Linux系统管理技术手册(第二版)(英文版)
Linux系统管理技术手册(第二版)(英文版)
ISBN: 9787115164810
出版社: 人民邮电出版社
出版年: 2007-10
页数: 1001
定价: 128.00元
装帧: 平装
内容简介
《Linux系统管理技术手册(第2版)(英文版)》(LAHv2)延续了该书第一版(LAH)以及《UNlX系统管理技术手册》(LISAFl)的讲解风格,以当前主流的5种Linux发行版本(Red Hat ES、SuSE、Debian、Fedora Core和Ubuntu)为例,把Linu×系统管理技术分为三个方面分别介绍。第一部分“基本管理技术”全面介绍了运行单机Linux系统涉及的各种管理知识和技术,如系统引导和关机、进程控制、文件系统管理、用户管理、设备管理、系统备份、软件配置以及cron和系统日志的管理使用等。第二部分“网络管理技术”从详细讲解TCP/IP协议基本原理开始,深入讨论了网络的两大基本应用——域名系统和路由技术,然后逐章讲解Linux上的各种Intemet关键应用,如电子邮件、NFS、文件共享、Web托管和Intemet服务,在这部分里还有专门的章节介绍网络硬件、网络管理与调试以及系统安全。第三部分“其他管理技术”包括了多种不容忽视的重要主题:X Wi rldow系统、打印系统、系统维护与环境、性能分析、与Wit‘idows系统的协作、串行设备、操作系统驱动程序和内核、系统守护进程以及政策与行政管理方面的知识等。《Linux系统管理技术手册(第2版)(英文版)》的几位作者是分别来自学术界、企业界以及职业培训领域的Li nLJx/LJNIx系统管理专家,这使得《Linux系统管理技术手册(第2版)(英文版)》从第1版开始,即成为全面、深入而且颇富实用性的Linux系统管理权威参考书。《Linux系统管理技术手册(第2版)(英文版)》适合于从Linux初学者到具有丰富经验的Linux专业技术人员使用。
作者简介
Evi Nemeth已经从科罗拉多大学(University of Colorado)计算机科学系教师的岗位上退休了,但是她仍然在参与CAIDA的网络研究工作,CAIDA是圣地亚哥超级计算中心(San Diego Supercomputer Center)的Internet数据分析协作组织(Cooperative Association for Internet Data Analysis)
Garth Snyder曾经在NeXT和Sun公司工作过,他从斯沃索莫学院(Swarthmore College)获得了电机工程专业的学位,并且在罗彻斯特大学(University of Rochester)取得MD和MBA学位。
Trent R. Hein(trent@atrust.com)是Applied Trust Engineering公司的创办人之一,这是一家提供网络基础设施的安全和性能咨询服务的公司。Trent从科罗拉多大学(University of Colorado)获得了计算机科学专业学士学位。
目录
SECTION ONE: BASIC ADMINISRATIONCHAPTER 1 WHERE TO START 3 Suggested background 4 Linux’s relationship to UNIX 4 Linux in historical context 5 Linux distributions 6 So what’s the best distribution? 8 Distribution-specific administration tools 9 Notation and typographical conventions 9 System-specific information 10 Where to go for information 11 Organization of the man pages 12 man: read manual pages 13 Other sources of Linux information 13 How to find and install software 14 Essential tasks of the system administrator 16 Adding, removing, and managing user accounts 16 Adding and removing hardware 16 Performing backups 17 Installing and upgrading software 17 Monitoring the system 17 Troubleshooting 17 Maintaining local documentation 17 Vigilantly monitoring security 17 Helping users 18 System administration under duress 18 System Administration Personality Syndrome 18 Recommended reading 19 Exercises 20CHAPTER 2 BOOTING AND SHUTTING DOWN 21 Bootstrapping 21 Automatic and manual booting 22 Steps in the boot process 22 Kernel initialization 23 Hardware configuration 23 Kernel threads 23 Operator intervention (manual boot only) 24 Execution of startup scripts 25 Multiuser operation 25 Booting PCs 25 Using boot loaders: LILO and GRUB 26 GRUB: The GRand Unified Boot loader 26 LILO: The traditional Linux boot loader 28 Kernel options 29 Multibooting on PCs 30 GRUB multiboot configuration 30 LILO multiboot configuration 31 Booting single-user mode 31 Single-user mode with GRUB 32 Single-user mode with LILO 32 Working with startup scripts 32 init and run levels 33 Red Hat and Fedora startup scripts 36 SUSE startup scripts 38 Debian and Ubuntu startup scripts 40 Rebooting and shutting down 40 Turning off the power 41 shutdown: the genteel way to halt the system 41 halt: a simpler way to shut down 42 reboot: quick and dirty restart 42 telinit: change init’s run level 42 poweroff: ask Linux to turn off the power 42 Exercises 43CHAPTER 3 ROOTLY POWERS 44 Ownership of files and processes 44 The superuser 46 Choosing a root password 47 Becoming root 48 su: substitute user identity 48 sudo: a limited su 48 Other pseudo-users 51 bin: legacy owner of system commands 51 daemon: owner of unprivileged system software 51 nobody: the generic NFS user 51 Exercises 52CHAPTER 4 CONTROLLING PROCESSES 53 Components of a process 53 PID: process ID number 54 PPID: parent PID 54 UID and EUID: real and effective user ID 54 GID and EGID: real and effective group ID 55 Niceness 55 Control terminal 56 The life cycle of a process 56 Signals 57 kill and killall: send signals 60 Process states 60 nice and renice: influence scheduling priority 61 ps: monitor processes 62 top: monitor processes even better 65 The /proc filesystem 65 strace: trace signals and system calls 66 Runaway processes 67 Recommended reading 69 Exercises 69CHAPTER 5 THE FILESYSTEM 70 Pathnames 72 Filesystem mounting and unmounting 73 The organization of the file tree 75 File types 76 Regular files 78 The localhost zone 439 A small security company 441 The Internet Systems Consortium, isc.org 444 