Solved

How do I setup VPN (IPSec Site to Site) on a Cloud Server running RHEL5

Posted on 2010-08-17
56
2,817 Views
Last Modified: 2012-05-10
I have a cloud server (from rackspace cloud service) with linux (RHEL5) and i want to set up a VPN connection to a client using VPN - IPSec Site to Site. The client has setup at their end and has given be the following parameters -  VPN Gateway, Public IP,  Transform set and pre-shared key. I will appreciate a step by step procedure on how to establish a tunnel to the client and also the appropriate VPN client software to use. A quick response will be most appreciated.

Thank you.
0
Comment
Question by:abbeytechos
  • 29
  • 25
  • 2
56 Comments
 
LVL 40

Expert Comment

by:noci
ID: 33460109
User openswan they  do have packages for RHEL.

http://www.openswan.org/download/binaries/
Also configuration etc. has been documented. (Also look for FreeSwan)  for all kinds of interoperability setups.
0
 
LVL 40

Expert Comment

by:noci
ID: 33460111
What is the remote equipment?, it may help in specifying the needed steps.
0
 

Author Comment

by:abbeytechos
ID: 33462900
hi Noci, just got your message, I guess the time difference might have added to this.

I confirmed from the client, they use cisco ios for site to site vpn.

I'm actually very new with administration of linux server and vpn setup. I will appreciate well specified steps to get this done. These detail - VPN Gateway, Public IP,  Transform set and pre-shared key have been given already by the client, only waiting for my connection.

Hope to hear from you soon.

0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 40

Expert Comment

by:noci
ID: 33463254
This has several hints on how to connect to Cisco.

http://wiki.openswan.org/index.php/Interop/InteroperatingCisco

You will need OpenSwan >2.6.24-4 as it fixes some specifics w.r.t. Cisco.
0
 

Author Comment

by:abbeytechos
ID: 33463366
Most of the link in the url given are not found. Is there a site or some articles that you can provide that is very comprehensive to beginner on the setup?
0
 
LVL 40

Expert Comment

by:noci
ID: 33463432
This was the first link original: (ref to Sans)... I had to google for it.. (SANS appearantly reshaped their site).
http://www.sans.org/reading_room/whitepapers/vpns/implementing-site-to-site-ipsec-cisco-router-linux-frees-wan_753

FreeS/Wan was a precursor for openswan. This is a fairly detailed document.
0
 

Author Comment

by:abbeytechos
ID: 33463493
thanks much. I will try it out now and revert back to you on the result. Hopefully it works and I will have much to thank you for.
0
 

Author Comment

by:abbeytechos
ID: 33465311
Tried installing following the procedure as given in the pdf file but i keep getting an error installing the freeswan. Although I'm trying to install the latest release, I however tried the old one given in the documentation but still getting error in the installation. Can you help with a way around this.
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 33465333
Hi ya

I used to use  open vpn for (via ipcop or pfsense, but it will work with redhat ) site to site vpn

ref : http://openmaniak.com/openvpn.php

now i changed it to cisco site to site vpn

but you can use openvpn server to connect to a cisco box and i belived its much more secure and robust .

http://www.smallnetbuilder.com/security/security-howto/30353-how-to-set-up-a-site-to-site-vpn-with-openvpn



0
 
LVL 40

Expert Comment

by:noci
ID: 33465421
PLease, use openswan as software with a version >= 2.6.25.

Freeswan development ceased around 2000, as the software was Complete and functional.
it was granted to the Public as such. Openswan is one of the 2 versions that can out of it.

So use the document from SANS, liberaly replace all occurences of freeswan with openswan.

The config is along the same lines, the Preshared key versions hardly changed. (X.509 support wasn't in FreeSwan f.e.)
Also the newer stuff like IKE with NAT-T support etc. didn't exist when Freeswan was developed.

0
 
LVL 40

Expert Comment

by:noci
ID: 33465485
IPSEC has a preference because it retains ALL the qualities of IP for bare frames.
With OpenVPN IP frames get pushed inside either UDP or TCP frames with a context of UDP / TCP expectancies in stead of IP expectancies.

