- •About the Author
- •Credits
- •How This Book Is Organized
- •Part I: Linux Basics
- •Part II: Installation
- •Part III: Configuration
- •Part IV: Administration
- •Part V: Maintaining the Linux System
- •How Each Chapter Is Structured
- •How to Use This Book
- •Conventions Used in This Book
- •What is Linux?
- •The origin of UNIX
- •Who started Linux?
- •Understanding Open Source
- •Understanding Closed Source
- •Understanding Artistic License
- •Is Freeware really free?
- •Is Shareware never free?
- •A comparison and contrast of licensing methods
- •The Growth of Linux
- •Linux on a Personal Computer
- •Graphical installation
- •Hardware detection
- •Graphical user interface
- •Linux limitations on the PC
- •Linux succeeds on the PC
- •Linux on workstations
- •Linux on servers
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Linux Kernel
- •Kernel versions
- •Kernel availability
- •Linux Distributions
- •Beehive
- •BlueCat
- •Caldera OpenLinux
- •Debian
- •Corel
- •DragonLinux
- •Elfstone
- •Gentoo
- •Hard Hat Linux
- •KRUD
- •LinuxPPC
- •Mandrake
- •Phat Linux
- •Slackware
- •StormLinux
- •SuSE
- •TurboLinux
- •Yellow Dog Linux
- •Mini and Specialty Distributions
- •Astaro
- •KYZO
- •FlightLinux
- •NetMAX
- •Packages and Packaging Solutions
- •Red Hat Package Manager
- •Debian Package Management System
- •Tarball
- •Linux Resources
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Linux In the Real World
- •Word Processing
- •Spreadsheets and databases
- •Web browsing
- •File transfer
- •More, more, and more applications
- •The Server and DNS
- •A Linux Web server
- •Linux e-mail server
- •File servers
- •Proxy, news, and search servers
- •FTP servers
- •Firewalls
- •Determining Linux Roles and Services
- •Comparing Linux with other operating systems
- •Hardware compatibility
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Installing Linux
- •Final Preparations for Installation
- •Verification
- •Package selection
- •Final hardware verification
- •Pre-installation partitioning planning
- •Installing Linux
- •Text or GUI installation
- •Basic setup of Linux
- •Selecting the machine type
- •Partitioning the hard disk drive
- •Installing a boot manager
- •Creating the Boot Diskette
- •Networking
- •Additional installation information
- •Accounts and passwords
- •Additional packages to install
- •GUI installation
- •Obtaining video card information
- •Configuring the X windows system
- •Selecting the windows manager or desktop environment
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Answers to Assessment Questions
- •Scenarios
- •Alternative to the GUI Installation
- •Command Line installation
- •Install the Linux system
- •Network installations of Linux
- •Review of a Linux Installation
- •Installation media
- •Initial selections
- •Installation type or class
- •Disk partitioning and formatting
- •Installing LILO
- •Network configuration
- •User accounts
- •Authentication methods
- •Package selection and installation
- •A Dual-Boot Installation of Linux
- •Linux with Microsoft Windows
- •Linux with Microsoft Windows NT and 2000
- •Linux and Solaris
- •Linux and other operating systems
- •Installing Additional Software with gzip and tar
- •Installing Additional Software with RPM
- •Removing software with RPM
- •Upgrading software with RPM
- •Query the RPM software
- •Verify the RPM software
- •Verify the package files
- •Upgrading the Kernel
- •Upgrading a Linux Kernel
- •System Log Files
- •The Final Test of the Installation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •What is the X Window System?
- •The X Window System
- •X Client and Server communications
- •X Window Manager
- •Configuring X Window Systems
- •Custom X Window System Programs
- •Manual Configuration of the X Window System
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Basic Network Services
- •TCP/IP Protocol Suite
- •Connection protocols needed
- •Other network protocols
- •Configuring Basic Network Services
- •Host name
- •IP addressing
- •DHCP
- •Netmask
- •Hardware resources
- •Routing and gateways
- •PPP, SLIP and PLIP connections
- •Server Tasks with
- •IP aliases for virtual hosts
- •Apache Web Server
- •Samba File Server
- •Home directories
- •Disk shares
- •Configuring Client Services
- •SMB/CIFS
- •NIS client configuration
- •NFS client configuration
- •Configuring Internet Services
- •Web browser
- •POP and SMTP
- •TFTP
- •SNMP
- •Remote Access
- •Rlogin
- •Telnet
- •OpenSSH
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Adding Hardware
- •Memory
- •Swap
- •Adding a hard drive
- •Video and monitor
- •Printers
- •Configuration files
- •Setting environment variables
- •BASH
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Basic User and Group Administration
- •What are users and groups?
