Index

! (exclamation point), 80, 155, 160, 267, 495

“ (double quotes), 155, 160, 262, 266

# (hash mark), 67

$ (dollar sign), 67, 79, 85, 89, 155, 156

$# variable, 156–157

$(()) notation, 159

$@ variable, 156

$0 variable, 156

% (percent), 145

& (ampersand), 82, 83–84, 144, 162

` (backtick), 39, 84, 155

' (single quotes), 155

( (left parenthesis), 82, 155

> (greater than sign), 82, 103

< (less than sign), 82, 103

) (right parenthesis), 82, 155

* (asterisk), 108, 128, 155, 163, 263, 288, 534, 571

+ (plus sign), 107, 111, 112, 129, 138, 145, 272, 292, 521

- (hyphen), 71–72, 106, 129, 130, 165, 757

– (minus sign), 111, 145

-- (double hyphen), 71–72

/ (forward slash), 94, 97, 99, 100, 124, 533

\! special character, 90

\# special character, 90

\$ special character, 90

\[ special character, 90

\] special character, 90

; (semicolon), 82, 83, 132, 444, 516, 517, 659

= (equal sign), 71–72

? (question mark), 103, 124, 128, 534

[] (brackets), 89, 103, 124, 243, 337, 418

\ (backslash), 90, 108, 115, 132, 155, 515

\ special character, 90

^ (caret), 165

{} (curly braces), 105, 131–132, 157

| (pipe), 8, 82–83, 103, 139, 162, 166

~ (tilde), 79, 101, 108, 119

3DES, 631

A

absolute path, 100

Accelerated Indirect GLX (AIGLX) project, 58–60

Access Control Lists (ACLs), 271–276

Access Vector Cache (AVC) denials, 670, 673, 689–692, 694, 697, 834

account PAM context, 651

ACLs (Access Control Lists), 271–276

acpi=off boot option, 217

activity reports, 323

Advanced Encryption Standard (AES), 630, 631, 645

Advanced Intrusion Detection Environment (aide), 620–622

AES (Advanced Encryption Standard), 630, 631, 645

aescrypt, 645

affs filesystem, 303

aide, 620–622

AIGLX (Accelerated Indirect GLX) project, 58–60

alias command, 75, 87

aliases

command aliases, 75, 87

IP addresses, 356–357

aliases file, 186

allusers directory, 107, 132

Alt+SysRq keystrokes, 585

amanda utility, 593

Amazon EC2, 765–766

anaconda installer, 17, 212, 213, 216, 219, 275

Ansible, 344

apache administrative login, 190

Apache Software Foundation (ASF), 450

Apache web server, 449

configuration files, 457–462

installing, 450–454

publishing web content, 464–465

securing, 455–457

SSL/TLS, 465–471

starting, 454–455

troubleshooting, 471–475

virtual hosts, adding, 462–464

apache2.conf file, 457

Apple

OS X vs. Linux, 6

printers, 427, 433

application launchers, 55–56

Applications Menu extension, 42–43

appSocket connections, 427, 433

ARC4, 631

ArcFour, 631

arguments, 71–74

Aroha, Ryan Sawhill, 647

arrow keys

3D AIGLX desktop, 59, 60

command history, 81

command-line editing, 77, 78

GNOME 3 desktop, 39, 40

GRUB Legacy, 226

vi text editor, 120

ASF (Apache Software Foundation), 450

ash, 65

asymmetric key cryptography, 466, 633–637

AT&T Bell Laboratories, 7–10

Audio CD Extractor, 195

audit logs, SELinux, 612–614, 690

audit.log file, 689–690

audit2allow command, 674, 687, 695

audit2why command, 687

auditd, 612–614, 625, 689–690, 692, 829

auditing Linux systems, 622–624

auditing network services, 699–710

auditing advertisements, 704–708

controlling access, 708–710

evaluating access, 701–704

aureport command, 690

ausearch command, 612–613, 614, 690, 835

auth PAM context, 651

authconfig command, 279, 655–657, 660, 665

authconfig-gtk, 176

Authentication Configuration window, 279–281

Authentication, graphical admin tool, 176

autofs facility, 545–548

avahi administrative login, 190

AVC (Access Vector Cache) denials, 670, 673, 689–692, 694, 697, 834

B

“Baby Bell” companies, 9

background commands, 83–84

background processes, 139

killing, 146–148

listing, 138–143

referring to, 145–146

renicing, 148–149

starting, 144–145

BackTrack, 623

backup shell script, 168

basename command, 95

BASH environment variable, 86

.bash_history file, 82

/.bash_logout file, 89

/.bash_profile file, 88

/.bashrc file, 89

.bashrc file, 91–92

bash shell, 65–66. See also shell

command-line completion, 79–80

command-line editing, 77–79

configuration files, 88–89

environment variables, 85–88, 88–89

file-matching metacharacters, 102–103

file-redirection metacharacters, 103–104

locating commands, 74–76

moving programs between background and foreground, 144

parameter expansion, 157–158

prompt, setting, 89–91

running commands, 70–73

shell history, 76–77, 80–82

untyped variables, 158–159

BASH_VERSION environment variable, 86

bashrc file, 88, 89, 186

bc command, 158–159

bcrypt, 645

befs filesystem, 302

Bell Laboratories, 7–10

Bell-LaPadula Mandatory Access security model, 672

Berkeley Software Distribution. See BSD

Berkeley Software Distribution License, 15–16

bin administrative login, 190

/bin directory, 98

administrative commands, 183

user commands, 74–75

bind package, 317

BIOS, 225–226, 554–557, 779

blkid command, 306

block ciphers, 628, 630, 631

block devices, 110

Blowfish, 630, 645

Bluetooth, 42

Booleans, SELinux management via, 688–689

/boot directory, 98, 223

/boot/grub/grub.conf file, 226–229

/boot/grub2/grub.cfg file, 230–231

Boot Log, 609

boot.log file, 189, 609

booting

boot options, 216–219

dual booting, 216–219

GRUB boot loader, 224–231

troubleshooting, 551–568

from USB drive, 799–780

brace expansion characters, 105

Brasero, 195

browser-based graphical management tools, 177

BSD (Berkeley Software Distribution)

AT&T lawsuit, 13

origin of, 9–10

btmp file, 610

btrfs filesystem, 302

built-in commands, 75

C

C Library Functions man page section, 93

C programming language, 9

C shell, 65, 69, 70

Caesar Cipher, 630

case command, 162–163

case ... esac, 163

CAST5, 631, 647

ccrypt, 645

cd command, 100–102

CDP (Clean Desk Policy), 592

centralized user accounts, 278–281

Ceph, 5, 731

CERT (Computer Emergency Readiness Team), 623

certificates, SSL, 280, 465–471

cgroups, 149–151

chage command, 76, 594–595, 600–601, 603

chains, netfilter/iptables firewall, 714–715

character devices, 110

chcat command, 685

chcon command, 465, 685, 816, 833, 834

checkmodule, 687

checkpolicy, 687

checksums, 628

Chef, 344, 732

chkconfig --list sshd command, 325

chkconfig sshd on command, 325

chkrootkit, 619–620

chmod command, 100, 101–102, 104, 111–112, 168, 273, 276

chrony administrative login, 190

cifs filesystem, 302

cipher text. See also decryption; encryption hashing, 628–630

ClamAV, 618

classification level attribute, SELinux, 673

Clean Desk Policy (CDP), 592

“Client denied by server configuration” error, 474

cloud computing, 729–748, 749–767

Amazon EC2 deployment, 765–766

authentication, 731

cgroups, 149–151

cloud controllers, 730–731

cloud types, 75–751

cloud-based Linux installations, 211

creating Linux images, 751–760

creating virtual machines, 740–744

deployment, 732

exercises, 747–748, 837–838

hypervisors, 730, 735–738

OpenStack, 5, 18, 177, 211, 731, 732, 750, 752, 760–765

OpenStack deployment, 760–765

platforms, 732

providing networked storage, 738–740

RHELOSP (Red Hat Enterprise Linux OpenStack Platform), 177

setting up, 734–747

storage, 731

cloud-init facility, 751–753, 757–760

cloud.cfg file, 754

Cloudforms, 187, 751

clustering, 5

cnegus-test-project, 761

commands

administrative, 182–183

aliases, 75, 87

arguments, 71–74

arithmetic results, passing, 84–85

background commands, 83–84

built-in, 75

command-line completion, 79–80

command-line editing, 77–79

finding, 74–76

getting information about, 92–94

history list, 75, 76–77, 80–82

man pages, 70, 93–94

options, 71–74

piping between, 82–83

printing-related, 439–441

recalling, 76–82

running, 70–76

sequential commands, 83

shell prompt, 67

substitution, 84

syntax, 71–73

system administration, 182–183

Common UNIX Printing System. See CUPS

Common Vulnerabilities and Exposures (CVE), 607

Compiz window manager, 50, 51, 58

compliance reviews, 623

compute nodes, 730

Computer Emergency Readiness Team (CERT), 623

Configuration Editor, 176

configuration errors, 472–474

configuration files

administrative, 183–188

Apache web server, 457–462

bash shell, 88–89

networking, 362–367

contexts, PAM, 650–651

control flags, PAM, 651–652

control groups, 149–151

cp command, 114

cpio utility, 593

cracklib utility, 598

Cron Log, 609

crontab files, 186, 571

crypto-utils package, 452

cryptography, 627–648

encryption/decryption

cipher keys, 631–637

ciphers, 630

digital signatures, 637–639

exercises, 668, 830–832

hashing, 628–630

cryptsetup command, 641–642

crypttab file, 562, 640–641

csh, 65, 69, 70

csh.cshrc file, 186

CUPS, 423–446. See also printers; printing

adding printers, 425–426

command-line printing, 439–441

configuring CUPS server, 436–437

configuring print servers, 441–443

features, 423–425

manual configuration, 438–439

Print Settings window, 428–435

starting CUPS server, 437–438

web-based administration, 426–428

cups package, 317

cupsd.conf file, 436–437

custom routes, 370–371

cut command, 165

CVE (Common Vulnerabilities and Exposures), 607

D

d special character, 90

DAC (Discretionary Access Controls), 669–670

daemon processes, 4–5

cgroups and, 149–150

checking config files, 183

/etc/httpd directory, 184

/etc/xinetd.d directory, 185–186

port numbers and, 320

rsyslog.conf file, 187

running under separate administrative logins, 190

/sbin directory, 99

Udev and, 194

/usr/sbin dirctory, 182

xinetd.conf file, 188

Damn Small Linux, 202

dash, 65, 69

Data Encryption Standard (DES), 466, 631

Date & Time, graphical admin tool, 176

date --help command, 73

date command, 70, 72–73

DEB packaging, 236–238

decryption, 628

cryptographic cipher keys, 631–637

cryptographic ciphers, 630–631

digital signatures, 637–639

dependency failures, 569–571

DES (Data Encryption Standard), 466, 631

/dev directory, 98

Devices and Special Files man page section, 93

df command, 341–342

DHCP servers, 207, 210, 348, 349, 355, 363–364, 372, 576

Digital Signature Algorithm (DSA), 638

digital signatures, 637–639

directives, Apache web server, 457–460

directories

absolute path, 100

adding current to PATH, 91

assigning partitions, 223–224

changing, 100–102

changing permissions, 101–102, 104, 111–112, 168, 273, 276

creating, 100, 101, 109, 162

encrypting, 642–645

GID directories, 276–278

listing, 105–108

DirectoryIndex directive, 459

“Directory index forbidden by rule” error, 475

Disabled mode, SELinux, 673–674, 680–682

disaster recovery, 592–593

Discretionary Access Controls (DAC), 669–670

disk storage, 283–284

Disk Usage Analyzer, 176

Disk Utility, 177

distributions, 16–20. See also specific distributions

dmesg command, 191, 192–183, 203

dmesg file, 609, 610

DNS servers

/etc/resolv.conf file, 366–367

configuring Linux as, 372–373

hostname resolution, 576–577

hypervisor-storage system communication, 738

interface configuration, 355–358

named.conf file, 187

queries, checking, 367

RHCE exam, 25–26

dnsdomainname command, 355

Domain Name System, graphical admin tool, 176

dovecot package, 317

dpkg Log, 609

dpkg.log file, 609

DSA (Digital Signature Algorithm), 638

du command, 342–343

dual booting, 214–215

dumb terminals, 144

dump utility, 291, 305, 307, 593, 606, 610

Duplicity, 646

E

echo command, 79–80, 85, 92

El Gamal, 631

elementary OS, 19

elif statements, 160

Elliptic Curve Cryptosystems, 631

emacs command, 118

encryptfs command, 642–645

encryption, 628

cryptographic cipher keys, 631–637

cryptographic ciphers, 630–631

digital signatures, 637–639

directories, 642–645

files, 645

filesystems, 640–642

from GNOME desktop, 646–647

with Pyrite, 647–648

SSL/TLS, 465–471

Enforcing mode, SELinux, 674, 680–682

enterprise environments

Linux installation, 211–213

network configuration, 371–373

RPM package management, 256–257

Samba, 525

server administration, 344

user/group account management, 270–278

env command, 85

environment variables

bash shell, 88–89

expanding, 85

errata, 607

ErrorDocument direction, 459

esac, 163

escaping shell characters, 155

/etc directory, 98, 184, 186–188

/etc/aliases file, 186

/etc/apache2/apache2.conf file, 457

/etc/bashrc file, 88, 89, 186

/etc/cloud/cloud.cfg file, 754

/etc/cron directory, 184

/etc/crontab file, 186

/etc/crypttab file, 562, 641–642

/etc/csh.cshrc file, 186

/etc/cups directory, 184, 424

/etc/cups/cupsd.conf file, 436–437

/etc/cups/mime.types file, 439

/etc/cups/printers.conf file, 435, 438–439, 442–443

/etc/default directory, 184

/etc/exports file, 186, 528, 529, 531, 532–535

/etc/fstab file, 186, 274, 275, 276, 305–306

/etc/group file, 186

/etc/gshadow file, 186

/etc/host.conf file, 186

/etc/hostname file, 186, 365

/etc/hosts file, 79, 186, 365–366, 738

/etc/hosts.allow file, 186, 322

/etc/hosts.d file, 186

/etc/hosts.deny file, 186, 322

/etc/httpd directory, 184

/etc/httpd/conf.d directory, 452

/etc/httpd/conf.d/ssl.conf file, 467

/etc/init.d directory, 184–185

/etc/inittab file, 187, 382–386, 389–391, 398–399, 412–413

