1Z0-460 Oracle Linux 6 Implementation Essentials

Oracle Linux 6

1Z0-460
Oracle Linux 6 Implementation Essentials
Bootcamp Summary
By:
Ariel Loría
2013
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

Contenido
Oracle Linux Overview.......................................................................................................................3
Oracle Linux 6 installation..................................................................................................................8
Oracle Linux Boot and System Configuration.....................................................................................9
Oracle Linux Package Management and Ksplice Patchibg................................................................14
User and group administration........................................................................................................16
Oracle Linux File System Administration..........................................................................................18
Basic Network and Security Administration.....................................................................................21
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

Oracle Linux Overview

Oracle Linux: the best Linux for the Enterprise

 It has Unbreakable Enterprise Kernel

 Best performance, most modern and reliable
 Compratible with Red Hat Enterprise Linux
 Free source code, binaries and patches
 Runs in Oracle Engineered systems
 Oracle's base Linux development platform
 It is the only Linux recommended for Oracle

Oracle Linux support

 Network support
o Erradata, updates, bug fixes
o Comprehensive indemnification
o Use of base functionality in EM
o Access to additional software channels on ULN
 Basic support
o All benefits of network support
o 24x7 phone and online support
o Comprehensive knowledge base
o Oracle clusterware, OCFS2 software
 Premier support
o All benefits of basic support
o Premier backports
o Ksplice Zero downtime updates
o Lifetime sustaining support

Download medias

 Software download
o https://edelivery.oracle.com/linux
 Oracle Unbreakable Linux Network
o linux.oracle.com
 Public yum server
o http://public-yum.oracle.com

Unbreakable Enterprise Kernel

 Default kernel for Oracle Linux 6

 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

 Open source and free to download

 Lastes innovations - Fast, modern and reliable
 UEK versions
o UEK R1 - Version string 2.6.32
o UEK R2 - Version string 2.6.39 (3.0 mainline kernel based)
 Characteristics:
o UEK contains propietary Linux Kernel enhancements only available to Oracle Linux
o Existing applications run unchanged with the UEK in place because all system
libraries remain unchanged
o The UEK has ASMLinb included by default

Key features

 UEK
 Ksplice Zero Downtime Patching
 BTRFS
 DTrace
 Control Groups
 Oracle RDBMS Pre-Install RPM
 Enterprise Management
 Oracle Database Smart Flash Cache

Unbreakable Enterprise Kernel (UEK) characteristics

 Extreme performance
 Available for Oracle Linux 5 and Oracle Linux 6
 Tested and certified for Oracle products
 Latest hardware support and bug fixes
 Kernel enhancements
 Easy to switch to UEK, and even easier to switch back

Unbreakable Enterprise Kernel - UEK R1

 Improved Infiniband / RDS

 Support for bigger servers
 Up to 4 petabyte cluster volumes
 Improved power management
 Data integrity up to SAN
 SSSD detection and tuning
 Performance improvement and optimizations
 Improved hardware fault management
 Includes ASMLib driver by default
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

Unbreakable Enterprise Kernel - UEK R2

 Based on the mainline Linux 3.0

 String version 2.6.39
 Btrfs - Modern and advanced file system
 Transparent Huge Pages (2 MB instead of 4 kb)
 Resource isolation via Control Groups
 OCFS2 improvements
 Xen domU scalability improvements
 Updated device drivers

UEK R2 preview features

 Trascendent memory (tmem) via cleancache (improved memory utilization in virtualized

environments)
 Linux containers (Ixc) - OS Isolation (Allow to run multiple instances of an operating system
on one host)

Ksplice Zero Downtime Patching

 Lets you install and apply kernel updates without downtime, disruption or rebooting
 All while applications are running
 Zero downtime updates (only offered by Oracle)
 There is a 30 Day Free Trial
 Benefits
o Improved availability /Uptime
o Enhance Security / Lower Risk
o Reduced Operational Cost
o Improved Serviceability
 Modes of operation
o Standard: Each system needs network access
o Ksplice Local Server: Local server needs network access
o Offline: Updates distributed as RPMs via local yum repository

BTRFS File System

 Also called B-tree FS or Butter FS

 Simplified administration
 Optimized for SSFD
 Mixed device types
 Billions of sub volumes
 Snapshots
 Transparent compression
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

 Built in RAID, data integrity

 Oracle Linux 6 Update 3 UEK boot ISO image for x86_64

DTrace

 Dynamic tracing
 Troubleshooting and performance analysis
 Use Probes to record data
 DTrace and UEK packages are available on ULN x86_64

Control groups

 A collections of processes that are bind together

 Possible uses:
o Limit CPU, I/O, memory resources that are available to a group
o Change the priority of a group relative to other group
o Measure a group's resource usage
o Isolate group's files, processes and network connections from other groups
o Freeze a group to allow you to create a checkpoint
 Package: libcgroup

Oracle RDBMS Pre-install RPM

 It aids installation of Oracle Database 11gR2

 It completes most of the pre-installation configuration tasks
 Downloads and installs required packages
 Where you can get this RPM?
o Via ULN
o Via public yum repository
o yum install oracle-rdbms-server-11gR2-preinstall

Enterprise Management

 Cloud Control: Manages applications, middleware and database

 Ops Center: Manages OS, VM's, servers, storage, storage resources and network resources
 Ops center included free with:
o Oracle Linux Network / Basic / Premier support
o Oracle Premier Support for systems
o Oracle Premier Support for OS
 Ops Center key features
o Dashboard
o Incident management
o Integration with Cloud Control
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

o Plans: operational plan, deployment plan and plan management

o Hardware management
o Virtulization management
o Reports

Oracle Database Smart Flash Cache

 Feature of Oracle Database 11g R2

 Increase the size of the database resource cache without having to add RAM
 It acts as a secondary level database buffer cache
 Improves performance eliminating physical disk reads, especially for read intensive
application
 Only available for Oracle Linux and Solaris
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

Oracle Linux 6 installation

Compatibility matrix

 Hardware Compatibility List

o https://linux.oracle.com/hardware.html
 Hardware Certification Program
o http://linux.oracle.com/hcl_faq.html

Oracle Linux 6 installation

 Anaconda installer
o Runs in text or graphical mode
o Install from CD, DVD USB or images on hard disk drive
o Supports HTTTP, FTP and NFS installation
o Default install uses ext4 file system with UEK kernel
 Minimal boot media option (Boot ISO)
o Boot system to install OL over the network
o You can use a kickstart configuration file
o UEK boot ISO images for BTRFS root file system installation

Oracle Linux 6 Installation Lab

 Check "Lab1_Oracle_Linux_6_Install.pdf" file

 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

Oracle Linux Boot and System Configuration

Boot process

 Power on
 BIOS
 Load stage 1 GRUB from MBR
 Load stage 1.5 then stage 2 ofGRUB
 GRUB reads menu.lst
 Present boot-time menu
 GRUB loads kernel image and initial RAM disk
 Kernel mounts root file system
 Kernel runs init
 Init runs scripts to start user-level services

Boot concepts

 BIOS: It checks the system and launches the first stage boot loader on the MBR of the
primary hard disk
 MBR: It launches the second stage boot loader from /boot partition
 GRUB: It just loads and executes kernel and initrd images using /boot/grub/grub.conf
 Kernel: It initializes and configures hardware, mounts /root filesystem and executes
/sbin/init
 Init: It runs /etc/rc.d/rc.sysinit script, which executes all steps required for system
initialization
 Init Runlevel: Depending on init level setting, system will execute programs for one of the
directories /etc/rc.d

GRUB (GRand Unified Bootloader) concepts (in /boot/grub/grub.conf)

 Default: 0 means boot using first titled kernel

 Timeout: Wait X seconds for keyboards input before booting specified default kernel
 Splashmenu: It specifies screen to use at boot time
 Hiddenmenu: It means that GRUB menu is not displayed at boot
 Title: Each line specifies a bootable kernel
 Kernel: Specifies kernel version number and options
 Other parameters
o Init: Initial command to be executed by the kernel. /bin/bash can be used to boot
a system without password
o Single: Boot kernel in single user mode
o Ether: It can be used to force probing a second NIC (instead of just one NIC)
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

Init

 Once kernel is loaded into memory /sbin/init pogram will be called

 It is responsible of coordinate rest of boot process and configures environment for the
user
 Init runs /etc/rc.d/rc.sysinit which sets up network, mounts /proc, checks file system, and
executes all steps requierd for system initialization. Then /etc/inittab is run
 In /etc/inittab, you can check if graphical interface is booted. If appears a line that says
id:3:initdefault (common in OL6) graphical interface is not used. If appears a line that says
" id:5:initdefault" (common in OL5), it is used. It can be modified to boot or not graphical
interface. It can be modified without boot OS (just run "init 5", but to change
permantently it need to be modified in /etc/inittab)
 With "who -r" command you can check current run level
 With "runlevel" command boot process developed can be seen

