did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780130084668

Linux Administration Handbook

by ; ;
  • ISBN13:

    9780130084668

  • ISBN10:

    0130084662

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2002-01-01
  • Publisher: Prentice Hall PTR
  • View Upgraded Edition
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $54.99

Summary

This is the first Linux administration guide specifically focused on preparing students to administer large-scale enterprise systems. Written by the well-respected authors of Unix System Administration Handbook, Third Edition- the classic book that has taught Unix system administration to generations of students-Linux System Administration Handbook covers every key aspect of running systems utilizing today's leading Linux distributions for university and enterprise environments: RedHat, Debian, and SuSe.

Table of Contents

Foreword xxvii
Preface xxviii
Acknowledgments xxxi
BASIC ADMINISTRATION
Where to Start
1(17)
Suggested background
2(1)
Linux's relationship to UNIX
2(1)
Linux and UNIX history
3(1)
Linux distributions
4(2)
So what's the best distribution?
5(1)
Distribution-specific administration tools
6(1)
Notation and typographical conventions
6(1)
System-specific information
7(1)
Where to go for information
7(4)
Organization of the man pages
9(1)
man: read manual pages
10(1)
Other sources of Linux information
10(1)
How to find and install software
11(2)
Essential tasks of the system administrator
13(2)
Adding and removing users
13(1)
Adding and removing hardware
13(1)
Performing backups
13(1)
Installing new software
13(1)
Monitoring the system
14(1)
Troubleshooting
14(1)
Maintaining local documentation
14(1)
Auditing security
14(1)
Helping users
14(1)
System administration under duress
15(1)
System Administration Personality Syndrome
15(1)
Recommended reading
16(1)
Exercises
17(1)
Booting and Shutting Down
18(21)
Bootstrapping
18(4)
Automatic and manual booting
19(1)
Steps in the boot Process
19(1)
Kernal initialization
20(1)
Hardware configuration
20(1)
System processes
20(1)
Operator intervention (manual boot only)
21(1)
Execution of startup scripts
21(1)
Multiuser operation
21(1)
Booting PCs
22(1)
How a PC is different from proprietary hardware
22(1)
The PC boot Process
22(1)
Boot loaders: LILO and GRUB
23(4)
LILO: the traditional Linux boot loader
23(1)
GRUB: the GRand Unified Boot loader
24(1)
Multibooting on PCs
25(1)
Multibooting gotchas
26(1)
LILO multiboot configuration
27(1)
Booting single-user mode
27(1)
Startup scripts
28(7)
init and run levels
29(2)
Red Hat startup scripts
31(2)
SuSE startup scripts
33(2)
Debian startup scripts
35(1)
Rebooting and shutting down
35(3)
Turning off the power
36(1)
shutdown: the genteel way to halt the system
36(1)
halt: a simpler way to shut down
37(1)
reboot: quick and dirty restart
37(1)
telinit: change init's run level
37(1)
Poweroff: ask Linux to turn off the power
37(1)
Exercises
38(1)
Rootly Powers
39(9)
Ownership of files and processes
39(2)
The superuser
41(1)
Choosing a root password
41(1)
Becoming root
42(4)
su: substitute user identity
43(1)
sudo: a limited su
43(3)
Other pseudo-users
46(1)
bin: legacy owner of system commands
46(1)
daemon: owner of unprivilaged system software
46(1)
nobody: the generic NFS user
46(1)
Exercises
47(1)
Controlling Processes
48(15)
Components of a process
48(2)
PID: process ID number
49(1)
PPID: parent PID
49(1)
UID and EGID: real and effective user ID
49(1)
GID and EGID: real and effective group ID
50(1)
Niceness
50(1)
Control terminal
50(1)
The life cycle of a process
50(1)
Signals
51(3)
kill and killall: send signals
54(1)
Process states
55(1)
nice and renice: influence scheduling priority
55(1)
ps: monitor processes
56(2)
top: monitor processes even better
58(1)
Runaway processes
59(2)
Exercises
61(2)
The Filesystem
63(18)
Pathnames
64(1)
Mounting and unmounting filesystems
65(2)
The organization of the file tree
67(2)
File types
69(4)
Regular files
70(1)
Directories
70(1)
Character and block device files
71(1)
Local domain sockets
72(1)
Named pipes
72(1)
Symbolic links
72(1)
File attributes
73(7)
The setuid and setgid bits
73(1)
The sticky bit
73(1)
The permission bits
73(1)
Viewing file attributes
74(2)
chmod: change permissions
76(1)
chown: change ownership and group
77(1)
umask: assign default permissions
78(1)
Bonus flags
78(2)
Exercises
80(1)
Adding New Users
81(17)
The /etc/passwd file
81(6)
Login name
82(1)
Encrypted password
83(2)
UID number
85(1)
Default GID number
85(1)
GECOS field
86(1)
Home directory
86(1)
Login shell
86(1)
The /etc/shadow file
87(1)
The /etc/group file
88(2)
Adding users
90(4)
Editing the passwd and shadow files
90(1)
Setting an initial password
91(1)
Creating the user's home directory
91(1)
Copying in the default startup files
91(2)
Setting the user's mail home
93(1)
Editing the /etc/group file
93(1)
Setting disk quotas
93(1)
Verifying the new login
93(1)
Recording the user's status and contact information
94(1)
Removing users
94(1)
Disabling logins
95(1)
Account management utilities
95(2)
Exercises
97(1)
Serial Devices
98(26)
Serial standards
98(4)
Alternative connectors
102(5)
The mini DIN-8 variant
102(1)
The DB-9 variant
103(1)
The RJ-45 variant
104(1)
The Yost standard for RJ-45 wiring
104(3)
Hard and soft carrier
107(1)
Hardware flow control
107(1)
Cable length
108(1)
Serial device files
108(1)
setserial: tell the driver about serial port parameters
109(1)
Software configuration for serial devices
110(1)
Configuration of hardwired terminals
110(4)
The login process
110(1)
The /etc/inittab file
111(2)
Terminal support: the termcap and terminfo databases
113(1)
Special characters and the terminal driver
114(1)
stty: set terminal options
115(1)
tset: set options automatically
116(1)
How to unwedge a terminal
117(1)
Modems
117(3)
Modulation, error correction, and data compression protocols
118(1)
minicom: dial out
119(1)
Bidirectional modems
119(1)
Debugging a serial line
120(1)
Other common I/O ports
120(3)
Parallel ports
121(1)
USB: the Universal Serial Bus
121(2)
Exercises
123(1)
Adding a Disk
124(28)
Disk interfaces
124(8)
The SCSI interface
125(5)
The IDE interface
130(1)
Which is better, SCSI or IDE?
131(1)
Disk geometry
132(2)
An Overview of the disk installation procedure
134(5)
Connecting the disk
134(1)
Formatting the disk
135(1)
Labeling and partitioning the disk
135(2)
Establishing logical volumes
137(1)
Linux filesystems
138(1)
The ext2 and ext3 filesystems
139(4)
Setting up ext3fs extensions
140(1)
Setting up automatic mounting
141(2)
Enabling swapping
143(1)
fsck: check and repair filesystems
143(2)
Adding a disk to Linux: a step-by-step guide
145(5)
Exercises
150(2)
Periodic Processes
152(7)
cron: schedule commands
152(1)
The format of crontab files
153(2)
Crontab management
155(1)
Some common uses for cron
156(2)
Cleaning the filesystem
156(1)
Network distribution of configuration files
157(1)
Rotating log files
157(1)
Exercises
158(1)
Backups
159(40)
Motherhood and apple pie
160(4)
Perform all dumps from one machine
160(1)
Label your tapes
160(1)
Pick a reasonable backup interval
160(1)
Choose filesystems carefully
161(1)
Make daily dumps fit on one tape
161(1)
Make filesystems smaller than your dump device
161(1)
Keep tapes off-site
162(1)
Protect your backups
162(1)
Limit activity during dumps
162(1)
Check your tapes
162(1)
Develop a tape life cycle
163(1)
Design your data for backups
164(1)
Prepare for the worst
164(1)
Backup devices and media
164(6)
Floppy disks
165(1)
Super floppies
165(1)
CD-R and CD-RW
166(1)
Removable hard disks
166(1)
8mm cartridge tapes
166(1)
DAT (4mm) cartridge tapes
167(1)
Travan tapes
167(1)
DLT
167(1)
AIT
167(1)
Mammoth
168(1)
Jukeboxes, stackers, and tape libraries
168(1)
Hard disks
169(1)
Summary of media types
169(1)
What to buy
170(1)
Setting up an incremental backup regime with dump
170(4)
Dumping filesystems
170(3)
Dump sequences
173(1)
Restoring from dumps with restore
174(4)
Restoring individual files
174(2)
Restoring entire filesystems
176(2)
Dumping and restoring for upgrades
178(1)
Using other archiving programs
178(2)
tar: package files
178(1)
cpio: archiving utility from ancient times
179(1)
dd: twiddle bits
179(1)
volcopy: duplicate filesystems
180(1)
Using multiple files on a single tape
180(1)
Robot at your service?
181(1)
Amanda
181(14)
The architecture of Amanda
181(1)
Amanda setup
182(1)
The amanda.conf file
183(5)
The disklist file
188(2)
Amanda log files
190(1)
Amanda debugging
190(3)
File restoration from an Amanda backup
193(2)
Alternatives to Amanda: other open source backup packages
195(1)
Commercial backup products
195(2)
ADSM/TSM
196(1)
Veritas
196(1)
Legato
196(1)
Other alternatives
197(1)
Recommended reading
197(1)
Exercises
197(2)
Syslog And Log Files
199(20)
Logging policies
199(3)
Throwing away log files
199(1)
Rotating log files
200(1)
Archiving log files
201(1)
Linux log files
202(3)
Special log files
203(1)
Kernel and boot-time logging
204(1)
logrotate: manage log files
205(1)
Syslog: the system event logger
206(10)
Configuring syslogd
207(3)
Config file examples
210(2)
Sample syslog output
212(1)
Designing a logging scheme for your site
213(1)
Software that uses syslog
214(1)
Debugging syslog
214(1)
Using syslog from programs
215(1)
Condensing log files to useful information
216(2)
Exercises
218(1)
Drivers And The Kernel
219(18)
Kernel adaptation
220(1)
Why configure the kernel?
220(1)
Configuration methods
221(1)
Tuning a Linux Kernel
221(1)
Adding device drivers
222(2)
Device numbers
223(1)
Adding a Linux device driver
224(2)
Device files
226(1)
Naming convention for devices
227(1)
Loadable Kernel modules
227(2)
Building a Linux Kernel
229(3)
Building the Linux Kernel binary
231(1)
Don't fix it if it ain't broken
232(1)
Recommended reading
232(1)
Exercises
233(4)
NETWORKING
TCP/IP Networking
237(68)
TCP/IP and the Internet
238(3)
A brief history lesson
238(1)
How the Internet is managed today
239(1)
Network standards and documentation
240(1)
Networking road map
241(1)
Packets and encapsulation
242(5)
The link layer
243(2)
Packet addressing
245(2)
Ports
247(1)
Address types
247(1)
IP addresses: the gory details
247(13)
IP address classes
248(1)
Subnetting and netmasks
248(3)
The IP address crisis
251(1)
CIDR: Classless Inter-Domain Routing
252(2)
Address allocation
254(1)
Private addresses and NAT
255(2)
IPv6 addressing
257(3)
Routing
260(2)
Routing tables
260(1)
ICMP redirects
261(1)
ARP: The address resolution protocol
262(2)
Adding a machine to a network
264(10)
Assigning hostnames and IP addresses
265(1)
ifconfig: configure network interfaces
266(3)
mii-tool: configure autonegotiation and other media-specific options
269(1)
route: configure static routes
270(2)
Default routes
272(1)
Configuring DNS
272(1)
The Linux networking stack
273(1)
Distribution-specific network configuration
274(4)
Network configuration for Red Hat
274(2)
Network configuration for SuSE
276(1)
Network configuration for Debian
277(1)
Network configuration with a GUI
278(1)
DHCP: the Dynamic Host Configuration Protocol
278(6)
DHCP software
279(1)
How DHCP works
280(1)
ISC's DHCP server
280(2)
DHCP configuration for Red Hat
282(1)
DHCP configuration for SuSE
283(1)
DHCP configuration for Debian
283(1)
Linux dynamic reconfiguration and tuning
284(2)
Security issues
286(3)
IP forwarding
286(1)
ICMP redirects
286(1)
Source routing
286(1)
Broadcast pings and other forms of directed broadcast
286(1)
IP spoofing
287(1)
Host-based firewalls
288(1)
Virtual private networks
288(1)
Security-related kernel variables
288(1)
Linux NAT (IP masquerading)
289(1)
PPP: the Point-to-Point Protocol
290(11)
Addressing PPP Performance issues
291(1)
Connecting to a network with PPP
291(1)
Making your host speak PPP
292(1)
Controlling PPP links
292(1)
Finding a host to talk to
292(1)
Assigning an address
292(1)
Routing
293(1)
Ensuring security
293(1)
Using terminal servers
293(1)
Using chat scripts
293(1)
Linux PPP configuration
294(7)
Linux networking quirks
301(1)
Recommended reading
302(2)
Exercises
304(1)
Routing
305(30)
Packet forwarding: a closer look
306(2)
Routing daemons and routing protocols
308(3)
Distance-vector protocols
309(1)
Link-state protocols
309(1)
Cost metrics
310(1)
Interior and exterior protocols
311(1)
Protocols on parade
311(3)
RIP: Routing Information Protocol
312(1)
RIP-2: Routing Information Protocol, version 2
312(1)
OSPF: Open Shortest Path First
313(1)
IGRP and EIGRP: Interior Gateway Routing Protocol
313(1)
IS-IS: the ISO ``standard''
313(1)
MOSPF, DVMRP, and PIM: multicast routing protocols
314(1)
Router Discovery Protocol
314(1)
routed: RIP yourself a new hole
314(1)
gated: a better routing daemon
315(14)
gated startup and control
315(1)
Tracing
316(1)
The gated configuration file
316(1)
Option configuration statements
317(1)
Network interface definitions
318(2)
Other miscellaneous definitions
320(1)
Protocol configuration for RIP
321(1)
Some preliminary background on OSPF
322(2)
Protocol configuration for OSPF
324(1)
Protocol configuration for ICMP redirects
325(1)
Static routes
325(1)
Exported routes
326(1)
A complete gated configuration example
327(2)
Routing strategy selection criteria
329(1)
Cisco routers
330(2)
Recommended reading
332(2)
Exercises
334(1)
Network Hardware
335(22)
LAN, WAN, or MAN?
335(1)
Ethernet: the common LAN
336(8)
How Ethernet works
336(1)
Ethernet topology
337(1)
Unshielded twisted pair
338(2)
Connecting and expanding Ethernets
340(4)
Wireless: the nomad's LAN
344(1)
FDDI: the disappointing and expensive LAN
345(1)
ATM: the promised (but sorely defeated) LAN
346(1)
Frame relay: the sacrificial WAN
347(1)
ISDN: the indigenous WAN
347(1)
DSL and cable modems: the people's WAN
348(1)
Where is the network going?
349(1)
Network testing and debugging
349(1)
Building wiring
350(1)
UTP cabling options
350(1)
Connections to offices
351(1)
Wiring standards
351(1)
Network design issues
351(3)
Network architecture vs. building architecture
352(1)
Existing networks
353(1)
Expansion
353(1)
Congestion
353(1)
Maintenance and documentation
353(1)
Management issues
354(1)
Recommended vendors
355(1)
Cables and connectors
355(1)
Test equipment
355(1)
Routers/switches
356(1)
Recommended reading
356(1)
Exercises
356(1)
The Domain Name System
357(111)
DNS for the impatient: adding a new machine
357(2)
The history of DNS
359(1)
Who needs DNS?
360(1)
What's new in DNS
361(1)
The DNS namespace
362(6)
Masters of their domains
365(1)
Selecting a domain name
366(1)
Domain bloat
367(1)
Registering a second-level domain name
367(1)
Creating your own subdomains
367(1)
The BIND software
368(5)
Versions of BIND
368(1)
Finding out what version you have
369(1)
Components of BIND
370(1)
named: the BIND name server
370(1)
Authoritative and caching-only servers
371(1)
Recursive and nonrecursive servers
372(1)
The resolver library
373(1)
Shell interfaces to DNS
373(1)
How DNS works
373(3)
Delegation
373(2)
Caching and efficiency
375(1)
The extended DNS protocol
376(1)
BIND client issues
376(4)
Resolver configuration
377(2)
Resolver testing
379(1)
Impact on the rest of the system
380(1)
BIND server configuration
380(18)
Hardware requirements
380(1)
named startup
381(1)
Configuration files
381(2)
The include statement
383(1)
The options statement
383(6)
The acl statement
389(1)
The server statement
389(1)
The logging statement
390(1)
The zone statement
391(3)
The key statement
394(1)
The trusted-keys statement
394(1)
The controls statement
395(2)
Split DNS and the BIND 9 view statement
397(1)
BIND configuration examples
398(10)
A home Linux box
398(2)
A small security company
400(3)
A university department
403(5)
The DNS database
408(23)
Resource records
408(3)
The SOA record
411(2)
NS records
413(1)
A records
414(1)
PTR records
414(1)
MX records
415(2)
CNAME records
417(1)
The CNAME hack
418(2)
LOC records
420(1)
SRV records
421(1)
TXT records
422(1)
IPv6 resource records
422(1)
IPv6 address records
423(1)
IPv6 reverse records
424(3)
Commands in zone files
427(2)
The localhost zone
429(1)
Glue records: links between zones
429(2)
Updating zone files
431(4)
Zone transfers
432(1)
Dynamic updates
433(2)
Security issues
435(12)
Access control lists revisited
436(1)
Confining named
437(1)
Secure server-to-server communication with TSIG and TKEY
438(2)
DNSSEC
440(6)
Microsoft bad, Linux good
446(1)
Testing and debugging
447(13)
Logging
448(4)
Debug levels
452(1)
Debugging with ndc
453(1)
Statistics for BIND 8
454(1)
Statistics for BIND 9
455(1)
Debugging with nslookup, dig, and host
456(2)
Lame delegations
458(2)
Loose ends
460(2)
The hints file
460(1)
Localhost configuration
461(1)
Host management tools
461(1)
DNS for systems not on the Internet
462(1)
Distribution specifics
462(2)
Versions
462(1)
BIND files
462(1)
The name server switch file
463(1)
Configuration files
463(1)
Recommended reading
464(2)
Mailing lists and newsgroups
464(1)
Books and other documentation
464(1)
On-line resources
464(1)
The RFCs
465(1)
Exercises
466(2)
The Network File System
468(19)
General information about NFS
468(4)
NFS protocol versions
468(1)
Choice of transport
469(1)
File locking
469(1)
Disk quotas
470(1)
Cookies and stateless mounting
470(1)
Naming conventions for shared filesystems
470(1)
Security and NFS
471(1)
Root access and the nobody account
471(1)
Server-side NFS
472(3)
The exports file
473(1)
nfsd: serve files
474(1)
Client-side NFS
475(3)
Mounting remote filesystems at boot time
477(1)
Secure port restrictions
478(1)
nfsstat: dump NFS statistics
478(1)
Dedicated NFS file servers
479(1)
Automatic mounting
479(1)
automount
480(3)
The master file
481(1)
Map files
482(1)
Executable maps
482(1)
amd: a more sophisticated automounter
483(2)
amd maps
483(2)
Starting amd
485(1)
Stopping amd
485(1)
Recommended reading
485(1)
Exercises
486(1)
Sharing System Files
487(24)
What to share
488(1)
nscd: cache the results of lookups
489(1)
Copying files around
489(7)
rdist: push files
490(3)
rsync: transfer files more securely
493(2)
Pulling files
495(1)
NIS: the Network Information Service
496(8)
Netgroups
497(1)
Prioritizing sources of administrative information
498(1)
Advantages and disadvantages of NIS
499(1)
How NIS works
500(2)
Setting up an NIS domain
502(2)
NIS+: son of NIS
504(1)
LDAP: the Lightweight Directory Access Protocol
505(5)
LDAP documentation and specifications
506(1)
Hands-on LDAP
507(1)
Configuring an OpenLDAP server
507(1)
Populating your server
508(1)
Setting up an LDAP client
509(1)
LDAP and security
509(1)
Exercises
510(1)
Electronic Mail
511(116)
Mail systems
513(4)
User agents
513(2)
Transport agents
515(1)
Delivery agents
516(1)
Message stores
516(1)
Access agents
516(1)
Mail submission agents
517(1)
The anatomy of a mail message
517(6)
Mail addressing
518(1)
Reading mail headers
519(4)
Mail philosophy
523(4)
Using mail servers
523(2)
Using mail homes
525(1)
Using IMAP or POP
526(1)
Mail aliases
527(14)
Getting mailing lists from files
529(1)
Mailing to files
530(1)
Mailing to programs
531(1)
Examples of aliases
531(1)
Mail forwarding
532(2)
The hashed alias database
534(1)
Mailing lists and list wrangling software
535(3)
LDAP: the Lightweight Directory Access Protocol
538(3)
sendmail: ringmaster of the electronic mail circus
541(9)
The history of sendmail
541(1)
Vendor-supplied versions of sendmail
542(1)
Sendmail installation from sendmail.org
543(3)
Installing sendmail on Debian systems
546(1)
The switch file
546(1)
Modes of operation
546(2)
The mail queue
548(2)
sendmail configuration
550(4)
Using the m4 preprocessor
551(1)
The sendmail configuration pieces
552(1)
Building a configuration file from a sample .mc file
553(1)
Changing the sendmail configuration
554(1)
Basic sendmail configuration primitives
554(4)
The VERSIONID macro
554(1)
The OSTYPE macro
555(2)
The DOMAIN macro
557(1)
The MAILER macro
557(1)
Fancier sendmail configuration primitives
558(15)
The Feature macro
559(1)
The use_cw_file feature
559(1)
The redirect feature
560(1)
The always_add_domain feature
560(1)
The nocanonify feature
560(1)
Tables and databases
561(2)
The mailertable feature
563(1)
The genericstable feature
563(1)
The virtusertable feature
564(1)
The Idap_routing feature
565(1)
Masquerading and the MASQUERADE_AS macro
566(1)
The MAIL_HUB and SMART_HOST macros
567(1)
Masquerading and routing
568(1)
The nullclient feature
568(2)
The local_Imtp and smrsh features
570(1)
The local_procmail feature
570(1)
The LOCAL_* macros
571(1)
Configuration options
571(2)
Configuration file examples
573(15)
A Computer science student's home machine
573(2)
A small but sendmail-clueful company
575(3)
Another master/client example
578(3)
Red Hat sendmail configuration
581(2)
SuSe sendmail configuration
583(3)
Debian sendmail configuration
586(2)
Spam-related features in sendmail
588(15)
Relaying
590(2)
The access database
592(3)
Blacklisting users or sites
595(1)
Header checking
596(1)
Miltering: mail filtering
597(1)
Handling spam
598(1)
Spam examples
599(3)
Spam Assassin
602(1)
Security and sendmail
603(8)
Ownerships
603(1)
Permissions
604(1)
Safer mail to files and programs
605(1)
Privacy options
606(1)
Running a chrooted sendmail (for the truly paranoid)
607(1)
Denial of service attacks
607(1)
Forgeries
608(1)
Message privacy
609(1)
SASL: the Simple Authentication and Security Layer
610(1)
sendmail performance
611(4)
Delivery modes
611(1)
Queue groups and envelope splitting
611(2)
Queue runners
613(1)
Load average controls
613(1)
Undeliverable messages in the queue
613(2)
Kernel tuning
615(1)
sendmail statistics, testing, and debugging
615(5)
Testing and debugging
616(1)
Verbose delivery
617(1)
Talking in SMTP
618(1)
Logging
619(1)
The Exim Mail System
620(3)
History
621(1)
Exim on Debian
621(1)
Exim configuration
621(1)
Exim/sendmail similarities
622(1)
Recommended reading
623(2)
Exercises
625(2)
Network Management and Debugging
627(23)
Troubleshooting a network
628(1)
ping: check to see if a host is alive
629(2)
traceroute: trace IP packets
631(2)
netstat: get tons o' network statistics
633(4)
Monitoring the status of network connections
633(2)
Inspecting interface configuration information
635(1)
Examining the routing table
636(1)
Viewing operational statistics for various network protocols
636(1)
Packet sniffers
637(2)
tcpdump: king of sniffers
638(1)
Ethereal: visual sniffer
639(1)
Network management protocols
639(2)
SNMP: the Simple Network Management Protocol
641(2)
SNMP organization
641(1)
SNMP protocol operations
642(1)
RMON: remote monitoring MIB
643(1)
The NET-SMNP agent
643(1)
Network management applications
644(4)
The NET-SNMP tools
645(1)
MRTG: the Multi-Router Traffic Grapher
646(1)
NOCOL: Network Operation Center On-Line
646(1)
Commercial management platforms
647(1)
Recommended reading
648(1)
Exercises
649(1)
Security
650(43)
Is Linux secure?
651(1)
Linux security, the CliffsNotes version
652(2)
Packet filtering
652(1)
Unnecessary services
652(1)
Software patches
652(1)
Backups
652(1)
Passwords
653(1)
Vigilance
653(1)
General philosophy
653(1)
How security is compromised
654(1)
Security problems in the /etc/passwd and /etc/shadow files
655(4)
Password checking and selection
655(1)
PAM: cooking spray or authentication wonder?
656(1)
Shadow passwords
657(1)
Group logins and shared logins
658(1)
Password aging
658(1)
User shells
658(1)
Rootly entries
658(1)
Setuid programs
659(1)
Important file permissions
660(1)
Miscellaneous security issues
661(3)
Remote event logging
661(1)
Secure terminals
661(1)
/etc/hosts.equiv and ~/.rhosts
661(1)
rexecd and tftpd
662(1)
fingerd
662(1)
Security and NIS
662(1)
Security and NFS
663(1)
Security and sendmail
663(1)
Security and backups
663(1)
Trojan horses
663(1)
Security power tools
664(6)
nmap: scan network ports
664(2)
ndiff: create nmap baselines and look for suspicious changes
666(1)
SAINT: check networked systems for vulnerabilities
666(1)
Nessus: next generation network scanner
667(1)
crack: find insecure passwords
667(1)
tcpd: protect Internet services
668(1)
COPS: audit system security
668(1)
tripwire: monitor changes to system files
669(1)
Forensic tools
670(1)
Cryptographic security tools
670(6)
Kerberos: a unified approach to network security
671(1)
PGP: Pretty Good Privacy
672(1)
SSH: the secure shell
673(2)
OPIE: One-time Passwords in Everything
675(1)
Hardware tokens
675(1)
Firewalls
676(3)
Packet-filtering firewalls
676(1)
How services are filtered
676(1)
Service proxy firewalls
677(1)
Stateful inspection firewalls
678(1)
Firewalls: how safe are they?
678(1)
Linux firewall features: IP tables
679(4)
Virtual private networks (VPNs)
683(1)
IPSEC tunnels
683(1)
All I need is a VPN, right?
684(1)
Sources of security information
684(3)
CERT: a registered service mark of Carnegie Mellon University
685(1)
SecurityFocus.com and the BugTraq mailing list
685(1)
Crypto-Gram newsletter
685(1)
SANS: the System Administration, Networking, and Security Institute
685(1)
Distribution-specific security resources
686(1)
Other mailing lists and web sites
686(1)
Hardened Linux distributions
687(1)
What to do when your site has been attacked
687(2)
Recommended reading
689(2)
Exercises
691(2)
Web Hosting and Internet Servers
693(18)
Web hosting
693(1)
Web hosting basics
694(3)
Uniform resource locators
695(1)
How HTTP works
696(1)
CGI scripting: generating content on the fly
696(1)
Load balancing
697(1)
HTTP server installation
697(3)
Choosing a server
697(1)
Installing Apache
698(1)
Configuring Apache
699(1)
Running Apache
700(1)
High-performance hosting
700(1)
Virtual interfaces
700(3)
Configuring virtual interfaces
701(1)
Telling Apache about a virtual interface
702(1)
Caching and proxy servers
703(1)
Setting up Squid
704(1)
Anonymous FTP server setup
704(3)
Exercises
707(4)
BUNCH O' STUFF
Software Installation and Localization
711(33)
Basic Linux installation
711(1)
Automating installation
712(10)
Netbooting PCs
712(1)
PXE: the PC netbooting standard
713(1)
Setting up PXE for Linux
713(1)
Netbooting non-PCs
714(1)
Kickstart: Red Hat's automated installer
714(3)
YaST: SuSE's installation tool
717(2)
SystemImager
719(3)
Localization
722(9)
Automation
723(1)
Versioning your build
723(1)
Rogue users and departments
724(1)
Testing
725(1)
Making changes undoable
726(1)
Revision control
726(1)
RCS: the Revision Control System
727(2)
Documentation
729(1)
Where to put local software
730(1)
How much to install on client machines
731(1)
Keeping your systems up to date with rsync or rdist
731(2)
Package management
733(4)
RPM packages
734(1)
Debian packages
735(1)
Automating package installation
736(1)
The Red Hat Network
737(1)
apt-get: automate downloading and installation
737(5)
Configuring apt-get
739(1)
An example /etc/apt/sources.list file
740(1)
Using proxies to make apt-get scale
740(1)
Setting up an internal APT server
740(1)
Automating apt-get
741(1)
Recommended reading
742(1)
Exercises
743(1)
Printing
744(27)
Mini-glossary of printing terms
745(1)
Linux printing systems
746(1)
Types of printers
747(1)
Serial and parallel printers
747(1)
Network printers
747(1)
Life without PostScript
748(1)
LPD: the good ol' printing system
748(12)
An overview of the printing process
748(2)
Controlling the printing environment
750(1)
lpd: the print spooler
750(1)
lpr: submit print jobs
751(1)
lpq: view the printing queue
751(1)
lprm: remove print jobs
751(1)
1pc: make administrative changes
752(2)
The/etc/printcap file
754(1)
printcap variables
755(4)
printcap variables for serial devices
759(1)
printcap extensions
760(1)
Printing to something besides a printer
760(1)
LPRng
760(4)
The LPRng commands
761(1)
/etc/Ipd.conf:configure Ipd
762(1)
/etc/Ipd.perms: configure access control
762(1)
Setting up the printcap file
763(1)
Filters
763(1)
Accounting
764(1)
Adding a printer
764(2)
Distribution-specific details
766(1)
Debugging printing problems
766(1)
Common printing software
767(1)
ghostscript
767(1)
mpage
767(1)
enscript
768(1)
Printer philosophy
768(2)
Use printer accounting
768(1)
Use banner pages only when necessary
768(1)
Provide recycling bins
768(1)
Provide previewers
769(1)
Buy cheap printers
769(1)
Secure your printer
769(1)
Exercises
770(1)
Maintenance And Environment
771(11)
Maintenance basics
771(1)
Maintenance contracts
772(1)
On-site maintenance
772(1)
Board swap maintenance
772(1)
Warranties
773(1)
Board-handling lore
773(1)
Static electricity
773(1)
Reseating boards
774(1)
Monitors
774(1)
Memory modules
774(1)
Preventive maintenance
775(1)
Environment
776(2)
Temperature
776(1)
Humidity
776(1)
Office cooling
776(1)
Machine room cooling
776(2)
Temperature monitoring
778(1)
Power
778(1)
Remote power control
779(1)
Racks
779(1)
Tools
780(1)
Exercises
781(1)
Performance Analysis
782(15)
What you can do to improve performance
783(1)
Factors that affect performance
784(1)
System performance checkup
785(9)
Analyzing CPU usage
786(2)
How Linux manages memory
788(2)
Analyzing memory usage
790(2)
Analyzing disk I/O
792(2)
Help! My system just got really slow!
794(2)
Recommended reading
796(1)
Exercises
796(1)
Cooperating with Windows
797(13)
File and print sharing
797(6)
NFS: the Network File System
798(1)
CIFS: the Common Internet File System
798(1)
SMBFS: mount remote CIFS shares
798(1)
Samba: CIFS server for Linux
798(2)
Installing and configuring Samba
800(1)
Debugging Samba
801(1)
Unified Windows and Linux login authentication
802(1)
Secure terminal emulation with SSH
803(1)
X Windows emulators
803(1)
PC mail clients
804(1)
PC backups
805(1)
Dual booting
805(1)
Mounting foreign filesystems with Linux
805(1)
Running Windows applications under Linux
806(1)
Linux (and UNIX) on Windows
807(1)
PC hardware tips
807(1)
Recommended reading
808(1)
Exercises
809(1)
Daemons
810(17)
init: the primordial process
811(1)
cron and atd: schedule commands
812(1)
inetd and xinetd: manage daemons
812(6)
Configuring inetd
813(2)
Configuring xinetd
815(2)
The services file
817(1)
portmap/rpcbind: map RPC services to TCP and UDP ports
818(1)
Kernel daemons
818(1)
klogd: read kernel messages
818(1)
File service daemons
818(2)
rpc.nfsd: serve files
818(1)
rpc.mountd: respond to mount requests
819(1)
amd and automount: mount filesystems on demand
819(1)
rpc.lockd and rpc.statd: manage NFS locks
819(1)
rpciod: cache NFS blocks
819(1)
rpc.rquotad: serve remote quotas
819(1)
smbd: provide file and printing service to Windows clients
819(1)
nmbd: NetBIOS name server
819(1)
Administrative database daemons
820(1)
ypbind: locate NIS servers
820(1)
ypserv: NIS server
820(1)
rpc.ypxfrd: transfer NIS databases
820(1)
nscd: name service cache daemon
820(1)
Internet daemons
820(4)
talkd: connect to network chat service
820(1)
sendmail: transport electronic mail
821(1)
snmpd: provide remote network management service
821(1)
rwhod: maintain remote user list
821(1)
ftpd: file transfer server
821(1)
popper: basic mailbox server
821(1)
imapd: deluxe mailbox server
821(1)
in.rlogind: remote login server
822(1)
in.telnetd: yet another remote login server
822(1)
sshd: secure remote login server
822(1)
in.rshd: remote command execution server
822(1)
in.rexecd: yet another command execution server
822(1)
rsyncd: synchronize files among multiple hosts
822(1)
routed: maintain routing tables
823(1)
gated: maintain complicated routing tables
823(1)
named: DNS server
823(1)
syslogd: process log messages
823(1)
in.fingerd: look up users
823(1)
httpd: World Wide Web server
824(1)
1pd: manage printing
824(1)
Time synchronization daemons
824(1)
timed: synchronize clocks
824(1)
ntpd and xntpd: synchronize clocks even better
825(1)
Booting and configuration daemons
825(1)
dhcpd: dynamic address assignment
825(1)
in.tftpd: trivial file transfer server
825(1)
rpc.bootparamd: advanced diskless life support
825(1)
Exercises
826(1)
Policy And Politics
827(42)
Linux culture
828(2)
Mainstream Linux
829(1)
Linux projects
830(1)
Policy and procedure
830(9)
Security policies
833(1)
User policy agreements
834(1)
Sysadmin policy agreements
835(1)
Policy and procedures for emergency situations
836(1)
Disaster planning
837(1)
Miscellaneous tidbits
838(1)
Legal issues
839(9)
Liability
839(1)
Encryption
840(1)
Copyright
840(2)
Privacy
842(1)
Policy enforcement
843(1)
Software licenses
844(1)
Spam: unsolicited commercial email
845(1)
Sysadmin surveys
846(1)
SAGE salary survey
846(1)
SANS salary survey
847(1)
Scope of service
848(1)
Trouble-reporting systems
849(1)
Managing management
850(1)
Hiring, firing, and training
851(2)
Attitude adjustment
852(1)
Operator wars
852(1)
Iterative refinement
853(1)
War stories and ethics
853(6)
Boss's mistake #1
854(1)
Boss's mistake #2
854(1)
Which ones to fire
854(1)
Engineers vs. IT department
855(1)
Horndog Joe
855(1)
Wedding invitations
856(1)
Pornographic GIF images
856(1)
Migrating data
857(1)
Bill must die!
858(1)
Second-hand stories from the World Trade Center
858(1)
Local documentation
859(1)
Procurement
860(1)
Decommissioning hardware
861(1)
Organizations, conferences, and other resources
862(4)
LPI: the Linux Professional Institute
863(1)
SAGE: the System Administrators Guild
864(1)
SANS: the System Administration, Networking, and Security Institute
865(1)
Mailing lists and web resources
865(1)
Printed resources
865(1)
Standards
866(1)
LSB: the Linux Standard Base
866(1)
POSIX
867(1)
Sample documents
867(1)
Recommended reading
867(1)
Exercises
868(1)
Colophon 869(1)
Index 870

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Excerpts

Preface Linux is a relatively new operating system in the world of computing. Born in the early 1990s, it has enjoyed tremendous publicity and support from the open source community. In many ways, Linux has come to represent the antimatter of an otherwise Microsoft-centric universe. Despite Linux's many achievements, it has yet to gain full acceptance in the world of "production computing." Once synonymous with big-iron mainframes, this environment is a world in which a few minutes of downtime can cost millions of dollars, dozens of jobs, or in extreme cases, lives. We think it's about time that Linux was accepted as a fully ordained member of this community. However, such acceptance can only develop with the help of a cavalry ofprofessionalLinux system administrators. We set out to write a book that would be the professional Linux system administrator's best friend. Where appropriate, we've adapted the proven concepts and materials from our popular book,UNIX System Administration Handbook. We've added a truckload of Linux-specific material and updated the rest, but much of the coverage remains similar. We hope you agree that the result is a high-quality guide to Linux administration that benefits from its experience in a past life. There are other books on Linux system administration, but none that provide the breadth and depth of material necessary to effectively use Linux in real-world business environments. Here are the features that distinguish our book: We take a practical approach. Our purpose is not to restate the contents of your manuals but rather to summarize our collective experience in system administration. This book contains numerous war stories and a wealth of pragmatic advice. This is not a book about how to run Linux at home, in your garage, or on your PDA. We describe the use of Linux in production environments such as businesses, government offices, and universities. We cover Linux networking in detail. It is the most difficult aspect of system administration and the area in which we think we can be of most help. We do not oversimplify the material. Our examples reflect true-life situations with all their warts and unsightly complications. In most cases, the examples have been taken directly from production systems. We cover three major Linux distributions. Our example distributions Like so many operating systems, Linux has grown and branched in several different directions. Although development of the kernel has remained surprisingly centralized, packaging and distribution of complete Linux operating systems is overseen by a variety of groups, each with its own agenda. We cover three Linux distributions in detail: Red Hat 7.2 SuSE 7.3 Debian 3.0 We chose these distributions because they are among the most popular and because they are representative of the Linux community as a whole. However, much of the material in this book applies to other mainstream distributions as well. We provide detailed information about each of these example distributions for every topic that we discuss. Comments specific to a particular operating system are marked with the distribution's logo. The organization of this book This book is divided into three large chunks: Basic Administration, Networking, and Bunch o' Stuff. Basic Administration provides a broad overview of Linux from a system administrator's perspective. The chapters in this section cover most of the facts and techniques needed to run a stand-alone Linux system. The Networking section describes the protocols used on Linux systems and the techniques used to set up, extend, and maintain networks. High-level network software is also covered here. Among the featured topics are the Domain Name System, the Network File System, routing,sendmail, and network management.

Rewards Program