Linux®

BIBLENinth Edition

Christopher Negus

Wiley

Contents

Acknowledgments

Introduction xxxiii

Parti: Getting Started 1

Chapter 1: Starting with Linux 3

Understanding What Linux Is 4

Understanding How Linux Differs from Other Operating Systems 6

Exploring Linux History 6

Free-flowing UNIX culture at Bell Labs 7

Commercialized UNIX 9

Berkeley Software Distribution arrives 9

UNIX Laboratory and commercialization 10

GNU transitions UNIX to freedom 11

BSD loses some steam 13

Linus builds the missing piece 13

OSI open source definition 14

Understanding How Linux Distributions Emerged 16

Choosing a Red Hat distribution 17

Using Red Hat Enterprise Linux 17

Using Fedora 18

Choosing Ubuntu or another Debian distribution 19

Finding Professional Opportunities with Linux Today 20

Understanding how companies make money with Linux 21

Becoming Red Hat certified 22

RHCSA topics 23

RHCE topics 24

Summary 26

Chapter 2: Creating the Perfect Linux Desktop 29

Understanding Linux Desktop Technology 30

Starting with the Fedora GNOME Desktop

Live image 32

Using the GNOME 3 Desktop 33

After the computer boots up 33

Navigating with the mouse 34

XV

Contents

Navigating with the keyboard 38

Setting up the GNOME 3 desktop 41

Extending the GNOME 3 desktop 42

Using GNOME shell extensions 42

Using the GNOME Tweak Tool 44

Starting with desktop applications 45

Managing files and folders with Nautilus 45

Installing and managing additional software 46

Playing music with Rhythmbox 48

Stopping the GNOME 3 desktop 49

Using the GNOME 2 Desktop 49

Using the Metacity window manager 50

Changing GNOME's appearance 52

Using the GNOME panels 53

Using the Applications and System menus 54

Adding an applet 54

Adding another panel 55

Adding an application launcher 55

Adding a drawer 56

Changing panel properties 57

Adding 3D effects with AIGLX 58

Summary 60

Exercises 61

Part II: Becoming a Linux Power User 63

Chapter 3: Using the Shell 65

About Shells and Terminal Windows 66

Using the shell prompt 67

Using a terminal window 68

Using virtual consoles 69

Choosing Your Shell 69

Running Commands 70

Understanding command syntax 71

Locating commands 74

Recalling Commands Using Command History 76

Command-line editing 77

Command-line completion 79

Command-line recall 80

Connecting and Expanding Commands 82

Piping between commands 82

Sequential commands 83

Background commands 83

Expanding commands 84

xvi

Contents

Expanding arithmetic expressions 84

Expanding variables 85

Using Shell Variables 85

Creating and using aliases 87

Exiting the shell 88

Creating Your Shell Environment 88

Configuring your shell 88

Setting your prompt 89

Adding environment variables 91

Getting Information about Commands 92

Summary 94

Exercises 95

Chapter 4: Moving around the Filesystem 97

Using Basic Filesystem Commands 100

Using Metacharacters and Operators 102

Using file-matching metacharacters 102

Using file-redirection metacharacters 103

Using brace expansion characters 105

Listing Files and Directories 105

Understanding File Permissions and Ownership 109

Changing permissions with chmod (numbers) Ill

Changing permissions with chmod (letters) Ill

Setting default file permission with umask 112

Changing file ownership 113

Moving, Copying, and Removing Files 114

Summary 115

Exercises 115

Chapter 5: Working with Text Files 117

Editing Files with vim and vi 117

Starting with vi 119

Adding text 119

Moving around in the text 120

Deleting, copying, and changing text 121

Pasting (putting) text 122

Repeating commands 122

Exiting vi 122

Skipping around in the file 123

Searching for text 124

Using ex mode 124

Learning more about vi and vim 124

Finding Files 125

Using locate to find files by name 125

xvii

Contents

Searching for files with find 127

Finding files by name 127

Finding files by size 128

Finding files by user 128

Finding files by permission 129

Finding files by date and time 130

Using 'not' and 'or' when finding files 131

Finding files and executing commands 131

Searching in files with grep 132

Summary 134

Exercises 134

Chapter 6: Managing Running Processes 137

Understanding Processes 137

Listing Processes 138

Listing processes with ps 138

Listing and changing processes with top 140

Listing processes with System Monitor 142

Managing Background and Foreground Processes 144

Starting background processes 144