Starting named 446 Updating zone files 447 Zone transfers 447 Dynamic updates 448 Security issues 451 Access control lists revisited 451 Confining named 453 Secure server-to-server communication with TSIG and TKEY 453 DNSSEC 456 Negative answers 463 Microsoft and DNS 464 Testing and debugging 466 Logging 466 Sample logging configuration 470 Debug levels 471 Debugging with rndc 471 BIND statistics 473 Debugging with dig 473 Lame delegations 475 doc: domain obscenity control 476 Other DNS sanity checking tools 478 Performance issues 478 Distribution specifics 478 Recommended reading 481 Mailing lists and newsgroups 481 Books and other documentation 481 On-line resources 482 The RFCs 482 Exercises 482CHAPTER 16 THE NETWORK FILE SYSTEM 484 General information about NFS 484 NFS protocol versions 484 Choice of transport 485 File locking 486 Disk quotas 486 Cookies and stateless mounting 486 Naming conventions for shared filesystems 487 Security and NFS 487 Root access and the nobody account 488 Server-side NFS 489 The exports file 490 nfsd: serve files 492 Client-side NFS 492 Mounting remote filesystems at boot time 495 Restricting exports to insecure ports 495 nfsstat: dump NFS statistics 495 Dedicated NFS file servers 496 Automatic mounting 497 automount: mount filesystems on demand 497 The master file 498 Map files 499 Executable maps 499 Recommended reading 500 Exercises 501CHAPTER 17 SHARING SYSTEM FILES 502 What to share 503 nscd: cache the results of lookups 504 Copying files around 505 rdist: push files 505 rsync: transfer files more securely 508 Pulling files 510 NIS: the Network Information Service 511 Understanding how NIS works 512 Weighing advantages and disadvantages of NIS 514 Prioritizing sources of administrative information 515 Using netgroups 517 Setting up an NIS domain 517 Setting access control options in /etc/ypserv.conf 519 Configuring NIS clients 519 NIS details by distribution 520 LDAP: the Lightweight Directory Access Protocol 520 The structure of LDAP data 521 The point of LDAP 522 LDAP documentation and specifications 523 OpenLDAP: LDAP for Linux 523 NIS replacement by LDAP 525 LDAP and security 526 Recommended reading 526 Exercises 527CHAPTER 18 ELECTRONIC MAIL 528 Mail systems 530 User agents 531 Transport agents 532 Delivery agents 532 Message stores 533 Access agents 533 Mail submission agents 533 The anatomy of a mail message 534 Mail addressing 535 Mail header interpretation 535 Mail philosophy 539 Using mail servers 540 Using mail homes 542 Using IMAP or POP 542 Mail aliases 544 Getting mailing lists from files 546 Mailing to files 547 Mailing to programs 547 Aliasing by example 548 Forwarding mail 549 The hashed alias database 551 Mailing lists and list wrangling software 551 Software packages for maintaining mailing lists 551 LDAP: the Lightweight Directory Access Protocol 555 sendmail: ringmaster of the electronic mail circus 557 Versions of sendmail 557 sendmail installation from sendmail.org 559 sendmail installation on Debian and Ubuntu systems 561 The switch file 562 Modes of operation 562 The mail queue 563 sendmail configuration 565 Using the m4 preprocessor 566 The sendmail configuration pieces 567 Building a configuration file from a sample .mc file 568 Changing the sendmail configuration 569 Basic sendmail configuration primitives 570 The VERSIONID macro 570 The OSTYPE macro 570 The DOMAIN macro 572 The MAILER macro 573 Fancier sendmail configuration primitives 574 The FEATURE macro 574 The use_cw_file feature 574 The redirect feature 575 The always_add_domain feature 575 The nocanonify feature 576 Tables and databases 576 The mailertable feature 578 The genericstable feature 579 The virtusertable feature 579 The ldap_routing feature 580 Masquerading and the MASQUERADE_AS macro 581 The MAIL_HUB and SMART_HOST macros 583 Masquerading and routing 583 The nullclient feature 584 The local_lmtp and smrsh features 585 The local_procmail feature 585 The LOCAL_* macros 586 Configuration options 586 Spam-related features in sendmail 588 Relaying 589 The access database 591 User or site blacklisting 594 Header checking 595 Rate and connection limits 596 Slamming 597 Miltering: mail filtering 597 Spam handling 598 SpamAssassin 598 SPF and Sender ID 599 Configuration file case study 599 Client machines at sendmail.com 599 Master machine at sendmail.com 600 Security and sendmail 603 Ownerships 603 Permissions 604 Safer mail to files and programs 605 Privacy options 606 Running a chrooted sendmail (for the truly paranoid) 607 Denial of service attacks 608 Forgeries 608 Message privacy 610 SASL: the Simple Authentication and Security Layer 610 sendmail performance 611 Delivery modes 611 Queue groups and envelope splitting 611 Queue runners 613 Load average controls 613 Undeliverable messages in the queue 613 Kernel tuning 614 sendmail statistics, testing, and debugging 615 Testing and debugging 616 Verbose delivery 617 Talking in SMTP 618 Queue monitoring 619 Logging 619 The Exim Mail System 621 History 621 Exim on Linux 621 Exim configuration 622 Exim/sendmail similarities 622 Postfix 623 Postfix architecture 623 Receiving mail 624 The queue manager 624 Sending mail 625 Security 625 Postfix commands and documentation 625 Configuring Postfix 626 What to put in main.cf 626 Basic settings 626 Using postconf 627 Lookup tables 627 Local delivery 629 Virtual domains 630 Virtual alias domains 630 Virtual mailbox domains 631 Access control 632 Access tables 633 Authentication of clients 634 Fighting spam and viruses 634 Black hole lists 635 SpamAssassin and procmail 636 Policy daemons 636 Content filtering 636 Debugging 637 Looking at the queue 638 Soft-bouncing 638 Testing access control 638 Recommended reading 639 Exercises 640CHAPTER 19 NETWORK MANAGEMENT AND DEBUGGING 643 Network troubleshooting 644 ping: check to see if a host is alive 645 traceroute: trace IP packets 647 netstat: get network statistics 649 Inspecting interface configuration information 649 Monitoring the status of network connections 651 Identifying listening network services 652 Examining the routing table 652 Viewing operational statistics for network protocols 653 sar: inspect live interface activity 654 Packet sniffers 655 tcpdump: king of sniffers 656 Wireshark: visual sniffer 657 Network management protocols 657 SNMP: the Simple Network Management Protocol 659 SNMP organization 659 SNMP protocol operations 660 RMON: remote monitoring MIB 661 The NET-SMNP agent 661 Network management applications 662 The NET-SNMP tools 663 SNMP data collection and graphing 664 Nagios: event-based SNMP and service monitoring 665 Commercial management platforms 666 Recommended reading 667 Exercises 668CHAPTER 20 SECURITY 669 Is Linux secure? 670 How security is compromised 671 Social engineering 671 Software vulnerabilities 672 Configuration errors 673 Certifications and standards 673 Certifications 674 Standards 675 Security tips and philosophy 676 Packet filtering 677 Unnecessary services 677 Software patches 677 Backups 677 Passwords 677Vigilance 677 General philosophy 678 Security problems in /etc/passwd and /etc/shadow 678 Password checking and selection 679 Password aging 680 Group logins and shared logins 680 User shells 680 Rootly entries 681 PAM: cooking spray or authentication wonder? 681 POSIX capabilities 683 Setuid programs 683 Important file permissions 684 Miscellaneous security issues 685 Remote event logging 685 Secure terminals 685 /etc/hosts.equiv and ~/.rhosts 685 Security and NIS 685 Security and NFS 686 Security and sendmail 686 Security and backups 686 Viruses and worms 686 Trojan horses 687 Rootkits 688 Security power tools 688 Nmap: scan network ports 688 Nessus: next generation network scanner 690 John the Ripper: find insecure passwords 690 hosts_access: host access control 691 Samhain: host-based intrusion detection 692 Security-Enhanced Linux (SELinux) 693 Cryptographic security tools 694 Kerberos: a unified approach to network security 695 PGP: Pretty Good Privacy 696 SSH: the secure shell 697 One-time passwords 698 Stunnel 699 Firewalls 701 Packet-filtering firewalls 701 How services are filtered 702 Service proxy firewalls 703 Stateful inspection firewalls 703 Firewalls: how safe are they? 704 Linux firewall features: IP tables 704 Virtual private networks (VPNs) 708 IPsec tunnels 709 All I need is a VPN, right? 