Novell is now a part of Micro Focus

Cheat Sheet

Articles and Tips: article

Emmett Dulaney

01 Jun 2005


In the March/April issue, we introduced the certifications from LPI-the Linux Professional Institute (www.lpi.org). As Novell has come to embrace Linux in its product line, marketing and strategy, it has also come to support and even endorse the various Level 1 and Level 2 certifications from LPI. These vendor-neutral certifications verify that you know and understand the basics of Linux administration.

The previous article offered an overview of the certifications and focused on the first of the exams you must pass to become certified. This article focuses on exam 102 and is the only other one you must pass to be certified at Level 1 (junior level administrator).

While predominantly multiple-choice, one of the items that makes this exam so difficult is the fill-in-the-blank questions. Most of these correlate to commands and syntax for command-line utilities. In order to pass, it is essential that you have a fair amount of realworld experience working with the key commands on a live system.

As with the 101 exam, not all of the topics are evenly weighted and you can take weighting into account and focus your study time accordingly if you find yourself in a pinch. The weighting (roughly equivalent to percentages) of each of the nine topics on this exam is as follows:


Networking Services

24

Administrative Tasks

21

Networking Fundamentals

14

Shells, Scripting, Programming and Compiling

8

Security

8

Documentation

8

Kernel

7

Boot, Initialization, Shutdown and Runlevels

6

Printing

3

Note: On the 101 exam, the numbers added to 106 and here they add to 99 rather than to 100 because there is not an exact correlation between the weighting and percentages.

To break down the areas to study even further, look at the weighting of each objective and organize them by the most important. The results are as shown in Table 1.

The tables and text that follow examine the concepts, utilities-and purposes for them-which you must know for this exam. The topics are presented in order of their overall weighting on the exam.

Table 1: Weighting of Each Exam Objective

Objective
Topic Area
Weight

TCP/IP configuration and troubleshooting

Networking Fundamentals

7

Customize and use the shell environment

Shells, Scripting, Programming and Compiling

5

Manage/Query kernel and kernel modules at runtime

Kernel

4

Use and manage local system documentation

Documentation

4

Manage users and group accounts and related system files

Administrative Tasks

4

Automate systems administration tasks by scheduling jobs to run in the future

Administrative Tasks

4

Maintain system time

Administrative Tasks

4

Fundamentals of TCP/IP

Networking Fundamentals

4

Configure and manage inetd, xinetd and related services

Networking Services

4

Operate and perform basic configuration of sendmail

Networking Services

4

Operate and perform basic configuration of Apache

Networking Services

4

Properly manage the NFS, smb and nmb daemons

Networking Services

4

Set up and configure basic DNS services

Networking Services

4

Set up secure shell (OpenSSH)

Networking Services

4

Reconfigure, build and install a custom kernel and kernel modules

Kernel

3

Boot the system

Boot, Initialization, Shutdown and Runlevels

3

Change runlevels and shutdown or reboot system

Boot, Initialization, Shutdown and Runlevels

3

Find Linux documentation on the Internet

Documentation

3

Customize or write simple scripts

Shells, Scripting, Programming and Compiling

3

Configure and use system log files to meet administrative and security needs

Administrative Tasks

3

Tune the user environment and system environment variables

Administrative Tasks

3

Maintain an effective data backup strategy

Administrative Tasks

3

Configure Linux as a PPP client

Networking Fundamentals

3

Set up host security

Security

3

Notify users on system-related issues

Documentation

1

Manage printers and print queues

Printing

1

Print files

Printing

1

Install and configure local and remote printers

Printing

1

Set up user level security

Security

1

Networking Services

This is the most heavily weighted topic on the exam, and to pass it, you must know the following services and the ports they use by default:


Port
Service
Purpose

20,21

FTP

Transfer files from one host to another

23

Telnet

Connect to a host as if on a dumb terminal for administrative purposes

25

SMTP

Simple Mail Transfer Protocol

53

DNS

Domain Name System

80

WWW

The World Wide Web service

110

POP3

The Post Office Protocol (version 3) for retrieving e-mail

119

NNTP

The Network News Transfer Protocol

139

NetBIOS

Used to translate Windows-based names to IP addresses

143

IMAP

The Internet Mail Access Protocol, which can be used in place of POP3

161

SNMP

The Simple Network Management Protocol

Within Linux, there is a superdaemon known as init, which is responsible for bringing up the services required at specific runlevels and maintaining the integrity of the system. The init daemon will start and stop other daemons such as the system logger (syslogd), the swapper (kswapd) and so on. One of the daemons it starts is a superdaemon over networking services: xinetd (also known as the extended Internet Services Daemon).

The xinetd daemon is a replacement for inetd that offers a vast improvement in security. The configuration options are now modularized. For the exam, you need to know that this daemon is a replacement for inetd and can be downloaded from a number of sites and used in place of the original.

When started, the xinetd looks at its configuration file, /etc/xinetd.conf, and determines what additional services it is responsible for. By default, this file exists on every host whether it is used or not. If it is not used, most of the lines are commented out.

When studying for this exam, you should have a basic understanding of sendmail, Apache, DNS, OpenSSH and NFS-topics that cannot be covered adequately here due to space restrictions.

Administrative Tasks

The tools and utilities in Table 2 are used for administering and configuring Linux on a quasi-regular basis. The Network Time Protocol (NTP) is an open source protocol that provides the most convenient method of synchronizing time on a variety of platforms. (For history about the protocol, and its information about its implementations, see www.ntp.org.)

Table 2

Utility
Default Purpose

at

Run commands at a different time

atq

See what at jobs are spooled to run

atrm

Remove at jobs before they run

chage

Change user password expiration parameters

chpasswd

Change passwords with a batch file

cpio

Copy files from one location to another

crontab

Create, edit a crontab file

date

View and change the time parameters

dd

Copy files to and from removable media

dump

Utility for backing up to tape

gpasswd

Add/modify variables for an existing group

groupadd

Add a new group to the system

groupdel

Remove a group from the system

groupmod

Change variables on an existing group

grpconv

Convert group passwords to shadow groups

grpunconv

Convert group passwords from shadow groups

id

Show user variables

lastlog

Show the last time each user logged on

logger

Write an event in the log file

logrotate

Automate administration to log files

newgrp

Switch between default groups

passwd

Change/set the password for a user account

pwconv

Convert passwords into the shadow file

pwunconv

Remove passwords from the shadow file and place in passwd

restore

Restore backup data

su

Change from one user account to another

tar

Copy files to or from a tape

useradd

Add a new user to the system

userdel

Remove user accounts

usermod

Modify user variables

Within Linux, NTP is implemented as a daemon via ntpd and using port 123. You then configure it to synchronize time with time providers over the Internet that get their time from the atomic clock. A list of NTP timeservers is available online. After a timeserver on your network gets the time from the Internet server, other servers in the network then get their time from that server.

The ntp service is configured through the entries in the /etc/ntp.conf file. The first entry in the file usually points to a loopback of 127.127.1.0. This address is used if the daemon can't contact the NTP time provider. Instead of getting time externally, it queries the system BIOS clock.

The hwclock utility is the primary tool for interacting with the hardware clock. You can see the current time, as well as specify it. These are the options to know:

  • adjust (to add or subtract for drift)

  • set (to change the time)

  • show (to see the time the Hardware Clock has)

  • version (to see the version of the utility)

Note: At any given time, if the time on the server is greater than 17 minutes beyond the NTP time provider's time, NTP will refuse to synchronize. This provides a safety of sorts, and the time on your server is said to be "insane." The default drift file is /etc/ntp.drift.

The ntpdate utility is used to set the time on the server using the following syntax:

ntpdate time_provider_IP_address

Thus to set the time on any server to the time found on a provider with the address of 192.168.0.12, the command would be:

ntpdate 192.168.0.12

Networking Fundamentals

This topic, while not as heavily weighted as Networking Services, serves essentially as the prerequisite to it. For this area of study, you need to know the utilities in Table 3 and when to use one over another.

Table 3

Utility
Default Purpose

arp

Shows the entries in the Address Resolution table

dig

Shows DNS entries

domainname

Displays the domain name used by the host

ftp

A utility for transferring files between hosts

host

A utility for looking up host name information

ifconfig

Displays the TCP/IP configuration parameters

ifdown

Stops a preconfigured network interface

ifup

Starts a preconfigured network interface

ifstatus

Displays the status of a preconfigured network interface

netstat

Displays network status information

ping

Displays echo messages to show whether or not a host can be reached

route

Displays the routing table

tcpdump

A utility that allows you to monitor network traffic and analyze packets flowing through an interface in promiscuous mode. The -i option is used to specify an interface. The command tcpdump -i eth0, for example, turns on promiscuous mode for the first Ethernet interface and immediately begins displaying data to the terminal until you break out of it. The -c option can be used to specify that you only want to listen to a certain number of packets. tcpdump -i eth0 -c 32, for example, will display the output for the next 32 packets then exit. At the end of the display, it will report how many packets were captured, how many were received by filter and how many were dropped by the kernel.

telnet

A utility for establishing a connection with a remote host

traceroute

Displays the route taken to reach a remote host

whois

Returns host name query information

Shells, Scripting, Programming and Compiling

The first part of this topic overlaps with information you need to know for the 101 exam-how the shell works and the basics of it. The remainder of the topic focuses on the syntax used and how to create simple shell scripts such as the ones in Table 4.

Table 4

Utility
Default Purpose

[

An alias for test

break

Stop execution of part of a script

case - esac

Choose a set of commands based on a variable's value

chmod

Utility that can be used to change permissions associated with a file

env

Used to view the variables in the environment

exit

Stop execution of a script

export

Moves a variable to the global environment

expr

Treat variables as expressions

for - do - done

Loop through a set of commands performing the same operations for each variable

function

A series of commands that can be stored in BASH for later execution

if - then - elif - fi

Execute one set of commands based on which condition is true

if - then - else - fi

Execute one set of commands if a condition is true and another if it is false

if - then - fi

Execute a set of commands if a condition is true

read

Accept variable input within a script

set

Can be used to set local variables

shift

Decrement all variables by one, such that $2 becomes $1 and so on

test

Check to see if a condition is true

typeset - let

Define variables and perform arithmetic functions

unset

Used to remove the value of variables

until - do - done

Loop through a set of commands as long as a condition is false

while - do - done

Loop through a set of commands as long as a condition is true

Security

Table 5 lists the utilities you should know for the Security section of the exam.

Table 5

Utility
Default Purpose

chgrp

Change an entity's group association

chmod

Change an entity's permissions

edquota

Create quotas for users or groups

getfacl

Show the Access Control List for a file

locate

Find a file from the locatedb database

quotaoff

Turn off user/group quotas

quotaon

Turn on user/group quotas

repquota, quota, quotacheck, and quotastats

View quota usage

setfacl

Set/modify the Access Control List for a file

SGID

Set the group ID when running a file

Sticky bit

Change the operation of files and directories

SUID

Set the user ID when running a file

umask

A numerical variable subtracted from the default permissions when creating new files and directories

updatedb

Update the locatedb database

which

Find a file from the path statement

You use ipchains to create a firewall on Linux. Included with most versions of Linux, ipchains filter packets based on defined rules and accept or deny traffic as you specify. For example, you can choose to accept all packets from other networks within your organization but deny packets from private networks.

Those implementations that do not include ipchains sometimes include ipfwadm, another firewall application that-for exam purposes-is older but provides similar functionality. ipchains grew out of the Linux IPv4 firewalling code. (For more information, you should read the how-to that can be found online.)

While generalizing somewhat, it can be said that ipfwadm goes with the Linux kernel 2.0.x and previous, while ipchains replaced it in 2.2.x. While ipchains is still available-and still in use in many locations, iptables basically superceded it as of 2.4.x.

The iptables utility is a generic implementation of packet filtering that can function in both stateful and stateless modes. (More information on iptables can be found in the tutorial online.)

Documentation

Table 6 lists the utilities you should know for the Documentation section of the exam.

Table 6

Utility
Default Purpose

apropos

Returns a short summary of information from whatis

fuser

Used to monitor user access to files

info

Shows the help information available on a command

KFind

A graphical version of find

lsof

Lists open files

man

Displays the manual pages for a command/utility/file

whatis

Returns information about the utility or command

whereis

Lists all information it can find about locations associated with a file

In addition to the resources available locally, numerous other resources are also available across the Internet. These resources can be divided into two categories: Web sites and newsgroups. The former provide static information that may change daily or infrequently, but allow you to obtain information without providing any specific interaction. Newsgroups, on the other hand, consist of ongoing threads of communication between individuals who decide to participate. You can post a question specific to your situation in a newsgroup and (hopefully) have it answered by one or more knowledgeable individuals attempting to help. You should never use a newsgroup to post a common question to which the answer could easily be found elsewhere.

Table 7 lists sites that provide Linux- or utility-oriented resources. As the Internet is a constantly changing entity, it is possible that in the future not all sites listed here will still exist, or that newer/better sites will come into being: Never underestimate the power of a good search engine in informing you of both.

Table 7

Category
Site
Description

Documentation

www.kde.org

The organization behind the KDE interface

Documentation

www.tldp.org

Linux Documentation Project (LDP)[md]invaluable for finding HOWTO information

Documentation

www.linuxlookup.com

LinuxLookup[md]HOWTOs, and reviews

Kernel

www.kernel.org

For all matters related to the kernel

News

www.linux.com

Linux.com

News

www.linux.org

Linux Online

News

www.linuxplanet.com

LinuxPlanet

Security

www.cert.org

Tracking of bugs/viruses

Security

www.securityfocus.com

Security issues

Even though the site may be for a software vendor, or for a version of Linux other than what you are running, you should always check the site because many of the Linux sites post FAQs and help files for the operating system in general in addition to promoting their products.

The following newsgroups can be invaluable aids in solving specific problems you may be experiencing. The names of newsgroups are typically self-explanatory, and this can help prevent you from posting a question in the wrong location:

  • comp.os.linux.advocacy

  • comp.os.linux.announce.html

  • comp.os.linux.answers

  • comp.os.linux.development.apps

  • comp.os.linux.development.system

  • comp.os.linux.hardware

  • comp.os.linux.misc

  • comp.os.linux.networking

  • comp.os.linux.setup

  • comp.os.linux.x

You can also subscribe to Linux mailing lists to read mail threads on particular topics. To subscribe, send a message to majordomo@vger.rutgers.edu with the topic "subscribe" and the name of the mailing list from the following list. Again, the names are self-explanatory:

  • linux-admin

  • linux-alpha

  • linux-apps

  • linux-c-programming

  • linux-config

  • linux-doc

  • linux-kernel

  • linux-laptop

  • linx-newbie

  • linux-sound

  • linux-standards

Kernel

Table 8 lists the utilities you should know for the Kernel section of the exam.

Table 8

Utility
Default Purpose

depmod

Determine module dependencies

insmod

Install a module

ldconfig

Updates and maintains the cache of shared library data and symbols for the dynamic linker.

ldd

Shows what shared libraries a program is dependent upon

lsmod

List the loaded modules

lsmod

List the loaded modules

modprobe

Probe and install a module and its dependents

rmmod

Remove a module

The construction of a kernel is not required on a daily basis. It is typically needed to support the devices or services that must be included in the kernel. Newer kernels will have other improvements that may include better process management, improved speed and stability. Reconfiguration of the kernel does not necessarily mean a whole new version. There may be a series of updates and patches that you want to have included in the new kernel.

Creating the kernel, however, is not a trivial task. You must know your system hardware and what services you need configured. You must have a C compiler and the appropriate libraries as recommended by the kernel source code. Generally, if you installed the kernel source code from your distribution CD, you will have the elements required.

Even if you are only going to add a single new service to your kernel, you should get the most recent kernel source code from your Linux vendor. Or you can download the latest kernel sources from ftp.funet.fi or any number of locations that offer Linux mirrors. The kernel software is typically named Linux-x.y.z.tar.gz where x.y.z is the version number. The highest number is the latest version, and is considered a test version. If you are expecting your system to be stable, don't use this one.

After you have retrieved the new source code, you must install and unpack it. If you are not using new source code, this is already done, provided you installed the Linux kernel source code from your distribution CD. Log in or su to root, and cd to /usr/src. If there is a Linux directory there, you likely have the kernel source code installed.

If you have the disk space to spare and are installing a new kernel source tree, make sure the directory is named with the link-kernel version number. In this case, there is a link from Linux to the existing source tree. If that is the case, you must remove the link to preserve your existing source. It is not recommended that you simply destroy the existing source tree, unless you are very short of disk space.

Configuring the kernel can be tedious depending upon the method you choose. The command make config executes a command-line-oriented view, in which each question is asked and you respond to it.

Several other options are available if you installed X-Windows and TK or curses. The command make xconfig loads an X-Windows interface to choose the kernel configuration options.

This option provides a fully menu-oriented implementation, where you choose the kernel area you want to configure. When you select the given area, a second window opens, providing the selections for each configurable item.

For each configurable item, the options y, m and n are available. Y means include support in the kernel. N means do not include support, and M, which is commonly seen on device drivers, indicates that the driver should be made and included as a loadable module. Loadable modules provide a method of gaining great flexibility over the system without having to deal with extremely large kernels.

If you do not have X-Windows or TK installed, you can also choose to use the curses screen interface. The curses tool is a language which allows you to graphically manipulate a display on the screen and make such items as menus. The command make menuconfig will create the curses program to provide a menu interface. Using either the X-Windows or curses interfaces have clear advantages. If you make a mistake it is very easy to go back and correct it.

As with the X-Windows interface, you choose, within the curses interface, the item you want to configure. Then a second menu opens so you can make configuration choices.

The make command has another argument. You can also start the configuration process with the command make oldconfig, which instructs make to use the previously defined configuration. The previously defined configuration is stored in /usr/src/linux/.config.

The top-level dependency information to build the kernel is stored in /usr/src/linux/.depend. If neither of these files exists, you must use one of the previously described methods to generate one. The dependency file is created during the kernel build process.

With the configuration completed through make config, make oldconfig, make menuconfig, or make xconfig, you can now proceed to actually build the kernel and the associated modules. When the configuration scripts are finished, they tell you to create the dependencies using the command make dep.

During this process, the dependencies for the kernel code and associated modules are determined. This information is saved for the actual build process. This process does not take very long by itself.

The make command recognizes when the configuration and dependency components have not been completed. When they have been, simply running make in the /sur/src/linux directory will go through the generation of a new kernel. The exact amount of time this takes depends on the number of objects that must be built, and the speed of your processor.

When the compile finishes, you have built the kernel. This results in a kernel image located in /usr/src/linux and called vmlinux. However, you should create a compressed kernel image or a compressed disk image. The compressed kernel image, or zImage, is unused at system boot and is automatically uncompressed. You create this image using the command make zImage. If you are doing this right after doing a make, the compile process moves along very quickly.

It might be necessary for you to rebuild the modules for the kernel because the new functionality you are adding might be related to a module. You must first boot with your new kernel, and make sure it is operating correctly. When you are running on the new system, the process is essentially duplicated, except the command for make is make modules. The rebuild process follows the source tree again and builds the module code that was not specified during the kernel build.

This process puts the newly created modules in the directory /usr/src/linux/modules. You can use them directly from that location or you can execute make modules_ install, which then copies them to /lib/modules/<kernelversion>.

Boot, Initialization, Shutdown, and Runlevels

Table 9 lists the utilities you should know for this section of the exam.

Table 9

Utility
Default Purpose

dmesg

Print out the bootup messages

grub

Linux boot loader

halt, shutdown, reboot

Interfaces to shutdown

init

Change the runlevel

last

View the most recent entries in the wtmp file

lilo

Configure the Linux Loader

runlevel

Show the current runlevel of the system

shutdown

An interface to init with more options

telinit

Same as init

Printing

Table 10 lists the utilities you should know for the Printing section of the exam.

Table 10

Utility
Default Purpose

lp

The original utility for submitting jobs to the print service

lpadmin

To work with printer configuration from the command line

lpc

The main utility for managing the print service

lpoptions

Tool to modify network printers from the command line

lppasswd

The utility for configuring authentication options for the Web Administration printing utilities

lpq

The primary tool for looking at contents and status of the print queue

lpr

A relative of lp that allows you to submit jobs for printing

lprm

The utility used to remove print jobs

mpage

A utility that allows you to print multiple pages per sheet on a PostScript printer

pr

A utility for processing files before sending them to the printer

Summary

This article focused on the second exam-of two-that you must pass in order to become certified as a junior-level administrator. A follow-up article will look at the intermediate certification, known as Level 2, and the topics you must pass on exams 201 and 202 to obtain that certification.

About the Author

Emmett Dulaney is the author of the Novell Certified Linux Professional (CLP) Study Guide (ISBN: 0-672-32719-8) and Novell Linux Desktop 9 Administrator's Handbook (ISBN: 0-672-32790-2) both for Novell Press. red N

* Originally published in Novell Connection Magazine


Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

© Copyright Micro Focus or one of its affiliates