- •Creating users
- •Change user information
- •Deleting users
- •Creating groups
- •Getting Around Linux
- •Navigating Linux
- •Common file and directory commands
- •Setting File and Directory Permissions
- •Mounting and Managing File Systems
- •Mount
- •Umount
- •Mounted file systems
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Multi-User Environment
- •The creation of Virtual Consoles
- •The Linux Terminal Server Project
- •Configurations for remote systems
- •Monitoring remote connections
- •Common Shell Commands
- •Basic shell scripts
- •Caution using root access
- •Navigating the GUI interface
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Runlevels
- •init
- •Shutting down Linux
- •Managing Linux Services
- •Configuring Linux Printing
- •lpd daemon
- •/etc/printcap
- •Printing management
- •Using the vi Editor
- •vi operation modes
- •Editing text files
- •Using the
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Disk and File System Management
- •Repairing Partitions
- •System Automation and Scheduling
- •cron
- •Core Dumps
- •Analyzing core dumps
- •GNU Debugger
- •Managing Networking Interfaces
- •Installing System Packages and Patches
- •Compressed archive
- •Debian Package Installer
- •Slackware Package Installation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Processes
- •Core services versus non-critical services
- •Process administration
- •Process control
- •Monitoring Log Files
- •Maintaining Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Security
- •Securing the Environment
- •Location
- •Environment
- •System Security
- •System/user files
- •Permissions
- •Log auditing
- •Backups
- •Linux Security Best Practices
- •Network security
- •Firewall
- •System security
- •Securing a Web server
- •Securing an FTP server
- •FTP program version
- •FTP configuration files
- •Process security
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Disaster Recovery Planning
- •Types of data
- •Frequency and Scheduling
- •Storage and media types
- •Recovering data
- •Offsite storage
- •Linux Backup Tools and Commands
- •Third party tools
- •Tape devices
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Identifying the Problem
- •Methodology and Best Practices
- •Troubleshooting Resources
- •Documentation resources
- •Internet resources
- •System Log Files
- •Tools for Log Files
- •Output to another file
- •Locating files
- •Process Configuration and Management
- •Stopping, Starting, and Restarting Processes
- •Configuration Files
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Examining the Startup Process
- •Boot process steps
- •Analyzing Boot Process Errors
- •Common Boot Problems
- •Using System Status Tools
- •File System Check
- •System Resource Commands
- •Using the System Boot Disk
- •Types of boot disks
- •Creating a boot disk
- •Creating a rescue/utility disk
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Common User Problems
- •Login problems
- •File and directory permissions
- •Printing problems
- •Mail problems
- •Software Package Problems
- •Package dependencies
- •Software and version conflicts
- •Backup and Restore Errors
- •Backup hardware
- •Backup software
- •File restore errors
- •Application Failures
- •Log files
- •Process and daemon errors
- •Web server errors
- •Telnet
- •Mail services
- •Basic Networking Troubleshooting
- •Networking connectivity
- •Network hardware problems
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Mainboard Components
- •BIOS
- •System memory
- •System Resources
- •I/O addresses
- •Direct memory access
- •Laptop Considerations
- •PCMCIA
- •Linux Peripheral Configuration
- •Installing and Configuring SCSI Devices
- •SCSI definitions
- •SCSI technologies
- •SCSI cabling and termination
- •SCSI device configuration
- •Linux SCSI devices
- •ATA/IDE Devices
- •IDE drive configuration
- •Linux ATA/IDE Drive configuration
- •Linux Support for Other Devices
- •IEEE 1394 (Firewire)
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •What’s on the CD-ROM
- •System Requirements
- •Using the CD with Microsoft Windows
- •Using the CD with Linux
- •Microsoft Windows applications
- •Linux applications
- •Troubleshooting
- •Sample Exam
- •Exam Questions
- •Exam Answers
- •Taking a CompTIA Exam
- •How to register for an exam
- •What to expect at the testing center
- •Your exam results
- •If you don’t receive a passing score
- •About the Linux + Exam
- •Preparing for the Linux+ Exam
- •For More Information
- •Preamble
- •No Warranty
- •Glossary
- •Index
62 |
Part II Installation |
Proxy, news, and search servers
Linux provides for proxy, news, and search services with several different software packages. Linux provides a proxy-caching server that caches Web information, which increases the client’s access speed, and also reduces bandwidth costs to a company. The most popular proxy-caching server for Linux is called Squid. Squid is a high-performance proxy-caching server that supports FTP, gopher, and HTTP data objects. It is used to cache (store information) that was previously accessed by clients. When a user makes a request for a Web page, Squid checks to see if it has a copy of the requested information in its cache. If Squid has this information, it checks to see if the information is current, updates it if necessary, and then forwards this information to the client. This saves the client time if the information was previously accessed and saves the company money and resources because Squid removes the need to access the requested information from the Internet. Squid also allows the creation of access control lists (ACL), thus enabling the filtering and tracking of Web traffic that the clients are requesting. Therefore, Squid provides an excellent proxy server with comprehensive Web-filtering tools.