Also IPSEC is part of the IPv6 standard.
0
 

Author Comment

by:abbeytechos
ID: 33465513
Ok noci, I will try as suggested and revert back soon.
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 33465579
Ok , missed the word ipsec !!! did not realized its ipsec site to site

0
 

Author Comment

by:abbeytechos
ID: 33465899
just tried installing the openswan 2.6.25 version and I got the error below on running the 'make programs' command -

make[3]: bison: Command not found
make[3]: *** [parser.tab.c] Error 127
make[3]: Leaving directory `/usr/src/openswan-2.6.25/OBJ.linux.x86_64/lib/libipsecconf'
make[2]: *** [programs] Error 1
make[2]: Leaving directory `/usr/src/openswan-2.6.25/OBJ.linux.x86_64/lib'
make[1]: *** [programs] Error 1
make[1]: Leaving directory `/usr/src/openswan-2.6.25/OBJ.linux.x86_64'
make: *** [programs] Error 2

I'm not sure if these are error to ignore. is there something probably i'm missing out?

0
 
LVL 40

Expert Comment

by:noci
ID: 33466103
Ok if you are builing from source then you will need development tools.

bison is a package to generate parsers (chop up files in comprehensible chunks like keywords & values.)

Please install bison from the RH kit, that should fix that.
0
 

Author Comment

by:abbeytechos
ID: 33474037
hi noci, while following the SAN implementation document, below is the error gotten when the command 'make menuconfig' was used on the linux kernel folder.

[root@gatewaydb1 linux]# make menuconfig
  HOSTCC  scripts/basic/fixdep
In file included from /usr/include/sys/socket.h:35,
                 from /usr/include/netinet/in.h:24,
                 from /usr/include/arpa/inet.h:23,
                 from scripts/basic/fixdep.c:116:
/usr/include/bits/socket.h:310:24: error: asm/socket.h: No such file or directory
make[1]: *** [scripts/basic/fixdep] Error 1
make: *** [scripts_basic] Error 2


I will appreciate any suggestion on way around the error.
0
 
LVL 40

Expert Comment

by:noci
ID: 33474302
Did you install the kernel source, and kernel headers which agree with each other?.
(Internal header files do change a lot unnotified. and sometimes external programs do suffer from this if old kernelheaders are used with current kernels... :-( )

If you use the PF_KEY implementation then i don't think you need to generate a new kernel. (unless NAT-T is involved and the kernel is a bit old).
0
 

Author Comment

by:abbeytechos
ID: 33474338
ooops, now you've lost me. I am quite a newbie in linux administration, and a lot of what you put seems above me. I'm sue you can give a more break down on resolving this in a simpler way for me.
0
 
LVL 40

Expert Comment

by:noci
ID: 33476295
There are two IPSEC implementation.
1) FreeSwan/OpenSwan native driver (this is a cleaner implementation, as a tunnel gets a separated device)
2) PF_KEY the kernel native IPSEC stack, built in to be used with kame an ISAKMP toolkit from freebsd for tunneling.

The pluto (proces that manages the ISAKMP exchanges) program can be built to use either of them.
In Essence you only need the usermode stuff if built for PF_KEY.
0
 

Author Comment

by:abbeytechos
ID: 33476525
Though still trying to understand fully the whole concept behind IPSEC. The SAM documentation I have being following suggest I install kernel, should I by-pass this particular step. Looking at the openswan site the installation process is a bit different from that of the SAM doc. Should I continue installation process using the openswan site?
0
 

Author Comment

by:abbeytechos
ID: 33483263
hello noci, haven't heard from you. Though i'm going ahead to try both installation guide, i'll still appreciate your expert advice till i see the end of this. hope im not much of a bug? hope to receive your response soon.
0
 
LVL 40

Expert Comment

by:noci
ID: 33483409
I do have some work to do, with a customer... ;-)
I will irregularly monitor this thread today, tomorrow I am doing some lifeguard work 9:00- 24:00 localtime, on sunday I have to do some system maintenance work with another customer.

As a general rule you should install software according to the doc. with the software. or using the site providing the source.
In this case openswan. (The SANS doc is years old and does describe somewhat different software with definitely an olde kernel, of which 2 a year are issued nowadays... sometimes with Radical changes done to it).

The SANS doc. describes the whole process, (maybe I should have told this before ;-/ ) the software building part should be considered obsolete by now.   But the Cisco configuration options of pluto are the most valuable in there.
0
 

Author Comment

by:abbeytechos
ID: 33483623
Still ok. I will make some attempt towards making this work and revert back, say in the next 3 hours. Thanks much.
0
 

Author Comment

by:abbeytechos
ID: 33508894
Hi noci, being a while. I have tried severally to establish the VPN connection but still no joy. If you can PLEASE spare some time for quick conversation via instant messenger or skype I will really appreciate it. I have a serious dead line to resolve this today.
0
 
LVL 40

Expert Comment

by:noci
ID: 33509340
Can you show the error messages here?
(I have no Skype, and only run an inhouse IM).


0
 

Author Comment

by:abbeytechos
ID: 33509477
here below on the error on trying to start ipsec after installation using 'service ipsec start'


/usr/local/libexec/ipsec/addconn: error while loading shared libraries: libgmp.so.10: cannot open shared object file: No such file or directory
ipsec_setup: Starting Openswan IPsec 2.6.25...
ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey
ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with NETKEY
ipsec_setup: /usr/local/libexec/ipsec/addconn: error while loading shared libraries: libgmp.so.10: cannot open shared object file: No such file or directory

==========================================================
Also on using 'ipsec verify', below is what was gotten -


Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.25/K2.6.18-164.15.1.el5xen (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
  /usr/local/libexec/ipsec/showhostkey: error while loading shared libraries: libgmp.so.10: cannot open shared object file: No                                such file or directory
Checking that pluto is running                                  [FAILED]
  whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Two or more interfaces found, checking IP forwarding            [FAILED]
  whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]


I can give an access to my server to verify yourself, if you so need to.

0
 
LVL 40

Expert Comment

by:noci
ID: 33509705
you are missing the gmp packet on your target system (hence the message libgmp)

in your ipsec.conf file add to the global section:
protostack=netkey

That prevents the KLIPS message. (klips is the private stack, slightly better IMHO, but that can be done later if needef).

create a small script named /etc/init.d/disable_redirect
---8<---
#!/bin/sh
#
# Startup script to disable redirects. (no restore etc.).
#
# chkconfig: 2345 01 99
# description: disables redirects
# start early, stop late.

for i in /proc/sys/net/ipv4/conf/*/send_redirects
do
   echo "0"  > $i
done
for i in /proc/sys/net/ipv4/conf/*/accept_redirects
do
   echo "0"  > $i
done
---8<---
This need to be run at boot time...
After putting it in the right directory run:
chmod 755 /etc/init.d/disable_redirect
chkconfig --add disable_redirect


After you have installed the gmp rpm and activated the script mentioned before
(and also run it manualy one time with:   /etc/init.d/disable_redirect)

please try to start the ipsec stuff again and report what you find. (if you have a problem installing the library show the errors please).
0
 

Author Comment

by:abbeytechos
ID: 33509977
hi, I have installed gmp - using 'yum install gmp'. On starting the ipsec, below is what is gotten -


[root@gatewaydb1 source]# service ipsec start
/usr/local/libexec/ipsec/addconn: error while loading shared libraries: libgmp.so.10: cannot open shared object file: No such file or directory
ipsec_setup: Starting Openswan IPsec 2.6.25...
ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey
ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with NETKEY
ipsec_setup: /usr/local/libexec/ipsec/addconn: error while loading shared libraries: libgmp.so.10: cannot open shared object file: No such file or directory


============================

On running - 'ipsec verify', find below what is gotten -

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.25/K2.6.18-164.15.1.el5xen (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
  /usr/local/libexec/ipsec/showhostkey: error while loading shared libraries: libgmp.so.10: cannot open shared object file: No such file or directory
Checking that pluto is running                                  [FAILED]
  whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Two or more interfaces found, checking IP forwarding            [FAILED]
  whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]



the Gmp was well installed, but wondering why it's still giving the error.
0
 
LVL 40

Expert Comment

by:noci
ID: 33510182
You still forgot to add a line to /etc/ipsec.conf
(for netkey).
under the config setup (main section) heading like:

config setup
     protostack=netkey

the path may be wrong, or a different version...
what does rpm -ql gmp show?


it expects library .10 but which is the one that is installed...
0
 

Author Comment

by:abbeytechos
ID: 33510252
Yea....I did. It was a commented line and all i did is to uncomment.

Below what rpm -gl gmp shows -

RPM version 4.4.2.3
Copyright (C) 1998-2002 - Red Hat, Inc.



0
 
LVL 40

Expert Comment

by:noci
ID: 33510366
not -gl  dash-gee-el but  -ql   dash-que-el  (for query of content of an rpm).
0
 

Author Comment

by:abbeytechos
ID: 33510419
My bad, see below what showed -


/usr/lib64/libgmp.so.3
/usr/lib64/libgmp.so.3.3.3
/usr/lib64/libgmpxx.so.3
/usr/lib64/libgmpxx.so.3.0.5
/usr/lib64/libmp.so.3
/usr/lib64/libmp.so.3.1.7
/usr/share/doc/gmp-4.1.4
/usr/share/doc/gmp-4.1.4/COPYING
/usr/share/doc/gmp-4.1.4/COPYING.LIB
/usr/share/doc/gmp-4.1.4/NEWS
/usr/share/doc/gmp-4.1.4/README
/usr/lib/libgmp.so.3
/usr/lib/libgmp.so.3.3.3
/usr/lib/libgmpxx.so.3
/usr/lib/libgmpxx.so.3.0.5
/usr/lib/libmp.so.3
/usr/lib/libmp.so.3.1.7
/usr/lib/sse2/libgmp.so.3
/usr/lib/sse2/libgmp.so.3.3.3
/usr/lib/sse2/libgmpxx.so.3
/usr/lib/sse2/libgmpxx.so.3.0.5
/usr/lib/sse2/libmp.so.3
/usr/lib/sse2/libmp.so.3.1.7
/usr/share/doc/gmp-4.1.4
/usr/share/doc/gmp-4.1.4/COPYING
/usr/share/doc/gmp-4.1.4/COPYING.LIB
/usr/share/doc/gmp-4.1.4/NEWS
/usr/share/doc/gmp-4.1.4/README

0
 
LVL 40

Expert Comment

by:noci
ID: 33510527
/usr/lib/libgmp.so.3  is quite a different version from libgmp.so.10....
are you able to build it in an environment more like the Target machine?

It might work if you put the libgmp.so.3 in a special directory  (say : /tmp/special-gmp/) on you target machine and then add a -L/tmp/special-gmp/ as the first of the linking options in the make file.
0
 
LVL 40

Expert Comment

by:noci
ID: 33510611
In stead of 'on your target machine' i meant to type ' on your build machine'
If you need a build environment but don't want to use an RHEL license. CENTOS might be a better choice then Fedora...
0
 

Author Comment

by:abbeytechos
ID: 33510812
i'm wanting to try out putting libgmp.so.3 in another folder and linking it but where is the make file  where I am to add the linking oprions. (pls, bear with the slowness)
0
 
LVL 40

Expert Comment

by:noci
ID: 33510962
No problem... Now it is 15:52, @ 18:00 I take dinner, @19:30 I have an appointment. until about 21:30.. I do have other work todo tonight but can keep an eye on mail.

The make file should be in the folder of pluto source (and possibly other tools) too., it is named Makefile.
mostly there is something called LDFLAGS or like wise of maybe even a LIBS symbol.


I do have a centos 5 lying around, but it is 32bit, so i cannot compile one for you but I will get a version of the source with me.
0
 
LVL 40

Expert Comment

by:noci
ID: 33511091
Like this in :openswan-2.6.25/programs/pluto
....

ALLFLAGS = $(CPPFLAGS) $(CFLAGS) ${CROSSFLAGS}

ifneq ($(LD_LIBRARY_PATH),)
LDFLAGS+=-L$(LD_LIBRARY_PATH)
endif

LIBSADNS = $(OPENSWANLIB)
LIBSADNS += -lresolv # -lefence
...

Here it should inserted like:
...
ALLFLAGS = $(CPPFLAGS) $(CFLAGS) ${CROSSFLAGS}
LDFLAGS+=-L/tmp/special-gmp
ifneq ($(LD_LIBRARY_PATH),)
LDFLAGS+=-L$(LD_LIBRARY_PATH)
endif

LIBSADNS = $(OPENSWANLIB)
LIBSADNS += -lresolv # -lefence
...
0
 

Author Comment

by:abbeytechos
ID: 33511286
Followed your steps but still getting the same error -


[root@gatewaydb1 lib]# service ipsec start
/usr/local/libexec/ipsec/addconn: error while loading shared libraries: libgmp.s                                                    o.10: cannot open shared object file: No such file or directory
ipsec_setup: Starting Openswan IPsec 2.6.25...
ipsec_setup: No KLIPS support found while requested, desperately falling back to                                                     netkey
ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to a                                                    void attempts to use KLIPS. Attempting to continue with NETKEY
ipsec_setup: /usr/local/libexec/ipsec/addconn: error while loading shared librar                                                    ies: libgmp.so.10: cannot open shared object file: No such file or directory
0
 
LVL 40

Expert Comment

by:noci
ID: 33512128
Is it possible to compile your programs on your RHEL box?
You can temporary install the compiler/bison/flex/*-devel rpm's etc. and later remove them again...
0
 
LVL 40

Expert Comment

by:noci
ID: 33539999
I havn't received any mail any more, that's correct?
0
 

Author Comment

by:abbeytechos
ID: 33540100
hello noci, glad to hear from you. I have been making several attempts to make this thing work by following in detail all the steps you have given so far, but still no joy. Spent the whole of yesterday working on it, trying to resolve from all angle. At this point, I will need your wizardry in setting up for me, I can give you an access to the server to help with it. You can then give me the steps that I can use consequently when you are done. PLEASE, this will be much appreciated, I have gotten enough tongue lashing from my boss and the next thing might be my job. Hope to hear from you soon.
0
 
LVL 40

Expert Comment

by:noci
ID: 33541971
see my profile for mail address.
0
 

Author Comment

by:abbeytechos
ID: 33542099
Hello noci, I tried sending to mail addy given on your profile. Please, can you confirm you got it?

0
 

Author Comment

by:abbeytechos
ID: 33542809
hello Noci, are you still available, haven't heard from you.
0
 
LVL 40

Expert Comment

by:noci
ID: 33543069
I havn't seen the mail yet, but mail needs to travel through greylisting and spam scanning...

It might help if you resend it about now ('n hour later, just in case the retry is not done around one hour...)
0
 
LVL 40

Expert Comment

by:noci
ID: 33543525
The mail has arrived. & I answered.
0
 

Author Comment

by:abbeytechos
ID: 33543659
i saw your response, and I have long responded to it. I think it's a bit slow getting the mails across to your box.

0
 
LVL 40

Expert Comment

by:noci
ID: 33546975
To Summarize:
A private version of gmp had been installed instead of the gmp-devel kit from RHEL.
After removing the (far too modern for RHEL)  gmp version openswan did compile & install & run.

After correcting the connection parameters the tunnel also started and came to life.
the original information was 80% correct but not exactly right.

HIH.
Kind Regards.
0
 
LVL 40

Expert Comment

by:noci
ID: 33569212
Abbytechos, how did the tests work out?
0
 

Author Comment

by:abbeytechos
ID: 33569289
Hello Noci, it going fine. Was able to set up another connection on my own on another server. I'm trying to monitor things before reverting back to you, I noticed that the VPN connection breaks after sometimes. I'm wondering why, do you have any suggestion to fixing that?
0
 
LVL 40

Expert Comment

by:noci
ID: 33576052
Disconnection might occur when the key isn't renegotiated in time.

please lookup if rekey ing is enabled (if both sides don't rekey, then a new packet will start rekeying, but may get lost)
you can start rekeying earlier (rekeymargin) and rekeyfuzz is to randomize between 0 & rekey margin.

rekeyfuzz =0% (no randomisation)
rekeymargin = (a few minutes).
rekey = yes

http://www.freeswan.org/freeswan_trees/CURRENT-TREE/doc/manpage.d/ipsec.conf.5.html

This might help.
0
 
LVL 40

Expert Comment

by:noci
ID: 33576212
Bet value for rekey fuzz is the default (100%) not the mentioned 0% i meant to type both values but got interrupted.
0
 

Author Comment

by:abbeytechos
ID: 33579054
Hi Noci, tried it, tried a number of values, but below the values recently tried and the connection is still breaking -

       rekeyfuzz=100%
       rekeymargin=5s
       rekey=yes

Regards,


0
 
LVL 40

Expert Comment

by:noci
ID: 33582200
What is in the log file? (pluto logs to security /var/log/security)
so please be carefull about what you publish
0
 

Author Comment

by:abbeytechos
ID: 33584797
Hello noci, I have sent into your mail, the recent log from the secure file. You can check up your mail.
0
 
LVL 40

Accepted Solution

by:
noci earned 500 total points
ID: 33625945
Summary from mailexchange:

According to the pluto logging, continuation of a link failed.
Just the initial negotiation is accepted, when initiated from Openswan.
From this it was advised to check the remote (cisco) logs for any issues.

After examining the logs from Cisco by your link partner you were advised to modify the pfs setting.
which worked.
In my past experience disagreement in pfs failed to start the connection anyway, either way also the first time
so this is a new one for me too.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Trouble with VPN DENY rules on sonicwall 1 34
SonarQube on Linux vs Windows 3 28
ignore other .htaccess 2 45
SQL Server Connection String through a VPN 8 26
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question