Init RunLevels

 0: Halt (start)
 1: Single user mode
 2: Multiuser without NFS
 3: Full multi-user text mode
 4: Not used
 5: Full multi-user graphical mode (GUI)
 6: Reboot

Kernels

 You can use two options:

o Unbreakable Enterprise Kernel (UEK)
o Red Hat Compatible Kernel (RHCK)
 Default kernel
o UEK R1 - Version string 2.6.32
o UEK R2- Version string 2.6.39
 Configuration
o /boot/grub/grub.conf
o /etc/sysconfig/kernel
 To see all title kernels you can use the following command:
o grep title grub.conf
 Change "default" value in "grub.conf" to boot another OS
 You can reboot system with "telinit 6" command
 Also, you can modify "/etc/sysconfig/kernel" file to boot another kernel

/proc file system

 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

 Pseudo file sytem used by kernel

 Also known as virtual file system
 It has special files which represent current kernel state, information about system
hardware and running processes
o Example: /proc/cpuinfo
 Some files can be modified to change kernel settings
o echo 1 > /proc/sys/net/ipv4/ip_forward or using sysctl commands
 /proc/sys store information for kernel variables
 If a process is open, it receive a directory in /proc filesystem
 With "ls -l exe" command you can see origin directory of the program
 With "ls -l cwd" command you can see current working directory
 With "sysctl" command you can configure variables
 Values in /etc/sysctl.conf are executed with "sysctl" command in /etc/rc.d/sysinit script

/proc files or directories

 /proc/[PID]: Numerical subdirectories for each process on system

 /proc/bus: Directories for installed busses
 /proc/cpuinfo: Contains CPU information
 /proc/diskstats: Contains disk I/O statistics for each disk device
 /proc/filesystems: Listing of file systems supported by the kernel
 /proc/loadavg: Load average information
 /proc/meminfo: Statistics about the memory usage on the system
 /proc/swaps: Information about swap usage
 /proc/sys: Contains a number of files/subdirectories corresponding to kernel variables
 /proc/uptime: Contains uptime in seconds and total time (seconds) spent in idle process
 /proc/version: Version of the Linux kernel
 /proc/vmstat: Virtual memory statistics

/etc/sysconfig directory

 It has system configuration files

 Files have information about configuration parameters and arguments passed to daemons
 /etc/sysconfig directory files
o /etc/sysconfig/authconfig: Sets authorization to be used on the host
o /etc/sysconfig/autofs: Define custom options for the automatic mounting of
devices
o /etc/sysconfig/dhcpd: Is used to pass arguments to the dhcpd daemon
o /etc/sysconfig/firstboot: Defines whether to run the firstboot utility
o /etc/sysconfig/init: Controls how the system appears and functions during boot
process
o /etc/sysconfig/keyboard: Controls the behavior of the keyboard
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

o /etc/sysconfig/network: Is used to specify information about the desired network

configuration
o /etc/sysconfig/network-scripts: Directory of configuration files for network
interfaces
o /etc/sysconfig/ntpd: Is used to pass arguments to the ntpd daemon at boot time
o /etc/sysconfig/selinux: Contains the basic configuration options for SELinux

ulimit, nice and renice commands

 "ulimit -a" command show all resources and limits configured by shell
o Hard limits cannot be increased by a non-root user. -H and -S options are used to
change hard and soft limits
o You can see soft and hard limits in /etc/security/limits.conf file
 "nice" command can be used to change priority than default one
o Values range are from -20 to 20
o -20 is very high priority
o 20 is a very low priority
 "renice" can be used to change priority of a running process (nice cannot develop this
operation)

Rsyslog

 Opensource tool for logging

 "rsyslogd" is an enhanced, multi-thread syslog daemon which replaced "sysklogd" daemon
 "rsyslogd" supports the same functionality as "sysklogd" and extends it with enhanced
filtering, encryption, various configuration options, support for transactions via TCP or
UDP protocls
 Run as a service (rsyslogd process)
 Configuration in /etc/rsyslog.conf file. It contains all information of the service
 It offers different sections that can be configured like modules, global, directives and rules
o Modules: Can be written by third-parties
o Global directives: Usually specify a value for a specific pre-defined variable that
affects behavior of the rsyslogd daemon
o Rule: Selected by a filter part, specifies what to do with selected messages. Filter
and actions need to be defined
 Facility.priority (For example mail.crit). It means that for the mail rsyslog
facility, all critical and higher priority messages are logged
 Facilities: auth, authpriv, cron, daemon, kern, lpr, mail, news, syslog, user,
uucp and local0 through local7
 Priorities: debug, info, notice, warning, err, crit, aler and emerg
 Information with this condition will be logged in /var/log/messages
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

