Red Hat

(1)

® ®

P R E S S

Red Hat L inux Networking and System Administration

Linux Solutions from the Experts at Red Hat

S E C U R I T Y T O O L S INCLUDED ON CD-ROM

C o l l i n g s

& W a l l KURT WALLhas worked with Linux and Unix for nine years and is the

author of several other books, including Red Hat Linux 7.2 Weekend Crash Course and Linux Programming by Example.

TERRY COLLINGSis the Instructional Technologist at Muhlenberg College in Pennsylvania, where he is responsible for developing smart classroom technologies. He is also the coauthor of the Linux Bible.

■ Plan your network, install Red Hat Linux, and get a handle on the file

system and configuration files

■ Configure TCP/IP networking, the Network File System, and the Net-

work Information System

■ Set up print services and connections to Windows and Macintosh clients

■Monitor performance, administer users and groups, back up and restore the file system, and install or upgrade software packages

■ Design a security plan, implement local security, set up firewalls and proxy servers, and combat system intrusions

■ Troubleshoot file system, networking, printing, and e-mail problems basics—network planning and Red Hat installation and configuration.

They then show you in detail how to set up network and Internet services, from establishing a network file system to configuring mail services. Eight chapters give you the lowdown on customizing the kernel, automating tasks with scripting, performing backups, and more—the nuts-and-bolts maintenance information you need to keep your system running smoothly.

And last but not least, the authors provide nearly 100 pages of proven strategies and tips for maintaining system security.

Complete with utilities and code on CD-ROM, this official Red Hat Linux guide is the one resource you need for a secure, high-performance Linux network.

9 780764 536328

5 5 9 9 9

ISBN 0-7645-3632-X

7 85555 09538 0

Proven Red Hat Linux Networking and Administration Solutions

C D - R O M I N C L U D E S

Code, scripts, and ex- amples from the book Linux networking and administration tools, including Ethereal, logcheck, NET-SNMP, N m a p, P o r t s e n t r y, Tripwire and SAINT t r i a l v e r s i o n

P l u s a s e a r c h a b l e e-version of the book

Reviewed by the Experts at Red Hat

$59.99 USA

$89.99 Canada

£44.99 UK incl.VAT Shelving Category

Networking Reader Level Intermediate to

Advanced

www.redhat.com www.hungryminds.com

Cover design by Michael J. Freeland Cover photo © Hulton Getty

®®

™

T e r r y C o l l i n g s & K u r t W a l l

ON T HE C D - RO M SECURI TY TO O L S I N

C LU DE

D

(2)

Red Hat

^®

Linux

^®

Networking

and System Administration

(3)

(4)

Red Hat ^® Linux ^® Networking and System

Administration

Terry Collings and Kurt Wall

M&T Books

An imprint of Hungry Minds, Inc.

Best-Selling Books ^●Digital Downloads ^●e-Books ^●Answer Networks e-Newsletters ^●Branded Web Sites ^●e-Learning

New York, NY ^●Cleveland, OH ^●Indianapolis, IN

(5)

Red Hat® Linux® Networking and System Administration Published by

Hungry Minds, Inc.

909 Third Avenue New York, NY 10022 www.hungryminds.com

Copyright © 2002 Hungry Minds, Inc. All rights reserved. No part of this book, including interior design, cover design, and icons, may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording, or otherwise) without the prior written permission of the publisher.

Library of Congress Control Number: 2001093591 ISBN: 0-7645-3632-X

Printed in the United States of America 10 9 8 7 6 5 4 3 2 1

1O/RT/QT/QS/IN

Distributed in the United States by Hungry Minds, Inc.

Distributed by CDG Books Canada Inc. for Canada; by Transworld Publishers Limited in the United Kingdom; by IDG Norge Books for Norway; by IDG Sweden Books for Sweden; by IDG Books Australia Publishing Corporation Pty. Ltd.

for Australia and New Zealand; by TransQuest Publishers Pte Ltd. for Singapore, Malaysia, Thailand, Indonesia, and Hong Kong; by Gotop Information Inc. for Taiwan; by ICG Muse, Inc. for Japan; by Intersoft for South Africa; by Eyrolles for France; by International Thomson Publishing for Germany, Austria, and Switzerland; by Distribuidora Cuspide for Argentina; by LR International for Brazil; by Galileo Libros for Chile; by Ediciones ZETA S.C.R. Ltda. for Peru; by WS Computer Publishing Corporation, Inc., for the Philippines; by Contemporanea de Ediciones for Venezuela; by Express Computer Distributors for the Caribbean and West Indies; by Micronesia Media Distributor, Inc.

for Micronesia; by Chips Computadoras S.A. de C.V. for Mexico; by Editorial Norma de Panama S.A. for Panama; by American Bookshops for Finland.

For general information on Hungry Minds’ products and services please contact our Customer Care department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993 or fax 317-572-4002.

For sales inquiries and reseller information, including discounts, premium and bulk quantity sales, and foreign- language translations, please contact our Customer Care department at 800-434-3422, fax 317-572-4002 or write to Hungry Minds, Inc., Attn: Customer Care Department, 10475 Crosspoint Boulevard, Indianapolis, IN 46256.

For information on licensing foreign or domestic rights, please contact our Sub-Rights Customer Care department at 212-884-5000.

For information on using Hungry Minds’ products and services in the classroom or for ordering examination copies, please contact our Educational Sales department at 800-434-2086 or fax 317-572-4005.

For press review copies, author interviews, or other publicity information, please contact our Public Relations department at 650-653-7000 or fax 650-653-7500.

For authorization to photocopy items for corporate, personal, or educational use, please contact Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, or fax 978-750-4470.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND AUTHOR HAVE USED THEIR BEST EFFORTS IN PREPARING THIS BOOK. THE PUBLISHER AND AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS BOOK AND SPECIFICALLY DISCLAIM ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. THERE ARE NO WARRANTIES WHICH EXTEND BEYOND THE DESCRIPTIONS CONTAINED IN THIS PARAGRAPH. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES REPRESENTATIVES OR WRITTEN SALES MATERIALS. THE ACCURACY AND COMPLETENESS OF THE INFORMATION PROVIDED HEREIN AND THE OPINIONS STATED HEREIN ARE NOT GUARANTEED OR WARRANTED TO PRODUCE ANY PARTICULAR RESULTS, AND THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY INDIVIDUAL. NEITHER THE PUBLISHER NOR AUTHOR SHALL BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES.

Trademarks:Hungry Minds and the Hungry Minds logo are trademarks or registered trademarks of Hungry Minds.

Red Hat, Red Hat Press, and the Red Hat Press logo are trademarks or registered trademarks of Red Hat, Inc. Linux is a trademark or registered trademark of Linus Torvalds. All other trademarks are property of their respective owners.

Hungry Minds, Inc., is not associated with any product or vendor mentioned in this book.

is a trademark of Hungry Minds, Inc. is a trademark of Hungry Minds, Inc.

(6)

About the Authors

Terry Collings has been working in the computer field since 1981 and has experience in all types of operating systems and their associated hardware. He has industry certifications in Novell, TCP/IP, MS Windows, and Unix. Terry’s full-time job is at Muhlenberg College in Allentown, PA, where he is the school’s Instructional Technologist. His main function in this position is assisting faculty in the use of computer technology to augment their classroom presentations. He is also the system administrator for the school’s online course content management software. Terry also teaches a wide range of computer and technology-related courses in the evenings at Allentown Business School. Terry has been a technical editor for several Hungry Minds, Inc., books and is the co-author of the Linux Bible.

He can be reached at [email protected].

Kurt Wall first touched a computer in 1980 when he learned FORTRAN on an IBM mainframe of forgotten vintage; things have only gotten better since then.

These days, Kurt is a full-time Linux and Unix author, editor, consultant, and programmer. He has written five books about Linux and Unix programming and system administration, is working on his sixth, and is the technical editor for over a dozen other Linux- and Unix-related titles. Currently, Kurt works from his home in Indianapolis. He can be reached via e-mail at [email protected].

(7)

Credits

CONTRIBUTING WRITERS Viktorie Navratilova Dennis Powell Brandon Wiley ACQUISITIONS EDITOR

Terri Varveris PROJECT EDITOR

Martin V. Minner TECHNICAL EDITORS

Joel Lee Matt Hayden Sandra Moore COPY EDITOR

Marti Paul

RED HAT PRESS LIAISON Lorien Golaski, Red Hat Communications Manager PROJECT COORDINATOR

Dale White

GRAPHICS AND PRODUCTION SPECIALISTS

Beth Brooks Sean Decker Melanie DesJardins Jeremey Unger

QUALITY CONTROL TECHNICIANS Laura Albert

Luisa Perez Carl Pierce Marianne Santy

SENIOR PERMISSIONS EDITOR Carmen Krikorian

MEDIA DEVELOPMENT SPECIALIST Greg Stephens

MEDIA DEVELOPMENT COORDINATOR Marisa Pearman

COVER DESIGN Michael Freeland COVER PHOTO

Hulton Getty

PROOFREADING AND INDEXING TECHBOOKS Production Services

(8)

This book is dedicated to the victims and heroes of September 11, 2001.

(9)

(10)

Preface

Red Hat Linux is the most popular distribution of Linux currently in use. Red Hat Linux has shown itself to be a robust, reliable operating system that can run on a variety of hardware, from personal computers to large mainframes. Linux in general, and Red Hat Linux in particular, is a very powerful operating system that can be used at the enterprise level as a full-fledged server, as well as at the workstation level for typical user applications. For those of us dissatisfied with the reliability of other com- mercially available operating systems, Red Hat Linux is a pleasant alternative.

How This Book Is Organized

This book is divided into five parts. Each part covers a specific area of functionality in a typical Red Hat Linux system.

Part I — Red Hat Linux System and Network Administration Defined

This part describes the duties of a system administrator. Chapter 1 explains some of the more common tasks, such as installing servers and application software, managing user accounts, and backing up and restoring files. Many more topics are covered in this chapter. Chapter 2 details the steps involved in planning and building a network and planning for security and disaster recovery. Chapter 3 takes you through the steps required to install Red Hat Linux on a local system as well as on a remote system. Chapter 4 gives an explanation of the Red Hat Linux file system and storage devices. Chapter 5, the last chapter in Part I, lists the system and network configuration files and their uses.

Part II — Red Hat Linux Network Services

This part of the book is where you learn about the networking services available in Red Hat Linux. Chapter 6 gives an explanation of the TCP/IP protocol suite and how to configure it on your system. Chapter 7 tells how to configure the Network File System (NFS) for sharing files with other Linux or Unix computers on your network. Chapter 8 provides a description of the Network Information System (NIS) as well as configuration instructions. If you have computers running Microsoft operating systems, Chapter 9 is where you find instructions for connecting your Red Hat Linux network to the Windows network. The final chapter in this part, Chapter 10, tells you how to connect your Red Hat Linux network to computers running the Apple operating system.

ix

(11)

Part III — Red Hat Linux Internet Services

Internet services are somewhat different from network services used on an internal network. Chapter 11 begins this part by explaining Internet services, and includes a discussion of the xinetd and TCP wrappers configuration files.A fundamental part of using the Internet is the ability to enter a domain name and have it converted into an IP number that is the actual address of a computer. The name-to-number conver- sion is done by the Domain Name System (DNS), which is covered in Chapter 12.

Chapter 13 describes the File Transfer Protocol (FTP) and gives installation and configuration instructions. Sending and receiving e-mail has become so common that it’s hard to remember the time before we had it. Chapter 14 explains mail services and its configuration. Last, but not least, you find an explanation of setting up a Web server. Chapter 15 covers Apache, one of the most popular Web servers in use.

Part IV — Red Hat Linux System Maintenance

The goal of this part of the book is to provide a fundamental understanding of the tasks required to maintain your system and ensure that it runs optimally. Chapter 16 explains the Red Hat Network, a service available from Red Hat that you can use to keep your system current. You can register your systems with Red Hat and then receive notifications of updated or new software that can be installed. Chapter 17 discusses upgrading and customizing the kernel for your specific needs. Chapter 18 tells you how to use the command line to perform all of your system administrative tasks. If you want to use scripts to automate some of your work, Chapter 19 is where you find out how to do it. Chapter 20 deals with monitoring the performance of your system. Creating users and groups is a basic part of system maintenance, and Chapter 21 describes this process. Chapter 22 details the steps necessary to back up your file system and use the backups to restore your system. The final chapter in this part, Chapter 23, gives instructions on installing and upgrading software packages.

Part V — Security and Problem Solving

A critical area of concern for system administrators is maintaining a secure system.

Most of the chapters in this part deal with security, beginning with Chapter 24, which covers security basics. Chapter 25 addresses local, or host-based, security. In Chapter 26 you find an explanation of firewalls and Internet security and the risks you may encounter from outside connections. Chapter 27 looks at ways to monitor a Red Hat Linux system for attempted, potential, and actual security compromises using the tools available in a standard Red Hat Linux installation. The last chapter in this part, Chapter 28, lists problems you may encounter during normal operation of your system and the steps to take to solve the problems discussed.

(12)

How to Use This Book

Our intention for this book is to cover the Red Hat Linux operating system in enough detail to provide the answers that you need. The book is divided into the parts previously discussed to make it easy for you to go to the specific part for the topic you need to learn about. You can use the book as a reference for whatever you need to know about a particular topic.

Using this book’s icons

Watch for the following margin icons to help you get the most out of this book:

Tips provide special information or advice.

Caution icons warn you of a potential problem or error.

This icon directs you to related information in another section or chapter.

A Note highlights an area of interest or special concern related to the topic.

This icon points you toward related material on the book’s CD-ROM.

(13)

Conventions

This book uses the following conventions for explanations of how to do things on your computer:

◆ Italic typeintroduces new technical terms. It also indicates replaceable arguments that you should substitute with actual values — the context makes clear the distinction between new terms and replaceable arguments.

◆ Bold typeshows a command you type in.

◆ Monospaced textdistinguishes commands, options, and arguments from surrounding explanatory content.

◆ Keys to press in combination are shown like this example: Ctrl+Alt+Delete means to press all three keys at the same time.

◆ The term clickmeans to press the left mouse button once. Double-click means to press the left button twice in quick succession. Right clickmeans to press the right mouse button once. Dragmeans to hold down the left mouse button and move the mouse while holding down the button.

(14)

Terry Collings’s

Acknowledgments

Until I started writing books, I never realized how many people are involved with producing a book like this and how much work they do. The first person I want to thank is my coauthor, Kurt Wall. Kurt is the reason I became involved with working on Linux books when I was asked to technical edit a Linux book several years ago.

Since then, Kurt and I have collaborated on other projects, most recently this book.

I also want to acknowledge the hard work of Viktorie Navratilova, Dennis Powell, and Brandon Wiley who stepped in and wrote several chapters for me when I was out with a medical problem. Their help was a significant contribution to the completion of this book.

A special thank-you goes out to Terri Varveris, my acquisitions editor at Hungry Minds. Terri is a wonderful person to work with and is one of the nicest people I have ever known. She is also responsible for choosing our project editor, Marty Minner. Marty is very organized and he makes sure we do our jobs, but in a nice way that makes him a pleasure to work with. Finally, thanks to our copy editor, technical editors, and production staff at Hungry Minds for their efforts in ensuring that our work is technically accurate as well as grammatically correct and properly presented.

Finally, I would like to thank my wife Nancy for all her support and encourage- ment. She is my true inspiration.

xiii

(15)

Kurt Wall’s

Acknowledgments

Like Terry, I appreciate the work of Viktorie, Dennis, and Brandon in helping Terry and me complete this book when Terry became ill. Thanks to Terri Varveris for giving me the chance to write about Linux, something I truly enjoy doing — Terri, let’s do this again. Here’s a vigorous nod to Marty Minner, who deftly managed the day-to-day details of converting raw manuscript into a finished book — every author should have such a capable, patient, and witty project editor. Kudos as well to the rest of the team at Hungry Minds who labored to make this book a reality.

I would be remiss if I failed to thank Terry Collings for inviting me to participate in this book — he may yet decide that I didn’t do him any favors by getting him involved in writing books. I look forward to another opportunity to work with him.

I would like to extend my deepest thanks to and appreciation of the mission and members of Mount Tabor Lutheran Church in Salt Lake City — their service and example kept me going in dark, trying times.

(16)

Contents at a Glance

Preface . . . ix

Acknowledgements . . . xiii

Part I Red Hat Linux System and Network Administration Defined Chapter 1 Duties of the System Administrator . . . 3

Chapter 2 Planning the Network . . . 13

Chapter 3 Installing Red Hat Linux . . . 27

Chapter 4 Red Hat Linux File System . . . 71

Chapter 5 Red Hat System Configuration Files . . . 93

Part II Red Hat Linux Network Services Chapter 6 TCP/IP Networking . . . 123

Chapter 7 The Network File System . . . 153

Chapter 8 The Network Information System . . . 185

Chapter 9 Connecting to Microsoft Networks . . . 209

Chapter 10 Connecting to Apple Networks . . . 235

Part III Red Hat Linux Internet Services Chapter 11 What are Internet Services? . . . 253

Chapter 12 The Domain Name System . . . 271

Chapter 13 Configuring FTP Services . . . 301

Chapter 14 Configuring Mail Services . . . 335

Chapter 15 Configuring a Web Server . . . 365

Part IV Red Hat Linux System Maintenance Chapter 16 Using the Red Hat Network . . . 403

Chapter 17 Upgrading and Customizing the Kernel . . . 419

Chapter 18 Configuring the System on the Command Line . . . 463

Chapter 19 Using Scripts to Automate Tasks . . . 503

Chapter 20 Performance Monitoring . . . 551

Chapter 21 Administering Users and Groups . . . 575

Chapter 22 Backing up and Restoring the File System . . . 615

Chapter 23 Installing and Upgrading Software Packages . . . . 643

xv

(17)

Part V Security and Problem Solving

Chapter 24 Security Basics . . . 685

Chapter 25 Implementing Local Security . . . 705

Chapter 26 Firewalls and Internet Security . . . 731

Chapter 27 Detecting Intrusions . . . 749

Chapter 28 Troubleshooting and Problem Solving . . . 767

Appendix: What’s on the CD-ROM? . . . 787

Index . . . 791

End-User License Agreement . . . 847

(18)

Examining NFS Security . . . 181 General NFS security issues . . . 181 Server security considerations . . . 183 Client security considerations . . . 183 Summary . . . 184 Chapter 8 The Network Information System . . . 185 Understanding NIS . . . 185 Configuring an NIS Server . . . 189 Key files and commands . . . 190 Setting the NIS domain name . . . 190 Configuring and starting the server daemon . . . 191 Initializing the NIS maps . . . 193 Starting the NIS password daemon . . . 194 Starting the server transfer daemon . . . 195 Starting the NIS servers at boot time . . . 195 Configuring an example NIS server . . . 197 Configuring an NIS Client . . . 199 Setting the NIS domain name . . . 199 Configuring and starting the client daemon . . . 199 Configuring the client startup files . . . 204 Key NIS client files and commands . . . 205 Testing your NIS configuration . . . 206 Configuring an example NIS client . . . 207 Strengthening NIS Security . . . 208 Summary . . . 208 Chapter 9 Connecting to Microsoft Networks . . . 209 Installing Samba . . . 209 Configuring the Samba Server . . . 211 [global] . . . 212 [homes] . . . 213 [printers] . . . 213 [nancy] . . . 214 Using SWAT . . . 214 Configuring the Samba Client . . . 222 Using a Windows Printer from the Linux Computer . . . 230 Testing the Samba Server . . . 232 Summary . . . 233 Chapter 10 Connecting to Apple Networks . . . 235 Understanding AppleTalk . . . 235 AppleTalk addressing . . . 235 Apple zones . . . 236 Installing the AppleTalk Software . . . 236 The AppleTalk DDP kernel module . . . 236 Installing Netatalk . . . 237 Configuring /etc/services . . . 237 Configuring Netatalk . . . 238

(23)

Configuring the Daemons . . . 239 Configuring atalkd . . . 239 Configuring AppleTalk Interfaces . . . 239 Additional configuration . . . 241 Configuring AppleTalk file sharing . . . 242 Setting up AFP Accounts . . . 244 Configuring AFS to work with AppleTalk . . . 244 Configuring AppleTalk printer sharing . . . 244 Configuring Red Hat as an AppleTalk Client . . . 246 Accessing Apple printers . . . 246 Finding the printer’s zone . . . 246 Summary . . . 249

Part III Red Hat Linux Internet Services

Chapter 11 What are Internet Services? . . . 253 Secure Services . . . 254 ssh . . . 254 scp . . . 255 sftp . . . 256 Less Secure Services . . . 256 telnet . . . 256 ftp . . . 256 rsync . . . 257 rsh . . . 257 rlogin . . . 257 finger . . . 257 talk and ntalk . . . 258 Using Your Linux Machine as a Server . . . 258 http . . . 258 sshd . . . 258 ftpd . . . 259 dns . . . 259 The Inetd Server . . . 259 Xinetd . . . 262 Inetd and Xinetd vs. Stand-Alone . . . 264 Inetd- or xinetd-started services . . . 265 Stand-alone services . . . 266 Linux Firewall Packages . . . 267 tcp-wrappers . . . 267 ipchains . . . 268 Summary . . . 269 Chapter 12 The Domain Name System . . . 271 Understanding DNS . . . 271 Installing the Software . . . 274 Understanding Types of Domain Servers . . . 275

(24)

Examining Server Configuration Files . . . 277 The named.conf file . . . 278 Options . . . 278 The named.ca file . . . 286 The named.local file . . . 286 Zone files . . . 287 The reverse zone file . . . 289 Configuring a Caching Server . . . 290 Configuring a Slave Server . . . 292 Configuring a Master Server . . . 293 Using DNS Tools . . . 296 Summary . . . 300 Chapter 13 Configuring FTP Services . . . 301 What FTP Software is Available? . . . 301 Red Hat Linux’s choice: WU-FTPD . . . 302 Alternative FTP servers . . . 302 Installing WU-FTPD . . . 303 Installing the binary RPM . . . 304 Installing and building the source RPM . . . 304 Installing and building the source distribution . . . 304 Installing the anonftp package . . . 306 Configuring the Server . . . 307 Configuring user and host access . . . 308 Configuring ftpd . . . 310 The enhanced /etc/ftpaccess file . . . 320 Administering WU-FTPD with KWuFTPd . . . 321 Maintaining the Server . . . 326 Strengthening FTP Security . . . 330 Understanding and mitigating the risks . . . 331 Reconfiguring the system log . . . 331 Monitoring the server . . . 334 Summary . . . 334 Chapter 14 Configuring Mail Services . . . 335 E-Mail Explained . . . 335 Mail User Agent (MUA) . . . 336 Mail Transfer Agent (MTA) . . . 336 Local Delivery Agent (LDA) . . . 337 Introducing SMTP . . . 337 Understanding POP3 . . . 338 Understanding IMAP4 . . . 338 Configuring Sendmail . . . 339 Checking that Sendmail is installed and running . . . 339 Configuring Sendmail . . . 340 The m4 Macro Processor . . . 341 Understanding and managing the mail queue . . . 341 Configuring POP3 . . . 342

(25)

Configuring IMAP4 . . . 343 Setting up aliases to make life easier . . . 343 Using other files and commands with Sendmail . . . 345 Configuring the E-Mail Client . . . 346 Configuring Netscape Messenger . . . 346 Filling Out the Messenger Forms . . . 347 Using Netscape Messenger . . . 349 Sending e-mail from the command line . . . 351 Reading mail with Mail . . . 352 Using Elm . . . 354 Creating mail aliases in elm . . . 355 Using Pine . . . 355 Working with Pine attachments . . . 356 Maintaining E-Mail Security . . . 357 Protecting against eavesdropping . . . 357 Using encryption . . . 357 Using a firewall . . . 357 Don’t get bombed, spammed, or spoofed . . . 358 Be careful with SMTP . . . 358 Using Newsgroups . . . 359 Configuring the NNTP server . . . 359 Reading newsgroups in Pine . . . 360 Configuring Netscape for news . . . 361 Summary . . . 364 Chapter 15 Configuring a Web Server . . . 365 Introducing Apache . . . 365 A short history of Apache . . . 365 Apache features . . . 367 Finding more information about Apache . . . 369 How Web Servers Work . . . 370 Installing Apache . . . 371 Installing the binary RPMs . . . 371 Installing and building the source RPMs . . . 372 Installing and building the source distribution . . . 372 Additional packages to install . . . 375 Configuring Apache . . . 376 Apache’s startup process . . . 376 Configuring global Apache behavior . . . 377 Configuring the default server . . . 380 Configuring virtual servers . . . 391 Configuring Apache for SSI . . . 392 Enabling SSI . . . 392 Testing the configuration . . . 393 CGI Scripts . . . 394 Creating a Secure Server with SSL . . . 396 Generating the encryption key . . . 397

(26)

Generating a self-signed certificate . . . 398 Testing the self-signed certificate . . . 399 Summary . . . 400

Part IV Red Hat Linux System Maintenance

Chapter 16 Using the Red Hat Network . . . 403 Registering Your System . . . 403 Configuring the Red Hat Update Agent . . . 407 Using the Red Hat Update Agent . . . 410 Using the Red Hat Network via the Internet . . . 413 Red Hat Network Main page tab . . . 414 Your Network page tab . . . 414 Search Errata Alerts tab . . . 417 Preferences tab . . . 417 Help Desk tab . . . 418 Summary . . . 418 Chapter 17 Upgrading and Customizing the Kernel . . . 419 Should You Upgrade to a New Kernel? . . . 419 Upgrading versus customizing . . . 421 Checking your current kernel version . . . 421 Building a New Kernel . . . 423 Obtaining the latest kernel version . . . 424 Patching the kernel . . . 430 Customizing the kernel . . . 433 Compiling and installing the new kernel . . . 459 Configuring GRUB . . . 460 Booting the custom kernel . . . 460 Summary . . . 461 Chapter 18 Configuring the System on the Command Line . . . . 463 Administering a System at the Command Line . . . 463 Administering Users and Groups . . . 465 Working with user accounts . . . 465 Working with group accounts . . . 469 Modifying multiple accounts simultaneously . . . 470 Viewing login and process information . . . 471 Managing the File System . . . 472 Creating and maintaining file systems . . . 472 Working with files and directories . . . 478 Managing disk space usage . . . 481 Administering Processes . . . 484 Obtaining process information . . . 484 Terminating processes . . . 488 Modifying process priorities . . . 489 Tracking and Controlling System Usage . . . 490

(27)

Maintaining the Date and Time . . . 492 Creating and Restoring Backups . . . 497 Summary . . . 501 Chapter 19 Using Scripts to Automate Tasks . . . 503 Understanding Bash Programming . . . 504 Wildcards and special characters . . . 504 Using variables . . . 508 Bash operators . . . 511 Flow control . . . 522 Shell functions . . . 530 Processing input and output . . . 532 Working with command line arguments . . . 537 Using Processes and Job Control . . . 538 Creating Backups . . . 543 Automating Scripts . . . 545 Using at for one-shot jobs . . . 545 Using cron for regularly scheduled jobs . . . 546 Writing, Testing, and Debugging Scripts . . . 548 Selecting a Scripting Language . . . 549 Summary . . . 550 Chapter 20 Performance Monitoring . . . 551 Diagnosing Performance Problems . . . 552 Overall System Status . . . 553 Monitoring Running Processes . . . 556 Monitoring Memory Utilization . . . 558 Monitoring Disk Usage and Performance . . . 563 Tracking CPU Usage . . . 568 Monitoring Network Traffic . . . 572 Summary . . . 574 Chapter 21 Administering Users and Groups . . . 575 Understanding the Root Account . . . 575 Implementing Sudo . . . 576 Deciphering Sudo’s configuration file . . . 578 Sudo configuration and usage tips . . . 581 Working With Users and Groups . . . 581 Understanding user private groups . . . 582 Adding, modifying, and deleting users . . . 584 Adding, modifying, and deleting groups . . . 597 Using the Red Hat User Manager . . . 601 Using File System Quotas . . . 607 Preparing the system for quotas . . . 608 Creating the quota files . . . 608 Enabling quotas . . . 609

(28)

Setting and modifying quotas . . . 609 Reviewing quota utilization . . . 611 Summary . . . 613 Chapter 22 Backing up and Restoring the File System . . . 615 What Should Be Backed Up? . . . 615 Choosing Media for Backups . . . 616 Understanding Backup Methods . . . 617 Using Backup Tools . . . 619 Command line tools . . . 619 Advanced tools . . . 627 Summary . . . 642 Chapter 23 Installing and Upgrading Software Packages . . . 643 Using the Red Hat Package Manager . . . 643 General options . . . 644 Query mode . . . 645 Package installation and removal . . . 654 Verifying RPMs . . . 657 Building RPMs . . . 660 RPM administrative commands . . . 661 Checking Software Versions . . . 663 Obtaining Newer Software . . . 665 Using rpmfind.org . . . 666 Using Freshmeat . . . 667 Using Ibiblio.org . . . 668 Using Gnome-RPM . . . 669 Additional software repositories . . . 670 Installing Software . . . 671 Installing software from source . . . 671 Building and installing source RPMs . . . 677 Using RPM with source tarballs . . . 680 Summary . . . 681

Part V Security and Problem Solving

Chapter 24 Security Basics . . . 685 Introducing Basic Security Concepts . . . 685 Security as loss prevention . . . 686 Security: a distributed venture . . . 688 The fundamental mindset: shades of grey . . . 689 Understanding the enemy . . . 690 Developing a Security Policy . . . 690 Beware the security assertions ploy . . . 691 Creating the policy: a first iteration . . . 692 The policy itself . . . 695

(29)

Recovery plans . . . 697 Social engineering . . . 699 Finding Security-Related Resources . . . 701 Web sites . . . 701 Recommended reading . . . 702 Links . . . 702 Summary . . . 703 Chapter 25 Implementing Local Security . . . 705 Exploring the Nature of Physical Security . . . 706 Building construction . . . 707 Boot security . . . 708 Maintaining User and Password Security . . . 715 Passwords: theory and practice . . . 716 Those pesky users . . . 722 Checking logs . . . 723 Securing File Integrity . . . 725 Using Tripwire . . . 726 Not for everybody, or every computer . . . 726 Setting up Tripwire . . . 727 Fine-tuning Tripwire . . . 728 Summary . . . 730 Chapter 26 Firewalls and Internet Security . . . 731 Limiting Network Services . . . 731 What services are running? . . . 732 Stopping running services . . . 736 Monitoring network traffic . . . 740 A Firewall Primer . . . 743 Firewall policy . . . 743 Basic layout . . . 745 Designing the firewall . . . 746 Summary . . . 748 Chapter 27 Detecting Intrusions . . . 749 Understanding Host-Based Intrusion Detection Software . . 749 Using Tripwire . . . 750 Installing Tripwire . . . 751 Configuring Tripwire . . . 751 Running Tripwire . . . 756 Detecting intrusions using Tripwire . . . 757 Additional Tripwire resources . . . 758 Using LogWatch . . . 758 Detecting Intrusions with ipchains . . . 762 Detecting Intrusions with iptables . . . 764 Summary . . . 765

(30)

Chapter 28 Troubleshooting and Problem Solving . . . 767 Solving Installation Problems . . . 768 Unable to log in after installation . . . 768 Installing Star Office . . . 768 Hardware-related installation problems . . . 769 Solving File System Problems . . . 772 Cannot delete a file . . . 772 Commands with multi-word arguments . . . 773 Accessing Windows file systems . . . 774 Working with floppy disks . . . 774 Cannot mount a partition . . . 774 Avoiding file system checks at each system reboot . . . 775 Getting a Zip drive to work . . . 775 Solving Networking Problems . . . 776 Getting online with a modem . . . 777 What to do when the boot process hangs . . . 779 Using two Ethernet cards . . . 779 Solving Boot Problems . . . 780 Solving Miscellaneous Problems . . . 783 Getting sound to work . . . 783 Using screensavers and power management . . . 784 Starting the X Window System . . . 785 Summary . . . 785

