+1(978)310-4246 credencewriters@gmail.com
  

Need to install and configure VPN in Ubntu and create a powerpoint presentation with the commands used and screenshots.

Here is the chapter 23 in this pdf based in which the teacher asked to make the assignment

Ubuntu Server Guide
Ubuntu Server Guide
Copyright © 2016 Contributors to the document
Abstract
Welcome to the Ubuntu Server Guide! It contains information on how to install and configure various server applications
on your Ubuntu system to fit your needs. It is a step-by-step, task-oriented guide for configuring and customizing your
system.
Credits and License
This document is maintained by the Ubuntu documentation team (https://wiki.ubuntu.com/DocumentationTeam). A list of contributors is below.
This document is made available under the Creative Commons ShareAlike 3.0 License (CC-BY-SA).
You are free to modify, extend, and improve the Ubuntu documentation source code under the terms of this license. All derivative works must be
released under this license.
This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER.
A copy of the license is available here: Creative Commons ShareAlike License1.
Contributors to this document are:
• Members of the Ubuntu Documentation Project2
• Members of the Ubuntu Server Team3
• Contributors to the Community Help Wiki4
• Other contributors can be found in the revision history of the serverguide5 and ubuntu-docs6 bzr branches available on Launchpad.
1 https://creativecommons.org/licenses/by-sa/3.0/
2 https://launchpad.net/~ubuntu-core-doc
3 https://launchpad.net/~ubuntu-server
4 https://help.ubuntu.com/community/
5 https://bazaar.launchpad.net/~ubuntu-core-doc/serverguide/trunk/changes
6 https://bazaar.launchpad.net/~ubuntu-core-doc/ubuntu-docs/trunk/changes
Table of Contents
1. Introduction ………………………………………………………………………………………………………………………. 1
1. Support …………………………………………………………………………………………………………………….. 2
2. Installation ………………………………………………………………………………………………………………………… 3
1. Preparing to Install ……………………………………………………………………………………………………… 4
2. Installing from CD ……………………………………………………………………………………………………… 6
3. Upgrading …………………………………………………………………………………………………………………. 9
4. Advanced Installation …………………………………………………………………………………………………. 10
5. Kernel Crash Dump …………………………………………………………………………………………………… 19
3. Package Management ………………………………………………………………………………………………………… 25
1. Introduction ……………………………………………………………………………………………………………… 26
2. dpkg ……………………………………………………………………………………………………………………….. 27
3. Apt …………………………………………………………………………………………………………………………. 28
4. Aptitude ………………………………………………………………………………………………………………….. 30
5. Automatic Updates ……………………………………………………………………………………………………. 32
6. Configuration ……………………………………………………………………………………………………………. 34
7. References ……………………………………………………………………………………………………………….. 36
4. Networking ……………………………………………………………………………………………………………………… 37
1. Network Configuration ……………………………………………………………………………………………….. 38
2. TCP/IP ……………………………………………………………………………………………………………………. 47
3. Dynamic Host Configuration Protocol (DHCP) ……………………………………………………………….. 51
4. Time Synchronisation with NTP …………………………………………………………………………………… 54
5. Data Plane Development Kit ……………………………………………………………………………………….. 57
5. DM-Multipath ………………………………………………………………………………………………………………….. 72
1. Device Mapper Multipathing ……………………………………………………………………………………….. 73
2. Multipath Devices ……………………………………………………………………………………………………… 76
3. Setting up DM-Multipath Overview ………………………………………………………………………………. 79
4. The DM-Multipath Configuration File …………………………………………………………………………… 83
5. DM-Multipath Administration and Troubleshooting ………………………………………………………….. 95
6. Remote Administration …………………………………………………………………………………………………….. 100
1. OpenSSH Server ……………………………………………………………………………………………………… 101
2. Puppet …………………………………………………………………………………………………………………… 104
3. Zentyal ………………………………………………………………………………………………………………….. 107
7. Network Authentication ……………………………………………………………………………………………………. 111
1. OpenLDAP Server …………………………………………………………………………………………………… 112
2. Samba and LDAP ……………………………………………………………………………………………………. 138
3. Kerberos ………………………………………………………………………………………………………………… 144
4. Kerberos and LDAP …………………………………………………………………………………………………. 152
5. SSSD and Active Directory ……………………………………………………………………………………….. 159
8. Domain Name Service (DNS) …………………………………………………………………………………………… 164
1. Installation ……………………………………………………………………………………………………………… 165
iii
Ubuntu Server Guide
2. Configuration …………………………………………………………………………………………………………..
3. Troubleshooting ……………………………………………………………………………………………………….
4. References ………………………………………………………………………………………………………………
9. Security …………………………………………………………………………………………………………………………
10.
11.
12.
13.
14.
15.
16.
166
172
176
177
1. User Management ……………………………………………………………………………………………………. 178
2. Console Security ……………………………………………………………………………………………………… 184
3. Firewall …………………………………………………………………………………………………………………. 185
4. AppArmor ……………………………………………………………………………………………………………… 192
5. Certificates …………………………………………………………………………………………………………….. 196
6. eCryptfs …………………………………………………………………………………………………………………. 201
Monitoring …………………………………………………………………………………………………………………… 203
1. Overview ……………………………………………………………………………………………………………….. 204
2. Nagios …………………………………………………………………………………………………………………… 205
3. Munin ……………………………………………………………………………………………………………………. 209
Web Servers ………………………………………………………………………………………………………………… 211
1. HTTPD – Apache2 Web Server ………………………………………………………………………………….. 212
2. PHP – Scripting Language …………………………………………………………………………………………. 219
3. Squid – Proxy Server ……………………………………………………………………………………………….. 221
4. Ruby on Rails …………………………………………………………………………………………………………. 224
5. Apache Tomcat ……………………………………………………………………………………………………….. 226
Databases …………………………………………………………………………………………………………………….. 230
1. MySQL …………………………………………………………………………………………………………………. 231
2. PostgreSQL ……………………………………………………………………………………………………………. 236
LAMP Applications ………………………………………………………………………………………………………. 239
1. Overview ……………………………………………………………………………………………………………….. 240
2. Moin Moin …………………………………………………………………………………………………………….. 241
3. phpMyAdmin ………………………………………………………………………………………………………….. 243
4. WordPress ……………………………………………………………………………………………………………… 245
File Servers ………………………………………………………………………………………………………………….. 247
1. FTP Server …………………………………………………………………………………………………………….. 248
2. Network File System (NFS) ………………………………………………………………………………………. 252
3. iSCSI Initiator ………………………………………………………………………………………………………… 254
4. CUPS – Print Server ………………………………………………………………………………………………… 257
Email Services ……………………………………………………………………………………………………………… 260
1. Postfix …………………………………………………………………………………………………………………… 261
2. Exim4 ……………………………………………………………………………………………………………………. 269
3. Dovecot Server ……………………………………………………………………………………………………….. 272
4. Mailman ………………………………………………………………………………………………………………… 274
5. Mail Filtering ………………………………………………………………………………………………………….. 280
Chat Applications ………………………………………………………………………………………………………….. 287
1. Overview ……………………………………………………………………………………………………………….. 288
2. IRC Server …………………………………………………………………………………………………………….. 289
iv
Ubuntu Server Guide
3. Jabber Instant Messaging Server ………………………………………………………………………………….
17. Version Control System ………………………………………………………………………………………………….
1. Bazaar ……………………………………………………………………………………………………………………
2. Git …………………………………………………………………………………………………………………………
291
293
294
295
3. Subversion ………………………………………………………………………………………………………………
4. References ………………………………………………………………………………………………………………
18. Samba ………………………………………………………………………………………………………………………….
1. Introduction …………………………………………………………………………………………………………….
2. File Server ………………………………………………………………………………………………………………
3. Print Server …………………………………………………………………………………………………………….
4. Securing File and Print Server …………………………………………………………………………………….
5. As a Domain Controller …………………………………………………………………………………………….
6. Active Directory Integration ……………………………………………………………………………………….
19. Backups ……………………………………………………………………………………………………………………….
1. Shell Scripts ……………………………………………………………………………………………………………
2. Archive Rotation ………………………………………………………………………………………………………
3. Bacula ……………………………………………………………………………………………………………………
20. Virtualization ………………………………………………………………………………………………………………..
1. libvirt …………………………………………………………………………………………………………………….
2. Qemu …………………………………………………………………………………………………………………….
3. Cloud images and uvtool ……………………………………………………………………………………………
4. Ubuntu Cloud ………………………………………………………………………………………………………….
5. LXD ………………………………………………………………………………………………………………………
6. LXC ………………………………………………………………………………………………………………………
21. Control Groups ……………………………………………………………………………………………………………..
1. Overview ………………………………………………………………………………………………………………..
2. Filesystem ………………………………………………………………………………………………………………
3. Delegation ………………………………………………………………………………………………………………
4. Manager …………………………………………………………………………………………………………………
5. Resources ……………………………………………………………………………………………………………….
22. Clustering …………………………………………………………………………………………………………………….
1. DRBD ……………………………………………………………………………………………………………………
23. VPN ……………………………………………………………………………………………………………………………
1. OpenVPN ……………………………………………………………………………………………………………….
24. Other Useful Applications ……………………………………………………………………………………………….
1. pam_motd ……………………………………………………………………………………………………………….
2. etckeeper ………………………………………………………………………………………………………………..
3. Byobu …………………………………………………………………………………………………………………….
A. Appendix ………………………………………………………………………………………………………………………
1. Reporting Bugs in Ubuntu Server Edition ……………………………………………………………………..
298
303
304
305
306
309
311
316
320
322
323
327
330
335
336
342
344
348
349
360
375
376
377
378
379
380
381
382
385
386
400
401
403
405
407
408
v
List of Tables
2.1. Recommended Minimum Requirements ……………………………………………………………………………….. 4
5.1. Priority Checker Conversion …………………………………………………………………………………………….. 73
5.2. DM-Multipath Components ……………………………………………………………………………………………… 74
5.3. Multipath Configuration Defaults ………………………………………………………………………………………. 87
5.4. Multipath Attributes ……………………………………………………………………………………………………….. 90
5.5. Device Attributes …………………………………………………………………………………………………………… 92
5.6. Useful multipath Command Options ………………………………………………………………………………….. 98
17.1. Access Methods …………………………………………………………………………………………………………. 299
vi
Chapter 1. Introduction
Welcome to the Ubuntu Server Guide!
Here you can find information on how to install and configure various server applications. It is a step-by-step,
task-oriented guide for configuring and customizing your system.
This guide assumes you have a basic understanding of your Ubuntu system. Some installation details are
covered in Chapter 2, Installation [p. 3], but if you need detailed instructions installing Ubuntu please
refer to the Ubuntu Installation Guide1.
A HTML version of the manual is available online at the Ubuntu Documentation website2.
1 https://help.ubuntu.com/16.04/installation-guide/
2 https://help.ubuntu.com
1
Introduction
1. Support
There are a couple of different ways that Ubuntu Server Edition is supported: commercial support and
community support. The main commercial support (and development funding) is available from Canonical,
Ltd. They supply reasonably- priced support contracts on a per desktop or per server basis. For more
information see the Ubuntu Advantage3 page.
Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the
best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs,
wikis, etc. The large amount of information available can be overwhelming, but a good search engine query
can usually provide an answer to your questions. See the Ubuntu Support4 page for more information.
3 http://www.ubuntu.com/management
4 http://www.ubuntu.com/support
2
Chapter 2. Installation
This chapter provides a quick overview of installing Ubuntu 16.04 LTS Server Edition. For more detailed
instructions, please refer to the Ubuntu Installation Guide1.
1 https://help.ubuntu.com/16.04/installation-guide/
3
Installation
1. Preparing to Install
This section explains various aspects to consider before starting the installation.
1.1. System Requirements
Ubuntu 16.04 LTS Server Edition supports three (3) major architectures: Intel x86, AMD64 and ARM. The
table below lists recommended hardware specifications. Depending on your needs, you might manage with
less than this. However, most users risk being frustrated if they ignore these suggestions.
Table 2.1. Recommended Minimum Requirements
Hard Drive Space
Install Type
CPU
RAM
Base System
All Tasks Installed
Server (Standard)
1 gigahertz
512 megabytes
1 gigabyte
1.75 gigabytes
Server (Minimal)
300 megahertz
192 megabytes
700 megabytes
1.4 gigabytes
The Server Edition provides a common base for all sorts of server applications. It is a minimalist design
providing a platform for the desired services, such as file/print services, web hosting, email hosting, etc.
1.2. Server and Desktop Differences
There are a few differences between the Ubuntu Server Edition and the Ubuntu Desktop Edition. It should be
noted that both editions use the same apt repositories, making it just as easy to install a server application on
the Desktop Edition as it is on the Server Edition.
The differences between the two editions are the lack of an X window environment in the Server Edition and
the installation process.
1.2.1. Kernel Differences:
Ubuntu version 10.10 and prior, actually had different kernels for the server and desktop editions. Ubuntu no
longer has separate -server and -generic kernel flavors. These have been merged into a single -generic kernel
flavor to help reduce the maintenance burden over the life of the release.
When running a 64-bit version of Ubuntu on 64-bit processors you are not limited by memory
addressing space.
To see all kernel configuration options you can look through /boot/config-4.4.0-server. Also, Linux
Kernel in a Nutshell2 is a great resource on the options available.
2 http://www.kroah.com/lkn/
4
Installation
1.3. Backing Up
• Before installing Ubuntu Server Edition you should make sure all data on the system is backed up. See
Chapter 19, Backups [p. 322] for backup options.
If this is not the first time an operating system has been installed on your computer, it is likely you will
need to re-partition your disk to make room for Ubuntu.
Any time you partition your disk, you should be prepared to lose everything on the disk should you make a
mistake or something goes wrong during partitioning. The programs used in installation are quite reliable,
most have seen years of use, but they also perform destructive actions.
5
Installation
2. Installing from CD
The basic steps to install Ubuntu Server Edition from CD are the same as those for installing any operating
system from CD. Unlike the Desktop Edition, the Server Edition does not include a graphical installation
program. The Server Edition uses a console menu based process instead.
• Download and burn the appropriate ISO file from the Ubuntu web site3.
• Boot the system from the CD-ROM drive.
• At the boot prompt you will be asked to select a language.
• From the main boot menu there are some additional options to install Ubuntu Server Edition. You can
install a basic Ubuntu Server, check the CD-ROM for defects, check the system’s RAM, boot from first
hard disk, or rescue a broken system. The rest of this section will cover the basic Ubuntu Server install.
• The installer asks which language it should use. Afterwards, you are asked to select your location.
• Next, the installation process begins by asking for your keyboard layout. You can ask the installer to
attempt auto-detecting it, or you can select it manually from a list.
• The installer then discovers your hardware configuration, and configures the network settings using
DHCP. If you do not wish to use DHCP at the next screen choose “Go Back”, and you have the option to
“Configure the network manually”.
• Next, the installer asks for the system’s hostname.
• A new user is set up; this user will have root access through the sudo utility.
• After the user settings have been completed, you will be asked if you want to encrypt your home directory.
• Next, the installer asks for the system’s Time Zone.
• You can then choose from several options to configure the hard drive layout. Afterwards you are asked
which disk to install to. You may get confirmation prompts before rewriting the partition table or setting
up LVM depending on disk layout. If you choose LVM, you will be asked for the size of the root logical
volume. For advanced disk options see Section 4, “Advanced Installation” [p. 10].
• The Ubuntu base system is then installed.
• The next step in the installation process is to decide how you want to update the system. There are three
options:
• No automatic updates: this requires an administrator to log into the machine and manually install
updates.
• Install security updates automatically: this will install the unattended-upgrades package, which will
install security updates without the intervention of an administrator. For more details see Section 5,
“Automatic Updates” [p. 32].
• Manage the system with Landscape: Landscape is a paid service provided by Canonical to help manage
your Ubuntu machines. See the Landscape4 site for details.
3 http://www.ubuntu.com/download/server/download
4 http://landscape.canonical.com/
6
Installation
• You now have the option to install, or not install, several package tasks. See Section 2.1, “Package
Tasks” [p. 7] for details. Also, there is an option to launch aptitude to choose specific packages to
install. For more information see Section 4, “Aptitude” [p. 30].
• Finally, the last step before rebooting is to set the clock to UTC.
If at any point during installation you are not satisfied by the default setting, use the “Go Back”
function at any prompt to be brought to a detailed installation menu that will allow you to modify the
default settings.
At some point during the installation process you may want to read the help screen provided by the
installation system. To do this, press F1.
Once again, for detailed instructions see the Ubuntu Installation Guide5.
2.1. Package Tasks
During the Server Edition installation you have the option of installing additional packages from the CD. The
packages are grouped by the type of service they provide.
• DNS server: Selects the BIND DNS server and its documentation.
• LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server.
• Mail server: This task selects a variety of packages useful for a general purpose mail server system.
• OpenSSH server: Selects packages needed for an OpenSSH server.
• PostgreSQL database: This task selects client and server packages for the PostgreSQL database.
• Print server: This task sets up your system to be a print server.
• Samba File server: This task sets up your system to be a Samba file server, which is especially suitable in
networks with both Windows and Linux systems.
• Tomcat Java server: Installs Apache Tomcat and needed dependencies.
• Virtual Machine host: Includes packages needed to run KVM virtual machines.
• Manually select packages: Executes aptitude allowing you to individually select packages.
Installing the package groups is accomplished using the tasksel utility. One of the important differences
between Ubuntu (or Debian) and other GNU/Linux distribution is that, when installed, a package is also
configured to reasonable defaults, eventually prompting you for additional required information. Likewise,
when installing a task, the packages are not only installed, but also configured to provided a fully integrated
service.
Once the installation process has finished you can view a list of available tasks by entering the following from
a terminal prompt:
tasksel –list-tasks
5 https://help.ubuntu.com/16.04/installation-guide/
7
Installation
The output will list tasks from other Ubuntu based distributions such as Kubuntu and Edubuntu.
Note that you can also invoke the tasksel command by itself, which will bring up a menu of the
different tasks available.
You can view a list of which packages are installed with each task using the –task-packages option. For
example, to list the packages installed with the DNS Server task enter the following:
tasksel –task-packages dns-server
The output of the command should list:
bind9-doc
bind9utils
bind9
If you did not install one of the tasks during the installation process, but for example you decide to make your
new LAMP server a DNS server as well, simply insert the installation CD and from a terminal:
sudo tasksel install dns-server
8
Installation
3. Upgrading
There are several ways to upgrade from one Ubuntu release to another. This section gives an overview of the
recommended upgrade method.
3.1. do-release-upgrade
The recommended way to upgrade a Server Edition installation is to use the do-release-upgrade utility. Part of
the update-manager-core package, it does not have any graphical dependencies and is installed by default.
Debian based systems can also be upgraded by using apt dist-upgrade. However, using do-release-upgrade
is recommended because it has the ability to handle system configuration changes sometimes needed between
releases.
To upgrade to a newer release, from a terminal prompt enter:
do-release-upgrade
It is also possible to use do-release-upgrade to upgrade to a development version of Ubuntu. To accomplish
this use the -d switch:
do-release-upgrade -d
Upgrading to a development release is not recommended for production environments.
For further stability of a LTS release there is a slight change in behaviour if you are currently running a
LTS version. LTS systems are only automatically considered for an upgrade to the next LTS via do-releaseupgrade with the first point release. So for example 14.04 will only upgrade once 16.04.1 is released. If you
want to update before, e.g. on a subset of machines to evaluate the LTS upgrade for your setup the same
argument as an upgrade to a dev release has to be used via the -d switch.
9
Installation
4. Advanced Installation
4.1. Software RAID
Redundant Array of Independent Disks “RAID” is a method of using multiple disks to provide different
balances of increasing data reliability and/or increasing input/output performance, depending on the RAID
level being used. RAID is implemented in either software (where the operating system knows about both
drives and actively maintains both of them) or hardware (where a special controller makes the OS think there’s
only one drive and maintains the drives ‘invisibly’).
The RAID software included with current versions of Linux (and Ubuntu) is based on the ‘mdadm’ driver and
works very well, better even than many so-called ‘hardware’ RAID controllers. This section will guide you
through installing Ubuntu Server Edition using two RAID1 partitions on two physical hard drives, one for /
and another for swap.
4.1.1. Partitioning
Follow the installation steps until you get to the Partition disks step, then:
1.
Select Manual as the partition method.
2.
Select the first hard drive, and agree to “Create a new empty partition table on this device?”.
Repeat this step for each drive you wish to be part of the RAID array.
3.
Select the “FREE SPACE” on the first drive then select “Create a new partition”.
4.
Next, select the Size of the partition. This partition will be the swap partition, and a general rule for swap
size is twice that of RAM. Enter the partition size, then choose Primary, then Beginning.
A swap partition size of twice the available RAM capacity may not always be desirable,
especially on systems with large amounts of RAM. Calculating the swap partition size for
servers is highly dependent on how the system is going to be used.
5.
Select the “Use as:” line at the top. By default this is “Ext4 journaling file system”, change that to
“physical volume for RAID” then “Done setting up partition”.
6.
For the / partition once again select “Free Space” on the first drive then “Create a new partition”.
7.
Use the rest of the free space on the drive and choose Continue, then Primary.
8.
As with the swap partition, select the “Use as:” line at the top, changing it to “physical volume for
RAID”. Also select the “Bootable flag:” line to change the value to “on”. Then choose “Done setting up
partition”.
9.
Repeat steps three through eight for the other disk and partitions.
4.1.2. RAID Configuration
With the partitions setup the arrays are ready to be configured:
1.
Back in the main “Partition Disks” page, select “Configure Software RAID” at the top.
2.
Select “yes” to write the changes to disk.
10
Installation
3.
Choose “Create MD device”.
4.
For this example, select “RAID1”, but if you are using a different setup choose the appropriate type
(RAID0 RAID1 RAID5).
In order to use RAID5 you need at least three drives. Using RAID0 or RAID1 only two drives
are required.
5.
Enter the number of active devices “2”, or the amount of hard drives you have, for the array. Then select
“Continue”.
6.
Next, enter the number of spare devices “0” by default, then choose “Continue”.
7.
Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, etc. The numbers will usually
match and the different letters correspond to different hard drives.
For the swap partition choose sda1 and sdb1. Select “Continue” to go to the next step.
8.
Repeat steps three through seven for the / partition choosing sda2 and sdb2.
9.
Once done select “Finish”.
4.1.3. Formatting
There should now be a list of hard drives and RAID devices. The next step is to format and set the mount
point for the RAID devices. Treat the RAID device as a local hard drive, format and mount accordingly.
1.
Select “#1” under the “RAID1 device #0” partition.
2.
Choose “Use as:”. Then select “swap area”, then “Done setting up partition”.
3.
Next, select “#1” under the “RAID1 device #1” partition.
4.
Choose “Use as:”. Then select “Ext4 journaling file system”.
5.
Then select the “Mount point” and choose “/ – the root file system”. Change any of the other options as
appropriate, then select “Done setting up partition”.
6.
Finally, select “Finish partitioning and write changes to disk”.
If you choose to place the root partition on a RAID array, the installer will then ask if you would like to boot
in a degraded state. See Section 4.1.4, “Degraded RAID” [p. 11] for further details.
The installation process will then continue normally.
4.1.4. Degraded RAID
At some point in the life of the computer a disk failure event may occur. When this happens, using Software
RAID, the operating system will place the array into what is known as a degraded state.
If the array has become degraded, due to the chance of data corruption, by default Ubuntu Server Edition
will boot to initramfs after thirty seconds. Once the initramfs has booted there is a fifteen second prompt
giving you the option to go ahead and boot the system, or attempt manual recover. Booting to the initramfs
prompt may or may not be the desired behavior, especially if the machine is in a remote location. Booting to a
degraded array can be configured several ways:
11
Installation
• The dpkg-reconfigure utility can be used to configure the default behavior, and during the process you
will be queried about additional settings related to the array. Such as monitoring, email alerts, etc. To
reconfigure mdadm enter the following:
sudo dpkg-reconfigure mdadm
• The dpkg-reconfigure mdadm process will change the /etc/initramfs-tools/conf.d/mdadm
configuration file. The file has the advantage of being able to pre-configure the system’s behavior, and can
also be manually edited:
BOOT_DEGRADED=true
The configuration file can be overridden by using a Kernel argument.
• Using a Kernel argument will allow the system to boot to a degraded array as well:
• When the server is booting press Shift to open the Grub menu.
• Press e to edit your kernel command options.
• Press the down arrow to highlight the kernel line.
• Add “bootdegraded=true” (without the quotes) to the end of the line.
• Press Ctrl+x to boot the system.
Once the system has booted you can either repair the array see Section 4.1.5, “RAID Maintenance” [p. 12]
for details, or copy important data to another machine due to major hardware failure.
4.1.5. RAID Maintenance
The mdadm utility can be used to view the status of an array, add disks to an array, remove disks, etc:
• To view the status of an array, from a terminal prompt enter:
sudo mdadm -D /dev/md0
The -D tells mdadm to display detailed information about the /dev/md0 device. Replace /dev/md0 with the
appropriate RAID device.
• To view the status of a disk in an array:
sudo mdadm -E /dev/sda1
The output if very similar to the mdadm -D command, adjust /dev/sda1 for each disk.
• If a disk fails and needs to be removed from an array enter:
sudo mdadm –remove /dev/md0 /dev/sda1
Change /dev/md0 and /dev/sda1 to the appropriate RAID device and disk.
12
Installation
• Similarly, to add a new disk:
sudo mdadm –add /dev/md0 /dev/sda1
Sometimes a disk can change to a faulty state even though there is nothing physically wrong with the drive.
It is usually worthwhile to remove the drive from the array then re-add it. This will cause the drive to re-sync
with the array. If the drive will not sync with the array, it is a good indication of hardware failure.
The /proc/mdstat file also contains useful information about the system’s RAID devices:
cat /proc/mdstat
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
md0 : active raid1 sda1[0] sdb1[1]
10016384 blocks [2/2] [UU]
unused devices:
The following command is great for watching the status of a syncing drive:
watch -n1 cat /proc/mdstat
Press Ctrl+c to stop the watch command.
If you do need to replace a faulty drive, after the drive has been replaced and synced, grub will need to be
installed. To install grub on the new drive, enter the following:
sudo grub-install /dev/md0
Replace /dev/md0 with the appropriate array device name.
4.1.6. Resources
The topic of RAID arrays is a complex one due to the plethora of ways RAID can be configured. Please see
the following links for more information:
• Ubuntu Wiki Articles on RAID6.
• Software RAID HOWTO7
• Managing RAID on Linux8
4.2. Logical Volume Manager (LVM)
Logical Volume Manger, or LVM, allows administrators to create logical volumes out of one or multiple
physical hard disks. LVM volumes can be created on both software RAID partitions and standard partitions
6 https://help.ubuntu.com/community/Installation#raid
7 http://www.faqs.org/docs/Linux-HOWTO/Software-RAID-HOWTO.html
8 http://oreilly.com/catalog/9781565927308/
13
Installation
residing on a single disk. Volumes can also be extended, giving greater flexibility to systems as requirements
change.
4.2.1. Overview
A side effect of LVM’s power and flexibility is a greater degree of complication. Before diving into the LVM
installation process, it is best to get familiar with some terms.
• Physical Volume (PV): physical hard disk, disk partition or software RAID partition formatted as LVM PV.
• Volume Group (VG): is made from one or more physical volumes. A VG can can be extended by adding
more PVs. A VG is like a virtual disk drive, from which one or more logical volumes are carved.
• Logical Volume (LV): is similar to a partition in a non-LVM system. A LV is formatted with the desired file
system (EXT3, XFS, JFS, etc), it is then available for mounting and data storage.
4.2.2. Installation
As an example this section covers installing Ubuntu Server Edition with /srv mounted on a LVM volume.
During the initial install only one Physical Volume (PV) will be part of the Volume Group (VG). Another PV
will be added after install to demonstrate how a VG can be extended.
There are several installation options for LVM, “Guided – use the entire disk and setup LVM” which will also
allow you to assign a portion of the available space to LVM, “Guided – use entire and setup encrypted LVM”,
or Manually setup the partitions and configure LVM. At this time the only way to configure a system with
both LVM and standard partitions, during installation, is to use the Manual approach.
1.
Follow the installation steps until you get to the Partition disks step, then:
2.
At the “Partition Disks screen choose “Manual”.
3.
Select the hard disk and on the next screen choose “yes” to “Create a new empty partition table on this
device”.
4.
Next, create standard /boot, swap, and / partitions with whichever filesystem you prefer.
5.
For the LVM /srv, create a new Logical partition. Then change “Use as” to “physical volume for LVM”
then “Done setting up the partition”.
6.
Now select “Configure the Logical Volume Manager” at the top, and choose “Yes” to write the changes
to disk.
7.
For the “LVM configuration action” on the next screen, choose “Create volume group”. Enter a name
for the VG such as vg01, or something more descriptive. After entering a name, select the partition
configured for LVM, and choose “Continue”.
8.
Back at the “LVM configuration action” screen, select “Create logical volume”. Select the newly created
volume group, and enter a name for the new LV, for example srv since that is the intended mount point.
Then choose a size, which may be the full partition because it can always be extended later. Choose
“Finish” and you should be back at the main “Partition Disks” screen.
9.
Now add a filesystem to the new LVM. Select the partition under “LVM VG vg01, LV srv”, or whatever
name you have chosen, the choose Use as. Setup a file system as normal selecting /srv as the mount
point. Once done, select “Done setting up the partition”.
14
Installation
10. Finally, select “Finish partitioning and write changes to disk”. Then confirm the changes and continue
with the rest of the installation.
There are some useful utilities to view information about LVM:
• pvdisplay: shows information about Physical Volumes.
• vgdisplay: shows information about Volume Groups.
• lvdisplay: shows information about Logical Volumes.
4.2.3. Extending Volume Groups
Continuing with srv as an LVM volume example, this section covers adding a second hard disk, creating a
Physical Volume (PV), adding it to the volume group (VG), extending the logical volume srv and finally
extending the filesystem. This example assumes a second hard disk has been added to the system. In this
example, this hard disk will be named /dev/sdb and we will use the entire disk as a physical volume (you
could choose to create partitions and use them as different physical volumes)
Make sure you don’t already have an existing /dev/sdb before issuing the commands below. You
could lose some data if you issue those commands on a non-empty disk.
1.
First, create the physical volume, in a terminal execute:
sudo pvcreate /dev/sdb
2.
Now extend the Volume Group (VG):
sudo vgextend vg01 /dev/sdb
3.
Use vgdisplay to find out the free physical extents – Free PE / size (the size you can allocate). We will
assume a free size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the whole free
space available. Use your own PE and/or free space.
The Logical Volume (LV) can now be extended by different methods, we will only see how to use the
PE to extend the LV:
sudo lvextend /dev/vg01/srv -l +511
The -l option allows the LV to be extended using PE. The -L option allows the LV to be extended using
Meg, Gig, Tera, etc bytes.
4.
Even though you are supposed to be able to expand an ext3 or ext4 filesystem without unmounting it
first, it may be a good practice to unmount it anyway and check the filesystem, so that you don’t mess up
the day you want to reduce a logical volume (in that case unmounting first is compulsory).
The following commands are for an EXT3 or EXT4 filesystem. If you are using another filesystem there
may be other utilities available.
15
Installation
sudo umount /srv
sudo e2fsck -f /dev/vg01/srv
The -f option of e2fsck forces checking even if the system seems clean.
5.
Finally, resize the filesystem:
sudo resize2fs /dev/vg01/srv
6.
Now mount the partition and check its size.
mount /dev/vg01/srv /srv && df -h /srv
4.2.4. Resources
• See the Ubuntu Wiki LVM Articles9.
• See the LVM HOWTO10 for more information.
• Another good article is Managing Disk Space with LVM11 on O’Reilly’s linuxdevcenter.com site.
• For more information on fdisk see the fdisk man page12.
4.3. iSCSI
The iSCSI protocol can be used to install Ubuntu on systems with or without hard disks attached.
4.3.1. Installation on a diskless system
The first steps of a diskless iSCSI installation are identical to the Section 2, “Installing from CD” [p. 6]
section up to “Hard drive layout”.
1.
The installer will display a warning with the following message:
No disk drive was detected. If you know the name of the driver needed by your disk
drive, you can select it from the list.
2.
Select the item in the list titled login to iSCSI targets.
3.
You will be prompted to Enter an IP address to scan for iSCSI targets with a description of the format for
the address. Enter the IP address for the location of your iSCSI target and navigate to then
hit ENTER
4.
If authentication is required in order to access the iSCSI device, provide the username in the next field.
Otherwise leave it blank.
5.
If your system is able to connect to the iSCSI provider, you should see a list of available iSCSI targets
where the operating system can be installed. The list should be similar to the following :
9 https://help.ubuntu.com/community/Installation#lvm
10 http://tldp.org/HOWTO/LVM-HOWTO/index.html
11 http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-space-with-lvm.html
12 http://manpages.ubuntu.com/manpages/xenial/en/man8/fdisk.8.html
16
Installation
Select the iSCSI targets you wish to use.
iSCSI targets on 192.168.1.29:3260:
[ ] iqn.2016-03.TrustyS-iscsitarget:storage.sys0
6.
Select the iSCSI target that you want to use with the space bar. Use the arrow keys to navigate to the
target that you want to select.
7.
Navigate to and hit ENTER.
If the connection to the iSCSI target is successful, you will be prompted with the [!!] Partition disks
installation menu. The rest of the procedure is identical to any normal installation on attached disks. Once the
installation is completed, you will be asked to reboot.
4.3.2. Installation on a system with disk attached
Again, the iSCSI installation on a normal server with one or many disks attached is identical to the Section 2,
“Installing from CD” [p. 6] section until we reach the disk partitioning menu. Instead of using any of the
Guided selection, we need to perform the following steps :
1.
Navigate to the Manual menu entry
2.
Select the Configure iSCSI Volumes menu entry
3.
Choose the Log into iSCSI targets
4.
You will be prompted to Enter an IP address to scan for iSCSI targets. with a description of the format
for the address. Enter the IP address and navigate to then hit ENTER
5.
If authentication is required in order to access the iSCSI device, provide the username in the next field or
leave it blank.
6.
If your system is able to connect to the iSCSI provider, you should see a list of available iSCSI targets
where the operating system can be installed. The list should be similar to the following :
Select the iSCSI targets you wish to use.
iSCSI targets on 192.168.1.29:3260:
[ ] iqn.2016-03.TrustyS-iscsitarget:storage.sys0
7.
Select the iSCSI target that you want to use with the space bar. Use the arrow keys to navigate to the
target that you want to select
8.
Navigate to and hit ENTER.
9.
If successful, you will come back to the menu asking you to Log into iSCSI targets. Navigate to Finish
and hit ENTER
17
Installation
The newly connected iSCSI disk will appear in the overview section as a device prefixed with SCSI. This
is the disk that you should select as your installation disk. Once identified, you can choose any of the
partitioning methods.
Depending on your system configuration, there may be other SCSI disks attached to the system.
Be very careful to identify the proper device before proceeding with the installation. Otherwise,
irreversible data loss may result from performing an installation on the wrong disk.
4.3.3. Rebooting to an iSCSI target
The procedure is specific to your hardware platform. As an example, here is how to reboot to your iSCSI
target using iPXE
iPXE> dhcp
Configuring (net0 52:54:00:a4:f2:a9)……. ok
iPXE> sanboot iscsi:192.168.1.29::::iqn.2016-03.TrustyS-iscsitarget:storage.sys0
If the procedure is successful, you should see the Grub menu appear on the screen.
18
Installation
5. Kernel Crash Dump
5.1. Introduction
A Kernel Crash Dump refers to a portion of the contents of volatile memory (RAM) that is copied to disk
whenever the execution of the kernel is disrupted. The following events can cause a kernel disruption :
• Kernel Panic
• Non Maskable Interrupts (NMI)
• Machine Check Exceptions (MCE)
• Hardware failure
• Manual intervention
For some of those events (panic, NMI) the kernel will react automatically and trigger the crash dump
mechanism through kexec. In other situations a manual intervention is required in order to capture the
memory. Whenever one of the above events occurs, it is important to find out the root cause in order to
prevent it from happening again. The cause can be determined by inspecting the copied memory contents.
5.2. Kernel Crash Dump Mechanism
When a kernel panic occurs, the kernel relies on the kexec mechanism to quickly reboot a new instance of the
kernel in a pre-reserved section of memory that had been allocated when the system booted (see below). This
permits the existing memory area to remain untouched in order to safely copy its contents to storage.
5.3. Installation
The kernel crash dump utility is installed with the following command:
sudo apt install linux-crashdump
Starting with 16.04, the kernel crash dump mechanism is enabled by default. During the installation,
you will be prompted with the following dialog. Unless chosen otherwise, the kdump mechanism
will be enabled.
|————————| Configuring kdump-tools |————————|
|
|
|
|
| If you choose this option, the kdump-tools mechanism will be enabled. A
|
| reboot is still required in order to enable the crashkernel kernel
|
| parameter.
|
|
| Should kdump-tools be enabled by default?
|
|
|
|
|
|
|
|
|—————————————————————————|
19
Installation
If you ever need to manually enable the functionality, you can use the dpkg-reconfigure kdump-tools
command and answer Yes to the question. You can also edit /etc/default/kdump-tools by including the
following line:
USE_KDUMP=1
If a reboot has not been done since installation of the linux-crashdump package, a reboot will be required in
order to activate the crashkernel= boot parameter. Upon reboot, kdump-tools will be enabled and active.
If you enable kdump-tools after a reboot, you will only need to issue the kdump-config load command to
activate the kdump mechanism.
5.4. Configuration
In addition to local dump, it is now possible to use the remote dump functionality to send the kernel crash
dump to a remote server, using either the SSH or NFS protocols.
5.4.1. Local Kernel Crash Dumps
Local dumps are configured automatically and will remain in use unless a remote protocol is chosen. Many
configuration options exist and are thoroughly documented in the /etc/default/kdump-tools file.
5.4.2. Remote Kernel Crash Dumps using the SSH protocol
To enable remote dumps using the SSH protocol, the /etc/default/kdump-tools must be modified in the
following manner :
# ————————————————————————–# Remote dump facilities:
# SSH – username and hostname of the remote server that will receive the dump
#
and dmesg files.
# SSH_KEY – Full path of the ssh private key to be used to login to the remote
#
#
server. use kdump-config propagate to send the public key to the
remote server
# HOSTTAG – Select if hostname of IP address will be used as a prefix to the
#
timestamped directory when sending files to the remote server.
#
‘ip’ is the default.
SSH=”ubuntu@kdump-netcrash”
The only mandatory variable to define is SSH. It must contain the username and hostname of the remote
server using the format {username}@{remote server}.
SSH_KEY may be used to provide an existing private key to be used. Otherwise, the kdump-config
propagate command will create a new keypair. The HOSTTAG variable may be used to use the hostname of
the system as a prefix to the remote directory to be created instead of the IP address.
The following example shows how kdump-config propagate is used to create and propagate a new keypair
to the remote server :
20
Installation
sudo kdump-config propagate
Need to generate a new ssh key…
The authenticity of host ‘kdump-netcrash (192.168.1.74)’ can’t be established.
ECDSA key fingerprint is SHA256:iMp+5Y28qhbd+tevFCWrEXykDd4dI3yN4OVlu3CBBQ4.
Are you sure you want to continue connecting (yes/no)? yes
ubuntu@kdump-netcrash’s password:
propagated ssh key /root/.ssh/kdump_id_rsa to server ubuntu@kdump-netcrash
The password of the account used on the remote server will be required in order to successfully send the
public key to the server
The kdump-config show command can be used to confirm that kdump is correctly configured to use the SSH
protocol :
kdump-config show
DUMP_MODE:
kdump
USE_KDUMP:
KDUMP_SYSCTL:
1
kernel.panic_on_oops=1
KDUMP_COREDIR:
/var/crash
crashkernel addr: 0x2c000000
/var/lib/kdump/vmlinuz: symbolic link to /boot/vmlinuz-4.4.0-10-generic
kdump initrd:
/var/lib/kdump/initrd.img: symbolic link to /var/lib/kdump/initrd.img-4.4.0-10-generic
SSH:
SSH_KEY:
ubuntu@kdump-netcrash
/root/.ssh/kdump_id_rsa
HOSTTAG:
ip
current state:
ready to kdump
5.4.3. Remote Kernel Crash Dumps using the NFS protocol
To enable remote dumps using the NFS protocol, the /etc/default/kdump-tools must be modified in the
following manner :
# NFS –
Hostname and mount point of the NFS server configured to receive
#
#
the crash dump. The syntax must be {HOSTNAME}:{MOUNTPOINT}
(e.g. remote:/var/crash)
#
NFS=”kdump-netcrash:/var/crash”
As with the SSH protocol, the HOSTTAG variable can be used to replace the IP address by the hostname as
the prefix of the remote directory.
The kdump-config show command can be used to confirm that kdump is correctly configured to use the NFS
protocol :
21
Installation
kdump-config show
DUMP_MODE:
USE_KDUMP:
kdump
1
KDUMP_SYSCTL:
kernel.panic_on_oops=1
KDUMP_COREDIR:
/var/crash
crashkernel addr: 0x2c000000
/var/lib/kdump/vmlinuz: symbolic link to /boot/vmlinuz-4.4.0-10-generic
kdump initrd:
/var/lib/kdump/initrd.img: symbolic link to /var/lib/kdump/initrd.img-4.4.0-10-generic
NFS:
kdump-netcrash:/var/crash
HOSTTAG:
current state:
hostname
ready to kdump
5.5. Verification
To confirm that the kernel dump mechanism is enabled, there are a few things to verify. First, confirm that the
crashkernel boot parameter is present (note: The following line has been split into two to fit the format of this
document:
cat /proc/cmdline
BOOT_IMAGE=/vmlinuz-3.2.0-17-server root=/dev/mapper/PreciseS-root ro
crashkernel=384M-2G:64M,2G-:128M
The crashkernel parameter has the following syntax:
crashkernel=:[,:,…][@offset]
range=start-[end] ‘start’ is inclusive and ‘end’ is exclusive.
So for the crashkernel parameter found in /proc/cmdline we would have :
crashkernel=384M-2G:64M,2G-:128M
The above value means:
• if the RAM is smaller than 384M, then don’t reserve anything (this is the “rescue” case)
• if the RAM size is between 386M and 2G (exclusive), then reserve 64M
• if the RAM size is larger than 2G, then reserve 128M
Second, verify that the kernel has reserved the requested memory area for the kdump kernel by doing:
dmesg | grep -i crash

[
0.000000] Reserving 64MB of memory at 800MB for crashkernel (System RAM: 1023MB)
22
Installation
Finally, as seen previously, the kdump-config show command displays the current status of the kdump-tools
configuration :
kdump-config show
DUMP_MODE:
USE_KDUMP:
kdump
1
KDUMP_SYSCTL:
kernel.panic_on_oops=1
KDUMP_COREDIR:
/var/crash
crashkernel addr: 0x2c000000
/var/lib/kdump/vmlinuz: symbolic link to /boot/vmlinuz-4.4.0-10-generic
kdump initrd:
/var/lib/kdump/initrd.img: symbolic link to /var/lib/kdump/initrd.img-4.4.0-10-generic
current state:
ready to kdump
kexec command:
/sbin/kexec -p –command-line=”BOOT_IMAGE=/vmlinuz-4.4.0-10-generic root=/dev/
mapper/VividS–vg-root ro debug break=init console=ttyS0,115200 irqpoll maxcpus=1 nousb
systemd.unit=kdump-tools.service” –initrd=/var/lib/kdump/initrd.img /var/lib/kdump/vmlinuz
5.6. Testing the Crash Dump Mechanism
Testing the Crash Dump Mechanism will cause a system reboot. In certain situations, this can cause
data loss if the system is under heavy load. If you want to test the mechanism, make sure that the
system is idle or under very light load.
Verify that the SysRQ mechanism is enabled by looking at the value of the /proc/sys/kernel/sysrq kernel
parameter :
cat /proc/sys/kernel/sysrq
If a value of 0 is returned the feature is disabled. Enable it with the following command :
sudo sysctl -w kernel.sysrq=1
Once this is done, you must become root, as just using sudo will not be sufficient. As the root user, you will
have to issue the command echo c > /proc/sysrq-trigger. If you are using a network connection, you will lose
contact with the system. This is why it is better to do the test while being connected to the system console.
This has the advantage of making the kernel dump process visible.
A typical test output should look like the following :
sudo -s
[sudo] password for ubuntu:
# echo c > /proc/sysrq-trigger
23
Installation
[
31.659002] SysRq : Trigger a crash
[
[
31.659749] BUG: unable to handle kernel NULL pointer dereference at
31.662668] IP: [] sysrq_handle_crash+0x16/0x20
[
31.662668] PGD 3bfb9067 PUD 368a7067 PMD 0
[
31.662668] Oops: 0002 [#1] SMP
(null)
[
31.662668] CPU 1
….
The rest of the output is truncated, but you should see the system rebooting and somewhere in the log, you
will see the following line :
Begin: Saving vmcore from kernel crash …
Once completed, the system will reboot to its normal operational mode. You will then find Kernel Crash
Dump file in the /var/crash directory :
ls /var/crash
linux-image-3.0.0-12-server.0.crash
5.7. Resources
Kernel Crash Dump is a vast topic that requires good knowledge of the linux kernel. You can find more
information on the topic here :
• Kdump kernel documentation13.
• The crash tool14
• Analyzing Linux Kernel Crash15 (Based on Fedora, it still gives a good walkthrough of kernel dump
analysis)
13 http://www.kernel.org/doc/Documentation/kdump/kdump.txt
14 http://people.redhat.com/~anderson/
15 http://www.dedoimedo.com/computers/crash-analyze.html
24
Chapter 3. Package Management
Ubuntu features a comprehensive package management system for installing, upgrading, configuring, and
removing software. In addition to providing access to an organized base of over 45,000 software packages for
your Ubuntu computer, the package management facilities also feature dependency resolution capabilities and
software update checking.
Several tools are available for interacting with Ubuntu’s package management system, from simple commandline utilities which may be easily automated by system administrators, to a simple graphical interface which is
easy to use by those new to Ubuntu.
25
Package Management
1. Introduction
Ubuntu’s package management system is derived from the same system used by the Debian GNU/Linux
distribution. The package files contain all of the necessary files, meta-data, and instructions to implement a
particular functionality or software application on your Ubuntu computer.
Debian package files typically have the extension ‘.deb’, and usually exist in repositories which are collections
of packages found on various media, such as CD-ROM discs, or online. Packages are normally in a precompiled binary format; thus installation is quick, and requires no compiling of software.
Many complex packages use dependencies. Dependencies are additional packages required by the principal
package in order to function properly. For example, the speech synthesis package festival depends upon the
package libasound2, which is a package supplying the ALSA sound library needed for audio playback. In
order for festival to function, it and all of its dependencies must be installed. The software management tools
in Ubuntu will do this automatically.
26
Package Management
2. dpkg
dpkg is a package manager for Debian-based systems. It can install, remove, and build packages, but
unlike other package management systems, it cannot automatically download and install packages or their
dependencies. This section covers using dpkg to manage locally installed packages:
• To list all packages installed on the system, from a terminal prompt type:
dpkg -l
• Depending on the amount of packages on your system, this can generate a large amount of output. Pipe the
output through grep to see if a specific package is installed:
dpkg -l | grep apache2
Replace apache2 with any package name, part of a package name, or other regular expression.
• To list the files installed by a package, in this case the ufw package, enter:
dpkg -L ufw
• If you are not sure which package installed a file, dpkg -S may be able to tell you. For example:
dpkg -S /etc/host.conf
base-files: /etc/host.conf
The output shows that the /etc/host.conf belongs to the base-files package.
Many files are automatically generated during the package install process, and even though they
are on the filesystem, dpkg -S may not know which package they belong to.
• You can install a local .deb file by entering:
sudo dpkg -i zip_3.0-4_i386.deb
Change zip_3.0-4_i386.deb to the actual file name of the local .deb file you wish to install.
• Uninstalling a package can be accomplished by:
sudo dpkg -r zip
Uninstalling packages using dpkg, in most cases, is NOT recommended. It is better to use a
package manager that handles dependencies to ensure that the system is in a consistent state. For
example using dpkg -r zip will remove the zip package, but any packages that depend on it will
still be installed and may no longer function correctly.
For more dpkg options see the man page: man dpkg.
27
Package Management
3. Apt
The apt command is a powerful command-line tool, which works with Ubuntu’s Advanced Packaging Tool
(APT) performing such functions as installation of new software packages, upgrade of existing software
packages, updating of the package list index, and even upgrading the entire Ubuntu system.
Being a simple command-line tool, apt has numerous advantages over other package management tools
available in Ubuntu for server administrators. Some of these advantages include ease of use over simple
terminal connections (SSH), and the ability to be used in system administration scripts, which can in turn be
automated by the cron scheduling utility.
Some examples of popular uses for the apt utility:
• Install a Package: Installation of packages using the apt tool is quite simple. For example, to install the
network scanner nmap, type the following:
sudo apt install nmap
• Remove a Package: Removal of a package (or packages) is also straightforward. To remove the package
installed in the previous example, type the following:
sudo apt remove nmap
Multiple Packages: You may specify multiple packages to be installed or removed, separated by
spaces.
Also, adding the –purge option to apt remove will remove the package configuration files as well. This
may or may not be the desired effect, so use with caution.
• Update the Package Index: The APT package index is essentially a database of available packages
from the repositories defined in the /etc/apt/sources.list file and in the /etc/apt/sources.list.d
directory. To update the local package index with the latest changes made in the repositories, type the
following:
sudo apt update
• Upgrade Packages: Over time, updated versions of packages currently installed on your computer may
become available from the package repositories (for example security updates). To upgrade your system,
first update your package index as outlined above, and then type:
sudo apt upgrade
For information on upgrading to a new Ubuntu release see Section 3, “Upgrading” [p. 9].
Actions of the apt command, such as installation and removal of packages, are logged in the /var/log/dpkg.log
log file.
28
Package Management
For further information about the use of APT, read the comprehensive Debian APT User Manual1 or type:
apt help
1 http://www.debian.org/doc/user-manuals#apt-howto
29
Package Management
4. Aptitude
Launching Aptitude with no command-line options, will give you a menu-driven, text-based front-end to
the Advanced Packaging Tool (APT) system. Many of the common package management functions, such
as installation, removal, and upgrade, can be performed in Aptitude with single-key commands, which are
typically lowercase letters.
Aptitude is best suited for use in a non-graphical terminal environment to ensure proper functioning of the
command keys. You may start the menu-driven interface of Aptitude as a normal user by typing the following
command at a terminal prompt:
sudo aptitude
When Aptitude starts, you will see a menu bar at the top of the screen and two panes below the menu bar. The
top pane contains package categories, such as New Packages and Not Installed Packages. The bottom pane
contains information related to the packages and package categories.
Using Aptitude for package management is relatively straightforward, and the user interface makes common
tasks simple to perform. The following are examples of common package management functions as performed
in Aptitude:
• Install Packages: To install a package, locate the package via the Not Installed Packages package category,
by using the keyboard arrow keys and the ENTER key. Highlight the desired package, then press the +
key. The package entry should turn green, indicating that it has been marked for installation. Now press g
to be presented with a summary of package actions. Press g again, and downloading and installation of the
package will commence. When finished, press ENTER, to return to the menu.
• Remove Packages: To remove a package, locate the package via the Installed Packages package category,
by using the keyboard arrow keys and the ENTER key. Highlight the desired package you wish to remove,
then press the – key. The package entry should turn pink, indicating it has been marked for removal. Now
press g to be presented with a summary of package actions. Press g again, and removal of the package will
commence. When finished, press ENTER, to return to the menu.
• Update Package Index: To update the package index, simply press the u key. Updating of the package
index will commence.
• Upgrade Packages: To upgrade packages, perform the update of the package index as detailed above,
and then press the U key to mark all packages with updates. Now press g whereby you’ll be presented with
a summary of package actions. Press g again, and the download and installation will commence. When
finished, press ENTER, to return to the menu.
The first column of information displayed in the package list in the top pane, when actually viewing packages
lists the current state of the package, and uses the following key to describe the state of the package:
• i: Installed package
• c: Package not installed, but package configuration remains on system
• p: Purged from system
30
Package Management
• v: Virtual package
• B: Broken package
• u: Unpacked files, but package not yet configured
• C: Half-configured – Configuration failed and requires fix
• H: Half-installed – Removal failed and requires fix
To exit Aptitude, simply press the q key and confirm you wish to exit. Many other functions are available
from the Aptitude menu by pressing the F10 key.
4.1. Command Line Aptitude
You can also use Aptitude as a command-line tool, similar to apt. To install the nmap package with all
necessary dependencies, as in the apt example, you would use the following command:
sudo aptitude install nmap
To remove the same package, you would use the command:
sudo aptitude remove nmap
Consult the man pages for more details of command line options for Aptitude.
31
Package Management
5. Automatic Updates
The unattended-upgrades package can be used to automatically install updated packages, and can be
configured to update all packages or just install security updates. First, install the package by entering the
following in a terminal:
sudo apt install unattended-upgrades
To configure unattended-upgrades, edit /etc/apt/apt.conf.d/50unattended-upgrades and adjust the
following to fit your needs:
Unattended-Upgrade::Allowed-Origins {
“Ubuntu xenial-security”;
//
};
“Ubuntu xenial-updates”;
Certain packages can also be blacklisted and therefore will not be automatically updated. To blacklist a
package, add it to the list:
Unattended-Upgrade::Package-Blacklist {
//
“vim”;
//
“libc6”;
//
//
“libc6-dev”;
“libc6-i686”;
};
The double “//” serve as comments, so whatever follows “//” will not be evaluated.
To enable automatic updates, edit /etc/apt/apt.conf.d/10periodic and set the appropriate apt
configuration options:
APT::Periodic::Update-Package-Lists “1”;
APT::Periodic::Download-Upgradeable-Packages “1”;
APT::Periodic::AutocleanInterval “7”;
APT::Periodic::Unattended-Upgrade “1”;
The above configuration updates the package list, downloads, and installs available upgrades every day. The
local download archive is cleaned every week.
You can read more about apt Periodic configuration options in the /etc/cron.daily/apt script
header.
The results of unattended-upgrades will be logged to /var/log/unattended-upgrades.
32
Package Management
5.1. Notifications
Configuring Unattended-Upgrade::Mail in /etc/apt/apt.conf.d/50unattended-upgrades will enable
unattended-upgrades to email an administrator detailing any packages that need upgrading or have problems.
Another useful package is apticron. apticron will configure a cron job to email an administrator information
about any packages on the system that have updates available, as well as a summary of changes in each
package.
To install the apticron package, in a terminal enter:
sudo apt install apticron
Once the package is installed edit /etc/apticron/apticron.conf, to set the email address and other options:
EMAIL=”root@example.com”
33
Package Management
6. Configuration
Configuration of the Advanced Packaging Tool (APT) system repositories is stored in the /etc/apt/
sources.list file and the /etc/apt/sources.list.d directory. An example of this file is referenced here,
along with information on adding or removing repository references from the file.
You may edit the file to enable repositories or disable them. For example, to disable the requirement of
inserting the Ubuntu CD-ROM whenever package operations occur, simply comment out the appropriate line
for the CD-ROM, which appears at the top of the file:
# no more prompting for CD-ROM please
# deb cdrom:[Ubuntu 16.04 _Xenial Xerus_ – Release i386 (20111013.1)]/ xenial main
restricted
6.1. Extra Repositories
In addition to the officially supported package repositories available for Ubuntu, there exist additional
community-maintained repositories which add thousands more packages for potential installation. Two of the
most popular are the Universe and Multiverse repositories. These repositories are not officially supported by
Ubuntu, but because they are maintained by the community they generally provide packages which are safe
for use with your Ubuntu computer.
Packages in the Multiverse repository often have licensing issues that prevent them from being
distributed with a free operating system, and they may be illegal in your locality.
Be advised that neither the Universe or Multiverse repositories contain officially supported
packages. In particular, there may not be security updates for these packages.
Many other package sources are available, sometimes even offering only one package, as in the case of
package sources provided by the developer of a single application. You should always be very careful and
cautious when using non-standard package sources, however. Research the source and packages carefully
before performing any installation, as some package sources and their packages could render your system
unstable or non-functional in some respects.
By default, the Universe and Multiverse repositories are enabled but if you would like to disable them edit /
etc/apt/sources.list and comment the following lines:
deb http://archive.ubuntu.com/ubuntu xenial universe multiverse
deb-src http://archive.ubuntu.com/ubuntu xenial universe multiverse
deb http://us.archive.ubuntu.com/ubuntu/ xenial universe
deb-src http://us.archive.ubuntu.com/ubuntu/ xenial universe
deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates universe
deb http://us.archive.ubuntu.com/ubuntu/ xenial multiverse
34
Package Management
deb-src http://us.archive.ubuntu.com/ubuntu/ xenial multiverse
deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates multiverse
deb http://security.ubuntu.com/ubuntu xenial-security universe
deb-src http://security.ubuntu.com/ubuntu xenial-security universe
deb http://security.ubuntu.com/ubuntu xenial-security multiverse
deb-src http://security.ubuntu.com/ubuntu xenial-security multiverse
35
Package Management
7. References
Most of the material covered in this chapter is available in man pages, many of which are available online.
• The InstallingSoftware2 Ubuntu wiki page has more information.
• For more dpkg details see the dpkg man page3.
• The APT HOWTO4 and apt man page5 contain useful information regarding apt usage.
• See the aptitude man page6 for more aptitude options.
• The Adding Repositories HOWTO (Ubuntu Wiki)7 page contains more details on adding repositories.
2 https://help.ubuntu.com/community/InstallingSoftware
3 http://manpages.ubuntu.com/manpages/xenial/en/man1/dpkg.1.html
4 http://www.debian.org/doc/manuals/apt-howto/
5 http://manpages.ubuntu.com/manpages/xenial/en/man8/apt.8.html
6 http://manpages.ubuntu.com/manpages/xenial/man8/aptitude.8.html
7 https://help.ubuntu.com/community/Repositories/Ubuntu
36
Chapter 4. Networking
Networks consist of two or more devices, such as computer systems, printers, and related equipment
which are connected by either physical cabling or wireless links for the purpose of sharing and distributing
information among the connected devices.
This section provides general and specific information pertaining to networking, including an overview of
network concepts and detailed discussion of popular network protocols.
37
Networking
1. Network Configuration
Ubuntu ships with a number of graphical utilities to configure your network devices. This document is geared
toward server administrators and will focus on managing your network on the command line.
1.1. Ethernet Interfaces
Ethernet interfaces are identified by the system using the naming convention of ethX, where X represents a
numeric value. The first Ethernet interface is typically identified as eth0, the second as eth1, and all others
should move up in numerical order.
1.1.1. Identify Ethernet Interfaces
To quickly identify all available Ethernet interfaces, you can use the ifconfig command as shown below.
ifconfig -a | grep eth
eth0
Link encap:Ethernet
HWaddr 00:15:c5:4a:16:5a
Another application that can help identify all network interfaces available to your system is the lshw
command. In the example below, lshw shows a single Ethernet interface with the logical name of eth0 along
with bus information, driver details and all supported capabilities.
sudo lshw -class network
*-network
description: Ethernet interface
product: BCM4401-B0 100Base-TX
vendor: Broadcom Corporation
physical id: 0
bus info: pci@0000:03:00.0
logical name: eth0
version: 02
serial: 00:15:c5:4a:16:5a
size: 10MB/s
capacity: 100MB/s
width: 32 bits
clock: 33MHz
capabilities: (snipped for brevity)
configuration: (snipped for brevity)
resources: irq:17 memory:ef9fe000-ef9fffff
1.1.2. Ethernet Interface Logical Names
Interface logical names are configured in the file /etc/udev/rules.d/70-persistent-net.rules. If you
would like control which interface receives a particular logical name, find the line matching the interfaces
physical MAC address and modify the value of NAME=ethX to the desired logical name. Reboot the system
to commit your changes.
38
Networking
1.1.3. Ethernet Interface Settings
ethtool is a program that displays and changes Ethernet card settings such as auto-negotiation, port speed,
duplex mode, and Wake-on-LAN. It is not installed by default, but is available for installation in the
repositories.
sudo apt install ethtool
The following is an example of how to view supported features and configured settings of an Ethernet
interface.
sudo ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes:
10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes:
10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0x000000ff (255)
Link detected: yes
Changes made with the ethtool command are temporary and will be lost after a reboot. If you would like to
retain settings, simply add the desired ethtool command to a pre-up statement in the interface configuration
file /etc/network/interfaces.
The following is an example of how the interface identified as eth0 could be permanently configured with a
port speed of 1000Mb/s running in full duplex mode.
auto eth0
iface eth0 inet static
pre-up /sbin/ethtool -s eth0 speed 1000 duplex full
Although the example above shows the interface configured to use the static method, it actually
works with other methods as well, such as DHCP. The example is meant to demonstrate only proper
placement of the pre-up statement in relation to the rest of the interface configuration.
39
Networking
1.2. IP Addressing
The following section describes the process of configuring your systems IP address and default gateway
needed for communicating on a local area network and the Internet.
1.2.1. Temporary IP Address Assignment
For temporary network configurations, you can use standard commands such as ip, ifconfig and route, which
are also found on most other GNU/Linux operating systems. These commands allow you to configure settings
which take effect immediately, however they are not persistent and will be lost after a reboot.
To temporarily configure an IP address, you can use the ifconfig command in the following manner. Just
modify the IP address and subnet mask to match your network requirements.
sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0
To verify the IP address configuration of eth0, you can use the ifconfig command in the following manner.
ifconfig eth0
eth0
Link encap:Ethernet
HWaddr 00:15:c5:4a:16:5a
inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0
TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2574778386 (2.5 GB)
TX bytes:1618367329 (1.6 GB)
Interrupt:16
To configure a default gateway, you can use the route command in the following manner. Modify the default
gateway address to match your network requirements.
sudo route add default gw 10.0.0.1 eth0
To verify your default gateway configuration, you can use the route command in the following manner.
route -n
Kernel IP routing table
Destination
10.0.0.0
Gateway
0.0.0.0
Genmask
255.255.255.0
Flags Metric Ref
U
1
0
0.0.0.0
10.0.0.1
0.0.0.0
UG
0
0
Use Iface
0 eth0
0 eth0
If you require DNS for your temporary network configuration, you can add DNS server IP addresses in
the file /etc/resolv.conf. In general, editing /etc/resolv.conf directly is not recommanded, but this
is a temporary and non-persistent configuration. The example below shows how to enter two DNS servers
to /etc/resolv.conf, which should be changed to servers appropriate for your network. A more lengthy
description of the proper persistent way to do DNS client configuration is in a following section.
40
Networking
nameserver 8.8.8.8
nameserver 8.8.4.4
If you no longer need this configuration and wish to purge all IP configuration from an interface, you can use
the ip command with the flush option as shown below.
ip addr flush eth0
Flushing the IP configuration using the ip command does not clear the contents of /etc/
resolv.conf. You must remove or modify those entries manually, or re-boot which should also
cause /etc/resolv.conf, which is actually now a symlink to /run/resolvconf/resolv.conf, to be
re-written.
1.2.2. Dynamic IP Address Assignment (DHCP Client)
To configure your server to use DHCP for dynamic address assignment, add the dhcp method to the inet
address family statement for the appropriate interface in the file /etc/network/interfaces. The example
below assumes you are configuring your first Ethernet interface identified as eth0.
auto eth0
iface eth0 inet dhcp
By adding an interface configuration as shown above, you can manually enable the interface through the ifup
command which initiates the DHCP process via dhclient.
sudo ifup eth0
To manually disable the interface, you can use the ifdown command, which in turn will initiate the DHCP
release process and shut down the interface.
sudo ifdown eth0
1.2.3. Static IP Address Assignment
To configure your system to use a static IP address assignment, add the static method to the inet address
family statement for the appropriate interface in the file /etc/network/interfaces. The example below
assumes you are configuring your first Ethernet interface identified as eth0. Change the address, netmask, and
gateway values to meet the requirements of your network.
auto eth0
iface eth0 inet static
address 10.0.0.100
netmask 255.255.255.0
gateway 10.0.0.1
41
Networking
By adding an interface configuration as shown above, you can manually enable the interface through the ifup
command.
sudo ifup eth0
To manually disable the interface, you can use the ifdown command.
sudo ifdown eth0
1.2.4. Loopback Interface
The loopback interface is identified by the system as lo and has a default IP address of 127.0.0.1. It can be
viewed using the ifconfig command.
ifconfig lo
lo
Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436
Metric:1
RX packets:2718 errors:0 dropped:0 overruns:0 frame:0
TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:183308 (183.3 KB)
TX bytes:183308 (183.3 KB)
By default, there should be two lines in /etc/network/interfaces responsible for automatically configuring
your loopback interface. It is recommended that you keep the default settings unless you have a specific
purpose for changing them. An example of the two default lines are shown below.
auto lo
iface lo inet loopback
1.3. Name Resolution
Name resolution as it relates to IP networking is the process of mapping IP addresses to hostnames, making it
easier to identify resources on a network. The following section will explain how to properly configure your
system for name resolution using DNS and static hostname records.
1.3.1. DNS Client Configuration
Traditionally, the file /etc/resolv.conf was a static configuration file that rarely needed to be changed
or automatically changed via DCHP client hooks. Nowadays, a computer can switch from one network to
another quite often and the resolvconf framework is now being used to track these changes and update the
resolver’s configuration automatically. It acts as an intermediary between programs that supply nameserver
information and applications that need nameserver information. Resolvconf gets populated with information
by a set of hook scripts related to network interface configuration. The most notable difference for the user is
that any change manually done to /etc/resolv.conf will be lost as it gets overwritten each time something
42
Networking
triggers resolvconf. Instead, resolvconf uses DHCP client hooks, and /etc/network/interfaces to generate a
list of nameservers and domains to put in /etc/resolv.conf, which is now a symlink:
/etc/resolv.conf -> ../run/resolvconf/resolv.conf
To configure the resolver, add the IP addresses of the nameservers that are appropriate for your network in the
file /etc/network/interfaces. You can also add an optional DNS suffix search-lists to match your network
domain names. For each other valid resolv.conf configuration option, you can include, in the stanza, one line
beginning with that option name with a dns- prefix. The resulting file might look like the following:
iface eth0 inet static
address 192.168.3.3
netmask 255.255.255.0
gateway 192.168.3.1
dns-search example.com
dns-nameservers 192.168.3.45 192.168.8.10
The search option can also be used with multiple domain names so that DNS queries will be appended in
the order in which they are entered. For example, your network may have multiple sub-domains to search; a
parent domain of example.com, and two sub-domains, sales.example.com and dev.example.com.
If you have multiple domains you wish to search, your configuration might look like the following:
iface eth0 inet static
address 192.168.3.3
netmask 255.255.255.0
gateway 192.168.3.1
dns-search example.com sales.example.com dev.example.com
dns-nameservers 192.168.3.45 192.168.8.10
If you try to ping a host with the name of server1, your system will automatically query DNS for its Fully
Qualified Domain Name (FQDN) in the following order:
1. server1.example.com
2. server1.sales.example.com
3. server1.dev.example.com
If no matches are found, the DNS server will provide a result of notfound and the DNS query will fail.
1.3.2. Static Hostnames
Static hostnames are locally defined hostname-to-IP mappings located in the file /etc/hosts. Entries in
the hosts file will have precedence over DNS by default. This means that if your system tries to resolve
a hostname and it matches an entry in /etc/hosts, it will not attempt to look up the record in DNS. In some
configurations, especially when Internet access is not required, servers that communicate with a limited
number of resources can be conveniently set to use static hostnames instead of DNS.
43
Networking
The following is an example of a hosts file where a number of local servers have been identified by simple
hostnames, aliases and their equivalent Fully Qualified Domain Names (FQDN’s).
127.0.0.1 localhost
127.0.1.1 ubuntu-server
10.0.0.11 server1 server1.example.com vpn
10.0.0.12 server2 server2.example.com mail
10.0.0.13 server3 server3.example.com www
10.0.0.14 server4 server4.example.com file
In the above example, notice that each of the servers have been given aliases in addition to their
proper names and FQDN’s. Server1 has been mapped to the name vpn, server2 is referred to as mail,
server3 as www, and server4 as file.
1.3.3. Name Service Switch Configuration
The order in which your system selects a method of resolving hostnames to IP addresses is controlled by the
Name Service Switch (NSS) configuration file /etc/nsswitch.conf. As mentioned in the previous section,
typically static hostnames defined in the systems /etc/hosts file have precedence over names resolved from
DNS. The following is an example of the line responsible for this order of hostname lookups in the file /etc/
nsswitch.conf.
hosts:
files mdns4_minimal [NOTFOUND=return] dns mdns4
• files first tries to resolve static hostnames located in /etc/hosts.
• mdns4_minimal attempts to resolve the name using Multicast DNS.
• [NOTFOUND=return] means that any response of notfound by the preceding mdns4_minimal process
should be treated as authoritative and that the system should not try to continue hunting for an answer.
• dns represents a legacy unicast DNS query.
• mdns4 represents a Multicast DNS query.
To modify the order of the above mentioned name resolution methods, you can simply change the hosts:
string to the value of your choosing. For example, if you prefer to use legacy Unicast DNS versus Multicast
DNS, you can change the string in /etc/nsswitch.conf as shown below.
hosts:
files dns [NOTFOUND=return] mdns4_minimal mdns4
1.4. Bridging
Bridging multiple interfaces is a more advanced configuration, but is very useful in multiple scenarios. One
scenario is setting up a bridge with multiple network interfaces, then using a firewall to filter traffic between
two network segments. Another scenario is using bridge on a system with one interface to allow virtual
machines direct access to the outside network. The following example covers the latter scenario.
Before configuring a bridge you will need to install the bridge-utils package. To install the package, in a
terminal enter:
44
Networking
sudo apt install bridge-utils
Next, configure the bridge by editing /etc/network/interfaces:
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
address 192.168.0.10
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off
Enter the appropriate values for your physical interface and network.
Now bring up the bridge:
sudo ifup br0
The new bridge interface should now be up and running. The brctl provides useful information about the state
of the bridge, controls which interfaces are part of the bridge, etc. See man brctl for more information.
1.5. Resources
• The Ubuntu Wiki Network page1 has links to articles covering more advanced network configuration.
• The resolvconf man page2 has more information on resolvconf.
• The interfaces man page3 has details on more options for /etc/network/interfaces.
• The dhclient man page4 has details on more options for configuring DHCP client settings.
• For more information on DNS client configuration see the resolver man page5. Also, Chapter 6
of O’Reilly’s Linux Network Administrator’s Guide6 is a good source of resolver and name service
configuration information.
1 https://help.ubuntu.com/community/Network
2 http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html
3 http://manpages.ubuntu.com/manpages/man5/interfaces.5.html
4 http://manpages.ubuntu.com/manpages/man8/dhclient.8.html
5 http://manpages.ubuntu.com/manpages/man5/resolver.5.html
6 http://oreilly.com/catalog/linag2/book/ch06.html
45
Networking
• For more information on bridging see the brctl man page7 and the Linux Foundation’s Networking-Bridge8
page.
7 http://manpages.ubuntu.com/manpages/man8/brctl.8.html
8 http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge
46
Networking
2. TCP/IP
The Transmission Control Protocol and Internet Protocol (TCP/IP) is a standard set of protocols developed in
the late 1970s by the Defense Advanced Research Projects Agency (DARPA) as a means of communication
between different types of computers and computer networks. TCP/IP is the driving force of the Internet, and
thus it is the most popular set of network protocols on Earth.
2.1. TCP/IP Introduction
The two protocol components of TCP/IP deal with different aspects of computer networking. Internet
Protocol, the “IP” of TCP/IP is a connectionless protocol which deals only with network packet routing using
the IP Datagram as the basic unit of networking information. The IP Datagram consists of a header followed
by a message. The Transmission Control Protocol is the “TCP” of TCP/IP and enables network hosts to
establish connections which may be used to exchange data streams. TCP also guarantees that the data between
connections is delivered and that it arrives at one network host in the same order as sent from another network
host.
2.2. TCP/IP Configuration
The TCP/IP protocol configuration consists of several elements which must be set by editing the appropriate
configuration files, or deploying solutions such as the Dynamic Host Configuration Protocol (DHCP) server
which in turn, can be configured to provide the proper TCP/IP configuration settings to network clients
automatically. These configuration values must be set correctly in order to facilitate the proper network
operation of your Ubuntu system.
The common configuration elements of TCP/IP and their purposes are as follows:
• IP address The IP address is a unique identifying string expressed as four decimal numbers ranging
from zero (0) to two-hundred and fifty-five (255), separated by periods, with each of the four numbers
representing eight (8) bits of the address for a total length of thirty-two (32) bits for the whole address. This
format is called dotted quad notation.
• Netmask The Subnet Mask (or simply, netmask) is a local bit mask, or set of flags which separate the
portions of an IP address significant to the network from the bits significant to the subnetwork. For
example, in a Class C network, the standard netmask is 255.255.255.0 which masks the first three bytes
of the IP address and allows the last byte of the IP address to remain available for specifying hosts on the
subnetwork.
• Network Address The Network Address represents the bytes comprising the network portion of an IP
address. For example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the network address,
where twelve (12) represents the first byte of the IP address, (the network part) and zeroes (0) in all of the
remaining three bytes to represent the potential host values. A network host using the private IP address
192.168.1.100 would in turn use a Network Address of 192.168.1.0, which specifies the first three bytes of
the Class C 192.168.1 network and a zero (0) for all the possible hosts on the network.
• Broadcast Address The Broadcast Address is an IP address which allows network data to be sent
simultaneously to all hosts on a given subnetwork rather than specifying a particular host. The standard
47
Networking
general broadcast address for IP networks is 255.255.255.255, but this broadcast address cannot be used
to send a broadcast message to every host on the Internet because routers block it. A more appropriate
broadcast address is set to match a specific subnetwork. For example, on the private Class C IP network,
192.168.1.0, the broadcast address is 192.168.1.255. Broadcast messages are typically produced by network
protocols such as the Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP).
• Gateway Address A Gateway Address is the IP address through which a particular network, or host on a
network, may be reached. If one network host wishes to communicate with another network host, and that
host is not located on the same network, then a gateway must be used. In many cases, the Gateway Address
will be that of a router on the same network, which will in turn pass traffic on to other networks or hosts,
such as Internet hosts. The value of the Gateway Address setting must be correct, or your system will not be
able to reach any hosts beyond those on the same network.
• Nameserver Address Nameserver Addresses represent the IP addresses of Domain Name Service (DNS)
systems, which resolve network hostnames into IP addresses. There are three levels of Nameserver
Addresses, which may be specified in order of precedence: The Primary Nameserver, the Secondary
Nameserver, and the Tertiary Nameserver. In order for your system to be able to resolve network
hostnames into their corresponding IP addresses, you must specify valid Nameserver Addresses which you
are authorized to use in your system’s TCP/IP configuration. In many cases these addresses can and will be
provided by your network service provider, but many free and publicly accessible nameservers are available
for use, such as the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6.
The IP address, Netmask, Network Address, Broadcast Address, Gateway Address, and
Nameserver Addresses are typically specified via the appropriate directives in the file /etc/
network/interfaces. For more information, view the system manual page for interfaces, with
the following command typed …
Purchase answer to see full
attachment

error: Content is protected !!