5.1.7. Maintaining the Operating System
5.1.7. Maintaining the Operating System |
|
|
|
|
By maintaining the operating system includes regular updates of his new 'patches' that are mostly correct some security vulnerabilities in the system already installed, upgrading to new versions of programs and libraries, 'cleaning' the file system of clusters of residual unnecessary files and backup data. Further description of actions follows the Debian operating system.
Mechanism for upgrading the system is separated according to the distribution is made and the and is done by the command group ' apt '. The command relies on the records in the file [/etc/apt/sources.list] which lists all the servers that allow efficient application commands.
drago@voda:/etc/apt$ cat sources.list
#
# deb cdrom:[Debian GNU/Linux 5.0.5 _Lenny_ - Official i386 NETINST ... main
deb https://ftp.carnet.hr/debian/ lenny main
deb-src https://ftp.carnet.hr/debian/ lenny main
deb https://security.debian.org/ lenny/updates main
deb-src https://security.debian.org/ lenny/updates main
deb https://volatile.debian.org/debian-volatile lenny/volatile main
deb-src https://volatile.debian.org/debian-volatile lenny/volatile main
drago@voda:/etc/apt$
The list is the sites from which the installation is done, the site of which is used for addressing security vulnerabilities and site with variable content such as spam filters, anti-virus definitions and more. Install new packages or delete and reconfigure existing ones may be made only administrator in the manner outlined further.
drago@voda:~$ drago@voda:~$ su - ............. (type the administrator password of a user 'root') voda:~# voda:~# pwd (command to print the current location of 'root') /root voda:~# cd / voda# voda# / voda# apt-get clean (cleaning already installed and archive packages) voda# apt-get update (renewal list of sources to download) voda# apt-get upgrade (download new versions of the packages) voda# apt-get dist-upgrade (upgrading the existing distribution) voda# apt-get install package_name (installing a specific package) voda# apt-get remove package_name (remove package, configuration remains) voda# apt-get purge package_name (remove package and configuration) voda# apt-get check (checks dependencies between programs) voda# apt-get autoremove delete packages that are no longer in operation)
The procedure of updating the server looks something like this:
voda:/# voda:/# apt-get clean voda:/# apt-get update Hit https://security.debian.org lenny/updates Release.gpg Ign https://security.debian.org lenny/updates/main Translation-en_US Hit https://security.debian.org lenny/updates Release Hit https://ftp.carnet.hr lenny Release.gpg Ign https://security.debian.org lenny/updates/main Packages/DiffIndex Ign https://security.debian.org lenny/updates/main Sources/DiffIndex Hit https://security.debian.org lenny/updates/main Packages Hit https://security.debian.org lenny/updates/main Sources Ign https://ftp.carnet.hr lenny/main Translation-en_US Hit https://ftp.carnet.hr lenny Release Hit https://volatile.debian.org lenny/volatile Release.gpg Ign https://volatile.debian.org lenny/volatile/main Translation-en_US Ign https://ftp.carnet.hr lenny/main Packages/DiffIndex Hit https://volatile.debian.org lenny/volatile Release Ign https://volatile.debian.org lenny/volatile/main Packages/DiffIndex Ign https://volatile.debian.org lenny/volatile/main Sources/DiffIndex Ign https://ftp.carnet.hr lenny/main Sources/DiffIndex Hit https://volatile.debian.org lenny/volatile/main Packages Hit https://volatile.debian.org lenny/volatile/main Sources Hit https://ftp.carnet.hr lenny/main Packages Hit https://ftp.carnet.hr lenny/main Sources Reading package lists... Done voda:/# apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. voda:/#
First cleanse the archive package. It is not necessary to think that some of the new packages to be unstable. After that, according to the updated sources.list file to retrieve the appropriate seat and read the package version, and then perform an upgrade package. If everything is up to date status of all actions is ' 0 '. If on the other hand needs to update some package show his name and requested confirmation of the update. The process is repeated until the status update does not lead to ' 0 ' on all items. Sometimes it is necessary to use the command ' apt-get dist-upgrade ', which is used to upgrade existing distribution in a way to install a new version of the package that will be possible to execute the deletion, substitution or complement some of the other older packages. Therefore, the action updates the existing distribution can not make the usual ' apt-get upgrade ' command to get a status update leads to ' 0 ', because this command deals only updating existing packages without inputting change in the system.
voda:~# dpkg -l | more Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-===============-====================-====================================== ii acpi-support 0.109-11 scripts for handling base ACPI ..... ii acpid 1.0.8-1lenny2 Utilities for using ACPI ..... ii adduser 3.110 add and remove users and groups ii apt 0.7.20.2+lenny2 Advanced front-end for dpkg ii apt-utils 0.7.20.2+lenny2 APT utility programs ii aptitude 0.4.11.11-1-lenny1 terminal-based package manager ii base-files 5lenny6 Debian base system miscellaneous ..... ii base-passwd 3.5.20 Debian base system master password ... ii bash 3.2-4 The GNU Bourne Again SHell : ii dhcp3-client 3.1.1-6+lenny4 DHCP client ii dhcp3-common 3.1.1-6+lenny4 common files used by all ..... : ii grub 0.97-47lenny2 GRand Unified Bootloader ..... ii grub-common 1.96+20080724-16 GRand Unified Bootloader, ..... ii gzip 1.3.12-6+lenny1 The GNU compression utility : ii wget 1.11.4-2+lenny1 retrieves files from the web ii whiptail 0.52.2-11.3+lenny1 Displays user-friendly dialog ..... ii x11-common 1:7.3+20 X Window System (X.Org) infrastructure ii xauth 1:1.0.3-2 X authentication utility ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
The first column in the list shows the status of packages after installation. The only correct of packages status is ' ii ' in the header of the list are marked with blue letters that may appear in the first column. The second column are the names of the packages installed, the third column shows the version of the districts are brief descriptions of the package. PACKAGE_NAME should not be confused with full_package_name that an FTP program with the support takes a site. For example, the package name ' bash ' belongs to the full name of ' bash_3.2-4_i386.deb '. Usually it is the site of the latest version available for different platforms and several older versions. ' apt ' mechanism to distinguish knows everything and take what he needs on the basis of lists of interdependence between the basic package, the package and the necessary supporting libraries.
Thus, packages can be installed on a computer from a previous take with a FTP program support or command ' wget '. The packet is then in the directory in which it is located, as well .deb file, installed on further described.
drago@voda:~$ drago@voda:~$ su - ............. (type the administrator password of a user 'root') voda:~# voda:~# cd / voda# voda# dpkg --list (overview of all packages) voda# dpkg --install full_package_name.deb (install downloaded package) voda# dpkg --remove package_name (remove package, configuration remains) voda# dpkg --purge package_name (remove package and configuration) voda# dpkg --configure package_name (reconfiguration installed package) voda# dpkg-reconfigure package_name (reconfiguration of package)
In this case, there is the installation package that was downloaded and transferred to the root directory, although it is not relevant to any of the package is installed. From the example shows that it is possible and reconfiguration already installed packages. If we want to remove some package may be that it can not be done, because by interdependent hierarchy requires another package. In this case, you first need to remove the other package, if it is not useful, and then the desired package. We can already guess that inadvertently remove a package can have serious consequences. Because of that the right to work with packages only has superuser.
If there is a need to remove some of the packages, the above can be done with the command ' apt ' as follows:
voda# apt-get remove package_name (remove package without configuration) voda# apt-get remove --purge package_name (remove package and configuration)
While working with a computer user can be in a position to make a large number of installations and uninstall individual packages, which inevitably leads to the system are files that are not associated with anything - orphans. Such files are deleted command:
voda# apt-get remove --purge $(deborphan)
Command is successively repeated until the number of the remains is reduced to zero.
* * * * * command to execute, next command, next command .... - - - - - | | | | | | | | | '----- day of the week ( 0 - 6 ; Sunday=0) | | | '-------- month ( 1 - 12 ) | | '----------- day of the month ( 1 - 31 ) | '-------------- hour of the day ( 0 - 23 ) '----------------- minute in the hour ( 0 - 59 )
The asterisk means 'any', and the actual value may be more separated by commas if single, or debt when it comes to the range of numbers that surround it.
Backing up data on a Sunday during the day, or find a report on the fillings to drive some of these jobs. The following example shows a part of a file [/var/spool/cron/crontabs/root], which will be executed under the control of supervisor. In the same directory may be kept on file 'drago' with the same task but with content specific to the user.
mak:/# mak:/# cd /var/spool/cron/crontabs# ls -al mak:/var/spool/cron/crontabs# ls -al
total 12
drwx-wx--x 2 root crontab 4096 Mar 4 11:37 .
drwxr-xr-x 3 root root 4096 Jul 1 2009 ..
-rw------- 1 root root 3373 Mar 6 12:26 root mak:/var/spool/cron/crontabs# mak:/var/spool/cron/crontabs# cat root : # Backup on the tape #
1 2 * * 0 updatedb
4 2 * * 0 mt -f /dev/st0 rewind
5 2 * * 0 cd /; tar -zcf /dev/st0 etc home usr var -X /home/0script/bkp_no.txt; /usr/bin/mail -s mak-backup ostalo@mak.ktf-split.hr < /home/0script/backup.txt : # disk space - mail #
14 3 * * * cd /home/0script; df -kh > disk.log; /usr/bin/mail -s mak-disk ostalo@mak.ktf-split.hr < disk.log; rm disk.log : # deleting old posts #
32 6 * * * cd /home/0script; /home/0script/stara_ptt > null; /usr/bin/mail -s mak-stara_posta ostalo@mak.ktf-split.hr < /home/0script/stara_ptt.txt
Long lines in the example shown broken after a character ' ; ' or character of redirections for visibility of page. The example shows the method of application and signs to direct ' > ' and ' < '. bkp_no.txt file contains a list of files that will be left out in the process of archiving and file backup.txt the message that is sent by mail to the administrator. The command ' /usr/bin/mail ' is not an essential part of the operating system and subsequently be installed.
mak:/var/spool/cron/crontabs# mak:/var/spool/cron/crontabs# cd /home/0script mak:/home/0script# cat backup.txt Executed backup to tape for: /etc /home /usr /var! mak:/home/0script# mak:/home/0script# cat stara_ptt #! /bin/zsh
cd /var/mail
for i in *
do
mail-expire --delete 40 $i
chown $i:mail $i
chmod 660 $i
done mak:/home/0script# mak:/home/0script# cat stara_ptt.txt Deleted mails older than 40 days! mak:/home/0script#
The system was built mechanism for tasks related to the schedule for the events, which are periodically performed hourly, daily, weekly and monthly basis, which is best seen by examining the content [/etc] directory. Users ' ostalo ' is written in the file [etc/aliases], which states that mail sent to him is routed to users ' drago '. So can be defined to be addressed such as fasting to address kontakt@trazilica.hr routed to multiple people. Routing performance scripts to delete old mail in the ' null ' device (a black hole) means that there is no apparent way out, because it does not matter how much of it and it was 40 days ago.
Backing up is done with the command ' tar ' from the root directory, and can make it to the name of the directory to be archived, in this case directories [/etc], [/home], [/usr] and [/var], it does not add sign of connectivity ' / ', as when restoring data from tape would not be 'overrun' already existing data. Command is executed in a temporary directory drawn up on the site at will, and hence the data can easily compare and copy as needed, for example:
mak:/#
mak:/# mkdir /home/drago/tmp
mak:/# cd /home/drago/tmp
mak:/home/drago/tmp# tar -zxvf /dev/st0 etc home usr var
Why and when done archiving to tape? Because the strips fit pretty well data is stored and kept after commission, daily, weekly, monthly and annual data archiving to them, with the label when the archive was made and what is archived. For this purpose well serve DAT devices. They do not have to keep all tapes. Six tape can be rotated weekly (lane Monday, Tuesday, Wednesday, ...) and used until all of the stretching and scratching. Describes the procedure necessary if an institution has only one server, then it must have a DAT machine and drives in a RAID array. If there are two servers that are constantly copied each other, the procedure is done but much time thinning. And if it is in a datacenter as Google, which constantly exchanges information between them, tape and RAID, not even the quality of the disc are of no significance. Command ' tar ' data can be saved in a file instead of sending it to the device with the tape as in the example, which is then copied to another computer, or just assume with some FTP program on another computer.
All of these commands and actions associated with them for an overview of the system and its maintenance. Particular care should be taken [/var] directory which contains all the working files services, waiting lists, web content and incoming mail, for lazy users mostly unread, directory files with discarded mail that was identified as a virus or spam, compressed log files, archives, new packages and the like. If you are not regularly monitors the state of the system, there may be some filling the space of the partitions and it is necessary to manually conduct 'clean' regardless of the fact that much of the work is done automatically. So daily inspection of servers is an essential obligation of the administrator.
Adjust the configuration according to the developments on the internet is another important task, especially if it is aimed at increasing the safety, and in this regard must be made regarding the resilience of the system checks to 'intrusion' in what is a very valuable service CERT (Computer Emergency Response Team), if available.
The worst that can happen is the administrator mistakenly change superuser password. Then you have to just starting, and some sort of optical media that contains the most basic editors and can not recognize the server system disks (Recovery CD / DVD), execute the activation of the operating system with the optical media 'hook' [/etc] directory system for it and delete the root password in [/etc/shadow] file. If the server hardware device 'i386' type, then the procedure because it helps a lot with KNOPPIX Linux distribution, which is activated with a CD / DVD player available complete Linux system that instantly detects and 'attaches' partitions of server, so that the very tools with KNOPPIX can quickly edit [/etc/shadow] file server and delete the root password, and of course by restoring the system to its original state and the password should be immediately restored. Not called KNOPPIX distribution without reason RESCUE SYSTEM.
|
 |
|
|
Citing of this page: Radic, Drago. " Informatics Alphabet " Split-Croatia. {Date of access}; https://informatics.buzdo.com/file. Copyright © by Drago Radic. All rights reserved. | Disclaimer |
