Previous Chapter

Contents at a Glance

Contents

Acknowledgments

Introduction

Part I: Getting Started

Chapter 1: Starting with Linux

Understanding What Linux Is

Understanding How Linux Differs from Other Operating Systems

Exploring Linux History

Free-flowing UNIX culture at Bell Labs

Commercialized UNIX

Berkeley Software Distribution arrives

UNIX Laboratory and commercialization

GNU transitions UNIX to freedom

BSD loses some steam

Linus builds the missing piece

OSI open source definition

Understanding How Linux Distributions Emerged

Choosing a Red Hat distribution

Using Red Hat Enterprise Linux

Choosing Ubuntu or another Debian distribution

Finding Professional Opportunities with Linux Today

Understanding how companies make money with Linux

Becoming Red Hat certified

Chapter 2: Creating the Perfect Linux Desktop

Understanding Linux Desktop Technology

Starting with the Fedora GNOME Desktop Live image

Using the GNOME 3 Desktop

After the computer boots up

Navigating with the mouse

Navigating with the keyboard

Setting up the GNOME 3 desktop

Extending the GNOME 3 desktop

Using GNOME shell extensions

Using the GNOME Tweak Tool

Starting with desktop applications

Managing files and folders with Nautilus

Installing and managing additional software

Playing music with Rhythmbox

Stopping the GNOME 3 desktop

Using the GNOME 2 Desktop

Using the Metacity window manager

Changing GNOME's appearance

Using the GNOME panels

Using the Applications and System menus

Adding an applet

Adding another panel

Adding an application launcher

Adding a drawer

Changing panel properties

Adding 3D effects with AIGLX

Part II: Becoming a Linux Power User

Chapter 3: Using the Shell

About Shells and Terminal Windows

Using the shell prompt

Using a terminal window

Using virtual consoles

Choosing Your Shell

Running Commands

Understanding command syntax

Locating commands

Recalling Commands Using Command History

Command-line editing

Command-line completion

Command-line recall

Connecting and Expanding Commands

Piping between commands

Sequential commands

Background commands

Expanding commands

Expanding arithmetic expressions

Expanding variables

Using Shell Variables

Creating and using aliases

Exiting the shell

Creating Your Shell Environment

Configuring your shell

Setting your prompt

Adding environment variables

Getting Information about Commands

Chapter 4: Moving around the Filesystem

Using Basic Filesystem Commands

Using Metacharacters and Operators

Using file-matching metacharacters

Using file-redirection metacharacters

Using brace expansion characters

Listing Files and Directories

Understanding File Permissions and Ownership

Changing permissions with chmod (numbers)

Changing permissions with chmod (letters)

Setting default file permission with umask

Changing file ownership

Moving, Copying, and Removing Files

Chapter 5: Working with Text Files

Editing Files with vim and vi

Starting with vi

Moving around in the text

Deleting, copying, and changing text

Pasting (putting) text

Repeating commands

Skipping around in the file

Searching for text

Learning more about vi and vim

Using locate to find files by name

Searching for files with find

Finding files by name

Finding files by size

Finding files by user

Finding files by permission

Finding files by date and time

Using ‘not’ and ‘or’ when finding files

Finding files and executing commands

Searching in files with grep

Chapter 6: Managing Running Processes

Understanding Processes

Listing Processes

Listing processes with ps

Listing and changing processes with top

Listing processes with System Monitor

Managing Background and Foreground Processes

Starting background processes

Using foreground and background commands

Killing and Renicing Processes

Killing processes with kill and killall

Using kill to signal processes by PID

Using killall to signal processes by name

Setting processor priority with nice and renice

Limiting Processes with cgroups

Chapter 7: Writing Simple Shell Scripts

Understanding Shell Scripts

Executing and debugging shell scripts

Understanding shell variables

Special shell positional parameters

Reading in parameters

Parameter expansion in bash

Performing arithmetic in shell scripts

Using programming constructs in shell scripts

The “if...then” statements

The case command

The “for...do” loop

The “while...do” and “until...do” loops

Trying some useful text manipulation programs

The general regular expression parser

Remove sections of lines of text (cut)

