Linux with Operating System Concepts

Network Configuration
◾
519
To use this function, we might define an array of IP addresses that we wish to test and 
then, using a for loop, call 
try_ip
with each address. The value 10 below in the try_ip 
function call is the number of attempts per device for the ping command.
list
=
(10.11.12.13 10.11.12.14 10.11.12.15
10.11.21.22 10.11.38.83 10.11.0.1)
for ip in $list; do
try_ip $ip 10
done
12.7.2 A Script to Test Internet Access
We might wish to implement a script to test our own computer’s Internet access. Reasons 
for a lack of Internet access include the network service being stopped, problems with our 
interface device(s), and problems with our local area network such as the router being 
unavailable. Rather than attempting to determine where our problem might exist, we 
could simply issue an instruction that requires external network response and see if we 
obtain such a response.
There are several ways to test our network, for instance, by using ping as shown in the 
previous script. Instead though, we are going to use a simpler approach, by attempting to 
wget files and seeing if we were successful. We will need to identify several sites that we 
know we can obtain files from. For simplicity, we will use only search engine sites (e.g., 
Google, Yahoo, and Bing) and query them for their home pages (index.*).
The wget program is a noninteractive way to download a file from a web server with-
out going through a web client. wget responds with information about the retrieval 
process. We are not interested in this, only in receiving the file. We will redirect wget’s 
output to 
/dev/null
. We will use the --
tries
option so that wget makes several 
attempts in case the first attempt is unsuccessful because of a spurious error. We will 
also issue wget commands to several sites until we have success. We can stop as soon as 
we have our first successful retrieval because this will confirm Internet access. As with 
the previous script, we will break our script into two parts, the retrieval from one site 
that will be written as a function, and a while loop to continue to issue wget commands 
until we achieve success.
try_wget() {
filename
=
$2.index
/usr/bin/wget -q --tries
=
$1 $2 –O /root/$filename
if [ –e $filename ]
then
rm 
/root/$filename
return 
0
else
return 
1
fi
}

520
◾
Linux with Operating System Concepts
urls
=
(www.google.com www.yahoo.com www.bing.com)
numAttempts
=
0
contact
=
0
while [[ $contact –eq 0 && $numAttempts –lt ${#urls[@]} ]]
do
u
=
${urls[numAttempts]}
try_wget 5 $u
if [ $? –eq 0 ]; then
contact 
=
1
fi
numAttempts 
=
$((numAttempts
+
1))
done
if [ $contact –eq 1 ]; then
echo Warning, Internet connection appears to be down
fi
In the above script, we store a series of web server addresses in the array 
urls
. We are 
using search engines here assuming that at least one will always be available and because 
these pages are dynamic, they should not be cached locally. We iterate through all the URLs 
in the array urls. For each url, 
u
, we pass this URL along with the value 5 to 
try_wget
. 
The function attempts to perform wget on the URL’s home page, using the number 5 for the 
number of attempts. If an attempt is successful, the file (the index page for the webserver) is 
downloaded to 
/root/$u.index
where 
$u
is the URL’s name, for example, the file could 
be 
/root/www.google.com.index
.
After the wget attempts have been made, the 
try_wget
function tests to see if the 
file exists. If so, the file is deleted and the function returns 0 for an error code. If not, 
then obviously, wget failed and the function returns the error code 1. In the while loop, 
after 
try_wget
is called, we examine its return value to see if it was successful (0) or 
not (1). If successful, we set the variable 
contact
to store 1 that will let us out of the 
while loop because we have found that our Internet connection is in fact working. We 
increment 
numAttempts
so that, if no attempts work, we can still exit the while loop 
once we have tried all the URLs. Upon exiting the while loop, if $contact is 1, we have 
Internet access; otherwise, with the URLs we tried, we apparently do not have Internet 
access.
The automated nature of the above script allows us to schedule such a test at intervals so 
that we can log Internet access results. Assuming this script is 
/root/try
, we might issue 
a crontab job such as
0 * * * * 
/root/try 
>>
/root/internet–access.log
so that the 
try
script executes every hour on the hour with results being stored to a log 
file. We should modify the try script so that the output error message includes the current 
time/date.

Network Configuration
◾
521
12.7.3 Scripts to Compile User Login Information
Another interesting script is one that compiles a list of all users remotely logged in. We can 
obtain this information from the 
who
command. This will give you all users logged in, includ-
ing yourself. You can remove your own listing by piping the result to an egrep command.
who | egrep –v $USER
Let us go a little further and actually compile the list of user names who are logged into 
the system. The response from who gives us extra information such as the terminal win-
dow, date and time of the last login, and the location that they are logging in from. We will 
prune this list down to just the user name. We can prune all the extra information away by 
using 
awk ‘{print $1}’
.
In the following script, we use who to generate all logged-in users, discard those users 
whose name matches 
$USER
, and then obtain just their login names. Next, we test to see 
if that user 
($user)
has already been added to the variable list or not. If not, concatenate 
$user onto the list. At the end of the script, the value of $list, along with the time/date, is 
output to the log file 
/root/logged_in_users.txt
.
list
=
count
=
0
for user in `who | egrep –v $USER | awk ‘{print $1}’`; do
if [ -z `echo $list | grep $user |
awk ‘{print $1}’` ]; then
list
=
“$list $user”
fi
done
echo “Users at `date` are $list”
>>
/root/logged_in_users.txt
As you will see in Chapter 14, log files retain authentication and log-in events; so, in 
fact, we are already logging information about who has logged in. The above script has 
the advantage that it is only storing who is currently logged in so that you would not have 
to parse through a much longer file that includes many other types of events. As with the 
script earlier where we tested Internet availability every hour, we could do the same here 
by scheduling the above script with crontab.
A related script to the previous one is to collect the IP addresses of users remotely logged 
in. Using who once again, we obtain a list of all logged-in users. Those with IP addresses 
will be the ones remotely logged in. The IP address will have the form #.#.#.# where # is an 
octet (number between 0 and 255). We can use egrep along with a regular expression for 
IP addresses to isolate just those items from who that are of these remotely logged-in users. 
For instance, we might use the following instruction:
who | egrep ‘[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}’

522
◾
Linux with Operating System Concepts
To obtain just the IP address, we can pipe the result of the above instruction to 
awk 
‘{print $5}’
that will give us all of the user’s IP addresses, although they will be placed 
in parens like the following:
(10.11.12.13)
(10.11.14.15)
(10.11.15.16)
Now, let us imagine that we want to perform a reverse nslookup to obtain the IP aliases 
of the clients logged in. We first have to remove the parens from around the IP addresses. 
We can accomplish this using sed or the 
expr substr
operation (see Chapter 7). Here 
is the code to accomplish this using substring.
x
=
`who | egrep ‘[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}’
| awk ‘{print $5}’`
for ip in $x; do
len
=
`expr length $ip`
len
=
$((len-2))
y
=
`expr substr $x 2 $len`
done
Now, we perform a reverse lookup on $y using host –i. Our full script is given below.
#!/bin/bash
x
=
`who |‘[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}’|
awk ‘{print $5}’`
for ip in $x; do
len
=
`expr length $ip`
len
=
$((len-2))
y
=
`expr substr $ip 2 $len`
done
echo `host –i $y` 
>>
/root/remote_users_by_ip_alias.txt`
Obviously, these are just a few of the possible scripts you could write to monitor your 
network’s activity.
12.8 CHAPTER REVIEW
Concepts and terms introduced in this chapter:
• Address resolution—the process of converting an IP alias into an IP address using 
some resolver such as a DNS server, a DNS cache, or the entries stored in /etc/
hosts.
• Computer network—a collection of computers and computing resources connected 
together to facilitate communication between resources.

Network Configuration
◾
523
• DHCP server—a device (usually a router or gateway but possibly a computer) set up 
to issue IP addresses dynamically upon request to devices on its subnet.
• Domain name system—the collection of servers and resolution information that per-
mits the use of IP aliases on the Internet rather than IP addresses. The DNS includes 
DNS servers, caches, and local resolving programs.
• Dynamic IP address—an IP address issued to your computer temporarily (for 
instance, for a few days).
• Ethernet—a technology for local area networks.
• Firewall—software that helps enforce security. In some cases, a firewall is both hard-
ware and software if an organization dedicates a computer to the server solely as a 
firewall.
• Gateway—a broadcast device responsible for connecting local area networks of dif-
ferent types together.
• Hub—a broadcast device operating on a subnetwork that, when it receives a message, 
broadcasts that message to all devices on that subnet.
• IP address—a unique address (number) assigned to a computing resource on the 
Internet. There are two types of IP addresses, version 4 (IPv4) and version 6 (IPv6).
• IPv4 address—32-bit address usually written as four octets of numbers between 0 and 
255, separated by periods, as in 10.11.12.13.
• IPv6 address—a 128-bit address offering far greater range of addresses. Usually writ-
ten as 32 hexadecimal digits. IPv6 is a protocol created to replace IPv4 because IPv4 is 
outmoded and because we have run out of most available IPv4 addresses. IPv6 includes 
features such as security and autoconfiguration that are not directly available in IPv4.
• IP alias—a name given to a computer to use in lieu of an IP address. The IP alias is a 
collection of usually short words separated by periods much like the IP address that 
is a series of numbers separated by periods. IP aliases are much easier to remember 
but since routers and gateways cannot use IP aliases, the use of IP aliases requires 
address resolution.
• Loopback device—an interface in Linux machines that allows software to communi-
cate to the computer as if the messages were coming over the network. The loopback 
device does not send messages onto a network.
• MAC address—the media access control address given to devices such as Ethernet 
cards. This address is used at the lowest level of the TCP/IP protocol and is used by 
switches.
• Name server—a computer with the responsibility of performing address resolution. 
Typically, a name server is an authority for the domain of which it is a part of and not 
an authority for any other domain.

