Thursday, July 28, 2016

Configuring BOQ at OSB Layer to handle MQ poison messages.. (MQ Dead Letter URI)

Backout Threshold - Non-Zero value.
Enter a value representing the number(5) of times the pipeline should retry a message before redirecting the message to the queue specified in the Dead Letter URI field(BOQ).If you do not specify a value for this field, the message is redirected to the BOQ without attempting any retries.

MQ Dead Letter URI - Need to be update the MQ BOQ Name here.
Enter the URI of the dead letter queue (BOQ_Name) to which request messages should be redirected after attempting the number of retries specified in the Backout Threshold field.

If you do not specify a value for this field, the message is discarded after retrying the number of times specified in the Backout Threshold field. The Dead Letter URI uses the same format as the EndPoint URI.

Friday, April 1, 2016

Silent MQ Uninstall on Windows..

You can use the Windows msiexec command to run the silent uninstall with the following syntax:
msiexec /x { product_code } /l*v " c:\removal.log" /q INSTALLATIONNAME=" installation_name "

You can find the product code in the registry under the following key:

64 bit OS:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IBM\WebSphereMQ\Installation\Installation_name

32 bit OS:
HKEY_LOCAL_MACHINE\SOFTWARE\IBM\WebSphere MQ\Installation\Installation_name

Thursday, January 28, 2016

WebSphere MQ AMS

WebSphere MQ applications can use WebSphere MQ Advanced Message Security to send sensitive data, such as high-value financial transactions and personal information, with different levels of protection by using a public key cryptography model.

groupadd mqusers
useradd alice
useradd bob
useradd fulano

alice - will have access to AMS to put messages
bob - will have access to AMS to get messages
fulano - will NOT have access to AMS, and it will be used to show what happens when an unauthorized user tries to browse the AMS protected messages.
Users are members of the group “mqusers”

crtmqm -u DLQ AMS
strmqm AMS
runmqsc AMS

define qlocal(TEST.Q)
define qlocal(Q1)

define listener(LISTENER.1444) trptype(tcp) control(qmgr) port(1444)
start listener(LISTENER.1444)

define channel(SYSTEM.ADMIN.SVRCONN) chltype(SVRCONN)
define qlocal(DLQ) like(SYSTEM.DEAD.LETTER.QUEUE)

set CHLAUTH(*) TYPE(BLOCKUSER) USERLIST('nobody','*MQADMIN')
set CHLAUTH(SYSTEM.ADMIN.*) TYPE(BLOCKUSER) USERLIST('nobody')

**check AMS is enabled or not
display qmgr SPLCAP
display ql(SYSTEM.PROTECTION*)

setmqaut -m AMS -t qmgr -p alice -p bob -p fulano +connect +inq +dsp
setmqaut -m AMS -n TEST.Q -t queue -p alice -p fulano +put +browse +dsp
setmqaut -m AMS -n TEST.Q -t queue -p bob -p fulano +get +browse +dsp

setmqaut -m AMS -t queue -n SYSTEM.PROTECTION.POLICY.QUEUE -p alice -p bob +browse
setmqaut -m AMS -t queue -n SYSTEM.PROTECTION.ERROR.QUEUE -p alice -p bob +put

mkdir /home/alice/.mqs -p
runmqakm -keydb -create -db /home/alice/.mqs/alicekey.kdb -pw passw0rd -stash
runmqakm -cert -create -db /home/alice/.mqs/alicekey.kdb -pw passw0rd -label Alice_Cert -dn "cn=alice,o=IBM,c=GB" -default_cert yes

runmqakm -cert -extract -db /home/alice/.mqs/alicekey.kdb -pw passw0rd -label Alice_Cert -target /tmp/alice_public.arm
chmod 644 /tmp/alice_public.arm
runmqakm -cert -add -db /home/alice/.mqs/alicekey.kdb -pw passw0rd -label Bob_Cert -file /tmp/bob_public.arm

mkdir /home/bob/.mqs -p
runmqakm -keydb -create -db /home/bob/.mqs/bobkey.kdb -pw passw0rd -stash
runmqakm -cert -create -db /home/bob/.mqs/bobkey.kdb -pw passw0rd -label Bob_Cert -dn "cn=bob,o=IBM,c=GB" -default_cert yes

runmqakm -cert -extract -db /home/bob/.mqs/bobkey.kdb -pw passw0rd -label Bob_Cert -target /tmp/bob_public.arm
chmod 644 /tmp/bob_public.arm

runmqakm -cert -add -db /home/bob/.mqs/bobkey.kdb -pw passw0rd -label Alice_Cert -file /tmp/alice_public.arm


chmod +r /home/alice/.mqs/alicekey.kdb
chmod +r /home/bob/.mqs/bobkey.kdb

** Creating 'keystore.conf' (Each user must have a separate keystore.conf file)
vi /home/alice/.mqs/keystore.conf
cms.keystore = /home/alice/.mqs/alicekey
cms.certificate = Alice_Cert

vi /home/bob/.mqs/keystore.conf
cms.keystore = /home/bob/.mqs/bobkey
cms.certificate = Bob_Cert

chmod 777 /home/alice/.mqs/*
chmod 777 /home/bob/.mqs/*

*** Defining queue policy
setmqspl -m AMS -p TEST.Q -s SHA1 -a "CN=alice,O=IBM,C=GB" -e AES256 -r "CN=bob,O=IBM,C=GB"
**dspmqspl -m AMS (Verify the policy:)


su alice
amqsputc TEST.Q AMS
this is a test

su bob
amqsputc TEST.Q AMS
Sample AMQSGET0 start
message <this is a test>
no more messages
Sample AMQSGET0 end


************** Notes....
Features and functions of WebSphere MQ Advanced Message Security:
Secures sensitive or high-value transactions processed by WebSphere MQ.
Detects and removes rogue or unauthorized messages before they are processed by a receiving application.
Verifies that messages were not modified while in transit from queue to queue.
Protects the data not only as it flows across the network but also when it is put on a queue.
Secures existing proprietary and customer-written applications for WebSphere MQ.

SPLCAP: Indicates whether security capabilities of WebSphere MQ Advanced Message Security are available for a queue manager.
SETMQSPL: setmqspl command to define a new security policy, alter an already existing one, or remove an existing policy.

Usage:
C:\>setmqspl
Usage: setmqspl -m <QMGR> -p <Policy Name> (-remove | -s <signing algorithm>
[-a <signer DN>]*
             [-e <encryption algorithm> [-r <receiver DN>]+] [-t <0|1>])


Example:
Here is an example of creating a policy on queue manager QMGR. The policy specifies that messages be signed using the SHA1 algorithm and encrypted using the AES256 algorithm for certificates with DN: CN=joe,O=IBM,C=US and DN: CN=jane,O=IBM,C=US. This policy is attached to MY.QUEUE:

$ setmqspl -m QMGR -p MY.QUEUE -s SHA1 -e AES256 -r CN=joe,O=IBM,C=US -r CN=jane,O=IBM,C=US

Here is an example of creating policy on the queue manager QMGR. The policy specifies that messages be encrypted using the DES algorithm for certificates with DNs: CN=john,O=IBM,C=US and CN=jeff,O=IBM,C=US and signed with the MD5 algorithm for certificate with DN: CN=phil,O=IBM,C=US

$ setmqspl -m QMGR -p MY.OTHER.QUEUE -s MD5 -e DES -r CN=john,O=IBM,C=US -r CN=jeff,O=IBM,C=US -a CN=phil,O=IBM,C=US

Removing security policies:

$ setmqspl -m QMGR -remove -p MY.OTHER.QUEUE

Granting OAM permissions:
To grant necessary permissions to a user, run:
setmqaut -m AMS -t qmgr -p alice  +connect +inq
setmqaut -m AMS -t queue -n SYSTEM.PROTECTION.POLICY.QUEUE -p alice  +browse +put
setmqaut -m AMS -t queue -n SYSTEM.PROTECTION.ERROR.QUEUE -p alice  +put

Digital signature algorithm:
WebSphere MQ Advanced Message Security supports the following values:
MD5, SHA1, SHA256, SHA384, and SHA512. All must be in uppercase. The default value is NONE.
For the SHA384 and SHA512 cryptographic hash functions, keys used for signing must be longer than 768 bits.
Encryption algorithms' name must be in uppercase.

Digital encryption algorithm:
WebSphere MQ Advanced Message Security supports the following encryption algorithms: RC2, DES, 3DES, AES128, AES256. The default value is NONE.
Encryption algorithms' name must be in uppercase.

Policy Backup.. (qload OR dmpmqcfg won't took the policy's backup)

dspmqspl -m QM_VERIFY_AMS -export >restore_my_policies.bat

Structure of the "keystore.conf" configuration file
Each WebSphere MQ Advanced Message Security user must have the keystore configuration file that points to a keystore file. WebSphere MQ Advanced Message Security accepts the following format of keystore files: .kdb, .jceks, .jks.

default location of the keystore.conf file is:
On UNIX platforms: $HOME/.mqs/
On Windows platforms: %HOMEDRIVE%\%HOMEPATH%\.mqs\keystore.con

If you are using a specified keystore filename and location, you should use the following commands:
export MQS_KEYSTORE_CONF=<path>/<filename>

CMS (cryptographic message security)
cms.keystore = /<dir>/<keystore_file>
cms.certificate = certificate_label

JCEKS (Java Cryptographic encription keyStore)
jceks.keystore = <dir>/Keystore
jceks.certificate = <certificate_label>
jceks.encrypted = no
jceks.keystore_pass = <password>
jceks.key_pass = <password>
jceks.provider = IBMJCE

JKS (Java KeyStore)
jks.keystore = <dir>/Keystore
jks.certificate = <certificate_label>
jks.encrypted = no
jks.keystore_pass = <password>
jks.key_pass = <password>
jks.provider = IBMJCE

Friday, November 27, 2015

Some basic question on IBM MB..

Q: What exactly do you understand by message broker??
Ans: A Message Broker is an intermediary program that helps communicating multiple system to each other by transforming, routing the messages in the way they need.

Q: Why do we require message broker when we have MQ?
Ans: Both message broker and mq works as middleware programs, that is to help communicating different systems, but mq has a slight drawback that it cannot transform the messages. It can just send the message to other system.

Q:What is the difference between Message Broker and MQ?
Ans: WebSphere MQ facilitates communication between applications by sending and receiving message data via messaging queues. WebSphere MQ provides a secure and reliable layer of transport for moving data unchanged in the form of messages between applications but it is not aware of the content of the messages.
WebSphere Message Broker is built to extend WebSphere MQ, and it is capable of understanding the content of each message that it moves through the Broker. Message Broker can do the following:

Matches and routes communications between services
Converts between different transport protocols
Transforms message formats between requestor and service
Identifies and distributes business events from disparate sources.

Q:What are the advantages of using Websphere message broker?
Ans: Websphere message broker provides services, based on message brokers to allow you to:
Route a message to several destinations, using rules that act on the contents of one or more of the fields in the message or message header.
Transform a message, so that applications using different formats can exchange messages in their own formats.
Store a message, or part of a message, in a database.
Retrieve a message, or part of a message, from a database.
Modify the contents of a message; for example, by adding data extracted from a database.

Q: What all are the main components used in Message Broker?
Ans: The main components used in Message Broker Name Server are
User Name Server
Configuration Manager
Broker

Q: What do you understand by Broker Domain?
Ans: Group of brokers under a single configuration manager constitute a Broker Domain.

Q:What is the significance of nodes in message flows?
Ans: A message flow node receives a message, performs a set of actions against the message, passes the original message or the changed message, to the next node in the message flow.

Q:If configuration manager is down, what are the effects on the running brokers?
Ans: The running broker will also be down at the moment when configuration manager is down.

Q:How can we create broker?
Ans: Two ways to create broker:
By using Websphere Message Broker Explorer.
By using command prompt.

Q:What is the command use to create broker?
Ans: mqsicreatebroker is the command used to create broker.

Q:What is User name Server?
Ans: The User Name Server is an optional runtime component that provides authentication of users and groups and give an administrative control over who can publish and who can subscribe operations.

Q:What is the Role of Username server?
Ans: The User Name Server interfaces with operating system facilities to provide information about valid users and groups in a broker domain.

Q:Can a single queue manager have two brokers?
Ans: No a single queue mnager cannot have two brokers.

Q:With Which command one can deploy the bar files?
Ans: Using the mqsideploy command one can deploy the bar files.

Q:What is the difference between a Root and OuputRoot?
Ans: Root is used in the Database content changing and in Filter node.
Output Root is used in the ESQL code for a Compute node that creates a new output message based on the input message

Q:What is the Use of Configmanager?
Ans: To Connect to the remote broker or local broker and to deploy the message flows onto the Broker.

Q:Which perspective you used to deploy the flow?
Ans: Administrator perspective is used to deploy the flow.

Q:What do you understand by EAI? Name some EAI tools?
Ans: Enterprise Application Integration refers to the integration of one or more applications and processes together.
Tools: WBI Message Broker, Tibco, WebMethods and ICS

Q: What are the Features of Message Broker?
Ans: WMB has many features, The main features are :
Routing
Transformation and
Integration

Q: What do you mean by an Execution Group?
Ans: An execution group is a named grouping of message flows that have been assigned to a broker. The broker enforces a degree of isolation between message flows in distinct execution groups by ensuring that they execute in separate address spaces, or as unique processes.

Q: What is the significance of SCHEMA in message broker?
Ans: A broker schema is a symbol space that defines the scope of uniqueness of the names of resources defined within it. The resources are message flows, ESQL files, and mapping files.

Q:What are the perspectives you have mainly used while development in message broker?
Ans: The perspectives mainly used while the development in message broker are

Administration Perspective
Application Development Perspective
Debugging Perspective
Java Perspective (MB 6)

Wednesday, August 19, 2015

Troubleshooting and support

If you are having problems with your queue manager network or WebSphere® MQ applications, use the techniques described to help you diagnose and solve the problems.
For an introduction to troubleshooting and support, see Troubleshooting overview.
There are some initial checks that you can make for your platform to help determine the causes of some common problems. See the appropriate topic for your platform:
For information about solving problems, see Dealing with problems.
For information about solving problems for WebSphere MQ Telemetry, see Troubleshooting for WebSphere MQ Telemetry.
For information about solving problems when you are using channel authentication records, see Troubleshooting channel authentication records.
Information that is produced by WebSphere MQ can help you to find and resolve problems. For more information, see the following topics:
For information about recovering after a problem, see Recovering after failure.
You can also read the general troubleshooting guidance in the following topics:
If a WebSphere MQ component or command has returned an error, and you want further information about a message written to the screen or the log, you can browse for details of the message, see Reason codes.

Wednesday, May 27, 2015

WebSphere MQ Multi-Instance Queue Managers Creations

Server1:
Create the logs and qmgrs directory in the shared file system:
# mkdir logs
# mkdir data
# chown -R mqm:mqm /mqha
# chmod -R ug+rwx /mqha
Create the queue manager:
# crtmqm -ld /mqha/log/ -md /mqha/data/ TEST
WebSphere MQ queue manager created.
Directory '/mqha/data/TEST' created.
The queue manager is associated with installation 'Installation1'.
Creating or replacing default objects for queue manager 'TEST'.
Default objects statistics : 74 created. 0 replaced. 0 failed.
Completing setup.
Setup completed.
#
Copy the queuemanager configuration details from Server1:
#  dspmqinf -o command TEST
Copy the output of the above command to Notepad. The output will be in the following format:
addmqinf -s QueueManager -v Name=TEST -v Directory=TEST -v Prefix=/var/mqm -v DataPath=/mqha/data/TEST


Server:2
Paste the output of the command was saved in Notepad in Step 4:
# addmqinf -s QueueManager -v Name=TEST -v Directory=TEST -v Prefix=/var/mqm -v DataPath=/mqha/data/TEST
WebSphere MQ configuration information added.
#
Start the active instance of queue manager on Server 1:
# strmqm -x TEST
WebSphere MQ queue manager 'TEST' starting.
The queue manager is associated with installation 'Installation1'.
5 log records accessed on queue manager 'TEST' during the log replay phase.
Log replay for queue manager 'TEST' complete.
Transaction manager state recovered for queue manager 'TEST'.
WebSphere MQ queue manager 'TEST' started using V7.5.0.2.
#
Start the standby instance of queue manager on Server 2:
# strmqm -x TEST
WebSphere MQ queue manager 'TEST' starting.
The queue manager is associated with installation 'Installation1'.
A standby instance of queue manager 'TEST' has been started. The active
instance is running elsewhere.
#
Verify the setup using dspmq -x:
On Server1 (stallion)
# dspmq -x
QMNAME(TEST) STATUS(Running)
INSTANCE(ausul3mq03.us.dell.com) MODE(Active)

#
On Server2 (saigon)
# dspmq -x
QMNAME(TEST) STATUS(Running as standby)
INSTANCE(ausul3mq03.us.dell.com) MODE(Active)
INSTANCE(ausul3mq04.us.dell.com) MODE(Standby)


**Testing - Creating a client auto-reconnect setup:
Create a local queue called TESTQ with defpsist(yes).
# DEF QL(TESTQ) DEFPSIST(YES)
DEF QL(TESTQ) DEFPSIST(YES)
AMQ8006: WebSphere MQ queue created.

Create a svrconn channel called TEST.SVRCONN.01.
# DEF CHL(TEST.SVRCONN.01) CHLTYPE(SVRCONN) TRPTYPE(TCP)
DEF CHL(TEST.SVRCONN.01) CHLTYPE(SVRCONN) TRPTYPE(TCP)
      DEF CHL(TEST.SVRCONN.01) CHLTYPE(SVRCONN) TRPTYPE(TCP)
AMQ8014: WebSphere MQ channel created.

Create a listener TCP.LSTR with port 9898
# Def lstr(TCP.LSTR) trptype(TCP) port(9898)
Def lstr(TCP.LSTR) trptype(TCP) port(9898)
AMQ8626: WebSphere MQ listener created.

# Start lstr(TCP.LSTR)
Start lstr(TCP.LSTR)
AMQ8021: Request to start WebSphere MQ listener accepted.

**Executing the client auto-reconnect samples
ON Server 1 : Invoke the amqsphac sample program:

# amqsphac TESTQ TEST

In another window on Server 1, end the queue manager with the "-is" option so that it will switch over to a standby queue manager:

#  endmqm -is TEST

Verify that a switchover has occurred: On Server2
# dspmq -x -o standby

Tuesday, April 29, 2014

Unix basic commannds

Basic Unix tools:
1. Explain the difference between these two commands. This question is very
important. If you don't know the answer, then look back at the shell chapter.
find /data -name "*.txt"
find /data -name *.txt
When *.txt is quoted then the shell will not touch it. The find tool will look in the
/data for all files ending in .txt.
When *.txt is not quoted then the shell might expand this (when one or more files
that ends in .txt exist in the current directory). The find might show a different result,
or can result in a syntax error.

2. Explain the difference between these two statements. Will they both work when
there are 200 .odf files in /data ? How about when there are 2 million .odf files ?
find /data -name "*.odf" > data_odf.txt
find /data/*.odf > data_odf.txt
The first find will output all .odf filenames in /data and all subdirectories. The shell
will redirect this to a file.
The second find will output all files named .odf in /data and will also output all files
that exist in directories named *.odf (in /data).
With two million files the command line would be expanded beyond the maximum
that the shell can accept. The last part of the command line would be lost.

3. Write a find command that finds all files created after January 30th 2010.
touch -t 201001302359 marker_date
find . -type f -newer marker_date
There is another solution :
find . -type f -newerat "20100130 23:59:59"

4. Write a find command that finds all *.odf files created in September 2009.
touch -t 200908312359 marker_start
touch -t 200910010000 marker_end
find . -type f -name "*.odf" -newer marker_start ! -newer marker_end
The exclamation mark ! -newer can be read as not newer.

5. Count the number of *.conf files in /etc and all its subdirs.
find /etc -type f -name '*.conf' | wc –l

6. Two commands that do the same thing: copy *.odf files to /backup/ . What would
be a reason to replace the first command with the second ? Again, this is an important
question.
cp -r /data/*.odf /backup/basic Unix tools
144
find /data -name "*.odf" -exec cp {} /backup/ \;
The first might fail when there are too many files to fit on one command line.

7. Create a file called loctest.txt. Can you find this file with locate ? Why not ? How
do you make locate find this file ?
You cannot locate this with locate because it is not yet in the index.
Updated

8. Use find and -exec to rename all .htm files to .html.
paul@rhel55 ~$ find . -name '*.htm'
./one.htm
./two.htm
paul@rhel55 ~$ find . -name '*.htm' -exec mv {} {}l \;
paul@rhel55 ~$ find . -name '*.htm*'
./one.html
./two.html

9. Issue the date command. Now display the date in YYYY/MM/DD format.
date +%Y/%m/%d

10. Issue the cal command. Display a calendar of 1582 and 1752. Notice anything
special ?
cal 1582
The calendars are different depending on the country. Check http://linux-training.be/
files/studentfiles/dates.txt

Working with directories:
1. Display your current directory.
pwd
2. Change to the /etc directory.
cd /etc
3. Now change to your home directory using only three key presses.
cd (and the enter key)
4. Change to the /boot/grub directory using only eleven key presses.
cd /boot/grub (use the tab key)
5. Go to the parent directory of the current directory.
cd .. (with space between cd and ..)
6. Go to the root directory.
cd /
7. List the contents of the root directory.
ls
8. List a long listing of the root directory.
ls -l
9. Stay where you are, and list the contents of /etc.
ls /etc
10. Stay where you are, and list the contents of /bin and /sbin.
ls /bin /sbin
11. Stay where you are, and list the contents of ~.
ls ~
12. List all the files (including hidden files) in your home directory.
ls -al ~
13. List the files in /boot in a human readable format.
ls -lh /boot
14. Create a directory testdir in your home directory.
mkdir ~/testdir
15. Change to the /etc directory, stay here and create a directory newdir in your home
directory.working with directories
34
cd /etc ; mkdir ~/newdir
16. Create in one command the directories ~/dir1/dir2/dir3 (dir3 is a subdirectory
from dir2, and dir2 is a subdirectory from dir1 ).
mkdir -p ~/dir1/dir2/dir3
17. Remove the directory testdir.
rmdir testdir
18. If time permits (or if you are waiting for other students to finish this practice),
use and understand pushd and popd. Use the man page of bash to find information
about these commands.
man bash
paul@laika:/etc$ cd /bin
paul@laika:/bin$ pushd /lib
/lib /bin
paul@laika:/lib$ pushd /proc
/proc /lib /bin
paul@laika:/proc$
paul@laika:/proc$ popd
/lib /bin
paul@laika:/lib$
paul@laika:/lib$
paul@laika:/lib$ popd
/bin
paul@laika:/bin$


Working with files:
1. List the files in the /bin directory
ls /bin
2. Display the type of file of /bin/cat, /etc/passwd and /usr/bin/passwd.
file /bin/cat /etc/passwd /usr/bin/passwd
3a. Download wolf.jpg and LinuxFun.pdf from http://linux-training.be (wget http://
linux-training.be/files/studentfiles/wolf.jpg and wget http://linux-training.be/files/
books/LinuxFun.pdf)
3b. Display the type of file of wolf.jpg and LinuxFun.pdf
file wolf.jpg LinuxFun.pdf
3c. Rename wolf.jpg to wolf.pdf (use mv).
mv wolf.jpg wolf.pdf
3d. Display the type of file of wolf.pdf and LinuxFun.pdf.
file wolf.pdf LinuxFun.pdf
4. Create a directory ~/touched and enter it.
mkdir ~/touched ; cd ~/touched
5. Create the files today.txt and yesterday.txt in touched.
touch today.txt yesterday.txt
6. Change the date on yesterday.txt to match yesterday's date.
touch -t 200810251405 yesterday.txt (substitute 20081025 with yesterday)
7. Copy yesterday.txt to copy.yesterday.txt
cp yesterday.txt copy.yesterday.txt
8. Rename copy.yesterday.txt to kim
mv copy.yesterday.txt kim
9. Create a directory called ~/testbackup and copy all files from ~/touched into it.
mkdir ~/testbackup ; cp -r ~/touched ~/testbackup/
10. Use one command to remove the directory ~/testbackup and all files into it.
rm -rf ~/testbackup
11. Create a directory ~/etcbackup and copy all *.conf files from /etc into it. Did you
include all subdirectories of /etc ?


File contents:
1. Display the first 12 lines of /etc/services.
head -12 /etc/services
2. Display the last line of /etc/passwd.
tail -1 /etc/passwd
3. Use cat to create a file named count.txt that looks like this:
cat > count.txt
One
Two
Three
Four
Five (followed by Ctrl-d)
4. Use cp to make a backup of this file to cnt.txt.
cp count.txt cnt.txt
5. Use cat to make a backup of this file to catcnt.txt.
cat count.txt > catcnt.txt
6. Display catcnt.txt, but with all lines in reverse order (the last line first).
tac catcnt.txt
7. Use more to display /var/log/messages.
more /var/log/messages
8. Display the readable character strings from the /usr/bin/passwd command.
strings /usr/bin/passwd
9. Use ls to find the biggest file in /etc.
ls -lrS /etc
10. Open two terminal windows (or tabs) and make sure you are in the same directory
in both. Type echo this is the first line > tailing.txt in the first terminal, then issue
tail -f tailing.txt in the second terminal. Now go back to the first terminal and type
echo This is another line >> tailing.txt (note the double >>), verify that the tail -f
in the second terminal shows both lines. Stop the tail -f with Ctrl-C.
11. Use cat to create a file named tailing.txt that contains the contents of tailing.txt
followed by the contents of /etc/passwd.
cat /etc/passwd >> tailing.txt
12. Use cat to create a file named tailing.txt that contains the contents of tailing.txt
preceded by the contents of /etc/passwd.
mv tailing.txt tmp.txt ; cat /etc/passwd tmp.txt > tailing.txt

