Title Details

Chris Negus is an instructor for Red Hat, Inc. and the author of dozens of Linux and UNIX books, including Red Hat Linux Bible (all editions), CentOS Bible, Fedora Bible, Ubuntu Linux Toolbox, Linux Troubleshooting Bible, Linux Toys, and Linux Toys II. Christine Bresnahan has over 25 years' experience as a system administrator. She is an adjunct professor at Ivy Tech Community College, teaching Linux system administration, Linux security, and Windows security classes. She co-authored the Linux Command Line and Shell Scripting Bible, 2nd Edition.

Part I: Getting Started 1

Chapter 1: Starting with Linux  3

Understanding What Linux Is  4

Understanding How Linux Differs from Other Operating Systems  5

Exploring Linux History  6

Free-fl owing UNIX culture at Bell Labs  7

Commercialized UNIX  9

Berkeley Software Distribution arrives 9

UNIX Laboratory and commercialization  9

GNU transitions UNIX to freedom  11

BSD loses some steam  12

Linus builds the missing piece  13

OSI open source definition  14

Understanding How Linux Distributions Emerged  15

Choosing a Red Hat distribution  16

Using Red Hat Enterprise Linux 17

Using Fedora  18

Choosing Ubuntu or another Debian distribution  18

Finding Professional Opportunities with Linux Today  19

Understanding how companies make money with Linux  20

Becoming Red Hat Certified  21

RHCSA topics  22

RHCE topics  23

Summary  24

Chapter 2: Creating the Perfect Linux Desktop    27

Understanding Linux Desktop Technology  28

Starting with the Fedora GNOME Desktop Live CD  30

Using the GNOME 3 Desktop  31

After the computer boots up  31

Navigating with the mouse  32

Navigating with the keyboard  36

Setting up the GNOME 3 desktop  38

Extending the GNOME 3 desktop  39

Using GNOME shell extensions  39

Using the GNOME Tweak Tool  40

Starting with desktop applications  42

Managing fi les and folders with Nautilus  42

Installing and managing additional software  44

Playing music with Rhythmbox  45

Stopping the GNOME 3 desktop  46

Using the GNOME 2 Desktop  46

Using the Metacity window manager  48

Changing GNOME appearance  49

Using the GNOME panels  50

Using the Applications and System menus  51

Adding an applet  51

Adding another panel  52

Adding an application launcher  52

Adding a drawer  53

Changing panel properties  53

3D effects with AIGLX  54

Summary  57

Exercises  57

Part II: Becoming a Linux Power User 59

Chapter 3: Using the Shell    61

About Shells and Terminal Windows  62

Using the shell prompt  63

Using a terminal window  64

Using virtual consoles  65

Choosing Your Shell  65

Running Commands  66

Understanding command syntax 67

Locating commands  70

Recalling Commands Using Command History  72

Command-line editing  73

Command-line completion  75

Command-line recall  76

Connecting and Expanding Commands  78

Piping between commands  78

Sequential commands  79

Background commands  79

Expanding commands  80

Expanding arithmetic expressions  80

Expanding variables  81

Using Shell Variables  81

Creating and using aliases  83

Exiting the shell  84

Creating Your Shell Environment  84

Confi guring your shell  84

Setting your prompt 85

Adding environment variables  87

Getting Information About Commands  88

Summary  90

Exercises  90

Chapter 4: Moving Around the Filesystem  93

Using Basic Filesystem Commands  96

Using Metacharacters and Operators  98

Using file-matching metacharacters 98

Using file-redirection metacharacters  99

Using brace expansion characters 101

Listing Files and Directories 101

Understanding File Permissions and Ownership 105

Changing permissions with chmod (numbers)107

Changing permissions with chmod (letters) 107

Setting default file permission with umask 108

Changing file ownership 109

Moving, Copying, and Removing Files 110

Summary 111

Exercises 112

Chapter 5: Working with Text Files  113

Editing Files with vim and vi 113

Starting with vi 115

Adding text 115

Moving around in the text 116

Deleting, copying, and changing text 117

Pasting (putting) text 118

Repeating commands 118

Exiting vi 118

Skipping around in the file 119

Searching for text 120

Using ex mode 120

Learning more about vi and vim 120

Finding Files 121

Using locate to find files by name 121

Searching for files with find 122

Finding files by name 123

Finding files by size 124

Finding files by user 124

Finding files by permission 125

Finding files by date and time 126

Using not and or when finding files 126

Finding files and executing commands 127

Searching in files with grep 128

Summary 129

Exercises 130

Chapter 6: Managing Running Processes   131

Understanding Processes 131

Listing Processes 132

Listing processes with ps 132

Listing and changing processes with top 134

Listing processes with System Monitor 135

Managing Background and Foreground Processes 137

Starting background processes138

Using foreground and background commands 139

Killing and Renicing Processes 140

Killing processes with kill and killall 140

Using kill to signal processes by PID 141

Using killall to signal processes by name 141

Setting processor priority with nice and renice 142

Summary 143

Exercises 143

Chapter 7: Writing Simple Shell Scripts  145

Understanding Shell Scripts 145

Executing and debugging shell scripts 146

Understanding shell variables 147

Special shell positional parameters 148

Reading in parameters 149

Parameter expansion in bash 149

Performing arithmetic in shell scripts 150

Using programming constructs in shell scripts 151

The “if    then” statements 151

The case command 154

The “for    do” loop 155

The “while    do” and “until    do” loops 156

Trying some useful text manipulation programs 157

The general regular expression parser 157

Remove sections of lines of text (cut) 158

Translate or delete characters (tr) 158

The stream editor (sed) 158

Using simple shell scripts 159

Telephone list 159

Backup script 160

Summary 161

Exercises 161

Part III: Becoming a Linux System Administrator 163

Chapter 8: Learning System Administration  165

Understanding System Administration 165

Using Graphical Administration Tools 167

Using the root User Account 169

Becoming root from the shell (su command) 170

Allowing administrative access via the GUI 171

Gaining administrative access with sudo 172

Exploring Administrative Commands, Configuration Files, and Log Files 174

Administrative commands 174

Administrative configuration files 175

Administrative log files 179

Using Other Administrative Accounts 180

Checking and Configuring Hardware 181

Checking your hardware182

Managing removable hardware 184

Working with loadable modules 186

Listing loaded modules 187

Loading modules 187

Removing modules 188

Summary 188

Exercises 189

Chapter 9: Installing Linux   191

Choosing a Computer 192

Installing Fedora from a Live CD 193

Installing Red Hat Enterprise Linux from Installation Media 199

Installing Linux in the Enterprise 202

Exploring Common Installation Topics  204

Upgrading or installing from scratch  204

Dual booting 205

Installing Linux to run virtually  206

Using installation boot options 207

Boot options for disabling features 207

Boot options for video problems  208

Boot options for special installation types  208

Boot options for kickstarts and remote repositories  209

Miscellaneous boot options 210

Using specialized storage 210

Partitioning hard drives 211

Understanding different partition types 212

Partitioning during Fedora installation 212

Reasons for different partitioning schemes 216

Tips for creating partitions 216

Using the GRUB boot loader 218

Using GRUB Legacy (version 1) 218

Using GRUB 2 223

Summary  224

Exercises 225

Chapter 10: Getting and Managing Software  227

Managing Software with PackageKit 227

Enabling repositories and getting updates 228

Searching for packages 229

Installing and removing packages 230

Going beyond PackageKit 231

Understanding Linux RPM Software Packaging 231

Understanding RPM packaging 232

What is in an RPM? 233

Where do RPMs come from?  234

Installing RPMs  234

Managing RPM Packages with YUM 235

Understanding how yum works 235

1 Checking /etc/yumconf 236

2 Checking /etc/sysconfig/rhn/up2date (RHEL only) 237

3 Checking /etc/yumreposd/*repo files 237

4 Downloading RPM packages and metadata from a YUM repository 238

5 RPM packages installed to Linux file system 238

6 Store YUM repository metadata to local RPM database 238

Using YUM with third-party software repositories 239

Managing software with the YUM command  240

Searching for packages  240

Installing and removing packages  242

Updating packages  243

Updating groups of packages  244

Maintaining your RPM package database and cache  245

Downloading RPMs from a yum repository  246

Installing, Querying, and Verifying Software with the rpm Command 246

Installing and removing packages with rpm 247

Querying rpm information 247

Verifying RPM packages 249

Managing Software in the Enterprise 250

Summary 251

Exercises 252

Chapter 11: Managing User Accounts  253

Creating User Accounts 253

Adding users with useradd 256

Setting user defaults 259

Modifying users with usermod  260

Deleting users with userdel 261

Understanding Group Accounts 262

Using group accounts 262

Creating group accounts 263

Managing Users in the Enterprise  264

Setting permissions with Access Control Lists 265

Setting ACLs with setfacl 265

Setting default ACLs 267

Enabling ACLs  268

Adding directories for users to collaborate 270

Creating group collaboration directories (set GID bit) 270

Creating restricted deletion directories (sticky bit) 271

Centralizing User Accounts 272

Using the Authentication Configuration window 273

Summary 274

Exercises 275

Chapter 12: Managing Disks and Filesystems 277

Understanding Disk Storage 277

Partitioning Hard Disks 279

Viewing disk partitions  280

Creating a single-partition disk 281

Creating a multiple-partition disk  284

Using Logical Volume Management Partitions  288

Checking an existing LVM  288

Creating LVM logical volumes 291

Growing LVM logical volumes 293

Mounting Filesystems 293

Supported filesystems 294

Enabling swap areas 296

Disabling swap area 297

Using the fstab file to define mountable file systems 297

Using the mount command to mount file systems  300

Mounting a disk image in loopback 301

Using the umount command 301

Using the mkfs Command to Create a Filesystem 302

Summary 303

Exercises 303

Part IV: Becoming a Linux Server Administrator 305

Chapter 13: Understanding Server Administration 307

Starting with Server Administration  308

Step 1: Install the server  308

Step 2: Configure the server 310

Using configuration files 310

Checking the default configuration 310

Step 3: Start the server 311

Step 4: Secure the server 312

Password protection 313

Firewalls 313

TCP Wrappers313

SELinux 313

Security settings in configuration files 314

Step 5: Monitor the server 314

Confi gure logging 314

Run system activity reports 314

Keep system software up to date 314

Check the fi lesystem for signs of crackers 315

Managing Remote Access with the Secure Shell Service 315

Starting the openssh-server service 316

Using SSH client tools 317

Using ssh for remote login 318

Using ssh for remote execution 319

Copying files between systems with scp and rsync 320

Interactive copying with sftp 323

Using key-based (passwordless) authentication 323

Confi guring System Logging 325

Enabling system logging with rsyslog 325

Understanding the rsyslogconf file 326

Understanding the messages log file 327

Setting up and using a loghost with rsyslogd 328

Watching logs with logwatch 329

Checking System Resources with sar 330

Checking System Space 332

Displaying system space with df 332

Checking disk usage with du 333

Finding disk consumption with find 333

Summary 334

Exercises 335

Chapter 14: Administering Networking 337

Configuring Networking for Desktops 338

Checking your network interfaces  340

Checking your network from NetworkManager  340

Checking your network from the command line 342

Configuring network interfaces  345

Configuring a network proxy connection 347

Configuring Networking for Servers  348

Using system-config-network 349

Choosing device configuration 350

Choosing DNS configuration 351

Understanding networking configuration files 351

Network interface files 352

Other networking files 353

Setting alias network interfaces 356

Setting up Ethernet channel bonding 357

Setting custom routes 358

Configuring Networking in the Enterprise 359

Configuring Linux as a router 359

Configuring Linux as a DHCP server  360

Configuring Linux as a DNS server 361

Configuring Linux as a proxy server 361

Configuring VLANs in Linux 362

Summary 363

Exercises 363

Chapter 15: Starting and Stopping Services  365

Understanding the Linux init Daemon 365

Understanding the classic init daemons 367

Understanding the Upstart init daemon 375

Learning Upstart init daemon basics 375

Learning Upstart’s backward compatibility to SysVinit 378

Understanding systemd init 382

Learning systemd basics 382

Learning systemd’s backward compatibility to SysVinit 388

Auditing Services 390

Auditing the classic SysVinit daemon 391

Auditing the Upstart init daemon 392

Auditing the systemd init393

Stopping and Starting Services 394

Stopping and starting the classic SysVinit daemon 395

Stopping and starting the Upstart init daemon 396

Stopping and starting the systemd daemon 397

Stopping a service with systemd 397

Starting a service with systemd 398

Restarting a service with systemd 398

Reloading a service with systemd 399

Configuring Persistent Services  400

Configuring the classic SysVinit daemon persistent services  400

Configuring Upstart init daemon persistent services 401

Configuring systemd init persistent services  402

Enabling a service with systemd  402

Disabling (removing) a service with systemd  402

Configuring a Default runlevel or target unit  404

Configuring the classic SysVinit daemon default runlevel  404

Configuring the Upstart init daemon default runlevel  404

Configuring the systemd init default target unit  405

Adding New or Customized Services  406

Adding new services to classic SysVinit daemon  406

Step 1: Create a new or customized service script file  406

Step 2: Move the service script  407

Step 3: Add the service to runlevels  407

Adding new services to the Upstart init daemon  408

Adding new services to systemd init 410

Step 1: Create a new or customized service configuration unit file 410

Step 2: Move the service configuration unit file 411

Step 3: Add the service to the Wants directory 412

Summary 413

Exercises 413

Chapter 16: Configuring a Print Server  415

Common UNIX Printing System 415

Setting Up Printers 417

Adding a printer automatically 417

Using web-based CUPS administration 418

Using the Printer Configuration window  420

Configuring local printers with the Printer Configuration window 421

Configuring remote printers  424

Adding a remote CUPS printer  425

Adding a remote UNIX (LDP/LPR) printer  425

Adding a Windows (SMB) printer  426

Working with CUPS Printing 427

Configuring the CUPS server (cupsdconf) 427

Starting the CUPS server 429

Configuring CUPS printer options manually 429

Using Printing Commands 431

Printing with lpr 431

Listing status with lpc 431

Removing print jobs with lprm 432

Configuring Print Servers 433

Configuring a shared CUPS printer 433

Configuring a shared Samba printer 435

Understanding smbconf for printing 435

Setting up SMB clients 436

Summary 437

Exercises 437

Chapter 17: Configuring a Web Server   439

Understanding the Apache Web Server 439

Getting and Installing Your Web Server  440

Understanding the httpd package  440

Installing Apache  443

Starting Apache  443

Securing Apache  444

Apache fi le permissions and ownership  445

Apache and iptables  445

Apache and SELinux  445

Understanding the Apache configuration files  446

Using directives  447

Understanding default settings  449

Adding a virtual host to Apache 451

Allowing users to publish their own web content 453

Securing your web traffic with SSL/TLS 455

Understanding how SSL is configured 456

Generating an SSL key and self-signed certificate 458

Generating a certificate signing request 459

Troubleshooting Your Web Server  460

Checking for configuration errors 460

Accessing forbidden and server internal errors  463

Summary  464

Exercises  464

Chapter 18: Configuring an FTP Server  467

Understanding FTP 467

Installing the vsftpd FTP Server  469

Starting the vsftpd Service 470

Securing Your FTP Server 472

Opening up your fi rewall for FTP 473

Allowing FTP access in TCP wrappers 474

Configuring SELinux for your FTP server 475

Relating Linux file permissions to vsftpd 476

Configuring Your FTP Server 477

Setting up user access 477

Allowing uploading 478

Setting up vsftpd for the Internet 479

Using FTP Clients to Connect to Your Server 481

Accessing an FTP server from Firefox 481

Accessing an FTP server with the lftp command  482

Using the gFTP client  484

Summary  485

Exercises  485

Chapter 19: Configuring a Windows File Sharing (Samba) Server 487

Understanding Samba 487

Installing Samba  488

Starting and Stopping Samba 490

Starting the Samba (smb) service 490

Starting the NetBIOS (nmbd) name server 492

Stopping the Samba (smb) and NetBIOS (nmb) services 493

Securing Samba 494

Configuring firewalls for Samba 495

Configuring SELinux for Samba 496

Setting SELinux Booleans for Samba 496

Setting SELinux file contexts for Samba 497

Configuring Samba host/user permissions 498

Configuring Samba 498

Using system-config-samba 498

Choosing Samba server settings 499

Configuring Samba user accounts  500

Creating a Samba shared folder 501

Checking the Samba share 502

Configuring Samba in the smbconf file 503

Configuring the [global] section  504

Configuring the [homes] section505

Configuring the [printers] section  506

Creating custom shared directories 507

Accessing Samba Shares  509

Accessing Samba shares in Linux  509

Accessing Samba shares in Windows 512

Using Samba in the Enterprise 512

Summary 513

Exercises 513

Chapter 20: Configuring an NFS File Server  515

Installing an NFS Server 517

Starting the NFS service 518

Sharing NFS Filesystems 519

Configuring the /etc/exports file 520

Hostnames in /etc/exports 521

Access options in /etc/exports 522

User mapping options in /etc/exports 522

Exporting the shared filesystems 523

Securing Your NFS Server 523

Opening up your fi rewall for NFS 524

Allowing NFS access in TCP wrappers 525

Confi guring SELinux for your NFS server 526

Using NFS Filesystems 527

Viewing NFS shares 527

Manually mounting an NFS filesystem 527

Mounting an NFS filesystem at boot time 528

Mounting noauto filesystems 529

Using mount options 530

Using autofs to mount NFS filesystems on demand 532

Automounting to the /net directory 532

Automounting home directories 533

Unmounting NFS fi esystems 535

Summary 536

Exercises 536

Chapter 21: Troubleshooting Linux 539

Boot-Up Troubleshooting 539

Starting from the BIOS  540

Troubleshooting BIOS setup 541

Troubleshooting boot order  542

Troubleshooting the GRUB boot loader  542

Starting the kernel  545

Troubleshooting the init process  546

Troubleshooting rcsysinit  546

Troubleshooting runlevel processes 547

Troubleshooting Software Packages 551

Fixing RPM databases and cache 555

Troubleshooting Networking 556

Troubleshooting outgoing connections 556

View network interfaces 557

Check physical connections557

Check routes 557

Check hostname resolution 558

Troubleshooting incoming connections  560

Check if the client can reach your system at all  560

Check if the service is available to the client  560

Check the firewall on the server 561

Check the service on the server 562

Troubleshooting Memory 563

Uncovering memory issues 563

Checking for memory problems  566

Dealing with memory problems 567

Troubleshooting in Rescue Mode  568

Summary 569

Exercises 570

Part V: Learning Linux Security Techniques 571

Chapter 22: Understanding Basic Linux Security 573

Introducing the Security Process Lifecycle 573

Examining the Planning Phase 575

Choosing an access control model 575

Discretionary Access Control 575

Mandatory Access Control 576

Role Based Access Control 576

Using security checklists 577

Access Control Matrix 577

Industry security checklists 578

Entering the Implementation Phase 578

Implementing physical security 578

Implementing disaster recovery 579

Securing user accounts  580

One user per user account  580

No logins to the root account 581

Setting expiration dates on temporary accounts 582

Removing unused user accounts 583

Securing passwords 585

Choosing good passwords 585

Setting and changing passwords 586

Enforcing best password practices 587

Understanding the password files and password hashes 590

Securing the filesystem 591

Managing dangerous filesystem permissions 591

Securing the password files 592

Locking down the filesystem 594

Managing software and services 595

Removing unused software and services 595

Updating software packages 596

Advanced implementation 596

Working in the Monitoring Phase 596

Monitoring log files 596

Monitoring user accounts  600

Detecting counterfeit new accounts and privileges  600

Detecting bad account passwords  602

Monitoring the filesystem  603

Verifying software packages  604

Scanning the filesystem  605

Detecting viruses and rootkits  606

Detecting an intrusion  608

Working in the Audit/Review Phase 611

Conducting compliance reviews 611

Conducting security reviews 612

Summary 612

Exercises 613

Chapter 23: Understanding Advanced Linux Security 615

Implementing Linux Security with Cryptography 615

Understanding hashing 616

Understanding encryption/decryption 618

Understanding cryptographic ciphers 618

Understanding cryptographic cipher keys 619

Understanding digital signatures 625

Implementing Linux cryptography 627

Ensuring file integrity 627

Encrypting a Linux filesystem 628

Encrypting a Linux directory 630

Encrypting a Linux file 633

Encrypting Linux miscellaneous  634

Implementing Linux Security with PAM 635

Understanding the PAM authentication process 636

Understanding PAM contexts 638

Understanding PAM control flags 638

Understanding PAM modules 639

Understanding PAM system event configuration files  640

Administering PAM on your Linux system 641

Managing PAM-aware application configuration files 641

Managing PAM system event confi guration files  642

Implementing resources limits with PAM  644

Implementing time restrictions with PAM  646

Encouraging sudo use with PAM 652

Locking accounts with PAM 653

Obtaining more information on PAM 655

Summary 656

Exercises 656

Chapter 24: Enhancing Linux Security with SELinux 659

Understanding SELinux Benefits 659

Understanding How SELinux Works 661

Understanding Type Enforcement 661

Understanding Multi-Level Security  662

Implementing SELinux security models  663

Understanding SELinux Operational Modes  663

Understanding SELinux security contexts  664

Understanding SELinux Policy types 667

Understanding SELinux Policy rule packages  668

Configuring SELinux  669

Setting the SELinux Operational Mode 670

Setting the SELinux Policy type 672

Managing SELinux security contexts 673

Managing the user security context 674

Managing the file security context 675

Managing the process security context 676

Managing SELinux policy rule packages 676

Managing SELinux via Booleans 678

Monitoring and Troubleshooting SELinux 679

Understanding SELinux logging 679

Reviewing SELinux messages in the audit log  680

Reviewing SELinux messages in the messages log  680

Troubleshooting SELinux logging  682

Troubleshooting common SELinux problems  682

Using a non-standard directory for a service  683

Using a non-standard port for a service  683

Moving files and losing security context labels  684

Booleans set incorrectly  684

Putting It All Together  684

Obtaining More Information on SELinux 685

Summary  686

Exercises  686

Chapter 25: Securing Linux on a Network 689

Auditing Network Services  690

Evaluating access to network services 692

Using nmap to create a network services list 692

Using nmap to audit your network services advertisements 695

Controlling access to network services  699

Working with Firewalls 702

Understanding firewalls 702

Implementing firewalls 703

Understanding the iptables utility 703

Using the iptables utility 707

Summary 715

Exercises 716

Part VI: Appendixes 717

Appendix A: Media     719

Getting Fedora 720

Getting Red Hat Enterprise Linux 721

Getting Ubuntu 722

Creating Linux CDs and DVDs  724

Burning CDs/DVDs in Windows  724

Burning CDs/DVDs on a Mac OS X system  724

Burning CDs/DVDs in Linux 725

Burning CDs from a Linux desktop 725

Burning CDs from a Linux command line 726

Booting Linux from a USB Drive 727

Appendix B: Exercise Answers        729

Chapter 2: Creating the Perfect Linux Desktop 729

Chapter 3: Using the Shell 732

Chapter 4: Moving Around the Filesystem  734

Chapter 5: Working with Text Files 735

Chapter 6: Managing Running Processes 737

Chapter 7: Writing Simple Shell Scripts 738

Chapter 8: Learning System Administration 740

Chapter 9: Installing Linux 743

Chapter 10: Getting and Managing Software 745

Chapter 11: Managing User Accounts 746

Chapter 12: Managing Disks and Filesystems 750

Chapter 13: Understanding Server Administration 752

Chapter 14: Administering Networking 755

Chapter 15: Starting and Stopping Services 758

Chapter 16: Configuring a Print Server 761

Chapter 17: Configuring a Web Server 763

Chapter 18: Configuring an FTP Server 766

Chapter 19: Configuring a Windows File Sharing (Samba) Server 769

Chapter 20: Configuring an NFS File Server 772

Chapter 21: Troubleshooting Linux 774

Chapter 22: Understanding Basic Linux Security 776

Chapter 23: Understanding Advanced Linux Security 777

Chapter 24: Enhancing Linux Security with SELinux 779

Chapter 25: Securing Linux on a Network 781

Index        783