Muutke küpsiste eelistusi

Linux Administration Handbook 2nd edition [Pehme köide]

4.28/5 (331 hinnangut Goodreads-ist)
, ,
  • Formaat: Paperback / softback, 1040 pages, kõrgus x laius x paksus: 179x232x33 mm, kaal: 1348 g
  • Ilmumisaeg: 09-Nov-2006
  • Kirjastus: Prentice Hall
  • ISBN-10: 0131480049
  • ISBN-13: 9780131480049
Teised raamatud teemal:
  • Pehme köide
  • Hind: 57,24 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
Linux Administration Handbook 2nd editionSuurem pilt
  • Formaat: Paperback / softback, 1040 pages, kõrgus x laius x paksus: 179x232x33 mm, kaal: 1348 g
  • Ilmumisaeg: 09-Nov-2006
  • Kirjastus: Prentice Hall
  • ISBN-10: 0131480049
  • ISBN-13: 9780131480049
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780131480049.html
Märksõnad:
As this book shows, Linux systems are just as functional, secure, and reliable as their proprietary counterparts. Thanks to the ongoing efforts of thousands of Linux developers, Linux is more ready than ever for deployment at the frontlines of the real world. The authors of this book know that terrain well, and I am happy to leave you in their most capable hands. Linus TorvaldsThe most successful sysadmin book of all timebecause it works! Rik Farrow, editor of ;login:This book clearly explains current technology with the perspective of decades of experience in large-scale system administration. Unique and highly recommended. Jonathan Corbet, cofounder, LWN.netNemeth et al. is the overall winner for Linux administration: its intelligent, full of insights, and looks at the implementation of concepts. Peter Salus, editorial director, Matrix.netSince 2001, Linux Administration Handbook has been the definitive resource for every Linux® system administrator who must efficiently solve technical problems and maximize the reliability and performance of a production environment. Now, the authors have systematically updated this classic guide to address todays most important Linux distributions and most powerful new administrative tools.

The authors spell out detailed best practices for every facet of system administration, including storage management, network design and administration, web hosting, software configuration management, performance analysis, Windows interoperability, and much more. Sysadmins will especially appreciate the thorough and up-to-date discussions of such difficult topics such as DNS, LDAP, security, and the management of IT service organizations.

Linux® Administration Handbook, Second Edition, reflects the current versions of these leading distributions:





Red Hat® Enterprise Linux® FedoraTM Core SUSE® Linux Enterprise Debian® GNU/Linux Ubuntu® Linux

Sharing their war stories and hard-won insights, the authors capture the behavior of Linux systems in the real world, not just in ideal environments. They explain complex tasks in detail and illustrate these tasks with examples drawn from their extensive hands-on experience.

Arvustused

"'Linux Administration Handbook, 2nd Edition deserves a place of honor on the shelf of every practicing Linux admin and anyone else who wants to learn. I predict though, that it won't spend many hours on the shelf. It is better used by your side at the keyboard and you learn from its pages."James Pyles, Reviewer, The Linux Tutorial

Muu info

The first edition of this book became known for its thorough and lucid coverage of some of the toughest topics in system administration, including DNS, sendmail, and security. The new edition will focus on many open source tools that have gained acceptance since 1/e was published, including Nagios for network monitoring. Most titles on Linux administration focus on the configuration of a single box. Linux Administration Handbook (LAH) was the first title in this area to focus on the administration of a Linux system in a production environment. LAH examines how Linux systems behave in real-world ecosystems, not how they might behave in ideal environments. The Second Edition incorporates the changes in Linux systems in the past 54 months, which include current versions of RedHat, SuSE and Debian systems, new topics like Logical Volume Manager, X11 basic administration, and Nagios. Chapters on system admin policy, bind, sendmail, and security have been updated.
Foreword to the First Edition xxxiii
Preface xxxiv
Acknowledgments xxxvii
SECTION ONE: BASIC ADMINISTRATION
Where to Start
3(18)
Suggested background
4(1)
Linux's relationship to UNIX
4(1)
Linux in historical context
5(1)
Linux distributions
6(3)
So what's the best distribution?
8(1)
Distribution-specific administration tools
9(1)
Notation and typographical conventions
9(2)
System-specific information
10(1)
Where to go for information
11(3)
Organization of the man pages
12(1)
man: read manual pages
13(1)
Other sources of Linux information
13(1)
How to find and install software
14(2)
Essential tasks of the system administrator
16(2)
Adding, removing, and managing user accounts
16(1)
Adding and removing hardware
16(1)
Performing backups
17(1)
Installing and upgrading software
17(1)
Monitoring the system
17(1)
Troubleshooting
17(1)
Maintaining local documentation
17(1)
Vigilantly monitoring security
17(1)
Helping users
18(1)
System administration under duress
18(1)
System Administration Personality Syndrome
18(1)
Recommended reading
19(1)
Exercises
20(1)
Booting and Shutting Down
21(23)
Bootstrapping
21(4)
Automatic and manual booting
22(1)
Steps in the boot process
22(1)
Kernel initialization
23(1)
Hardware configuration
23(1)
Kernel threads
23(1)
Operator intervention (manual boot only)
24(1)
Execution of startup scripts
25(1)
Multiuser operation
25(1)
Booting PCs
25(1)
Using boot loaders: LILO and GRUB
26(5)
GRUB: The GRand Unified Boot loader
26(2)
LILO: The traditional Linux boot loader
28(1)
Kernel options
29(1)
Multibooting on PCs
30(1)
GRUB multiboot configuration
30(1)
LILO multiboot configuration
31(1)
Booting single-user mode
31(1)
Single-user mode with GRUB
32(1)
Single-user mode with LILO
32(1)
Working with startup scripts
32(8)
init and run levels
33(3)
Red Hat and Fedora startup scripts
36(2)
SUSE startup scripts
38(2)
Debian and Ubuntu startup scripts
40(1)
Rebooting and shutting down
40(3)
Turning off the power
41(1)
shutdown: the genteel way to halt the system
41(1)
halt: a simpler way to shut down
42(1)
reboot: quick and dirty restart
42(1)
telinit: change init's run level
42(1)
poweroff: ask Linux to turn off the power
42(1)
Exercises
43(1)
Rootly Powers
44(9)
Ownership of files and processes
44(2)
The superuser
46(1)
Choosing a root password
47(1)
Becoming root
48(3)
su: substitute user identity
48(1)
sudo: a limited su
48(3)
Other pseudo-users
51(1)
bin: legacy owner of system commands
51(1)
daemon: owner of unprivileged system software
51(1)
nobody: the generic NFS user
51(1)
Exercises
52(1)
Controlling Processes
53(17)
Components of a process
53(3)
PID: process ID number
54(1)
PPID: parent PID
54(1)
UID and EUID: real and effective user ID
54(1)
GID and EGID: real and effective group ID
55(1)
Niceness
55(1)
Control terminal
56(1)
The life cycle of a process
56(1)
Signals
57(3)
kill and killall: send signals
60(1)
Process states
60(1)
nice and renice: influence scheduling priority
61(1)
ps: monitor processes
62(3)
top: monitor processes even better
65(1)
The /proc filesystem
65(1)
strace: trace signals and system calls
66(1)
Runaway processes
67(2)
Recommended reading
69(1)
Exercises
69(1)
The Filesystem
70(23)
Pathnames
72(1)
Filesystem mounting and unmounting
73(2)
The organization of the file tree
75(1)
File types
76(5)
Regular files
78(1)
Directories
78(1)
Character and block device files
79(1)
Local domain sockets
80(1)
Named pipes
80(1)
Symbolic links
80(1)
File attributes
81(7)
The permission bits
81(1)
The setuid and setgid bits
82(1)
The sticky bit
82(1)
Viewing file attributes
82(2)
chmod: change permissions
84(2)
chown: change ownership and group
86(1)
umask: assign default permissions
86(1)
Bonus flags
87(1)
Access control lists
88(4)
ACL overview
88(3)
Default entries
91(1)
Exercises
92(1)
Adding New Users
93(18)
The /etc/passwd file
93(6)
Login name
94(2)
Encrypted password
96(1)
UID (user ID) number
96(1)
Default GID number
97(1)
GECOS field
98(1)
Home directory
98(1)
Login shell
98(1)
The /etc/shadow file
99(2)
The /etc/group file
101(1)
Adding users
102(5)
Editing the passwd and shadow files
103(1)
Editing the /etc/group file
104(1)
Setting an initial password
104(1)
Creating the user's home directory
105(1)
Copying in the default startup files
105(1)
Setting the user's mail home
106(1)
Verifying the new login
106(1)
Recording the user's status and contact information
107(1)
Removing users
107(1)
Disabling logins
108(1)
Managing accounts
108(2)
Exercises
110(1)
Adding a Disk
111(39)
Disk interfaces
111(8)
The PATA interface
112(2)
The SATA interface
114(1)
The SCSI interface
114(4)
Which is better, SCSI or IDE?
118(1)
Disk geometry
119(1)
Linux filesystems
120(2)
Ext2fs and ext3fs
120(1)
ReiserFS
121(1)
XFS and JFS
122(1)
An overview of the disk installation procedure
122(7)
Connecting the disk
122(1)
Formatting the disk
123(1)
Labeling and partitioning the disk
124(1)
Creating filesystems within disk partitions
125(1)
Mounting the filesystems
126(1)
Setting up automatic mounting
127(2)
Enabling swapping
129(1)
hdparm: set IDE interface parameters
129(2)
fsck: check and repair filesystems
131(2)
Adding a disk: a step-by-step guide
133(5)
Advanced disk management: RAID and LVM
138(9)
Linux software RAID
139(1)
Logical volume management
139(1)
An example configuration with LVM and RAID
140(4)
Dealing with a failed disk
144(2)
Reallocating storage space
146(1)
Mounting USB drives
147(1)
Exercises
148(2)
Periodic Processes
150(8)
cron: schedule commands
150(1)
The format of crontab files
151(2)
Crontab management
153(1)
Some common uses for cron
154(2)
Cleaning the filesystem
154(1)
Network distribution of configuration files
155(1)
Rotating log files
156(1)
Other schedulers: anacron and fcron
156(1)
Exercises
157(1)
Backups
158(43)
Motherhood and apple pie
159(4)
Perform all dumps from one machine
159(1)
Label your media
159(1)
Pick a reasonable backup interval
159(1)
Choose filesystems carefully
160(1)
Make daily dumps fit on one piece of media
160(1)
Make filesystems smaller than your dump device
161(1)
Keep media off-site
161(1)
Protect your backups
161(1)
Limit activity during dumps
162(1)
Verify your media
162(1)
Develop a media life cycle
163(1)
Design your data for backups
163(1)
Prepare for the worst
163(1)
Backup devices and media
163(6)
Optical media: CD-R/RW, DVDR/RW, and DVD-RAM
164(1)
Removable hard disks (USB and FireWire)
165(1)
Small tape drives: 8mm and DDS/DAT
166(1)
DLT/S-DLT
166(1)
AIT and SAIT
166(1)
VXA/VXA-X
167(1)
LTO
167(1)
Jukeboxes, stackers, and tape libraries
167(1)
Hard disks
168(1)
Summary of media types
168(1)
What to buy
168(1)
Setting up an incremental backup regime with dump
169(4)
Dumping filesystems
169(2)
Dump sequences
171(2)
Restoring from dumps with restore
173(3)
Restoring individual files
173(2)
Restoring entire filesystems
175(1)
Dumping and restoring for upgrades
176(1)
Using other archiving programs
177(1)
tar: package files
177(1)
cpio: archiving utility from ancient times
178(1)
dd: twiddle bits
178(1)
Using multiple files on a single tape
178(1)
Bacula
179(18)
The Bacula model
180(1)
Setting up Bacula
181(1)
Installing the database and Bacula daemons
181(1)
Configuring the Bacula daemons
182(1)
bacula-dir.conf: director configuration
183(4)
bacula-sd.conf: storage daemon configuration
187(1)
bconsole.conf: console configuration
188(1)
Installing and configuring the client file daemon
188(1)
Starting the Bacula daemons
189(1)
Adding media to pools
190(1)
Running a manual backup
190(2)
Running a restore job
192(3)
Monitoring and debugging Bacula configurations
195(2)
Alternatives to Bacula
197(1)
Commercial backup products
197(1)
ADSM/TSM
197(1)
Veritas
198(1)
Other alternatives
198(1)
Recommended reading
198(1)
Exercises
198(3)
Syslog and Log Files
201(22)
Logging policies
201(3)
Throwing away log files
201(1)
Rotating log files
202(2)
Archiving log files
204(1)
Linux log files
204(4)
Special log files
206(1)
Kernel and boot-time logging
206(2)
logrotate: manage log files
208(1)
Syslog: the system event logger
209(11)
Alternatives to syslog
209(1)
Syslog architecture
210(1)
Configuring syslogd
210(4)
Designing a logging scheme for your site
214(1)
Config file examples
214(2)
Sample syslog output
216(1)
Software that uses syslog
217(1)
Debugging syslog
217(1)
Using syslog from programs
218(2)
Condensing log files to useful information
220(2)
Exercises
222(1)
Software and Configuration Management
223(48)
Basic Linux installation
223(9)
Netbooting PCs
224(1)
Setting up PXE for Linux
225(1)
Netbooting non-PCs
226(1)
Kickstart: the automated installer for Enterprise Linux and Fedora
226(4)
AutoYaST: SUSE's automated installation tool
230(1)
The Debian and Ubuntu installer
231(1)
Installing from a master system
232(1)
Diskless clients
232(2)
Package management
234(3)
Available package management systems
235(1)
rpm: manage RPM packages
235(2)
dpkg: manage Debian-style packages
237(1)
High-level package management systems
237(10)
Package repositories
239(1)
RHN: the Red Hat Network
240(1)
APT: the Advanced Package Tool
241(1)
Configuring apt-get
242(1)
An example /etc/apt/sources.list file
243(1)
Using proxies to make apt-get scale
244(1)
Setting up an internal APT server
244(1)
Automating apt-get
245(1)
yum: release management for RPM
246(1)
Revision control
247(8)
Backup file creation
247(1)
Formal revision control systems
248(1)
RCS: the Revision Control System
249(2)
CVS: the Concurrent Versions System
251(2)
Subversion: CVS done right
253(2)
Localization and configuration
255(5)
Organizing your localization
256(1)
Testing
257(1)
Local compilation
258(1)
Distributing localizations
259(1)
Resolving scheduling issues
260(1)
Configuration management tools
260(3)
cfengine: computer immune system
260(1)
LCFG: a large-scale configuration system
261(1)
The Arusha Project (ARK)
261(1)
Template Tree 2: cfengine helper
262(1)
DMTF/CIM: the Common Information Model
262(1)
Sharing software over NFS
263(3)
Package namespaces
264(1)
Dependency management
265(1)
Wrapper scripts
265(1)
Implementation tools
266(1)
Recommended software
266(2)
Recommended reading
268(1)
Exercises
268(3)
SECTION TWO: NETWORKING
TCP/IP Networking
271(63)
TCP/IP and the Internet
272(3)
A brief history lesson
272(1)
How the Internet is managed today
273(1)
Network standards and documentation
274(1)
Networking road map
275(1)
Packets and encapsulation
276(6)
The link layer
277(2)
Packet addressing
279(2)
Ports
281(1)
Address types
281(1)
IP addresses: the gory details
282(11)
IP address classes
282(1)
Subnetting and netmasks
282(3)
The IP address crisis
285(2)
CIDR: Classless Inter-Domain Routing
287(1)
Address allocation
288(1)
Private addresses and NAT
289(2)
IPv6 addressing
291(2)
Routing
293(3)
Routing tables
294(1)
ICMP redirects
295(1)
ARP: the address resolution protocol
296(1)
Addition of a machine to a network
297(10)
Hostname and IP address assignment
298(1)
ifconfig: configure network interfaces
299(3)
mii-tool: configure autonegotiation and other media-specific options
302(1)
route: configure static routes
303(2)
Default routes
305(1)
DNS configuration
306(1)
The Linux networking stack
307(1)
Distribution-specific network configuration
307(4)
Network configuration for Red Hat and Fedora
308(1)
Network configuration for SUSE
309(1)
Network configuration for Debian and Ubuntu
310(1)
DHCP: the Dynamic Host Configuration Protocol
311(3)
DHCP software
312(1)
How DHCP works
312(1)
ISC's DHCP server
313(1)
Dynamic reconfiguration and tuning
314(2)
Security issues
316(3)
IP forwarding
316(1)
ICMP redirects
317(1)
Source routing
317(1)
Broadcast pings and other forms of directed broadcast
317(1)
IP spoofing
317(1)
Host-based firewalls
318(1)
Virtual private networks
318(1)
Security-related kernel variables
319(1)
Linux NAT
319(1)
PPP: the Point-to-Point Protocol
320(10)
Addressing PPP performance issues
321(1)
Connecting to a network with PPP
321(1)
Making your host speak PPP
321(1)
Controlling PPP links
321(1)
Assigning an address
322(1)
Routing
322(1)
Ensuring security
323(1)
Using chat scripts
323(1)
Configuring Linux PPP
323(7)
Linux networking quirks
330(1)
Recommended reading
331(1)
Exercises
332(2)
Routing
334(16)
Packet forwarding: a closer look
335(2)
Routing daemons and routing protocols
337(4)
Distance-vector protocols
338(1)
Link-state protocols
339(1)
Cost metrics
340(1)
Interior and exterior protocols
340(1)
Protocols on parade
341(2)
RIP: Routing Information Protocol
341(1)
RIP-2: Routing Information Protocol, version 2
341(1)
OSPF: Open Shortest Path First
342(1)
IGRP and EIGRP: Interior Gateway Routing Protocol
342(1)
IS-IS: the ISO ``standard''
343(1)
MOSPF, DVMRP, and PIM: multicast routing protocols
343(1)
Router Discovery Protocol
343(1)
routed: RIP yourself a new hole
343(1)
gated: gone to the dark side
344(1)
Routing strategy selection criteria
344(2)
Cisco routers
346(2)
Recommended reading
348(1)
Exercises
349(1)
Network Hardware
350(23)
LAN, WAN, or MAN?
351(1)
Ethernet: the common LAN
351(8)
How Ethernet works
351(1)
Ethernet topology
352(1)
Unshielded twisted pair
353(2)
Connecting and expanding Ethernets
355(4)
Wireless: nomad's LAN
359(2)
Wireless security
360(1)
Wireless switches
360(1)
FDDI: the disappointing, expensive, and outdated LAN
361(1)
ATM: the promised (but sorely defeated) LAN
362(1)
Frame relay: the sacrificial WAN
363(1)
ISDN: the indigenous WAN
364(1)
DSL and cable modems: the people's WAN
364(1)
Where is the network going?
365(1)
Network testing and debugging
366(1)
Building wiring
366(2)
UTP cabling options
366(1)
Connections to offices
367(1)
Wiring standards
367(1)
Network design issues
368(2)
Network architecture vs. building architecture
368(1)
Existing networks
369(1)
Expansion
369(1)
Congestion
369(1)
Maintenance and documentation
370(1)
Management issues
370(1)
Recommended vendors
371(1)
Cables and connectors
371(1)
Test equipment
371(1)
Routers/switches
372(1)
Recommended reading
372(1)
Exercises
372(1)
DNS: The Domain Name System
373(111)
DNS for the impatient: adding a new machine
374(1)
The history of DNS
375(2)
BIND implementations
376(1)
Other implementations of DNS
376(1)
Who needs DNS?
377(1)
The DNS namespace
378(5)
Masters of their domains
381(1)
Selecting a domain name
382(1)
Domain bloat
382(1)
Registering a second-level domain name
383(1)
Creating your own subdomains
383(1)
How DNS works
383(3)
Delegation
383(1)
Caching and efficiency
384(2)
The extended DNS protocol
386(1)
What's new in DNS
386(3)
The DNS database
389(20)
Resource records
389(3)
The SOA record
392(3)
NS records
395(1)
A records
396(1)
PTR records
396(1)
MX records
397(2)
CNAME records
399(1)
The CNAME hack
400(1)
LOC records
401(1)
SRV records
402(1)
TXT records
403(1)
IPv6 resource records
404(1)
IPv6 forward records
404(1)
IPv6 reverse records
405(1)
Security-related records
405(1)
Commands in zone files
405(2)
Glue records: links between zones
407(2)
The Bind software
409(6)
Versions of BIND
410(1)
Finding out what version you have
410(1)
Components of BIND
411(1)
named: the BIND name server
412(1)
Authoritative and caching-only servers
412(1)
Recursive and nonrecursive servers
413(1)
The resolver library
414(1)
Shell interfaces to DNS
415(1)
Designing your DNS environment
415(3)
Namespace management
415(1)
Authoritative servers
416(1)
Caching servers
417(1)
Security
417(1)
Summing up
418(1)
A taxonomy of DNS/BIND chores
418(1)
BIND client issues
418(2)
Resolver configuration
418(2)
Resolver testing
420(1)
Impact on the rest of the system
420(1)
BIND server configuration
420(19)
Hardware requirements
421(1)
Configuration files
421(2)
The include statement
423(1)
The options statement
423(6)
The acl statement
429(1)
The key statement
430(1)
The trusted-keys statement
430(1)
The server statement
431(1)
The masters statement
432(1)
The logging statement
432(1)
The zone statement
432(4)
The controls statement
436(2)
Split DNS and the view statement
438(1)
BIND configuration examples
439(7)
The localhost zone
439(2)
A small security company
441(3)
The Internet Systems Consortium, isc.org
444(2)
Starting named
446(1)
Updating zone files
447(4)
Zone transfers
447(1)
Dynamic updates
448(3)
Security issues
451(15)
Access control lists revisited
451(2)
Confining named
453(1)
Secure server-to-server communication with TSIG and TKEY
453(3)
DNSSEC
456(7)
Negative answers
463(1)
Microsoft and DNS
464(2)
Testing and debugging
466(12)
Logging
466(4)
Sample logging configuration
470(1)
Debug levels
471(1)
Debugging with rndc
471(2)
Bind statistics
473(1)
Debugging with dig
473(2)
Lame delegations
475(1)
doc: domain obscenity control
476(2)
Other DNS sanity checking tools
478(1)
Performance issues
478(1)
Distribution specifics
478(3)
Recommended reading
481(1)
Mailing lists and newsgroups
481(1)
Books and other documentation
481(1)
On-line resources
482(1)
The RFCs
482(1)
Exercises
482(2)
The Network File System
484(18)
General information about NFS
484(5)
NFS protocol versions
484(1)
Choice of transport
485(1)
File locking
486(1)
Disk quotas
486(1)
Cookies and stateless mounting
486(1)
Naming conventions for shared filesystems
487(1)
Security and NFS
487(1)
Root access and the nobody account
488(1)
Server-side NFS
489(3)
The exports file
490(2)
nfsd: serve files
492(1)
Client-side NFS
492(3)
Mounting remote filesystems at boot time
495(1)
Restricting exports to insecure ports
495(1)
nfsstat: dump NFS statistics
495(1)
Dedicated NFS file servers
496(1)
Automatic mounting
497(3)
automount: mount filesystems on demand
497(1)
The master file
498(1)
Map files
499(1)
Executable maps
499(1)
Recommended reading
500(1)
Exercises
501(1)
Sharing System Files
502(26)
What to share
503(1)
nscd: cache the results of lookups
504(1)
Copying files around
505(6)
rdist: push files
505(3)
rsync: transfer files more securely
508(2)
Pulling files
510(1)
NIS: the Network Information Service
511(9)
Understanding how NIS works
512(2)
Weighing advantages and disadvantages of NIS
514(1)
Prioritizing sources of administrative information
515(2)
Using netgroups
517(1)
Setting up an NIS domain
517(2)
Setting access control options in /etc/ypserv.conf
519(1)
Configuring NIS clients
519(1)
NIS details by distribution
520(1)
LDAP: the Lightweight Directory Access Protocol
