Difference between revisions of "OPS235 Lab 2 - Fedora17"

From CDOT Wiki
Jump to: navigation, search
(Investigation 3: What is a runlevel?)
(Investigation 3: What is a runlevel?)
Line 128: Line 128:
 
===Investigation 3: What is a runlevel?===
 
===Investigation 3: What is a runlevel?===
  
Investigation 3:What is a runlevel?
+
After the kernel boots, it starts a single program, called <code>init</code>. A running instance of a program is called a '''process''' -- the init process always has a process ID (PID) of 1. All other processes on the system are started by init, or they are started by processes started by init.
 +
 
 +
Most current Linux systems use some variation of the init system originally developed for Unix System V (called "sysvinit") or a newer version called "upstart".
 +
 
 +
 
 +
 
 +
 
 +
These program use a a configuration file named <code>/etc/inittab</code> (the filename suffix "tab" is short for "table").
 +
 
  
All the system processes running on your system are controlled by the "init" process which has the process ID (pid) of 1. And this process is the "granddaddy" of all the other processes on your system.
 
  
 
The purpose of the "init" process is to start and stop other programs in a particular sequence according to the file called /etc/inittab and other files in various directories under the /etc/rc.d/init.d/ directory.
 
The purpose of the "init" process is to start and stop other programs in a particular sequence according to the file called /etc/inittab and other files in various directories under the /etc/rc.d/init.d/ directory.
 
A great explanation of init and its place in the boot process can be found here. http://www.kevinboone.com/boot.html
 
  
 
At any given time on a Linux/Unix system, a pre-defined set of base processes are running according to the so-called "runlevel" of the system which can be set by the init process. The init process gets the value for the system's runlevel from its main configuration file /etc/inittab. A system's runlevel can also be changed by using the init or telinit commands (they are equivalent in Linux). A system's runlevel is usually denoted with a number from 0 through 6; different systems may have a different set of base processes for each "runlevel", but these descriptions usually apply:
 
At any given time on a Linux/Unix system, a pre-defined set of base processes are running according to the so-called "runlevel" of the system which can be set by the init process. The init process gets the value for the system's runlevel from its main configuration file /etc/inittab. A system's runlevel can also be changed by using the init or telinit commands (they are equivalent in Linux). A system's runlevel is usually denoted with a number from 0 through 6; different systems may have a different set of base processes for each "runlevel", but these descriptions usually apply:

Revision as of 23:39, 18 January 2010

OPS235 Lab 2 GNU/Linux Installation - Fedora 12

Objectives

  1. To perform a GNU/Linux installation using the Fedora 12 distribution
  2. To perform boot time customization and configuration
  3. To obtain network configuration from a DHCP server
  4. To secure the boot loader by adding password protection
  5. To investigate GRUB boot loader configuration

Reference

  • man pages
    • mount
    • rpm
    • hostname
    • uname
    • ps
    • ifconfig
    • netstat
    • route
    • nslookup
    • wc
    • grub

Required Material

  • Fedora 12 x_64 Installation DVD - You can burn this onto a DVD-R in the Open Lab
  • SATA Hard Disk (the same one used for Lab 1)
  • USB Memory Stick (minimum 64M)

Prerequisite

  • Completion of Lab 1

Introduction

In this lab, you are going to install the Fedora (GNU/Linux Distribution) to your hard disk from DVD.

You need a number of hard disk partitions/physical volumes for this installation: the /dev/sda1 (300M), the /dev/sda2 extended partition, the /dev/sda5 (300M), all created in Lab 1, and 4 new physical volumes which you will create during this lab.

After the installation, you will collect baseline information about your Fedora GNU/Linux system, do some post installation configuration to prepare your system for the remainder of the labs, manipulate the GRUB configuration, and start using the system.

Instructions

  1. Insert and secure your SATA hard disk to the removable disk slot.
  2. Power up the computer.
  3. Insert the Fedora 12 x_64 Installation DVD into the DVD drive.
  4. Reboot the system.

