Ultimate IT solutions

Popular Questions (Find your question and click to view) 1. Give a brief introduction to UNIX. 2. Introduction to Linux. 3. What is GNU project? 4. What are Linux Distributions? 5. Who is System administrator? 6. What are servers? 7. Explain the process of installing and configuring application software. 8. Explain the process of creating and maintaining user accounts in Linux. 9. Explain the backing up and restoring files in Linux. 10. How monitoring and tuning performance of system is done by system administrator. 11. How to configure secure system in Linux. 12. Explain the tools used to monitor system security. 13. Explain the boot process in Linux. 14. Explain the Boot loader GRUB used in Linux. 15. How to use GRUB during the Boot process? 16. Explain the ‘/sbin/init’ or ‘init’ program. 17. Explain the runlevels in Linux. 18. Explain the rc script and how they can be managed by manually. 19. Explain the GRUB configuration file. 20. Explain file system structu

72.What are the server and client security considerations? Ans. Server security considerations: 1. Always use the root_squash option in /etc/exports. 2. Enabled by default so do not disable it. 3. With root squashing clients root account can’t even access or change files that only server’s root account can change or access. Client security considerations: 1. Disable SUID (set UID) programs on NFS mounts using nosuid option. 2. Prevents server’s root account from creating an SUID root program on an exported FS, logging in to the clients as a normal user, and then using the UID root program to become root on the client.

71.Discuss security issues in Network File system. Ans. 1. NFS protocol version 3 and older have some security problems that make it unsuitable for use across the Internet and potentially unsafe for use even in trusted network. 2. One NFS weakness, in general terms, is the /etc/exports file, if a cracker is able to spoof or take over a trusted address, an address listed in /etc/exports then your exported NFS mount are accessible. 3. NFS has normal Linux file system access controls that take over once a client has mounted an NFS export, once this happens normal user and group permissions on the files take over access control. 4. The 1st way to defense is to use host access control, to limit access to services , particularly the portmapper, which has long been target of exploits attempts. 5. For this add the entries in /etc/hosts.clevy lockd, statd, mountd and rquoted. 6. Careful use of IS packet firewall, using netfilter, dramatically increases NFS server security.

70.How to use Automount services? Ans. 1. autofs is used for automatic mounting of NFS exports when the file system is first accessed. 2. autofs uses the automount daemon to mount and unmount. 3. autofs uses a set of map files to control automounting. 4. The master map file i.e. /etc/auto.master, associates mount points with the secondary map files. The secondary map files in turn control the file system mounted under the corresponding mount points. For example consider the following /etc/auto.master autofs configuration file:  /media /etc/auto.home /var /etc/auto.var -timeout 600 This file associates the secondary map file /etc/auto.home with the mount point /home and the map file /etc/auto.var with the /var mount point 5. Each entry in /etc/auto.master, refer to as master map files, and consist of at least two and possibly 3 fields: 1st field is the mount point. 2nd field identifies the full path to the secondary map file that controls the map point. 3rd

69.How to configure Network file system version 4 (NFSv4) client? Ans. 1. There are two new options listed in NFSv4 are introduced as: clientaddr and ports 2. The version 3 of NFS introduced NFS over TCP, which improved NFS’s reliability. 3. In NFSv3, users use the mount option i.e., tcp as client whether client wants to use TCP or UDP to communicate with the server. NFSv4 replaces tcp or udp with a single option i.e. ports=tcp or udp 4. The default buffer size for NFSv4 is 8192 bytes, but it can grow to as large and by 32,678 bytes, which results performance improvements. 5. Following are the mount options: clientaddr=n – Declares client to be multihomed proto=type – Declares port as either udp or tcp resize=n – declares read size of clients buffer wsize=n – Declares write size of clients buffer sec=mod – Declares security model as either krb, krb5 etc.

68.How to configure Network file system (NFS) client? Ans. 1. To configure client, make sure that the portmapper, NFS file locking daemons statd & lockd, mount command are avaialbe. 2. NFS client needs the portmapper running in order to process and route RPC calls and returns from the server to the appropriate port and programs. 3. We can ensure portmapper is running or not by using following command: #service portmap status 4. If portmapper is not running then it’ll show us portmapper is stopped to start portmapper we’ll use following command: #service portmap start 5. Mounting can be done using following commands: For example we wants to mount /media from the server configured at the end then we’ll execute following commands: #mount –t nfs 192.168.166.5:/media /media 6. If user wish, he/she can specify client mount options using mounts arguments as; #mount –t nfs 192.168.166.5:/media /media -o resize=8292,wsize=8192, hard, nolock 7. Following are t

67.How to configure Network file system (NFS) server? Ans. 1. Verify the service package using following command #rpmquery –qa | grep nfs 2. The export a file system we need to modify ‘/etc/exports’ file. For example we want to export /media then we’ll add the following entries in ‘/etc/exports’ file. /media 192.168.166.0/24(rw) 3. Now, with the export configured, start the daemons using the initializing scripts: #server nfs start #server nfs lock start 4. Now, use rpcinfo –p to make sure the necessary daemons are running as follow: #rpcinfo –p 5. Next, execute showmount –a to list the servers NFS exports as follow: #showmount –a 6. Finally, enable NFS from boot with the help of chkconfig. #chkconfig nfs on

66.How to enable Secure Network file system (NFS)? Ans. 1. The default installation does not uses NFSv4 security enhancement by default. 2. There are some step to be carried out manually and they are as follow. 3. Enable secure NFS by adding the following line to /etc/sysconfig/nfs Secure_NFS=no 4. Modify /etc/idmapd.conf and set the domain options to user domain and change Nobody- User & Nobody –group options to nobody Domain = example.com [Mapping] Nobody_User = nobody Nobody_Group = nobody 5. For the above changes to be affected, restart the portmapper using following command #service portmap restart

65.List and explain all NFS server commands. Ans. 1. exportfs: a) The exportfs command enables user to manipulate the list of current exports without editing /etc/exports. b) It also maintains the list of currently exported file system in /var/lib/nfs/etab. Example: The exportfs –a command initializes /var/lib/nfs/etab, synchronizes it with the contents of /etc/exports. c) To add a new export to etab and also /etc/exports the syntax is : #exportfs –o opts hostdir d) Example: #exportfs –o sync,rw 192.168.166.7:/demo The above command exports the directory /demo to client 192.168.166.7 with export option rw and sync. e) –v option of this command, lists currently exported filesystem. Example: #exportfs –v f) –u options unexports the filesystem as follow: Example: #exportfs –u 192.168.166.7:/demo 2. showmount: a) The showmount command provides information about clients and the file systems they have mounted. b) Syntax is : #showmount [-advhe] [host]

64.List and explain all the status files in NFS. Ans. 1. /var/lib/nfs.rmtab – It list each NFS export that is mounted by an NFS client. It uses the Daemon rpc.mountd since it is responsible for servicing the request to mount NFS exports. Whenever , rpc.mounted daemon receives request, it adds an entry into /var/lib/nfs/rmtab. The same goes for unmounts request but in that case entry is removed from status file. 2. /var/lib/nfs/etab – It contains list of currently exported filesystem, the exportfs command maintains the entries in this file. 3. These three scripts which are initialized and controls the required NFS server daemons /etc/rc.d/init.d/portmap /etc/rc.d/init.d/nfs /etc/rc.d/init.d/nfslock 4. The portmap scripts starts the portmap daemon also called as portmapper. All programs that uses RPC, such as NIS and NFS, depends on the information the portmapper provides. 5. The primary NFS startup script is /etc/rc.d/init.d/nfs, It requires single argument. E.g. star

63.List all the Network file system (NFS) scripts. Ans. 1. sync – It forces NFS server to perform disk write operation before informing client that request is complete. 2. async – It makes NFS server to cache disk write operation. 3. hide – It hides subdirectory of an exported file system. 4. nohide – It unhide subdirectory of an exported file system. 5. ro – It gives read only access to clients who has mounted the exports. 6. rw – It fives read/write access to clients who has mounted the exports. 7. root_squash – It prevents root user on an NFS client from having root privileges on NFS server. 8. no_root_squash – It disables root_squash. 9. secure – It accepts only if generating from port numbers less than 1024. 10. insecure – It accepts client’s request even if generating from port numbers higher than 1024. 11. secure_blocks – It requires clients to be authenticated who request for lock operation. 12. insecure_locks – It doesn’t require clients to

62.Explain the NFS server daemons. Ans. NFS server needs following daemons: 1. /sbin/rpc.lockd It starts kernel’s lock manager. 2. /usr/sbin/rpc.mountd It processes nfs client’s mount requests. 3. /usr/portmap It allows client’s to discover services available on the NFS server. 4. /sbin/rpc.statd It manages lock recovery in case of server crash 5. /usr/sbin/rpc.nfsd It provides all nfs services other than file locking and quotas. 6. /usr/sbin/rpc.rquotad It provides NFS client’s quota information of NFS exports. 7. rpc.gssd Creates security contexts on RPC clients for exchanging RPC information using SecureRPC (RPCSEC) using GSS. 8. rpc.svcgssd Creates security contexts on RPC servers for exchanging RPC information using SecureRPC (RPCSEC) using GSS. 9. rpc.idmapd Maps local user and group names to NFSv4 IDs (and vice versa). 10. To start the NFS services there are two commands as follows: #service nfs start #/etc/rc.d/init.d/nfs.start 11.

61.Explain the NFS server configuration files. Ans. 1. The server configuration file is ‘/etc/exports’, which contains a list of file system to export, the clients permitted to mount them and several export options that apply to client mounts. 2. Each line in ‘/etc/exports’ has following syntax: Dir [Host] (option)[….] Dir specifies one or more mount options Host specifies one or more mount options. 3. If user omits host, the listed options apply to every possible client system and if options are omitted then the default mount options will be applied. 4. Consider the sample of ‘/etc/exports’ file as follows: a) /usr/share *.mu.ac.in(ro) It permitsall host on mu.ac.in to mount /usr/share as read only directory. b) ./courses/tyit 192.168.166.0/24 (rw) It uses the address/netmask form in which the net mask is specified in classless Inter-Domain Routing (CIDR) format. c) /home 192.168.0.0/255.255.255.0 (rw) It permits any host with an IP address in the range

60.List the NFS Configuration files, status files, daemon, commands and scripts. Ans. 1. The file ‘/etc/exports’ is the main NFS configuration file. 2. It has list of file system the server exports, the system permitted to mount the exported options for each export. 3. The other configuration files are ‘/etc/gssapi_mech.conf’ and ‘idmapd.conf’. Both are applicable to NFSv4 only. 4. NFS also maintains status information about existing exports and the client systems that have mounted those exports in ‘/var/lib/nfs/rmtab’ and ‘/var/lib/nfs/xtab’. 5. Daemons: a) rpc.lockd b) rpc.mountd c) rpc.nfsd d) rpc.portmap e) rpc.rquotad f) rpc.statd g) rpc.gssd h) rpc.idmapd i) rpc.svcgssd 6. NFS commands: a) exportfs b) showmount c) nfsstat d) rpcinfo

59.How to plan NFS installation? Ans. 1. User need to decide few things before start installing the Network file system and they are as follows: • Decide the file system to export. • Decide which users are permitted to mount the expected file system. • Decide the schemes i.e. auto mounting or manual mounting that clients will use to access exported file system. • Select naming convention and mounting scheme. 2. Better NFS exports include any file system that is shared among a huge number of users, such as home, workgroup projects directories, shared data directories such as ‘/usr/share’, ‘/var/mail/spool’. 3. Make use of ‘/home/username’ to mount home directories since most of home directories are accessed in similar way. 4. If exported file grow large, so far this subdivision is necessary, which becomes tedious for administration , that when clients mounts, it should be updated to reflect new set of exports. 5. Create logical volume set on NFS server, if it has

58.What are the disadvantages of Network file system (NFS)? Ans. 1. NFS is sensitive to network congestion/traffic which shows down NFS performance. 2. Busy disk activity on the NFS server badly affects NFS’s performance. 3. The performance enhancement incorporated in NFSv4 have increased NFS’s stability and reliability on high latency and heavily congested networks. 4. If user/client wants to mount some files which is not exported, then client’s system may get hang and this can be resolved with the help of mount option. 5. Is the disk or system exporting important data or application becomes unavailable, such as a disk crash or server failure, no one can access that resource. 6. NFS suffers from potential security problems because its designs assure a trusted networks. 7. The major weakness of most NFS implementation based on protocol’s other versions, that they are based on standard RPC which is unencrypted. 8. Sensitive information should never be exported f

57.What are the advantages of Network file system (NFS)? Ans. 1. NFS provides centralized control maintenance and administration. 2. It is easier to back up a file system stored on a single server than to backup files scattered across a network. 3. NFS provide access to shared disk space or limit access to sensitive data. 4. When NFS and NIS are used together, system wide configuration files can be modified instantly without visiting every machine. 5. NFS can conserve disk space and prevent duplication of resources. 6. When NFS is combined with NIS, users can also log in from any system, even remotely still have access to their home directories. 7. Users can protect sensitive information that would be time consuming to recreate by storing it on NFS mounted file system.

56.Explain Network File System V 4 (NFSv4). Ans. 1. NFS version 4, offers better security and performance enhancement over previous versions of NFS protocols. 2. NFSv4 incorporates RPCSEC-GSS security, which makes it possible to encrypt the data stream transmitted between NFS client and server. 3. To increase performance, NFSv4 makes complete use of client-side caching to reduce the frequency with which clients must communicate with an NFS server. It increases overall performance by minimizing the number of server round tips. 4. NFSv4 extends its support to ACL (Access control list). 5. Although it is interoperable with NFSv3 but its clients cannot  mount NFSv2 Exports. 6. NFSv4 enhances performance over internet even on low bandwidth network connections. 7. NFSv4 also supports UTF-8 filenames making cross-platform and inter-character set file sharing more comfortable.

55.Explain Network file system (NFS). Ans. 1. NFS is the most common method used to share file over Linux and UNIX operating system. 2. It enables local access to remote disks and file system in a distributed manner. 3. If it is properly designed and implemented then it operates transparently to client using remote file systems. 4. It is possible that NFS clients are available for many non-UNIX operating systems, including the various windows, Solaris, Mac etc. 5. Even the files dispersed geographically, NFS provides easy sharing services of connection exist. 6. NFS follows standard client-server architecture. 7. The NFS contains all those file systems that user wants to share along with daemon by making them visible. 8. This way of sharing file NFS is called as NFS exports. 9. The NFS server daemons provide remote access to the expected file system, enabling file locking over the network and allows to enable disk quotes on the NFS exports. 10. On the cli

54.How to manage host in Linux? Ans. 1. On the hosts tab of the network configuration tool, we can add, edit or remove hosts from the ‘/etc/hosts’ file. 2. The file contains IP addresses and their corresponding hostnames. 3. In the Enterprise Linux choose Application--> System settings --> network. 4. Click the hosts tab from the Network configuration dialog box. 5. Click new from the toolbar to open the ‘add/edit hosts entry’ dialog box. 6. Enter the hostname and its IP address, if there is an alias for the host-name, enter it as well. 7. Click ok to add the entry to the list. 8. Choose file-save to save your changes.

53.How to change the NIC configuration? Ans. 1. We can change the NIC configuration using network configuration tool. 2. In Linux enterprise Linux choose applications-->system settings-->network. 3. Highlight the device that you want to modify and click edit (on the toolbar). 4. The three tabs available from the dialog box are used for the following purpose: 5. General: Here we can enter a nickname for the device and choose whether the device is activated when the system, allow user to enable and disable device, obtain IP information automatically by DHCP or manually enter the IP information for the device. 6. Route: We can enter routes to other networks, we need to enter the network IP number as well as the gateway IP numbers. 7. Hardware Device: This tab contains information about the hardware associated with the Ethernet device, we can assign device aliases here by clicking the add button. 8. After we are done with all the changes, click OK to retur

52.How to add an Ethernet device using Network configuration tool ? Ans. 1. On the main window of Network configuration tool click new button from toolbar. 2. Select device type, a window will appear choose Ethernet connection and click forward. 3. If your NIC is listed then select it and click forward if not then choose other Ethernet card and click forward. 4. Select adapter, a window will appear select your card from adapter drop-down list and choose device name from device drop down list for first time choose eth0. 5. Click forward it will open configure network setting window, choose whether you want to use DHCP to obtain your IP address automatically or whether you want to enter a static IP address. 6. Click forward you will see the listing of your selected information, if you want to make changes, click back to return to the desired window. 7. If you are satisfied with your choices click apply to create the device. 8. After that choose file-->save fro

51.How to configure network using Network Configuration Tool? Ans. 1. Network Configuration Tool can be accessed by using the application menu from the Gnome desktop. 2. To start the network configuration tool in enterprise Linux choose Applicationssystem-settingsNetwork. 3. The main network configuration tool window has 5 tabbed pages and opens to the devices by default. 4. Device: This tab shows the network devices that are installed and configured on your PC, network devices are associated with actual physical hardware in PC. 5. Hardware: This tab shows the actual physical hardware installed in your PC. 6. IPSec: This tab is where we can configure IPSec tunnels used for secure communications. 7. DNS: This tab shows the system hostname and name servers used for DNS lookup can be configured in this tab. 8. Hosts: This tab shows the PS hostname to static IP address mapping.

50.Explain how to configure DHCP client? Ans. 1. Before configuring DHCP, NIC should be configured properly and recognized by the system. 2. After that it’s easy to command system to use DHCP to obtain its IP information. 3. Configuring DHCP client involves following steps : a. Open the /etc/sysconfig/networkscripts/ifcfg-eth0 file. b. Find the line bootproto=static c. Change the static to dhcp. d. Save changes. e. Restart the network by issuing command ‘service network restart’, after that system will receive its IP information from the DHCP server.

49.How to configure Routers and Gateways? Ans. 1. The router connected to each network is called its gateway. 2. IP forwarding is enabled by using following commands: echo ”1” > /proc/sys/net/ipv4/ip_forward 3. If a system has two network interfaces, the network interfaces would be configured as shown below: 4. INTERFACE ADDRESS MASK Eth0 192.168.1.1 255.255.255.128 Eth1 192.168.1.129 255.255.255.128 5. The network routing the system would use is as follows: DESTINATION GATEWAY MASK INERFACE 192.168.1.0 192.168.1.1 255.255.255.128 eth0 192.168.1.128 192.168.1.129 255.255.255.128 eth1 6. To finish the changes we use following commands: #route add –net 192.168.1.0 #route add default gw 192.168.129

48.Explain the concept of subnetting the network. Ans. 1. Every IP network has two addresses that cannot be used –The network IP number itself and the broadcast addresses. 2. Every time we subnet we are creating these two unusable addresses, so the more subnet we have, the more IP addresses we lose. 3. We need to determine the subnetwork mask and network numbers. Subnetworking takes one or more of the available host bits and makes them appear as network bits to the local interfaces. 4. If we want to divide our Class C network into two subnetworks, we’d change the first host bits to ones, and this would give us a net mask of 255.255.255.192 5. Lastly, assign the appropriate numbers for the network, the broadcast address, and the IP addresses for each of the interfaces.

47.Explain submit mask and subnetting and advantages. Ans. 1. The network mask is also called the subnet mask. All network nits were set to one and the host bits were to zero. This is the standard format for all the network masks. E.g. Class C 11111111 11111111 11111111 00000000 Class B 11111111 11111111 00000000 00000000 Class A 11111111 00000000 00000000 00000000 2. A subnet enable us to use one IP address and split it up so that it can be used on a several physically connected local network, it’s a big advantage, as the number of IP numbers available is rapidly diminishing. 3. We can have the multiple subnetted networks connected to the outside world with just one IP address. 4. By splitting the IP address, it can be used on sites that need multiple connections; splitting the address eliminates the problems of high traffic and difficult manageability. 5. Subnetting also increases security by separating into local networks.

46.Explain the IPv4 address with the help of a) Different formats of representation i.e. dotted decimals and binary. b) Classes in both the formats. c) Interpretation of the IP addresses. Ans. 1. Different formats of representation i.e. dotted decimal and binary: many devices on the internet have only a single interface and thus a single IP number. 2. IP numbers consist of 4(8-bit) bytes for a total of 32 bits of available information. 3. This system results in large numbers, even when they are represented in decimal notation. 4. To make them easier to read and organize, they are written in what is called dotted quad format. 5. Each of them four groups of number can range from 0-255. The following shows the IP numbers in binary notation with its decimal notation. 1+1+1+1+1+1+1+1 128+64+32+16+8+4+2+1 = 255 This binary notation for 192.168.1.1 is 11000000.10101000.00000001.00000001 6. Classes in both the formats: Class A addresses always have

45.Explain how to set an alias for the NIC. Ans. 1. It is possible to assign more than one IP address to a single NIC, these addresses are called as aliases. 2. This is achieved by using the ifconfig and route commands, to add another IP address, 192.168.166.56, to eth0, we have to execute these commands: #ifconfig eth0:1 192.168.166.56 #route addr – host 192.168.166.56 3. The first command binds the IP address to virtual interface eth0:1 and the second command adds a route for the address to the actual device eth0. 4. Another method is adding second IP address to a single NIC by creating an alias file. 5. The configuration file for device eth0 is /etc/sysconfig /nwtwork-scripts/ifcfg-eth0 6. The above file is copied to another file called ifcfgeth0:1 in the same directory. 7. We need to open the newly copied file and change the line that reads: DEVICE= eth0 to DEVICE=eth0:1 8. The service of network is restarted for above changes to be affected, these effec

44.Explain process of setting up a NIC (Network interface card). Ans. 1. Network interface card (NIC) can be set-up by configuring the network card and internal network. 2. Before configuring network card we must check loopback (IP address 127.0.0.1) is working. 3. Even if the compute is not connected to outside network internet network configuration is required for some applications. This address is known as loopback device, and its IP address is 127.0.0.1 4. To check loopback device is configured or not, we use ‘ifconfig’ command it shows a device called ‘lo’ with the address 127.0.0.1, if this device and address is not shown there then loopback is not configured. 5. To configure it we can use command ifconfig lo 127.0.0.1 after that we need to use the ‘route’ command to give system a little more information about this interface for this ‘route add –net 127.0.0.0’ command is used, after this loopback is setup. 6. To configure a network card we will use ifconfig co

43.Explain network classes. Ans. 1. TCP/IP network are 4 bytes long, called IP addresses and written in dotted-decimal notation. (ex. 192.168.166.5) 2. The decimal numbers must be within the numeric range of 0-255, each IPv4 addresses consist of 4 parts. 3. Each part should conform to the 1-byte requirement. 4. Depending on the value of the first byte of the address, IP addresses can be divided into classes. 5. Network classes are of 3 type and have some specific range • Class A 0-127 • Class B 128-191 • Class C 192-233 6. Class division enables us efficient use of the address numbers. 7. Assigned network numbers are maintained in a database managed by InterNIC to insure that each assignment is unique. 8. After obtaining a network number, the host numbers may be assigned as required, for data transfer ARP maps the IP address to the MAC address of the device. 9. Routers are used for transferring data between 2 devices, routers are default gateway