Translate or delete characters (tr)

The stream editor (sed)

Using simple shell scripts

Part III: Becoming a Linux System Administrator

Chapter 8: Learning System Administration

Understanding System Administration

Using Graphical Administration Tools

Using system-config-* tools

Using browser-based admin tools

Using the root user account

Becoming root from the shell (su command)

Allowing administrative access via the GUI

Gaining administrative access with sudo

Exploring Administrative Commands, Configuration Files, and Log Files

Administrative commands

Administrative configuration files

Administrative log files and systemd journal

Using journalctl to view the systemd journal

Managing log messages with rsyslogd

Using Other Administrative Accounts

Checking and Configuring Hardware

Checking your hardware

Managing removable hardware

Working with loadable modules

Listing loaded modules

Loading modules

Removing modules

Chapter 9: Installing Linux

Choosing a Computer

Installing Fedora from Live media

Installing Red Hat Enterprise Linux from Installation Media

Understanding Cloud-Based Installations

Installing Linux in the Enterprise

Exploring Common Installation Topics

Upgrading or installing from scratch

Installing Linux to run virtually

Using installation boot options

Boot options for disabling features

Boot options for video problems

Boot options for special installation types

Boot options for kickstarts and remote repositories

Miscellaneous boot options

Using specialized storage

Partitioning hard drives

Understanding different partition types

Reasons for different partitioning schemes

Tips for creating partitions

Using the GRUB boot loader

Using GRUB Legacy (version 1)

Chapter 10: Getting and Managing Software

Managing Software on the Desktop

Going Beyond the Software Window

Understanding Linux RPM and DEB Software Packaging

Understanding DEB packaging

Understanding RPM packaging

What is in an RPM?

Where do RPMs come from?

Installing RPMs

Managing RPM Packages with YUM

Understanding how yum works

1. Checking /etc/yum.conf

2. Checking /etc/sysconfig/rhn/up2date (RHEL only)

3. Checking /etc/yum.repos.d/*.repo files

4. Downloading RPM packages and metadata from a YUM repository

5. RPM packages installed to Linux file system

6. Store YUM repository metadata to local RPM database

Using YUM with third-party software repositories

Managing software with the YUM command

Searching for packages

Installing and removing packages

Updating packages

Updating groups of packages

Maintaining your RPM package database and cache

Downloading RPMs from a yum repository

Installing, Querying, and Verifying Software with the rpm Command

Installing and removing packages with rpm

Querying rpm information

Verifying RPM packages

Managing Software in the Enterprise

Chapter 11: Managing User Accounts

Creating User Accounts

Adding users with useradd

Setting user defaults

Modifying users with usermod

Deleting users with userdel

Understanding Group Accounts

Using group accounts

Creating group accounts

Managing Users in the Enterprise

Setting permissions with Access Control Lists

Setting ACLs with setfacl

Setting default ACLs

Adding directories for users to collaborate

Creating group collaboration directories (set GID bit)

Creating restricted deletion directories (sticky bit)