/etc/logrotate.d/httpd file, 451

/etc/logrotate.d/samba file, 502

/etc/logrotate.d/vsftpd file, 480

/etc/mail directory, 185

/etc/mtab file, 187

/etc/mtools.conf file, 187

/etc/named.conf file, 187, 373

/etc/nfsmount.conf file, 545

/etc/nsswitch.conf file, 187, 366–367

/etc/ntp.conf file, 187

/etc/pam.d file, 650

/etc/pam.d.vsftpd file, 480

/etc/pam.d/common-auth file, 660

/etc/pam.d/other file, 655

/etc/pam.d/passwd file, 661

/etc/pam.d/su file, 664

/etc/pam.d/system-auth file, 659, 661–663, 666

/etc/passwd file, 69, 71, 82, 187, 264, 269, 278, 279, 280, 601–603

/etc/pcmcia directory, 185

/etc/pki/tls/private/localhost.key file, 468

/etc/pki/tsl/cert/localhost.crt file, 468

/etc/postfix directory, 185

/etc/ppp directory, 185

/etc/printcap file, 187

/etc/profile file, 88, 89, 187

/etc/protocols file, 187

/etc/rc.d//rc#.d directory, 384

/etc/rc.d/rc5.d directory, 384

/etc/rc?.d directory, 185

/etc/resolv.conf file, 349, 364, 366

/etc/rpc file, 187

/etc/rsyslog.conf file, 187, 335–336

/etc/samba directory, 502

/etc/samba/smb.conf file, 444, 511, 516–521

/etc/samba/smbusers file, 502

/etc/security directory, 185

/etc/security/limits.conf file, 657–658, 832

/etc/security/time.conf file, 659–660

/etc/selinux/config file, 679–680

/etc/services file, 187, 699–700

/etc/shadow file, 187, 628

/etc/shells file, 187

/etc/skel directory, 185

/etc/sudoers file, 187

/etc/sysconfig directory, 185

/etc/sysconfig/network file, 365

/etc/sysconfig/network-scripts directory, 363, 365

/etc/sysconfig/rhn/up2date file, 242

/etc/sysconfig/samba file, 502, 503

/etc/sysct1.conf file, 25

/etc/systemd directory, 185

/etc/systemd/system directory, 420

/etc/termcap file, 188

/etc/tmpfiles.d/httpd.conf file, 451

/etc/ttytab file, 381

/etc/vsftpd/chroot_list file, 489

/etc/vsftpd/ftpusers file, 481, 489

/etc/vsftpd/user_list file, 481, 489

/etc/vsftpd/vsftpd.conf file, 480, 488

/etc/X11 directory, 188

/etc/X11/xorg.conf file, 60

/etc/xinetd.d directory, 185–186

/etc/xinetd/conf file, 188

/etc/yum.conf file, 242

/etc/yum.repos.d/*.repo files, 243

Ethernet channel bonding, 368–370

EUID environment variable, 86

execute bits, 106, 107, 110, 111, 129, 276–278

exercises and answers

Apache web servers, 475–476, 815–818

basic security, 624–625, 829–830

cloud computing, 747–748, 837–838

cryptography, 668, 830–832

filesystem, 115–116, 786–787

FTP servers, 497, 818–821

GNOME, 61, 781–783

Linux installation, 231–232, 795–797

network security, 724–725, 835–837

networking, 374–375, 807–810

NFS servers, 550, 824–826

PAM, 668, 830–832

printing, 446–447, 813–815

processes, 151–152, 789–790

RPM packages, 258, 797–798

Samba servers, 526, 822–824

SELinux, 696–697, 832–835

server administration, 345–346, 805–807

shell, 95, 784–786

shell scripts, 169, 790–793

starting/stopping services, 422, 810–813

system administration, 199–200, 793–795

text files, 134–135, 787–789

troubleshooting Linux, 587–588, 826–829

user and group accounts, 281–282, 798–802

exim package, 317

exit command, 69, 75, 81, 87, 88

exports file, 186, 528, 529, 531, 532–535

expr command, 158–159

ext filesystem, 302

ext2 filesystem, 302

ext3 filesystem, 302

ext4 filesystem, 302

Extended Multiuser Mode runlevel, 382

F

Facebook, LAMP stack, 3

false positives, 619

fc command, 81–82

FCEDIT environment variable, 86

FCoE (Fibre Channel over Ethernet) devices, 220

fdisk command, 222–223, 286–288, 289, 290, 292, 296, 557, 802–803

Fedora

aliased ls command, 105

backup script, 168

backup shell script, 168

booting from USB drive, 779

downloading, 772–774

GNOME Terminal, 68

installing from live media, 203–207

mcedit text editor, 118

NFS Server Configuration window, 531–532

vs. RHEL, 18

server packages, 316–318

sudo command, 174

system-config-* tools, 175–177

terminal emulators, 68

updatedb command, 125

virtual consoles, switching between, 69

Fedora Security Spin, 623

Fibre Channel over Ethernet (FCoE) devices, 220

File Formats and Conventions man page section, 93

“File permissions prevent access” error, 474

file redirection, 8, 103–104

file sharing. See Samba

file-matching metacharacters, 102–103

files

copying, 329–332

encrypting, 645

finding, 125–133

find command, 127–132

grep command, 132–133

locate command, 125–126

integrity, ensuring, 639–640

listing, 105–108

security context, SELinux, 683, 684–685

filesystems, 97–116

basic commands, 100–102

copying files, 114

creating, 310–311

directory hierachy, 97–99

exercises, 115–116, 311–312, 786–787, 802–804

integrity, ensuring, 640–642

listing files/directories, 105–109

metacharacters, 102–105

monitoring, 615–622

mounting, 301–310

moving files, 114

permissions, 109–113, 603–604

removing files, 114–115

scans, 616–618

securing, 603–606

unmounting, 309

filter table, iptables, 713

find command, 127–132, 343

finding

commands, 74–76

files

find command, 127–132

grep command, 132–133

locate command, 125–126

packages, 246–247

fingerprints, 628

Firefox, FTP server access, 493

firestarter application, 711

Firewall, graphical admin tool, 176

firewalld service, 316, 712–713

firewalls, 710–724

categories, 710–711

firewalld service, 316, 321, 712–713

iptables utility, 316, 713–724

opening for FTP, 483–486

opening for NFS, 537–538

RHCE exam, 26

Samba configuration, 507–508

firmware RAID devices, 220

firstboot command, 210

“first picture” databases, 620–622

fixfiles command, 685

foomatic package, 317

for ... do loop, 163–164

foreground processes, 137–152

killing, 146–148

limiting with cgroups, 149–151

listing, 138–143

managing, 144–146

renicing, 148–149

fork bombs, 657

FOSS (Free and Open Source Software), 12

free software, 12

Free Software Directory, 12

Free Software Foundation (FSF), 11–12, 26

FreeBSD, 13, 225

fstab file, 186, 305–306

FTP clients, 492–496

FTP Log, 609

FTP servers, 477–497

allowing uploading, 489–491

configuring, 488–492

exercises, 497, 818–821

FTP clients, 492–496

installing, 479–480

securing, 483–488

starting, 480–483

user access, 488–489

FTP Transfer Log, 609

G

Games man page section, 94

gconf-editor, 52, 176

gedit text editor, 117, 118, 152, 181, 328–329

general regular expression parser. See grep command

Gentoo distribution, 16

bin login, 190

nano text editor, 118

ongoing updates, 214

software packaging, 236

getenforce command, 486, 539, 680, 697, 834

getent command, 280

getfacl command, 271

getsebool command, 509, 688, 697, 834, 689694

gfs2 filesystem, 303

gFTP client, 495–496

Gibson Research Corporation, 624

GID directories, 276–278

Global Unique Identifiers (GUID), 286

GlusterFS, 5

GNOME 2 desktop, 49–60

Metacity window manager, 50–52

panels, 50, 53–57

System Monitor, 142–143

GNOME 3 desktop, 33–49

command box, 40

Fedora GNOME desktop live image, 32–33

installing software, 46–48

Nautilus file manager, 45–46, 47, 50, 195–196, 522–523

navigating with keyboard, 38–41

navigating with mouse, 34–38

Rhythmbox music player, 48–49, 195, 196

shell extensions, 42–45

setting up, 41–42

stopping, 49

System Monitor, 142–143

Window menu, 37

GNOME Display Manager Log, 609

GNOME Terminal, 68

GNOME Tweak Tool, 44–45

gnome-disks, 177

gnome-system-monitor, 142–143

gnome-terminal, 68

gnome-utils, 176

GNU Hurd project, 12

GNU Lesser General Public License (LGPL), 15

GNU project, 11–12, 14

GNU Public License (GPL), 12, 14, 15, 27

gnupg2 package, 632

Google Cloud Platform, 732

gpg, 645

gpg-agent daemon, 632

gpg-zip, 646

gpg2, 632–637, 632–639, 830–831

gpgcheck, 242

gpgcheck, 242

gpgkey, 243

GPL (GNU Public License), 12, 14, 15, 27

GRand Unified Bootloader (GRUB), 224–231

graphical boot option, 217

Graphical Mode runlevel, 382

graphical system administration tools, 175–177

grep command, 69, 84, 132–133, 165

group accounts, 269–270

creating, 270

exercises, 281–282, 798–802

managing in the enterprise, 270–278

process association, 137, 268–270

group file, 186

groupadd command, 270

groupmod command, 270

GRUB (GRand Unified Bootloader), 224–231

GRUB 2, 229–231

GRUB Legacy, 225–229

grub.cfg file, 230–231

grub.conf file, 226–229

gshadow file, 186

GUID (Global Unique Identifiers) partitions, 286

H

h special character, 90

Hadoop, 450

HAL (Hardware Abstraction Layer), 194

Halt runlevel, 382

hard disks

partitioning, 285–295

storage overview, 283–284

hardware

boot options for disabling, 217

requirements, 202–203

hashed passwords, 601–603

hashing, 628–630

help command, 92–93

here documents, 104

here text, 104

Hesiod authentication, 176

HISTCMD environment variable, 86

HISTFILE environment variable, 82, 86

HISTFILESIZE environment variable, 86

history command, 75, 76–77, 80–81, 80–82

history of Linux, 6–16

$HOME directory, 184

/home directory, 97, 98, 224

HOME environment variable, 86, 108–109, 155

host-based firewalls, 711

host.conf file, 186

hostname command, 70–71

hostname file, 186

hosts file, 79, 186

hosts.allow file, 186

hosts.deny file, 186

HOSTTYPE environment variable, 86

HP JetDirect connections, 427, 433

hpfs filesystem, 303

hpijs package, 317

HTTP, graphical admin tool, 176

httpd package, 184, 254–255, 317, 318, 449, 450–453

httpd-manual package, 317, 452

Hurd project, 12

hybrid cloud, 751

RHELOSP, 177

hypervisors, 730

configuring, 735–738

creating virtual machines, 740–744

managing virtual machines, 744–745

migrating virtual machines, 745–747

providing networked storage, 738–740

I

id command, 73

IDEA, 631

identification and authentication process, 648

IDS (Intrusion Detection System) software, 620–622

if ... elif statements, 160

if ... then statements, 159–162

ifconfig command, 353

include control flag, PAM, 652

info command, 93

init systems

advantages, 377

systemd, 378–386

adding new services, 419–422

backward compatibility to SysVinit, 397–99

basics, 392–397

checking services for, 402–403

configuring default target, 413–414

configuring persistent services, 410–412

starting/stopping, 406–408

SysVinit, 378–386

adding services, 414–417

checking services for, 400–401

configuring persistent services, 408–409

default runlevel, 412–413

disabling services, 409

starting and stopping services, 403–404

systemd's backward compatibility, 397–399

Upstart's backward compatibility, 388–392

Upstart, 554

adding new services, 417–419

backward compatibility to SysVinit, 388–392

checking services for, 401–402

configuring default runlevel, 413

configuring persistent services, 409–410

starting/stopping services, 405

inittab file, 187, 382–386, 389–391, 398–399, 412–413

installing

Apache web server, 450–454

FTP servers, 479–480

Linux, 201–232

anaconda installer, 17, 212, 213, 216, 219, 275

boot options, 216–219

cloud-based installations, 211

dual booting, 214–215

enterprise environments, 211–213

from Live media, 203–207

GRUB boot loader, 224–231

hardware requirements, 202–203

partitioning hard drives, 220–224

RHEL installation DVD, 208–210

specialized storage, 219–220

upgrade procedures, 213–214

virtualization, 216

NFS servers, 529–530

RPM packages, 239–240, 253

Samba, 500–502

servers, 316–318

integer arithmetic, 158–159

interactive copying, 332

Internet Printing Protocol (IPP), 424, 427, 432–433

Intrusion Detection System (IDS) software, 620–622

Intrusion Prevention software, 620

ip addr show command, 352

IP addresses, 348–349. See also iptables utility

Ethernet channel bonding, 368–370

setting aliases, 356–357

setting manually, 355–356

setting routes, 357–358

IPP (Internet Printing Protocol), 424, 427, 432–433

iptables, 316, 321, 578–579, 713–724, 816, 819–820, 823–825, 836

Apache web server, 455–456

chains, 714–715

FTP servers, 483–486

NFS servers, 536–538

policies, 715, 717–722

rules, 715, 717–722

Samba servers, 507–508

saving configuration, 722–724

securing Apache, 455–456

tables, 713–714

targets, 715

ISO images, 628, 771–779

iso9660 filesystem, 302

J

JBoss, 18

jed text editor , 118

jfs filesystem, 303

joe text editor, 118

John the Ripper, 614–615

journalctl command, 188–189, 192, 200, 317, 334, 608, 610–611

K

K shell, 65, 69, 70

K3b, 777–778

kafs filesystem, 302

Kali Linux, 19

kate text editor, 118

kedit text editor, 118

Kernel Log, 609

Kernel-based Virtual Machine. See KVM

Kernighan, Brian, 9

key pairs, 633–637

key rings, 633–637, 639, 668, 831

key-based authentication, 332–334

Kickstart, 177

kickstart files, 177, 212, 213, 216, 218–219, 257

killall command, 146–148, 152

killing processes, 146–148

KNOPPIX distribution, 16, 32, 214, 237

krb5-server package, 317

ksh, 65, 69, 70

KVM (Kernel Virtualization Module), 730, 733, 735–738

L

LAMP stack, 3

Language, graphical admin tool, 176

Last.fm, 49

lastlog command, 610

lastlog file, 609, 610

LastLog log, 609

LDAP (Lightweight Directory Access Protocol), 279–281, 317, 452, 547

LDP/LPR printers, 433–434

less command, 77

Lesser General Public License (LGPL), 15

let command, 158–159

level attribute, SELinux security context, 675–677

lftp command, 493–495

LGPL (GNU Lesser General Public License), 15

/lib directory, 98

/lib/systemd/system directory, 420

libpam.so, 648

libvirtd, 733, 735–738

licenses, open source, 15–16, 27. See also GPL

limits.conf file, 657–658, 832

Linux

bootable CD/DVD, creating, 776–779

distributions, 16–20. See also specific distributions

features overview, 4–5

history of, 6–16

installing, 201–232

overview, 4–6

professional opportunities, 20–26

vs. proprietary operating systems, 6

Linux Foundation, 14, 20

Linux Mint, 19

Linux Unified Key Setup (LUKS), 640

Linux-PAM System Administrator's Guide, 667

listing

modules, 197–198

processes, 138–143

with ps command, 138–140

with System Monitor, 142–143

with top command, 140–141

live Linux ISO images, 32–33, 203–207

load_policy , 687

local printers, 429–432

localhost.crt file, 468

localhost.key file, 468

locate command, 75, 76, 125–126

logging

SELinux logging, 689–692

system logging, 334–340

logical volume management (LVM), 295–301

Login Log, 609

Logout Log, 609

logrotate, 322–323

logrotate.d/samba file, 502

logrotate.d/vsftpd file, 480

logwatch, 322, 339–340

loops

for ... do, 163–164

until ... do, 164

while ... do, 164

lp administrative login, 190

lpc command, 440–441

lpr command, 435, 440

lprm command, 441

ls command, 71–72, 102–103, 105–108, 105–109

lscpu command, 194

lsmod command, 197–198

lspci command, 193

lsusb command, 193–194

LUKS (Linux Unified Key Setup), 640

lvdisplay command, 299

LVM (logical volume management), 295–301

lvs command, 641–642

LXDE (Lightweight X11 Desktop Environment), 14, 29, 31, 32, 250–251

LXLE, 19

M

Magnatune, 49

MAIL environment variable, 85, 86

Mail Log, 609

Mail Transport Agent (MTA), 317

maillog file, 609

man command, 93–94

man pages, 70, 93–94

Mandrake distribution, 17

Mandriva distribution, 17

mangle table, iptables, 713

MariaDB, 26, 318

MBR (Master Boot Record), 286

mcedit text editor, 118

md5sum, 252, 256, 628–629, 639, 831

/media directory, 98

memory, troubleshooting, 580–585

message digests, 628

messages log file, 189, 337, 338–339, 610, 690–691