 With "logger" command you can write a message string in log message
(/var/log/message)

/var/log files

 It contains most of the logs

 Some applications have their own log directory (For example httpd)
 Logrotate package contains cron tasks to rotate log files some frequent time
 Configuration files
o /etc/logrotate.conf
o /etc/logrotate.d/
 Log files are commonly text files
 Log File Viewer Tool: inter-active application to view system views and filter capability
(yum install gnome-system-log)
 Log files
o anaconda.log: Logs and messages from Linux Anaconda installer
o audit: Audit information and events from auditd daemon
o boot.log: Contains information logged when system boots
o cron: Cron jobs information by crond daemon
o dmesg: Contains kernel ring buffer log information which is about hardware
devices that kernel detects during boot process
o httpd: Contains apache web server access and error logs
o mesages: Contains global system messages. Includes messages that are logged
during system startup
o yum.log: Yum command log information about package management tasks like
install, update, erase, etc.

Boot and system configuration - Lab 2

 Check " Lab2_Oracle_Linux_6_Boot_System_Configuration.pdf" file

 Files in /boot for each image kernel stored
o System.map: List of kernel symbols and addresses
o vmlinuz: Contains actual Linux kernel loaded by GRUB
o initrd: initial ramdisk used to preload modules
o Config: List of kernel configuration options
o initramfs: Initial RAM disk image created by 'dracut'
 GRUB works in stages called Stage1, Stage1_5 and Stage2. Stage1 just is written in 512
bytes MBR, so it points to stage1_5 or stage2
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

Oracle Linux Package Management and Ksplice Patchibg

Oracle Linux Package Management

 OL uses RPM Package Manager (RPM)

 RPM Package Manager
o Free software released under GNU licence
o Installing, unistalling, verifying, querying and updating software packages
o Software package have information about version, description, etc.
o Also RHEL, CentOS, Fedora, SUSE

Package management

 It can be available for local or remote repository

 Repositories
o Oracle Public Yum Server
 Free packages, patches, updates, errata
o ULN
 For support customers
 Packages, patches, upadtes, errata and additional channels

Package management options

 RPM command
o rpm -i: Install package
o rpm -U: Upgrade package
o rpm -e: Erase/remove package
o rpm -F: Freshen package
o rpm -q: Query option
o rpm -V: Verify option
 YUM (Yellowdog Updater, Modified) command
o Open-source command-line package-management tool
o Interactive RPM based package manager
o Preferred way of managing resolved dependencies
o Main configuration file: /etc/yum.conf
o Repositories defined in: /etc/yum.repos.d directory
o Channels in repo can be enabled or disabled
o Options
 repolist: Produces a list of configured repositories
 list: List information about packages
 install: Install package
 update: Update package
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

 info: Description and summary information

 remove or erase: Remove package
 Provides or whatprovides: which package provides

Ksplice Zero Downtime Patching

 Setup
o Get Ksplice Uptrack access key (license key)
o Setup Oracle Ksplice Uptrack account
o Download and install Ksplice software
 Ksplice Uptrack Service
o Common yum and rpm updates on disk and require reboot of system. This
because updates are applied in memory
o Uptrack commands: uptrack-upgrade, uptrack-show, uptrack-unme, etc.
o Configuration file: /etc/uptrack.conf

Package Management Lab

 You can mount a DVD in a temporal directory to use as a repository. It is important to

disable another repositories to accomplish that
 Yum have a configuration file that have important and interesting settings
 A local Yum repository can be created but it means register server in ULN using
"uln_register"
 For Ksplice, a key need to be used. You can use a trial but account need to be registered.
To use Ksplice, uptrack commands need to be used
 Ksplice install steps
o You have to be logged as root
o Access Oracle public yum repository and download uptrack-utilities
o Download install-uptrack script
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

User and group administration

User and group administration

 Ways to user and group administration

o GUI tool: User manager (system-config-users)
o Command line utilities
 User administration command line utilities
o useradd, usermod, userdel, passwd
 Group administration command line utilities
o groupadd, groupmd, groupdel, gpasswd, groups
 id command: print user and group information of a user

Files

 /etc/passwd: User account information

 /etc/group: Group information
 /etc/shadow: Hashed user passwords (encrypted password)
 /etc/gshadow: Hashed group passwords
 /etc/login.defs: Security policies (password aging controls, umask, encryption method,
maximum number of days a password may be used, minimum acceptable password
length, etc.)
 /etc/default/useradd: Default user settings
 /etc/skel: Directory with files that get populated in a new user's home dir