Using foreground and background commands 145

Killing and Renicing Processes 146

Killing processes with kill and killall 146

Using kill to signal processes by PID 147

Using killall to signal processes by name 148

Setting processor priority with nice and renice 148

Limiting Processes with cgroups 149

Summary 151

Exercises 151

Chapter 7: Writing Simple Shell Scripts 153

Understanding Shell Scripts 153

Executing and debugging shell scripts 154

Understanding shell variables 154

Special shell positional parameters 156

Reading in parameters 157

Parameter expansion in bash 157

Performing arithmetic in shell scripts 158

Using programming constructs in shell scripts 159

The "if...then" statements 159

The case command 162

The "for...do" loop 163

The "while...do" and "until...do" loops 164

Trying some useful text manipulation programs 164

The general regular expression parser 165

xviii

Contents

Remove sections of lines of text (cut) 165

Translate or delete characters (tr) 165

The stream editor (sed) 166

Using simple shell scripts 167

Telephone list 167

Backup script 168

Summary 168

Exercises 169

Part Hi: Becoming a Linux System Administrator 171

Chapter 8: Learning System Administration 173

Understanding System Administration 173

Using Graphical Administration Tools 175

Using system-config-* tools 175

Using browser-based admin tools 177

Using the root user account 177

Becoming root from the shell (su command) 178

Allowing administrative access via the GUI 180

Gaining administrative access with sudo 180

Exploring Administrative Commands, Configuration Files, and Log Files 182

Administrative commands 182

Administrative configuration files 183

Administrative log files and systemd journal 188

Using joumalctl to view the systemd journal 188

Managing log messages with rsyslogd 189

Using Other Administrative Accounts 189

Checking and Configuring Hardware 190

Checking your hardware 191

Managing removable hardware 194

Working with loadable modules 197

Listing loaded modules 197

Loading modules 198

Removing modules 198

Summary 199

Exercises 199

Chapter 9: Installing Linux 201

Choosing a Computer 202

Installing Fedora from Live media 203

Installing Red Hat Enterprise Linux from

Installation Media 208

Understanding Cloud-Based Installations 211

Installing Linux in the Enterprise 211

xix

Contents

Exploring Common Installation Topics 213

Upgrading or installing from scratch 213

Dual booting 214

Installing Linux to run virtually 216

Using installation boot options 216

Boot options for disabling features 217

Boot options for video problems 217

Boot options for special installation types 218

Boot options for kickstarts and remote repositories 218

Miscellaneous boot options 219

Using specialized storage 219

Partitioning hard drives 220

Understanding different partition types 221

Reasons for different partitioning schemes 222

Tips for creating partitions 222

Using the GRUB boot loader 224

Using GRUB Legacy (version 1) 225

Using GRUB 2 229

Summary 231

Exercises 231

Chapter 10: Getting and Managing Software 233

Managing Software on the Desktop 233

Going Beyond the Software Window 235

Understanding Linux RPM and DEB Software Packaging 236

Understanding DEB packaging 237

Understanding RPM packaging 238

What is in an RPM? 238

Where do RPMs come from? 239

Installing RPMs 239

Managing RPM Packages with YUM 240

Understanding how yum works 241

1. Checking /etc/yum.conf 242

2. Checking /etc/sysconfig/rhn/up2date (RHEL only) 242

3. Checking /etc/yum.repos.d/*.repo files 243

4. Downloading RPM packages and metadata from a YUM repository 243

5. RPM packages installed to Linux file system 244

6. Store YUM repository metadata to local RPM database 244

Using YUM with third-party software repositories 244

Managing software with the YUM command 245

Searching for packages 246

Installing and removing packages 247

Updating packages 249

Updating groups of packages 250

XX

Contents

Maintaining your RPM package database and cache 251

Downloading RPMs from a yum repository 252

Installing, Querying, and Verifying Software

with the rpm Command 252

Installing and removing packages with rpm 253

Querying rpm information 254

Verifying RPM packages 255

Managing Software in the Enterprise 256

Summary 257

Exercises 258

Chapter 11: Managing User Accounts 259

Creating User Accounts 259

Adding users with useradd 262

Setting user defaults 265

Modifying users with usermod 266

Deleting users with userdel 268

Understanding Group Accounts 268

Using group accounts 269

Creating group accounts 270

Managing Users in the Enterprise 270

Setting permissions with Access Control Lists 271

Setting ACLs with setfacl 272

Setting default ACLs 273

Enabling ACLs 274

Adding directories for users to collaborate 276

Creating group collaboration directories (set GID bit) 276

Creating restricted deletion directories (sticky bit) 278

Centralizing User Accounts 278

Using the Users window 279

Using the Authentication Configuration window 279

Summary 281

Exercises 281

Chapter 12: Managing Disks and Filesystems 283

Understanding Disk Storage 283

Partitioning Hard Disks 285

Understanding partition tables 286

Viewing disk partitions 286

Creating a single-partition disk 288

Creating a multiple-partition disk 292

Using Logical Volume Management Partitions 295

Checking an existing LVM 296

Creating LVM logical volumes 299

Growing LVM logical volumes 300

xxi

Contents

Mounting Filesystems 301

Supported filesystems 301

Enabling swap areas 303

Disabling a swap area 304

Using the fstab file to define mountable file systems 305

Using the mount command to mount file systems 307

Mounting a disk image in loopback 308

Using the umount command 309

Using the mkfs Command to Create a Filesystem 310

Summary 311

Exercises 311

Part IV: Becoming a Linux Server Administrator 313

CHAPTER 13: Understanding Server Administration 315

Starting with Server Administration 316

Step 1: Install the server 316

Step 2: Configure the server 318

Using configuration files '. 318

Checking the default configuration 319

Step 3: Start the server 319

Step 4: Secure the server 321

Password protection 321

Firewalls 321

TCP Wrappers 322

SELinux 322

Security settings in configuration files 322

Step 5: Monitor the server 322

Configure logging 322

Run system activity reports 323

Keep system software up to date 323

Check the filesystem for signs of crackers 323

Managing Remote Access with the Secure Shell Service 323

Starting the openssh-server service 324

Using SSH client tools 326

Using ssh for remote login 326

Using ssh for remote execution 328

Copying files between systems with scp and rsync 329

Interactive copying with sftp 332

Using key-based (passwordless) authentication 332

Configuring System Logging 334

Enabling system logging with rsyslog 334

Understanding the rsyslog.conf file 335

Understanding the messages log file 337

xxii

Contents

Setting up and using a loghost with rsyslogd 337

Watching logs with logwatch 339

Checking System Resources with sar 340

Checking System Space 341

Displaying system space with df 342

Checking disk usage with du 342

Finding disk consumption with find 343

Managing Servers in the Enterprise 344

Summary 344

Exercises 345

Chapter 14: Administering Networking 347

Configuring Networking for Desktops 348

Checking your network interfaces 350

Checking your network from NetworkManager 350

Checking your network from the command line 352

Configuring network interfaces 355

Setting IP addresses manually 355

Setting IP address aliases 356

Setting routes 357

Configuring a network proxy connection 358

Configuring Networking from the Command Line 360

Editing a connection 360

Understanding networking configuration files 362

Network interface files 363

Other networking files 365

Setting alias network interfaces 367

Setting up Ethernet channel bonding 368

Setting custom routes 370

Configuring Networking in the Enterprise 371

Configuring Linux as a router 371

Configuring Linux as a DHCP server 372

Configuring Linux as a DNS server 372

Configuring Linux as a proxy server 373

Summary 374

Exercises 374

Chapter 15: Starting and Stopping Services 377

Understanding the Initialization Daemon (init or systemd) 378

Understanding the classic init daemons 380

Understanding the Upstart init daemon 386

Learning Upstart init daemon basics 386

Learning Upstart's backward compatibility to SysVinit 388

Understanding systemd initialization 392

xxiii

Contents

Learning systemd basics 392

Learning systemd's backward compatibility to SysVinit 397

Checking the Status of Services 399

Checking services for SysVinit systems 400

Checking services for Upstart systems 401

Checking services for systemd systems 402

Stopping and Starting Services 403

Stopping and starting SysVinit services 403

Stopping and starting Upstart services 405

Stopping and starting systemd services 406

Stopping a service with systemd 406

Starting a service with systemd 406

Restarting a service with systemd 407

Reloading a service with systemd 407

Enabling Persistent Services 408

Configuring persistent services for SysVinit 408

Configuring persistent services for Upstart 409

Configuring persistent services for systemd 410

Enabling a service with systemd 410

Disabling a service with systemd 411

Configuring a Default Runlevel or Target Unit 412

Configuring the SysVinit default runlevel 412

Configuring the default runlevel in Upstart 413

Configuring the default target unit for systemd 413

Adding New or Customized Services 414

Adding new services to SysVinit 414

Step 1: Create a new or customized service script file 415

Step 2: Add the service script to /etc/rc.d/init.d 416

Step 3: Add the service to runlevel directories 417

Adding new services to Upstart 417

Adding new services to systemd 419

Step 1: Create a new or customized service configuration unit file 419

Step 2: Move the service configuration unit file 420

Step 3: Add the service to the Wants directory 420

Summary 422

Exercises 422

Chapter 16: Configuring a Print Server 423

Common UNIX Printing System 423

Setting Up Printers 425

Adding a printer automatically 425

Using web-based CUPS administration 426

Using the Print Settings window 428

Configuring local printers with the Print Settings window 429

xxiv

Contents

Configuring remote printers 432

Adding a remote CUPS printer 433

Adding a remote UNIX (LDP/LPR) printer 433

Adding a Windows (SMB) printer 434

Working with CUPS Printing 435

Configuring the CUPS server (cupsd.conf) 436

Starting the CUPS server 437

Configuring CUPS printer options manually 438

Using Printing Commands 439

Printing with Ipr 440

Listing status with Ipc 440

Removing print jobs with Iprm 441

Configuring Print Servers 441

Configuring a shared CUPS printer 442

Configuring a shared Samba printer 443

Understanding smb.conf for printing 444

Setting up SMB clients 445

Summary 446

Exercises 446

Chapter 17: Configuring a Web Server 449

Understanding the Apache Web Server 449

Getting and Installing Your Web Server 450

Understanding the httpd package 450

Installing Apache 453

Starting Apache 454

Securing Apache 455

Apache file permissions and ownership 455

Apache and iptables 455

Apache and SELinux 456

Understanding the Apache configuration files 457

Using directives 457

Understanding default settings 460

Adding a virtual host to Apache 462

Allowing users to publish their own web content 464

Securing your web traffic with SSL/TLS 465

Understanding how SSL is configured 467

Generating an SSL key and self-signed certificate 469

Generating a certificate signing request 470

Troubleshooting Your Web Server 471

Checking for configuration errors 472

Accessing forbidden and server internal errors 474

Summary 475

Exercises 475

XXV

Contents

Chapter 18: Configuring an FTP Server 477

Understanding FTP 477

Installing the vsftpd FTP Server 479

Starting the vsftpd Service 480

Securing Your FTP Server 483

Opening up your firewall for FTP 483

Allowing FTP access in TCP wrappers 486

Configuring SELinux for your FTP server 486

Relating Linux file permissions to vsftpd 488

Configuring Your FTP Server 488

Setting up user access 488

Allowing uploading 489

Setting up vsftpd for the Internet 491

Using FTP Clients to Connect to Your Server 492

Accessing an FTP server from Firefox 493

Accessing an FTP server with the Iftp command 493

Using the gFTP client 495

Summary 496

Exercises 497

Chapter 19: Configuring a Windows File Sharing (Samba) Server 499

Understanding Samba 499

Installing Samba 500

Starting and Stopping Samba 502

Starting the Samba (smb) service 503

Starting the NetBIOS (nmbd) name server 505

Stopping the Samba (smb) and NetBIOS (nmb) services 506

Securing Samba 506

Configuring firewalls for Samba 507

Configuring SELinux for Samba 508

Setting SELinux Booleans for Samba 508

Setting SELinux file contexts for Samba 510

Configuring Samba host/user permissions 510

Configuring Samba 511

Using system-config-samba 511

Choosing Samba server settings 511

Configuring Samba user accounts 512

Creating a Samba shared folder 513

Checking the Samba share 514

Configuring Samba in the smb.conf file 516

Configuring the [global] section 516

Configuring the [homes] section 518

Configuring the [printers] section 519

Creating custom shared directories 519

xxvi

Contents

Accessing Samba Shares 521

Accessing Samba shares in Linux 522

Accessing Samba shares in Windows 524

Using Samba in the Enterprise 525

Summary 525

Exercises 526

Chapter 20: Configuring an NFS File Server 527

Installing an NFS Server 529

Starting the NFS service 530

Sharing NFS Filesystems 531

Configuring the /etc/exports file 532

Hostnames in /etc/exports 533

Access options in /etc/exports 534

User mapping options in /etc/exports 534

Exporting the shared filesystems 535

Securing Your NFS Server 536

Opening up your firewall for NFS 537

Allowing NFS access in TCP wrappers 539

Configuring SELinux for your NFS server 539

Using NFS Filesystems 540

Viewing NFS shares 540

Manually mounting an NFS filesystem 541

Mounting an NFS filesystem at boot time 542

Mounting noauto filesystems 543

Using mount options 543

Using autofs to mount NFS filesystems on demand 545

Automounting to the /net directory 546

Automounting home directories 547

Unmounting NFS filesystems 549

Summary 549

Exercises 550

Chapter 21: Troubleshooting Linux 551

Boot-Up Troubleshooting 551

Understanding Startup Methods 552

Starting with System V init scripts 552

Starting with systemd 553

Starting with Upstart 554

Starting from the firmware (BIOS or UEFI) 554

Troubleshooting BIOS setup 555

Troubleshooting boot order 556

Troubleshooting the GRUB boot loader 557

Starting the kernel 559

Troubleshooting the initialization system 560

xxvii

Contents

Troubleshooting System V initialization 560

Troubleshooting rc.sysinit 561

Troubleshooting runlevel processes 562

Troubleshooting systemd initialization 566

Troubleshooting Software Packages 568

Fixing RPM databases and cache 572

Troubleshooting Networking 573

Troubleshooting outgoing connections 573

View network interfaces 574

Check physical connections 574

Check routes 575

Check hostname resolution 576

Troubleshooting incoming connections 577

Check if the client can reach your system at all 577

Check if the service is available to the client 578

Check the firewall on the server 578

Check the service on the server 579

Troubleshooting Memory 580

Uncovering memory issues 581

Checking for memory problems 583

Dealing with memory problems 584

Troubleshooting in Rescue Mode 585

Summary 587

Exercises 587

PartV: Learning Linux Security Techniques 589

Chapter 22: Understanding Basic Linux Security 591

Understanding Security Basics 591

Implementing physical security 591

Implementing disaster recovery 592

Securing user accounts 593

One user per user account 593

Limit access to the root user account 594

Setting expiration dates on temporary accounts 594

Removing unused user accounts 595

Securing passwords 596

Choosing good passwords 597

Setting and changing passwords 598

Enforcing best password practices 599

Understanding the password files and password hashes 601

Securing the filesystem 603

Managing dangerous filesystem permissions 603

Securing the password files 604

xxviii

Contents

Locking down the filesystem 606

Managing software and services 607

Updating software packages 607

Keeping up with security advisories 607

Advanced implementation 608

Monitoring Your Systems 608

Monitoring log files 608

Monitoring user accounts 612

Detecting counterfeit new accounts and privileges 612

Detecting bad account passwords 614

Monitoring the filesystem 615

Verifying software packages 615

Scanning the filesystem 616

Detecting viruses and rootkits 618

Auditing and Reviewing Linux 622

Conducting compliance reviews 623

Conducting security reviews 623

Summary 624

Exercises 624

Chapter 23: Understanding Advanced Linux Security 627

Implementing Linux Security with Cryptography 627

Understanding hashing 628

Understanding encryption/decryption 630

Understanding cryptographic ciphers 630

Understanding cryptographic cipher keys 631

Understanding digital signatures 637

Implementing Linux cryptography 639

Ensuring file integrity 639

Encrypting a Linux filesystem 640

Encrypting a Linux directory 642

Encrypting a Linux file 645

Encrypting Linux with miscellaneous tools 645

Using Encryption from the Desktop 646

Implementing Linux Security with PAM 648

Understanding the PAM authentication process 649

Understanding PAM contexts 650

Understanding PAM control flags 651

Understanding PAM modules 652

Understanding PAM system event configuration files 653

Administering PAM on your Linux system 654

Managing PAM-aware application configuration files 654

Managing PAM system event configuration files 655

Implementing resources limits with PAM 657

Implementing time restrictions with PAM 658

xxix

Contents

Enforcing good passwords with PAM 660

Encouraging sudo use with PAM 664

Locking accounts with PAM 665

Obtaining more information on PAM 667

Summary 668

Exercises 668

Chapter 24: Enhancing Linux Security with SELinux 669

Understanding SELinux Benefits 669

Understanding How SELinux Works 671

Understanding type enforcement 671

Understanding multi-level security 672

Implementing SELinux security models 673

Understanding SELinux operational modes 673

Understanding SELinux security contexts 674

Understanding SELinux policy types 677

Understanding SELinux policy rule packages 678

Configuring SELinux 679

Setting the SELinux mode 680

Setting the SELinux policy type 682

Managing SELinux security contexts 683

Managing the user security context 684

Managing the file security context 684

Managing the process security context 685

Managing SELinux policy rule packages 686

Managing SELinux via booleans 688

Monitoring and Troubleshooting SELinux 689

Understanding SELinux logging 689

Reviewing SELinux messages in the audit log 690

Reviewing SELinux messages in the messages log 690

Troubleshooting SELinux logging 691

Troubleshooting common SELinux problems 692

Using a nonstandard directory for a service 692

Using a nonstandard port for a service 693

Moving files and losing security context labels 693

Booleans set incorrectly 694

Putting It All Together 694

Obtaining More Information on SELinux 695

Summary 695

Exercises 696

Chapter 25: Securing Linux on a Network 699

Auditing Network Services 699

Evaluating access to network services with nmap 701

Using nmap to audit your network services advertisements 704

XXX

Contents

Controlling access to network services 708

Working with Firewalls 710

Understanding firewalls 710

Implementing firewalls 711

Starting with firewalld 712

Understanding the iptables utility 713

Using the iptables utility...; 716

Summary 724

Exercises 724

Part VI: Extending Linux into the Cloud 727

Chapter 26: Using Linux for Cloud Computing 729

Overview of Linux and Cloud Computing 729

Cloud hypervisors (a.k.a. compute nodes) 730

Cloud controllers 730

Cloud storage 731

Cloud authentication 731

Cloud deployment and configuration 732

Cloud platforms 732

Trying Basic Cloud Technology 732

Setting Up a Small Cloud 734

Configuring hypervisors 735

Step 1: Get Linux software 735

Step 2: Check your computers 735

Step 3: Install Linux on hypervisors 736

Step 4: Start services on the hypervisors 737

Step 5: Edit /etc/hosts or set up DNS 738

Configuring storage 738

Step 1: Install Linux software 738

Step 2: Configure NFS share 739

Step 3: Start the NFS service 739

Step 4: Mount the NFS share on the hypervisors 740

Creating virtual machines 740

Step 1: Get images to make virtual machines 741

Step 2: Check the network bridge 741

Step 3: Start Virtual Machine Manager (virt-manager) 741

Step 4: Check connection details 742

Step 5: Create a new virtual machine 743

Managing virtual machines 744

Migrating virtual machines 745

Step 1: Identify other hypervisors 745

Step 2: Migrate running VM to another hypervisor 746

Summary 747

Exercises 747

xxxi

Contents

Chapter 27: Deploying Linux to the Cloud 749

Getting Linux to Run in a Cloud 749

Creating Linux Images for Clouds 751

Configuring and running a cloud-init cloud instance 751

Investigating the cloud instance 753

Cloning the cloud instance 754

Trying an Ubuntu cloud image 756

Expanding your cloud-init configuration 757

Adding ssh keys with cloud-init 757

Adding network interfaces with cloud-init 758

Adding software with cloud-init 758

Using cloud-init in enterprise computing 759

Using OpenStack to Deploy Cloud Images 760

Starting from the OpenStack Dashboard 761

Configuring your OpenStack virtual network 761

Configuring keys for remote access 763

Launching a virtual machine in OpenStack 764

Accessing the virtual machine via ssh 765

Using Amazon EC2 to Deploy Cloud Images 765

Summary 766

Part VII: Appendixes 769

Appendix A: Media 771

Appendix B: Exercise Answers 781

Index 839

xxxii