metacharacters

$ (dollar sign), 85

& (ampersand), 82, 83–84, 144, 162

; (semicolon), 82, 83, 132, 444, 516, 659

| (pipe), 8, 82–83, 103, 139, 162, 166

command substitution, 84

definition of, 82

file-direction, 103–104

file-matching, 102–103

text searches, 124

Metacity window manager, 50–52

mime.types file, 439

mini-PaaS, 734

Minimum policy, SELinux, 678, 682

Minix, 6–7, 13, 221, 302

minix filesystem, 302

/misc directory, 98

Miscellaneous man page section, 94

MIT license, 16

mkdir command, 100, 101, 109, 162

mkfs command, 310–311

mkswap command, 303–304

MLS (Multi-Level Security), 672–673

MLS policy, SELinux, 678, 682

/mnt directory, 98

mod_perl package, 452

mod_ssl package, 452, 467

mod_userdir module, 464–465

modprobe command, 198

modules

listing, 197–198

loading, 198

PAM, 652–653

removing, 198–199

monitoring systems, 608–622

filesystems, 615–622

log files, 608–611

user accounts, 612–615

mount command, 307–309, 541–544

mounting filesystems, 301–310

defining mountable filesystems, 305–306

disabling swap areas, 304–305

enabling swap areas, 303–304

mount command, 307–309

NFS filesystems, 541–548

supported filesystems, 301–303

unmounting filesystems, 309, 549

Mozilla license, 16

msdos filesystem, 302

MTA (Mail Transport Agent), 317

mtab file, 187

mtools.conf file, 187

multi-user.target file, 395–397, 398–399, 413–414, 420–421, 567

Multics project, 8

Multilevel plus networking runlevel, 562–563

multipath devices, 220

Multiuser Mode runlevel, 382

multiuser plus networking state (rc3.d), 185

Multiuser runlevel, 562

multiuser state (rc2.d), 185

Multiuser, networking, plus graphical user interface runlevel, 563

multiuser, networking, plus GUI login state (rc5.d), 185

Music Integration extension, 43

music players

Music Integration extension, 43

Rhythmbox, 48–49, 195, 196

mv command, 114

MySQL databases, 3, 318, 452, 609

mysql package, 318

MySQL Server Log, 609

mysql-server package, 318

mysqld.log file, 609

N

n special character, 90

named.conf file, 187, 373

nano text editor, 89, 118

nat table, iptables, 713

Nautilus file manager, 45–46, 47, 50, 195–196, 522–523

ncpfs filesystem, 303

NCSA HTTPD, 450

nedit text editor, 118

Nero, 777

/net directory, 546–547

Net/1, 13

Net/2, 13

NetBSD, 13, 225

netfilter/iptables firewall. See iptables utility

netmask, 355, 356, 357, 361, 370

Network Information Service (NIS) databases, 279, 366

network packets, 710

network security

auditing advertisements, 704–708

auditing network services, 699–710

controlling access, 708–710

evaluating access, 701–704

firewalls, 710–724

categories, 710–711

firewalld service, 712–713

iptables utility, 321, 713–724

network-based firewalls, 711

network-scripts directory, 363

networking, 347–375

checking network interfaces, 350–355

configuration files, 362–367

configuring

from the command line, 360–371

in the enterprise, 371–373

network interfaces, 355–358

proxy connections, 358–359

editing connections, 360–362

exercises, 374–375, 807–810

troubleshooting, 573–580

NetworkManager, 348

checking network interfaces, 350–352

configuring network interfaces, 355–358

configuring proxy connections, 358–359

disabling, 412

editing /etc/resolv.conf file, 366

editing connections, 360–362

turning off, 363

newgrp command, 269

news administrative login, 190

News Log, 609

NFS servers, 527–550

administration setup tasks, 527–528

exercises, 550, 824–826

installing, 529–530

mounting NFS filesystems, 541–548

RHCE exam, 26

securing, 536–540

sharing NFS filesystems, 531–536

starting, 530–531

viewing shares, 540–541

NFS, graphical admin tool, 176

nfs-server package, 530

nfs-utils package, 529–530

nfs_export_all_ro SELinux file context, 539

nfs_export_all_rw SELinux file context, 539

nfsmount.conf file, 545

NFSv4, 536

nice command, 148–149

nis databases, 279, 366

nisplus databases, 366

nmap utility, 701–708

nmb service, 502

starting, 505–506

stopping, 506

nmtui command, 360, 362

nnn special character, 90

nodma boot option, 217

nofb boot option, 217

nofirewire boot option, 217

noide boot option, 217

noipv6 boot option, 217

nompath boot option, 217

non-repudiation, 593

nonet boot option, 217

noparport boot option, 217

nopcmcia boot option, 217

noprobe boot option, 217

noscsi boot option, 217

Notifications Alert extension, 43

nousb boot option, 217

nsswitch.conf file, 187

ntfs filesystem, 303

ntp.conf file, 187

ntpd package, 26, 317, 317, 319

numa-off boot option, 217

O

OLDPWD environment variable, 86, 108

one-command actions, 162

Open Source Development Labs, 14

Open Source Initiative (OSI), 12, 14–16

open source software, 12

Open Sources: Voices from the Open Source Revolution, 14

OpenBSD, 13, 225

openldap package, 317

openldap-servers package, 317

openssh-client package, 324, 326

openssh-server package, 324–326

openssl command, 263, 469–470, 473, 476, 646, 816–817

OpenStack, 5, 18, 177, 211, 731, 732, 750, 752, 760–765

cloud deployment, 760–765

operating systems

overview, 4–6

proprietary, 6

operational modes, SELinux, 673–674, 680–682

/opt directory, 98

optional control flag, PAM, 652

Options directive, 459

options, command, 71–74

OS X vs. Linux, 6

OSI (Open Source Initiative), 12, 14–16, 710, 711

OSTYPE environment variable, 80, 86

Overview screen

GNOME 3 desktop, 34, 35, 40

OpenStack dashboard, 723–724

P

Package Collections, 316

Package Groups, 316

packages. See software packages

packet filters, 711

PAM (Pluggable Authentication Module), 648–667

administering, 654–667

good passwords, enforcing, 660–663

PAM-aware application configuration files, 654–655

resources, implementing, 657–658

sudo use, encouraging, 664

system event configuration files, 653–654, 655–657

time restrictions, implementing, 658–660

user accounts, locking, 665–667

authentication process, 649–654

benefits, 649

contexts, 650–651

control flags, 651–652

exercises, 668, 830–832

information sources, 667

modules, 652–653

PAM Module Reference, 667

pam-auth-config utility, 656

PAM-aware applications, 648–649

pam-limits module, 657

pam.conf file, 667

pam.d file, 650

pam.d.vsftpd file, 480

pam.d/common-auth file, 660

pam.d/other file, 655

pam.d/passwd file, 661

pam.d/su file, 664

pam.d/system-auth file, 661–663

pam_cracklib module, 660–664

pam_deny.so module, 655

pam_tully2 module, 665–667

pam_wheel module, 664

panels, GNOME 2 desktop, 50, 53–57

partition tables, 286

partitioning, 220–224, 285–295

LVM partitions, 295–301

multiple-partition disks, 292–295

partition types, 221–222

RAID partitions, 221–222

reasons for, 220–221

single-partition disks, 288–291

tips for creating, 222–224

viewing partitions, 286–288

passdb.tdb file, 521

passwd command, 598–599

passwd file, 69, 71, 82, 187, 601–603

password PAM context, 651

passwords, 321, 596–602

best practices, 599–601

detecting bad account passwords, 614–615

enforcing with PAM, 660–663

hashed, 601–603

Passwords and Keys window, GNOME, 646

PATH environment variable, 86, 91, 92, 182

penetration testing, 623

permission errors, 474–475

permissions

ACLs (Access Control Lists), 271–276

Apache, 455

filesystem, 109–113, 603–604

Samba, 510–511

Permissive mode, SELinux, 674, 680–682

persistent services, enabling, 408–412

php package, 452

php-ldap package, 452

physical security, 591--592

ping command, 353

pipe (|), 8, 82–83, 103, 139, 162, 166

Places Status Indicator extension, 42–43

plaintext, 627

Pluggable Authentication Module. See PAM

podcasts, 48–49

policies, iptables, 715, 717–722

policy rules, SELinux, 672, 678–679, 686–688

policy types, SELinux, 677–678, 682

policyoreutils-gui, 176

portability of UNIX, 8–9

positional parameters, 156–157, 169

POSIX (Portable Operating System Interface), 10, 14, 642

postfix administrative login, 190

postfix package, 317

postgresql package, 318

PostgreSQL service, 318

postgresql-server package, 318

PPID environment variable, 80, 86

“Premature end of script headers” errors, 475

Presentation Mode extension, 43

Print Screen key, Metacity, 52

print servers, configuring, 441–445

Print Settings window, 428–435

printcap file, 187

printers. See also CUPS

adding, 425–426

LDP/LPR, 433–434

local, 429–432

as print servers, 441–445

Print Settings window, 428–435

remote, 432–435

SMB, 434–435

status, listing, 440–441

web-based CUPS administration, 426–428

printers.conf file, 435, 438–439, 442–443

printing. See also CUPS

exercises, 446–447, 813–815

lpr command, 440

removing print jobs, 441

Printing, graphical admin tool, 176

private cloud, 750

private key cryptography, 466, 632–633

private/public key cryptography, 466, 633–637

/proc directory, 99

proc filesystem, 302

process sandboxing, 670

processes, 137–152

killing, 146–148

limiting with cgroups, 149–151

listing, 138–143

with ps command, 138–140

with System Monitor, 142–143

with top command, 140–141

process IDs, 137

referring to background processes, 145–146

renicing, 148–149

security context, SELinux, 685–686

starting background processes, 144–145

profile file, 88, 89, 187

programming constructs, 66

case command, 162–163

for ... do loop, 163–164

if ... then statements, 159–162

parameter expansion, 157–158

until ... do loop, 164

while ... do loop, 164

prompt, shell, 67

PROMPT_COMMAND environment variable, 87

proprietary operating systems, 6

protocols file, 187

proxy connections, configuring, 358–359

ps -el command, 676–677

ps -eZ command, 677

ps command, 138–140

PS1 environment variable, 80, 85, 87, 89–91, 90, 91

PS2 environment variable, 80, 89

PS3 environment variable, 80, 89

PS4 environment variable, 80, 89

public cloud, 750

Public FTP, 46

publishing web content, 464–465

Puppet, 344, 732

pure-ftpd package, 317

pvdisplay command, 299

pwd command, 70–71, 100–102, 478, 495

PWD environment variable, 80, 87, 108

Pyrite, 647–648

Q

QEMU, 733, 742

R

RAID partitions, 221–222

rainbow tables, 602

RANDOM environment variable, 87

raw table, iptables, 714

Raymond, Eric S., 16

RBAC (Role Based Access Controls), 669, 670, 671–672, 673

rc0.d (shutdown state), 185

rc1.d (single-user state), 185

rc2.d (multiuser state), 185

rc3.d (multiuser plus networking state), 185

RC4, 466, 631

rc4.d (user-defined state), 185

RC5, 631

rc5.d (multiuser, networking, plus GUI login state), 185

RC6, 631

rc6.d (reboot state), 185

read command, 157

Reboot runlevel, 382, 563

reboot state (rc6.d), 185

recalling commands, 76–82

Red Hat Certified Engineer (RHCE), 21, 22–23, 24–26

Red Hat Certified System Administrator (RHCSA), 21, 22–24

Red Hat Cloudforms, 187, 751

Red Hat Enterprise Linux. See RHEL

Red Hat Enterprise Linux OpenStack Platform (RHELOSP), 177

Red Hat Enterprise Virtualization, 18

Red Hat Enterprise Virtualization (RHEV), 177

reiserfs filesystem, 302

remote access

configuring keys for, 763–764

managing with SSH, 323–334

remote printers, 432–435

renice command, 148–149

*.repo files, 243

repositories

boot options, 218–219

dependency failures, 569–571

managing with YUM, 240–252

repudiation, 593

Required control flag, PAM, 652

requisite control flag, PAM, 652

rescue mode, 585–587

reserved words, command order and, 75

resolution=1024x768 boot option, 217

restorecon command, 487, 510, 513, 540, 685, 693, 820, 834

restricted deletion directories, 278

RHCE (Red Hat Certified Engineer), 21, 22–23, 24–26

RHCSA (Red Had Certified System Administrator), 21, 22–24

RHEL (Red Hat Enterprise Linux), 17–18

aliased ls command, 105

backup script, 168

browser-based admin tools, 177

vs. Fedora, 18

GNOME Terminal, 68

installing, 208–211

ISO image, 774

mcedit text editor, 118

Networking Guide, 26

RHELOSP, 177

RHEV, 177

software subscriptions, 21

sudo command, 174

System Administrator's Guide, 26

system-config-* tools, 175–177

terminal emulators, 68

updatedb command, 125

RHEL OpenStack Platform, 18

RHELOSP (Red Hat Enterprise Linux OpenStack Platform), 177

RHEV (Red Hat Enterprise Virtualization), 177, 732

Rhythmbox music player, 48–49, 195, 196

Rijndael, 631. 645

Ritchie, Dennis, 8, 9

rlogin command, 323

rm command, 87, 114–115

rmdir command, 115

rmmod command, 198–199

rmp -V command, 323

role attribute, SELinux security context, 675–677

Role Based Access Controls (RBAC), 669, 670, 671–672, 673

/root directory, 97–98, 99

Root Password, graphical admin tool, 176

root user, 177–182

rootkits, 619–620

route command, 353–354, 358

router, Linux as, 371–372

Roxio Creator, 777

rpc administrative login, 190

rpc file, 187

rpm command, 252–256

RPM packages, 236–237, 238–240

installing, 239–240, 247–249. 253, 253

managing with YUM, 240–252

querying information, 254–255

removing, 248–249, 253

searching for, 246–247

updating, 249–251

verifying, 255–256

RSA algorithm, 631, 635, 638

rsync command, 330–332

rsyslog, 317, 322–323, 334–339, 344

rsyslog.conf file, 187, 335–336

rsyslogd, 188, 189, 319–320, 322–323, 334, 337–339, 689–690, 692

rules, iptables, 715, 717–722

runcon command, 686

running commands, 70–76

S

s special character, 90

Samba, 499–526

accessing shares, 521–525

configuring, 511–521

exercises, 526, 822–824

in enterprise environments, 525

installing, 500–502

securing, 506–511

starting, 502–506

stopping, 506

Samba Log, 609

Samba NFS, 176

samba package, 500–502

Samba SWAT, 500

samba-client package, 501

samba-common package, 500–502

samba-config-samba package, 501

samba-swat package, 501

samba-winbind package, 501

sandbox command, 686

sanity checking, 181, 183

SANS Institute, 624

Santa Cruz Operation (SCO), 10, 11

sar command, 323, 340–341

/sbin directory, 99, 182

scanning filesystem, 616–618

SCC (Secure Computing Corporation), 669

SCO (Santa Cruz Operation), 10, 11

scp command, 321, 323, 324, 326, 329–330, 329–332, 334

Seahorse, 646, 647

sealert command, 690–691

secon command, 683

SECONDS environment variable, 87

secret key cryptography, 466, 632–633

Secure WebDav, 46

Secure Computing Corporation (SCC), 669

secure log file, 189

Secure Shell. See SSH

Secure Sockets Layer (SSL), 465–471, 816

security

Apache web server, 455–457, 465–471

cryptography, 627–648

encryption/decryption, 630–639

exercises, 668, 830–832

hashing, 628–630

disaster recovery, 592–593

filesystem security, 603–606

FTP servers, 483–488

network security

auditing advertisements, 704–708

auditing network services, 699–710

controlling access, 708–710

evaluating access, 701–704

firewalls, 710–724

NFS servers, 536–540

PAM (Pluggable Authentication Modules), 648–667

passwords, 596–602

physical security, 591–592

Samba, 506–511

SELinux. See SELinux

server security, 321–322

configuration file settings, 322

firewalls, 321

password protection, 321

SELinux, 322

TCP Wrappers, 322

user accounts, 593–596

security clearance attribute, SELinux, 673

security contexts, SELinux, 672, 674–677, 683–686

security labels, SELinux, 672, 684–685

Security Log, 609

security reviews, 623–624

security table, iptables, 714

sed command, 166

SELinux

Apache web server, 456–457

AVC (Access Vector Cache) denials, 670, 673, 689–692, 694, 697, 834

benefits, 669–671

configuring, 679–689

via Booleans, 688–689

for FTP server, 486–487

mode, 680–682

for NFS servers, 539–540

policy rule packages, 686–688

policy type, 682

for Samba, 508–510

security contexts, 683–686

exercises, 696–697, 832–835

information sources, 695

logging, 689–692

MLS (Multi-Level Security), 672–673

operational modes, 673–674, 680–682

policy rules, 672, 678–679, 686–688

policy types, 677–678, 682

RHCE exam, 25

securing Apache, 456–457

security contexts, 672, 674–677, 683–686

TE (Type Enforcement), 671–672

troubleshooting, 689–694

SELinux Management, 176

semanage command, 487, 509, 510, 540, 684, 693, 820

semodule command, 686, 687, 692, 834

semodule_deps, 687

semodule_expand, 687

semodule_link, 687

semodule_package, 687

Sendmail Log, 609

sendmail package, 317

sequential commands, 83

server administration

configuring servers, 318–319

enterprise servers, 344

exercises, 345–346, 805–807

installing servers, 316–318

monitoring servers, 322–323

package categories, 316–318

remote access, managing, 323–334

securing servers, 321–322

starting servers, 319–320

system logging, configuring, 334–340

system resources, checking, 340–341

system space, checking, 341–343

server internal errors, 474–475

service ssh start command, 325

service sshd start command, 325

services, 377–422

adding, 414–422

default runlevel, configuring, 412–414

initialization daemon, 378–399

persistent services, enabling, 408–412

status, checking, 399–403

stopping and starting, 403–408

target units, configuring, 412–414

services file, 187, 699–700

Services, graphical admin tool, 176

session PAM context, 651

set GID, 107, 270, 271, 276–277

set UID, 107, 276–277

setfacl command, 271, 272–274

setsebool command, 487, 509, 518, 540, 688–689, 694

sftp command, 332

SHA-1 hash, 630, 639, 831

SHA-2 hash, 630, 639–640

sha1sum command, 639, 831

sha224sum command, 639–640

shadow file, 187, 628

shared folders, Samba, 513–514

shell

choosing, 69–70

commands. See commands

default, identifying, 69

environment variables, 85–88

escaping shell characters, 155

exercises, 95, 784–786

exiting, 88

prompt, 67

starting, 66–69

shell history, 76–66, 80–82

shell scripts, 153–168

backup example, 168

command-line arguments, 154

debugging, 154

executing, 154

exercises, 169, 790–793

integer arithmetic, 158–159

programming constructs, 159–164

telephone list example, 167–168

text-manipulation programs, 164–166

variables, 154–158

shells file, 187

SHLVL environment variable, 87

showmount command, 540–541

Shutdown runlevel, 562

shutdown state (rc0.d), 185

SIGABRT signal, 147

SIGCONT signal, 146, 147

SIGHUP signal, 146, 147, 148

SIGINT signal, 147

SIGKILL signal, 146, 147

signals, 146–148

signatures, 628

SIGQUIT signal, 147

SIGSTOP signal, 146, 147

SIGTERM signal, 146, 147, 148

Single User Mode runlevel, 382

Single-user runlevel, 562

single-user state (rc1.d) file, 185

skipddc boot option, 217

Slackware, 16, 202

SMB printers, 434–435

smb service, 502–505

starting, 503–505

stopping, 506

smb.conf file, 183, 444, 511, 516–521

smbclient command, 504, 505, 508, 515

smbpasswd command, 521

smbusers file, 502

Snort, 620

software packages

DEB, 236–238

exercises, 258, 797–798

RPM, 238–240

installing, 239–240, 253

managing in the enterprise, 256–257

managing with YUM, 240–252

querying information, 254–255

verifying, 255–256

sanity testing configuration files, 183

server package categories, 316–318

tarballs, 236–237

troubleshooting, 568–573

updating, 607

verifying, 615–616

Software window, 47, 233–235

Spacewalk, 257

SpamAssassin, 450

special characters

inserting, 78, 90

metacharacters, 102–105

spooler file, 609

SQL Server, 318

Squid Log, 609

squid package, 317, 453

SSH (Secure Shell), 323–334

client tools, 326–332

key-based authentication, 332–334

openssh-server service, 324–326

RHCE exam, 26

ssh command

for remote execution, 328–329

for remote login, 326–328

X11 forwarding, 328–329

ssh-copy command, 333

ssh-copy-id command, 346

ssh-keygen command, 333

ssh256sum command, 639–640

ssh384sum command, 639–640

ssh512sum command, 639–640

sshd service, 320, 324–326, 332, 334

SSL (Secure Sockets Layer), 465–471, 816

ssl.conf file, 467

Stallman, Richard M., 11

status ssh command, 325

stop process, 147

stream ciphers, 628, 631

stream editor (sed), 166

su command, 174, 178–179

subnet mask, 349, 351

substack control flag, PAM, 652

substituting commands, 84

sudo command, 174, 180–182, 664

sudoers file, 187

sufficient control flag, PAM, 652

SUID permissions, 603–606

Sun Microsystems, 11

NIS (Network Information Service), 279

PAM (Pluggable Authentication Modules), 610

shell choice and, 70

ufs filesystem, 303

VirtualBox, 216

SVID (System V Interface Definition), 10, 14

swap areas

disabling, 304–305

enabling, 303–304

swapoff command, 304–305

symbolic links, 106, 108, 110, 161, 330, 331, 399, 414, 421, 618

symmetric cryptography, 466, 632–633

syntax, 71–73

/sysconfig/samba file, 502

sysct1.conf file, 25

SYSLINUX boot loader, 224

syslogd, 189

sysstat package, 323, 340, 565

System Activity Reporter (sar), 323, 340–341

system administration

administrative commands, 182–183

checking/configuring hardware, 190–199

configuration files, 183–188

graphical tools, 175–177

log files, 188–189

systemd journal, 188–189

using other administrative accounts, 189–190

using root user account, 177–182

System Administration Tools and Daemons man page section, 94

System Calls man page section, 93

System Log, 610

System Monitor, 142–143

system monitoring, 608–622

filesystems, 615–622

log files, 608–611

user accounts, 612–615

system resources, monitoring, 340–341

System Settings window, GNOME 3 desktop, 41–42

system space, checking, 341–343

System V init, 552–553

System V Interface Definition (SVID), 10, 14

system-config-bind, 176

system-config-date, 176

system-config-firewall, 176

system-config-httpd, 176

system-config-kickstart, 177

system-config-network, 360

system-config-nfs, 176, 532

system-config-printer, 176, 317, 425, 429, 432–433

system-config-rootpassword, 176

system-config-samba, 176, 444, 500, 501, 511–516

system-config-selinux, 509, 689

system-config-services, 176

system-config-users, 176

systemctl command, 438

systemctl enable sshd.service command, 325

systemctl list-unit-files command, 393–394

systemctl start sshd.service command, 325

systemctl status sshd.service command, 325

systemd, 378–386

adding new services, 419–422

backward compatibility to SysVinit, 397–99

basics, 392–397

checking services for, 402–403

configuring default target, 413–414

configuring persistent services, 410–412

starting/stopping, 406–408

systemd journal, 188–189

systemd, 553–554

SysVinit, 378–386

adding services, 414–417

checking services for, 400–401

configuring persistent services, 408–409

default runlevel, 412–413

disabling services, 409

starting and stopping services, 403–404

systemd's backward compatibility, 397–399

Upstart's backward compatibility, 388–392

T

t special character, 90

tarballs, 236–237

target units, configuring, 412–414

Targeted policy, SELinux, 678, 682

targeted SELinux policies, 672

targets, iptables, 715

tcsh, 65, 69

TCP Wrappers

allowing FTP access in, 486

NFS access, 539

TE (Type Enforcement), 671–672

telephone list shell script, 167–168

telnet command, 323

termcap file, 188

Terminal window, 68–69

testparm command, 183

text

cut command, 165

grep command, 165

sed command, 166