710 Hardened Linux distributions 710 What to do when your site has been attacked 710 Sources of security information 712 CERT: a registered service mark of Carnegie Mellon University 712 SecurityFocus.com and the BugTraq mailing list 713 Crypto-Gram newsletter 713 SANS: the System Administration, Networking, and Security Institute 713 Distribution-specific security resources 713 Other mailing lists and web sites 714 Recommended reading 715 Exercises 716CHAPTER 21 WEB HOSTING AND INTERNET SERVERS 719 Web hosting basics 720 Uniform resource locators 720 How HTTP works 720 Content generation on the fly 722 Load balancing 722 HTTP server installation 724 Choosing a server 724 Installing Apache 724 Configuring Apache 726 Running Apache 726 Analyzing log files 727 Optimizing for high-performance hosting of static content 727 Virtual interfaces 727 Using name-based virtual hosts 728 Configuring virtual interfaces 728 Telling Apache about virtual interfaces 729 The Secure Sockets Layer (SSL) 730 Generating a certificate signing request 731 Configuring Apache to use SSL 732 Caching and proxy servers 733 The Squid cache and proxy server 733 Setting up Squid 734 Anonymous FTP server setup 734 Exercises 736SECTION THREE: BUNCH O' STUFFCHAPTER 22 THE X WINDOW SYSTEM 741 The X display manager 743 Running an X application 744 The DISPLAY environment variable 744 Client authentication 745 X connection forwarding with SSH 747 X server configuration 748 Device sections 750 Monitor sections 750 Screen sections 751 InputDevice sections 752 ServerLayout sections 753 Troubleshooting and debugging 754 Special keyboard combinations for X 754 When good X servers go bad 755 A brief note on desktop environments 757 KDE 758 GNOME 758 Which is better, GNOME or KDE? 759 Recommended Reading 759 Exercises 759CHAPTER 23 PRINTING 761 Printers are complicated 762 Printer languages 763 PostScript 763 PCL 763 PDF 764 XHTML 764 PJL 765 Printer drivers and their handling of PDLs 765 CUPS architecture 767 Document printing 767 Print queue viewing and manipulation 767 Multiple printers 768 Printer instances 768 Network printing 768 The CUPS underlying protocol: HTTP 769 PPD files 770 Filters 771 CUPS server administration 772 Network print server setup 773 Printer autoconfiguration 774 Network printer configuration 774 Printer configuration examples 775 Printer class setup 775 Service shutoff 776 Other configuration tasks 777 Paper sizes 777 Compatibility commands 778 Common printing software 779 CUPS documentation 780 Troubleshooting tips 780 CUPS logging 781 Problems with direct printing 781 Network printing problems 781 Distribution-specific problems 782 Printer practicalities 782 Printer selection 782 GDI printers 783 Double-sided printing 783 Other printer accessories 783 Serial and parallel printers 784 Network printers 784 Other printer advice 784 Use banner pages only if you have to 784 Provide recycling bins 785 Use previewers 785 Buy cheap printers 785 Keep extra toner cartridges on hand 786 Pay attention to the cost per page 786 Consider printer accounting 787 Secure your printers 787 Printing under KDE 788 kprinter: printing documents 789 Konqueror and printing 789 Recommended reading 790 Exercises 790CHAPTER 24 MAINTENANCE AND ENVIRONMENT 791 Hardware maintenance basics 791 Maintenance contracts 792 On-site maintenance 792 Board swap maintenance 792 Warranties 793 Electronics-handling lore 793 Static electricity 793 Reseating boards 794 Monitors 794 Memory modules 794 Preventive maintenance 795 Environment 796 Temperature 796 Humidity 796 Office cooling 796 Machine room cooling 797 Temperature monitoring 798 Power 798 Racks 799 Data center standards 800 Tools 800 Recommended reading 800 Exercises 802CHAPTER 25 PERFORMANCE ANALYSIS 803 What you can do to improve performance 804 Factors that affect performance 806 System performance checkup 807 Analyzing CPU usage 807 How Linux manages memory 809 Analyzing memory usage 811 Analyzing disk I/O 813 Choosing an I/O scheduler 815 sar: Collect and report statistics over time 816 oprofile: Comprehensive profiler 817 Help! My system just got really slow! 817 Recommended reading 819 Exercises 819CHAPTER 26 COOPERATING WITH WINDOWS 821 Logging in to a Linux system from Windows 821 Accessing remote desktops 822 Running an X server on a Windows computer 823 VNC: Virtual Network Computing 824 Windows RDP: Remote Desktop Protocol 824 Running Windows and Windows-like applications 825 Dual booting, or why you shouldn’t 826 The OpenOffice.org alternative 826 Using command-line tools with Windows 826 Windows compliance with email and web standards 827 Sharing files with Samba and CIFS 828 Samba: CIFS server for UNIX 828 Samba installation 829 Filename encoding 830 Network Neighborhood browsing 831 User authentication 832 Basic file sharing 833 Group shares 833 Transparent redirection with MS DFS 834 smbclient: a simple CIFS client 835 The smbfs filesystem 835 Sharing printers with Samba 836 Installing a printer driver from Windows 838 Installing a printer driver from the command line 839 Debugging Samba 840 Recommended reading 841 Exercises 842CHAPTER 27 SERIAL DEVICES 843 The RS-232C standard 844 Alternative connectors 847 The mini DIN-8 variant 847 The DB-9 variant 848 The RJ-45 variant 849 The Yost standard for RJ-45 wiring 850 Hard and soft carrier 852 Hardware flow control 852 Cable length 853 Serial device files 853 setserial: set serial port parameters 854 Software configuration for serial devices 855 Configuration of hardwired terminals 855 The login process 855 The /etc/inittab file 856 Terminal support: the termcap and terminfo databases 858 Special characters and the terminal driver 859 stty: set terminal options 860 tset: set options automatically 861 Directories 78 Character and block device files 79 Local domain sockets 80 Named pipes 80 Symbolic links 80 File attributes 81 The permission bits 81 The setuid and setgid bits 82 The sticky bit 82 Viewing file attributes 82 chmod: change permissions 84 chown: change ownership and group 86 umask: assign default permissions 86 Bonus flags 87 Access control lists 88 ACL overview 88 Default entries 91 Exercises 92CHAPTER 6 ADDING NEW USERS 93 The /etc/passwd file 93 Login name 94 Encrypted password 96 UID (user ID) number 96 Default GID number 97 GECOS field 98 Home directory 98 Login shell 98 The /etc/shadow file 99 The /etc/group file 101 Adding users 102 Editing the passwd and shadow files 103 Editing the /etc/group file 104 Setting an initial password 104 Creating the user’s home directory 105 Copying in the default startup files 105 Setting the user’s mail home 106 Verifying the new login 106 Recording the user’s status and contact information 107 Removing users 107 Disabling logins 108 Managing accounts 108 Exercises 110CHAPTER 7 ADDING A DISK 111 Disk interfaces 111 The PATA interface 112 The SATA interface 114 The SCSI interface 114 Which is better, SCSI or IDE? 118 Disk geometry 119 Linux filesystems 120 Terminal unwedging 862 Modems 862 Modulation, error correction, and data compression protocols 863 minicom: dial out 864 Bidirectional modems 864 Debugging a serial line 864 Other common I/O ports 865 USB: the Universal Serial Bus 865 Exercises 866CHAPTER 28 DRIVERS AND THE KERNEL 868 Kernel adaptation 869 Drivers and device files 870 Device files and device numbers 870 Creating device files 871 sysfs: a window into the souls of devices 872 Naming conventions for devices 872 Why and how to configure the kernel 873 Tuning Linux kernel parameters 874 Building a Linux kernel 876 If it ain’t broke, don’t fix it 876 Configuring kernel options 876 Building the kernel binary 878 Adding a Linux device driver 878 Device awareness 880 Loadable kernel modules 880 Hot-plugging 882 Setting bootstrap options 883 Recommended reading 884 Exercises 884CHAPTER 29 DAEMONS 885 init: the primordial process 886 cron and atd: schedule commands 887 xinetd and inetd: manage daemons 887 Configuring xinetd 888 Configuring inetd 890 The services file 892 portmap: map RPC services to TCP and UDP ports 893 Kernel daemons 893 klogd: read kernel messages 894 Printing daemons 894 cupsd: scheduler for the Common UNIX Printing System 894 lpd: manage printing 894 File service daemons 895 rpc.nfsd: serve files 895 rpc.mountd: respond to mount requests 895 amd and automount: mount filesystems on demand 895 rpc.lockd and rpc.statd: manage NFS locks 895 rpciod: cache NFS blocks 896 rpc.rquotad: serve remote quotas 896 smbd: provide file and printing service to Windows clients 896 nmbd: NetBIOS name server 896 Administrative database daemons 896 ypbind: locate NIS servers 896 ypserv: NIS server 896 rpc.ypxfrd: transfer NIS databases 896 lwresd: lightweight resolver library server 897 nscd: name service cache daemon 897 Electronic mail daemons 897 sendmail: transport electronic mail 897 smtpd: Simple Mail Transport Protocol daemon 897 popd: basic mailbox server 897 imapd: deluxe mailbox server 897 Remote login and command execution daemons 898 sshd: secure remote login server 898 in.rlogind: obsolete remote login server 898 in.telnetd: yet another remote login server 898 in.rshd: remote command execution server 898 Booting and configuration daemons 898 dhcpd: dynamic address assignment 899 in.tftpd: trivial file transfer server 899 rpc.bootparamd: advanced diskless life support 899 hald: hardware abstraction layer (HAL) daemon 899 udevd: serialize device connection notices 899 Other network daemons 900 talkd: network chat service 900 snmpd: provide remote network management service 900 ftpd: file transfer server 900 rsyncd: synchronize files among multiple hosts 900 routed: maintain routing tables 900 gated: maintain complicated routing tables 901 named: DNS server 901 syslogd: process log messages 901 in.fingerd: look up users 901 httpd: World Wide Web server 901 ntpd: time synchronization daemon 902 Exercises 903CHAPTER 30 MANAGEMENT, POLICY, AND POLITICS 904 Make everyone happy 904 Components of a functional IT organization 906 The role of management 907 Leadership 907 Hiring, firing, and personnel management 908 Assigning and tracking tasks 911 Managing upper management 913 Conflict resolution 913 The role of administration 915 Sales 915 Purchasing 916 Accounting 917 Personnel 917 Marketing 918 Miscellaneous administrative chores 919 The role of development 919 Architectural principles 920 Anatomy of a management system 922 The system administrator’s tool box 922 Software engineering principles 923 The role of operations 924 Aim for minimal downtime 925 Document dependencies 925 Repurpose or eliminate older hardware 926 The work of support 927 Availability 927 Scope of service 927 Skill sets 929 Time management 930 Documentation 930 Standardized documentation 931 Hardware labeling 933 User documentation 934 Request-tracking and trouble-reporting systems 934 Common functions of trouble ticket systems 935 User acceptance of ticketing systems 935 Ticketing systems 936 Ticket dispatching 937 Disaster recovery 938 Backups and off-line information 939 Staffing your disaster 939 Power and HVAC 940 Network redundancy 941 Security incidents 941 Second-hand stories from the World Trade Center 942 Written policy 943 Security policies 945 User policy agreements 946 Sysadmin policy agreements 948 Legal Issues 949 Encryption 949 Copyright 950 Privacy 951 Click-through EULAs 953 Policy enforcement 953 Control = liability 954 Software licenses 955 Regulatory compliance 956 Software patents 957 Standards 958 LSB: the Linux Standard Base 959 POSIX 959 ITIL: the Information Technology Interface Library 960 COBIT: Control Objectives for Information and related Technology 960 Linux culture 961 Mainstream Linux 962 Organizations, conferences, and other resources 964 Conferences and trade shows 965 LPI: the Linux Professional Institute 967 Mailing lists and web resources 967 Sysadmin surveys 968 Recommended Reading 968 Infrastructure 968 Management 969 Policy and security 969 Legal issues, patents, and privacy 969 General industry news 970 Exercises 970INDEX 973ABOUT THE CONTRIBUTORS 999ABOUT THE AUTHORS 1001 Ext2fs and ext3fs 120 ReiserFS 121 XFS and JFS 122 An overview of the disk installation procedure 122 Connecting the disk 122 Formatting the disk 123 Labeling and partitioning the disk 124 Creating filesystems within disk partitions 125 Mounting the filesystems 126 Setting up automatic mounting 127 Enabling swapping 129 hdparm: set IDE interface parameters 129 fsck: check and repair filesystems 131 Adding a disk: a step-by-step guide 133 Advanced disk management: RAID and LVM 138 Linux software RAID 139 Logical volume management 139 An example configuration with LVM and RAID 140 Dealing with a failed disk 144 Reallocating storage space 146 Mounting USB drives 147 Exercises 148CHAPTER 8 PERIODIC PROCESSES 150 cron: schedule commands 150 The format of crontab files 151 Crontab management 153 Some common uses for cron 154 Cleaning the filesystem 154 Network distribution of configuration files 155 Rotating log files 156 Other schedulers: anacron and fcron 156 Exercises 157CHAPTER 9 BACKUPS 158 Motherhood and apple pie 159 Perform all dumps from one machine 159 Label your media 159 Pick a reasonable backup interval 159 Choose filesystems carefully 160 Make daily dumps fit on one piece of media 160 Make filesystems smaller than your dump device 161 Keep media off-site 161 Protect your backups 161 Limit activity during dumps 162 Verify your media 162 Develop a media life cycle 163 Design your data for backups 163 Prepare for the worst 163 Backup devices and media 163 Optical media: CD-R/RW, DVD±R/RW, and DVD-RAM 164 Removable hard disks (USB and FireWire) 165 Small tape drives: 8mm and DDS/DAT 166 DLT/S-DLT 166 AIT and SAIT 166 VXA/VXA-X 167 LTO 167 Jukeboxes, stackers, and tape libraries 167 Hard disks 168 Summary of media types 168 What to buy 168 Setting up an incremental backup regime with dump 169 Dumping filesystems 169 Dump sequences 171 Restoring from dumps with restore 173 Restoring individual files 173 Restoring entire filesystems 175 Dumping and restoring for upgrades 176 Using other archiving programs 177 tar: package files 177 cpio: archiving utility from ancient times 178 dd: twiddle bits 178 Using multiple files on a single tape 178 Bacula 179 The Bacula model 180 Setting up Bacula 181 Installing the database and Bacula daemons 181 Configuring the Bacula daemons 182 bacula-dir.conf: director configuration 183 bacula-sd.conf: storage daemon configuration 187 bconsole.conf: console configuration 188 Installing and configuring the client file daemon 188 Starting the Bacula daemons 189 Adding media to pools 190 Running a manual backup 190 Running a restore job 192 Monitoring and debugging Bacula configurations 195 Alternatives to Bacula 197 Commercial backup products 197 ADSM/TSM 197 Veritas 198 Other alternatives 198 Recommended reading 198 Exercises 198CHAPTER 10 SYSLOG AND LOG FILES 201 Logging policies 201 Throwing away log files 201 Rotating log files 202 Archiving log files 204 Linux log files 204 Special log files 206 Kernel and boot-time logging 206 logrotate: manage log files 208 Syslog: the system event logger 209 Alternatives to syslog 209 Syslog architecture 210 Configuring syslogd 210 Designing a logging scheme for your site 214 Config file examples 214 Sample syslog output 216 Software that uses syslog 217 Debugging syslog 217 Using syslog from programs 218 Condensing log files to useful information 220 Exercises 222CHAPTER 11 SOFTWARE AND CONFIGURATION MANAGEMENT 223 Basic Linux installation 223 Netbooting PCs 224 Setting up PXE for Linux 225 Netbooting non-PCs 226Kickstart: the automated installer for Enterprise Linux and Fedora 226 AutoYaST: SUSE’s automated installation tool 230 The Debian and Ubuntu installer 231 Installing from a master system 232 Diskless clients 232 Package management 234 Available package management systems 235 rpm: manage RPM packages 235 dpkg: manage Debian-style packages 237 High-level package management systems 237 Package repositories 239 RHN: the Red Hat Network 240 APT: the Advanced Package Tool 241 Configuring apt-get 242 An example /etc/apt/sources.list file 243 Using proxies to make apt-get scale 244 Setting up an internal APT server 244 Automating apt-get 245 yum: release management for RPM 246 Revision control 247 Backup file creation 247 Formal revision control systems 248 RCS: the Revision Control System 249 CVS: the Concurrent Versions System 251 Subversion: CVS done right 253 Localization and configuration 255 Organizing your localization 256 Testing 257 Local compilation 258 Distributing localizations 259 Resolving scheduling issues 260 Configuration management tools 260 cfengine: computer immune system 260 LCFG: a large-scale configuration system 261 The Arusha Project (ARK) 261 Template Tree 2: cfengine helper 262 DMTF/CIM: the Common Information Model 262 Sharing software over NFS 263 Package namespaces 264 Dependency management 265 Wrapper scripts 265 Implementation tools 266 Recommended software 266 Recommended reading 268 Exercises 268SECTION TWO: NETWORKINGCHAPTER 12 TCP/IP NETWORKING 271 TCP/IP and the Internet 272 A brief history lesson 272 How the Internet is managed today 273 Network standards and documentation 274 Networking road map 275 Packets and encapsulation 276 The link layer 277 Packet addressing 279 Ports 281 Address types 281 IP addresses: the gory details 282 IP address classes 282 Subnetting and netmasks 282 The IP address crisis 285 CIDR: Classless Inter-Domain Routing 287 Address allocation 288 Private addresses and NAT 289 IPv6 addressing 291 Routing 293 Routing tables 294 ICMP redirects 295 ARP: the address resolution protocol 296 Addition of a machine to a network 297 Hostname and IP address assignment 298 ifconfig: configure network interfaces 299 mii-tool: configure autonegotiation and other media-specific options 302 route: configure static routes 303 Default routes 305 DNS configuration 