Centralizing User Accounts

Using the Users window

Using the Authentication Configuration window

Chapter 12: Managing Disks and Filesystems

Understanding Disk Storage

Partitioning Hard Disks

Understanding partition tables

Viewing disk partitions

Creating a single-partition disk

Creating a multiple-partition disk

Using Logical Volume Management Partitions

Checking an existing LVM

Creating LVM logical volumes

Growing LVM logical volumes

Mounting Filesystems

Supported filesystems

Enabling swap areas

Disabling a swap area

Using the fstab file to define mountable file systems

Using the mount command to mount file systems

Mounting a disk image in loopback

Using the umount command

Using the mkfs Command to Create a Filesystem

Part IV: Becoming a Linux Server Administrator

CHAPTER 13: Understanding Server Administration

Starting with Server Administration

Step 1: Install the server

Step 2: Configure the server

Using configuration files

Checking the default configuration

Step 3: Start the server

Step 4: Secure the server

Password protection

Security settings in configuration files

Step 5: Monitor the server

Configure logging

Run system activity reports

Keep system software up to date

Check the filesystem for signs of crackers

Managing Remote Access with the Secure Shell Service

Starting the openssh-server service

Using SSH client tools

Using ssh for remote login

Using ssh for remote execution

Copying files between systems with scp and rsync

Interactive copying with sftp

Using key-based (passwordless) authentication

Configuring System Logging

Enabling system logging with rsyslog

Understanding the rsyslog.conf file

Understanding the messages log file

Setting up and using a loghost with rsyslogd

Watching logs with logwatch

Checking System Resources with sar

Checking System Space

Displaying system space with df

Checking disk usage with du

Finding disk consumption with find

Managing Servers in the Enterprise

Chapter 14: Administering Networking

Configuring Networking for Desktops

Checking your network interfaces

Checking your network from NetworkManager

Checking your network from the command line

Configuring network interfaces

Setting IP addresses manually

Setting IP address aliases

Configuring a network proxy connection

Configuring Networking from the Command Line

Editing a connection

Understanding networking configuration files

Network interface files

Other networking files

Setting alias network interfaces

Setting up Ethernet channel bonding

Setting custom routes

Configuring Networking in the Enterprise

Configuring Linux as a router

Configuring Linux as a DHCP server

Configuring Linux as a DNS server

Configuring Linux as a proxy server

Chapter 15: Starting and Stopping Services

Understanding the Initialization Daemon (init or systemd)

Understanding the classic init daemons

Understanding the Upstart init daemon

Learning Upstart init daemon basics

Learning Upstart's backward compatibility to SysVinit

Understanding systemd initialization

Learning systemd basics

Learning systemd's backward compatibility to SysVinit

Checking the Status of Services

Checking services for SysVinit systems

Checking services for Upstart systems

Checking services for systemd systems

Stopping and Starting Services

Stopping and starting SysVinit services

Stopping and starting Upstart services

Stopping and starting systemd services

Stopping a service with systemd

Starting a service with systemd

Restarting a service with systemd

Reloading a service with systemd

Enabling Persistent Services

Configuring persistent services for SysVinit

Configuring persistent services for Upstart

Configuring persistent services for systemd

Enabling a service with systemd

Disabling a service with systemd

Configuring a Default Runlevel or Target Unit

Configuring the SysVinit default runlevel

Configuring the default runlevel in Upstart

Configuring the default target unit for systemd

Adding New or Customized Services

Adding new services to SysVinit

Step 1: Create a new or customized service script file

Step 2: Add the service script to /etc/rc.d/init.d

Step 3: Add the service to runlevel directories

Adding new services to Upstart

Adding new services to systemd

Step 1: Create a new or customized service configuration unit file

Step 2: Move the service configuration unit file

Step 3: Add the service to the Wants directory

Chapter 16: Configuring a Print Server

Common UNIX Printing System

Setting Up Printers

Adding a printer automatically

Using web-based CUPS administration

Using the Print Settings window

Configuring local printers with the Print Settings window

Configuring remote printers

Adding a remote CUPS printer

Adding a remote UNIX (LDP/LPR) printer

Adding a Windows (SMB) printer

Working with CUPS Printing

Configuring the CUPS server (cupsd.conf)

Starting the CUPS server

Configuring CUPS printer options manually

Using Printing Commands

Printing with lpr

Listing status with lpc

Removing print jobs with lprm

Configuring Print Servers

Configuring a shared CUPS printer

Configuring a shared Samba printer

Understanding smb.conf for printing

Setting up SMB clients

Chapter 17: Configuring a Web Server

Understanding the Apache Web Server

Getting and Installing Your Web Server

Understanding the httpd package

Installing Apache

Starting Apache

Securing Apache

Apache file permissions and ownership

Apache and iptables

Apache and SELinux

Understanding the Apache configuration files

Using directives

Understanding default settings

Adding a virtual host to Apache

Allowing users to publish their own web content

Securing your web traffic with SSL/TLS

Understanding how SSL is configured

Generating an SSL key and self-signed certificate

Generating a certificate signing request

Troubleshooting Your Web Server

Checking for configuration errors

Accessing forbidden and server internal errors

Chapter 18: Configuring an FTP Server

Understanding FTP

Installing the vsftpd FTP Server

Starting the vsftpd Service

Securing Your FTP Server

Opening up your firewall for FTP

Allowing FTP access in TCP wrappers

Configuring SELinux for your FTP server

Relating Linux file permissions to vsftpd

Configuring Your FTP Server

Setting up user access

Allowing uploading

Setting up vsftpd for the Internet

Using FTP Clients to Connect to Your Server

Accessing an FTP server from Firefox

Accessing an FTP server with the lftp command

Using the gFTP client

Chapter 19: Configuring a Windows File Sharing (Samba) Server

Understanding Samba

Installing Samba

Starting and Stopping Samba

Starting the Samba (smb) service

Starting the NetBIOS (nmbd) name server

Stopping the Samba (smb) and NetBIOS (nmb) services

Configuring firewalls for Samba

Configuring SELinux for Samba

Setting SELinux Booleans for Samba

Setting SELinux file contexts for Samba

Configuring Samba host/user permissions

Configuring Samba

Using system-config-samba

Choosing Samba server settings

Configuring Samba user accounts

Creating a Samba shared folder

Checking the Samba share

Configuring Samba in the smb.conf file

Configuring the [global] section

Configuring the [homes] section

Configuring the [printers] section

Creating custom shared directories

Accessing Samba Shares

Accessing Samba shares in Linux

Accessing Samba shares in Windows

Using Samba in the Enterprise

Chapter 20: Configuring an NFS File Server

Installing an NFS Server

Starting the NFS service

Sharing NFS Filesystems

Configuring the /etc/exports file

Hostnames in /etc/exports

Access options in /etc/exports

User mapping options in /etc/exports

Exporting the shared filesystems

Securing Your NFS Server

Opening up your firewall for NFS

Allowing NFS access in TCP wrappers

Configuring SELinux for your NFS server

Using NFS Filesystems

Viewing NFS shares

Manually mounting an NFS filesystem

Mounting an NFS filesystem at boot time

Mounting noauto filesystems

Using mount options

Using autofs to mount NFS filesystems on demand

Automounting to the /net directory

Automounting home directories

Unmounting NFS filesystems

Chapter 21: Troubleshooting Linux

Boot-Up Troubleshooting

Understanding Startup Methods

Starting with System V init scripts

Starting with systemd

Starting with Upstart

Starting from the firmware (BIOS or UEFI)

Troubleshooting BIOS setup

Troubleshooting boot order

Troubleshooting the GRUB boot loader

Starting the kernel

Troubleshooting the initialization system

Troubleshooting System V initialization

Troubleshooting rc.sysinit

Troubleshooting runlevel processes

Troubleshooting systemd initialization

Troubleshooting Software Packages

Fixing RPM databases and cache

Troubleshooting Networking

Troubleshooting outgoing connections

View network interfaces

Check physical connections

Check hostname resolution

Troubleshooting incoming connections

Check if the client can reach your system at all

Check if the service is available to the client

Check the firewall on the server

Check the service on the server

Troubleshooting Memory

Uncovering memory issues

Checking for memory problems

Dealing with memory problems

Troubleshooting in Rescue Mode

Part V: Learning Linux Security Techniques

Chapter 22: Understanding Basic Linux Security

Understanding Security Basics

Implementing physical security

Implementing disaster recovery

Securing user accounts

One user per user account

Limit access to the root user account

Setting expiration dates on temporary accounts

Removing unused user accounts

Securing passwords

Choosing good passwords

Setting and changing passwords

Enforcing best password practices

Understanding the password files and password hashes

Securing the filesystem

Managing dangerous filesystem permissions

Securing the password files

Locking down the filesystem

Managing software and services

Updating software packages

Keeping up with security advisories

Advanced implementation

Monitoring Your Systems

Monitoring log files

Monitoring user accounts

Detecting counterfeit new accounts and privileges

Detecting bad account passwords

Monitoring the filesystem

Verifying software packages

Scanning the filesystem

Detecting viruses and rootkits

Auditing and Reviewing Linux

Conducting compliance reviews

Conducting security reviews

Chapter 23: Understanding Advanced Linux Security

Implementing Linux Security with Cryptography

Understanding hashing

Understanding encryption/decryption

Understanding cryptographic ciphers

Understanding cryptographic cipher keys

Understanding digital signatures

Implementing Linux cryptography

Ensuring file integrity

Encrypting a Linux filesystem

Encrypting a Linux directory

Encrypting a Linux file

Encrypting Linux with miscellaneous tools

Using Encryption from the Desktop

Implementing Linux Security with PAM

Understanding the PAM authentication process

Understanding PAM contexts

Understanding PAM control flags

Understanding PAM modules

Understanding PAM system event configuration files

Administering PAM on your Linux system

Managing PAM-aware application configuration files

Managing PAM system event configuration files

Implementing resources limits with PAM

Implementing time restrictions with PAM

Enforcing good passwords with PAM

Encouraging sudo use with PAM

Locking accounts with PAM

Obtaining more information on PAM

Chapter 24: Enhancing Linux Security with SELinux

Understanding SELinux Benefits

Understanding How SELinux Works

Understanding type enforcement

Understanding multi-level security

Implementing SELinux security models

Understanding SELinux operational modes

Understanding SELinux security contexts

Understanding SELinux policy types

Understanding SELinux policy rule packages

Configuring SELinux

Setting the SELinux mode

Setting the SELinux policy type

Managing SELinux security contexts

Managing the user security context

Managing the file security context

Managing the process security context

Managing SELinux policy rule packages

Managing SELinux via booleans

Monitoring and Troubleshooting SELinux

Understanding SELinux logging

Reviewing SELinux messages in the audit log

Reviewing SELinux messages in the messages log

Troubleshooting SELinux logging

Troubleshooting common SELinux problems

Using a nonstandard directory for a service

Using a nonstandard port for a service

Moving files and losing security context labels

Booleans set incorrectly

Putting It All Together

Obtaining More Information on SELinux

Chapter 25: Securing Linux on a Network

Auditing Network Services

Evaluating access to network services with nmap

Using nmap to audit your network services advertisements

Controlling access to network services

Working with Firewalls

Understanding firewalls

Implementing firewalls

Starting with firewalld

Understanding the iptables utility

Using the iptables utility

Part VI: Extending Linux into the Cloud

Chapter 26: Using Linux for Cloud Computing

Overview of Linux and Cloud Computing

Cloud hypervisors (a.k.a. compute nodes)

Cloud controllers

Cloud authentication

Cloud deployment and configuration

Cloud platforms

Trying Basic Cloud Technology

Setting Up a Small Cloud

Configuring hypervisors

Step 1: Get Linux software

Step 2: Check your computers

Step 3: Install Linux on hypervisors

Step 4: Start services on the hypervisors

Step 5: Edit /etc/hosts or set up DNS

Configuring storage

Step 1: Install Linux software

Step 2: Configure NFS share

Step 3: Start the NFS service

Step 4: Mount the NFS share on the hypervisors

Creating virtual machines

Step 1: Get images to make virtual machines

Step 2: Check the network bridge

Step 3: Start Virtual Machine Manager (virt-manager)

Step 4: Check connection details

Step 5: Create a new virtual machine

Managing virtual machines

Migrating virtual machines

Step 1: Identify other hypervisors

Step 2: Migrate running VM to another hypervisor

Chapter 27: Deploying Linux to the Cloud

Getting Linux to Run in a Cloud

Creating Linux Images for Clouds

Configuring and running a cloud-init cloud instance

Investigating the cloud instance

Cloning the cloud instance

Trying an Ubuntu cloud image

Expanding your cloud-init configuration

Adding ssh keys with cloud-init

Adding network interfaces with cloud-init

Adding software with cloud-init

Using cloud-init in enterprise computing

Using OpenStack to Deploy Cloud Images

Starting from the OpenStack Dashboard

Configuring your OpenStack virtual network

Configuring keys for remote access

Launching a virtual machine in OpenStack

Accessing the virtual machine via ssh

Using Amazon EC2 to Deploy Cloud Images

Part VII: Appendixes

Appendix A: Media

Appendix B: Exercise Answers

Previous Chapter

Contents at a Glance