tr command, 165–166

text editors. See also specific editors

configuration files structure, 184

exercises, 134–135, 787–789

vi, 117–124

adding text, 119–120

changing text, 121–122

copying text, 121–122

deleting text, 121–122

ex mode, 124

exiting, 122–123

movement commands, 123

moving around in text, 120–121

pasting text, 122

searching for text, 124

tutorial, 124

text files

editing, 117–124

finding, 125–134

The Open Group, 14

Thompson, Ken, 8

time.conf file, 659–660

TLS (Transport Layer Security), 280, 452, 465–471

TMOUT environment variable, 87, 91

/tmp directory, 99, 224

togglebool command, 688

TomCat, 450

top command, 140–141, 583–584

Torvalds, Linus, 6–7, 10, 13–14, 26

touch command, 102, 105

tr command, 165–166

traceroute command, 354–355

Transport Layer Security (TLS), 280, 452, 465–471

tripwire, 620

troubleshooting

boot up, 551–568

exercises, 587–588, 826–829

memory, 580–585

networking, 573–580

in rescue mode, 585–587

SELinux, 689–694

software packages, 568–573

web servers, 471–475

TrueCrypt, 640

ttytab file, 381

tune2fs command, 275

type attribute, SELinux security context, 675–677

type command, 75

Type Enforcement, SELinux, 671–672

U

u special character, 90

Ubuntu

Apache configuration file, 457

autofs, installing, 545

booting from USB drive, 779–780

chkrootkit installation, 619

ClamAV packages, 618

cloud images, 756–757

GRUB boot loader, 224–231

installing from installation DVD, 201

John the Ripper installation, 614

Live ISO image, 775–776

lvs command, installing, 641

netfilter/iptables firewall, 716, 724

nmap installation, 701

openssh-server installation, 324

PAM modules, finding, 652

SELinux installation, 670

SELinux policy packages, checking, 682

sudo privilege, 174

upgrade options, 213–214

verifying packages, 616

vsftpd installation, 479

UEFI(Unified Extensible Firmware Interface), 554–557

ufs filesystem, 303

umask command, 112–113

umount command, 309, 549

umsdos filesystem, 302

unalias command, 87

uname command, 72, 155–156

Undefined runlevel, 563

Unified Extensible Firmware Interface (UEFI), 554–557

United States Computer Emergency Readiness Team, 623

Univel, 10

UNIX

commercialized, 9–11

foundational elements, 8–9

GNU project, 11, 12, 14

portability, 8–9

UNIX Laboratory, 10–11

UNIX System Laboratories (USL), 10–11

UnixWare, 10, 11

unmounting filesystems, 309, 549

until...do loop, 164

untyped variables, 158

up2date file, 242

update-rc.d ssh defaults command, 325

updatedb command, 125–126, 149

updating

Linux, 213–214

packages, 249–251

software packages, 607

Upstart, 554

adding new services, 417–419

backward compatibility to SysVinit, 388–392

checking services for, 401–402

configuring default runlevel, 413

configuring persistent services, 409–410

starting/stopping services, 405

Upstart init daemon, 378, 379, 380, 386–392

upstream software providers, 239

USB drive, booting from, 779–780

use_nfs_home_dirs SELinux file context, 539–540

user accounts

centralized, 278–281

creating, 259–268

adding users, 262–265

deleting users, 268

modifying users, 266–267

setting user defaults, 265–266

definition in /etc/password, 69

exercises, 281–282, 798–802

/home directory, 224

locking with PAM, 665–667

managing in the enterprise, 270–278

monitoring, 612–615

Nautilus, 45

process association, 137, 142

root, 177–182

Samba, 512–513

securing, 593–596

system administrators and, 174

user attribute, SELinux security context, 674–677

User Commands man page section, 93

User Defined runlevel, 382

USER environment variable, 85

user-defined state (rc4.d), 185

useradd command, 260, 262–266

userdel command, 268

usermod command, 266–267

Users & Groups, graphical admin tool, 176

Users window, 259, 261, 262, 279

USL (UNIX System Laboratories), 10–11

/usr directory, 99, 223

/usr/bin directory, 74, 183

/usr/local/bin directory, 74

/usr/sbin directory, 182

UUCP Log, 610

V

Vagrant, 344, 732

/var directory, 99, 224

/var/allusers directory, 107, 132

/var/autofs directory, 546

/var/cache/yum directory, 243, 252, 572, 573

/var/ftp directory, 478, 481, 482, 487, 490

/var/lib/libvirt/images directory, 737, 738, 741

/var/lib/rpm directory, 244, 252, 572

/var/lib/samba/private/passdb.tdb file, 521

/var/log directory, 322, 334, 336, 608–611

/var/log/audit/audit.log file, 689–690

/var/log/httpd directory, 475

/var/log/httpd/error.log file, 472

/var/log/messages file, 337

/var/log/samba directory, 502, 510

/var/log/secure file, 594

/var/logs/dmesg file, 192–193

/var/named directory, 373

/var/salesdocs directory, 268

/var/stuff directory, 275–276

/var/www/error directory, 451–452

/var/www/html directory, 455

/var/www/manual directory, 452

verifying RPM packages, 255–256

Very Secure FTP Daemon. See vsftpd

vfat filesystem, 302

vgdisplay command, 299

vi text editor, 117–124

adding text, 119–120

changing text, 121–122

copying text, 121–122

deleting text, 121–122

ex mode, 124

exiting, 122–123

movement commands, 123

moving around in text, 120–121

pasting text, 122

searching for text, 124

tutorial, 124

vim command, 119, 124, 184, 318, 561

vimtutor command, 124, 181

virt-install, 740, 753, 756

virt-manager, 730, 733–734, 737, 740–744, 754–755

virt-viewer, 734

virtual consoles, 69

exiting shell, 88

tty1, 73

virtual hosts, adding, 462–464

virtual machines, 730

creating, 740–744

managing, 744–745

migrating, 745–747

virtual network computing (vnc) installations, 218

VirtualBox, 204, 216

virtualization, 5

Linux installation, 216

Red Hat Enterprise Virtualization, 18, 177

RHEL OpenStack Platform, 18

Xen, 5, 204, 216, 730

virus signatures, 618

viruses, 618–622

VMWare, 204, 216

vnc (virtual network computing) installations, 218

vnc boot option, 218

vncconnect=hostname[:port] boot option, 218

vncpassword=password boot option, 218

volume groups, 295–301, 804

vsftpd, 317, 477–479. See also FTP servers

installing, 479–480

Internet setup, 491–492

relating Linux file permissions, 488

securing, 483–488

starting, 480–483

user access, 488–489

writing to, 489–491

vsftpd.conf file, 480, 488

vsftpd.log file, 609

W

w special character, 90

web servers

Apache web server

configuration files, 457–462

installing, 450–454

publishing web content, 464–465

securing, 455–457

SSL/TLS, 465–471

starting, 454–455

troubleshooting, 471–475

virtual hosts, adding, 462–464

RHCE exam, 25

troubleshooting, 471–475

webalizer package, 453

webalizer package, 317

WebDav, 46

while...do loop, 164

who am i command, 69

who command, 73

Winbind, 279

Window List extension, 42–43

window managers, 31

Compiz, 50, 51, 58

Metacity, 50–52

window menu, GNOME 3 desktop, 37

Windows

file sharing. See Samba

vs. Linux, 6

Linux ISO image, burning, 776–777

Workspace Switcher, Metacity, 52, 58

wtmp file, 610

X

X Windowing System, 30–32

X.Org X11 Log, 610

X11 forwarding, 328–329

xdriver-vesa boot option, 217

Xen, 5, 204, 216, 730

xeyes command, 152

Xfce desktop, 14, 29, 31, 32

xferlog file, 609

XFree86.0.log file, 189

xfs filesystem, 303

xinetd.conf file, 188

Xorg.0.log file, 189, 610

xorg.conf file, 60, 188

Y

ypserv package, 317

YUM (Yellowdog Updater Modified) project, 240–252

downloading packages, 252

installing packages, 247–249

maintaining package database/cache, 251–252

removing packages, 248–249

searching for packages, 246–247

updating packages, 249–251

using with third-party repositories, 244–245

yum command, 241–244, 245–252

YUM Log, 610

yum.conf file, 242

yum.log file, 242, 610

Z

Zipcloak, 646

Zorin OS, 19