Authentication

 Way that users are identified and verified on the system

 Mechanisms:
o LDAP: It uses a directory service to access entries and ttributes
o NIS: Network Information Service. Distributes system configuration data such as
user and host names between computers
 Authentication Configuration Tool (system-config-authentication)
o Select authentication databases and configure associated authentication options

User and group administration Lab

 You can use "system-config-users" command to manage OL users

 Hide system users and groups need to be unchecked to show system information
 User Private Group (UPG): Whenever a user is created, a group with the same name is
created too, to make Linux groups easier to use and manage
 Line of /etc/passwd and meanings: oracle2:x:502:502:oracle2:/home/oracle2:/bin/bash
o Username: oracle2
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

o Shadow passwd: x
o UID: 502
o GID: 502
o GECOS information: oracle2
o Home directory: /home/oracle2
o Default shell: /bin/bash
 You can use ID command to get information about a user
 "/sbin/nologin" user shell can be assigned to avoid login in the system (this can be
changed directly in /etc/passwd)
 "usermod" command can be used to change user settings
 "groupmod" command can be used to change user settings
 When "userdel" command is used, "-r" clause need to be added to remove /home/user
directory
 Many users can be configured to have the same rights to specific directory
 "chage -l" command can be used know security profile of specific user
 With "chage" command you can force a user to change its password next time it login
 NIS or LDAP configuration can be made but you need an environment that provides these
services to Linux
 Pluggable Authentication Modules (PAM) can be used to integrate multiple low-level
authentication schemes into a high-level API, for programs that rely on authentication to
be written independent of the underlying authentication scheme
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

Oracle Linux File System Administration

Partitioning

 Steps
o Partition disk -> Create file system -> Mount file system
 Disk partitioning
o Divides disk into logical disks known as partitions
o Boot, root and swap are recommended and minimal partitions
 Partitioning utilities: fdisk, cfdisk, parted, partx
 partprobe command informs OS about partition table changes

File systems

 Store, retrieves and update files

 /proc/filesystems contains list of supported file systems by kernel. Examples: ext3, ext4,
btrfs, etc.
 "mkfs" command can be used to create file sytem
 "mount" command displays and mounts file systems on a mount point
 "/etc/fstab" contains mount table information of all file systems to be mounted
 "unmount" command is used to unmount a file system

Logical Volume Manager (LVM2)

 Linux Device Mapper (DM) and LVM2 provides powerful and flexible support for managing
storage
 DM servers as generic framework to map one block device onto another and serves as
foundation to LVM2
 Linux LVM2 features includes:
o Growing values
o Adding additional Block Devices
 Partition Type from LVM2
 Block devices are arranged as physical volumes that can be grouped into volume groups.
Logical volumes are created within the volume groups. File system are created on top of
the logical volumes
 Volume groups and logical volumes can be named individually for easy
addressing/organizing storage
 Associated commands
o Physical volumes (PV): pvcreate, pvdisplay, pvs, pvremove
o Volume groups (VG): vgcreate, vgdisplay, vgs, vgextend, vgremove
o Logical volumes (LV): lvcreate, lvdisplay, lvs, lvextend
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

Swap space

 It is space on disk allocated if applications need additional memory beyond RAM

 Paging / Swap in / Swap out: Transferring pages between RAM and dedicated swap space
 It is located in a disk partition or a file system
 This information can be queried in /proc/swaps, /proc/meminfo or free command
 mkswap (initialize), swapon (enable), swapoff (disable)

BTRFS

 Extreme scale (Maximum file size: 16 EiB)

 Simplified administration
 Optimized for SSD
 Mixed device types
 Billions of sub volumes with volume management capabilities
 Readable/writable snapshots
 Transparent compression (zlib and LZO)
 Built in RAID, data integrity (copy on write)
 LVM like capabilities in file system simplifies overall architecture
 GA since OL 6.3 UEK R2 release
 You can use btrfs utility to manage and display information
 To convert ext3, ex4 to btrfs yuy can use btrfs-convert utility

File System Administration Lab

 Partitions can be managed with "fdisk", "parted" and "cfdisk" commands

 In /proc/filesystems you can query available file systems to be used in the kernel
 Steps to partition
o Use fdisk (To create partition)
o Use mkfs (To give a format)
o Create directories and mount partitions
o "mount" commando can be used to get mount of the filesystem and put it in
/etc/fstab
 LVM2 is the most updated version of Logical Volume Manager. LVM's are arranged in
physical volumes, that are grouped into volume groups. Logical volumes are created
within volume groups. File system is created on the top of logical volumes
 8e type referred Linux LVM partition type
 "pvcreate", "pvdisplay" and "pvs" command can be used to create physical volumes
 "vgcreate", "vgdisplay" and "vgs" command can be used to create volume groups
 "lvcreate", "lvdisplay" and "lvs" command can be used to create logical volume
 Then, they can be treated as another established partition
 "lvextend", "vgextend" commands can be used to increase size of a logical volume and
volume groups
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

 lvm2-monitor service is responsible to monitor volumes upon startup. It is required that

this service is enabled in your OS run level
 Swap file can be increased creating another swapfile
 You can use BTRFS like a file system. With it you can define sub-volumes to store different
data in hierarchy mode
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

Basic Network and Security Administration

Network Manager Tool

 Graphical tool that let create, edit and remove connections

 Ehternet, mobile broadband, DSL and PPPoE connections can be configured
 Also can configure network aliases, static routes, DNS information and VPN connections

Network interface configuration files and command line utilities

 /etc/sysconfig/network-scripts: Network interface configuration files and control scripts

 /etc/hosts: Resolve host names locally
 /etc/resolv.conf: IP address of DNS servers and search domains
 /etc/sysconfig/network: Routing and host information for all network interfaces

Network bonding

 It provides a method for aggregating multiple network interfaces using single logical
"bonded" interface
 Provides more bandwidth and redundancy
 Bonding policies: 0 (balance-rr), 1 (active-backup) etc.

Security - Service Configuration Tool

 system-config-services or serviceconf
o Enable / Disable system services
o Functionality to start / stop /restart
o Secure systems by disabling services you don't need
 /etc/init.d: Directory containing system V init scripts
 Command line: Service to run a service, check, start and stop
 chkconfig commands: Let check status of service for various init runlevels

Common service

 acpid: Advanced configuration and power interface event daemon

 atd: Run commands scheduled by at command
 auditd: Linux auditing system daemon
 autofs: Auto-mount file systems on demand
 bluetootht: Trigger bluetooth start-up
 crond: Service to run scheduled commands via crond daemon
 cups: Common unix printing system service
 ip6tables: IPv6 IPtables firewall service
 iptables: IPv4 IPtables firewall service
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

 kdump: kernel in memory

 lvm2-monitor: Monitors LVM2 disk volumes
 network: Bring up/down networking on a system
 nfs: This service provides the NFS server functionality
 ntpd: Network Time Protocol daemon to synch time
 postfix: Postfix mail transport agent service
 rsyslog: Rsyslog logging service
 sshd: Starts the OpenSSH server daemon
 ypbind: NIS daemon running on NIS clients to bind to NIS domain

SELinux Introduction

 It is an implementation of a mandatory access control (MAC) mechanism in the Linux

kernel, checking for allowed operations after standard discretionary access control (DAC)
are checked
 Created by National Security Agency
 Can enforce rules on files and process in a Linux system
 file: /etc/selinux/config: Main SELinux configuration file
 Three modes:
o Enforcing: SELinux denies access based on SELinux policy rules
o Permissive: SELinux policy is not enforced. SELinux does not deny access, but
denials are logged for actions that would have been denied if running in enforcing
mode
o Disabled: SELinux is disabled. Only DAC rules are used
 /etc/selinux/config: Defines SELINUX parameter
 Check SELinux status
o /usr/sbin/setstatus
o /usr/sbin/getenforce
o system-config-selinux

Firewall

 It prevent unauthorized network packets from being accesed the system's network
interface
 It examines network traffic and allows or deny based on specific criterias
 Firewall configuration tool (system-config-firewall)
o GUI interface
o Creates basic iptables rules for a general-purpose firewall
o Advanced configuration/rules use the "iptables" tool
o Firewall configuration rules are stored in /etc/sysconfig/iptables file

IPTables
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

 "iptables" administration tool

o Command line tool that is available in the Linux kernel 2.4
o Let configure and manage feature network-related
o "iptables" tool is for IPv4 network
o "ip6tables" tool is for IPv6 network
o Use iptables tool for advanced firewall rules

Common vulnerabilities and exposures (CVE's)

 A dictionary of publicly known information security vulnerabilities and exposures

 CVE's rely on common identifiers
 Check for CVE's
o Yum security plugin
o Query RPM package to find CVE's associated

Networking and Security Labs

 ethtool: It is used to change settings like speed, duplex mode (half-duplex, full duplex),
auto-negotiation of network speed, etc.
 "netstat" and "route" commands can be used to troubleshoot network problems
 Use "service network status" to check current state of network interfaces
 A bond interface can be configured with many interfaces to provide high availability and
redundancy. To do that, two minimal interfaces are needed
 /etc/rc.d/init.d -> SysV services
 Easiest way to avoid a service is accessed is turn them off. KISS! Service Configuration tool
can accomplish that. "system-config-services" command can be used
 If "chkconfig service on" command is used service is enabled in run levels 2, 3, 4 and 5
(applies to the next reboot)
 "ntsysv" command can be used to manage services (activate them or disabled them)
 SELinux can be configured with different graphic and command-line tools
 Firewall can be configured with different graphic and command-line tools (system-config-
firewall)
 With " netstat -tulpn | grep 80" command you can guarantee services that are running in
specified port (in this case, http server)
 "iptables" tool is useful for more complex rules
 You can use plugins to calculate and install just secure packages based on CVE (Common
Vulnerabilities and Exposures)
 Yum can specify to download secured packages and list available
 If you want to check that an specific CVE has been applied in a Oracle Linux, you need to
run the following command "rpm -q --changelog rpmpackage | grep CVEnumber"
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

System Monitoring and Troubleshooting

OSWatcher (OSW)

 It has been renamed to OSWatcher Black Box (OSWbb)

 It collects and archive OS and network metrics to diagnose performance issues
 It operates as background process
 MOS ID: 301137.1
 OSWatcher is the main controlling executive
 Available distributions
o Bourne shell version. It runs on Oracle or OVM
o Original OSW was written un ksh. It is not installed by default in many
environments
 Install OS Watcher tool in /opt directory
 Example: ./startOSWbb.sh (Frequency seconds, duration hours)
 Data is stored in directory: /opt/oswbb/archive
 Directories:
o oswiostat: Output from iostat utility
o oswmeminfo: Contents of /proc/meminfo
o oswmpstat: Output from the mpstat utility
o owsnetstat: Output from the netstat utility
o oswprvtnet: Status of private network (for RAC)
o oswps: Output from ps utility
o oswslabinfo: Contents of /proc/slabinfo
o oswtop: Output from top utility
o oswvmstat: Output from vmstat utility

Sosreport Tool

 Collects information about hardware, software and operational state

 It enables diagnostics and analytical functions
 It can packet results and send to a support representative
 Installation: yum install sos
 Configuration: /etc/sos.conf
 Plugins to collect information can be enabled or disabled
 Sosreport is generated in /tmp by default

System Tools

 sar: Collect, report, save system activity information

 iostat: Report CPU and IO statistics for devices, partitions
 vmstat: Report virtual memory statistics (memory, paging, swap)
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

 strace: Capture system calls and signals of a running process or a process being launched
 top: Dynamic real time view of a Linux system processes/tasks
 tcpdump: Dumps traffic on a network
 Ethereal / Wireshark: Network protocol analyzer tool
 netstat, mpstat, dstat...and others

System Monitor

 It requires GNOME Desktop environment

 Applications -> System Tools -> System Monitor
 Command line 'gnome-system-monitor'
 Enables you to:
o Display basic system information
o Monitor system processes
o Usage of system resource
o Usage of file system

Kdump

 Advanced system crash dump mechanism

 Captures core dump image in case the system crashes if enabled
 kexec-tools package
 Ways to configure
o FirstBoot tool is run after initial installation
o Using the kernel dump configuration graphical utility
o system-config-kdump
o /etc/kdump.conf is the configuration file

Crash and Vmcore

 Crash is a tool to analyse Linux crash dump data or a live system

 Core dump (upon kernel crash) created by the netdump, diskdump, kdump or xendump
facilities
 To analyze crash dumps, you need kernel-debuginfo packages of the respective kernel
version

DTrace

 Dynamic Tracing facility

 Troubleshooting and performance analysis
 Integrated solutions for Linux
 Use probes (instrumentation points) to record data
o Probe is a location to which DTrace can bind a request to perform a set of actions
 Probes made available by Providers
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

o dtrace, syscall, sched, io, proc, etc.