Investigation 1: How do you install Fedora?

Note.png
Please take note!
Fedora uses a type of partition management called Logical Volume Management (LVM). In LVM, disk partitions are called Physical Volumes (PVs) and provide storage to a Volume Group (VG). This storage is then split into various Logical Volumes (LVs). The advantage to this scheme is that you can change LV size and you can add and remove PVs after installation. For example, you can add a new disk to your system and then increase the size of your existing filesystems using that extra disk space. Please be careful to enter all LVM information accurately, including the VG and LV names. We will investigate and manipulate LVM in future labs.

At the Welcome Screen choose "Install or upgrade an existing system" to launch the Graphical installation program and select the following options (you can use the media test to verify that your DVD burned correctly; --It will take some time-- otherwise, skip it):

  1. Language - English
  2. Keyboard Configuration - U.S. English
  3. Set your hostname to - f12host (one word, no space, all lowercase)
  4. Set your timezone to - America/Toronto and check that your system time is correct
  5. Root Password: enter a password of your own choosing. Pick one that is really, really hard to guess to protect your system. (Recommendation: use the first letter and all the punctuation from a favorite phrase or song verse. For example, "To be or not to be, that is the question!" could become the password "Tbontb,titq!").
  6. Disk Partition Setup - Specify a Custom Layout, and then set up the installation with this configuration:
    • Find your existing 300MB partition (/dev/sda1). Edit this entry so that the mountpoint is /boot and is formatted as an ext3 filesystem.
    • Don't touch the other existing 300M partition (/dev/sda5).
    • Create 4 new partitions that are 20% of the remaining space on your disk (minimum 15000 MB) in size. Set the File System Type to Physical Volume (LVM). Should be /dev/sda6 to /dev/sda9.
    • Use the LVM button to create a Volume Group. Set the Volume Group Name to vg_main and set the Physical Extent size to 4MB.
    • Click on the Add button to create a logical volume within that volume group:
      • Mount point / (root), filesystem type ext4, logical volume name root, size 50GB (50000MB).
  7. Say yes to continue without a swap partition.
  8. Say yes to format /dev/sda1.
  9. Accept Boot Loader defaults.
  10. Accept Office and Productivity and repository defaults.
Note.png
Please take note!
The installation process will take about 15 minutes to complete on the P4 CPU system when using DVD. Click the Reboot button on the screen to reboot the system after the installation is complete. There is a post installation setup after boot.
  1. Reboot
  2. Check the License Agreement. What license is used for the Fedora distribution? What activities do have restrictions and obligations?
  3. Create a user account for yourself using the same name as your learn account.
  4. Set date and time. Normally, you would want to enable Network Time Protocol, but since we will be experimenting with the networking turned off in later labs, leave it disabled.
  5. Click on Do Not Send Hardware Profile.
  6. Finish the post-installation customization, wait for the login screen to appear, and then login to your Learn account.

Answer the Investigation 1 question in your lab log book.


Investigation 2: How many files packages and files are installed on the system?

For the rest of the tasks in this lab, you must login to your system using your Learn account and execute all commands under your learn account. If you get a Permission Denied message when trying to execute a command, then switch to the superuser account by running the command su - and type in the password for "root". Once the intended command is executed, type "exit" to exit from the superuser account and return to your regular Learn account.

Record the commands used and the output generated in each of the following steps:

  1. To find all the mount points, enter the command: mount
    • Study the output and record all the mount points in your log book.
  2. The name of the installation log file is /root/install.log -- It is an ASCII file (how can you be sure?) and can be viewed with the less command.
  3. You can make use of this file to determine how many packages have been installed: complete the following command to count the number of packages listed in the installation log file:
    • grep ________________ /root/install.log | wc -l
  4. Using the rpm command: you can also use the following commands to list all the installed packages, and the total number of packages installed:
    • rpm -q -a
    • rpm -q -a | wc -l
    • rpm -qa | wc -l
  5. The -q option means query, and the -a option means all (in other words, query all installed software packages). Did you get the same number of packages from the above two methods?
  6. Some of the files on your system were installed with the software packages, and some were created by system activity (for example, by creating your Learn account and by logging in). If you know the package name (from the install.log), you can list all the files that were installed from the package by using the following command:
    • rpm -q -l package_name
  7. This combines the -q (query) option with the -l (list filenames) option.
  8. You can pipe the outupt through wc -l to count the number of lines:
    • rpm -ql package_name| wc -l
  9. Using what you learned in steps 3 and 4, get a count of the total number of files installed by all of the software packages on your system.
  10. To find out the name that you have assigned to your Linux system, enter the command: hostname
  11. To find out the kernel version of your GNU/Linux workstation and the date it was created, enter the command: uname -r
  12. To find out all the system processes running on your GNU/Linux workstation, enter the command: ps -ef
  13. To capture the list of all the system processes to a file called ps.lst, enter the command: ps -ef > ps.lst
  14. Copy the installation log file /root/install.log and the file ps.lst to a USB memory key, or scp to your matrix account as a backup.
Idea.png
Updating Fedora
You need to complete a system update. Start the Firefox web browser, turn off popup window blocking (select Edit>Preferences, then select the Content tab and uncheck the box to Block Popups), then login to SeneNET. Open a terminal and su - to start a shell as root. Enter the command yum update This will download and install all of the packages that have been updated since the installation DVD image was created. If you complete this command at Seneca it should run quite fast as Seneca College hosts a Fedora Repository mirror.


Investigation 3: What is a runlevel?

After the kernel boots, it starts a single program, called init. A running instance of a program is called a process -- the init process always has a process ID (PID) of 1. All other processes on the system are started by init, or they are started by processes started by init.

Most current Linux systems use some variation of the init system originally developed for Unix System V (called "sysvinit") or a newer version called "upstart".



These program use a a configuration file named /etc/inittab (the filename suffix "tab" is short for "table").


The purpose of the "init" process is to start and stop other programs in a particular sequence according to the file called /etc/inittab and other files in various directories under the /etc/rc.d/init.d/ directory.

At any given time on a Linux/Unix system, a pre-defined set of base processes are running according to the so-called "runlevel" of the system which can be set by the init process. The init process gets the value for the system's runlevel from its main configuration file /etc/inittab. A system's runlevel can also be changed by using the init or telinit commands (they are equivalent in Linux). A system's runlevel is usually denoted with a number from 0 through 6; different systems may have a different set of base processes for each "runlevel", but these descriptions usually apply:

0 - Shutdown 1 - Single user maintenence mode 3 - Network operation, text mode display only 5 - Network operation, full graphical user interface 6 - Reboot

    • Note not all distributions use the same runlevel configurations. Debian and Ubuntu based distro's are different.

To find out the value of the runlevel your GNU/Linux system goes into after boot, enter the command: grep initdefault /etc/inittab

You should get a single line containing ":" as the field delimiter. The second field stores the value of the runlevel the init process will use after a reboot. Record the output in your log book.

A list of processes that should be running at a given runlevel can be found in the directory /etc/rc.d/rcX.d where X is the runlevel.

Do a directory listing of that directory and study what files are in there. Pay attention to the first three characters of each file name. They have special meaning to the system. Record your observation in your log book.

Make a backup of the file /etc/inittab with the command: cp /etc/inittab /etc/inittab.original

Edit the file /etc/inittab and change the default runlevel to 3. Save the change and reboot your system.

Reboot your system. After the reboot, you should get a "Text Login Screen". Login with your Learn account and type startx at the command prompt. Describe what happens in your log book.

Enter the command: runlevel This shows the previous and current runlevel. Record the values in your book. Answer the Investigation 3 question.

Investigation 4: What is the network configuration?

To check the network configuration settings obtained from the DHCP server, run the following commands: ifconfig route netstat -rn nslookup (at the > prompt, enter the word "server" (do not type the quotes) and record the output. Type exit to leave nslookup).

Describe the output in your log book. Record the following information from the outputs into your lab log: MAC address (physical or hardware address) of the ethernet network interface The IP address (logical address) assigned by the DHCP server The default route (gateway) The DNS nameserver

Answer the Investigation 4 question.

Investigation 5: How do You Secure the Grub Boot Loader? By default, the Grub boot loader allows anyone with access to the computer at boot time to set the runlevel, or change the boot parameters, which can allow them to influence the init process and which kernel image is loaded. Anyone with access to the boot prompt can therefore bypass security controls and control which software is loaded. For example, rebooting to runlevel 1, known as single user mode, gives the user root priveleges without the need for a password! Obviously, giving a non-administrator this much control can be dangerous, and it is wise to protect the boot loader with a secure password.

We will need to choose a password, encrypt with the grub programs hash utility(called md5crypt, and add the encrypted hash of your password to the grub configuration file, /etc/grub.conf First, choose a suitable password.

Do not forget it, or you will not be able to change boot parameters when you boot your system! If you need to write it down, put it in a safe place, where no one will be able to tell what it is for. Open the grub program by typing the command: grub

At the grub prompt, type in the command: md5crypt When prompted for a password, carefully type in your password. The program will display the encrypted hash of your password. Carefully write this down.

Type the command: quit to exit the grub program.

Open the grub configuration file, /etc/grub.conf , for editing. This file is actually linked to /boot/grub/grub.conf.

Carefully add the line

password --md5 password-hash (note: password-hash is the hash you generated with md5crypt)

to the file between the splashimage line and the title line. If there are other lines there, there is no need to remove them. Just insert your password line as a new line.

It should look something like this:

...

splashimage=(hd0,0)/boot/grub/splash.xpm.gz password --md5 $1$jxcdN0$hVHViq1aiPf8FziuGJGZp0 hiddenmenu title Fedora ...

You can find a more complete sample of this file here.

Make sure you have not made a mistake. What you type in must match exactly the output from the md5crypt command.

While you are editing the file you should also increase the timeout for grub to automatically boot the default OS. Edit the line timeout=0 to timeout=5 to give us more time to interrupt the process.

Save the file and exit. Your Grub boot loader is now password protected.

Make sure the configuration file is owned by root, and set the permissions so only root can read and write.

Find the section of this article that explains how to change the runlevel at boot time, and read it. Reboot your system, trying to change to runlevel 1 from the boot prompt, and see if the password protection worked.

From now on, when you want to change boot parameters when you boot, you must type lowercase
   p
at the boot prompt and enter the required password.  

Completing the Lab

Check off the following items and sign your name before asking your instructor to check your lab: I have completed the following tasks in full:

[ ] Task 1 - Install GNU/Linux Workstation using Fedora 10

[ ] Task 2 - Collect system information after installation.

[ ] Task 3 - Customize and configure boot time environment

[ ] Task 4 - Collect network information [ ] Task 5 - Password protect Grub Bootloader

Student Signature: _____________________ Date: ________________ Arrange evidence for each of these items on your screen, then ask your instructor each item:

[ ] Grub is password protected.

[ ] Can login with student's "learn" account

[ ] Has all the mount points

[ ] Has the package count

[ ] Has edited the default runlevel

[ ] Has the correct IP address and MAC address

[ ] Find out the default route (gateway)

[ ] IP of the DNS name server

Instructor Signature: _____________________ Date: ________________

Preparing for the Quizzes

How many packages were installed?

How many files (correct to the nearest hundred) were installed?

How many mount points were used?

How many users were created automatically on your system (do not count your learn account)?

What is your learn account's UID and GID?

What is your learn account's home directory?

What is the home directory for the user "root"?

How do you determine the host name of your GNU/Linux workstation?

What command can display the NIC's MAC address?

Which file contains the default "runlevel" value for your GNU/Linux workstation?