306 The Linux networking stack 307 Distribution-specific network configuration 307 Network configuration for Red Hat and Fedora 308 Network configuration for SUSE 309 Network configuration for Debian and Ubuntu 310 DHCP: the Dynamic Host Configuration Protocol 311 DHCP software 312 How DHCP works 312 ISC’s DHCP server 313 Dynamic reconfiguration and tuning 314 Security issues 316 IP forwarding 316 ICMP redirects 317 Source routing 317 Broadcast pings and other forms of directed broadcast 317 IP spoofing 317 Host-based firewalls 318 Virtual private networks 318 Security-related kernel variables 319 Linux NAT 319 PPP: the Point-to-Point Protocol 320Addressing PPP performance issues 321 Connecting to a network with PPP 321 Making your host speak PPP 321 Controlling PPP links 321 Assigning an address 322 Routing 322 Ensuring security 323 Using chat scripts 323 Configuring Linux PPP 323 Linux networking quirks 330 Recommended reading 331 Exercises 332CHAPTER 13 ROUTING 334 Packet forwarding: a closer look 335 Routing daemons and routing protocols 337 Distance-vector protocols 338 Link-state protocols 339 Cost metrics 340 Interior and exterior protocols 340 Protocols on parade 341 RIP: Routing Information Protocol 341 RIP-2: Routing Information Protocol, version 2 341 OSPF: Open Shortest Path First 342 IGRP and EIGRP: Interior Gateway Routing Protocol 342 IS-IS: the ISO “standard” 343 MOSPF, DVMRP, and PIM: multicast routing protocols 343 Router Discovery Protocol 343 routed: RIP yourself a new hole 343 gated: gone to the dark side 344 Routing strategy selection criteria 344 Cisco routers 346 Recommended reading 348 Exercises 349CHAPTER 14 NETWORK HARDWARE 350 LAN, WAN, or MAN? 351 Ethernet: the common LAN 351 How Ethernet works 351 Ethernet topology 352 Unshielded twisted pair 353 Connecting and expanding Ethernets 355 Wireless: nomad’s LAN 359 Wireless security 360 Wireless switches 360 FDDI: the disappointing, expensive, and outdated LAN 361 ATM: the promised (but sorely defeated) LAN 362 Frame relay: the sacrificial WAN 363 ISDN: the indigenous WAN 364 DSL and cable modems: the people’s WAN 364 Where is the network going? 365 Network testing and debugging 366 Building wiring 366 UTP cabling options 366 Connections to offices 367 Wiring standards 367 Network design issues 368 Network architecture vs building architecture 368 Existing networks 369 Expansion 369 Congestion 369 Maintenance and documentation 370 Management issues 370 Recommended vendors 371 Cables and connectors 371 Test equipment 371 Routers/switches 372 Recommended reading 372 Exercises 372CHAPTER 15 DNS: THE DOMAIN NAME SYSTEM 373 DNS for the impatient: adding a new machine 374 The history of DNS 375 BIND implementations 376 Other implementations of DNS 376 Who needs DNS? 377 The DNS namespace 378 Masters of their domains 381 Selecting a domain name 382 Domain bloat 382 Registering a second-level domain name 383 Creating your own subdomains 383 How DNS works 383 Delegation 383 Caching and efficiency 384 The extended DNS protocol 386 What’s new in DNS 386 The DNS database 389 Resource records 389 The SOA record 392 NS records 395 A records 396 PTR records 396 MX records 397 CNAME records 399 The CNAME hack 400 LOC records 401 SRV records 402 TXT records 403 IPv6 resource records 404 IPv6 forward records 404 IPv6 reverse records 405 Security-related records 405 Commands in zone files 405 Glue records: links between zones 407 The BIND software 409 Versions of BIND 410 Finding out what version you have 410 Components of BIND 411 named: the BIND name server 412 Authoritative and caching-only servers 412 Recursive and nonrecursive servers 413 The resolver library 414 Shell interfaces to DNS 415 Designing your DNS environment 415 Namespace management 415 Authoritative servers 416 Caching servers 417 Security 417 Summing up 418 A taxonomy of DNS/BIND chores 418 BIND client issues 418 Resolver configuration 418 Resolver testing 420 Impact on the rest of the system 420 BIND server configuration 420 Hardware requirements 421 Configuration files 421 The include statement 423 The options statement 423 The acl statement 429 The key statement 430 The trusted-keys statement 430 The server statement 431 The masters statement 432 The logging statement 432 The zone statement 432 The controls statement 436 Split DNS and the view statement 438 BIND configuration examples 439