 DTrace D programming language
 yum install dtrace-utils
 Reboor and load kernel modules using modprobe

System Monitoring and Troubleshooting - Labs


1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

Additional notes

 The command "authconfig --passalgo=MD5--update" changes the user password hashing

algorithm to MD5
 When a user connects, run a command and exit the terminal, the background job is
deleted from the job pool and does not get listed using jobs command
 "ethtool -s" command let you to set new settings for the interface
 DTrace characteristics
o DTrace allow static and dynamic tracing of your applications and your kernel
o DTrace allows you to dynamically define probe points on the fly
o DTrace proves and probe points are usually defined by the user using scripts
written in a lenguage D
 With Firewall Configuration Tool you can enable or disable firewall, and build a filter to
obfuscate sensitive data (national ID numbers, Credit Cards, and so on)
 A nice value less to -1 just can be assigned by root
 In /etc/inittab file you can find the default run level of OS
 Features that are available in UEK2 but not with RHCK:
o Oracle Clusterware for Linux
o Up to 4-petabyte cluster volumes with OCFS2
 Ksplice commands:
o uptrack-show: List the active Oracle Ksplice updates in your running kernel
o uptrack-upgrade: Connects to Uptrack update server, check and apply new
updates when avaiable
 If runqz (Run queue size) is greater that the number of CPU's on your system, your
probably will have a bottleneck
 SETGID (2 leftmost) in a directory can be useful if you want that all new created files in this
directory to be of the required group instead of the primary ID of the user who creates the
file
 Corresponding files to a bond configuration are:
o /etc/sysconfig/network/ifcfg-bond0
o /etc/sysconfig/network-scripts/ifcfg-eth0
o /etc/sysconfig/network-scripts/ifcfg-eth1
o /etc/modprobe.d/bonding.conf
 Oracle ASMLib is optional package to improve efficiency to ASM
 sosreport toll generates information about all your system that is useful to analyze a
problem or send it to oracle team
 If you want to make changes persistent to the time you can modify "/etc/sysctl.conf"
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

 "./startOSWbb.sh 30 72" command can be used to enable OS watcher tool option to

collect data every 30 seconds during three days (72 hours)
 rsyslog.conf configuration
o kern.crit /dev/console: Direct all jernel messages of the priority crit and higher to
machine console
o kern.info; kern.!err /var/adm/kernel.log: Log all kernel messages that come with
priorities from info up to warning in the /var/adm/kernel.log file
 "yum info package" command show version of specific package
 A soft limit value cannot be set greater that hard limit value
 "netconsole = [email protected]/eth0, [email protected]/00:0C:A3:35:9" in
modprobe.conf file means netconsole logging is set up to send messages to a server at the
IP address 192.168.1.200 by using the port number 6666
 Characteristics of /proc filesystem
o It contains a numerical subdirectory for each running process
o It contains a hierarchy of special files that represent the current state of the kernel
o It identifies the type of processor used by your system
o It contains information about system hardware and any running process
 You can check kernel crash dump file location in /etc/kdump.conf file settings or checking
target with "system-config-kdump" command
 "strce" command is used to record system calls and check how kernel interact with
hardware and another devices
 Oracle Manager Ops Center capabilities
o It provides management services for Oracle Linux servers
o It includes built-in integration with My Oracle Support with automatic servers
request generation
 "fdisk" and "parted" commands are used to manipulate partition table on Oracle Linux
 "yumdownloader example" can be used to download latest version of a package, but not
installed
 "/etc/sysconfig/netconfig" can be used to change the hostname of server
 "yum list installed | grep file" can be used to check the name of the package of specific file
 Kickstart installation
o Kickstart file is created for every installation
o Kickstart configurator can be used to create or make changes to a kickstart file
o It allows for more unattended and more standarized installations
 Correct definition of a local repository file based on an image:
o [ol6u3_base_media]
o name=Oracle Linux 6 Media
o baseurl=file:///mnt/iso/OL6u3/Server
o gpgcheck=1
o enabled=0
 "iostat" tool can be used to check swapping of OS
 1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6

 "netstat -r" and "route -n" commands can be used to find and print routing table and
default gateway information of a network
 "installonly_limit" value in /etc/yum.conf represent the maximum number of versions that
can be installed for any single package listed in the "installonlypkgs" value
 In "nsswitch.conf" file you can check if users use NIS, local files, DNS or others
 Base release of Oracle Linux are contained in the Oracle Public YUM server
 "echo 1> /proc/sys/net/ipv4_ip_forward" enables packet without making changes
permanently
 Oracle Clusterware Software characteristics
o It is a portable software that allows clustering of single servers and they cooperate
as single system
o In basic and premier level, Oracle Clusterware can be deploy without additional
cost
1Z0-460 Oracle Linux 6 Implementation Essentials
Oracle Linux 6