524
◾
Linux with Operating System Concepts
• Netmask—a binary number used to AND with an IP address to obtain the network 
address for the device.
• Octet—an 8-bit number, typically written as an integer between 0 and 255. Four 
octets are used to make up an IPv4 address.
• Point to point—a type of network connection in which two devices are directly con-
nected together, rather than an Ethernet-style network. A point-to-point connection 
might exist between your computer and a printer if you have connected the printer 
directly to the computer.
• Port—an address assigned to a type of communication protocol. This address is used 
to identify the proper protocol and application for a given message. It can also be used 
for security purposes to determine whether a message should be permitted through 
a firewall.
• Protocol—the formal definition is a set of rules used to describe how entities should 
interact and/or communicate. In networks, a protocol describes the activities that 
a device must take to prepare the message for transmission and how the recipient 
is to interpret the message. TCP/IP is a protocol stack in that it consists of several 
protocols.
• Router—a broadcast device that examines a message’s destination IP address and 
routes the message onto the proper network or subnetwork as the next link in the 
chain of the communication.
• Static IP address—an IP address assigned to a computing resource permanently or at 
least for a long period of time. The static address is not expected to change. Changing 
it will require modifying DNS tables.
• Subnet—a subset of a local area network where all computers on the subnet share the 
same broadcast device (e.g., switch or router) and share the same netmask and there-
fore the same network address.
• Switch—a broadcast device operating on a subnetwork; when it receives a message, it 
broadcasts that message to a single device on the subnetwork using an MAC address 
for addressing.
• TCP/IP—a commonly used network protocol that lets computers access the Internet. 
TCP/IP is known as a protocol stack, comprising several lesser protocols.
• Tunnel—a temporary dedicated network communication link between two resources 
that is persistent, longer than typical network communications.
• Zero-configuration service—a network service that can locate network resources 
such as a DHCP server.
Linux commands covered in this chapter:

Network Configuration
◾
525
• ifconfig—older network command to configure or obtain network information such 
as IP address and router address.
• ip—newer network command that encapsulates the operations available in lesser 
programs such as ifconfig, route, and iptunnel.
• netstat—older network command to output statistics about network usage. Has been 
superseded with ss.
• ping—program to constantly send messages to another network-based resource to 
test for its availability.
• route—displays local router tables. Command replaced by ip.
• ss—socket investigation program.
• traceroute—like ping, used to determine availability of network-based resource. 
Differs because traceroute outputs the network addresses of routers and other devices 
that the request message(s) encounters on the way.
• xinetd (or inetd)—a superserver capable of invoking appropriate network services 
based on the ports of incoming messages.
Linux services and files of note covered in this chapter:
• certmonger—manages Internet digital certificates, replacing those that become 
outdated.
• dnsmasq—lightweight DNS server, primarily used as a DNS cache.
• netfs—used to permit remote access to local file systems.
• network—used to provide any form of network access. Among its duties are to bring 
up network interfaces (e.g., eth0) and establish the /etc/resolv.conf file.
• nfs—used to permit access to remote file systems for mounting.
• portrelease—with portreserve, manages port addresses that need to be reserved for 
usage by an application. Portrelease releases a reserved port.
• portreserve—reserves a port address for an application until portrelease releases the 
reserved port.
• sshd—service that permits ssh access into your computer.
• /etc/hosts—stores IP alias to IP address mapping information for resources that your 
computer will often communicate with.
• /etc/resolv.conf—stores IP addresses of your local name server(s).
• /etc/sysconfig/iptables—stores the Linux IPv4 firewall rules.

526
◾
Linux with Operating System Concepts
• /etc/sysconfig/iptables-config—stores the Linux IPv4 firewall configuration 
directives.
• /etc/sysconfig/ip6tables—stores the Linux IPv6 firewall rules.
• /etc/sysconfig/ip6tables-config—stores the Linux IPv6 firewall configuration 
directives.
• /etc/sysconfig/network-scripts/network-functions—stores various functions that are 
used by network scripts.
• /etc/sysconfig/network-scripts/ifcfg-eth0—data file for the Ethernet device (in this 
case, eth0), including an IP address if a static IP address is being used.
• /etc/sysconfig/network-scripts/ifcfg-lo—data file for the loopback device.
• /etc/sysconfig/network-scripts/ifdown—script to bring down interface devices.
• /etc/sysconfig/network-scripts/ifdown-eth—script to bring down your Ethernet inter-
face device.
• /etc/sysconfig/network-scripts/ifup— script to bring up interface devices.
• /etc/sysconfig/network-scripts/ifup-eth—script to bring up your Ethernet interface 
device.
• /etc/xinetd.conf—the configuration file for the xinetd service.
REVIEW QUESTIONS
1. You have a local area network containing four subnetworks. When a message reaches 
a subnet, you want to broadcast that message to only the appropriate destination 
computer. Which type of broadcast device would you use?
2. Following up from #1, what type of broadcast device would you use to connect the four 
subnets together assuming that the four subnets share the same network protocol?
3. Following up from #2, you want to connect the device from #2 to the Internet. What 
type of broadcast device might you use?
4. What is the difference between eth0 and lo?
5. What takes place in TCP/IP’s application layer?
6. In what layer of the TCP/IP protocol stack are MAC addresses used?
7. In what layer of TCP/IP do routers get involved?
8. To maintain a connection between two computers on the Internet, which layer of the 
TCP/IP protocol stack is involved?
9. What is a checksum?

Network Configuration
◾
527
10. What is the difference between UDP and TCP?
11. Let us assume there are 7 billion people on the planet. Explain why IPv4 addressing 
does not provide a sufficient number of IP addresses.
12. Again, assume there are 7 billion people on the planet. How many different IPv6 
addresses could each person be awarded given the 128-bit size for IPv6?
13. Why are there port numbers that are not reserved?
14. What Linux service would you run so that an application could claim a nonreserved 
port number and use it temporarily? What service would you run once that applica-
tion completed so that the port number could be made available again?
15. On the Internet, what is a domain? List some top-level domains.
16. Which Linux service needs to be running for you to have access to the Internet?
17. What does the script ifdown do?
18. What is the difference between the script ifdown and the script ifdown-eth0?
19. In the interface device configuration file (e.g., ifcfg-eth0), you might find the entry 
BOOTPROTO, what does this value indicate?
20. Of the following, which is(are) necessary for the ifcfg-eth0 file? ONBOOT, HWADDR, 
BROADCAST, IPADDR, or BOOTPROTO?
21. Of the following services, which one(s) are useful to support network security? avahi-
daemon, certmonger, dnsmasq, iptables, ip6tables, postfix, netfs, or nfs?
For questions 22 through 25, assume the default information provided in Section 
12.3 for xinetd and the following entry:
service ftp
{
socket_type
=
stream
instances
=
10
wait 
=
no
user 
=
root
server
=
/usr/sbin/in.ftpd
server_args
=
-l –a
no_access
=
1.0.0.0 2.0.0.0 3.0.0.0
access_time
=
04:00-22:59
log_on_success
+=
USERID
log_on_failure
+=
USERID
disable
=
yes
}
22. What are the items logged on an ftp success? On an ftp failure?

528
◾
Linux with Operating System Concepts
23. How many instances of ftp can xinetd handle at once? Does this differ from other 
services?
24. What does wait 
=
no mean?
25. What limitations are there in accessing ftp ?
26. Explain the role of the /etc/hosts table.
27. Your /etc/resolv.conf file is empty. Does this mean that you cannot access the Internet 
at all? If not, what restriction(s) might this place on your Internet usage?
28. Why might you want to issue a static IP address to a computer?
29. What are the advantages and disadvantages of using dynamic IP addresses?
For questions 30 through 35, assume your computer’s IP address is 10.145.201.12. Compute 
your network address given each of the following netmasks:
30. 255.255.255.0
31. 255.255.192.0
32. 255.255.128.0
33. 255.255.0.0
34. 255.240.0.0
35. 255.224.0.0
36. Why might you want a DHCP server to lease IP addresses rather than assign them?
37. What command would you issue to obtain the IP address of all of your interfaces?
38. What command would you issue to obtain the IP address of your eth0 interface?
39. What command would you issue to change the IP address of your eth0 interface?
40. What command would you issue to obtain the IP addresses of any routers in your 
router tables?
41. What command would you issue to flush your local router table?
42. Why might you be discouraged from using the command ifconfig?
43. Under what circumstance(s) might you want to implement a firewall to prevent some 
outgoing messages from being sent?
44. Are the orders that rules are listed in the iptables file important? Why or why not?
45. What does -P indicate in an iptables rule?
46. What is the difference between a target of REJECT and a target of DROP in the Linux 
iptables firewall?

