cyan yeLLoW MaGenTa BLack Books for professionaLs By professionaLs® The experT’s Voice® in Linux Companion eBook Linux System Administration Recipes: Available A Problem-Solution Approach L i Linux Dear Reader, n u I decided to write this book based on my own experience as a sysadmin, having to deal with the wide variety of challenges, bugs, and problems that come up on x a daily basis. The sheer scope of the job is both its biggest joy and its biggest chal- lenge. S Linux sysadmins can use any number of tools in their jobs—as the Perl maxim y says, “There’s more than one way to do it.” This book covers many of those tools s in a fast, accessible format. It’s aimed at the busy sysadmin who wants quick tips to solve problems (and avoid future problems) now. It’ll be particularly helpful if t you are, as I have been, a solo admin who is responsible for support and setup e System Administration across all levels of your network (from user-facing to back-end systems). m In Linux System Administration Recipes, you’ll find a quick-start guide for several networking and provisioning technologies (LDAP, Kerberos, Nagios, and A Puppet), as well as tips to help out with common and not-so-common problems. This book is designed so that you can flip through the pages, find the stand-alone d recipe you need, and use it right away. Recipes m If you already know which end of a server is which but want to improve your abilities, increase the options in your toolbox, and have a useful reference in hand i the next time you encounter a problem, this book is for you. n i Juliet Kemp s t r a THE APRESS ROADMAP A Problem-Solution Approach t Automating Linux and Unix System Pro Bash Programming: Administration, Second Edition Scripting the Linux Shell i o Beginning the n Linux Command Line Beginning Portable Shell Scripting Companion eBook R Recipes for the working sysadmin Linux System Beginning Perl, 2nd Edition Administration Recipes e to save you time and hassle c See last page for details i on $10 eBook version p THE APRESS ROADMAP Beginning the e Linux Command Line s Automating Linux and Unix System Beginning Portable Beginning Perl, Juliet Kemp SOURCE CODE ONLINE Administration, Second Edition Shell Scripting 2nd Edition K www.apress.com (cid:41)(cid:51)(cid:34)(cid:46)(cid:0)(cid:25)(cid:23)(cid:24)(cid:13)(cid:17)(cid:13)(cid:20)(cid:19)(cid:16)(cid:18)(cid:13)(cid:18)(cid:20)(cid:20)(cid:25)(cid:13)(cid:21) e m Pro Bash Programming: Linux S(cid:21)yst(cid:19)em(cid:20) (cid:25)(cid:25) Scripting the Linux Shell Administration Recipes p US $34.99 Shelve in Linux User level: Beginner–Intermediate (cid:25) (cid:23)(cid:24)(cid:17)(cid:20)(cid:19)(cid:16) (cid:18)(cid:18)(cid:20)(cid:20)(cid:25)(cid:21) this print for content only—size & color not accurate trim = 7.5" x 9.25" spine = 0.65625" 288 page count Download at WoweBook.Com Linux System Administration Recipes A Problem-Solution Approach ■ ■ ■ Juliet Kemp i Download at WoweBook.Com Linux System Administration Recipes: A Problem-Solution Approach Copyright © 2009 by Juliet Kemp All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-13 (pbk): 978-1-4302-2449-5 ISBN-13 (electronic): 978-1-4302-2450-1 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. Lead Editor: Frank Pohlmann Technical Reviewer: Sean Purdy Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Tony Campbell, Gary Cornell, Jonathan Gennick, Jonathan Hassell, Michelle Lowman, Matthew Moodie, Jeffrey Pepper, Frank Pohlmann, Douglas Pundick, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh Project Manager: Kylie Johnston, Sofia Marchant Copy Editor: Kim Wimpsett Production Support: Patrick Cunningham Indexer: Ron Strauss and Ann Rogers Artist: April Milne Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax 201-348-4505, e-mail [email protected], or visit http://www.springeronline.com. For information on translations, please contact Apress directly at 233 Spring Street, New York, NY 10013. E-mail [email protected], or visit http://www.apress.com. Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Special Bulk Sales–eBook Licensing web page at http://www.apress.com/info/bulksales. The information in this book is distributed on an “as is” basis, without warranty. Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work. The source code for this book is available to readers at http://www.apress.com. ii Download at WoweBook.Com iii Download at WoweBook.Com Contents at a Glance ■ About the Author................................................................................................xiv ■ About the Technical Reviewer.............................................................................xv ■ Acknowledgments..............................................................................................xvi ■ Introduction.......................................................................................................xvii ■ Chapter 1: Saving Yourself Effort..........................................................................1 ■ Chapter 2: Centralizing Your Network: Kerberos, LDAP, and NFS.......................21 ■ Chapter 3: Monitoring and Updating...................................................................63 ■ Chapter 4: Taking Backups and Managing Data..................................................95 ■ Chapter 5: Working with Filesystems................................................................119 ■ Chapter 6: Securing Your Systems....................................................................135 ■ Chapter 7: Working with Apache.......................................................................157 ■ Chapter 8: Using the Command Line Better.......................................................171 ■ Chapter 9: Working with Text in Files ...............................................................185 ■ Chapter 10: Things Going In, Things Going Out.................................................203 ■ Chapter 11: Tracking Down Bugs......................................................................213 ■ Chapter 12: Managing Time and People............................................................231 ■ Appendix: Perl Tips............................................................................................247 ■ Index..................................................................................................................253 iv Download at WoweBook.Com Contents ■ About the Author................................................................................................xiv ■ About the Technical Reviewer.............................................................................xv ■ Acknowledgments..............................................................................................xvi ■ Introduction.......................................................................................................xvii ■ Chapter 1: Saving Yourself Effort..........................................................................1 1-1. Documentation: Knowing It’s a Good Thing............................................................1 1-2. Documentation: Keeping Track of What You’re Doing.............................................1 1-3. Documentation: Using a Wiki..................................................................................2 1-4. Documentation: Running Multiple Independent Wikis on the Same Install.............3 1-5. Scripting: Setting the Display Style.........................................................................7 1-6. Dealing with Variables in Perl.................................................................................7 1-7. Testing Scripts Fully................................................................................................9 1-8. Version Control: Using Subversion Aliases............................................................10 1-9. Version Control: Adding Labels to Subversion Log Messages...............................11 1-10. Version Control: Adding Multiple Files to Subversion..........................................11 1-11. Version Control: Telling Subversion to Ignore Files.............................................13 1-12. Subversion: Dividing Repositories.......................................................................14 1-13. Subversion: Branching Repositories...................................................................15 1-14. Subversion: Merging Repositories......................................................................16 1-15. Testing: Knowing It’s a Good Thing.....................................................................16 1-16. Reinventing the Wheel........................................................................................18 ■ Chapter 2: Centralizing Your Network: Kerberos, LDAP, and NFS.......................21 2-1. Setting Up Kerberos Authentication......................................................................21 How Kerberos Works.......................................................................................21 2-1a. Server Installation and Configuration....................................................22 2-1b. Kerberos Client Setup............................................................................26 2-2. Setting Up Kerberos SSH and Logon.....................................................................26 Troubleshooting..............................................................................................28 v Download at WoweBook.Com ■ CONTENTS 2-3. Setting Up an LDAP Server....................................................................................28 2-3a. OpenSSL................................................................................................29 2-3b. LDAP Server...........................................................................................30 2-4. Finishing the LDAP Setup: Authenticating with Kerberos......................................32 Setting Up the Database.................................................................................33 Testing!...........................................................................................................34 Troubleshooting..............................................................................................35 2-5. Populating the LDAP Database..............................................................................35 2-6. Setting Up the LDAP Client....................................................................................38 Troubleshooting..............................................................................................39 2-7. Using LDAP............................................................................................................40 ldapsearch......................................................................................................40 ldapadd...........................................................................................................41 ldapmodify......................................................................................................41 ldapdelete.......................................................................................................42 2-8. Setting Up a Slave LDAP Server............................................................................42 Troubleshooting..............................................................................................45 2-9. Setting Up Kerberos Replication............................................................................47 Troubleshooting..............................................................................................48 2-10. Adding a New User to LDAP with a Script...........................................................49 2-11. Modifying and Deleting Using LDAP Scripts........................................................52 Deleting Entries...............................................................................................53 2-12. Querying LDAP with a Script...............................................................................55 2-13. Adding Your Own Fields to LDAP.........................................................................57 2-14. Using NFS and automount...................................................................................59 2-15. Connecting Macs to a Linux NFS Server.............................................................60 2-16. Improving NFS Performance...............................................................................60 ■ Chapter 3: Monitoring and Updating...................................................................63 3-1. Nagios: Setting Up Centralized Monitoring............................................................63 3-2. Adding Another Host to Nagios.............................................................................67 3-3. Using Templates in Nagios....................................................................................67 3-4. Using Hostgroups and Services in Nagios.............................................................68 3-5. Setting Up Nagios Alerts.......................................................................................69 3-6. Defining Nagios Commands..................................................................................71 vi Download at WoweBook.Com ■ CONTENTS 3-7. Writing a Nagios Plug-In........................................................................................71 3-8. Setting Up the NRPE Plug-in for Nagios................................................................73 3-9. Enabling External Commands in Nagios................................................................76 3-10. Synchronizing Your Root Setup...........................................................................78 3-11. Setting Up Puppet................................................................................................79 Setting Up a Client...........................................................................................80 Setting Up Your Site Manifest.........................................................................81 3-12. Creating Puppet and Resource Dependencies....................................................83 3-13. Puppet: Managing Other Types...........................................................................83 3-14. Setting Up Nodes in Puppet.................................................................................85 3-15. Defining Your Puppet Nodes in LDAP..................................................................86 3-16. Puppet: Using Facter and Templates..................................................................88 Custom Facts..................................................................................................90 Other Variables................................................................................................90 3-17. Using ClusterSSH................................................................................................91 ■ Chapter 4: Taking Backups and Managing Data..................................................95 4-1. Calculating Your Network’s Total Disk Size and Current Usage...........................96 4-2. Finding Out How Often Your Files Change.............................................................99 4-3. Backing Up Your Wiki..........................................................................................100 4-4. Backing Up MySQL..............................................................................................102 4-5. Backing Up Kerberos and LDAP..........................................................................103 4-6. Performing a Rapid Restore with Automated rsync............................................104 4-7. Using rsync with SSH Keys.................................................................................108 4-8. Creating an Off-Site Backup via E-mail...............................................................110 4-9. Using anacron for Laptop Backups.....................................................................112 4-10. Performing Basic Data Recovery: fsck and dd..................................................113 4-11. Using Foremost to Retrieve Data.......................................................................116 4-12. Rescuing Data: Autopsy....................................................................................116 4-13. Securely Wiping Data........................................................................................118 ■ Chapter 5: Working with Filesystems................................................................119 5-1. Changing ext2 to ext3 with tune2fs....................................................................119 5-2. Making Changes to Automatic fsck Checking.....................................................120 5-3. Saving Space on Large Filesystems and Directories..........................................121 5-4. Working with Disks, UUID, and Labels................................................................121 vii Download at WoweBook.Com ■ CONTENTS 5-5. Resizing Partitions on the Fly..............................................................................123 With a Nearly Full Disk..................................................................................126 5-6. Using RAID Arrays and mdadm...........................................................................128 mdadm..........................................................................................................129 5-7. Using rsnapshot..................................................................................................130 5-8. Working with Other Filesystems.........................................................................132 ext4...............................................................................................................133 XFS................................................................................................................134 ■ Chapter 6: Securing Your Systems....................................................................135 6-1. Using and Limiting SSH Keys..............................................................................135 6-2. Managing Keys with Keychain............................................................................137 6-3. Limiting rsync Over ssh.......................................................................................138 6-4. ssh Options: Keeping Your Connection Alive.......................................................140 6-5. ssh Options: Minimizing Typing..........................................................................141 6-6. Transferring Files Over an Existing ssh Connection............................................142 6-7. Kerberizing Your SSH Setup................................................................................143 6-8. Setting and Enforcing a Password Policy with Kerberos....................................144 6-9. Setting and Enforcing Password Policy with pam_cracklib................................146 6-10. Checking the Password Policy..........................................................................147 6-11. Limiting sudo.....................................................................................................148 6-12. sudo: Figuring Out Which Password to Use......................................................149 6-13. Stopping Brute-Force Attacks with iptables.....................................................151 6-14. Monitoring for Break-ins with chkrootkit..........................................................152 6-15. Using cron-apt to Keep Updated.......................................................................154 ■ Chapter 7: Working with Apache.......................................................................157 7-1. Using the apache2 Command Line......................................................................157 7-2. Apache2: Dealing with Modules..........................................................................160 7-3. Setting Up an SSL Certificate for Apache2..........................................................162 7-4. Compiling and Configuring Apache with SSL......................................................164 Testing..........................................................................................................166 Troubleshooting............................................................................................166 7-5. Securing Your Web Site with htaccess...............................................................167 7-6. Securing Your Web Site: Apache with Kerberos.................................................169 viii Download at WoweBook.Com
Description: