Ubuntu – Crash Course

The Crash course for Ubuntu – specially for Admin coming from different (Redhat,…) environment
****************************************************

1. Check general info of the system

hossein@ubuntu:~$ lsb_release -sc
xenial

hossein@ubuntu:~$ uname -a
Linux ubuntu 4.8.0-46-generic #49~16.04.1-Ubuntu SMP Fri Mar 31 14:51:03 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

2. Root
By default the root account is diabled in all ubuntu. It means that simply by default we cannot login with root account. But we can use Sudo tool that let user to have root privilage by using his own password. Take into consideration the user that has been created during installation is part of sudoes group (etc/sudoers).

a. sudo -i : change to root
a. sudo passwd : to enable the root account
b. sudo passwd -l root :  to disble the root account password
c. usermod –expiredate 1 :  to disable the root account

We can check out the sudoers file:

root@ubuntu:~# cat /etc/sudoers
Defaults        env_reset
Defaults        mail_badpass
Defaults secure_path=”/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin”

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

So we can check the group sudo to see who are the members

root@ubuntu:~# getent group | grep -i sudo
sudo:x:27:hossein

To add a user (atos) to the sudo group, we can use following command:

root@ubuntu:~# usermod -a -G sudo atos
root@ubuntu:~# getent group | grep -i sudo
sudo:x:27:hossein,atos

3. User Management
sudo adduser XX
sudo deluser XX
sudo chown -R XX:XX /home/XX/

sudo passwd -l XX (lock a user)
sudo passwd -u XX (unlock a user)

Make sure about permission given to the home dir of the user that created (XX). Normally it has wordwide read to all users.
ls -ld /home/XX
chmod 750 /home/XX

To make the above conf, permanent, we can modify the file (/home/adduser.conf) and change the DIR_MODE=750

4. Package management:  There are several ways of package management in Ubuntu. I would say the most convenient way is through apt as I will explain later.

a. dpkg:
It can install, remove and build packages, but it cannot automatically download and install packages or their dependencies.

1.  dpkg -l :  list all packages installed on the system

2. dpkg -L XX :  all files has been installed by XX
dpkg -L package | grep /usr/bin : will list files located in the directory /usr/bin, useful if you’re looking for a particular executable.

3. dpkg -S /etc/xx.conf :  to figure out which package installed the mentioned file.

4. dpkg -S XX ~ dlocate : This command determines which installed package owns .
It shows files from installed packages that match , with the name of the package they came from. Consider this to be a “reverse lookup” utility.

5. dpkg -i XX.dep  : to install a local .dep file

6. dpkg -r XX :  to remove a package, but not recommended as the packages that are depend on XX will be there and might not work afterall.

7. remove all configuration data from:

a. Residual packages: which basically means the packages that removed but somehow still exist or have not removed completely

we can all such a package with:  dpkg -l | grep ‘^rc’

  • r: the package was marked for removal
  • c: the configuration files are currently present in the system

We can remove them completely with any of the following commands:

dpkg -l | grep ‘^rc’ | awk ‘{print $2}’ | xargs dpkg –purge

apt-get remove –purge $(sudo dpkg -l | grep ‘^rc’ | awk ‘{print $2}’)

b. Broken packages: we can see the list of the broken packages with following command:   sudo dpkg -l | grep ‘^iU’

and we can remove them:

dpkg -l | grep ‘^iU’ | awk ‘{print $2}’ | xargs dpkg –purge

explanation:  when we use  “dpkg -l ” command, the first line of the outcome has following options:

  • ii:  installed packages
  • rc: residual packages
  • iU: broken packages

 

b. Apt ( Advanced package tool):
very powerful package management tools. There might be some confusion here that some people might using apt-get for package handling that I would say in bit old fashion. All packages are from available repositories as I will explain in the next section, but in short apt package index is essentially a database of available packages from the repositories defined in /etc/apt/source.list and /etc/apt/source.list.de/