News servers are supported in Linux by InterNetNews package (INN) and Leafnode. Leafnode is a USENET software package designed for small sites with few readers and only a slow link to the Net, and is therefore not really beneficial in the enterprise environment. INN, however, is a full Usenet system that includes a NNTP (Network News Transport Protocol) server and a newsreading server. INN was originally written by Rich Salz, but has since been taken over by the Internet Software Consortium (ISC). InterNetnews is used to exchange messages between networks of news servers.
News articles are placed into newsgroups.
Each individual news server locally stores all articles that it has received for a given newsgroup.
The newsgroups are organized in hierarchical fashion ensuring that all messages are distributed to local servers, making access to stored articles extremely fast.
Searching for documents in a newsgroup or on the World Wide Web can be a challenge to the user. Due to the vast amount of information available, it can be a daunting task to search individual web sites and newsgroups for a particular piece of information. Luckily, you have Dig (or the ht://Dig system), which is a complete World Wide Web (WWW) indexing and searching system for a domain or intranet. Dig is intended to provide a searching and indexing system for local websites and Intranet information. Although it is competent for its intended area of use, it is not meant to replace large-scale Internet search engines, such as Google, Yahoo, Lycos, Infoseek, or AltaVista. Dig supports both simple and complex searches. It supports Boolean search methods, with arbitrarily complex Boolean expressions and fuzzy search methods to search both HTML and text documents. Fuzzy search methods
Chapter 3 Pre-Installation Planning |
63 |
use exact, soundex, metaphone, common word endings, synonyms, and configurable algorithms to search the documents. Dig can be configured to search subsections of the databases for any number of keywords, and to then send the output to a customized HTML template. You can use Dig to index a server or parts of a server that are protected by a username and password.
FTP servers
The FTP (File Transfer Protocol) is a protocol that allows computers to send and receive files over the Internet. A counterpart to FTP is TFTP, or Trivial File Transfer Protocol. TFTP is the connection-less protocol that is often used for streaming files, such as audio or video, where missing one piece of information is less important than continuing the stream of information. Due to the design of the protocol, different machines using different operating systems and different hardware can exchange files in a safe manner. FTP provides for guaranteed delivery of data from an FTP server to the FTP client. Most versions of Linux come with some form of FTP server package. After the server is configured, users can connect to it with any FTP client.
Firewalls
A firewall protects the resources of a private network from unauthorized access from an outside network. A typical firewall is often created on a router, or a specially designated computer, which acts as a gateway to separate the outside network from the internal network. This creates a secure path so that only authorized incoming requests are allowed into the private network. An inexpensive Linux machine with a connection to the outside network and with another connection to the internal network can be used as a firewall. Linux provides many resources to create a firewall, including ipchains, Netfilter (which uses iptables and NAT or Network Address Translation), and IP Masquerade. Firewalls are very important servers that must be constantly updated and tested. The ability of any firewall solution is only as good as the person administering it. If you have the world’s best firewall but don’t keep it up-to-date, vulnerabilities may be discovered that can compromise the firewall.
ipchains
ipchains work by using a set of rules to filter traffic. The rules are initially organized into three groups (called chains):
The input chain is used to control which packet comes into the box.
The forward chain intercepts packets that come from one network and are destined for another network but are routed through the firewall.
The output chain examines packets that are leaving the firewall.
64 |
Part II Installation |
The chain that is used to decide the fate of the packet depends on where the packet was intercepted. Several basic targets and functions are used with ipchains, including:
ACCEPT, which allows the packet to pass through
DENY, which denies access by the packet
REJECT, which denies access and notifies the sender
MASQ, which masquerades the packet
REDIRECT, which sends the packet to a local socket or process on the firewall
RETURN, which sends the packet to the end of the chain and lets the default target process the packet
Netfilter
Netfilter uses a true package-filtering tool to filter incoming packets. To perform this task, Netfilter uses iptables. These tables are established with rules based on particular network protocols. Therefore, different tables with rules can be created to select packets according to different criteria. After the packet is selected and passed to the table, the table handles the dropping or accepting of the packet. This greatly reduces the overhead of packet filtering because only the table that handles the packet actually determines the status of the packet — and not an entire set of rules, as in ipchains.
NAT
NAT (Network Address Translation) is the translation of an IP address that is used within one network to a different IP address known within another network. One network is designated as the inside network and the other is designated as the outside network. Typically, NAT is used to map a user’s local network address to an outside IP addresses, and resolves the IP address on incoming packets back into its local IP address. This helps to ensure security because each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request. NAT also conserves on the number of IP addresses that are needed and lets a single public IP address communicate with external networks. Every packet coming from the internal network will be seen from the outside world as coming from that particular IP address. Most of today’s inexpensive routers use NAT to provide services such as sharing dedicated digital connections. IP Masquerade is really a form of NAT that is used with ipchains.
Stateful packet inspection
Stateful Packet Filtering Firewalls operate around the connections between network firewalls. In filtering packets by the information that is contained within the packet header, firewalls allow or deny access to the network. Stateful filtering firewalls