book

UNIX and Linux System Administration Handbook, 5th Edition

by Trent R. Hein, Evi Nemeth, Garth Snyder, Ben Whaley, Dan Mackin

August 2017

Intermediate to advanced

1232 pages

39h 57m

English

Addison-Wesley Professional

Read now

Unlock full access

1.1 Essential duties of a system administrator1.2 Suggested background1.3 Linux distributions1.4 Example systems used in this book1.5 Notation and typographical conventions1.6 Units1.7 Man pages and other on-line documentation1.8 Other authoritative documentation1.9 Other sources of information1.10 Ways to find and install software1.11 Where to host1.12 Specialization and adjacent disciplines1.13 Recommended reading
2.1 Boot process overview2.2 System firmware2.3 Boot loaders2.4 GRUB: the GRand Unified Boot loader2.5 The FreeBSD boot process2.6 System management daemons2.7 systemd in detail2.8 FreeBSD init and startup scripts2.9 Reboot and shutdown procedures2.10 Stratagems for a nonbooting system
3.1 Standard UNIX access control3.2 Management of the root account3.3 Extensions to the standard access control model3.4 Modern access control3.5 Recommended reading
4.1 Components of a process4.2 The life cycle of a process4.3 ps: monitor processes4.4 Interactive monitoring with top4.5 nice and renice: influence scheduling priority4.6 The /proc filesystem4.7 strace and truss: trace signals and system calls 4.8 Runaway processes4.9 Periodic processes
5.1 Pathnames5.2 Filesystem mounting and unmounting5.3 Organization of the file tree5.4 File types5.5 File attributes5.6 Access control lists

6.1 Operating system installation6.2 Managing packages 6.3 Linux package management systems 6.4 High-level Linux package management systems6.5 FreeBSD software management6.6 Software localization and configuration6.7 Recommended reading
7.1 Scripting philosophy7.2 Shell basics7.3 sh scripting7.4 Regular expressions7.5 Python programming7.6 Ruby programming7.7 Library and environment management for Python and Ruby7.8 Revision control with Git7.9 Recommended reading
8.1 Account mechanics8.2 The /etc/passwd file8.3 The Linux /etc/shadow file8.4 FreeBSD's /etc/master.passwd and /etc/login.conf files8.5 The /etc/group file8.6 Manual steps for adding users8.7 Scripts for adding users: useradd, adduser, and newusers8.8 Safe removal of a user’s account and files8.9 User login lockout8.10 Risk reduction with PAM8.11 Centralized account management
9.1 The cloud in context9.2 Cloud platform choices9.3 Cloud service fundamentals9.4 Clouds: VPS quick start by platform9.5 Cost control9.6 Recommended Reading
10.1 Log locations10.2 The systemd journal10.3 Syslog10.4 Kernel and boot-time logging10.5 Management and rotation of log files10.6 Management of logs at scale10.7 Logging policies
11.1 Kernel chores for system administrators11.2 Kernel version numbering11.3 Devices and their drivers11.4 Linux kernel configuration11.5 FreeBSD kernel configuration 11.6 Loadable kernel modules 11.7 Booting 11.8 Booting alternate kernels in the cloud11.9 Kernel errors11.10 Recommended reading
12.1 CUPS printing12.2 CUPS server administration12.3 Troubleshooting tips12.4 Recommended reading
13.1 TCP/IP and its relationship to the Internet13.2 Networking basics13.3 Packet addressing13.4 IP addresses: the gory details13.5 Routing13.6 IPv4 ARP and IPv6 neighbor discovery13.7 DHCP: the Dynamic Host Configuration Protocol13.8 Security issues13.9 Basic network configuration13.10 Linux networking13.11 FreeBSD networking13.12 Network troubleshooting13.13 Network monitoring13.14 Firewalls and NAT13.15 Cloud networking13.16 Recommended reading
14.1 Ethernet: the Swiss Army knife of networking14.2 Wireless: Ethernet for nomads14.3 SDN: software-defined networking14.4 Network testing and debugging14.5 Building wiring14.6 Network design issues14.7 Management issues14.8 Recommended vendors14.9 Recommended reading
15.1 Packet forwarding: a closer look15.2 Routing daemons and routing protocols15.3 Protocols on parade15.4 Routing protocol multicast coordination15.5 Routing strategy selection criteria15.6 Routing daemons15.7 Cisco routers15.8 Recommended reading
16.1 DNS architecture16.2 DNS for lookups16.3 The DNS namespace16.4 How DNS works16.5 The DNS database16.6 The BIND software16.7 Split DNS and the view statement16.8 BIND configuration examples16.9 Zone file updating16.10 DNS security issues 16.11 BIND debugging16.12 Recommended reading
17.1 Core SSO elements17.2 LDAP: “lightweight” directory services17.3 Using directory services for login17.4 Alternative approaches17.5 Recommended reading
18.1 Mail system architecture18.2 Anatomy of a mail message18.3 The SMTP protocol18.4 Spam and malware18.5 Message privacy and encryption18.6 Mail aliases18.7 Email configuration 18.8 sendmail18.9 Exim18.10 Postfix18.11 Recommended reading
19.1 HTTP: the Hypertext Transfer Protocol19.2 Web software basics19.3 Web hosting in the cloud19.4 Apache httpd19.5 NGINX19.6 HAProxy19.7 Recommended reading
20.1 I just want to add a disk!20.2 Storage hardware20.3 Storage hardware interfaces20.4 Attachment and low-level management of drives20.5 The software side of storage: peeling the onion20.6 Disk partitioning20.7 Logical volume management20.8 RAID: redundant arrays of inexpensive disks20.9 Filesystems20.10 Traditional filesystems: UFS, ext4, and XFS20.11 Next-generation filesystems: ZFS and Btrfs20.12 ZFS: all your storage problems solved20.13 Btrfs: “ZFS lite” for Linux20.14 Data backup strategy20.15 Recommended reading
21.1 Meet network file services21.2 The NFS approach21.3 Server-side NFS21.4 Client-side NFS21.5 Identity mapping for NFS version 421.6 nfsstat: dump NFS statistics21.7 Dedicated NFS file servers21.8 Automatic mounting21.9 Recommended reading
22.1 Samba: SMB server for UNIX22.2 Installing and configuring Samba22.3 Mounting SMB file shares22.4 Browsing SMB file shares22.5 Ensuring Samba security22.6 Debugging Samba22.7 Recommended reading
23.1 Configuration management in a nutshell23.2 Dangers of configuration management23.3 Elements of configuration management23.4 Popular CM systems compared23.5 Introduction to Ansible23.6 Introduction to Salt23.7 Ansible and Salt compared23.8 Best practices23.9 Recommended reading
24.1 Virtual vernacular24.2 Virtualization with Linux24.3 FreeBSD bhyve24.4 VMware24.5 VirtualBox24.6 Packer24.7 Vagrant24.8 Recommended reading
25.1 Background and core concepts25.2 Docker: the open source container engine25.3 Containers in practice25.4 Container clustering and management25.5 Recommended reading
26.1 CI/CD essentials26.2 Pipelines26.3 Jenkins: the open source automation server26.4 CI/CD in practice26.5 Containers and CI/CD26.6 Recommended reading
27.1 Elements of security27.2 How security is compromised27.3 Basic security measures27.4 Passwords and user accounts27.5 Security power tools27.6 Cryptography primer27.7 SSH, the Secure SHell27.8 Firewalls27.9 Virtual private networks (VPNs)27.10 Certifications and standards27.11 Sources of security information27.12 When your site has been attacked27.13 Recommended reading
28.1 An overview of monitoring28.2 The monitoring culture28.3 The monitoring platforms28.4 Data collection28.5 Network monitoring28.6 Systems monitoring28.7 Application monitoring28.8 Security monitoring28.9 SNMP: the Simple Network Management Protocol28.10 Tips and tricks for monitoring28.11 Recommended reading
29.1 Performance tuning philosophy29.2 Ways to improve performance29.3 Factors that affect performance29.4 Stolen CPU cycles29.5 Analysis of performance problems29.6 System performance checkup29.7 Help! My server just got really slow!29.8 Recommended reading
30.1 Racks30.2 Power30.3 Cooling and environment30.4 Data center reliability tiers30.5 Data center security30.6 Tools30.7 Recommended reading
31.1 The grand unified theory: DevOps31.2 Ticketing and task management systems31.3 Local documentation maintenance31.4 Environment separation31.5 Disaster management31.6 IT policies and procedures31.7 Service level agreements31.8 Compliance: regulations and standards31.9 Legal issues31.10 Organizations, conferences, and other resources31.11 Recommended reading

Content preview from UNIX and Linux System Administration Handbook, 5th Edition

3	Access Control and Rootly Powers

This chapter is about “access control,” as opposed to “security,” by which we mean that it focuses on the mechanical details of how the kernel and its delegates make security-related decisions. Chapter 27, Security, addresses the more general question of how to set up a system or network to minimize the chance of unwelcome access by intruders.

Access control is an area of active research, and it has long been one of the major challenges of operating system design. Over the last decade, UNIX and Linux have seen a Cambrian explosion of new options in this domain. A primary driver of this surge ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Mastering Linux Security and Hardening - Second Edition

Publisher Resources

ISBN: 9780134278308

UNIX and Linux System Administration Handbook, 5th Edition

by Trent R. Hein, Evi Nemeth, Garth Snyder, Ben Whaley, Dan Mackin

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Mastering Linux Security and Hardening - Second Edition

Linux Basics for Hackers

Linux Fundamentals

Linux Fundamentals, 2nd Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Mastering Linux Security and Hardening - Second Edition

Linux Basics for Hackers

Linux Fundamentals

Linux Fundamentals, 2nd Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.