Network Configuration
◾
529
47. The example rules from Section 12.6 do not explicitly accept incoming messages from 
a web server (which is usually over port 80). How then could the user of this firewall 
perform web browsing?
48. Assume your computer has a point-to-point connection with another device over 
interface ppp0. You want to permit all messages to come in from that device. What 
iptables rule would you specify to permit this?
49. Define an iptables rule to accept messages from IP address 10.11.53.1 over any of 
ports 20, 21, 22, 23, 53, or 80.
50. Define an iptables rule to reject messages over your Ethernet interface whose length 
is 0.
51. Define an iptables rule to accept messages over your Ethernet interface that use 
the UDP protocol and come from IP addresses 10.11.12.1, 10.11.12.2, or 10.11.12.3 
between 9 a.m. and 5 p.m.
52. Define an iptables rule to reject any outgoing messages intended for the IP address 
31.13.69.130.
53. Does iptables permit rules that can prevent a denial of service attack? If so, how?
54. Write a script similar to the first script from Section 12.7 that computes the total 
number of packets lost given a single IP address.
55. In the function 
try_wget
developed in Section 12.7, explain why we need to actu-
ally save the downloaded file retrieved from wget.

531
C h a p t e r
13
Software Installation 
and Maintenance
T
his chapter’s learning objectives are
• To know the questions you should consider when selecting and installing software
• To know the various methods of software installation in Linux
• To understand the concept of packages, package managers, and package dependencies
• To understand the installation process for open source software
• To understand the compilation process and the use of gcc
• To understand the role of the system administrator in maintaining installed software
• To understand the history and significance of the open source movement
13.1 INTRODUCTION
Software installation in any operating system has become a simple task for the user. In the 
Windows operating system, installation wizards are almost completely automated with the 
user only having to answer a few questions. In Linux, software installation can range from 
simple if the software is bundled in a package, to complex when dealing with open source 
software.
In this chapter, we begin by considering questions that you should answer before 
installing software. We look at several different approaches to installing software in 
Linux. We examine the open source initiative that supports most of the Linux software. 
We also take a look at 
gcc
, the GNUs C Compiler. We finish the chapter with a brief 
look at software maintenance, including updating and removing software and forms of 
software support.

532
◾
Linux with Operating System Concepts
13.2 SOFTWARE INSTALLATION QUESTIONS
Before you install any software, there are questions that you should consider.
• Do you need the software? Software will take up disk space, and depending on the 
source of the software, there could be risks in installing it. For instance, some soft-
ware could potentially interfere with already-installed software. Microsoft software 
has interfered in the past with some non-Microsoft titles. Additionally, if the software 
is from an untrusted source (an unknown third party), you take the risk that the soft-
ware may not be as it appears. Such software could include a Trojan horse, spyware, 
or other malware.
• Are there other software titles worth examining? This is particularly relevant in 
Linux where you might find open source versions of equivalent software or alter-
natively proprietary software that comes with support. Your choice of software title 
might be based on whether you want something for free or you want support and are 
willing to pay for it.
• What resources does the software require? All software requires some level of 
resources, including hard disk storage space, main memory capacity, and specific 
platform (e.g., Windows or desktop Linux). Software also requires a minimum pro-
cessing capability to function smoothly. Other resources might include access to 
the network, input from pen tablet or microphone, some specific type of graphics 
card, and so forth. Make sure you have the resources necessary before purchasing or 
acquiring the software.
• What does installation entail? You might find that to install a piece of software, you 
have to first install a number of supporting files. If the installation process becomes 
unwieldy, you might prefer to obtain a different piece of software.
• Will this software title run on a stand-alone computer or a server, or be used on mul-
tiple computers? This question does not so much suggest 

Download 5,65 Mb.

Do'stlaringiz bilan baham: