Linux/Unix System Administration
David
Morgan
U.
C. L. A. Extension - X
417.31A
General Information
Remote Unix access with
telnet
Linux
Shell scripting:
Shell script basics
Shell programming:
if and while
Slide presentations
Pluggable Authentication Modules (PAM)
WINTER 2018
Wednesdays 6:30pm-10:00pm
UCLA Extension Westwood Center, Rm B6
1010 Westwood Blvd
This Website (http://www.bol.ucla.edu/~dmorgan1/linadmin/) will be used to communicate with you. Announcements, grade reports, and assignments will be posted here. The site can be viewed from an internet-connected browser anywhere. You are responsible for awareness of the information posted here.
Thank you - for your interest in linux and this course. I have enjoyed spending this quarter with you. (3/14)
Related linux/unix classes - that may interest you.
Advanced Linux/Unix: Networking - networking, emphasizing the linux
platform commands to "do" it
Shell scripting - further depth into the subject and the
practice
Advanced Linux/Unix: Security - theory and practice
Schedule: the courses tend to be
offered every other quarter. There may be variations but this is the
general expectation. If you are
interested please "stay tuned" to the class schedule as UCLA
Extension publishes it. Or if you email me I can let you know what we are
putting in the pipeline
Networking - possible fall 18
Scripting - spring 18 (from 4/3)
Security - summer 18 (from 6/26)
Content:
Networking - see website from
most recent quarter and course
outline
Shell scripting - see website from
most recent quarter and course
outline
Security - see website from
most recent quarter and course
outline - has been taught once (Winter 17) at UCLA Extension, derived from extensive materials I have compiled from teaching security elsewhere,
is lab-heavy. (3/14)
Calendar - 2 more meetings including tonight: March 7 and March 14 (3/7)
Final - will be a take-home exam. It is multiple-choice. Submit your answers to all the questions following these preparation and submittal instructions (you will use scp/sftp to deposit your answer file in your "assignments" subdirectory on unexgate.dmorgan.us. Please name your file "final.txt". I will grade these using an automated script, so the format of the answer is critical to intelligibility, as is the case (lower) of the filename. -due on unexgate.dmorgan.us by end-of-day Wednesday, 3/21 (3/7)
What must be known? in order to set
the system clock based on the hardware clock?
1. what does the time shown in the hardware clock mean?
- is it representing your local time?
- or is it representing the time in London
(UTC)"?
(by convention everybody
sets it to one or the other)
2. if UTC
- what time zone/jurisdiction are you in?
- what time do people in that jurisdiction
choose to observe?
the computer knows 1. from /etc/adjtime, 2. from /etc/localtime (2/28)
Homework - follow readings on course outline as we cover the topics-- 5 (task scheduling), 6 (time, clocks). (2/21)
RSA algorithm's math - is interesting to learn. It's what makes public/private key pairs work. We may have time to go over related slides. (2/14)
An analogy for passphrases on private keys. (2/8)
A convenient command - that automates the ssh key placement process. We did step-by-individual-step key placement in the lab exercise. There is a command to do the same thing more automatically. We did not use that command in the interest, tutorially, of learning what's actually going on. The command is ssh-copy-id. If the exercise were to have taken advantage of it, you could have done:
ssh-copy-id -i ~/.ssh/id_rsa.pub student01@unexgate.dmorgan.us
Provided you could authenticate as unexgate's student01(i.e., knew its password), your local public key would find its way into remote student01's authorized_keys file, as needed. (2/6)
If you want to learn a lot of linux in a little time - I recommend the SCaLE 16x (Southern California Linux Expo) held Friday - Sunday March 8-11, 2018. It's intense, inexpensive, local. (2/3)
Working account assignments on unexgate:
student01 Barajas
student02 Lopez
student03 Oshian
student04 Seleshi
student05 Tuminelli
student06 Zengin
These are ancillary accounts for you to use in exercises about ssh and backing up. (1/31)
Choosing which hash algorithm to use for scrambling passwords - that's recorded in the file /etc/pam.d/system-auth and can be set using the utility authconfig. (1/31)
yubikey device - comes from yubico. Google established a business relationship with yubico last fall for implementing 2-factor authentication using yubikeys. It uses a particular yubico product called Fido U2F security key. The FIDO ("fast identity online") alliance is an industry group promoting 2-factor authentication. (1/31)
Is there a better way to hash passwords?? (1/17)
Homework - follow readings on course outline as we cover the topics-- 2 (user admin), 3 (backup), 4 (logging). (1/17)
Hashing the text string "hash me please" in linux with an individual command for each hashing algorithm, and in Windows with HashCalc:
Homework - see course outline, topic 1. Do the reading shown there. (1/10)
useradd command - changes the inode of /etc/passwd routinely. It has nothing to do with whether there are any hardlinks or not. "changing the inode" is the wrong way to phrase it, I think. useradd probably makes a copy of the file (which thus has a different inode). It applies its changes to the copy. When ready, it renames the copy to "/etc/passwd" which destroys the original. Something like:
cp /etc/passwd temppass
echo the-new-user-record
>> tempass
mv -f temppass /etc/passwd
The rationale for doing it this way would be to minimize
the chance of leaving behind a damaged file if anything interrupted the
process before it could be completed.
(1/10)
Course outline - with approximate weekly topic coverage corresponded to related readings, homework assignments, and in-class slides I will use.
Optional Linux 101 exercise - for those who want a quick hands-on with a dozen top commands. If you lack experience using linux/unix, here is an optional "Linux commands" exercise you can perform on a remote linux server where I've created an account for you. Designed originally for other classes as a homework assignment, for you it's a strictly optional offering. Do it if you think it would be useful. (If you have any doubt whether you would be able to use cat, echo, mv, or ls if asked, I'd say it would probably be useful.)
My 3 favorite linux books (see the
syllabus), respective strengths:
Nemeth - explanatory revelations not found elsewhere, stemming from
authors' depth of realworld experience; blends explanation
with howto, stronger on the former
Negus - uniquely blends explanation
with howto/tutorial, stronger on the latter
Sobell - comprehensiveness, and particular accessibility. Find what you're
looking for quickly in this book, that you spend time searching around for
elsewhere. Sometimes uncanny how you can put your finger on what you need.
Requests - please don't change the passwords on the "root" or "student" accounts of the classroom workstations. At the end of each class please power the machines down either via the GUI menu system or the "poweroff" command.
Handout - explaining use of class computers.
Welcome - you may view (almost all of) the presentations shown in class via links to them as pdf files, bottom of left column. See also the brief class syllabus, at the link entitled "Syllabus," upper left. The textbook is identified there.
A Remote Unix system will be available for your use.
Using ssh (secure shell). ssh is an important tool you will use for interacting with remote computers. For that you will need an ssh client. There are a number of ssh client alternatives.
Running linux at home.
Bootable Fedora 20 on USB for you to burn
- I made a suitable, persistent image recently. If you bring an 8GB or
larger USB flash drive to class (empty of anything you care about) we
can burn my image to your drive for you to boot from in the future.
"What
hath God wrought?"
May 24, 1844
"Mr.
Watson come here, I want to see you."
March 10, 1876
"lo"
October 29, 1969
Assignments/due
see course outline
system
control
(in-class)
boot sequence
(in-class)
runlevels
(in-class)
bootloaders
(in-class)
ssh
key setup
(in-class)
ssh file access
from
linux
from
Windows
backup
(in-class)
users/groups/access
(in-class)
nis
(in-class)
ProcessUID
control
(in-class)
centralized logging
with syslog
with rsyslog
(in-class)
stunnel
(in-class)
encrypted
logging
(in-class)
rotating log files
(in-class)
monitoring log files
(in-class)
syslog-ng
(in-class)
scheduled jobs
(in-class)
Unix time
(in-class)
rpm economics
(in-class)
yum and rpm
(in-class)
PAM
(in-class)
Message
digests
(in-class)
GNUPrivacyGuard
(in-class)
BIOS and
bootloader passwords
(in-class)
compiling the
kernel-FC4
(in-class)
compiling the
kernel-FC5
(in-class)
compiling the
kernel-fedora10
(in-class)