520(6)
The structure of LDAP data
521(1)
The point of LDAP
522(1)
LDAP documentation and specifications
523(1)
OpenLDAP: LDAP for Linux
523(2)
NIS replacement by LDAP
525(1)
LDAP and security
526(1)
Recommended reading
526(1)
Exercises
527(1)
Electronic Mail
528(115)
Mail systems
530(4)
User agents
531(1)
Transport agents
532(1)
Delivery agents
532(1)
Message stores
533(1)
Access agents
533(1)
Mail submission agents
533(1)
The anatomy of a mail message
534(5)
Mail addressing
535(1)
Mail header interpretation
535(4)
Mail philosophy
539(5)
Using mail servers
540(2)
Using mail homes
542(1)
Using IMAP or POP
542(2)
Mail aliases
544(7)
Getting mailing lists from files
546(1)
Mailing to files
547(1)
Mailing to programs
547(1)
Aliasing by example
548(1)
Forwarding mail
549(2)
The hashed alias database
551(1)
Mailing lists and list wrangling software
551(6)
Software packages for maintaining mailing lists
551(4)
LDAP: the Lightweight Directory Access Protocol
555(2)
sendmail: ringmaster of the electronic mail circus
557(8)
Versions of sendmail
557(2)
sendmail installation from sendmail.org
559(2)
sendmail installation on Debian and Ubuntu systems
561(1)
The switch file
562(1)
Modes of operation
562(1)
The mail queue
563(2)
sendmail configuration
565(5)
Using the m4 preprocessor
566(1)
The sendmail configuration pieces
567(1)
Building a configuration file from a sample .mc file
568(1)
Changing the sendmail configuration
569(1)
Basic sendmail configuration primitives
570(4)
The VERSIONID macro
570(1)
The OSTYPE macro
570(2)
The DOMAIN macro
572(1)
The MAILER macro
573(1)
Fancier sendmail configuration primitives
574(14)
The Feature macro
574(1)
The use_cw_file feature
574(1)
The redirect feature
575(1)
The always_add_domain feature
575(1)
The nocanonify feature
576(1)
Tables and databases
576(2)
The mailertable feature
578(1)
The genericstable feature
579(1)
The virtusertable feature
579(1)
The ldap_routing feature
580(1)
Masquerading and the Masquerade_As macro
581(2)
The Mail_Hub and Smart_Host macros
583(1)
Masquerading and routing
583(1)
The nullclient feature
584(1)
The local_lmtp and smrsh features
585(1)
The local_procmail feature
585(1)
The Local_* macros
586(1)
Configuration options
586(2)
Spam-related features in sendmail
588(11)
Relaying
589(2)
The access database
591(3)
User or site blacklisting
594(1)
Header checking
595(1)
Rate and connection limits
596(1)
Slamming
597(1)
Miltering: mail filtering
597(1)
Spam handling
598(1)
SpamAssassin
598(1)
SPF and Sender ID
599(1)
Configuration file case study
599(4)
Client machines at sendmail.com
599(1)
Master machine at sendmail.com
600(3)
Security and sendmail
603(8)
Ownerships
603(1)
Permissions
604(1)
Safer mail to files and programs
605(1)
Privacy options
606(1)
Running a chrooted sendmail (for the truly paranoid)
607(1)
Denial of service attacks
608(1)
Forgeries
608(2)
Message privacy
610(1)
SASL: the Simple Authentication and Security Layer
610(1)
sendmail performance
611(4)
Delivery modes
611(1)
Queue groups and envelope splitting
611(2)
Queue runners
613(1)
Load average controls
613(1)
Undeliverable messages in the queue
613(1)
Kernel tuning
614(1)
sendmail statistics, testing, and debugging
615(6)
Testing and debugging
616(1)
Verbose delivery
617(1)
Talking in SMTP
618(1)
Queue monitoring
619(1)
Logging
619(2)
The Exim Mail System
621(2)
History
621(1)
Exim on Linux
621(1)
Exim configuration
622(1)
Exim/sendmail similarities
622(1)
Postfix
623(16)
Postfix architecture
623(1)
Receiving mail
624(1)
The queue manager
624(1)
Sending mail
625(1)
Security
625(1)
Postfix commands and documentation
625(1)
Configuring Postfix
626(1)
What to put in main.cf
626(1)
Basic settings
626(1)
Using postconf
627(1)
Lookup tables
627(2)
Local delivery
629(1)
Virtual domains
630(1)
Virtual alias domains
630(1)
Virtual mailbox domains
631(1)
Access control
632(1)
Access tables
633(1)
Authentication of clients
634(1)
Fighting spam and viruses
634(1)
Black hole lists
635(1)
SpamAssassin and procmail
636(1)
Policy daemons
636(1)
Content filtering
636(1)
Debugging
637(1)
Looking at the queue
638(1)
Soft-bouncing
638(1)
Testing access control
638(1)
Recommended reading
639(1)
Exercises
640(3)
Network Management and Debugging
643(26)
Network troubleshooting
644(1)
ping: check to see if a host is alive
645(2)
traceroute: trace IP packets
647(2)
netstat: get network statistics
649(5)
Inspecting interface configuration information
649(2)
Monitoring the status of network connections
651(1)
Identifying listening network services
652(1)
Examining the routing table
652(1)
Viewing operational statistics for network protocols
653(1)
sar: inspect live interface activity
654(1)
Packet sniffers
655(2)
tcpdump: king of sniffers
656(1)
Wireshark: visual sniffer
657(1)
Network management protocols
657(2)
SNMP: the Simple Network Management Protocol
659(2)
SNMP organization
659(1)
SNMP protocol operations
660(1)
RMON: remote monitoring MIB
661(1)
The NET-SMNP agent
661(1)
Network management applications
662(5)
The NET-SNMP tools
663(1)
SNMP data collection and graphing
664(1)
Nagios: event-based SNMP and service monitoring
665(1)
Commercial management platforms
666(1)
Recommended reading
667(1)
Exercises
668(1)
Security
669(50)
Is Linux secure?
670(1)
How security is compromised
671(2)
Social engineering
671(1)
Software vulnerabilities
672(1)
Configuration errors
673(1)
Certifications and standards
673(3)
Certifications
674(1)
Standards
675(1)
Security tips and philosophy
676(2)
Packet filtering
677(1)
Unnecessary services
677(1)
Software patches
677(1)
Backups
677(1)
Passwords
677(1)
Vigilance
677(1)
General philosophy
678(1)
Security problems in /etc/passwd and /etc/shadow
678(5)
Password checking and selection
679(1)
Password aging
680(1)
Group logins and shared logins
680(1)
User shells
680(1)
Rootly entries
681(1)
PAM: cooking spray or authentication wonder?
681(2)
POSIX capabilities
683(1)
Setuid programs
683(1)
Important file permissions
684(1)
Miscellaneous security issues
685(3)
Remote event logging
685(1)
Secure terminals
685(1)
/etc/hosts.equiv and ~/.rhosts
685(1)
Security and NIS
685(1)
Security and NFS
686(1)
Security and sendmail
686(1)
Security and backups
686(1)
Viruses and worms
686(1)
Trojan horses
687(1)
Rootkits
688(1)
Security power tools
688(6)
Nmap: scan network ports
688(2)
Nessus: next generation network scanner
690(1)
John the Ripper: find insecure passwords
690(1)
hosts_access: host access control
691(1)
Samhain: host-based intrusion detection
692(1)
Security-Enhanced Linux (SELinux)
693(1)
Cryptographic security tools
694(7)
Kerberos: a unified approach to network security
695(1)
PGP: Pretty Good Privacy
696(1)
SSH: the secure shell
697(1)
One-time passwords
698(1)
Stunnel
699(2)
Firewalls
701(3)
Packet-filtering firewalls
701(1)
How services are filtered
702(1)
Service proxy firewalls
703(1)
Stateful inspection firewalls
703(1)
Firewalls: how safe are they?
704(1)
Linux firewall features: IP tables
704(4)
Virtual private networks (VPNs)
708(2)
IPsec tunnels
709(1)
All I need is a VPN, right?
710(1)
Hardened Linux distributions
710(1)
What to do when your site has been attacked
710(2)
Sources of security information
712(3)
CERT: a registered service mark of Carnegie Mellon University
712(1)
SecurityFocus.com and the BugTraq mailing list
713(1)
Crypto-Gram newsletter
713(1)
SANS: the System Administration, Networking, and Security Institute
713(1)
Distribution-specific security resources
713(1)
Other mailing lists and web sites
714(1)
Recommended reading
715(1)
Exercises
716(3)
Web Hosting and Internet Servers
719(22)
Web hosting basics
720(4)
Uniform resource locators
720(1)
How HTTP works
720(2)
Content generation on the fly
722(1)
Load balancing
722(2)
HTTP server installation
724(3)
Choosing a server
724(1)
Installing Apache
724(2)
Configuring Apache
726(1)
Running Apache
726(1)
Analyzing log files
727(1)
Optimizing for high-performance hosting of static content
727(1)
Virtual interfaces
727(3)
Using name-based virtual hosts
728(1)
Configuring virtual interfaces
728(1)
Telling Apache about virtual interfaces
729(1)
The Secure Sockets Layer (SSL)
730(3)
Generating a certificate signing request
731(1)
Configuring Apache to use SSL
732(1)
Caching and proxy servers
733(1)
The Squid cache and proxy server
733(1)
Setting up Squid
734(1)
Anonymous FTP server setup
734(2)
Exercises
736(5)
SECTION THREE: BUNCH O'STUFF
The X Window System
741(20)
The X display manager
743(1)
Running an X application
744(4)
The Display environment variable
744(1)
Client authentication
745(2)
X connection forwarding with SSH
747(1)
X server configuration
748(6)
Device sections
750(1)
Monitor sections
750(1)
Screen sections
751(1)
InputDevice sections
752(1)
ServerLayout sections
753(1)
Troubleshooting and debugging
754(3)
Special keyboard combinations for X
754(1)
When good X servers go bad
755(2)
A brief note on desktop environments
757(2)
KDE
758(1)
GNOME
758(1)
Which is better, GNOME or KDE?
759(1)
Recommended Reading
759(1)
Exercises
759(2)
Printing
761(30)
Printers are complicated
762(1)
Printer languages
763(4)
PostScript
763(1)
PCL
763(1)
PDF
764(1)
XHTML
764(1)
PJL
765(1)
Printer drivers and their handling of PDLs
765(2)
CUPS architecture
767(5)
Document printing
767(1)
Print queue viewing and manipulation
767(1)
Multiple printers
768(1)
Printer instances
768(1)
Network printing
768(1)
The CUPS underlying protocol: HTTP
769(1)
PPD files
770(1)
Filters
771(1)
CUPS server administration
772(8)
Network print server setup
773(1)
Printer autoconfiguration
774(1)
Network printer configuration
774(1)
Printer configuration examples
775(1)
Printer class setup
775(1)
Service shutoff
776(1)
Other configuration tasks
777(1)
Paper sizes
777(1)
Compatibility commands
778(1)
Common printing software
779(1)
CUPS documentation
780(1)
Troubleshooting tips
780(2)
CUPS logging
781(1)
Problems with direct printing
781(1)
Network printing problems
781(1)
Distribution-specific problems
782(1)
Printer practicalities
782(2)
Printer selection
782(1)
GDI printers
783(1)
Double-sided printing
783(1)
Other printer accessories
783(1)
Serial and parallel printers
784(1)
Network printers
784(1)
Other printer advice
784(4)
Use banner pages only if you have to
784(1)
Provide recycling bins
785(1)
Use previewers
785(1)
Buy cheap printers
785(1)
Keep extra toner cartridges on hand
786(1)
Pay attention to the cost per page
786(1)
Consider printer accounting
787(1)
Secure your printers
787(1)
Printing under KDE
788(2)
kprinter: printing documents
789(1)
Konqueror and printing
789(1)
Recommended reading
790(1)
Exercises
790(1)
Maintenance and Environment
791(12)
Hardware maintenance basics
791(1)
Maintenance contracts
792(1)
On-site maintenance
792(1)
Board swap maintenance
792(1)
Warranties
793(1)
Electronics-handling lore
793(1)
Static electricity
793(1)
Reseating boards
794(1)
Monitors
794(1)
Memory modules
794(1)
Preventive maintenance
795(1)
Environment
796(2)
Temperature
796(1)
Humidity
796(1)
Office cooling
796(1)
Machine room cooling
797(1)
Temperature monitoring
798(1)
Power
798(1)
Racks
799(1)
Data center standards
800(1)
Tools
800(1)
Recommended reading
800(2)
Exercises
802(1)
Performance Analysis
803(18)
What you can do to improve performance
804(2)
Factors that affect performance
806(1)
System performance checkup
807(10)
Analyzing CPU usage
807(2)
How Linux manages memory
809(2)
Analyzing memory usage
811(2)
Analyzing disk I/O
813(2)
Choosing an I/O scheduler
815(1)
sar: Collect and report statistics over time
816(1)
oprofile: Comprehensive profiler
817(1)
Help! My system just got really slow!
817(2)
Recommended reading
819(1)
Exercises
819(2)
Cooperating with Windows
821(22)
Logging in to a Linux system from Windows
821(1)
Accessing remote desktops
822(3)
Running an X server on a Windows computer
823(1)
VNC: Virtual Network Computing
824(1)
Windows RDP: Remote Desktop Protocol
824(1)
Running Windows and Windows-like applications
825(1)
Dual booting, or why you shouldn't
826(1)
The OpenOffice.org alternative
826(1)
Using command-line tools with Windows
826(1)
Windows compliance with email and web standards
827(1)
Sharing files with Samba and CIFS
828(8)
Samba: CIFS server for UNIX
828(1)
Samba installation
829(1)
Filename encoding
830(1)
Network Neighborhood browsing
831(1)
User authentication
832(1)
Basic file sharing
833(1)
Group shares
833(1)
Transparent redirection with MS DFS
834(1)
smbclient: a simple CIFS client
835(1)
The smbfs filesystem
835(1)
Sharing printers with Samba
836(4)
Installing a printer driver from Windows
838(1)
Installing a printer driver from the command line
839(1)
Debugging Samba
840(1)
Recommended reading
841(1)
Exercises
842(1)
Serial Devices
843(25)
The RS-232C standard
844(3)
Alternative connectors
847(5)
The mini DIN-8 variant
847(1)
The DB-9 variant
848(1)
The RJ-45 variant
849(1)
The Yost standard for RJ-45 wiring
850(2)
Hard and soft carrier
852(1)
Hardware flow control
852(1)
Cable length
853(1)
Serial device files
853(1)
setserial: set serial port parameters
854(1)
Software configuration for serial devices
855(1)
Configuration of hardwired terminals
855(4)
The login process
855(1)
The /etc/inittab file
856(2)
Terminal support: the termcap and terminfo databases
858(1)
Special characters and the terminal driver
859(1)
stty: set terminal options
860(1)
tset: set options automatically
861(1)
Terminal unwedging
862(1)
Modems
862(2)
Modulation, error correction, and data compression protocols
863(1)
minicom: dial out
864(1)
Bidirectional modems
864(1)
Debugging a serial line
864(1)
Other common I/O ports
865(1)
USB: the Universal Serial Bus
865(1)
Exercises
866(2)
Drivers and the Kernel
868(17)
Kernel adaptation
869(1)
Drivers and device files
870(3)
Device files and device numbers
870(1)
Creating device files
871(1)
sysfs: a window into the souls of devices
872(1)
Naming conventions for devices
872(1)
Why and how to configure the kernel
873(1)
Tuning Linux kernel parameters
874(2)
Building a Linux kernel
876(2)
If it ain't broke, don't fix it
876(1)
Configuring kernel options
876(2)
Building the kernel binary
878(1)
Adding a Linux device driver
878(2)
Device awareness
880(1)
Loadable kernel modules
880(2)
Hot-plugging
882(1)
Setting bootstrap options
883(1)
Recommended reading
884(1)
Exercises
884(1)
Daemons
885(19)
init: the primordial process
886(1)
cron and atd: schedule commands
887(1)
xinetd and inetd: manage daemons
887(6)
Configuring xinetd
888(2)
Configuring inetd
890(2)
The services file
892(1)
portmap: map RPC services to TCP and UDP ports
893(1)
Kernel daemons
893(1)
klogd: read kernel messages
894(1)
Printing daemons
894(1)
cupsd: scheduler for the Common UNIX Printing System
894(1)
lpd: manage printing
894(1)
File service daemons
895(1)
rpc.nfsd: serve files
895(1)
rpc.mountd: respond to mount requests
895(1)
amd and automount: mount filesystems on demand
895(1)
rpc.lockd and rpc.statd: manage NFS locks
895(1)
rpciod: cache NFS blocks
896(1)
rpc.rquotad: serve remote quotas
896(1)
smbd: provide file and printing service to Windows clients
896(1)
nmbd: NetBIOS name server
896(1)
Administrative database daemons
896(1)
ypbind: locate NIS servers
896(1)
ypserv: NIS server
896(1)
rpc.ypxfrd: transfer NIS databases
896(1)
lwresd: lightweight resolver library server
897(1)
nscd: name service cache daemon
897(1)
Electronic mail daemons
897(1)
sendmail: transport electronic mail
897(1)
smtpd: Simple Mail Transport Protocol daemon
897(1)
popd: basic mailbox server
897(1)
impad: deluxe mailbox server
897(1)
Remote login and command execution daemons
898(1)
sshd: secure remote login server
898(1)
in.rlogind: obsolete remote login server
898(1)
in.telnetd: yet another remote login server
898(1)
in.rshd: remote command execution server
898(1)
Booting and configuration daemons
898(2)
dhcpd: dynamic address assignment
899(1)
in.tftpd: trivial file transfer server
899(1)
rpc.bootparamd: advanced diskless life support
899(1)
hald: hardware abstraction layer (HAL) daemon
899(1)
udevd: serialize device connection notices
899(1)
Other network daemons
900(2)
talkd: network chat service
900(1)
snmpd: provide remote network management service
900(1)
ftpd: file transfer server
900(1)
rsyncd: synchronize files among multiple hosts
900(1)
routed: maintain routing tables
900(1)
gated: maintain complicated routing tables
901(1)
named: DNS server
901(1)
syslogd: process log messages
901(1)
in.fingerd: look up users
901(1)
httpd: World Wide Web server
901(1)
ntpd: time synchronization daemon
902(1)
Exercises
903(1)
Management, Policy, and Politics
904(69)
Make everyone happy
904(2)
Components of a functional IT organization
906(1)
The role of management
907(8)
Leadership
907(1)
Hiring, firing, and personnel management
908(3)
Assigning and tracking tasks
911(2)
Managing upper management
913(1)
Conflict resolution
913(2)
The role of administration
915(4)
Sales
915(1)
Purchasing
916(1)
Accounting
917(1)
Personnel
917(1)
Marketing
918(1)
Miscellaneous administrative chores
919(1)
The role of development
919(5)
Architectural principles
920(2)
Anatomy of a management system
922(1)
The system administrator's tool box
922(1)
Software engineering principles
923(1)
The role of operations
924(3)
Aim for minimal downtime
925(1)
Document dependencies
925(1)
Repurpose or eliminate older hardware
926(1)
The work of support
927(3)
Availability
927(1)
Scope of service
927(2)
Skill sets
929(1)
Time management
930(1)
Documentation
930(4)
Standardized documentation
931(2)
Hardware labeling
933(1)
User documentation
934(1)
Request-tracking and trouble-reporting systems
934(4)
Common functions of trouble ticket systems
935(1)
User acceptance of ticketing systems
935(1)
Ticketing systems
936(1)
Ticket dispatching
937(1)
Disaster recovery
938(5)
Backups and off-line information
939(1)
Staffing your disaster
939(1)
Power and HVAC
940(1)
Network redundancy
941(1)
Security incidents
941(1)
Second-hand stories from the World Trade Center
942(1)
Written policy
943(6)
Security policies
945(1)
User policy agreements
946(2)
Sysadmin policy agreements
948(1)
Legal Issues
949(8)
Encryption
949(1)
Copyright
950(1)
Privacy
951(2)
Click-through EULAs
953(1)
Policy enforcement
953(1)
Control = liability
954(1)
Software licenses
955(1)
Regulatory compliance
956(1)
Software patents
957(1)
Standards
958(3)
LSB: the Linux Standard Base
959(1)
POSIX
959(1)
ITIL: the Information Technology Interface Library
960(1)
COBIT: Control Objectives for Information and related Technology
960(1)
Linux culture
961(1)
Mainstream Linux
962(2)
Organizations, conferences, and other resources
964(4)
Conferences and trade shows
965(2)
LPI: the Linux Professional Institute
967(1)
Mailing lists and web resources
967(1)
Sysadmin surveys
968(1)
Recommended Reading
968(2)
Infrastructure
968(1)
Management
969(1)
Policy and security
969(1)
Legal issues, patents, and privacy
969(1)
General industry news
970(1)
Exercises
970(3)
Index 973(26)
About the Contributors 999(2)
About the Authors 1001


Evi Nemeth is retired from the computer science faculty at the University of Colorado and is a senior staff member in network research at CAIDA, the Cooperative Association for Internet Data Analysis at the San Diego Supercomputer Center.

Garth Snyder has worked at NeXT and Sun and holds a degree in electrical engineering from Swarthmore College. He recently received an M.D./M.B.A. from the University of Rochester.

Trent R. Hein is the cofounder of Applied Trust Engineering, a company that provides network infrastructure security and performance consulting services. Trent holds a B.S. in computer science from the University of Colorado.