- •About the Author
- •Credits
- •How This Book Is Organized
- •Part I: Linux Basics
- •Part II: Installation
- •Part III: Configuration
- •Part IV: Administration
- •Part V: Maintaining the Linux System
- •How Each Chapter Is Structured
- •How to Use This Book
- •Conventions Used in This Book
- •What is Linux?
- •The origin of UNIX
- •Who started Linux?
- •Understanding Open Source
- •Understanding Closed Source
- •Understanding Artistic License
- •Is Freeware really free?
- •Is Shareware never free?
- •A comparison and contrast of licensing methods
- •The Growth of Linux
- •Linux on a Personal Computer
- •Graphical installation
- •Hardware detection
- •Graphical user interface
- •Linux limitations on the PC
- •Linux succeeds on the PC
- •Linux on workstations
- •Linux on servers
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Linux Kernel
- •Kernel versions
- •Kernel availability
- •Linux Distributions
- •Beehive
- •BlueCat
- •Caldera OpenLinux
- •Debian
- •Corel
- •DragonLinux
- •Elfstone
- •Gentoo
- •Hard Hat Linux
- •KRUD
- •LinuxPPC
- •Mandrake
- •Phat Linux
- •Slackware
- •StormLinux
- •SuSE
- •TurboLinux
- •Yellow Dog Linux
- •Mini and Specialty Distributions
- •Astaro
- •KYZO
- •FlightLinux
- •NetMAX
- •Packages and Packaging Solutions
- •Red Hat Package Manager
- •Debian Package Management System
- •Tarball
- •Linux Resources
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Linux In the Real World
- •Word Processing
- •Spreadsheets and databases
- •Web browsing
- •File transfer
- •More, more, and more applications
- •The Server and DNS
- •A Linux Web server
- •Linux e-mail server
- •File servers
- •Proxy, news, and search servers
- •FTP servers
- •Firewalls
- •Determining Linux Roles and Services
- •Comparing Linux with other operating systems
- •Hardware compatibility
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Assessment Questions
- •Scenarios
- •Installing Linux
- •Final Preparations for Installation
- •Verification
- •Package selection
- •Final hardware verification
- •Pre-installation partitioning planning
- •Installing Linux
- •Text or GUI installation
- •Basic setup of Linux
- •Selecting the machine type
- •Partitioning the hard disk drive
- •Installing a boot manager
- •Creating the Boot Diskette
- •Networking
- •Additional installation information
- •Accounts and passwords
- •Additional packages to install
- •GUI installation
- •Obtaining video card information
- •Configuring the X windows system
- •Selecting the windows manager or desktop environment
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Answers to Assessment Questions
- •Scenarios
- •Alternative to the GUI Installation
- •Command Line installation
- •Install the Linux system
- •Network installations of Linux
- •Review of a Linux Installation
- •Installation media
- •Initial selections
- •Installation type or class
- •Disk partitioning and formatting
- •Installing LILO
- •Network configuration
- •User accounts
- •Authentication methods
- •Package selection and installation
- •A Dual-Boot Installation of Linux
- •Linux with Microsoft Windows
- •Linux with Microsoft Windows NT and 2000
- •Linux and Solaris
- •Linux and other operating systems
- •Installing Additional Software with gzip and tar
- •Installing Additional Software with RPM
- •Removing software with RPM
- •Upgrading software with RPM
- •Query the RPM software
- •Verify the RPM software
- •Verify the package files
- •Upgrading the Kernel
- •Upgrading a Linux Kernel
- •System Log Files
- •The Final Test of the Installation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •What is the X Window System?
- •The X Window System
- •X Client and Server communications
- •X Window Manager
- •Configuring X Window Systems
- •Custom X Window System Programs
- •Manual Configuration of the X Window System
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Basic Network Services
- •TCP/IP Protocol Suite
- •Connection protocols needed
- •Other network protocols
- •Configuring Basic Network Services
- •Host name
- •IP addressing
- •DHCP
- •Netmask
- •Hardware resources
- •Routing and gateways
- •PPP, SLIP and PLIP connections
- •Server Tasks with
- •IP aliases for virtual hosts
- •Apache Web Server
- •Samba File Server
- •Home directories
- •Disk shares
- •Configuring Client Services
- •SMB/CIFS
- •NIS client configuration
- •NFS client configuration
- •Configuring Internet Services
- •Web browser
- •POP and SMTP
- •TFTP
- •SNMP
- •Remote Access
- •Rlogin
- •Telnet
- •OpenSSH
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Adding Hardware
- •Memory
- •Swap
- •Adding a hard drive
- •Video and monitor
- •Printers
- •Configuration files
- •Setting environment variables
- •BASH
- •Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Basic User and Group Administration
- •What are users and groups?
- •Creating users
- •Change user information
- •Deleting users
- •Creating groups
- •Getting Around Linux
- •Navigating Linux
- •Common file and directory commands
- •Setting File and Directory Permissions
- •Mounting and Managing File Systems
- •Mount
- •Umount
- •Mounted file systems
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Multi-User Environment
- •The creation of Virtual Consoles
- •The Linux Terminal Server Project
- •Configurations for remote systems
- •Monitoring remote connections
- •Common Shell Commands
- •Basic shell scripts
- •Caution using root access
- •Navigating the GUI interface
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Runlevels
- •init
- •Shutting down Linux
- •Managing Linux Services
- •Configuring Linux Printing
- •lpd daemon
- •/etc/printcap
- •Printing management
- •Using the vi Editor
- •vi operation modes
- •Editing text files
- •Using the
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Disk and File System Management
- •Repairing Partitions
- •System Automation and Scheduling
- •cron
- •Core Dumps
- •Analyzing core dumps
- •GNU Debugger
- •Managing Networking Interfaces
- •Installing System Packages and Patches
- •Compressed archive
- •Debian Package Installer
- •Slackware Package Installation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Processes
- •Core services versus non-critical services
- •Process administration
- •Process control
- •Monitoring Log Files
- •Maintaining Documentation
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Linux Security
- •Securing the Environment
- •Location
- •Environment
- •System Security
- •System/user files
- •Permissions
- •Log auditing
- •Backups
- •Linux Security Best Practices
- •Network security
- •Firewall
- •System security
- •Securing a Web server
- •Securing an FTP server
- •FTP program version
- •FTP configuration files
- •Process security
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Disaster Recovery Planning
- •Types of data
- •Frequency and Scheduling
- •Storage and media types
- •Recovering data
- •Offsite storage
- •Linux Backup Tools and Commands
- •Third party tools
- •Tape devices
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Identifying the Problem
- •Methodology and Best Practices
- •Troubleshooting Resources
- •Documentation resources
- •Internet resources
- •System Log Files
- •Tools for Log Files
- •Output to another file
- •Locating files
- •Process Configuration and Management
- •Stopping, Starting, and Restarting Processes
- •Configuration Files
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Examining the Startup Process
- •Boot process steps
- •Analyzing Boot Process Errors
- •Common Boot Problems
- •Using System Status Tools
- •File System Check
- •System Resource Commands
- •Using the System Boot Disk
- •Types of boot disks
- •Creating a boot disk
- •Creating a rescue/utility disk
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Common User Problems
- •Login problems
- •File and directory permissions
- •Printing problems
- •Mail problems
- •Software Package Problems
- •Package dependencies
- •Software and version conflicts
- •Backup and Restore Errors
- •Backup hardware
- •Backup software
- •File restore errors
- •Application Failures
- •Log files
- •Process and daemon errors
- •Web server errors
- •Telnet
- •Mail services
- •Basic Networking Troubleshooting
- •Networking connectivity
- •Network hardware problems
- •Summary
- •Assessment Questions
- •Scenarios
- •Lab Exercises
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •Mainboard Components
- •BIOS
- •System memory
- •System Resources
- •I/O addresses
- •Direct memory access
- •Laptop Considerations
- •PCMCIA
- •Linux Peripheral Configuration
- •Installing and Configuring SCSI Devices
- •SCSI definitions
- •SCSI technologies
- •SCSI cabling and termination
- •SCSI device configuration
- •Linux SCSI devices
- •ATA/IDE Devices
- •IDE drive configuration
- •Linux ATA/IDE Drive configuration
- •Linux Support for Other Devices
- •IEEE 1394 (Firewire)
- •Summary
- •Assessment Questions
- •Scenarios
- •Answers to Chapter Questions
- •Chapter Pre-test
- •Assessment Questions
- •Scenarios
- •What’s on the CD-ROM
- •System Requirements
- •Using the CD with Microsoft Windows
- •Using the CD with Linux
- •Microsoft Windows applications
- •Linux applications
- •Troubleshooting
- •Sample Exam
- •Exam Questions
- •Exam Answers
- •Taking a CompTIA Exam
- •How to register for an exam
- •What to expect at the testing center
- •Your exam results
- •If you don’t receive a passing score
- •About the Linux + Exam
- •Preparing for the Linux+ Exam
- •For More Information
- •Preamble
- •No Warranty
- •Glossary
- •Index
Chapter 7 Configuring Networking 245
TFTP
The commands that are used to transfer files between hosts using the Trivial File Transfer Protocol (TFTP) are tftp and utftp. This is the UDP or “best effort delivery” for downloading files. It does not provide all the tools of FTP but does provide the following switches and commands:
ascii
binary
connect
get
mode
put
quit
-w or -p Writes
-r or -g or -o Reads
A tftp command may look like this:
tftp server1
SNMP
The Simple Network Management Protocol (SNMP) is used to perform network management and the monitoring of network devices and their functions. Each device or client system running SNMP contains an information database which contains specific hardware, software and diagnostic information that can be relayed to an inquiring host. The specific service that runs SNMP on your Linux system is snmpd.
The full topic of SNMP is out of the scope of this book, but for the exam, know the purpose of the protocol.
Remote Access
3.15 Configure access rights (e.g., rlogin NIS, FTP, TFTP, SSH, Telnet)
One of the primary uses of Linux is to provide remote access to devices and other systems. A variety of utilities provide remote access; the most common utilities are rlogin, telnet, and SSH. These utilities allow a system to connect to a remote system and perform tasks as if they were actually physically located at the remote system. These programs must be active on both the local and remote system. This
246 Part III Configuration
requires a daemon to be running for the server host side. This daemon may be started manually for one-time access or at boot-up to provide remote access on a continual basis. You should realize that by providing remote access to a system, increases the security risk for that system for unauthorized access. To reduce the risk of unsecured remote access, I recommend that you use the most secure access methods as often as possible.
Rlogin
Remote login (rlogin) is a utility that allows an authorized user to log in to other Linux or UNIX machines on a network and perform tasks as if the user were physically located at the remote (often called the host) computer. The rlogin program uses the terminal type description from the local system and uses it on the remote system. The rlogin program uses rhost authorization method to provide security. The rhost authorization uses the combination of the hosts.equiv and .rhosts files to authenticate users. These files are used to list hosts and users, which are allowed by the local system (the system being accessed) to make a connection via rlogin and SSH. These files use the format of hostname [username]. The hostname uses the FQDN or address, +@netgroup, or the + wildcard, which allow all hosts for this field. The username may use the user name on the remote system, the +@netgroup, or the + wildcard, which allows all users for this field or have no entry at all. To create a connection to a system with rlogin, use the command switches in Table 7-5.
Table 7-5
rlogin Client Switches
Switch |
Description |
Example |
|
|
|
-D |
This enables socket debugging on the TCP sockets |
-D |
|
used for communication. |
|
|
|
|
-E |
Used to stop any character from being recognized |
-E |
|
as an escape character. |
|
|
|
|
-e |
Used to specify the character to be used as the |
-e character |
|
escape character. |
|
|
|
|
-l |
Used to specify an alternate user name for the |
-l username |
|
remote login. |
|
|
|
|
-t |
Used to change from the default terminal type, ansi, |
-t dumb or ansi |
|
and use the only other available terminal type, dumb. |
|
|
|
|
-8 |
The -8 option allows an eight-bit input data path at |
-8 |
|
all times. |
|
|
|
|
-K |
This turns off all Kerberos authentication if available. |
-K |
|
|
|
-L |
Used to allow the rlogin session to be run in litout |
-L |
|
mode, see tty4 for more information. |
|
Chapter 7 Configuring Networking 247
Switch |
Description |
Example |
|
|
|
-k |
This requests rlogin to obtain tickets for the . |
-k |
|
remote host-in-realm realm instead of the remote |
|
|
host’s realm as determined by krb_realmofhost |
|
|
|
|
-x |
The -x option turns on DES encryption for all data |
-x |
|
passed via the rlogin session. |
|
|
|
|
The rlogin command is not much use without the server side service running on the remote system. To provide this feature, the rlogin program requires the rlogind. The rlogind daemon is the server for rlogin and provides the authentication for connections. The server checks the remote system’s source TCP/IP port and if it isn’t in the range 512-1023, the server aborts the connection. Then the server checks the remote system source address and hostname. After this is completed, authentication takes place. The rlogind daemon is usually located at /usr/sbin/rlogind and is normally started with the inetd. Luckily, the rlogind daemon is started by the inetd by default. The inetd daemon listens for connections on certain Internet sockets in the /etc/inetd.conf and initiates the appropriate daemon.
The rlogin command and rlogind daemon are used to provide remote access to a system, however it has some issues with security, as some earlier versions allowed root access by mistake. Also, rlogin can only be used to connect UNIX, UNIX-like, and Microsoft systems.
Telnet
Telnet is used to communicate with another host by using the Telnet protocol. Telnet provides a standard method for terminal devices and terminal-oriented processes to interface. Telnet is commonly used by terminal emulation to connect to remote systems, which allows the connection to routers, switches, hubs, and printers. However, telnet can also be used for terminal-to-terminal communication.
To telnet to a host, server1 for example, simply enter the command:
telnet server1
You will then connect and should display a login prompt for you to authenticate with the system.
Telnet requires the telnetd daemon to connect to remote systems. The telnetd daemon is started by default by inetd, but telnetd must be enabled in the /etc/inetd.conf file. The inetd daemon listens for telnet information on port 23. When detected, it then activates the telnetd daemon and passes this traffic on.
248 Part III Configuration
Telnet can be used to provide remote access to many systems but not as secure as telnet sends passwords as clear text.
OpenSSH
The OpenSSH suite includes the secure shell (SSH) program, which replaces rlogin and telnet. The suite also has secure copy (SCP), which replaces rcp, and sftp, and ftp. Also included is sshd, which is the server side of the package, and the other basic utilities, such as ssh-add, ssh-agent, ssh-keygen, and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. OpenSSH is available at www.openssh.com and is a free version of SSH. The following distributions currently support OpenSSH:
OpenBSD
Debian Linux
FreeBSD
Suse Linux
Redhat Linux
Mandrake Linux
BSDi BSD/OS
NetBSD
Computone
Conectiva Linux
Slackware Linux
Stallion
Cygwin
e-smith server and gateway
Engarde Linux
SSH obtains configuration data from the following sources (in this order):
Command line options
Users configuration file ($HOME/.ssh/config)
System-wide configuration file (/etc/ssh_config)
For each parameter, the first obtained value is used. The SSH client provides for connectivity to remote systems and uses the commands shown in Table 7-6.
Chapter 7 Configuring Networking 249
|
Table 7-6 |
|
SSH SWITCHES |
|
|
Switches |
Description |
|
|
-a |
Disables forwarding of the authentication agent connection. |
|
|
-A |
Enables forwarding of the authentication agent connection. |
|
|
-b bind_address |
Specifies the interface to transmit from machines with multiple |
|
interfaces or alias address. |
|
|
-c blowfish|3des |
Selects the cipher to use for encrypting the session. 3des is used |
|
by default. It is believed to be secure and is presumably more |
|
secure than the des cipher. |
|
|
-c cipher_spec |
For protocol version 2 a comma-separated list of ciphers can be |
|
specified in order of preference. |
|
|
-e ch|^ch|none |
Sets the escape character for sessions with a pty. |
|
|
-f |
Requests ssh to go to background just before command |
|
execution. This is useful if ssh is going to ask for passwords or |
|
pass-phrases, but the user wants it in the background. |
|
|
-g |
Allows remote hosts to connect to local forwarded ports. |
|
|
-i identity_file |
Selects the file from which the identity (private key) for RSA or |
|
DSA authentication is read. Default is $HOME/.ssh/identity in the |
|
user’s home directory. |
|
|
-k |
Disables forwarding of Kerberos tickets and AFS tokens. |
|
|
-l login_name |
Specifies the user to log in as on the remote machine. |
|
|
-m mac_spec |
For protocol version 2 a comma-separated list of MAC (message |
|
authentication code) algorithms can be specified in order of |
|
preference. |
|
|
-n |
This must be used when ssh is run in the background. A common |
|
trick is to use this to run X11 programs on a remote machine. |
|
|
-N |
Do not execute a remote command. |
|
|
-o option |
Can be used to give options in the format used in the config file. |
|
This is useful for specifying options for which there is no separate |
|
command-line flag. |
|
|
-p port |
Port to connect to on the remote host. |
|
|
-P |
Use a non-privileged port for outgoing connections. This can be |
|
used if your firewall does not permit connections from privileged |
|
ports. |
|
|
Continued
250 Part III Configuration
|
Table 7-6 (continued) |
|
|
Switches |
Description |
|
|
-q |
Quiet mode. Causes all warning and diagnostic messages to be |
|
suppressed. Only fatal errors are displayed. |
|
|
-s |
May be used to request invocation of a subsystem on the remote |
|
system. |
|
|
-t |
Force pseudo-tty allocation. This can be used to execute arbitrary |
|
screen-based programs on a remote machine, which can be very |
|
useful when implementing menu services. |
|
|
-T |
Disable pseudo-tty allocation. |
|
|
-v |
Verbose mode. Causes ssh to print debugging messages about its |
|
progress. |
|
|
-x |
Disables X11 forwarding. |
|
|
-X |
Enables X11 forwarding. |
|
|
-C |
Requests compression of all data (including stdin, stdout, stderr, |
|
and data for forwarded X11 and TCP/IP connections). |
|
|
-t |
Multiple -t options force tty allocation, even if ssh has no local tty. |
|
|
-L port:host:hostport |
Specifies that the given port on the local host is to be forwarded |
|
to the given host and port on the remote side. |
|
|
-R port:host:hostport |
Specifies that the given port on the remote host is to be |
|
forwarded to the given host and port on the local side. |
|
|
-1 |
Forces ssh to try protocol version 1 only. |
|
|
-2 |
Forces ssh to try protocol version 2 only. |
|
|
-4 |
Forces ssh to use IPv4 addresses only. |
|
|
-6 |
Forces ssh to use IPv6 addresses only. |
|
|
A standard SSH command may appear: ssh [-l login_name] [hostname | user@hostname] [command]
SSH requires the sshd daemon to connect to remote systems. It is normally started at boot from /etc/rc and uses a couple of protocol versions that provide varying security.
SSH protocol version 1: Each host has a host-specific RSA key (normally 1024 bits) used to identify the host. Additionally, when the daemon starts, it generates a server RSA key (normally 768 bits). This key is normally regenerated every hour if it has been used, and is never stored on disk.