands on a live system.
As with the 101 exam, not all of the topics are evenly weighted and you can take weighting into account and focus your study time accordingly if you find yourself in a pinch. The weighting (roughly equivalent to percentages) of each of the nine topics on this exam is as follows:
|
Networking Services |
24 |
|
Administrative Tasks |
21 |
|
Networking Fundamentals |
14 |
|
Shells, Scripting, Programming and Compiling |
8 |
|
Security |
8 |
|
Documentation |
8 |
|
Kernel |
7 |
|
Boot, Initialization, Shutdown and Runlevels |
6 |
|
Printing |
3 |
Note: On the 101 exam, the numbers added to 106 and here they add to 99 rather than to 100 because there is not an exact correlation between the weighting and percentages.
To break down the areas to study even further, look at the weighting of each objective and organize them by the most important. The results are as shown in Table 1.
The tables and text that follow examine the concepts, utilities-and purposes for them-which you must know for this exam. The topics are presented in order of their overall weighting on the exam.
Table 1: Weighting of Each Exam Objective
|
Objective
|
Topic Area
|
Weight
|
|
TCP/IP configuration and troubleshooting |
Networking Fundamentals |
7 |
|
Customize and use the shell environment |
Shells, Scripting, Programming and Compiling |
5 |
|
Manage/Query kernel and kernel modules at runtime |
Kernel |
4 |
|
Use and manage local system documentation |
Documentation |
4 |
|
Manage users and group accounts and related system files |
Administrative Tasks |
4 |
|
Automate systems administration tasks by scheduling jobs to run in the future |
Administrative Tasks |
4 |
|
Maintain system time |
Administrative Tasks |
4 |
|
Fundamentals of TCP/IP |
Networking Fundamentals |
4 |
|
Configure and manage inetd, xinetd and related services |
Networking Services |
4 |
|
Operate and perform basic configuration of sendmail |
Networking Services |
4 |
|
Operate and perform basic configuration of Apache |
Networking Services |
4 |
|
Properly manage the NFS, smb and nmb daemons |
Networking Services |
4 |
|
Set up and configure basic DNS services |
Networking Services |
4 |
|
Set up secure shell (OpenSSH) |
Networking Services |
4 |
|
Reconfigure, build and install a custom kernel and kernel modules |
Kernel |
3 |
|
Boot the system |
Boot, Initialization, Shutdown and Runlevels |
3 |
|
Change runlevels and shutdown or reboot system |
Boot, Initialization, Shutdown and Runlevels |
3 |
|
Find Linux documentation on the Internet |
Documentation |
3 |
|
Customize or write simple scripts |
Shells, Scripting, Programming and Compiling |
3 |
|
Configure and use system log files to meet administrative and security needs |
Administrative Tasks |
3 |
|
Tune the user environment and system environment variables |
Administrative Tasks |
3 |
|
Maintain an effective data backup strategy |
Administrative Tasks |
3 |
|
Configure Linux as a PPP client |
Networking Fundamentals |
3 |
|
Set up host security |
Security |
3 |
|
Notify users on system-related issues |
Documentation |
1 |
|
Manage printers and print queues |
Printing |
1 |
|
Print files |
Printing |
1 |
|
Install and configure local and remote printers |
Printing |
1 |
|
Set up user level security |
Security |
1 |
Networking Services
This is the most heavily weighted topic on the exam, and to pass it, you must know the following services and the ports they use by default:
|
Port
|
Service
|
Purpose
|
|
20,21 |
FTP |
Transfer files from one host to another |
|
23 |
Telnet |
Connect to a host as if on a dumb terminal for administrative purposes |
|
25 |
SMTP |
Simple Mail Transfer Protocol |
|
53 |
DNS |
Domain Name System |
|
80 |
WWW |
The World Wide Web service |
|
110 |
POP3 |
The Post Office Protocol (version 3) for retrieving e-mail |
|
119 |
NNTP |
The Network News Transfer Protocol |
|
139 |
NetBIOS |
Used to translate Windows-based names to IP addresses |
|
143 |
IMAP |
The Internet Mail Access Protocol, which can be used in place of POP3 |
|
161 |
SNMP |
The Simple Network Management Protocol |
Within Linux, there is a superdaemon known as init, which is responsible for bringing up the services required at specific runlevels and maintaining the integrity of the system. The init daemon will start and stop other daemons such as the system logger (syslogd), the swapper (kswapd) and so on. One of the daemons it starts is a superdaemon over networking services: xinetd (also known as the extended Internet Services Daemon).
The xinetd daemon is a replacement for inetd that offers a vast improvement in security. The configuration options are now modularized. For the exam, you need to know that this daemon is a replacement for inetd and can be downloaded from a number of sites and used in place of the original.
When started, the xinetd looks at its configuration file, /etc/xinetd.conf, and determines what additional services it is responsible for. By default, this file exists on every host whether it is used or not. If it is not used, most of the lines are commented out.
When studying for this exam, you should have a basic understanding of sendmail, Apache, DNS, OpenSSH and NFS-topics that cannot be covered adequately here due to space restrictions.
Administrative Tasks
The tools and utilities in Table 2 are used for administering and configuring Linux on a quasi-regular basis. The Network Time Protocol (NTP) is an open source protocol that provides the most convenient method of synchronizing time on a variety of platforms. (For history about the protocol, and its information about its implementations, see www.ntp.org.)
Table 2
|
Utility
|
Default Purpose
|
|
at |
Run commands at a different time |
|
atq |
See what at jobs are spooled to run |
|
atrm |
Remove at jobs before they run |
|
chage |
Change user password expiration parameters |
|
chpasswd |
Change passwords with a batch file |
|
cpio |
Copy files from one location to another |
|
crontab |
Create, edit a crontab file |
|
date |
View and change the time parameters |
|
dd |
Copy files to and from removable media |
|
dump |
Utility for backing up to tape |
|
gpasswd |
Add/modify variables for an existing group |
|
groupadd |
Add a new group to the system |
|
groupdel |
Remove a group from the system |
|
groupmod |
Change variables on an existing group |
|
grpconv |
Convert group passwords to shadow groups |
|
grpunconv |
Convert group passwords from shadow groups |
|
id |
Show user variables |
|
lastlog |
Show the last time each user logged on |
|
logger |
Write an event in the log file |
|
logrotate |
Automate administration to log files |
|
newgrp |
Switch between default groups |
|
passwd |
Change/set the password for a user account |
|
pwconv |
Convert passwords into the shadow file |
|
pwunconv |
Remove passwords from the shadow file and place in passwd |
|
restore |
Restore backup data |
|
su |
Change from one user account to another |
|
tar |
Copy files to or from a tape |
|
useradd |
Add a new user to the system |
|
userdel |
Remove user accounts |
|
usermod |
Modify user variables |
Within Linux, NTP is implemented as a daemon via ntpd and using port 123. You then configure it to synchronize time with time providers over the Internet that get their time from the atomic clock. A list of NTP timeservers is available online. After a timeserver on your network gets the time from the Internet server, other servers in the network then get their time from that server.
The ntp service is configured through the entries in the /etc/ntp.conf file. The first entry in the file usually points to a loopback of 127.127.1.0. This address is used if the daemon can't contact the NTP time provider. Instead of getting time externally, it queries the system BIOS clock.
The hwclock utility is the primary tool for interacting with the hardware clock. You can see the current time, as well as specify it. These are the options to know:
adjust (to add or subtract for drift)
set (to change the time)
show (to see the time the Hardware Clock has)
version (to see the version of the utility)
Note: At any given time, if the time on the server is greater than 17 minutes beyond the NTP time provider's time, NTP will refuse to synchronize. This provides a safety of sorts, and the time on your server is said to be "insane." The default drift file is /etc/ntp.drift.
The ntpdate utility is used to set the time on the server using the following syntax:
ntpdate time_provider_IP_address
Thus to set the time on any server to the time found on a provider with the address of 192.168.0.12, the command would be:
ntpdate 192.168.0.12
Networking Fundamentals
This topic, while not as heavily weighted as Networking Services, serves essentially as the prerequisite to it. For this area of study, you need to know the utilities in Table 3 and when to use one over another.
Table 3
|
Utility
|
Default Purpose
|
|
arp |
Shows the entries in the Address Resolution table |
|
dig |
Shows DNS entries |
|
domainname |
Displays the domain name used by the host |
|
ftp |
A utility for transferring files between hosts |
|
host |
A utility for looking up host name information |
|
ifconfig |
Displays the TCP/IP configuration parameters |
|
ifdown |
Stops a preconfigured network interface |
|
ifup |
Starts a preconfigured network interface |
|
ifstatus |
Displays the status of a preconfigured network interface |
|
netstat |
Displays network status information |
|
ping |
Displays echo messages to show whether or not a host can be reached |
|
route |
Displays the routing table |
|
tcpdump |
A utility that allows you to monitor network traffic and analyze packets flowing through an interface in promiscuous mode. The -i option is used to specify an interface. The command tcpdump -i eth0, for example, turns on promiscuous mode for the first Ethernet interface and immediately begins displaying data to the terminal until you break out of it. The -c option can be used to specify that you only want to listen to a certain number of packets. tcpdump -i eth0 -c 32, for example, will display the output for the next 32 packets then exit. At the end of the display, it will report how many packets were captured, how many were received by filter and how many were dropped by the kernel. |
|
telnet |
A utility for establishing a connection with a remote host |
|
traceroute |
Displays the route taken to reach a remote host |
|
whois |
Returns host name query information |
Shells, Scripting, Programming and Compiling
The first part of this topic overlaps with information you need to know for the 101 exam-how the shell works and the basics of it. The remainder of the topic focuses on the syntax used and how to create simple shell scripts such as the ones in Table 4.
Table 4
|
Utility
|
Default Purpose
|
|
[ |
An alias for test |
|
break |
Stop execution of part of a script |
|
case - esac |
Choose a set of commands based on a variable's value |
|
chmod |
Utility that can be used to change permissions associated with a file |
|
env |
Used to view the variables in the environment |
|
exit |
Stop execution of a script |
|
export |
Moves a variable to the global environment |
|
expr |
Treat variables as expressions |
|
for - do - done |
Loop through a set of commands performing the same operations for each variable |
|
function |
A series of commands that can be stored in BASH for later execution |
|
if - then - elif - fi |
Execute one set of commands based on which condition is true |
|
if - then - else - fi |
Execute one set of commands if a condition is true and another if it is false |
|
if - then - fi |
Execute a set of commands if a condition is true |
|
read |
Accept variable input within a script |
|
set |
Can be used to set local variables |
|
shift |
Decrement all variables by one, such that $2 becomes $1 and so on |
|
test |
Check to see if a condition is true |
|
typeset - let |
Define variables and perform arithmetic functions |
|
unset |
Used to remove the value of variables |
|
until - do - done |
Loop through a set of commands as long as a condition is false |
|
while - do - done |
Loop through a set of commands as long as a condition is true |
Security
Table 5 lists the utilities you should know for the Security section of the exam.
Table 5
|
Utility
|
Default Purpose
|
|
chgrp |
Change an entity's group association |
|
chmod |
Change an entity's permissions |
|
edquota |
Create quotas for users or groups |
|
getfacl |
Show the Access Control List for a file |
|
locate |
Find a file from the locatedb database |
|
quotaoff |
Turn off user/group quotas |
|
quotaon |
Turn on user/group quotas |
|
repquota, quota, quotacheck, and quotastats |
View quota usage |
|
setfacl |
Set/modify the Access Control List for a file |
|
SGID |
Set the group ID when running a file |
|
Sticky bit |
Change the operation of files and directories |
|
SUID |
Set the user ID when running a file |
|
umask |
A numerical variable subtracted from the default permissions when creating new files and directories |
|
updatedb |
Update the locatedb database |
|
which |
Find a file from the path statement |
You use ipchains to create a firewall on Linux. Included with most versions of Linux, ipchains filter packets based on defined rules and accept or deny traffic as you specify. For example, you can choose to accept all packets from other networks within your organization but deny packets from private networks.
Those implementations that do not include ipchains sometimes include ipfwadm, another firewall application that-for exam purposes-is older but provides similar functionality. ipchains grew out of the Linux IPv4 firewalling code. (For more information, you should read the how-to that can be found online.)
While generalizing somewhat, it can be said that ipfwadm goes with the Linux kernel 2.0.x and previous, while ipchains replaced it in 2.2.x. While ipchains is still available-and still in use in many locations, iptables basically superceded it as of 2.4.x.
The iptables utility is a generic implementation of packet filtering that can function in both stateful and stateless modes. (More information on iptables can be found in the tutorial online.)
Documentation
Table 6 lists the utilities you should know for the Documentation section of the exam.
Table 6
|
Utility
|
Default Purpose
|
|
apropos |
Returns a short summary of information from whatis |
|
fuser |
Used to monitor user access to files |
|
info |
Shows the help information available on a command |
|
KFind |
A graphical version of find |
|
lsof |
Lists open files |
|
man |
Displays the manual pages for a command/utility/file |
|
whatis |
Returns information about the utility or command |
|
whereis |
Lists all information it can find about locations associated with a file |
In addition to the resources available locally, numerous other resources are also available across the Internet. These resources can be divided into two categories: Web sites and newsgroups. The former provide static information that may change daily or infrequently, but allow you to obtain information without providing any specific interaction. Newsgroups, on the other hand, consist of ongoing threads of communication between individuals who decide to participate. You can post a question specific to your situation in a newsgroup and (hopefully) have it answered by one or more knowledgeable individuals attempting to help. You should never use a newsgroup to post a common question to which the answer could easily be found elsewhere.
Table 7 lists sites that provide Linux- or utility-oriented resources. As the Internet is a constantly changing entity, it is possible that in the future not all sites listed here will still exist, or that newer/better sites will come into being: Never underestimate the power of a good search engine in informing you of both.
Table 7
|
Category
|
Site
|
Description
|
|
Documentation |
www.kde.org |
The organization behind the KDE interface |
|
Documentation |
www.tldp.org |
Linux Documentation Project (LDP)[md]invaluable for finding HOWTO information |
|
Documentation |
www.linuxlookup.com |
LinuxLookup[md]HOWTOs, and reviews |
|
Kernel |
www.kernel.org |
For all matters related to the kernel |
|
News |
www.linux.com |
Linux.com |
|
News |
www.linux.org |
Linux Online |
|
News |
www.linuxplanet.com |
LinuxPlanet |
|
Security |
www.cert.org |
Tracking of bugs/viruses |
|
Security |
www.securityfocus.com |
Security issues |
Even though the site may be for a software vendor, or for a version of Linux other than what you are running, you should always check the site because many of the Linux sites post FAQs and help files for the operating system in general in addition to promoting their products.
The following newsgroups can be invaluable aids in solving specific problems you may be experiencing. The names of newsgroups are typically self-explanatory, and this can help prevent you from posting a question in the wrong location:
comp.os.linux.advocacy
comp.os.linux.announce.html
comp.os.linux.answers
comp.os.linux.development.apps
comp.os.linux.development.system
comp.os.linux.hardware
comp.os.linux.misc
comp.os.linux.networking
comp.os.linux.setup
comp.os.linux.x
You can also subscribe to Linux mailing lists to read mail threads on particular topics. To subscribe, send a message to majordomo@vger.rutgers.edu with the topic "subscribe" and the name of the mailing list from the following list. Again, the names are self-explanatory:
linux-admin
linux-alpha
linux-apps
linux-c-programming
linux-config
linux-doc
linux-kernel
linux-laptop
linx-newbie
linux-sound
linux-standards
Kernel
Table 8 lists the utilities you should know for the Kernel section of the exam.
Table 8
|
Utility
|
Default Purpose
|
|
depmod |
Determine module dependencies |
|
insmod |
Install a module |
|
ldconfig |
Updates and maintains the cache of shared library data and symbols for the dynamic linker. |
|
ldd |
Shows what shared libraries a program is dependent upon |
|
lsmod |
List the loaded modules |
|
lsmod |
List the loaded modules |
|
modprobe |
Probe and install a module and its dependents |
|
rmmod |
Remove a module |
The construction of a kernel is not required on a daily basis. It is typically needed to support the devices or services that must be included in the kernel. Newer kernels will have other improvements that may include better process management, improved speed and stability. Reconfiguration of the kernel does not necessarily mean a whole new version. There may be a series of updates and patches that you want to have included in the new kernel.
Creating the kernel, however, is not a trivial task. You must know your system hardware and what services you need configured. You must have a C compiler and the appropriate libraries as recommended by the kernel source code. Generally, if you installed the kernel source code from your distribution CD, you will have the elements required.
Even if you are only going to add a single new service to your kernel, you should get the most recent kernel source code from your Linux vendor. Or you can download the latest kernel sources from ftp.funet.fi or any number of locations that offer Linux mirrors. The kernel software is typically named Linux-x.y.z.tar.gz where x.y.z is the version number. The highest number is the latest version, and is considered a test version. If you are expecting your system to be stable, don't use this one.
After you have retrieved the new source code, you must install and unpack it. If you are not using new source code, this is already done, provided you installed the Linux kernel source code from your distribution CD. Log in or su to root, and cd to /usr/src. If there is a Linux directory there, you likely have the kernel source code installed.
If you have the disk space to spare and are installing a new kernel source tree, make sure the directory is named with the link-kernel version number. In this case, there is a link from Linux to the existing source tree. If that is the case, you must remove the link to preserve your existing source. It is not recommended that you simply destroy the existing source tree, unless you are very short of disk space.
Configuring the kernel can be tedious depending upon the method you choose. The command make config executes a command-line-oriented view, in which each question is asked and you respond to it.
Several other options are available if you installed X-Windows and TK or curses. The command make xconfig loads an X-Windows interface to choose the kernel configuration options.
This option provides a fully menu-oriented implementation, where you choose the kernel area you want to configure. When you select the given area, a second window opens, providing the selections for each configurable item.
For each configurable item, the options y, m and n are available. Y means include support in the kernel. N means do not include support, and M, which is commonly seen on device drivers, indicates that the driver should be made and included as a loadable module. Loadable modules provide a method of gaining great flexibility over the system without having to deal with extremely large kernels.
If you do not have X-Windows or TK installed, you can also choose to use the curses screen interface. The curses tool is a language which allows you to graphically manipulate a display on the screen and make such items as menus. The command make menuconfig will create the curses program to provide a menu interface. Using either the X-Windows or curses interfaces have clear advantages. If you make a mistake it is very easy to go back and correct it.
As with the X-Windows interface, you choose, within the curses interface, the item you want to configure. Then a second menu opens so you can make configuration choices.
The make command has another argument. You can also start the configuration process with the command make oldconfig, which instructs make to use the previously defined configuration. The previously defined configuration is stored in /usr/src/linux/.config.
The top-level dependency information to build the kernel is stored in /usr/src/linux/.depend. If neither of these files exists, you must use one of the previously described methods to generate one. The dependency file is created during the kernel build process.
With the configuration completed through make config, make oldconfig, make menuconfig, or make xconfig, you can now proceed to actually build the kernel and the associated modules. When the configuration scripts are finished, they tell you to create the dependencies using the command make dep.
During this process, the dependencies for the kernel code and associated modules are determined. This information is saved for the actual build process. This process does not take very long by itself.
The make command recognizes when the configuration and dependency components have not been completed. When they have been, simply running make in the /sur/src/linux directory will go through the generation of a new kernel. The exact amount of time this takes depends on the number of objects that must be built, and the speed of your processor.
When the compile finishes, you have built the kernel. This results in a kernel image located in /usr/src/linux and called vmlinux. However, you should create a compressed kernel image or a compressed disk image. The compressed kernel image, or zImage, is unused at system boot and is automatically uncompressed. You create this image using the command make zImage. If you are doing this right after doing a make, the compile process moves along very quickly.
It might be necessary for you to rebuild the modules for the kernel because the new functionality you are adding might be related to a module. You must first boot with your new kernel, and make sure it is operating correctly. When you are running on the new system, the process is essentially duplicated, except the command for make is make modules. The rebuild process follows the source tree again and builds the module code that was not specified during the kernel build.
This process puts the newly created modules in the directory /usr/src/linux/modules. You can use them directly from that location or you can execute make modules_ install, which then copies them to /lib/modules/<kernelversion>.
Boot, Initialization, Shutdown, and Runlevels
Table 9 lists the utilities you should know for this section of the exam.
Table 9
|
Utility
|
Default Purpose
|
|
dmesg |
Print out the bootup messages |
|
grub |
Linux boot loader |
|
halt, shutdown, reboot |
Interfaces to shutdown |
|
init |
Change the runlevel |
|
last |
View the most recent entries in the wtmp file |
|
lilo |
Configure the Linux Loader |
|
runlevel |
Show the current runlevel of the system |
|
shutdown |
An interface to init with more options |
|
telinit |
Same as init |
Printing
Table 10 lists the utilities you should know for the Printing section of the exam.
Table 10
|
Utility
|
Default Purpose
|
|
lp |
The original utility for submitting jobs to the print service |
|
lpadmin |
To work with printer configuration from the command line |
|
lpc |
The main utility for managing the print service |
|
lpoptions |
Tool to modify network printers from the command line |
|
lppasswd |
The utility for configuring authentication options for the Web Administration printing utilities |
|
lpq |
The primary tool for looking at contents and status of the print queue |
|
lpr |
A relative of lp that allows you to submit jobs for printing |
|
lprm |
The utility used to remove print jobs |
|
mpage |
A utility that allows you to print multiple pages per sheet on a PostScript printer |
|
pr |
A utility for processing files before sending them to the printer |
Summary
This article focused on the second exam-of two-that you must pass in order to become certified as a junior-level administrator. A follow-up article will look at the intermediate certification, known as Level 2, and the topics you must pass on exams 201 and 202 to obtain that certification.
About the Author
Emmett Dulaney is the author of the Novell Certified Linux Professional (CLP) Study Guide (ISBN: 0-672-32719-8) and Novell Linux Desktop 9 Administrator's Handbook (ISBN: 0-672-32790-2) both for Novell Press. red N
* Originally published in Novell Connection Magazine
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.