1. apt search XX = apt-cache search XX = dpkg -l XX or dpkg -l *XX*  :  ii (installed) n un (not installed) : we are searching for XX package in the repositories
2. apt show   XX = apt-cache show  XX  : we get the full info of the XX package
3. apt install XX = apt-get install XX
4. apt remove   XX (–purge will also remove conf files) = apt-get remove XX
5. apt update = apt-get update: it updte the local package index with the latest changes made in the repositories.
6. apt upgarde:  it update all packages that are already installed on the system. The “apt update” only update the database (index), so first we need to use above command.
7. apt list –installed = dpkg –get-selections | grep -i XX = dpkg –print-avail XX
8. apt list –upgradable = apt-get -u upgrade :  shows the package that be upgarde
9. apt-get build-dep : This command searches the repositories and installs the build dependencies for . If the package is not in the repositories it will return an error.
10. apt-get clean ~ apt-get autoclean  : will remove unneeded packageds from /var/cache/apt/archives

c. Aptitude:
basically its another interface to manage apt.
1. aptitude
2. aptitude install XX
3. aptitude remove  XX

d. automatic upgrade: there is a package called unattended-upgardes that can be installed and being used for upgrading some packages or also blacklisting.

5. Repositories: The storage location from which we can install software packages are available also in Ubuntu. Apt as package management system stores the list of repositories in

/etc/apt/source.list
/etc/apt/source.list.d/

we can also can add more repositores by editing the file source.list or by running a command as follow:

sudo add-apt-repository “deb http://us.archive.ubuntu.com/ubuntu/ xenial universe multiverse”
sudo apt-get update

6. Networking

a.lshw -class network: get the info of the network

b. ethtool
we can also configure some setting with ethtool and each time system come up we have it. we need to write in /etc/network/interfaces (need to add to pre-up)
auto eth0
iface ath0 inet static
pre-up /sbin/ethtool -s eth0 speed 1000 duplex full

c. IP add assignment

c.1. temporary
ifconfig eth0 10.0.0.10 netmask 255.255.255.0
route add default gw 10.0.0.1 eth0
ip addr flush eth0 (we don’t need anymore)

c.2. permanent:  it need to happens in /etc/network/interfaces
static config:
auto eth0
iface eth0 inet static
address 10.0.0.100
netmask 255.255.255.0
gateway 10.0.0.1

dynamic config:
auto eth0
iface eth0 inet dhcp

7. DNS

Client side:

a. /etc/resolv.conf
but it will be lost each time system come up as it gets overwrittem with resolvconf

b. resolvconf uses DHCP client by looking at /etc/network/interfaces and generate /etc/resolv.conf which is a symlink to …/run/resolvconf/resolv.conf

static config:
auto eth0
iface eth0 inet static
address 10.0.0.100
netmask 255.255.255.0
gateway 10.0.0.1
dns-search example.come
dns-nameservers 10.0.0.20 10.0.0.30

Server side:  In order to have dns server we need to install several stuff.

a. good package for troubleshooting dns
apt install dnsutils

b. server installation
apt install bind9

All configuration will be stored in /etc/bind which the main file is /etc/bind/named.conf
The root dns servers woldwide is stored in /etc/bind/db.root

There are 3 ways to configure the dns server based on the use cases:

c. Caching nameserver
so basically here the dns server find the answers to queries and then remember the answers for next time when queried again.
we need to modify the file /etc/bind/named.conf.options and add the ISP dns server (or whatever dns server answer our queries)

forwarders {
1.2.3.4;
1.1.1.1;
}
#

and systemctl restart bind9.service

b.
c.

8. DHCP

1. to install a dhcp server: apt install isc-dhcp-server
2. configure /etc/dhcp/dhcpd.conf : very simple configuration will be as follow

default-lease-time 600;
max-lease-time 7200;

subnet 10.17.224.0 netmask 255.255.255.0 {
range 10.17.224.1 10.17.224.200;
option routers 10.17.224.250;    (its default gateway)
option domain-name-servers 10.17.224.251, 10.17.224.252;  (dns servers)
option domain-name “hrouhani.org”;
}

3. and then restart the service
systemctl restart isc-dhcp-server.service

9. OpenSSH
-Free available version of ssh protocol which used for remote controlling or transfering of files
-it provides server daemon and client tools to provide secure, encrypted remote control and file transfering

apt install openssh-server (openssh-client)
o control the default behavior of openssh server: /etc/ssh/sshd_config :  for example change the default port from 22 to 2322 or …

10. Security

a. min password length:   we can change the /etc/pam.d/common-password and add minlen=X to ‘password’ line

b. display the status of user account

root@ubuntu:~# chage -l atos
Last password change                                    : Apr 05, 2017
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

we can also change any attribute we want:  chage atos

%d bloggers like this: