10 Linux Administration, Networking, and Security To Aliena and Jesse Fedora 10 Linux Administration, Networking, and Security Richard Petersen Surfing Turtle Press Alameda, CA Please send inquires to: [email protected] Library of Congress Control Number: 2009901225 ISBN 0-9820998-3-5 ISBN-13 978-0-9820998-3-4 Copyright Richard Petersen, 2009 All rights reserved Copyright 2009 by Richard Petersen. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication., Information has been obtained by Surfing Turtle Press from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, Surfing Turtle Press, the author Richard Petersen, or others, Surfing Turtle Press does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from use of such information. Limit of Liability and Disclaimer of Warranty: The publisher and the author make no representation or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. The information and code in this book is provided on "as is" basis. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained here in may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. Surfing Turtle Press and anyone else who has been involved in the creation or production of the included code cannot and do not warrant the performance or results that may be obtained by using the code. Trademark Acknowledgements UNIX is a trademark of The Open Group Microsoft and MS-DOS are registered trademarks of Microsoft Corporation IBM and PC are registered trademarks of the International Business Machines Corporation Red Hat and Fedora are trademarks of Red Hat, Inc. and are trademarks of Red Hat, Inc See www.fedoraproject.org/wiki/Logo/ for more information is the Solar background image for Fedora 10 is a trademark of Surfing Turtle Press Preface This book is designed as an administration and security reference. Administration tools are covered as well as the underlying configuration files and system implementations. The emphasis is on what administrators will need to know to perform key administration and security tasks. Topics covered include user management, time server settings, start up configuration, software management, kernel configuration, SELinux, and file system management. Server tools are covered as well as the underlying configuration files and system implementations. Topics covered include network connections, IP network administration, software management, Upstart service management, runlevels, and the Network Time Protocol. Key servers are examined, including Web, FTP, CUPS printing, NFS, and Samba Windows shares. Network support servers and applications covered include the Squid proxy server, the Domain Name System (BIND) server, DHCP, and IPtables firewalls. The book is organized into six parts: system administration, security, and file system and device management, network services, shared resources, and network support. Part 1 focuses on administrative tasks such as managing users, managing software with PackageKit, customizing the kernel, and setting up virtual systems. Part 2 keys in on security tasks beginning with authorizations using PolicyKit. GPG encryption support with seahorse as well as the structure of public/private key encryption is covered. File and directory permissions, along with access controls are examined. SELinux tools and the format and command structure of SELinux configurations are discussed. SSH encryptions and Kerberos authentication are also examined. The security section ends with a detailed examination of IPtables firewalls and the system-config-firewall tool. Part 3 deals with file systems and devices. File systems formats are discussed in detail along with mount and encryption operations. LVM and Linux RAID are covered. For devices, both HAL and udev are examined in detail. Backup applications for your file systems are then discussed. Part 4 examines Internet servers as well as how all services are managed by Upstart using runlevels. Configuration and implementation of the Postfix mail server, the vsftpd FTP server, the Apache Web server, as well as news and database servers are covered in detail. Part 5 deals with servers that provide shared resources on a local network or the Internet. Services examined include the Cups printing server, NFS Linux network file server, and Samba Windows file and printing server, and the GFS distributed file system. Part 6 covers servers that provide network support: configuring network connections, the Squid proxy server, the Bind Domain Name System (DNS) server, DHCP servers, and IPv6 network addressing and monitoring. Overview Preface.......................................................................................................5 Overview....................................................................................................7 Contents ..................................................................................................11 Part 1: System Administration 1. Fedora 10 Introduction.......................................................................45 2. Basic System Administration.............................................................59 3. System Startup and Services.............................................................89 4. Installing and Updating Software....................................................121 5. System Information...........................................................................153 6. Managing Users................................................................................167 7. Kernel Administration.......................................................................191 8. Virtualization......................................................................................211 8 Overview Part 2: Security 9. Authorization .....................................................................................225 10. Encryption........................................................................................235 11. File and Directory Access...............................................................253 12. Security Enhanced Linux................................................................271 13. SSH, Kerberos, and IPsec...............................................................301 14. Firewalls...........................................................................................319 Part 3: Devices and File Systems 15. File System management................................................................353 16. LVM and RAID..................................................................................385 17. Devices.............................................................................................409 18. Backup..............................................................................................439 19. Shell Configuration..........................................................................455 Part 4: Network Services 20. Mail Servers .....................................................................................477 21. FTP....................................................................................................501 Overview 9 22. Web Servers....................................................................................517 23. News and Database Services.........................................................543 Part 5: Shared Resources 24. Print Services..................................................................................551 25. Network File Systems and Network Information Service: NFS and NIS..........................................................................................................579 26. Samba..............................................................................................599 27. Distributed Network File Systems.................................................627 Part 6: Network Support 28. Network Connections.....................................................................637 29. Proxy Servers: Squid......................................................................663 30. Domain Name System ....................................................................671 31. Network Auto-configuration with IPv6, DHCPv6, and DHCP.......717 32. Administering TCP/IP Networks....................................................733 Appendix A: Getting Fedora ................................................................769 Appendix B: Fedora Live DVD/CD.......................................................771 10 Overview Table Listing ..........................................................................................783 Figure Listing.........................................................................................789 Index.......................................................................................................797 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Description: