/etc Directory

/etc directory contains most of the basic Linux system-configuration files.

adjtime - Holds to data to adjust the hardware clock.

aliases - Can contain distribution lists used by the Linux mail service.

bashrc - Sets system-wide defaults used for bash shell users.

cdrecord.conf - Contains defaults used for recording CDs.

crontab - Sets cron environment and times for running automated tasks.

csh.cshrc (Or cshrc) - Sets system-wide defaults for csh ( C shell ) users.

exports - Contains a list of local directories that are available to be shared by remote computers using the Network File System.

fedora-release - Contain a string identifying the current Fedora core release.

fstab - Identifies the devices for common storage media and locations where are mounted in the Linux system. This is used by the mount command to choose which file system to mount.

group - Identifies group names and groups IDs that are defined on the systems. Group permissions in Fedora are defined by the second of three sets of rwx (read, write, execute) bits associated with each file and directory.

gshadow - Contains shadow passwords for groups.

host.conf - Sets the locations in which domain names are searched for on TCP/IP networks. By defaults, the local hosts list is searched, then any nameserver entries in resolv.conf.

hosts - Contains IP addresses and host names that you can reach from your computer.

hosts.allow - List host computers that are allowed to use certain TCP/IP services from the local computer.

hosts.deny - List host computers that are not allowed to use certain TCP/IP services from the local computer.

inittab - Contains information that defines boots, shuts down, or goes into different states in between. This is the most basic configuration file for starting Linux.

issue - Contains the lines that are displayed when a terminal is ready to let you log into Fedora from a local terminal, or the console in text mode.

issue.net - Contains login lines that are displayed to users who try to log in to the Linux system from a computer on the network using the telnet service.

lilo.conf - Sets Linux boot loader (lilo) parameters to boot the computer.

man.config - Used by the man command to determine the default path to the location of man pages.

modules.conf - Contains aliases and options related to loadable kernel modules used by your computer.

mtab - Contains a list of file system that are currently mounted.

mtools.conf - Contains settings used by DOS tools in Linux.

named.conf - Contains DNS settings if you are running your own DNS server.

ntp.conf - Includes information needed to run the network time protocol (NTP).

passwd - Stores account information for all valid users for the system.

printcap - Contains definitions for the printers configured for your computer.

profile - Sets system-wide environment and start-up programs for all users.

protocols - Sets protocols numbers and names for a variety of internet services.

redhat-release - Contains a string identifying the current Red Hat release.

resolve.conf - Identifies the locations of DNS name servers computers that are used by TCP/IP to translate Internet host domain names and numbers.

rcp - Defines remote procedure call names and numbers.

shadow - Contains encrypted passwords for users who are defined in the passwd file.

shells - Lists the shell command line interpreters that are available on the system as well as their locations.

sudoers - Sets commands that can be run by users, who may not otherwise have permission to run the command, using the sudo command.

syslog.conf - Defines what logging messages are gathered by the sys logged daemon and what file they are stored in.

termcap -


Linux can run same applications that are intended for other operating system using emulator programs.

There are some important emulator programs which are given below.

1) DOSEMU: For running DOS programs( http://dosemu.sourceforge.net).

2) WINE: Foe all windows version.

3) ARDI: For Macintosh operating system (MAC OS).


I. Using mtools:

mtools are mostly DOS commands that have the letter m in front of them and that run in Linux. Using these commands, you can easily work with DOS files and file system.




Which is used to change an MS-DOS file attribute.


Which tests a floppy disk and marks any bad blocks contained on the floppy in its FAT.


To change the directory.


Which is used to verify a file.


To copy a file.


To delete a file.


Which delete an MS-DOS directory along with the files and subdirectories it contains.


Which lists a directory's contains.


Which is used to format a DOS floppy disk.


This command is used to print information about a DOS device, such as a floppy disk.


This command is used to create a shell script that restores Linux file names that were truncated by DOS command.


The DOS label command, which is used to make a DOS volume label.


Which is used to create a DOS directory.


This command is used to mount a DOS disk in Linux.


Which is used to move a file to another directory or rename it.


Which is used to remove a DOS directory.


Which is used to rename a DOS directory.


This command is used to show the FAT entry for a file in a DOS file system.


This command is used to test the mtools configuration files.


Which is used to display the contents of a DOS file.


This command is used to performs operations with zip disks including eject, write protect and query.


The Linux du command, which is used to show the amount of disk space used by a DOS directory.


dosemu does not come with Fedora Core distributions. Download the dosemu RPM file from "dosemu.sourceforge.net".

If it were running DOS then you can use dosemu.

The following commands can be used to start dosemu with in Linux.


Starts the DOS emulator in its shell.


Starts the DOS emulator in its an X term window.


Starts a debug programs to view information and error messages about a running DOS program.

Note: Basic information about your DOS environment is set in the "/etc/dosemu/dosemu.conf" file.

If you want other users on your Linux system to use DOS, however, edit the "/etc/dosemu.users" file.

#vi /etc/dosemu.users

root c-all

all c-all


The WINE project ( www.winehq.com ) has been making great strides in getting applications that were create for Microsoft Windows to run in Linux and other OS.

To get WINE for your Fedora system, you can go to the following places.





A commercial version of WINE, called wineX, www.transgaming.com

VMware and Win4Lin are other good ways to run windows applications along with a Linux system on the same running computer.

VMware from www.vmware.com

Win4Lin from www.netraverse.com


When you install the wine package in Fedora Core, the package creates /etc/wine/wine.conf and /etc/wine/system.reg files that, like the windows registry, identity the locations of components an application would need in a Microsoft Windows operating system.

The location of the basic Microsoft Windows operating system directories for wine is the $HOME/.wine/c directory for each users, which looks like the c: drive to wine. The /usr/share/wine-c directory contains the system-wide version of this directory that each user can point to.


Microsoft Description

Windows Drive Letter Or Name

Driver letters Linux Directory

In wine Linux Device Name (if application)





Hard disk #1









In the example, I want to be able to run the Microsoft paint program (mspaint.exe) from windows in Linux using wine. Here is an example of how to go about it,

I. Make a directory on which to mount your windows partition. For example,

#mkdir /mnt/win

#mount -t vfat /dev/hda1 /mnt/win

#service wine start

To make that partition permanently available to you from Linux, add the following line to /etc/fstab file

/dev/hda1 /mnt/win vfat defaults 0 0

II. Copy the mspaint.exe program from /mnt/win/Program Fies/Accessories/mspaint.exe to /bin directory.

#cp /mnt/win/Program Files/Accessories/mspaint.exe /bin

III. Run the wine command with mspaint.exe as an argument to see if it can run or if it needs some added DLL files.

#wine /bin/mspaint.exe

err: module : PE_fixup_imports Module (file) MFC42.DLL ( Which is needed by z:\a\mspaint.exe) not found.

IV. Next copy the necessary DLL file from the Microsoft Windows partition.

#cp /mnt/win/windows/system/mfc42.dll /usr/share/wine-c/windows/system

V. With the proper DLL files install, type wine /bin/mspaint.exe again and the Microsoft paint window opens.

#wine /bin/mspaint.exe


Applications that have been tested to run under wine are maintained at the wine application database ( http://appdb.codeweavers.com ).


[root@localhost root]# service xfs start

ð To run the GRI - Graphical User Interface, xfs service is must be required.

[root@localhost root]# switchdesk

ð We can choose different desktop by this command. This command will work only in GUI.

[root@localhost root]# startx

ð To run GUI from CUI - Character User Interface.

[root@localhost root]# startx :--1

[root@localhost root]# startx :--2

ð To run more then one GUI.

[root@localhost root]# gdm

[root@localhost root]# kdm

[root@localhost root]# xdm

ð To run Gnome desktop or K desktop or X desktop.

Kernel customization

First, download and install the kernel source code. The rpm name is kernel-source.rpm.

[root@localhost root]# rpm -ivh kernel-source.rpm

ð It will ask you all the necessary rpm which are must need for kernel-source.rpm.

[root@localhost root]# rpm -ivh ncurses

ð By this program it is easy to change the configuration.

[root@localhost root]# cd /usr/src/linux-2.4

ð Now we go to linux-2.4 directory and give some following commands.

[root@localhost linux-2.4]# make Xconfig

[root@localhost linux-2.4]# make menuconfig

[root@localhost linux-2.4]# make mrproper

ð Make mrproper command are used to check all the necessary rpm are installed or not and can it possible to kernel compilation?

ð Make xconfig to use an X Window system base configuration program to configure the kernel.

ð Make menuconfig is used as text mode to configure the kernel.

After make new kernel configuration, give the command,

[root@localhost linux-2.4]# make dep

[root@localhost linux-2.4]# make bzImage

[root@localhost linux-2.4]# make modules

[root@localhost linux-2.4]# make modules_install

ð After giving this above command, it will take more times and display all the working information. After completion of above commands, the module files will be stored in /lib/module directory.

Now, to know the Red hat version we can execute the command as

[root@localhost linux-2.4]# uname -u


ð It will show the Red hat version number.

[root@localhost linux-2.4]# mkinitrd


[root@localhost linux-2.4]# mkinitrd initrd1 2.4-8

ð To make initrd file. And this file will be created in the current directory and it is called module.

[root@localhost linux-2.4]# ls


.. ... .... ...

ð Now, we will copy the initrd file to "/boot" directory.

[root@localhost linux-2.4]# cp initrd1 /boot/initrd1

ð Here initrd1 is the file name of new initrd.

Another bzImage file will create which is called kernel. The path is given below.

[root@localhost root]# cd /usr/src/linux/arch/i386/boot

[root@localhost boot]# ls


... ... .... ... ...

Now we should copy the file in /boot directory with different file name. Consider file name is vmlinuz-2.4.8

[root@localhost boot]# cp bzImage /boot/vmlinuz-2.4.8

ð Now, it will copy the module file to "/boot" directory.

Now, we will make a new setting in the GRUB boot loader.

[root@localhost root]# vi /etc/grub.conf

# grub.conf generated by anaconda
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,9)
# kernel /vmlinuz-version ro root=/dev/hda11
# initrd /initrd-version.img
title Red Hat Linux (2.4.20-8)
root (hd0,9)
kernel /vmlinuz-2.4.20-8 ro root=LABEL=/
initrd /initrd-2.4.20-8.img

title Red Hat Linux (2.4.20-8)
root (hd0,9)
kernel /vmlinuz-2.4.8 ro root=LABEL=/
initrd /initrd1

title Windows
rootnoverify (hd0,0)
chainloader +1


Using sudo is for assigning administrator privilege. One way to give full or limited root privileges to any ono-root user is to set up the sudo facility.

As the root user, edit the /etc/sudoers file by running the visudo command,

[root@localhost root]# visudo

ð This is that command will lock the /etc/sudoers file and do some basic sanity checking of the file to ensure it was edited correctly.

Uncomment the following line to allow users in the group named wheel to have full root privileges on the computer.

%wheel ALL=(ALL) ALL

ð The previous line causes the user to be prompted for a password to be allow to use administrative commands. Without using a password, uncomment the following line as,


Save the changes to the /etc/sudoers file (in vi type zz). Now add a user jake in the group wheel. The following is an example of a session by the user jake after he has been assigned sudo privileges.

[root@localhost jake]# sudo umount /mnt/win
We trust you have recived the usal lecture from the local system administrator. It usually boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
Password: ******

ð The user jake runs the sudo command so he can unmount the /mnt/win file system. He is given a warning and asked to provide his password (this is jake's password, not root's password).

[root@localhost jake]# mount /mnt/win
mount: only root can mount /dev/hda1 on /mnt/win

ð Without using sudo, user jake can not mount. So he must use sudo command before mount, such as,

[root@localhost jake]# sudo mount /mnt/win
[root@localhost jake]#

ð Notice that jake was not prompted for a password for the second sudo. That's because after entering his password successfully he can enter as many sudo commands as he wants for the next five minutes without having to enter it again. We can change the timeout value from five minutes to however long we want by setting the passwd_timeout value in the /etc/sudoers file.

However, the /etc/sudoers file gives us an incredible amount of flexibility in permitting individual applications or groups of applications.


Boot Loader

The boot loader security means to set password in the GRUB or LILO and single user mode password etc.

TCP - Wrappers

There are two files in /etc directory, one is "hosts.allow" and another is "hosts.deny". The hosts.allow file is always overloaded by hosts.deny file. The file's text format are given below with examples,

[root@localhost root]# vi /etc/hosts.allow

in.telnet :

vsftpd : .com yahoo.com

sshd : <>

pop3d : <>

portmap: <>

... .... ... ... ... ... ...

... .... ... ... ... ... ...

....... .... ... ... ... …

[root@localhost root]# vi /etc/hosts.deny

in.telnet :

vsftpd : .com yahoo.com

sshd : <>

pop3d : <>

portmap: <>

... .... ... ... ... ... ...

... .... ... ... ... ... ...

....... .... ... ... ... …

SSH - Secure SHeel

Note: See network page and ssh.

Security for telnet and pop3

You can add two lines in the telnet or ipop3 file to give access permission.

[root@localhost root]# vi /etc/xinetd.d/telnet


[root@localhost root]# vi /etc/xinetd.d/ipop3

only_from = <> ... ... ... # Only who can access telnet or pop3.

no_access = <> ... ... ... # Who can 't access telnet or ipop3.


The necessary rpm is,

[root@localhost root]# rpm -ivh tripwire.rpm

Now, enter the as,

[root@localhost root]# sh /etc/tripwire/twinstall.sh

ð It will ask you, two type’s permission.

1. Site keyfile password.

2. Local keyfile password.

It will ask you password for many times.

[root@localhost root]# vi /etc/tripwire/twpol.text

ð It will store all the current information of the system, file structure etc in this file.

[root@localhost root]# tripwire --init

ð It will create a directory called "tripwire". In this directory, there are some files and a directory. The file name is as like domain name and the directory name is "report".

[root@localhost root]# cd /var/lib/tripwire

[root@localhost tripwire]# ls

report sys3.iiht.com.twd

[root@localhost tripwire]# vi sys3.iiht.com.twd

ð showing all the current information of the computer.

[root@localhost tripwire]# cd /etc/tripwire

[root@localhost tripwire]# tripwire -- check > file1

ð It will store all the information, which are changed currently on the computer.

[root@localhost tripwire]# vi file1

ð After checking, you should give the command as below,

[root@localhost tripwire]# twprint -m r <>


There is a file, where we can mention that which terminal can be used by root. The file is called "securetty".

[root@localhost root]# vi /etc/securetty
























ð You can edit this file.

There is another file where root can give login permission to normal user.

[root@localhost root]# vi /etc/security/access.conf

# Login access control table.


# When someone logs in, the table is scanned for the first entry that

# matches the (user, host) combination, or, in case of non-networked

# logins, the first entry that matches the (user, tty) combination. The

# permissions field of that table entry determines whether the login will

# be accepted or refused.


# Format of the login access control table is three fields separated by a

# ":" character:


# [Note, if you supply a 'fieldsep=|' argument to the pam_access.so

# module, you can change the field separation character to be

# '|'. This is useful for configurations where you are trying to use

# pam_access with X applications that provide PAM_TTY values that are

# the display variable like "host:0".]


# permission : users : origins




# The first field should be a "+" (access granted) or "-" (access denied)

# character.


# The second field should be a list of one or more login names, group

# names, or ALL (always matches). A pattern of the form user@host is

# matched when the login name matches the "user" part, and when the

# "host" part matches the local machine name.


# The third field should be a list of one or more tty names (for

# non-networked logins), host names, domain names (begin with "."), host

# addresses, internet network numbers (end with "."), ALL (always

# matches) or LOCAL (matches any string that does not contain a "."

# character).


# If you run NIS you can use @netgroupname in host or user patterns; this

# even works for @usergroup@@hostgroup patterns. Weird.


# The EXCEPT operator makes it possible to write very compact rules.


# The group file is searched only when a name does not match that of the

# logged-in user. Both the user's primary group is matched, as well as

# groups in which users are explicitly listed.




# Disallow console logins to all but a few accounts.


#-:ALL EXCEPT wheel shutdown sync:LOCAL


# Disallow non-local logins to privileged accounts (group wheel).


#-:wheel:ALL EXCEPT LOCAL .win.tue.nl


# Some accounts are not allowed to login from anywhere:


#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL


# All other accounts are allowed to login from anywhere.


There is another file where root can give to login permission for normal user on the basis of time and date.

[root@localhost root]# vi /etc/security/time.conf

# this is an example configuration file for the pam_time module. Its syntax

# was initially based heavily on that of the shadow package (shadow-960129).


# the syntax of the lines is as follows:


# services;ttys;users;times


# white space is ignored and lines maybe extended with '\\n' (escaped

# newlines). As should be clear from reading these comments,

# text following a '#' is ignored to the end of the line.


# the combination of individual users/terminals etc is a logic list

# namely individual tokens that are optionally prefixed with '!' (logical

# not) and separated with '&' (logical and) and '|' (logical or).


# services

# is a logic list of PAM service names that the rule applies to.


# ttys

# is a logic list of terminal names that this rule applies to.


# users

# is a logic list of users to whom this rule applies.


# NB. For these items the simple wildcard '*' may be used only once.


# times

# the format here is a logic list of day/time-range

# entries the days are specified by a sequence of two character

# entries, MoTuSa for example is Monday Tuesday and Saturday. Note

# that repeated days are unset MoMo = no day, and MoWk = all weekdays

# bar Monday. The two character combinations accepted are


# Mo Tu We Th Fr Sa Su Wk Wd Al


# the last two being week-end days and all 7 days of the week

# respectively. As a final example, AlFr means all days except Friday.


# each day/time-range can be prefixed with a '!' to indicate "anything

# but"


# The time-range part is two 24-hour times HHMM separated by a hyphen

# indicating the start and finish time (if the finish time is smaller

# than the start time it is deemed to apply on the following day).


# for a rule to be active, ALL of service+ttys+users must be satisfied

# by the applying process.



# Here is a simple example: running blank on tty* (any ttyXXX device),

# the users 'you' and 'me' are denied service all of the time


#blank;tty* & !ttyp*;you|me;!Al0000-2400

# Another silly example, user 'root' is denied xsh access

# from pseudo terminals at the weekend and on mondays.



# End of example file.


There is another file called "login" in the "/etc/pam.d" directory. In the file, there are three fields.

First Field: Module type

a. auth- In the login time, it checks user's password from "passwd" file.

b. account- It checks user's home directory.

c. session- It checks which command have the using permission for normal user. Example, shutdown, mount, passwd etc.

d. password- It checks password's maximum or minimum validation time for normal users.

Second Field: Control Flag

a required- It will check all the modules and when all the modules are true then login.

b requisite- If first module fails then it will not go to check other modules.

c optional- Any how it will perform his jobs also modules are failed or not.

d sufficient- At list one module should clear.

Third Field: Module path

It shows the modules path.


We have three types of chain.

1 INPUT CHAIN- Receiving



Three are three types of permission for each chain:




[root@localhost root]# iptables --list

ð It will show iptables list.

[root@localhost root]# iptables -A INPUT -p icmp -j REJECT

[root@localhost root]# iptables -A INPUT -p icmp -d -j REJECT -S ADDRESS>

[root@localhost root]# iptables-save

[root@localhost root]# iptables -F