You are previewing Linux® Quick Fix Notebook.
O'Reilly logo
Linux® Quick Fix Notebook

Book Description

"Where has this book been all my professional life? It is about time someone wrote this book. The author covers many basic, practical issues that other authors omit in a format that makes for a great troubleshooting reference and for casual perusing. There are a lot of books available that give a broad overview of system and network administration, and there are a lot of detailed books on each specific topic covered in this book, but I don't know of any other place where I can get so much useful, practical information on such a wide range of topics in such a concise and readable form. I will highly recommend it to my friends and colleagues who are trying to manage their own systems. I am anxious to show it to our instructors who teach data communications and networks as a possible text or lab manual."

—Ron McCarty, instructor and program chair, Computer Science, Penn State Erie

"This book takes a very unique approach and is very flexible. It offers a great deal to the home user, students, small businesses—all the way to any Linux sys admin that needs a handy reference. I found it very refreshing in terms of style, stated goals, presentation, ease of use, direction, and the "present and future" value of the content. In other words the author is very current and knowledgeable. I would recommend this book to every level from programmer to manager."

—Joe Brazeal, Information Technician III, Southwest Power Pool

"This book is an excellent resource for new Linux administrators. I was impressed with the comprehensive set of 35 topic chapters, making this book a very useful reference. I know of no other work like this."

—George Vish II, Linux curriculum program manager and senior education consultant, Hewlett-Packard Education

"I would recommend this book to novice Linux users and administrators. It covers a lot of topics, and makes it easy for readers to follow along."

—Bret Strong, education consultant, Hewlett-Packard Company

"Linux Quick Fix Notebook is a well-written guide to designing, installing, and maintaining Linux servers. Many Linux reference texts are just simple rewrites of Linux ¨man¨ and ¨info¨ pages, but this book addresses the real issues that systems administrators encounter when working with Linux. The author provides a pedagogical guide to learning Linux server administration. In addition, the book includes step-by-step information so that users can quickly take advantage of the best that open source software has to offer today. I would recommend this book to both beginning and intermediate users of Linux."

—Joseph Naberhaus, Professor of Networking, Universidad Del Mar

An indispensable guide for every Linux administrator

Instant access to precise, step-by-step solutions for every essential Linux administration task

From basic configuration and troubleshooting to advanced security and optimization

If you're responsible for delivering results with Linux, Linux® Quick Fix Notebook brings together all the step-by-step instructions, precise configuration commands, and real-world guidance you need. This distilled, focused, task-centered guide was written for sysadmins, netadmins, consultants, power users...everyone whose livelihood depends on making Linux work, and keeping it working.

This book's handy Q&A format gives you instant access to specific answers, without ever forcing you to wade through theory or jargon. Peter Harrison addresses virtually every aspect of Linux administration, from software installation to security, user management to Internet services—even advanced topics such as software RAID and centralized LDAP authentication. Harrison's proven command-line examples work quickly and efficiently, no matter what Linux distribution you're using. Here's just some of what you'll learn how to do:

  • Build Linux file/print servers and networks from scratch

  • Troubleshoot Linux and interpret system error messages

  • Control every step of the boot process

  • Create, manage, secure, and track user accounts

  • Install, configure, and test Linux-based wireless networks

  • Protect your network with Linux iptables firewalls

  • Set up Web, e-mail, DNS, DHCP, and FTP servers

  • And much more...

© Copyright Pearson Education. All rights reserved.

Table of Contents

  1. Copyright
    1. Dedication
  2. Praise for Linux Quick Fix Notebook
  3. Bruce Perens’ Open Source Series
  4. About Prentice Hall Professional Technical Reference
  5. Preface
    1. Why Is This Book Necessary?
    2. Prerequisites
    3. Approach
    4. Breakdown of Book
  6. Acknowledgments
  7. About the Author
  8. I. The Linux File Server Project
    1. 1. Why Host Your Own Site?
      1. Our Network
      2. Alternatives to In-House Web Hosting
        1. Virtual Hosting
        2. Dedicated Hosting
      3. Factors to Consider Before Hosting Yourself
        1. Is In-House Hosting Preferred?
          1. Pros
          2. Cons
      4. How to Migrate From an External Provider
      5. In-House Server Considerations
      6. Conclusion
    2. 2. Introduction to Networking
      1. The OSI Networking Model
      2. An Introduction to TCP/IP
        1. TCP Is a Connection-Oriented Protocol
        2. How TCP Establishes a Connection
        3. UDP, TCP’s “Connectionless” Cousin
        4. TCP and UDP Ports
        5. The TCP/IP Time to Live Feature
        6. The ICMP Protocol and Its Relationship to TCP/IP
      3. How IP Addresses Are Used to Access Network Devices
        1. Private IP Addresses
        2. The localhost IP Address
        3. Network Address Translation (NAT) Makes Private IPs Public
        4. Port Forwarding with NAT Facilitates Home-Based Web Sites
        5. DHCP
        6. How DNS Links Your IP Address to Your Web Domain
        7. IP Version 6 (IPv6)
      4. How Subnet Masks Group IP Addresses into Networks
        1. Calculating the Number of Addresses Assigned to a Subnet
        2. Calculating the Range of Addresses on Your Network
          1. Manual Calculation
          2. Calculation Using a Script
        3. Subnet Masks for the Typical Business DSL Line
      5. The Physical and Link Layers
      6. Networking Equipment Terminology
        1. Network Interface Cards
          1. The Meaning of the NIC Link Light
          2. Duplex Explained
          3. The MAC Address
          4. How ARP Maps the MAC Address to Your IP Address
        2. The Two Broad Types of Networking Equipment
          1. Data Terminal Equipment
          2. Data Communications Equipment
          3. Using Straight-Through/Crossover Cables to Connect DTEs and DCEs
        3. Connectivity Using Hubs
        4. Using Switches as a Faster Alternative to Hubs
        5. Local Area Networks
        6. How Routers Interconnect LANs
        7. How Simple Routing Works
        8. Default Gateways, the Routers of Last Resort
        9. Firewalls Help Provide a Secure Routing Environment
      7. Additional Introductory Topics
        1. The File Transfer Protocol
        2. Linux Help
      8. Conclusion
    3. 3. Linux Networking
      1. How to Configure Your NIC’s IP Address
        1. Determining Your IP Address
        2. Changing Your IP Address
          1. How DHCP Affects the DNS Server You Use
        3. Multiple IP Addresses on a Single NIC
        4. IP Address Assignment for a Direct DSL Connection
          1. Some Important Files Created by adsl-setup
          2. Simple Troubleshooting
        5. IP Address Assignment for a Cable Modem Connection
      2. How to Activate/Shut Down Your NIC
      3. How to View Your Current Routing Table
      4. How to Change Your Default Gateway
      5. How to Configure Two Gateways
        1. Adding Routes from the Command Line
        2. Adding Routes with /etc/sysconfig/network-scripts/ Files
      6. How to Delete a Route
      7. Changing NIC Speed and Duplex
        1. Using mii-tool
          1. Setting Your NIC’s Speed Parameters with mii-tool
        2. Using ethtool
          1. Setting Your NIC’s Speed Parameters with ethtool
      8. How to Convert Your Linux Server into a Router
        1. Configuring IP Forwarding
        2. Configuring Proxy ARP
      9. Configuring Your /etc/hosts File
        1. The loopback Interface’s localhost Entry
      10. Conclusion
    4. 4. Simple Network Troubleshooting
      1. Sources of Network Slowness
      2. Sources of a Lack of Connectivity
      3. Doing Basic Cable and Link Tests
      4. Testing Your NIC
        1. Viewing Your Activated Interfaces
        2. Viewing All Interfaces
          1. Shut Down Interface
          2. Active Interface
        3. Testing Link Status from the Command Line
          1. Link Status Output from mii-tool
          2. Link Status Output from ethtool
        4. Viewing NIC Errors
          1. Ifconfig Error Output
          2. ethtool Error Output
          3. Possible Causes of Ethernet Errors
      5. How to See MAC Addresses
      6. Using ping to Test Network Connectivity
      7. Using telnet to Test Network Connectivity
      8. Linux telnet Troubleshooting
        1. Successful Connection
        2. Connection Refused Messages
        3. telnet Timeout or Hanging
      9. telnet Troubleshooting Using Windows
        1. Screen Goes Blank—Successful Connection
        2. Connect Failed Messages
        3. telnet Timeout or Hanging
      10. Testing Web Sites with the curl and wget Utilities
        1. Using curl
        2. Using wget
      11. The netstat Command
      12. The Linux iptables Firewall
        1. Determining Whether iptables Is Running
        2. How to Stop iptables
        3. How to Configure iptables Rules
      13. Using traceroute to Test Connectivity
        1. Sample traceroute Output
        2. Possible traceroute Messages
        3. traceroute Time Exceeded False Alarms
        4. traceroute Internet Slowness False Alarm
        5. traceroute Dies at the Router Just Before the Server
        6. Always Get a Bidirectional traceroute
        7. ping and traceroute Troubleshooting Example
        8. traceroute Web Sites
        9. Possible Reasons for a Failed traceroute
      14. Using MTR to Detect Network Congestion
      15. Viewing Packet Flows with tcpdump
        1. Analyzing tcpdump files
        2. Common Problems with tcpdump
      16. Viewing Packet Flows with tethereal
      17. Basic DNS Troubleshooting
        1. Using nslookup to Test DNS
          1. Using nslookup to Check Your Web Site Name
          2. Using nslookup to Check Your IP Address
          3. Using nslookup to Query a Specific DNS Server
        2. Using the host Command to Test DNS
      18. Using nmap
      19. Determining the Source of an Attack
      20. Who Has Used My System?
        1. The last Command
        2. The who Command
      21. Conclusion
    5. 5. Troubleshooting Linux with syslog
      1. syslog
        1. The /etc/syslog.conf File
          1. Files
          2. Directories
        2. Activating Changes to the syslog Configuration File
        3. How to View New Log Entries as They Happen
        4. Logging syslog Messages to a Remote Linux Server
          1. Configuring the Linux syslog Server
          2. Configuring the Linux Client
          3. Linux Client
          4. Linux Server
        5. syslog Configuration and Cisco Network Devices
        6. syslog and Firewalls
      2. logrotate
        1. The /etc/logrotate.conf File
        2. Sample Contents of /etc/logrotate.conf
        3. The /etc/logrotate.d Directory
          1. The /etc/logrotate.d/syslog File (for General System Logging)
          2. The /etc/logrotate.d/apache File (for Apache)
          3. The /etc/logrotate.d/samba File (for Samba)
        4. Activating logrotate
        5. Compressing Your Log Files
      3. Conclusion
    6. 6. Installing RPM Software
      1. Where to Get Commonly Used RPMs
        1. RPMs on Your Installation CDs
        2. RPMs Downloaded from Fedora
          1. Using FTP or Your Web Browser
          2. Using yum
        3. RPMs Downloaded from
      2. Getting RPMs Using Web-Based FTP
        1. Using the Fedora Web site
        2. Using the rpmfind Web site
      3. Getting RPMs Using Command-Line Anonymous FTP
      4. Getting RPMs Using wget
      5. Automatic Updates with yum
        1. Configuring yum
        2. Creating Your Own yum Server
        3. Before You Start
        4. Keeping Your System Current with yum
        5. Example of a yum Package Installation
      6. How to Install RPMs Manually
        1. Using Downloaded Files
        2. Using CD-ROMs
      7. How to Install Source RPMs
      8. RPM Installation Errors
        1. Failed Dependencies
        2. Signature Keys
      9. How to List Installed RPMs
      10. Listing Files Associated with RPMs
        1. Listing Files for Already Installed RPMs
        2. Listing Files in RPM Files
        3. Listing the RPM to Which a File Belongs
      11. Uninstalling RPMs
      12. Which RPMs Start at Boot Time?
      13. Installing Software Using tar Files
      14. Conclusion
    7. 7. The Linux Boot Process
      1. The Fedora Boot Sequence
      2. Determining the Default Boot runlevel
      3. Getting a GUI Console
      4. Get a Basic Text Terminal Without Exiting the GUI
        1. Using a GUI Terminal Window
        2. Using Virtual Consoles
      5. System Shutdown and Rebooting
        1. Halt/Shut Down the System
        2. Reboot the System
        3. Entering Single-user Mode
          1. Switching to Single-user Mode
          2. Entering Single-user Mode at the Grub Splash Screen
          3. Reverting to Your Default runlevel from Single-user Mode
          4. Root Password Recovery
      6. How to Set Programs to Run at Each runlevel
        1. chkconfig Examples
          1. Use chkconfig to Get a Listing of sendmail’s Current Startup Options
          2. Switch Off sendmail Starting Up in Levels 3 and 5
          3. Double-check that sendmail Will Not Start Up
          4. Turn On sendmail Again
        2. Using chkconfig to Improve Security
        3. Final Tips on chkconfig
      7. Conclusion
    8. 8. Configuring the DHCP Server
      1. Download and Install the DHCP Package
      2. The /etc/dhcpd.conf File
      3. How to Get DHCP Started
      4. DHCP Servers with Multiple NICs
        1. Temporary Solution
        2. Permanent Solution
      5. Configuring Linux Clients to Use DHCP
      6. Configuring Windows Clients to Use DHCP
      7. Simple DHCP Troubleshooting
        1. DHCP Clients Obtaining Addresses
      8. Conclusion
    9. 9. Linux Users and sudo
      1. Adding Users
        1. Who Is the Super User?
        2. How to Add Users
        3. How to Change Passwords
        4. How to Delete Users
        5. How to Tell the Groups to Which a User Belongs
        6. How to Change the Ownership of a File
      2. Using sudo
        1. Example of a User Using sudo
        2. Downloading and Installing the sudo Package
          1. The visudo Command
          2. The /etc/sudoers File
          3. General /etc/sudoers Guidelines
        3. Simple /etc/sudoers Examples
          1. Granting All Access to Specific Users
          2. Granting Access to Specific Users to Specific Files
          3. Granting Access to Specific Files as Another User
          4. Granting Access Without Needing Passwords
          5. Using Aliases in the sudoers File
          6. Other Examples
            1. Using syslog to Track All sudo Commands
      3. Conclusion
    10. 10. Windows, Linux, and Samba
      1. Download and Install Packages
      2. How to Get Samba Started
      3. The Samba Configuration File
      4. How SWAT Makes Samba Simpler
        1. Basic SWAT Setup
        2. Controlling SWAT
        3. Encrypting SWAT
          1. Create an stunnel User
          2. Create the Certificates
          3. Modify Certificate File Permissions
          4. Create an /etc/stunnel/stunnel.conf Configuration File
          5. Create a New /etc/xinetd.d File for Secure SWAT
          6. Edit the /etc/services File to Create a Secure SWAT Entry
          7. Activate swat-stunnel
          8. Test Secure SWAT
          9. Test the Secure SWAT Login
          10. Troubleshooting Secure SWAT
        4. How to Make SWAT Changes Immediate
      5. Creating a Starter Configuration
        1. The [global] Section
          1. Using the SWAT Wizard
        2. The [homes] Section
        3. The [netlogon] and [profiles] Share Sections
        4. The [printers] Share Section
        5. Shares for Specific Groups of Users
      6. Samba Passwords
      7. How to Create a Samba PDC Administrator User
        1. Home Environment
        2. Corporate Environment
      8. How to Add Workstations to Your Samba Domain
        1. Create Samba Trust Accounts for Each Workstation
          1. Manual Creation of Machine Trust Accounts (NT Only)
          2. Dynamic Creation of Machine Trust Accounts
        2. Make Your PC Clients Aware of Your Samba PDC
          1. Windows 95/98/ME and Windows XP Home
          2. Windows NT
          3. Windows 200x and Windows XP Professional
      9. How to Add Users to Your Samba Domain
        1. Adding the Users in Linux
        2. Mapping the Linux Users to an smbpassword
        3. Mapping a Private Windows Drive Share
          1. Mapping Using My Computer
          2. Mapping from the Command Line
      10. Domain Groups and Samba
      11. How to Delete Users from Your Samba Domain
      12. How to Modify Samba Passwords
      13. Conclusion
    11. 11. Sharing Resources Using Samba
      1. Adding a Printer to a Samba PDC
        1. Adding the Printer to Linux
        2. Make Samba Aware of the Printer
        3. Configure the Printer Driver on the Workstations
      2. Creating Group Shares in Samba
        1. Create the Directory and User Group
        2. Configure the Share in SWAT
        3. Map the Directory Using My Computer
      3. Sharing Windows Drives Using a Linux Samba Client
        1. Windows Setup
        2. Test Your Windows Client Configuration
        3. Create a CD-ROM Drive Mount Point on Your Samba Server
          1. Password Prompt Method
          2. No Prompt Method
          3. The smbmount Command Method
      4. Automating Mounting with Linux Samba Clients
      5. Conclusion
    12. 12. Samba Security and Troubleshooting
      1. Testing the smb.conf File
      2. Samba and Firewall Software
        1. Linux iptables
        2. Windows-based Zone Alarm
        3. The Windows XP Built-In Firewall
      3. Testing Basic Client/Server Network Connectivity
      4. Testing Samba Client/Server Network Connectivity
      5. Checking the Samba Logs
      6. Samba Network Troubleshooting
      7. Basic Samba Security
      8. Conclusion
    13. 13. Linux Wireless Networking
      1. Wireless Linux-Compatible NICs
      2. Common Wireless Networking Terms
        1. Wireless Access Points
        2. Extended Service Set ID
        3. Encryption Keys
      3. Networking with Linux Wireless Tools
        1. Using iwconfig for Wireless Tools Configuration
        2. Permanent Wireless Tools Configuration
        3. Wireless Tools Encryption
      4. Networking with Linux-WLAN
        1. Linux-WLAN Preparation
        2. Identifying the Correct RPMs
          1. Determine the Kernel Type
          2. Determine the OS Version
          3. Determine the Kernel Version
        3. Installing the RPMs
        4. Linux-WLAN Post Installation Steps
          1. Configure the New wlan0 Interface
          2. Disable Your Existing Ethernet NIC
          3. Select the Wireless Mode and SSID
        5. Start Linux-WLAN
        6. Testing Linux-WLAN
        7. Linux-WLAN Encryption for Security
          1. De-activating Encryption
      5. Troubleshooting Your Wireless LAN
        1. Check the NIC Status
          1. The iwconfig Command
          2. The iwlist Command
          3. The iwspy Command
        2. Check for Interrupt Conflicts
        3. Kernel Log Errors
        4. Can’t Ping Default Gateway
        5. Unknown Device Errors
        6. A Common Problem with Linux-WLAN and Fedora Core 1
      6. Wireless Networks In Businesses
      7. Conclusion
  9. II. The Linux Web Site Project
    1. 14. Linux Firewalls Using iptables
      1. What Is iptables?
      2. Download and Install the iptables Package
      3. How to Start iptables
      4. Determining the Status of iptables
      5. Packet Processing in iptables
      6. Targets and Jumps
      7. Important iptables Command Switch Operations
      8. Using User-Defined Chains
      9. Saving Your iptables Scripts
      10. Fedora’s iptables Rule Generator
      11. Recovering from a Lost Script
      12. Loading Kernel Modules Needed by iptables
      13. Sample iptables Scripts
        1. Basic Operating System Defense
        2. Basic iptables Initialization
        3. Advanced iptables Initialization
        4. Allowing DNS Access to Your Firewall
        5. Allowing WWW and SSH Access to Your Firewall
        6. Allowing Your Firewall to Access the Internet
        7. Allow Your Home Network to Access the Firewall
        8. Masquerading (Many to One NAT)
        9. Port Forwarding Type NAT (DHCP DSL)
        10. Static NAT
      14. Troubleshooting iptables
        1. Checking the Firewall Logs
        2. iptables Won’t Start
      15. Conclusion
    2. 15. Linux FTP Server Setup
      1. FTP Overview
        1. Types of FTP
          1. Active FTP
          2. Passive FTP
          3. Regular FTP
          4. Anonymous FTP
      2. Problems with FTP and Firewalls
        1. Client Protected by a Firewall Problem
          1. Solution
        2. Server Protected by a Firewall Problem
          1. Solution
      3. How to Download and Install VSFTPD
      4. How to Get VSFTPD Started
      5. Testing the Status of VSFTPD
      6. The vsftpd.conf File
        1. Other vsftpd.conf Options
      7. FTP Security Issues
        1. The /etc/vsftpd.ftpusers File
        2. Anonymous Upload
        3. FTP Greeting Banner
        4. Using SCP as Secure Alternative to FTP
      8. Troubleshooting FTP
      9. Tutorial
        1. FTP Users with Read-Only Access to a Shared Directory
        2. Sample Login Session to Test Functionality
      10. Conclusion
    3. 16. TELNET, TFTP, and xinetd
      1. Managing xinetd Programs
        1. Controlling xinetd
        2. Controlling xinetd-Managed Applications
      2. TELNET
        1. Using The TELNET Client
        2. Installing the TELNET Server Software
        3. Setting Up a TELNET Server
        4. Stopping a TELNET Server
        5. Basic TELNET Security
          1. Let Telnet Listen on Another TCP Port
          2. Let TELNET Allow Connections from Trusted Addresses
      3. TFTP
        1. Installing the TFTP Server Software
        2. Configuring the TFTP Server
        3. Saving Cisco Configurations to the TFTP Server
          1. Cisco PIX Firewall
          2. Cisco Switch Running CATOS
          3. Cisco Router
          4. Cisco CSS 11000 Arrowpoints
          5. Cisco Local Director
        4. Uploading Cisco Configurations from the TFTP Server
          1. Sample Upload Configuration File
          2. Procedure to Upload Configuration File
        5. Using TFTP to Restore Your Router Configuration
      4. Conclusion
    4. 17. Secure Remote Logins and File Copying
      1. A Quick Introduction to SSH Encryption
      2. Starting OpenSSH
      3. Testing the Status of SSH
      4. The /etc/ssh/sshd_config File
        1. SSH Versions 1 and 2
        2. Change the TCP Port on Which SSH Listens
      5. Using SSH to Log Into a Remote Machine
      6. What to Expect with Your First Login
        1. SSH Failures Due to Linux Reinstallations
      7. Deactivating TELNET After Installing SSH
      8. Executing Remote Commands on Demand with SSH
      9. SCP: A Secure Alternative to FTP
        1. Copying Files to the Local Linux Box
        2. Copying Files to the Remote Linux Box
      10. SFTP: Another Secure Alternative to FTP
      11. Using SSH and SCP Without a Password
        1. Configuration: Client Side
        2. Configuration: Server Side
      12. Conclusion
    5. 18. Configuring DNS
      1. Introduction to DNS
        1. DNS Domains
        2. BIND
        3. DNS Clients
        4. Authoritative DNS Servers
        5. How DNS Servers Find Your Site Information
        6. When to Use a DNS Caching Name Server
        7. When to Use a Static DNS Server
        8. When To Use A Dynamic DNS Server
        9. How to Get Your Own Domain
        10. Basic DNS Testing of DNS Resolution
          1. The host Command
          2. The nslookup Command
      2. Downloading and Installing the BIND Packages
      3. Starting BIND
      4. The /etc/resolv.conf File
      5. Configuring a Caching Name Server
      6. Important File Locations
      7. Configuring a Regular Name Server
        1. Configuring resolv.conf
        2. Configuring named.conf
        3. Configuring the Zone Files
          1. Time to Live Value
          2. DNS Resource Records
          3. The SOA Record
          4. NS, MX, A, PTR, and CNAME Records
        4. Sample Forward Zone File
        5. Sample Reverse Zone File
        6. What You Need to Know About NAT and DNS
        7. Loading Your New Configuration Files
        8. Make Sure Your /etc/hosts File is Correctly Updated
        9. Configure Your Firewall
        10. Fix Your Domain Registration
      8. Troubleshooting BIND
        1. General Troubleshooting Steps
      9. Migrating Your Web Site In-House
      10. DHCP Considerations for DNS
      11. Simple DNS Security
        1. Zone Transfer Protection
        2. Naming Convention Security
      12. Conclusion
    6. 19. Dynamic DNS
      1. Dynamic DNS Preparation
        1. Testing ISP Connectivity for Your Web Site
          1. Setup
          2. Testing from the Internet
          3. Test Port Forwarding
        2. Registering DDNS
        3. Install a DDNS Client on Your Server
      2. Dynamic DNS and NAT Router/Firewalls
      3. DDNS Client Software: SOHO Router/Firewalls
      4. DDNS Client Software: Linux DDclient
        1. The /etc/ddclient.conf File
        2. How to Get DDclient Started
        3. Finding DDclient Help
      5. Testing Your Dynamic DNS
      6. Conclusion
    7. 20. The Apache Web Server
      1. Downloading and Installing the Apache Package
      2. Starting Apache
      3. Configuring DNS for Apache
      4. DHCP and Apache
      5. General Configuration Steps
        1. Where to Put Your Web Pages
          1. The Default File Location
          2. File Permissions and Apache
          3. Security Contexts for Web Pages
          4. Security Contexts for CGI Scripts
        2. Named Virtual Hosting
          1. Named Virtual Hosting Example
        3. IP-Based Virtual Hosting
          1. IP Virtual Hosting Example: Single Wild Card
          2. IP Virtual Hosting Example: Wild Card and IP Addresses
        4. Virtual Hosting and SSL
      6. Configuration: Multiple Sites and IP Addresses
        1. Testing Your Web Site Before DNS Is Fixed
        2. Disabling Directory Listings
        3. Handling Missing Pages
      7. Using Data Compression on Web Pages
        1. Compression Configuration Example
      8. Apache Running on a Server Behind a NAT Firewall
        1. Step 1: Configure Virtual Hosting on Multiple IPs
        2. Step 2: Configure DNS Views
      9. Protecting Web Page Directories with Passwords
      10. The /etc/httpd/conf.d Directory
      11. Troubleshooting Apache
        1. Testing Basic HTTP Connectivity
        2. Browser 403 Forbidden Messages
        3. Only the Default Apache Page Appears
        4. Incompatible /etc/httpd/conf/http.conf Files When Upgrading
        5. Server Name Errors
        6. The Apache Status Log Files
        7. The Apache Error Log Files
      12. Conclusion
    8. 21. Configuring Linux Mail Servers
      1. Configuring sendmail
        1. How sendmail Works
          1. Incoming Mail
          2. Outgoing Mail
          3. sendmail Macros
        2. Installing sendmail
        3. Starting sendmail
        4. How to Restart sendmail After Editing Your Configuration Files
        5. The /etc/mail/ File
          1. How to Put Comments in
        6. Configuring DNS for sendmail
          1. Configure Your Mail Server’s Name In DNS
          2. Configure the /etc/resolv.conf File
          3. The /etc/hosts File
        7. How to Configure Linux sendmail Clients
        8. Converting From a Mail Client to a Mail Server
          1. A General Guide to Using the File
        9. The /etc/mail/relay-domains File
        10. The /etc/mail/access File
        11. The /etc/mail/local-host-names File
        12. Which User Should Really Receive the Mail?
          1. The /etc/mail/virtusertable file
          2. The /etc/aliases File
        13. sendmail Masquerading Explained
          1. Configuring Masquerading
          2. Testing Masquerading
          3. Other Masquerading Notes
        14. Using sendmail to Change the Sender’s E-mail Address
        15. Troubleshooting sendmail
          1. Test TCP Connectivity
          2. Test TCP Connectivity
          3. The /var/log/maillog File
          4. Common Errors Due to Incomplete RPM Installation
          5. Incorrectly Configured /etc/hosts Files
      2. Fighting Spam
        1. Using Public Spam Blacklists with sendmail
        2. spamassassin
          1. Downloading and Installing spamassassin
          2. Starting spamassassin
          3. Configuring procmail for spamassassin
          4. Configuring spamassassin
          5. Startup spamassassin
        3. A Simple PERL Script to Help Stop Spam
      3. Configuring Your POP Mail Server
        1. Installing Your POP Mail Server
        2. Starting Your POP Mail Server
        3. How to Configure Your Windows Mail Programs
        4. Configuring Secure POP Mail
        5. How to Handle Overlapping E-mail Addresses
        6. Troubleshooting POP Mail
      4. Conclusion
    9. 22. Monitoring Server Performance
      1. SNMP
        1. OIDs and MIBs
        2. SNMP Community Strings
        3. SNMP Versions
        4. Doing SNMP Queries
          1. Installing SNMP Utilities on a Linux Server
          2. SNMP Utilities Command Syntax
          3. Configuring SNMP on a Linux Server
          4. SNMP on Other Devices
          5. Different SNMP Versions
        5. Basic SNMP Security
        6. Simple SNMP Troubleshooting
      2. MRTG
        1. MRTG Download and Installation
        2. Configuring MRTG
        3. Getting MRTG to Poll Multiple Devices
        4. Configuring Apache to Work with MRTG
          1. Basic Security
        5. How to View the MRTG Graphs in Your Web Browser
        6. Using MRTG to Monitor Other Subsystems
        7. Troubleshooting MRTG
          1. Basic Steps
          2. Setting the Correct Character Set
          3. Fedora Core 1 MRTG Errors with net-snmp
      3. Webalizer
        1. How to View Your Webalizer Statistics
        2. The Webalizer Configuration File
      4. The top Command
      5. The vmstat Command
      6. The free Utility
      7. Conclusion
    10. 23. Advanced MRTG for Linux
      1. Locating and Viewing the Contents of Linux MIBs
      2. Testing Your MIB Value
      3. Differences in MIB and MRTG Terminology
      4. The CPU and the Memory Monitoring MIB
      5. The TCP/IP Monitoring MIB
      6. Manually Configuring Your MRTG File
        1. Parameter Formats
        2. Legend Parameters
        3. Options Parameters
        4. Title Parameters
        5. Scaling Parameters
        6. Defining The MIB Target Parameters
          1. Plotting Only One MIB Value
          2. Adding MIB Values Together for a Graph
          3. Sample Target: Total CPU Usage
          4. Sample Target: Memory Usage
          5. Sample Target: Newly Created Connections
          6. Sample Target: Total TCP Established Connections
          7. Sample Target: Disk Partition Usage
        7. Defining Global Variables
      7. Implementing Advanced Server Monitoring
        1. A Complete Sample Configuration
        2. Testing the Configuration
        3. Creating a New MRTG Index Page to Include this File
        4. Configuring CRON to Use the New MRTG File
      8. Monitoring Non-Linux MIB Values
        1. Scenario
        2. Find the OIDs
        3. Testing The OIDs
      9. Troubleshooting
      10. Conclusion
    11. 24. The NTP Server
      1. Download and Install the NTP Package
      2. The /etc/ntp.conf File
      3. How to Get NTP Started
      4. Testing and Troubleshooting NTP
        1. Verifying NTP is Running
        2. Doing an Initial Synchronization
        3. Determining If NTP Is Synchronized Properly
        4. Your Linux NTP Clients Cannot Synchronize Properly
        5. Fedora Core 2 File Permissions
      5. Configuring Cisco Devices to Use an NTP Server
        1. Cisco IOS
        2. CAT OS
      6. Firewalls and NTP
      7. Configuring a Windows NTP Client
      8. Conclusion
  10. III. Advanced Topics
    1. 25. Network-Based Linux Installation
      1. Setting Up the Installation Server
        1. Basic Preparation
          1. Create the Installation Directories
          2. Copying the Files
          3. HTTP and FTP Preparation
          4. NFS Preparation
        2. Set Up Your Web Server
        3. Set Up Your FTP Server
        4. Create a Special FTP User
        5. Set Up Your NFS Server
        6. Configure Your DHCP Server
      2. Creating a Boot CD
      3. The Network Installation
      4. Troubleshooting the Network Installation
      5. Differences Between Fedora and Red Hat Installation
      6. Automating Installation with Kickstart
        1. How to Create New Kickstart Configuration Files
          1. Adding post Installation Commands
          2. A Note about Using anaconda-ks.cfg
        2. How to Run a Kickstart Installation
        3. Booting With Your Kickstart Files
          1. Manually Specifying the Kickstart Filename
          2. Configuring the Filename Automatically
      7. Conclusion
    2. 26. Linux Software RAID
      1. RAID Types
        1. Linear Mode RAID
        2. RAID 0
        3. RAID 1
        4. RAID 4
        5. RAID 5
      2. Before You Start
        1. IDE Drives
        2. Serial ATA Drives
        3. SCSI Drives
        4. Should I Use Software RAID Partitions or Entire Disks?
        5. Back up Your System First
        6. Configure RAID in Single-User Mode
      3. Configuring Software RAID
        1. RAID Partitioning
          1. Determining Available Partitions
          2. Unmount the Partitions
          3. Prepare the Partitions with fdisk
          4. Use fdisk Help
          5. Set the ID Type to FD
          6. Make Sure the Change Occurred
          7. Save the Changes
          8. Repeat for the Other Partitions
        2. Edit the RAID Configuration File
        3. Create the RAID Set
        4. Confirm RAID Is Correctly Initialized
        5. Format the New RAID Set
        6. Load the RAID Driver for the New RAID Set
        7. Create a Mount Point for the RAID Set
        8. Edit the /etc/fstab File
        9. Start the New RAID Set’s Driver
        10. Mount the New RAID Set
        11. Check the Status of the New RAID
      4. Conclusion
    3. 27. Expanding Disk Capacity
      1. Adding Disks to Linux
        1. Scenario
        2. Determining the Disk Types
        3. Preparing Partitions on New Disks
        4. Verifying Your New Partition
        5. Putting a Directory Structure on Your New Partition
        6. Migrating Data to Your New Partition
      2. Expanding Partitions with LVM
        1. LVM Terms
        2. Configuring LVM Devices
          1. Back up Your Data
          2. Unmount Your /home Filesystem
          3. Determine the Partition Types
          4. Start fdisk
          5. Set the ID Type to 8e
          6. Make Sure the Change Occurred
          7. Save the Partition Changes
          8. Define Each Physical Volume
          9. Run VGscan
