book

Linux Administration: A Beginner’s Guide, Seventh Edition, 7th Edition

by Wale Soyinka

December 2015

Beginner

672 pages

21h 28m

English

McGraw-Hill

Read now

Unlock full access

Linux: The Operating SystemWhat Is Open Source Software and GNU All About?What Is the GNU Public License?Upstream and DownstreamThe Advantages of Open Source SoftwareUnderstanding the Differences Between Windows and LinuxSingle Users vs. Multiple Users vs. Network UsersThe Monolithic Kernel and the Micro-KernelSeparation of the GUI and the KernelMy Network PlacesThe Registry vs. Text FilesDomains and Active DirectorySummary
Hardware and Environmental ConsiderationsServer DesignUptimeMethods of InstallationInstalling FedoraProject PrerequisitesThe InstallationInstallation SummaryLocalization SectionSoftware SectionSystem SectionStart the Installation, Set the Root Password, and Create a User AccountComplete the InstallationLog InInstalling Ubuntu ServerStart the InstallationConfigure the NetworkSet Up Users and PasswordsConfigure the Time ZoneSet Up the Disk PartitionOther Miscellaneous TasksSummary
An Introduction to BashJob ControlEnvironment VariablesPipesRedirectionCommand-Line ShortcutsFilename ExpansionEnvironment Variables as ParametersMultiple CommandsBackticksDocumentation ToolsThe man CommandThe texinfo SystemFiles, File Types, File Ownership, and File PermissionsNormal FilesDirectoriesHard LinksSymbolic LinksBlock DevicesCharacter DevicesNamed PipesListing Files: lsChange Ownership: chownChange Group: chgrpChange Mode: chmodFile Management and ManipulationCopy Files: cpMove Files: mvLink Files: lnFind a File: findFile Compression: gzipFile Compression: bzip2File Compression: xzCreate a Directory: mkdirRemove a Directory: rmdirShow Present Working Directory: pwdTape Archive: tarConcatenate Files: catDisplay a File One Screen at a Time: moreShow the Directory Location of a File: whichLocate a Command: whereisEditorsviemacsjoepicoMiscellaneous ToolsDisk Utilization: duDisk Free: dfSynchronize Disks: syncList Processes: psShow an Interactive List of Processes: topSend a Signal to a Process: killShow System Name: unameWho Is Logged In: whoA Variation on who: wSwitch User: suPutting It All Together (Moving a User and Its Home Directory)Summary
The Red Hat Package ManagerManaging Software Using RPMQuerying for Information the RPM Way (Getting to Know One Another)Installing Software with RPM (Moving in Together)Uninstalling Software with RPM (Ending the Relationship)Other Things RPM Can DoYumDNFGUI RPM Package ManagersFedoraopenSUSE and SLEThe Debian Package Management SystemAPTSoftware Management in UbuntuQuerying for InformationInstalling Software in UbuntuRemoving Software in UbuntuCompile and Install GNU SoftwareGetting and Unpacking the Source PackageLooking for DocumentationConfiguring the PackageCompiling the PackageInstalling the PackageTesting the SoftwareCleanupCommon Problems When Building from Source CodeProblems with LibrariesMissing Configure ScriptBroken Source CodeSummary
What Exactly Constitutes a User?Where User Information Is KeptThe /etc/passwd FileThe /etc/shadow FileThe /etc/group FileUser Management ToolsCommand-Line User ManagementGUI User ManagersUsers and Access PermissionsUnderstanding SetUID and SetGID ProgramsSticky BitPluggable Authentication ModulesHow PAM WorksPAM’s Files and Their LocationsConfiguring PAMAn Example PAM Configuration FileThe “Other” FileD’oh! I Can’t Log In!Debugging PAMA Grand TourCreating Users with useraddCreating Groups with groupaddModifying User Attributes with usermodModifying Group Attributes with groupmodDeleting Users and Groups with userdel and groupdelSummary
Boot LoadersGRUB LegacyGRUB 2LILOBootstrappingThe init Processrc ScriptsWriting Your Own rc ScriptEnabling and Disabling ServicesEnabling a ServiceDisabling a ServiceGraphical Service ManagersOdds and Ends of Booting and Shutting Downfsck!Booting into Single-User (“Recovery”) ModeSummary
The Makeup of File Systemsi-NodesBlocksSuperblocksext3ext4BtrfsXFSWhich File System Should You Use?Managing File SystemsMounting and Unmounting Local DisksUsing fsckAdding a New DiskOverview of PartitionsTraditional Disk and Partition Naming ConventionsVolume ManagementCreating Partitions and Logical VolumesCreating File SystemsSummary
The init Daemonupstart: Die init. Die Now!xinetd and inetdThe /etc/xinetd.conf FileExamples: A Simple Service Entry and Enabling/Disabling a ServiceThe Logging Daemonrsyslogdsystemd-journald (journald)The cron ProgramThe crontab FileEditing the crontab FileSummary
What Exactly Is a Kernel?Finding the Kernel Source CodeGetting the Correct Kernel VersionUnpacking the Kernel Source CodeBuilding the KernelPreparing to Configure the KernelKernel ConfigurationCompiling the KernelInstalling the KernelBooting the KernelThe Author Lied—It Didn’t Work!Patching the KernelDownloading and Applying PatchesIf the Patch WorkedIf the Patch Didn’t WorkSummary
What’s Inside the /proc Directory?Tweaking Files Inside of /procSome Useful /proc EntriesEnumerated /proc EntriesCommon proc Settings and ReportsSYN Flood ProtectionIssues on High-Volume ServersDebugging Hardware ConflictsSysFScgroupfstmpfstmpfs ExampleSummary
The LayersPacketsTCP/IP Model and the OSI ModelHeadersEthernetIP (IPv4)TCPUDPA Complete TCP ConnectionOpening a ConnectionTransferring DataClosing the ConnectionHow ARP WorksThe ARP Header: ARP Works with Other Protocols, Too!Bringing IP Networks TogetherHosts and NetworksSubnettingNetmasksStatic RoutingDynamic Routing with RIPtcpdump Bits and BobsReading and Writing DumpfilesCapturing More or Less per PacketPerformance ImpactDon’t Capture Your Own Network TrafficTroubleshooting Slow Name Resolution (DNS) IssuesIPv6IPv6 Address FormatIPv6 Address TypesIPv6 Backward-CompatibilitySummary
Modules and Network InterfacesNetwork Device Configuration Utilities (ip, ifconfig, and nmcli)Sample Usage—ifconfig, ip, and nmcliSetting Up NICs at Boot TimeManaging RoutesSample Usage: Route ConfigurationDisplaying RoutesA Simple Linux RouterRouting with Static RoutesHow Linux Chooses an IP AddressHostname ConfigurationSummary
How Netfilter WorksA NAT PrimerNAT-Friendly ProtocolsChainsInstalling NetfilterEnabling Netfilter in the KernelConfiguring NetfilterSaving Your Netfilter ConfigurationThe iptables CommandfirewalldCookbook SolutionsSimple NAT: iptablesSimple NAT: nftablesSimple Firewall: iptablesSummary
Common Sources of RiskSetUID ProgramsUnnecessary ProcessesPicking the Right RunlevelNonhuman User AccountsLimited ResourcesMitigating RiskchrootSELinuxAppArmorMonitoring Your SystemLoggingUsing ps and netstatUsing dfAutomated MonitoringMailing ListsSummary
TCP/IP and Network SecurityThe Importance of Port NumbersTracking ServicesUsing the netstat CommandSecurity Implications of netstat’s OutputBinding to an InterfaceShutting Down ServicesShutting Down xinetd and inetd ServicesShutting Down Non-xinetd ServicesMonitoring Your SystemMaking the Best Use of syslogMonitoring Bandwidth with MRTGHandling AttacksTrust Nothing (and No One)Change Your PasswordsPull the PlugNetwork Security ToolsnmapSnortNessusWireshark/tcpdumpSummary
