book

Running Linux, Fourth Edition

by Matt Welsh, Matthias Kalle Dalheimer, Terry Dawson, Lar Kaufman

December 2002

Beginner

696 pages

23h 10m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Why People Like Linux
About This Book
A Note on Linux Version NumbersA Bag of FeaturesKernel

Basic Commands and UtilitiesText Processing and Word ProcessingCommercial ApplicationsProgramming Languages and UtilitiesThe X Window SystemKDE and GNOMENetworkingLaptop SupportInterfacing with Windows and MS-DOSOther Applications
Hints for Unix NovicesHints for Unix Gurus
Online DocumentsBooks and Other Published WorksUsenet NewsgroupsInternet Mailing Lists
Distributions of LinuxGetting Linux via Mail Order or Other Hard MediaGetting Linux from the Internet
Installation OverviewRepartitioning ConceptsLinux Partition RequirementsRepartitioning Your Drives
Installing the Linux SoftwareBooting LinuxDrives and Partitions Under LinuxCreating Linux PartitionsCreating Swap SpaceCreating the FilesystemsInstalling the SoftwareCreating the Boot Floppy or Installing LILOAdditional Installation Procedures
Creating a User AccountGetting Online HelpEditing /etc/fstabShutting Down the System
Problems with Booting the Installation MediumHardware ProblemsIsolating hardware problemsProblems recognizing hard drive or controllerProblems with SCSI controllers and devicesProblems Installing the SoftwareProblems after Installing LinuxProblems booting Linux from floppyProblems booting Linux from the hard driveProblems logging inProblems using the system
Logging In
DirectoriesListing FilesViewing Files, More or LessSymbolic Links
Word CompletionMoving Around Among Commands
What Permissions MeanOwners and Groups
Maintaining the System
Using a Boot FloppyUsing LILOThe /etc/lilo.conf fileUsing LILO as a secondary bootloaderSpecifying boot time optionsRemoving LILO
Kernel Boot Messagesinit, inittab, and rc Filesrc Files
The passwd FileShadow PasswordsPAM and Other Authentication MethodsThe Group FileCreating AccountsDeleting and Disabling AccountsModifying User Accounts
Managing FilesystemsFilesystem TypesMounting FilesystemsAutomounting DevicesCreating FilesystemsChecking and Repairing Filesystems
Creating Swap SpaceEnabling the Swap SpaceDisabling Swap Space
Archive and Compression UtilitiesUsing gzip and bzip2Using tarUsing tar with gzip and bzip2tar Tricks
Upgrading LibrariesUpgrading the Compiler
Using RPMUsing dpkg and aptUpgrading Other Software
Obtaining Kernel SourcesUnpacking the sourcesApplying patchesBuilding the Kernel
Making BackupsSimple BackupsBacking up to tapeBacking up to floppyTo compress, or not to compress?Incremental Backups
Checking Printer HardwareGathering ResourcesChoosing Printer SoftwareChecking Print UtilitiesSetting Up the Printcap FilePrintcap file format rulesPrinter namesThe rest of the printcap variablesConfiguring GhostscriptPrint FiltersThe nenscript FilterMagic Filters: APSfilter and AlternativesBSD Print System Elements: Files, Directories, and UtilitiesSetting up printer directoriesFile, directory, and utility privilegesExercising the Printer DaemonControlling Printer Services with lpcPrinter OptimizationPrinter System TroubleshootingCUPS
Repairing FilesystemsAccessing Damaged FilesRestoring Files from Backup
Editing Files Using viStarting viInserting Text and Moving AroundDeleting Text and Undoing ChangesChanging TextMoving CommandsSaving Files and Quitting viEditing Another FileIncluding Other FilesRunning Shell CommandsGlobal Searching and ReplacingMoving Text and Using RegistersExtending vi
Firing It UpSimple Editing CommandsTutorial and Online HelpDeleting, Copying, and Moving TextSearching and ReplacingMacrosRunning Commands and Programming within EmacsTailoring EmacsRegular Expressions
Word ProcessorsTEX and LATEXLearning the ropesFormatting and printingFurther readingSGML, XML, and DocbookgroffWriting a manual pageFormatting and installing the manual pageTexinfoWriting the Texinfo sourceFormatting Texinfo
ImageMagickThe GIMPPOVRAY
A Whirlwind Tour of Digital AudioAudio Under LinuxInstallation and ConfigurationCollecting hardware informationConfiguring ISA Plug and Play (optional)Configuring the kernel (optional)Configuring kernel modulesTesting the installationTroubleshooting and common problemsLinux Multimedia ApplicationsMP3 PlayersReferences
How the Printing System Processes a Queued Filenenscript and enscript
X Concepts
Basics of X Customizationxinit
General FeaturesInstalling KDEUsing KDEThe KDE panel and the K menuThe KDE Control CenterConfiguring the backgroundConfiguring window styles and colorsInternationalization
konsole: Your Home BaseStarting up konsoleCutting and pasting selectionsMore konsole tricksClocksKGhostview: Displaying PostScriptReading Documentation with Konqueror
Installing and Updating GNOMECore Desktop InterfaceThe panelNautilus: your desktop and file manager
Ximian Evolution: Mail, Calendar, and ContactsEvolution mailEvolution calendarEvolution contactsGnumeric SpreadsheetgPhoto, the Digital Camera ToolAbiword Word ProcessorAdditional Applications and Resources
The X Resource DatabaseEmacs and Other Editors
Sharing Disks with MToolsmattrib