          10. Create a Volume Group for the PVs
          11. Create a Logical Volume from the Volume Group
          12. Format the Logical Volume
          13. Create a Mount Point
          14. Update the /etc/fstab File
          15. Mount the Volume
          16. Restore Your Data
          17. Get Out of Single User Mode
      3. Conclusion
    4. 28. Managing Disk Usage with Quotas
      1. Setting Up Quotas
        1. Enter Single-User Mode
        2. Edit Your /etc/fstab File
        3. Remount the Filesystem
        4. Get Out of Single-User Mode
        5. Create the Partition Quota Configuration Files
        6. Initialize the Quota Table
        7. Edit the User’s Quota Information
        8. Testing
      2. Other Quota Topics
        1. Editing Grace Periods
        2. Editing Group Quotas
        3. Getting Quota Reports
      3. Conclusion
    5. 29. Remote Disk Access With NFS
      1. NFS Operation Overview
        1. General NFS Rules
        2. Key NFS Concepts
          1. VFS
          2. Stateless Operation
          3. Caching
          4. NFS and Symbolic Links
          5. NFS Background Mounting
          6. Hard and Soft Mounts
          7. NFS Versions
        3. Important NFS Daemons
      2. Installing nfs
      3. Scenario
      4. Configuring NFS on the Server
        1. The /etc/exports File
        2. Starting NFS on the Server
      5. Configuring NFS on the Client
        1. Starting NFS on the Client
        2. NFS and DNS
        3. Making NFS Mounting Permanent
          1. The /etc/fstab File
          2. Permanently Mounting the NFS Directory
          3. Manually Mounting NFS File Systems
      6. Activating Modifications to the /etc/exports File
        1. New Exports File
        2. Adding a Shared Directory To An Existing Exports File
        3. Deleting, Moving, or Modifying a Share
      7. The NFS automounter
        1. automounter Map Files
          1. Direct Maps
          2. Indirect Maps
        2. The Structure of Direct and Indirect Map Files
          1. Indirect Map File Example
          2. Direct Map File Example
        3. Wildcards in Map Files
          1. Using the Ampersand Wildcard
          2. Using the Asterisk Wildcard
        4. Starting automounter
        5. automounter Examples
      8. Troubleshooting NFS
        1. The showmount Command
        2. The df Command
        3. The nfsstat Command
      9. Other NFS Considerations
        1. Security
        2. NFS Hanging
        3. File Locking
        4. Nesting Exports
        5. Limiting root Access
        6. Restricting Access to the NFS Server
        7. File Permissions
      10. Conclusion
    6. 30. Centralized Logins Using NIS
      1. Scenario
      2. Configuring the NFS Server
      3. Configuring the NFS Client
      4. Configuring the NIS Server
        1. Edit Your /etc/sysconfig/network File
        2. Edit Your /etc/yp.conf File
        3. Start the Key NIS Server-Related Daemons
        4. Initialize Your NIS Domain
        5. Start the ypbind and ypxfrd Daemons
        6. Make Sure the Daemons Are Running
      5. Adding New NIS Users
      6. Configuring the NIS Client
        1. Run authconfig
        2. Start the NIS Client-Related Daemons
        3. Verify Name Resolution
        4. Test NIS Access to the NIS Server
        5. Test Logins via the NIS Server
          1. Logging in via TELNET
          2. Logging in via SSH
      7. NIS Slave Servers
        1. Configuring NIS Slave Servers
        2. Configuring NIS Clients with Slaves
      8. Changing Your NIS Passwords
        1. When There Is Only an NIS Master
          1. Users Changing their Own Passwords
          2. User root Changing Passwords
        2. When There Is a NIS Master and Slave Pair
        3. Possible Password Errors
          1. Segmentation Faults
          2. Daemon Errors
      9. Considerations for a Non-NFS Environment
      10. NIS Troubleshooting
      11. Conclusion
    7. 31. Centralized Logins Using LDAP and RADIUS
      1. The LDAP Directory Structure
      2. Scenario
      3. Downloading and Installing the LDAP Packages
        1. Required LDAP Server RPMs
        2. Required LDAP Client RPMs
      4. Configuring the LDAP Server
        1. Create a Database Directory
        2. Create an LDAP Root Password
        3. Edit the slapd.conf File
        4. Start the ldap Daemon
        5. Convert the /etc/passwd File to LDIF Format
          1. Create the ldapuser Test Account
          2. Extract the Desired Records from /etc/passwd
          3. Find the Conversion Script
          4. Convert the .ldapuser File
        6. Modify the LDIF Files
          1. Edit the User LDIF File
          2. Create an LDIF File for the Domain
        7. Import the LDIF Files into the Database
        8. Test the LDAP Database
      5. Configuring the LDAP Client
        1. Edit the ldap.conf Configuration File
        2. Edit the /etc/nsswitch File
        3. Create Home Directories on the LDAP Client
          1. Check If ldapuser Is Missing from the /etc/passwd File
          2. Create the Home Directory for ldapuser on the LDAP Client
        4. Testing
      6. Configuring Encrypted LDAP Communication
        1. Configuring the stunnel LDAP Client
        2. Configuring the stunnel LDAP Server
      7. Troubleshooting LDAP Logins
        1. Test Using ldapsearch
        2. Use SSH or the Linux Console
        3. Use the tcpdump Command
          1. Test Secure LDAP
          2. Test Regular LDAP
        4. Test Basic Connectivity
        5. LDAP Works But Is Not Using LDAPS
        6. stunnel Doesn’t Appear to Work
        7. LDAP bind Errors
        8. Possible stunnel Errors in Fedora Core 2
      8. Common LDAP Administrative Tasks
        1. Starting and Stopping LDAP
        2. LDAP Users Changing Their Own Passwords
        3. Modifying LDAP Users by User root
          1. The Modify LDAP User Script
        4. Adding New LDAP Users
          1. Create an LDAP Add User Script
          2. Add the User to the Database
        5. Deleting LDAP Users
        6. LDAP Web Management Tools
      9. Configuring RADIUS for LDAP
        1. Download and Install the FreeRADIUS Packages
        2. Starting and Stopping FreeRADIUS
        3. Configuring the /etc/raddb/radiusd.conf File
        4. Configuring the /etc/raddb/users File
        5. Configuring the /etc/raddb/clients.conf File
        6. Troubleshooting and Testing RADIUS
          1. Server Setup
          2. Linux Client Setup
          3. Cisco Client Setup
          4. Errors with Fedora Core 2
      10. Conclusion
    8. 32. Controlling Web Access with Squid
      1. Download and Install the Squid Package
      2. Starting Squid
      3. The /etc/squid/squid.conf File
        1. The Visible Host Name
        2. Access Control Lists
        3. Restricting Web Access by Time
        4. Restricting Web Access by IP Address
        5. Password Authentication Using NCSA
      4. Forcing Users to Use Your Squid Server
        1. Making Your Squid Server Transparent to Users
        2. Manually Configuring Web Browsers to Use Your Squid Server
      5. Squid Disk Usage
      6. Troubleshooting Squid
      7. Conclusion
    9. 33. Modifying the Linux Kernel to Improve Performance
      1. The Pros and Cons of Kernel Upgrades
      2. Download and Install the Kernel Sources Package
      3. Kernel Modules
        1. Reasons for Kernel Modules
        2. How Kernel Modules Load When Booting
          1. Modules and the grub.conf File
        3. Loading Kernel Modules on Demand
      4. Creating a Custom Kernel
        1. Make Sure Your Source Files Are in Order
        2. The .config File
          1. Backup Your Configuration
        3. Customizing the .config File
        4. Configure Dependencies
        5. Edit the Makefile to Give the Kernel a Unique Name
        6. Compile a New Kernel
        7. Build the Kernel’s Modules
        8. Install the Kernel Modules
        9. Copy the New Kernel to the /boot Partition
      5. Updating GRUB
        1. Kernel Crash Recovery
        2. How to Create a Boot CD
      6. Updating the Kernel Using RPMs
      7. Conclusion
    10. 34. Basic MySQL Configuration
      1. Preparing MySQL for Applications
      2. Installing MySQL
      3. Starting MySQL
      4. The /etc/my.cnf File
      5. The Location of MySQL Databases
      6. Creating a MySQL Root Account
      7. Accessing the MySQL Command Line
      8. Creating and Deleting MySQL Databases
      9. Granting Privileges to Users
      10. Running MySQL Scripts to Create Data Tables
      11. Viewing Your New MySQL Databases
        1. Listing the Data Tables in Your MySQL Database
        2. Viewing Your MySQL Database’s Table Structure
        3. Viewing the Contents of a Table
      12. Configuring Your Application
      13. Recovering and Changing Your MySQL Root Password
      14. MySQL Database Backup
      15. MySQL Database Restoration
      16. Very Basic MySQL Network Security
      17. Basic MySQL Troubleshooting
        1. Connectivity Testing
        2. Test Database Access
        3. A Common Fedora Core 1 MySQL Startup Error
      18. Conclusion
    11. 35. Configuring Linux VPNs
      1. VPN Guidelines
      2. Scenario
      3. Download and Install the Openswan Package
      4. How to Get Openswan Started
      5. Get the Status of the Openswan Installation
        1. How to Fix Common Status Errors
          1. IP Forwarding
          2. Opportunistic Encryption DNS Checks
      6. VPN Configuration Steps Using RSA Keys
        1. The /etc/ipsec.conf File
        2. Obtaining RSA Keys
          1. Creating Your Own Keys
          2. Get the Left Public Key
          3. Get the Right Public Key
        3. Edit the /etc/ipsec.conf Configuration File
          1. Some Important Notes About the /etc/ipsec.conf File
        4. Restart Openswan
        5. Initialize the New Tunnel
        6. Testing the New Tunnel
      7. Possible Changes to IP Tables NAT/Masquerade Rules
      8. How to Ensure Openswan Starts When Rebooting
      9. Using Pre-Shared Keys (PSK)
      10. Troubleshooting Openswan
        1. Determine the Tunnel Status
        2. Testing VPN Connectivity
        3. Check the Routes
        4. Using tcpdump
          1. Protected Interface TCPDump Output from vpn2
          2. Unprotected Interface TCPDump Output from vpn2
        5. Check syslog Error Messages
        6. Invalid Key Messages
      11. Conclusion
  11. I. Miscellaneous Linux Topics
    1. Fedora Core 3
    2. Linux Security with TCP Wrappers
      1. The TCP Wrappers File Format
      2. Determining the TCP Daemon’s Name
    3. Adjusting Kernel Parameters
    4. Running Linux Without a Monitor
      1. Preparing to Go Headless
      2. Configuration Steps
    5. Make Your Linux Box Emulate a VT100 Dumb Terminal
      1. Configuration Steps
    6. VPN Terms and Methods
      1. Authentication and Encryption Methods
      2. Internet Key Exchange (IKE)
        1. Public Encrypted Keys
        2. Shared Private Keys
      3. IKE’s role in Creating Security Associations
      4. VPN Security and Firewalls
      5. VPN User Authentication Methods for Temporary Connections
    7. TCP/IP Packet Format
    8. ICMP Codes
  12. II. Codes, Scripts, and Configurations
    1. Apache File Permissions Script
    2. sendmail Spam Filter Script
      1. The mail-filter.accept File
      2. The mail-filter.reject File
      3. The mail-filter Script
    3. iptables Scripts
      1. FTP Client Script
      2. FTP Server Script
      3. NTP Server Script
      4. Home/Small Office Protection Script
    4. Sample DNS Zone Files: Using BIND Views
      1. The /etc/named.conf File
      2. Zone File for (External View)
      3. Zone File for (Internal View)
      4. Reverse Zone File for a Home Network Using NAT
    5. sendmail Samples
      1. Sample /etc/mail/access File
      2. Sample /etc/mail/local-host-names File
      3. Sample /etc/mail/ File
      4. Sample /etc/mail/virtusertable File
  13. III. Fedora Version Differences
    1. FTP Differences
    2. DHCP Differences
    3. DNS Differences
    4. Routing Differences
    5. iptables Differences
    6. Software Installation Differences
    7. Wireless Networking Differences
      1. Linux-WLAN File Locations Using Red Hat 8.0 RPMs
    8. MRTG Differences
      1. File Locations
      2. indexmaker MRTG_LIB Errors with Red Hat 9 and 8.0
      3. Precedence Bitwise Error with Red Hat 9
    9. Webalizer Differences
  14. IV. syslog Configuration and Cisco Devices
    1. Cisco Routers
    2. Catalyst CAT Switches Running CATOS
    3. Cisco Local Director
    4. Cisco PIX Firewalls
    5. Cisco CSS11000 (Arrowpoints)
    6. The Sample Cisco syslog.conf File