- •Contents
- •Preface to second edition
- •1 Introduction
- •1.2 Applying technology in an environment
- •1.3 The human role in systems
- •1.4 Ethical issues
- •1.7 Common practice and good practice
- •1.8 Bugs and emergent phenomena
- •1.10 Knowledge is a jigsaw puzzle
- •1.11 To the student
- •1.12 Some road-maps
- •2 System components
- •2.2 Handling hardware
- •2.3 Operating systems
- •2.4 Filesystems
- •2.5 Processes and job control
- •2.6 Networks
- •2.7 IPv4 networks
- •2.8 Address space in IPv4
- •2.9 IPv6 networks
- •3 Networked communities
- •3.1 Communities and enterprises
- •3.2 Policy blueprints
- •3.4 User behavior: socio-anthropology
- •3.5 Clients, servers and delegation
- •3.6 Host identities and name services
- •3.8 Local network orientation and analysis
- •4 Host management
- •4.1 Global view, local action
- •4.2 Physical considerations of server room
- •4.3 Computer startup and shutdown
- •4.5 Installing a Unix disk
- •4.6 Installation of the operating system
- •4.7 Software installation
- •4.8 Kernel customization
- •5 User management
- •5.1 Issues
- •5.2 User registration
- •5.3 Account policy
- •5.4 Login environment
- •5.5 User support services
- •5.6 Controlling user resources
- •5.7 Online user services
- •5.9 Ethical conduct of administrators and users
- •5.10 Computer usage policy
- •6 Models of network and system administration
- •6.5 Creating infrastructure
- •6.7 Competition, immunity and convergence
- •6.8 Policy and configuration automation
- •7.2 Methods: controlling causes and symptoms
- •7.4 Declarative languages
- •7.6 Common assumptions: clock synchronization
- •7.7 Human–computer job scheduling
- •7.9 Preventative host maintenance
- •7.10 SNMP tools
- •7.11 Cfengine
- •8 Diagnostics, fault and change management
- •8.1 Fault tolerance and propagation
- •8.2 Networks and small worlds
- •8.3 Causality and dependency
- •8.4 Defining the system
- •8.5 Faults
- •8.6 Cause trees
- •8.7 Probabilistic fault trees
- •8.9 Game-theoretical strategy selection
- •8.10 Monitoring
- •8.12 Principles of quality assurance
- •9 Application-level services
- •9.1 Application-level services
- •9.2 Proxies and agents
- •9.3 Installing a new service
- •9.4 Summoning daemons
- •9.5 Setting up the DNS nameservice
- •9.7 E-mail configuration
- •9.8 OpenLDAP directory service
- •9.10 Samba
- •9.11 The printer service
- •9.12 Java web and enterprise services
- •10 Network-level services
- •10.1 The Internet
- •10.2 A recap of networking concepts
- •10.3 Getting traffic to its destination
- •10.4 Alternative network transport technologies
- •10.5 Alternative network connection technologies
- •10.6 IP routing and forwarding
- •10.7 Multi-Protocol Label Switching (MPLS)
- •10.8 Quality of Service
- •10.9 Competition or cooperation for service?
- •10.10 Service Level Agreements
- •11 Principles of security
- •11.1 Four independent issues
- •11.2 Physical security
- •11.3 Trust relationships
- •11.7 Preventing and minimizing failure modes
- •12 Security implementation
- •12.2 The recovery plan
- •12.3 Data integrity and protection
- •12.5 Analyzing network security
- •12.6 VPNs: secure shell and FreeS/WAN
- •12.7 Role-based security and capabilities
- •12.8 WWW security
- •12.9 IPSec – secure IP
- •12.10 Ordered access control and policy conflicts
- •12.11 IP filtering for firewalls
- •12.12 Firewalls
- •12.13 Intrusion detection and forensics
- •13 Analytical system administration
- •13.1 Science vs technology
- •13.2 Studying complex systems
- •13.3 The purpose of observation
- •13.5 Evaluating a hierarchical system
- •13.6 Deterministic and stochastic behavior
- •13.7 Observational errors
- •13.8 Strategic analyses
- •13.9 Summary
- •14 Summary and outlook
- •14.3 Pervasive computing
- •B.1 Make
- •B.2 Perl
- •Bibliography
- •Index
Preface to second edition
This book grew originally out of a one-semester course in Network and System Administration which has now run successfully for six years at Oslo College, Norway. This first course is an introductory course and involves about thirty percent theory and seventy percent practical work [40]; it assumes knowledge equivalent to a typical college course on Operating Systems as well as some basic computer skills. The purpose of this book was to provide a mixture of theory and practice for a such course in system administration; to extract those principles and ideas of system administration which do not change on a day-to-day basis; and to present them in a defensible manner [188].
In writing the second edition, I have not only corrected shortcomings and anachronisms in the original edition, but have attempted to compile a textbook that goes beyond a single introductory course, and paints a larger picture. This has been a very difficult task, and my book is very imperfect. It attempts to strike a balance between completeness and selective tasting to satisfy the needs of a student with a limited budget. It cannot hope to cover everything that a system administrator ought to know, but it can provide a beginning. The resulting book forms a sufficient basis for two or more courses at university level, assuming a previous knowledge of operating systems. Indeed, this book is now the hub of our Masters Degree in Network and System Administration at Oslo University College. It makes contact with more traditional areas of computer science and engineering, and provides an overview of material that will help to bind other more specific works into a coherent whole. Although it covers material sufficient for more than one course, it did not seem appropriate to divide the book into smaller parts, as it also functions as an initial reference work for the field.
On a personal note, I never want to write a book like this again! Maintaining this book is far harder than maintaining computers – and I can’t do it with cfengine. The possibility for error and anachronism is enormous and the amount of work to compile, maintain and generalize these concepts huge. To assemble the book, I have reviewed the research work of many authors, most of which has centered around the USENIX organization and its many groundbreaking conferences. In spite of a desire for completeness, I have resisted the temptation to include every possible detail and fact which might be useful in the practical world. Several excellent books already exist, which cover this need, and I see no reason to compete with them (see the recommended reading list). I have therefore limited myself to examples of each which are either practical or illustrative. If any operating systems have been unfairly brought into focus, I hope it is only the Free
xii |
PREFACE TO SECOND EDITION |
operating systems such as GNU/Linux and the BSD’s, from which no one other than their users will benefit.
For the new edition, I must add my thanks to several individuals. I am most grateful to Steven Jenkins and Nick Christenson for both thorough, heroic readings and razor-sharp critiques of the almost finished manuscript. Steve VanDevender and Æleen Frisch also provided helpful comments and corrections. Thanks to Jonathan Laventhol for interesting discussions about company policy in the UK and for providing me with real-world examples, and the permission to adapt and reproduce them here. Thanks to Hal Miller and Lee Damon for permission to reproduce their versions of the SAGE code of ethics. Part of the section on SNMP is based on Jurgen¨ Schonw¨alder’s¨ excellent writings; I’m grateful to him for allowing me the indulgence, and for reading the result. Rob Apthorpe also allowed me to base the discussion of fault trees on his LISA paper that I whipped and beat him for a year earlier. I have benefited from my lunch discussions with Kyrre Begnum and Assi Gueye.
From the original edition, I offer my special thanks to Tina Darmohray for her comments and encouragement, as well as for allowing me to adapt some firewall examples from her excellent notes. Russ Harvey of the University of California, Riverside also made very positive and useful criticisms of the early materials. Special thanks to Per Steinar Iversen for making detailed comments and constructive criticisms on the manuscript from his near-infinite reservoir of technical expertise. Thanks also to David Kuncicky, Sigmund Straumsnes and Kjetil Sahlberg for their careful readings and suggestions for improvement. Any remaining errors must be entirely someone else’s fault (but I haven’t figured out who I can blame yet). Thanks to Knut Borge of USIT, University of Oslo, for moderating the course on which this book is based and for teaching me many important things over the years; also to Tore Øfsdahl and Harald Hofsæter, our system administrators at Oslo College who constantly help me in often intangible ways. Sigmund generated the graphs which appear in this volume. In addition to them, Runar Jørgensen and Harek˚ Haugerud commented on the manuscript. Ketil Danielsen has provided me with both tips and encouragement. Thanks to Greg Smith of the NASA Ames Research Center for performance tips and to Steve Traugott for discussions on infrastructure. I’m grateful to Cami Edwards of USENIX for making copies of old LISA proceedings available from the archives. I was shocked to discover just how true is the panel debate: why do we keep reinventing the wheel? I should also like to thank all of the students at Oslo University College who have attended my lectures and have inspired me to do better than I might otherwise have done. Finally, all credit to the SAGE/USENIX association for their unsurpassed work in spreading state of the art knowledge about computing systems of all sizes and shapes.
Mark Burgess
Oslo University College