File system tree:
1. Does the file /bin/cat exist ? What about /bin/dd and /bin/echo. What is the type
of these files ?
ls /bin/cat ; file /bin/cat
ls /bin/dd ; file /bin/dd
ls /bin/echo ; file /bin/echo
2. What is the size of the Linux kernel file(s) (vmlinu*) in /boot ?
ls -lh /boot/vm*
3. Create a directory ~/test. Then issue the following commands:
cd ~/test
dd if=/dev/zero of=zeroes.txt count=1 bs=100
od zeroes.txt
dd will copy one times (count=1) a block of size 100 bytes (bs=100) from the file /
dev/zero to ~/test/zeroes.txt. Can you describe the functionality of /dev/zero ?
/dev/zero is a Linux special device. It can be considered a source of zeroes. You
cannot send something to /dev/zero, but you can read zeroes from it.
4. Now issue the following command:
dd if=/dev/random of=random.txt count=1 bs=100 ; od random.txt
dd will copy one times (count=1) a block of size 100 bytes (bs=100) from the file /
dev/random to ~/test/random.txt. Can you describe the functionality of /dev/random
?
/dev/random acts as a random number generator on your Linux machine.
5. Issue the following two commands, and look at the first character of each output
line.
ls -l /dev/sd* /dev/hd*
ls -l /dev/tty* /dev/input/mou*
The first ls will show block(b) devices, the second ls shows character(c) devices. Can
you tell the difference between block and character devices ?
Block devices are always written to (or read from) in blocks. For hard disks, blocks
of 512 bytes are common. Character devices act as a stream of characters (or bytes).
Mouse and keyboard are typical character devices.
6. Use cat to display /etc/hosts and /etc/resolv.conf. What is your idea about the
purpose of these files ?the Linux file tree
71
/etc/hosts contains hostnames with their ip address
/etc/resolv.conf should contain the ip address of a DNS name server.
7. Are there any files in /etc/skel/ ? Check also for hidden files.
Issue "ls -al /etc/skel/". Yes, there should be hidden files there.
8. Display /proc/cpuinfo. On what architecture is your Linux running ?
The file should contain at least one line with Intel or other cpu.
9. Display /proc/interrupts. What is the size of this file ? Where is this file stored ?
The size is zero, yet the file contains data. It is not stored anywhere because /proc is
a virtual file system that allows you to talk with the kernel. (If you answered "stored
in RAM-memory, that is also correct...).
10. Can you enter the /root directory ? Are there (hidden) files ?
Try "cd /root". Yes there are (hidden) files there.
11. Are ifconfig, fdisk, parted, shutdown and grub-install present in /sbin ? Why are
these binaries in /sbin and not in /bin ?
Because those files are only meant for system administrators.
12. Is /var/log a file or a directory ? What about /var/spool ?
Both are directories.
13. Open two command prompts (Ctrl-Shift-T in gnome-terminal) or terminals (CtrlAlt-F1, Ctrl-Alt-F2, ...) and issue the who am i in both. Then try to echo a word from
one terminal to the other.
tty-terminal: echo Hello > /dev/tty1
pts-terminal: echo Hello > /dev/pts/1
14. Read the man page of random and explain the difference between /dev/random
and /dev/urandom.
man 4 random


Redirection and pipes:
1. Use ls to output the contents of the /etc/ directory to a file called etc.txt.
ls /etc > etc.txt
2. Activate the noclobber shell option.
set -o noclobber
3. Verify that nocclobber is active by repeating your ls on /etc/.
ls /etc > etc.txt (should not work)
4. When listing all shell options, which character represents the noclobber option ?
echo $- (noclobber is visible as C)
5. Deactivate the noclobber option.
set +o noclobber
6. Make sure you have two shells open on the same computer. Create an empty
tailing.txt file. Then type tail -f tailing.txt. Use the second shell to append a line of
text to that file. Verify that the first shell displays this line.
paul@deb503:~$ > tailing.txt
paul@deb503:~$ tail -f tailing.txt
hello
world
in the other shell:
paul@deb503:~$ echo hello >> tailing.txt
paul@deb503:~$ echo world >> tailing.txt
7. Create a file that contains the names of five people. Use cat and output redirection
to create the file and use a here document to end the input.
paul@deb503:~$ cat > tennis.txt << ace
> Justine Henin
> Venus Williams
> Serena Williams
> Martina Hingis
> Kim Clijsters
> ace
paul@deb503:~$ cat tennis.txt
Justine Henin
Venus Williams
Serena Williams
Martina Hingis
Kim Clijsters
paul@deb503:~$


***Linux security concepts(Groups & users):***
Groups:
1. Create the groups tennis, football and sports.
groupadd tennis ; groupadd football ; groupadd sports
2. In one command, make venus a member of tennis and sports.
usermod -a -G tennis,sports venus
3. Rename the football group to foot.
groupmod -n foot football
4. Use vi to add serena to the tennis group.
vi /etc/group
5. Use the id command to verify that serena is a member of tennis.
id (and after logoff logon serena should be member)
6. Make someone responsible for managing group membership of foot and sports.
Test that it works.
gpasswd -A (to make manager)
gpasswd -a (to add member)

Users:
1. Create the users Serena Williams, Venus Williams and Justine Henin, all of them
with password set to stargate, with username (lower case) as their first name, and
their full name in the comment. Verify that the users and their home directory are
properly created.
useradd -m -c "Serena Williams" serena ; passwd serena
useradd -m -c "Venus Williams" venus ; passwd venus
useradd -m -c "Justine Henin" justine ; passwd justine
tail /etc/passwd ; tail /etc/shadow ; ls /home
Keep user logon names in lowercase!
2. Create a user called kornuser, give him the Korn shell (/bin/ksh) as his default
shell. Log on with this user (on a command line or in a tty).
useradd -s /bin/ksh kornuser ; passwd kornuser
3. Create a user named einstime without home directory, give him /bin/date as his
default logon shell. What happens when you log on with this user ? Can you think of
a useful real world example for changing a user's login shell to an application ?
useradd -s /bin/date einstime ; passwd einstime
It can be useful when users need to access only one application on the server. Just
logging on opens the application for them, and closing the application automatically
logs them off.
4. Try the commands who, whoami, who am i, w, id, echo $USER $UID .
who ; whoami ; who am i ; w ; id ; echo $USER $UID
5a. Lock the venus user account with usermod.
usermod -L venus
5b. Use passwd -d to disable the serena password. Verify the serena line in /etc/
shadow before and after disabling.
grep serena /etc/shadow; passwd -d serena ; grep serena /etc/shadow
5c. What is the difference between locking a user account and disabling a user
account's password ?
Locking will prevent the user from logging on to the system with his password (by
putting a ! in front of the password in /etc/shadow). Disabling with passwd will erase
the password from /etc/shadow.
6. As root change the password of einstime to stargate.
Log on as root and type: passwd einstime
7. Now try changing the password of serena to serena as serena.
log on as serena, then execute: passwd serena... it should fail!

file permissions:
1. As normal user, create a directory ~/permissions. Create a file owned by yourself
in there.
mkdir ~/permissions ; touch ~/permissions/myfile.txt
2. Copy a file owned by root from /etc/ to your permissions dir, who owns this file
now ?
cp /etc/hosts ~/permissions/
The copy is owned by you.
3. As root, create a file in the users ~/permissions directory.
(become root)# touch /home/username/permissions/rootfile
4. As normal user, look at who owns this file created by root.
ls -l ~/permissions
The file created by root is owned by root.
5. Change the ownership of all files in ~/permissions to yourself.
chown user ~/permissions/*
You cannot become owner of the file that belongs to root.
6. Make sure you have all rights to these files, and others can only read.
chmod 644 (on files)
chmod 755 (on directories)
7. With chmod, is 770 the same as rwxrwx--- ?
yes
8. With chmod, is 664 the same as r-xr-xr-- ?
No
9. With chmod, is 400 the same as r-------- ?
yes
10. With chmod, is 734 the same as rwxr-xr-- ?
no
11a. Display the umask in octal and in symbolic form.
umask ; umask –Ss
11b. Set the umask to 077, but use the symbolic format to set it. Verify that this works.
umask -S u=rwx,go=
12. Create a file as root, give only read to others. Can a normal user read this file ?
Test writing to this file with vi.
(become root)
# echo hello > /home/username/root.txt
# chmod 744 /home/username/root.txt
(become user)
vi ~/root.txt
13a. Create a file as normal user, give only read to others. Can another normal user
read this file ? Test writing to this file with vi.
echo hello > file ; chmod 744 file
Yes, others can read this file
13b. Can root read this file ? Can root write to this file with vi ?
Yes, root can read and write to this file. Permissions do not apply to root.
14. Create a directory that belongs to a group, where every member of that group
can read and write to files, and create files. Make sure that people can only delete
their own files.
mkdir /home/project42 ; groupadd project42
chgrp project42 /home/project42 ; chmod 775 /home/project42

You can not yet do the last part of this exercise...