- •About the Author
- •Credits
- •How This Book Is Organized
- •Part I: Linux Basics
- •Part II: Installation
- •Part III: Configuration
- •Part IV: Administration
- •Part V: Maintaining the Linux System
- •How Each Chapter Is Structured
- •How to Use This Book
- •Conventions Used in This Book
- •What is Linux?
- •The origin of UNIX
- •Who started Linux?
- •Understanding Open Source
- •Understanding Closed Source
- •Understanding Artistic License
- •Is Freeware really free?
- •Is Shareware never free?
- •A comparison and contrast of licensing methods
- •The Growth of Linux
- •Linux on a Personal Computer
- •Graphical installation
- •Hardware detection
- •Graphical user interface
- •Linux limitations on the PC
- •Linux succeeds on the PC
- •Linux on workstations
- •Linux on servers
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Linux Kernel
- •Kernel versions
- •Kernel availability
- •Linux Distributions
- •Beehive
- •BlueCat
- •Caldera OpenLinux
- •Debian
- •Corel
- •DragonLinux
- •Elfstone
- •Gentoo
- •Hard Hat Linux
- •KRUD
- •LinuxPPC
- •Mandrake
- •Phat Linux
- •Slackware
- •StormLinux
- •SuSE
- •TurboLinux
- •Yellow Dog Linux
- •Mini and Specialty Distributions
- •Astaro
- •KYZO
- •FlightLinux
- •NetMAX
- •Packages and Packaging Solutions
- •Red Hat Package Manager
- •Debian Package Management System
- •Tarball
- •Linux Resources
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Linux In the Real World
- •Word Processing
- •Spreadsheets and databases
- •Web browsing
- •File transfer
- •More, more, and more applications
- •The Server and DNS
- •A Linux Web server
- •Linux e-mail server
- •File servers
- •Proxy, news, and search servers
- •FTP servers
- •Firewalls
- •Determining Linux Roles and Services
- •Comparing Linux with other operating systems
- •Hardware compatibility
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Installing Linux
- •Final Preparations for Installation
- •Verification
- •Package selection
- •Final hardware verification
- •Pre-installation partitioning planning
- •Installing Linux
- •Text or GUI installation
- •Basic setup of Linux
- •Selecting the machine type
- •Partitioning the hard disk drive
- •Installing a boot manager
- •Creating the Boot Diskette
- •Networking
- •Additional installation information
- •Accounts and passwords
- •Additional packages to install
- •GUI installation
- •Obtaining video card information
- •Configuring the X windows system
- •Selecting the windows manager or desktop environment
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Answers to Assessment Questions
- •Scenarios
- •Alternative to the GUI Installation
- •Command Line installation
- •Install the Linux system
- •Network installations of Linux
- •Review of a Linux Installation
- •Installation media
- •Initial selections
- •Installation type or class
- •Disk partitioning and formatting
- •Installing LILO
- •Network configuration
- •User accounts
- •Authentication methods
- •Package selection and installation
- •A Dual-Boot Installation of Linux
- •Linux with Microsoft Windows
- •Linux with Microsoft Windows NT and 2000
- •Linux and Solaris
- •Linux and other operating systems
- •Installing Additional Software with gzip and tar
- •Installing Additional Software with RPM
- •Removing software with RPM
- •Upgrading software with RPM
- •Query the RPM software
- •Verify the RPM software
- •Verify the package files
- •Upgrading the Kernel
- •Upgrading a Linux Kernel
- •System Log Files
- •The Final Test of the Installation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •What is the X Window System?
- •The X Window System
- •X Client and Server communications
- •X Window Manager
- •Configuring X Window Systems
- •Custom X Window System Programs
- •Manual Configuration of the X Window System
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Basic Network Services
- •TCP/IP Protocol Suite
- •Connection protocols needed
- •Other network protocols
- •Configuring Basic Network Services
- •Host name
- •IP addressing
- •DHCP
- •Netmask
- •Hardware resources
- •Routing and gateways
- •PPP, SLIP and PLIP connections
- •Server Tasks with
- •IP aliases for virtual hosts
- •Apache Web Server
- •Samba File Server
- •Home directories
- •Disk shares
- •Configuring Client Services
- •SMB/CIFS
- •NIS client configuration
- •NFS client configuration
- •Configuring Internet Services
- •Web browser
- •POP and SMTP
- •TFTP
- •SNMP
- •Remote Access
- •Rlogin
- •Telnet
- •OpenSSH
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Adding Hardware
- •Memory
- •Swap
- •Adding a hard drive
- •Video and monitor
- •Printers
- •Configuration files
- •Setting environment variables
- •BASH
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Basic User and Group Administration
- •What are users and groups?
- •Creating users
- •Change user information
- •Deleting users
- •Creating groups
- •Getting Around Linux
- •Navigating Linux
- •Common file and directory commands
- •Setting File and Directory Permissions
- •Mounting and Managing File Systems
- •Mount
- •Umount
- •Mounted file systems
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Multi-User Environment
- •The creation of Virtual Consoles
- •The Linux Terminal Server Project
- •Configurations for remote systems
- •Monitoring remote connections
- •Common Shell Commands
- •Basic shell scripts
- •Caution using root access
- •Navigating the GUI interface
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Runlevels
- •init
- •Shutting down Linux
- •Managing Linux Services
- •Configuring Linux Printing
- •lpd daemon
- •/etc/printcap
- •Printing management
- •Using the vi Editor
- •vi operation modes
- •Editing text files
- •Using the
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Disk and File System Management
- •Repairing Partitions
- •System Automation and Scheduling
- •cron
- •Core Dumps
- •Analyzing core dumps
- •GNU Debugger
- •Managing Networking Interfaces
- •Installing System Packages and Patches
- •Compressed archive
- •Debian Package Installer
- •Slackware Package Installation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Processes
- •Core services versus non-critical services
- •Process administration
- •Process control
- •Monitoring Log Files
- •Maintaining Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Security
- •Securing the Environment
- •Location
- •Environment
- •System Security
- •System/user files
- •Permissions
- •Log auditing
- •Backups
- •Linux Security Best Practices
- •Network security
- •Firewall
- •System security
- •Securing a Web server
- •Securing an FTP server
- •FTP program version
- •FTP configuration files
- •Process security
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Disaster Recovery Planning
- •Types of data
- •Frequency and Scheduling
- •Storage and media types
- •Recovering data
- •Offsite storage
- •Linux Backup Tools and Commands
- •Third party tools
- •Tape devices
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Identifying the Problem
- •Methodology and Best Practices
- •Troubleshooting Resources
- •Documentation resources
- •Internet resources
- •System Log Files
- •Tools for Log Files
- •Output to another file
- •Locating files
- •Process Configuration and Management
- •Stopping, Starting, and Restarting Processes
- •Configuration Files
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Examining the Startup Process
- •Boot process steps
- •Analyzing Boot Process Errors
- •Common Boot Problems
- •Using System Status Tools
- •File System Check
- •System Resource Commands
- •Using the System Boot Disk
- •Types of boot disks
- •Creating a boot disk
- •Creating a rescue/utility disk
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Common User Problems
- •Login problems
- •File and directory permissions
- •Printing problems
- •Mail problems
- •Software Package Problems
- •Package dependencies
- •Software and version conflicts
- •Backup and Restore Errors
- •Backup hardware
- •Backup software
- •File restore errors
- •Application Failures
- •Log files
- •Process and daemon errors
- •Web server errors
- •Telnet
- •Mail services
- •Basic Networking Troubleshooting
- •Networking connectivity
- •Network hardware problems
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Mainboard Components
- •BIOS
- •System memory
- •System Resources
- •I/O addresses
- •Direct memory access
- •Laptop Considerations
- •PCMCIA
- •Linux Peripheral Configuration
- •Installing and Configuring SCSI Devices
- •SCSI definitions
- •SCSI technologies
- •SCSI cabling and termination
- •SCSI device configuration
- •Linux SCSI devices
- •ATA/IDE Devices
- •IDE drive configuration
- •Linux ATA/IDE Drive configuration
- •Linux Support for Other Devices
- •IEEE 1394 (Firewire)
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •What’s on the CD-ROM
- •System Requirements
- •Using the CD with Microsoft Windows
- •Using the CD with Linux
- •Microsoft Windows applications
- •Linux applications
- •Troubleshooting
- •Sample Exam
- •Exam Questions
- •Exam Answers
- •Taking a CompTIA Exam
- •How to register for an exam
- •What to expect at the testing center
- •Your exam results
- •If you don’t receive a passing score
- •About the Linux + Exam
- •Preparing for the Linux+ Exam
- •For More Information
- •Preamble
- •No Warranty
- •Glossary
- •Index
452 Chapter 14 Study Guide
You should be able to get a prompt for these services. Afterwards, turn these services off.
2.Logged in as root, switch to the /etc directory, and use any text editor — vi, for example — to edit the file inetd.conf
vi inetd.conf
3.The file contains listings of popular services. Turn off the FTP and telnet services because the server is not going to be an FTP server, and you should always use SSH to remotely administer the machine.
Look for these lines in the file:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l-a telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
4.To disable the services, simply comment them out of the file. Using the vi editor, add a “#” sign in front of these two statements so they look like the following:
#ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l-a #telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
5.Restart the inetd daemon and reload the configuration file to enable the new settings:
killall -HUP inetd
6.Try to telnet and FTP to the system; it should tell you that the connection was refused because you have turned off the services.
ftp localhost telnet localhost
Answers to Chapter Questions
Chapter Pre-test
1.The longer a password remains on an account, the easier it can be cracked or guessed through brute force methods.
2.If users are on a data-specific contract, you should set the expiration date for their last day to ensure they can’t access the system when they are no longer employees.
3.You can set the SUID (Set-User-ID) permission to allow a user to run an application with the privileges of the owner of that file.
4.Creating separate partitions enhances security by keeping system files separate from user operations, where they won’t be able to affect them.
5.Only the system administrators and one or two key members of management should know the root password.
Chapter 14 Study Guide 453
6.By periodically auditing your filesystems, you can keep track of any odd behavior, such as repeated attempts at failed logins or file access. This should be a warning flag that an unauthorized user is attempting to access the system.
7.SUID and GUID stand for Set-User-ID and Set-Group-ID, respectively, which are permissions that can be set on executable files to allow users to run that file as if they were the file’s owner.
8.A firewall can filter incoming network traffic so that only authorized network traffic can reach the local network.
9.If that application or daemon is using a root account, the service can be exploited, and an attacker may be able to gain root access through a vulnerability with that service.
10.Telnet and FTP use unencrypted clear text within their sessions, which can easily be picked up by unauthorized users using network analyzing devices.
Assessment Questions
1.B. By updating your kernel and package versions, you can ensure that you are using the latest versions that contain the most recent security updates. For review, see the “System Security” section.
2.A. Telnet is a very insecure method of remotely logging in to a Linux system, because the session is sent across the network with unencrypted text, and someone can easily use a network tool to find out the password. For review, see the “Remote logins” section.
3.C. Because the contract will run out in six months, the administrator should set the expiration date for their account at that time, so that if the employee leaves or does not have their contract renewed, the account will be automatically disabled. For review, see the “User account and password management” section.
4.D. The finger service should be disabled because a remote user can get important information about the system by using that command. The other services are essential for this system to function. For review, see the “inetd services” section.
5.C. The tapes should be sent to an offsite storage facility. This prevents the tapes from being destroyed during a natural disaster at the server site. It also prevents the tapes from being stolen. For review, see the “System Security” section.
6.B. When a user logs in to the server, they are immediately put into the root directory of the system, which gives the person a full view of the entire server. The FTP root directory should be in its own directory, away from any system critical files. For review, see the “Securing an FTP server” section.
7.A. To enhance password security, the minimum length should be set for at least six to eight characters. No rules exist for having ordered or capital letters; multiple users can duplicate a password. For review, see the “User account and password management” section.
454 Chapter 14 Study Guide
8.C. By removing the “Options Indexes” directive from the configuration file, the server won’t show directory listings if requested by a user. This is a security measure so that remote users can’t scan the directory tree of the server looking for security holes. For review, see the “Securing a Web server” section.
9.D. By enabling shadow password, the /etc/passwd file is “shadowed” to /etc/shadow, where only the root user can access the file, and the file is encrypted. For review, see the “Password encryption” section.
10.D. All of these services should be disabled if the server is not being used for mail purposes. Leaving them running can increase the chance of a security vulnerability being exploited, and unauthorized use of sendmail relay. For review, see the “inetd services” section.
11.A. Your root password should be immediately changed from your initial installation to a more secure password. For review, see the “System Security” section.
12.C. To prevent further use of the account, which is an immediate security risk, disable it and set a temporary password for the user for the next time they login. For review, see the “User account and password management” section.
13.D. Environmental security is helpful, but the most important security aspect of a server room is its ability to be secured and locked from unauthorized users. For review, see the “Securing the Environment” section.
14.D. Because the system administrator knows the root password for the system, it should be changed immediately to prevent them from tampering with the system. For review, see the “System Security” section.
15.A. The anonymous FTP account should be disabled, so that only users with a username and password can access the system. For review, see the “Securing an FTP server” section.
16.B. The Set-User-ID is a special permission that can be set on executable files so that anyone running that application can do so with the equivalent permissions of the owner of that file. This is a dangerous permission because it can create security vulnerabilities when the file owner is a root login. For review, see the “Process security” section.
17.C. By enabling password rotation, the administrator can set up a time period for which the users must change their password; for example, every 90 days. For review, see the “User account and password management” section.
18.B. SSH (secure shell) is the most secure method of remotely connecting to a system because it encrypts the entire session. Traditional access methods such as telnet or FTP use clear text during their sessions, which can be easily intercepted by unauthorized users. For review, see the “Remote logins” section.
19.A. Encryption using md5 algorithms allows encrypted passwords of up to 256 characters in length. For review, see the “Password encryption” section.
20.D. A firewall is used to filter packets coming into a local network in order to protect internal systems from external networks, such as the Internet. For review, see the “Network security” section.
Chapter 14 Study Guide 455
Scenarios
1.You can configure many different settings to enhance account and password security.
•The minimum password length should be set to six to eight characters.
•Password rotation should be set up so that users are required to change their passwords periodically. A good setting is between 90-180 days.
•Expiration dates should be set on accounts for contract or temporary employees.
•An account should be locked after a certain amount of failed login attempts. A good setting is three to five attempts.
2.Because the company’s network has no network protection, the first item to set up is a firewall. This will filter incoming network packets, and only allow certain protocols and networks to access the system. It should be set up so that only users on the local network can access the machine.
The original Web server was set up with the DocumentRoot setting set to the root filesystem. The Web documents should be in their own directory or partition, away from critical system files. Create a new directory called /home/ httpd/docs, and set the DocumentRoot to this new location.
Backing Up Your |
C H A P T E R |
15 |
Linux System
EXAM OBJECTIVES
5.10 Perform and verify backups and restores
458 Part V Maintaining the Linux System
CHAPTER PRE-TEST
1.What do you use the dump command for?
2.Why should Linux system files be backed up?
3.What is the purpose of the cpio command?
4.Why should restores not be sent to the original location?
5.What is the importance of offsite storage?
6.How often should you back up critical user data?
7.What is the purpose of the tar command?
8.What backup method backs up all files that have been modified since the last full backup?
9.What is the purpose of the restore command?
10.What backup method backs up only files that have been modified since the last backup?
Answers to these questions can be found at the end of the chapter.