Version 4.0 Linux Administration II Linux as a Network Client $ echo tux tux $ ls hallo.c hallo.o $ /bin/su - Password: tuxcademy–LinuxandOpenSourcelearningmaterialsforeveryone www.tuxcademy.org [email protected] ⋅ ThistrainingmanualisdesignedtocorrespondtotheobjectivesoftheLPI-102(LPIC-1,version 4.0) certification exam promulgated by the Linux Professional Institute. Further details are availableinAppendixB. TheLinuxProfessionalInstitutedoesnotendorsespecificexampreparationmaterialsortech- niques. Fordetails,[email protected]. Thetuxcademyprojectaimstosupplyfreelyavailablehigh-qualitytrainingmaterialson LinuxandOpenSourcetopics–forself-study,school,higherandcontinuingeducation andprofessionaltraining. Pleasevisithttp://www.tuxcademy.org/!Docontactuswithquestionsorsuggestions. LinuxAdministrationII LinuxasaNetworkClient Revision:adm2:0cd011e4d0e3d9e9:2015-08-21 adm2:0cd20ee1646f650c:2015-08-21 1–13,B adm2:D6IMdRN77OjUKOKAMJE2Cq ©2015LinupFrontGmbH Darmstadt,Germany ©2015tuxcademy(AnselmLingnau) Darmstadt,Germany http://www.tuxcademy.org [email protected] ⋅ Linuxpenguin“Tux”©LarryEwing(CC-BYlicence) Allrepresentationsandinformationcontainedinthisdocumenthavebeencom- piledtothebestofourknowledgeandcarefullytested. However,mistakescannot beruledoutcompletely. Totheextentofapplicablelaw,theauthorsandthetux- cademyprojectassumenoresponsibilityorliabilityresultinginanywayfromthe useofthismaterialorpartsofitorfromanyviolationoftherightsofthirdparties. Reproduction of trade marks, service marks and similar monikers in this docu- ment,evenifnotspeciallymarked,doesnotimplythestipulationthatthesemay befreelyusableaccordingtotrademarkprotectionlaws. Alltrademarksareused without a warranty of free usability and may be registered trade marks of third parties. This document is published under the “Creative Commons-BY-SA 4.0 Interna- tional”licence. Youmaycopyanddistributeitandmakeitpublicallyavailableas longasthefollowingconditionsaremet: Attribution You must make clear that this document is a product of the tux- cademyproject. Share-Alike Youmayalter,remix,extend,ortranslatethisdocumentormodify orbuildonitinotherways,aslongasyoumakeyourcontributionsavailable underthesamelicenceastheoriginal. Furtherinformationandthefulllegallicensegrantmaybefoundat http://creativecommons.org/licenses/by-sa/4.0/ Authors: AnselmLingnau,TobiasElsner TechnicalEditor: AnselmLingnau [email protected] ⟨ ⟩ EnglishTranslation: AnselmLingnau TypesetinPalatino,OptimaandDejaVuSansMono $ echo tux tux $ ls hallo.c hallo.o $ /bin/su - Password: Contents 1 SystemLogging 13 1.1 TheProblem . . . . . . . . . . . . . . . . . . . . . 14 1.2 TheSyslogDaemon . . . . . . . . . . . . . . . . . . . 14 1.3 LogFiles . . . . . . . . . . . . . . . . . . . . . . . 17 1.4 KernelLogging . . . . . . . . . . . . . . . . . . . . 18 1.5 ExtendedPossibilities: Rsyslog . . . . . . . . . . . . . . . 18 1.6 The“nextgeneration”: Syslog-NG. . . . . . . . . . . . . . 22 1.7 Thelogrotate Program . . . . . . . . . . . . . . . . . . 26 2 SystemLoggingwithSystemdand“TheJournal” 31 2.1 Fundamentals . . . . . . . . . . . . . . . . . . . . . 32 2.2 Systemdandjournald . . . . . . . . . . . . . . . . . . 33 2.3 LogInspection. . . . . . . . . . . . . . . . . . . . . 35 3 TCP/IPFundamentals 41 3.1 HistoryandIntroduction . . . . . . . . . . . . . . . . . 42 3.1.1 TheHistoryoftheInternet . . . . . . . . . . . . . . 42 3.1.2 InternetAdministration . . . . . . . . . . . . . . . 42 3.2 Technology . . . . . . . . . . . . . . . . . . . . . . 44 3.2.1 Overview . . . . . . . . . . . . . . . . . . . . 44 3.2.2 Protocols. . . . . . . . . . . . . . . . . . . . . 45 3.3 TCP/IP . . . . . . . . . . . . . . . . . . . . . . . 47 3.3.1 Overview . . . . . . . . . . . . . . . . . . . . 47 3.3.2 End-to-EndCommunication: IPandICMP . . . . . . . . 48 3.3.3 TheBaseforServices: TCPandUDP. . . . . . . . . . . 51 3.3.4 TheMostImportantApplicationProtocols. . . . . . . . . 54 3.4 Addressing,RoutingandSubnetting. . . . . . . . . . . . . 56 3.4.1 Basics . . . . . . . . . . . . . . . . . . . . . . 56 3.4.2 Routing . . . . . . . . . . . . . . . . . . . . . 57 3.4.3 IPNetworkClasses . . . . . . . . . . . . . . . . . 58 3.4.4 Subnetting . . . . . . . . . . . . . . . . . . . . 58 3.4.5 PrivateIPAddresses . . . . . . . . . . . . . . . . 59 3.4.6 MasqueradingandPortForwarding . . . . . . . . . . . 60 3.5 IPv6. . . . . . . . . . . . . . . . . . . . . . . . . 61 3.5.1 IPv6Addressing . . . . . . . . . . . . . . . . . . 62 4 LinuxNetworkConfiguration 67 4.1 NetworkInterfaces . . . . . . . . . . . . . . . . . . . 68 4.1.1 HardwareandDrivers . . . . . . . . . . . . . . . . 68 4.1.2 ConfiguringNetworkAdaptersUsingifconfig . . . . . . . 69 4.1.3 ConfiguringRoutingUsingroute . . . . . . . . . . . . 70 4.1.4 ConfiguringNetworkSettingsUsingip . . . . . . . . . . 72 4.2 PersistentNetworkConfiguration . . . . . . . . . . . . . . 73 4.3 DHCP . . . . . . . . . . . . . . . . . . . . . . . . 76 4.4 IPv6Configuration . . . . . . . . . . . . . . . . . . . 77 4.5 NameResolutionandDNS . . . . . . . . . . . . . . . . 78 4 Contents 5 NetworkTroubleshooting 83 5.1 Introduction. . . . . . . . . . . . . . . . . . . . . . 84 5.2 LocalProblems. . . . . . . . . . . . . . . . . . . . . 84 5.3 CheckingConnectivityWithping . . . . . . . . . . . . . . 84 5.4 CheckingRoutingUsingtraceroute Andtracepath . . . . . . . . 87 5.5 CheckingServicesWithnetstat Andnmap . . . . . . . . . . . 90 5.6 TestingDNSWithhost Anddig . . . . . . . . . . . . . . . 93 5.7 OtherUsefulToolsForDiagnosis . . . . . . . . . . . . . . 95 5.7.1 telnet andnetcat . . . . . . . . . . . . . . . . . . 95 5.7.2 tcpdump. . . . . . . . . . . . . . . . . . . . . . 97 5.7.3 wireshark . . . . . . . . . . . . . . . . . . . . . 97 6 inetd andxinetd 99 6.1 OfferingNetworkServiceswithinetd. . . . . . . . . . . . . 100 6.1.1 Overview . . . . . . . . . . . . . . . . . . . . 100 6.1.2 inetd Configuration . . . . . . . . . . . . . . . . . 100 6.2 TheTCPWrapper—tcpd . . . . . . . . . . . . . . . . . 101 6.3 xinetd . . . . . . . . . . . . . . . . . . . . . . . . 104 6.3.1 Overview . . . . . . . . . . . . . . . . . . . . 104 6.3.2 xinetd Configuration. . . . . . . . . . . . . . . . . 104 6.3.3 Launchingxinetd . . . . . . . . . . . . . . . . . . 105 6.3.4 ParallelProcessingofRequests . . . . . . . . . . . . . 106 6.3.5 Replacinginetd byxinetd . . . . . . . . . . . . . . . 106 7 Networkserviceswithsystemd 109 7.1 IntroductoryRemarks . . . . . . . . . . . . . . . . . . 110 7.2 PersistentNetworkServices . . . . . . . . . . . . . . . . 110 7.3 SocketActivation . . . . . . . . . . . . . . . . . . . . 112 8 SystemTime 117 8.1 Introduction. . . . . . . . . . . . . . . . . . . . . . 118 8.2 ClocksandTimeonLinux. . . . . . . . . . . . . . . . . 118 8.3 TimeSynchronisationwithNTP . . . . . . . . . . . . . . 120 9 PrintingonLinux 127 9.1 Overview. . . . . . . . . . . . . . . . . . . . . . . 128 9.2 CommandsforPrinting . . . . . . . . . . . . . . . . . 129 9.3 CUPSConfiguration. . . . . . . . . . . . . . . . . . . 133 9.3.1 Basics . . . . . . . . . . . . . . . . . . . . . . 133 9.3.2 InstallingandConfiguringaCUPSServer. . . . . . . . . 135 9.3.3 MiscellaneousHints. . . . . . . . . . . . . . . . . 139 10 TheSecureShell 141 10.1 Introduction. . . . . . . . . . . . . . . . . . . . . . 142 10.2 LoggingIntoRemoteHostsUsingssh . . . . . . . . . . . . 142 10.3 OtherUsefulApplications: scp andsftp . . . . . . . . . . . . 145 10.4 Public-KeyClientAuthentication . . . . . . . . . . . . . . 146 10.5 PortForwardingUsingSSH . . . . . . . . . . . . . . . . 148 10.5.1 X11Forwarding . . . . . . . . . . . . . . . . . . 148 10.5.2 ForwardingArbitraryTCPPorts . . . . . . . . . . . . 149 11 ElectronicMail 153 11.1 Fundamentals . . . . . . . . . . . . . . . . . . . . . 154 11.2 MTAsforLinux . . . . . . . . . . . . . . . . . . . . 154 11.3 BasicFunctionality . . . . . . . . . . . . . . . . . . . 155 11.4 ManagingTheMailQueue . . . . . . . . . . . . . . . . 156 11.5 LocalDelivery,AliasesAndUser-SpecificForwarding . . . . . . 156 5 12 IntroductiontoGnuPG 159 12.1 AsymmetricCryptographyandthe“WebofTrust” . . . . . . . 160 12.2 GeneratingandManagingGnuPGKeys. . . . . . . . . . . . 163 12.2.1 GeneratingKeyPairs . . . . . . . . . . . . . . . . 163 12.2.2 PublishingaPublicKey . . . . . . . . . . . . . . . 165 12.2.3 ImportingandSigningPublicKeys . . . . . . . . . . . 166 12.3 EncryptingandDecryptingData . . . . . . . . . . . . . . 169 12.4 SigningFilesandVerifyingSignatures . . . . . . . . . . . . 171 12.5 GnuPGConfiguration . . . . . . . . . . . . . . . . . . 173 13 LinuxandSecurity: AnIntroduction 175 13.1 Introduction. . . . . . . . . . . . . . . . . . . . . . 176 13.2 FileSystemSecurity . . . . . . . . . . . . . . . . . . . 176 13.3 UsersandFiles. . . . . . . . . . . . . . . . . . . . . 179 13.4 ResourceLimits . . . . . . . . . . . . . . . . . . . . 182 13.5 AdministratorPrivilegesWithsudo. . . . . . . . . . . . . . 186 13.6 BasicNetworkingSecurity . . . . . . . . . . . . . . . . 190 A SampleSolutions 193 B LPIC-1Certification 203 B.1 Overview. . . . . . . . . . . . . . . . . . . . . . . 203 B.2 ExamLPI-102 . . . . . . . . . . . . . . . . . . . . . 203 B.3 LPIObjectivesInThisManual . . . . . . . . . . . . . . . 204 C CommandIndex 211 Index 213 $ echo tux tux $ ls hallo.c hallo.o $ /bin/su - Password: List of Tables 1.1 syslogd facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 1.2 syslogd priorities(withascendingurgency) . . . . . . . . . . . . . . 15 1.3 FilteringfunctionsforSyslog-NG . . . . . . . . . . . . . . . . . . . . 24 3.1 CommonapplicationprotocolsbasedonTCP/IP . . . . . . . . . . . 55 3.2 Addressingexample . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 3.3 TraditionalIPNetworkClasses . . . . . . . . . . . . . . . . . . . . . 58 3.4 SubnettingExample. . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 3.5 PrivateIPaddressrangesaccordingtoRFC1918 . . . . . . . . . . . 59 4.1 Optionswithin/etc/resolv.conf . . . . . . . . . . . . . . . . . . . . . 79 5.1 Importantping options . . . . . . . . . . . . . . . . . . . . . . . . . . 86 6.1 Textsubstitutionsincommandentriesin/etc/hosts.allow and/etc/ hosts.deny . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 6.2 Attributesinthe/etc/xinetd.conf file . . . . . . . . . . . . . . . . . . 105 6.3 xinetd andsignals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 13.1 Accesscodesforprocesseswithfuser . . . . . . . . . . . . . . . . . . 181 $ echo tux tux $ ls hallo.c hallo.o $ /bin/su - Password: List of Figures 1.1 Exampleconfigurationforlogrotate (DebianGNU/Linux8.0) . . . 27 2.1 Completelogoutputofjournalctl . . . . . . . . . . . . . . . . . . . . 38 3.1 Protocolsandserviceinterfaces . . . . . . . . . . . . . . . . . . . . . 46 3.2 ISO/OSIreferencemodel . . . . . . . . . . . . . . . . . . . . . . . . 46 3.3 StructureofanIPdatagram . . . . . . . . . . . . . . . . . . . . . . . 49 3.4 StructureofanICMPpacket . . . . . . . . . . . . . . . . . . . . . . . 50 3.5 StructureofaTCPSegment . . . . . . . . . . . . . . . . . . . . . . . 51 3.6 StartingaTCPconnection: TheThree-WayHandshake . . . . . . . 52 3.7 StructureofaUDPdatagram . . . . . . . . . . . . . . . . . . . . . . 53 3.8 The/etc/services file(excerpt) . . . . . . . . . . . . . . . . . . . . . . 54 4.1 /etc/resolv.conf example . . . . . . . . . . . . . . . . . . . . . . . . . 79 4.2 The/etc/hosts file(SUSE) . . . . . . . . . . . . . . . . . . . . . . . . . 80 7.1 UnitfileforSecureShelldaemon(Debian8) . . . . . . . . . . . . . . 114 9.1 Themime.types file(excerpt) . . . . . . . . . . . . . . . . . . . . . . . . 133 9.2 The/etc/cups/mime.convs file(excerpt) . . . . . . . . . . . . . . . . . . 134 9.3 TheCUPSwebinterface . . . . . . . . . . . . . . . . . . . . . . . . . 135 9.4 TheCUPSwebinterface: Printermanagement . . . . . . . . . . . . 136 9.5 TheCUPSwebinterface: Addingaprinter . . . . . . . . . . . . . . 136 9.6 An/etc/cups/printers.conf file(excerpt) . . . . . . . . . . . . . . . . . 138