Mounting Windows SharesUsing Samba to Serve SMB SharesInstalling SambaConfiguring SambaAdding usersStarting the Samba daemonsFile Translation UtilitiesOther document formats
Programming with gccQuick Overviewgcc FeaturesBasic gcc UsageUsing Multiple Source FilesOptimizingEnabling Debugging CodeMore Fun with LibrariesCreating shared librariesUsing C++
What make DoesSome Syntax RulesMacrosSuffix Rules and Pattern RulesMultiple CommandsIncluding Other makefilesInterpreting make MessagesAutoconf, Automake, and Other Makefile Tools
A Sample ProgramMore FeaturesPros and Cons
The Promise of Java, or Why You Might Want to Use JavaGetting Java for LinuxA Working Example of Java
Debugging with gdbTracing a ProgramExamining a Core FileDebugging a Running ProgramChanging and Examining DataGetting InformationMiscellaneous FeaturesBreakpoints and watchpointsInstruction-level debuggingUsing Emacs with gdb
DebuggersProfiling and Performance ToolsUsing straceUsing ValgrindInterface Building ToolsRevision Control Tools — RCSRevision Control Tools — CVSSetting up a CVS repositoryWorking with CVSCVS over the InternetPatching FilesIndenting Code
Networking with TCP/IPTCP/IP ConceptsHardware RequirementsConfiguring TCP/IP with EthernetYour network configurationThe networking rc files/etc/hosts/etc/networks/etc/host.conf/etc/resolv.confSetting your hostnameTrying out your network
Basic PPP Configuration for ModemsRequirementsSerial device namesSetting up PPPWriting a chat scriptStarting up pppdConfiguring DNSTroubleshooting PPP configurationPAP and CHAP
Configuring Your ISDN HardwareSetting Up Synchronous PPPAnd If It Does Not Work?Where to Go from Here?
Configuring NFSConfiguring NIS
The World Wide WebUsing Konqueror and Other Web BrowsersConfiguring Your Own Web Serverhttpd.confsrm.conf and access.confStarting httpd
The Postfix MTAA word about DNSInstalling PostfixPostfix configurationStarting PostfixPostfix loggingRunning Postfix on system startupPostfix relay controlAdditional configurationsGetting the Mail to Your Computer with FetchmailOther Email Administrative IssuesRegistering an addressMail system maintenanceUsing KMailUsing Mozilla Mail & News
A Perspective on System Security
Shutting Down Unwanted Network DaemonsTop 10 Things You Should Never Do
Using TCP Wrappers with inetdUsing TCP Wrappers with xinetd/etc/hosts.allow and /etc/hosts.deny
netfilter BasicsUsing the iptables commandDeveloping IP Filtering RulesetsIP Filter Management and Script FilesSample netfilter ConfigurationsSimple IP filtering exampleIP filtering to protect an entire networkIP masquerading example
MySQL
Some Sample PHPPHP4 as an Apache Module
Linux Documentation Project
General DocumentationOpen Source ProjectsProgramming Languages and ToolsNews and Information SitesLinux Software Directories and Download SitesLinux DistributionsCommercial Linux Software CompaniesInternet RFCs and Other StandardsMiscellaneous
Alpha History and StatusThe Linux Port and DistributionsChipsetsSources of InformationAlphaLinux sitesAlphaLinux mailing listsAlphaLinux FTP sitesMinimum HardwareIDE/ATAPI Drive SupportMice and Serial Ports
Potential Incompatibilities and Hardware ProblemsInstallation ChoicesFirmware optionsFeatures and limitations of SRMFeatures and limitations of ARC FirmwareFeatures and limitations of AlphaBIOS FirmwareFeatures and limitations of Milo Miniloader
General ProcedurePreparing Software for InstallationPreparing Hardware for InstallationSetting Up the System Firmware to Start the InstallationLoading the Linux Boot Kernel
Kernel TuningPerformance and Library TuningBinary EmulationGraphical Browser Considerations
Linux Documentation Project Guides

Content preview from Running Linux, Fourth Edition

Firewalls: Filtering IP Packets

While TCP wrappers can be used to restrict the set of hosts that can establish connections to certain services on a machine, in many cases it is desirable to exert finer-grained control over the packets that can enter (or leave!) a given system. It’s also the case that TCP wrappers only work with services configured using inetd or xinetd; some services (such as sshd on some systems) are “standalone” and provide their own access control features. Still other services don’t implement any access control themselves, so it’s necessary to provide another level of protection if we wish to control the connections made to these services.

Today it is commonplace for Internet users to protect themselves against the threat of network-based attacks using a technique called IP filtering. IP filtering involves having the kernel inspect each network packet that is transmitted or received and deciding whether to allow it to pass, to throw it away, or to modify it in some way before allowing it through. IP filtering is often called “firewalling,” because by carefully filtering packets entering or leaving a machine you are building a “firewall” between the system and the rest of the Internet. IP filtering won’t protect you against virus and Trojan Horse attacks or application defects, but it can protect you against many forms of network-based attacks, such as certain types of DoS attacks and IP spoofing (packets that are marked as coming from a system they don’t really ...