The Hosts FileHow DNS WorksDomain and Host Naming ConventionsThe Root DomainSubdomainsThe in-addr.arpa DomainTypes of ServersInstalling a DNS ServerUnderstanding the BIND Configuration FileThe SpecificsConfiguring a DNS ServerDefining a Primary Zone in the named.conf FileDefining a Secondary Zone in the named.conf FileDefining a Caching Zone in the named.conf FileDNS Records TypesSOA: Start of AuthorityNS: Name ServerA: Address RecordPTR: Pointer RecordMX: Mail ExchangerCNAME: Canonical NameRP and TXT: The Documentation EntriesSetting Up BIND Database FilesDNS Server Setup Walk-ThroughThe DNS ToolboxhostdignslookupwhoisnsupdateThe rndc ToolConfiguring DNS ClientsThe ResolverConfiguring the ClientSummary
The Mechanics of FTPClient/Server InteractionsObtaining and Installing vsftpdConfiguring vsftpdStarting and Testing the FTP ServerCustomizing the FTP ServerSetting Up an Anonymous-Only FTP ServerSetting Up an FTP Server with Virtual UsersSummary
Understanding HTTPHeadersPortsProcess Ownership and SecurityInstalling the Apache HTTP ServerApache ModulesStarting Up and Shutting Down ApacheStarting Apache at Boot TimeTesting Your InstallationConfiguring ApacheCreating a Simple Root-Level PageApache Configuration FilesCommon Configuration OptionsTroubleshooting ApacheSummary
Understanding SMTPRudimentary SMTP DetailsSecurity ImplicationsEmail ComponentsInstalling the Postfix ServerInstalling Postfix via RPM in FedoraInstalling Postfix via APT in UbuntuInstalling Postfix from Source CodeConfiguring the Postfix ServerThe main.cf FileChecking Your ConfigurationRunning the ServerChecking the Mail QueueFlushing the Mail QueueThe newaliases CommandMaking Sure Everything WorksSummary
POP3 and IMAP Protocol BasicsDovecot (IMAP and POP3 Server)Installing DovecotDovecot Configuration Files and OptionsConfiguring DovecotRunning DovecotChecking Basic POP3 FunctionalityChecking Basic IMAP FunctionalityOther Issues with Mail ServicesSSL SecurityAvailabilityLog FilesSummary
VoIP OverviewVoIP ServerAnalog Telephone Adapter (ATA)IP PhonesVoIP ProtocolsVoIP ImplementationsAsteriskHow Asterisk WorksAsterisk InstallationStarting and Stopping AsteriskUnderstanding Asterisk Configuration Files and StructureSIP Channel Config: sip.confThe Dialplan: extensions.confModules: modules.confAsterisk Network, Port, and Firewall RequirementsConfiguring the Local Firewall for AsteriskConfiguring the PBXLocal ExtensionsOutside Connection—(VoIP Trunking)Trunking Using Google VoiceAsterisk Maintenance and TroubleshootingAsterisk CLI CommandsHelpful CLI CommandsCommon Issues with VoIPSummary
Understanding Public Key CryptographyKey CharacteristicsCryptography ReferencesUnderstanding SSH VersionsOpenSSH and OpenBSDAlternative Vendors for SSH ClientsInstalling OpenSSH via RPM in FedoraInstalling OpenSSH via APT in UbuntuServer Start-up and ShutdownSSHD Configuration FileUsing OpenSSHSecure Shell (ssh) Client ProgramSecure Copy (scp) ProgramSecure FTP (sftp) ProgramFiles Used by the OpenSSH ClientSummary
The Mechanics of NFSVersions of NFSSecurity Considerations for NFSMount and Access a PartitionEnabling NFS in Fedora, RHEL, and CentosEnabling NFS in UbuntuThe Components of NFSKernel Support for NFSConfiguring an NFS ServerThe /etc/exports Configuration FileConfiguring NFS ClientsThe mount CommandSoft vs. Hard MountsCross-Mounting DisksThe Importance of the intr OptionPerformance TuningTroubleshooting Client-Side NFS IssuesStale File HandlesPermission DeniedSample NFS Client and NFS Server ConfigurationCommon Uses for NFSSummary
The Mechanics of SMBUsernames and PasswordsEncrypted PasswordsSamba DaemonsInstalling Samba via RPMInstalling Samba via APTSamba AdministrationStarting and Stopping SambaCreating a ShareUsing smbclientMounting Remote Samba SharesSamba UsersCreating Samba UsersAllowing Null PasswordsChanging Passwords with smbpasswdUsing Samba to Authenticate Against a Windows Serverwinbindd DaemonTroubleshooting SambaSummary
DFS OverviewDFS ImplementationsGlusterFSSummary
Inside NISThe NIS ServersDomainsConfiguring the Master NIS ServerEstablishing the Domain NameStarting NISEditing the MakefileUsing ypinitConfiguring an NIS ClientInstall NIS Client-Side PackageEditing the /etc/yp.conf FileEnabling and Starting ypbindEditing the /etc/nsswitch.conf FileNIS at WorkTesting Your NIS Client ConfigurationConfiguring a Secondary NIS ServerSetting the Domain NameSetting Up the NIS Master to Push to SlavesRunning ypinitNIS ToolsUsing NIS in Configuration FilesImplementing NIS in a Real NetworkA Small NetworkA Segmented NetworkNetworks Bigger than BuildingsSummary
LDAP BasicsLDAP DirectoryClient/Server ModelUses of LDAPLDAP TerminologyOpenLDAPServer-Side DaemonsOpenLDAP UtilitiesInstalling OpenLDAPConfiguring OpenLDAPConfiguring slapdStarting and Stopping slapdConfiguring OpenLDAP ClientsCreating Directory EntriesSearching, Querying, and Modifying the DirectoryUsing OpenLDAP for User AuthenticationConfiguring the ServerConfiguring the ClientSummary
Printing TerminologiesThe CUPS SystemRunning CUPSInstalling CUPSConfiguring CUPSAdding PrintersLocal Printers and Remote PrintersUsing the Web Interface to Add a PrinterUsing Command-Line Tools to Add a PrinterRoutine CUPS AdministrationSetting the Default PrinterEnabling, Disabling, and Deleting PrintersAccepting and Rejecting Print JobsManaging Printing PrivilegesManaging Printers via the Web InterfaceUsing Client-Side Printing ToolslprlpqlprmSummary
The Mechanics of DHCPThe DHCP ServerInstalling DHCP Software via RPMInstalling DHCP Software via APT in UbuntuConfiguring the DHCP ServerA Sample dhcpd.conf FileThe DHCP Client DaemonConfiguring the DHCP ClientSummary
Why Virtualize?Virtualization ConceptsVirtualization ImplementationsHyper-VKernel-Based Virtual Machine (KVM)QEMUUser-Mode Linux (UML)VirtualBoxVMwareXenKVMKVM ExampleManaging KVM Virtual MachinesSetting Up KVM in Ubuntu/DebianContainersContainers vs. Virtual MachinesDockerSummary
Evaluating Your Backup NeedsAmount of DataBackup Hardware and Backup MediumNetwork ThroughputSpeed and Ease of Data RecoveryData DeduplicationTape ManagementCommand-Line Backup Toolsdump and restoretarrsyncMiscellaneous Backup SolutionsSummary
Creating a Linux Installer on Flash/USB Devices (via Linux OS)Creating a Linux Installer on Flash/USB Devices (via Microsoft Windows)Fedora Installer Using Live USB Creator on WindowsUbuntu Installer Using UNetbootin on WindowsOpenSUSE Installer Using Pendrivelinux.com’s Universal USB Installer on Windows
Basic Host System RequirementsInstalling the Virtualization Applications and UtilitiesDownload and Prep the Demo VM Image FileImport the Demo VM Image and Create a New VM InstanceManaging the Demo Virtual MachineConnecting to the Demo VMVirtual Network Computing (VNC)Connecting via SSHVirtual Serial TTY ConsoleCockpit ApplicationJust Use It!Feedback

Content preview from Linux Administration: A Beginner’s Guide, Seventh Edition, 7th Edition

CHAPTER 15 Network Security

In Chapter 14, you learned that exploit vectors are of two types: those in which the vulnerability is exploitable locally and those in which the vulnerability is exploitable over a network. The latter case is covered in this chapter.

Network security addresses the problem of attackers sending malicious network traffic to your system with the intent of either making your system unavailable (denial-of-service, or DoS, attack) or exploiting weaknesses in your system to gain access or control of the system or other systems. Network security is not a substitute for the good local security practices discussed in the previous chapter. Both local and network security approaches are necessary to keep things working in the expected ...