- •About the Author
- •Credits
- •How This Book Is Organized
- •Part I: Linux Basics
- •Part II: Installation
- •Part III: Configuration
- •Part IV: Administration
- •Part V: Maintaining the Linux System
- •How Each Chapter Is Structured
- •How to Use This Book
- •Conventions Used in This Book
- •What is Linux?
- •The origin of UNIX
- •Who started Linux?
- •Understanding Open Source
- •Understanding Closed Source
- •Understanding Artistic License
- •Is Freeware really free?
- •Is Shareware never free?
- •A comparison and contrast of licensing methods
- •The Growth of Linux
- •Linux on a Personal Computer
- •Graphical installation
- •Hardware detection
- •Graphical user interface
- •Linux limitations on the PC
- •Linux succeeds on the PC
- •Linux on workstations
- •Linux on servers
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Linux Kernel
- •Kernel versions
- •Kernel availability
- •Linux Distributions
- •Beehive
- •BlueCat
- •Caldera OpenLinux
- •Debian
- •Corel
- •DragonLinux
- •Elfstone
- •Gentoo
- •Hard Hat Linux
- •KRUD
- •LinuxPPC
- •Mandrake
- •Phat Linux
- •Slackware
- •StormLinux
- •SuSE
- •TurboLinux
- •Yellow Dog Linux
- •Mini and Specialty Distributions
- •Astaro
- •KYZO
- •FlightLinux
- •NetMAX
- •Packages and Packaging Solutions
- •Red Hat Package Manager
- •Debian Package Management System
- •Tarball
- •Linux Resources
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Linux In the Real World
- •Word Processing
- •Spreadsheets and databases
- •Web browsing
- •File transfer
- •More, more, and more applications
- •The Server and DNS
- •A Linux Web server
- •Linux e-mail server
- •File servers
- •Proxy, news, and search servers
- •FTP servers
- •Firewalls
- •Determining Linux Roles and Services
- •Comparing Linux with other operating systems
- •Hardware compatibility
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Installing Linux
- •Final Preparations for Installation
- •Verification
- •Package selection
- •Final hardware verification
- •Pre-installation partitioning planning
- •Installing Linux
- •Text or GUI installation
- •Basic setup of Linux
- •Selecting the machine type
- •Partitioning the hard disk drive
- •Installing a boot manager
- •Creating the Boot Diskette
- •Networking
- •Additional installation information
- •Accounts and passwords
- •Additional packages to install
- •GUI installation
- •Obtaining video card information
- •Configuring the X windows system
- •Selecting the windows manager or desktop environment
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Answers to Assessment Questions
- •Scenarios
- •Alternative to the GUI Installation
- •Command Line installation
- •Install the Linux system
- •Network installations of Linux
- •Review of a Linux Installation
- •Installation media
- •Initial selections
- •Installation type or class
- •Disk partitioning and formatting
- •Installing LILO
- •Network configuration
- •User accounts
- •Authentication methods
- •Package selection and installation
- •A Dual-Boot Installation of Linux
- •Linux with Microsoft Windows
- •Linux with Microsoft Windows NT and 2000
- •Linux and Solaris
- •Linux and other operating systems
- •Installing Additional Software with gzip and tar
- •Installing Additional Software with RPM
- •Removing software with RPM
- •Upgrading software with RPM
- •Query the RPM software
- •Verify the RPM software
- •Verify the package files
- •Upgrading the Kernel
- •Upgrading a Linux Kernel
- •System Log Files
- •The Final Test of the Installation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •What is the X Window System?
- •The X Window System
- •X Client and Server communications
- •X Window Manager
- •Configuring X Window Systems
- •Custom X Window System Programs
- •Manual Configuration of the X Window System
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Basic Network Services
- •TCP/IP Protocol Suite
- •Connection protocols needed
- •Other network protocols
- •Configuring Basic Network Services
- •Host name
- •IP addressing
- •DHCP
- •Netmask
- •Hardware resources
- •Routing and gateways
- •PPP, SLIP and PLIP connections
- •Server Tasks with
- •IP aliases for virtual hosts
- •Apache Web Server
- •Samba File Server
- •Home directories
- •Disk shares
- •Configuring Client Services
- •SMB/CIFS
- •NIS client configuration
- •NFS client configuration
- •Configuring Internet Services
- •Web browser
- •POP and SMTP
- •TFTP
- •SNMP
- •Remote Access
- •Rlogin
- •Telnet
- •OpenSSH
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Adding Hardware
- •Memory
- •Swap
- •Adding a hard drive
- •Video and monitor
- •Printers
- •Configuration files
- •Setting environment variables
- •BASH
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Basic User and Group Administration
- •What are users and groups?
- •Creating users
- •Change user information
- •Deleting users
- •Creating groups
- •Getting Around Linux
- •Navigating Linux
- •Common file and directory commands
- •Setting File and Directory Permissions
- •Mounting and Managing File Systems
- •Mount
- •Umount
- •Mounted file systems
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Multi-User Environment
- •The creation of Virtual Consoles
- •The Linux Terminal Server Project
- •Configurations for remote systems
- •Monitoring remote connections
- •Common Shell Commands
- •Basic shell scripts
- •Caution using root access
- •Navigating the GUI interface
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Runlevels
- •init
- •Shutting down Linux
- •Managing Linux Services
- •Configuring Linux Printing
- •lpd daemon
- •/etc/printcap
- •Printing management
- •Using the vi Editor
- •vi operation modes
- •Editing text files
- •Using the
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Disk and File System Management
- •Repairing Partitions
- •System Automation and Scheduling
- •cron
- •Core Dumps
- •Analyzing core dumps
- •GNU Debugger
- •Managing Networking Interfaces
- •Installing System Packages and Patches
- •Compressed archive
- •Debian Package Installer
- •Slackware Package Installation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Processes
- •Core services versus non-critical services
- •Process administration
- •Process control
- •Monitoring Log Files
- •Maintaining Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Security
- •Securing the Environment
- •Location
- •Environment
- •System Security
- •System/user files
- •Permissions
- •Log auditing
- •Backups
- •Linux Security Best Practices
- •Network security
- •Firewall
- •System security
- •Securing a Web server
- •Securing an FTP server
- •FTP program version
- •FTP configuration files
- •Process security
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Disaster Recovery Planning
- •Types of data
- •Frequency and Scheduling
- •Storage and media types
- •Recovering data
- •Offsite storage
- •Linux Backup Tools and Commands
- •Third party tools
- •Tape devices
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Identifying the Problem
- •Methodology and Best Practices
- •Troubleshooting Resources
- •Documentation resources
- •Internet resources
- •System Log Files
- •Tools for Log Files
- •Output to another file
- •Locating files
- •Process Configuration and Management
- •Stopping, Starting, and Restarting Processes
- •Configuration Files
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Examining the Startup Process
- •Boot process steps
- •Analyzing Boot Process Errors
- •Common Boot Problems
- •Using System Status Tools
- •File System Check
- •System Resource Commands
- •Using the System Boot Disk
- •Types of boot disks
- •Creating a boot disk
- •Creating a rescue/utility disk
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Common User Problems
- •Login problems
- •File and directory permissions
- •Printing problems
- •Mail problems
- •Software Package Problems
- •Package dependencies
- •Software and version conflicts
- •Backup and Restore Errors
- •Backup hardware
- •Backup software
- •File restore errors
- •Application Failures
- •Log files
- •Process and daemon errors
- •Web server errors
- •Telnet
- •Mail services
- •Basic Networking Troubleshooting
- •Networking connectivity
- •Network hardware problems
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Mainboard Components
- •BIOS
- •System memory
- •System Resources
- •I/O addresses
- •Direct memory access
- •Laptop Considerations
- •PCMCIA
- •Linux Peripheral Configuration
- •Installing and Configuring SCSI Devices
- •SCSI definitions
- •SCSI technologies
- •SCSI cabling and termination
- •SCSI device configuration
- •Linux SCSI devices
- •ATA/IDE Devices
- •IDE drive configuration
- •Linux ATA/IDE Drive configuration
- •Linux Support for Other Devices
- •IEEE 1394 (Firewire)
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •What’s on the CD-ROM
- •System Requirements
- •Using the CD with Microsoft Windows
- •Using the CD with Linux
- •Microsoft Windows applications
- •Linux applications
- •Troubleshooting
- •Sample Exam
- •Exam Questions
- •Exam Answers
- •Taking a CompTIA Exam
- •How to register for an exam
- •What to expect at the testing center
- •Your exam results
- •If you don’t receive a passing score
- •About the Linux + Exam
- •Preparing for the Linux+ Exam
- •For More Information
- •Preamble
- •No Warranty
- •Glossary
- •Index
Chapter 4 Installing Linux 103
Figure 4-10: The Red Hat firewall configuration screen
After the appropriate boxes have been checked, the networking portion of the installation is complete and additional information can be entered.
Additional installation information
2.3 Select appropriate parameters for Linux installation (e.g., language, time zones, keyboard, mouse)
At this point in the installation, the system asks for additional languages to be supported. This is a simple screen that allows an installer to select languages to be supported on the system above and beyond the native language that is selected very early in the installation. After this is completed, the system will ask for the installer to select the time zone of the system. This includes a world map, with a red “X” marking the city selected as the physical location of the system. This map is interactive, so if the city to be designated as the location of the system is illuminated by a yellow dot, the installer should simply point and click and the yellow dot will become a red “X” to denote its selection. If the system is going to be set to a UTC, or Universal Coordinated Time, then this option may also be selected at this point. After these additional settings are completed, the system moves to user accounts.
104 Part II Installation
Accounts and passwords
2.9 Select appropriate security settings (e.g., Shadow password, root password, umask value, password limitations and password rules)
2.10 Create users and passwords during installation
To enable users to logon to the system, user accounts and passwords must be created during or after installation. The first password and account that should be created is that of the root user. This is the most powerful account on the system and should only be used when other forms of accounts can’t perform the specific task. The root account is the equivalent of Supervisor or Administrator accounts in other network operating systems. Because the root account is the most powerful account on the system, it is especially important to use good password rules when creating it. Because the account name is already known, a weak password will make the system even easier to break into. Therefore, I highly recommend that you create a very secure password for the root account. Creating secure passwords is an art form. The rules about what to do and what not to do are highly detailed. In fact, entire books have been written on the subject of security, so if you are a system administrator and you want to create the absolute best passwords, use the tools at your disposal. To create a fairly safe password, you need to follow just a few of the most important rules, including:
Use letters, numbers, and special characters
Include at least eight total characters
Don’t use words that can be found in the dictionary
Don’t use dates of significance, such as a birthday or anniversary
Use the string in an unrepeated way
An example of a good password is g0-2b8k! — this meets the minimal length and does not have any pattern. Although it may seem hard to remember, it is the only way to create a password that is more secure than abc-123, which has been used on many systems before. User accounts should also employ these password rules, but most users will want to use passwords that are easier to remember. They can do so by substituting numbers for letters. In this way, a user can create the password !pa55-w0rd, which is much more secure than !pass-word. This may not be the best way to create passwords, but it does create memorable and harder-to-break passwords.
Sometimes the use of password rules ends up defeating the purpose of the passwords in the first place. Be very sure to use password rules that the users can live with. If a rule is too difficult, or if the users have passwords that are difficult to remember, chances are likely that they will write them down. This causes the password to be extremely unsecured. A better method of password security is to create difficult-to-break passwords that are easy for the users to remember. For situations that require more security, you may need to seek hardware solutions to provide the level of security that you want to achieve.
Chapter 4 Installing Linux 105
Figure 4-11 illustrates the root password and the user creation screen that Red Hat Linux uses during installation; other versions of Linux use a similar GUI screen. This utility creates the root password and perhaps a few user accounts — in order to prevent running as root all the time — and uses the asterisk to hide the passwords from prying eyes. After the passwords have been created, the next screen displays the manner in which they are stored, as shown in Figure 4-12.
Figure 4-11: The Red Hat account configuration screen
Figure 4-12 demonstrates that the Enable MD5 Passwords is checked in the screen, thus showing that MD5 encryption is to be used. MD5-based encryption is used to create a 128-bit “fingerprint” of the input. It is more secure than older versions and is recommended unless you have a specific need for backward compatibility with an older encryption method. More details are available in the Request for Comments: 1321 on MD5, available at www.faqs.org/rfcs/rfc1321.html.
The next item to configure is to enable or disable shadow passwords, which is activated by default, and is used to provide another layer of protection to the created passwords. Shadow passwords or Shadow Utilities provide more protection for the system’s authentication files by moving the encrypted passwords (normally found
106 Part II Installation
in /etc/passwd) to /etc/shadow, which is readable only by root. This file includes information about password aging, and prompts for passwords to be changed when they are too old. This feature is activated by default and should remain on for the added features and security that it provides for the system.
Figure 4-12: The Red Hat authentication configuration screen
Network Information Service (NIS) is used to log onto a UNIXor Linux-created domain. NIS is used for support of the NFS and controls access to network shares. This does not improve system security, but can be used to improve network security.
Lightweight Directory Access Protocol (LDAP) is a protocol for accessing online directory services and provides directory services in intranet or extranet systems. It can be used to control access to resources on the network in a way similar to NIS, or even DNS.
Kerberos is an authentication method that uses strong encryption. It is used as a network authentication protocol and uses secret-key cryptography to provide the strong encryption. It is used in the client/server environment to provide clients a