Appendix: What’s on the CD-ROM? . . . 787 Index . . . 791 End-User License Agreement . . . 847

(31)

(32)

Red Hat Linux System and Network Administration Defined

CHAPTER 1 Duties of the System Administrator

CHAPTER 2 Planning the Network

CHAPTER 3 Installing Red Hat Linux

CHAPTER 4 Red Hat Linux File System

CHAPTER 5 Red Hat System Configuration Files

Part I

(33)

IN THIS PART:

This part introduces the system administrator’s duties. The chapters in

this part discuss planning a network, installing Red Hat Linux, and working with the Red Hat Linux file system and

configuration files.

(34)

Chapter 1 Duties of the System Administrator

IN THIS CHAPTER

◆ The Linux system administrator

◆ Installing and configuring servers

◆ Installing and configuring application software

◆ Creating and maintaining user accounts

◆ Backing up and restoring files

◆ Monitoring and tuning performance

◆ Configuring a secure system

◆ Using tools to monitor security

LINUX IS A MULTIUSER,multitasking operating system from the ground up, and in this regard the system administrator has flexibility — and responsibility — far beyond those of other operating systems. Now, Red Hat has employed innovations that extend these duties even for the experienced Linux user. In this chapter, we look at those requirements.

The Linux System Administrator

Linux involves much more than merely sitting down and turning on the machine.

Often you hear talk of a “steep learning curve,” but that discouraging phrase can be misleading. Instead, Linux is quite different from the most popular commercial operating systems in a number of ways, and while it is no more difficult to learn than other operating systems, it is likely to seem very strange even to the experienced administrator of some other system. In addition, the sophistication of a number of parts of the Red Hat Linux distribution has increased by an order of magnitude, so even an experienced Linux administrator is likely to find much that is new and unfamiliar. Fortunately, there are new tools designed to make system

administration easier than it has ever been before. 3

(35)

Make no mistake: Every computer in the world has a system administrator. It may be — and probably is — that the majority of system administrators are probably those who decided what software and peripherals were bundled with the machine when it was shipped. That status quo remains because the majority of users who acquire computers for use as appliances probably do little to change the default values. But the minute a user decides on a different wallpaper image or adds an application that was acquired apart from the machine itself, he or she has taken on the mantle of system administration.

Such a high-falutin’ title brings with it some responsibilities. No one whose computer is connected to the Internet, for instance, has been immune to the effects of poorly administered systems, as demonstrated by the Distributed Denial of Service (DDoS) and e-mail macro virus attacks that have shaken the online world in recent years. The scope of these acts of computer vandalism (and in some cases computer larceny) would have been greatly reduced if system administrators had a better understanding of their duties.

The Linux system administrator is more likely to understand the necessity of active system administration than are those who run whatever came on the computer, assuming that things came from the factory properly configured. The user or enterprise that decides on Linux has decided, too, to assume the control that Linux offers, and the responsibilities that this entails.

By its very nature as a modern, multiuser operating system, Linux requires a degree of administration greater than that of less robust home market systems. This means that even if you are using a single machine connected to the Internet by a dial-up modem — or not even connected at all — you have the benefits of the same system employed by some of the largest businesses in the world, and will do many of the things that the IT professionals employed by those companies are paid to do.

Administering your system does involve a degree of learning, but it also means that in setting up and configuring your own system you gain skills and understanding that raise you above mere “computer user” status. The Linux system administrator does not achieve that mantle by having purchased a computer but instead by having taken full control of what his or her computer does and how it does it.

You may end up configuring a small home or small office network of two or more machines, perhaps including ones that are not running Linux. You may be responsible for a business network of dozens of machines. The nature of system administration in Linux is surprisingly constant, no matter how large or small your installation. It merely involves enabling and configuring features you already have available.

By definition, the Linux system administrator is the person who has “root”

access, which is to say the one who is the system’s “super user” (or root user). A standard Linux user is limited as to the things he or she can do with the underlying engine of the system. But the “root” user has unfettered access to everything — all user accounts, their home directories, and the files therein; all system configurations; and all files on the system. A certain body of thought says that no one should ever log in as “root,” because system administration tasks can be performed more easily and safely through other, more specific means, which I discuss in due course.

(36)

The system administrator has full system privileges, so the first duty is to know what you’re doing lest you break something.

By definition, the Linux system administrator is the person who has “root”

access, which is to say the one who is the system’s “super user.”

The word “duties” implies a degree of drudgery; in fact, they’re a manifestation of the tremendous flexibility of the system measured against responsibility to run a tight installation. These duties do not so much constrain the system administrator as free him or her to match the installation to the task. But all are likely employed to some degree in every system. Let’s take a brief look at them.

Installing and Configuring Servers

In the Linux world, the word “server” has a meaning that is broader than you might be used to. For instance, the standard Red Hat Linux graphical user interface (GUI) requires a graphical layer called XFree86. This is a server. It runs even on a stand- alone machine with one user account. It must be configured. (Fortunately, Red Hat Linux has made this a simple and painless part of installation on all but the most obscure combinations of video card and monitor; gone are the days of anguish configuring a graphical desktop.)

Likewise, printing in Linux takes place only after you have configured a print server. Again, this has become so easy as to be nearly trivial.

In certain areas the client-server nomenclature can be confusing, though. While you cannot have a graphical desktop without a server, you can have World Wide Web access without a Web server, file transfer protocol (FTP) access without running an FTP server, and Internet e-mail capabilities without ever starting a mail server. You may well want to use these servers, all of which are included in Red Hat Linux, but then again you may not. And whenever a server is connected to other machines outside your physical control, there are security implications — you want users to have easy access to the things they need, but you don’t want to open up the system you’re administering to the whole wide world.

Whenever a server is connected to machines outside your physical control, security issues arise. You want users to have easy access to the things they need, but you don’t want to open up the system you’re administering to the whole wide world.

(37)

Linux distributions used to be shipped with all imaginable servers turned on by default. This was a reflection of an earlier, more polite era in computing, when people did not consider vandalizing other people’s machines to be good sport. But the realities of a modern, more dangerous world have dictated that all but essential servers are off unless specifically enabled and configured. This duty falls to the system administrator. You need to know what servers you need and how to employ them, and to be aware that it is bad practice and a potential security nightmare to enable services that the system isn’t using and doesn’t need. Fortunately, the following pages show you how to carry out this aspect of system administration easily and efficiently.

Installing and Configuring Application Software

This may seem redundant, but it’s crucial that the new Linux system administrator understand two characteristics that set Linux apart from popular commercial operating systems: The first is the idea of the root or super user, and the second is that Linux is a multiuser operating system. Each user has (or shares) an account on the system, be it on a separate machine or on a single machine with multiple accounts.

One reason that these concepts are crucial is found in the administration of application software — productivity programs.

While it is possible for individual users to install some applications in their home directories — drive space set aside for their own files and customizations — these applications are not available to other users without the intervention of the system administrator. Besides, if an application is to be used by more than one user, it probably needs to be installed higher up in the Linux file hierarchy, which is a job that can be performed by the system administrator only. (The administrator can even decide which users may use which applications by creating a “group” for that application and enrolling individual users into that group.)

New software packages might be installed in ^/opt, if they are likely to be upgraded separately from the Red Hat Linux distribution itself; by so doing, it’s simple to retain the old version until you are certain the new version works and meets expectations. Some packages may need to go in ^/usr/localor even ^/usr, if they are upgrades of packages installed as part of Red Hat Linux. (For instance, there are sometimes security upgrades of existing packages.) The location of the installation usually matters only if you compile the application from source code; if you use a Red Hat Package Manager (RPM) application package, it automatically goes where it should.

Configuration and customization of applications is to some extent at the user’s discretion, but not entirely. “Skeleton” configurations — administrator-determined default configurations — set the baseline for user employment of applications. If there are particular forms, for example, that are used throughout an enterprise, the system administrator would set them up or at least make them available by adding

(38)

them to the skeleton configuration. The same applies, too, in configuring user desktops and in even deciding what applications should appear on user desktop menus.

Your company may not want the games that ship with modern Linux desktops to be available to users. And you may want to add menu items for newly installed or custom applications. The system administrator brings all this to pass.

Creating and Maintaining User Accounts

Not just anyone can show up and log on to a Linux machine. An account must be created for each user and — you guessed it — no one but the system administrator may do this. That’s simple enough.

But there’s more, and it involves decisions that either you or your company must make. You might want to let users select their own passwords, which would no doubt make them easier to remember, but which probably would be easier for a malefactor to crack. You might want to assign passwords, which is more secure in theory but which increases the likelihood that users will write them down on a con- veniently located scrap of paper — a risk if many people have access to the area where the machine(s) is located. You might decide that users must change their passwords periodically, and you can configure Red Hat Linux to prompt users to do so.

And what to do about old accounts? Perhaps someone has left the company.

What happens to his or her account? You probably don’t want him or her to con- tinue to have access to the company network. On the other hand, you don’t want to simply delete the account, perhaps to discover later that essential data resided nowhere else.

To what may specific users have access? It might be that there are aspects of your business that make World Wide Web access desirable, but you don’t want everyone spending their working hours surfing the Web. If your system is at home, you may wish to limit your children’s access to the Web, which contains sites to which few if any parents would want their children exposed.

These issues and others are parts of the system administrator’s duties in managing user accounts. Whether the administrator or his or her employer establishes the policies governing them, those policies should be established — if in an enterprise, preferably in writing — for the protection of all concerned.

Backing Up and Restoring Files

Until equipment becomes absolutely infallible, and until people lose their desire to harm the property of others (and, truth be known, until system administrators become perfect), there is a need to back up important files so that in the event of a failure of hardware, security, or administration, the system can be up and running again with minimal disruption. Only the system administrator may do this.

Red Hat

P R E S S

Red Hat L inux Networking and System Administration

Linux Solutions from the Experts at Red Hat

Reviewed by the Experts at Red Hat

Red Hat

Linux

Networking

and System Administration

Red Hat ® Linux ® Networking and System

Administration

Terry Collings and Kurt Wall

M&T Books

About the Authors

Credits

Preface

How This Book Is Organized

Part I — Red Hat Linux System and Network Administration Defined

Part II — Red Hat Linux Network Services

Part III — Red Hat Linux Internet Services

Part IV — Red Hat Linux System Maintenance

Part V — Security and Problem Solving

How to Use This Book

Using this book’s icons

Conventions

Terry Collings’s

Acknowledgments

Kurt Wall’s

Acknowledgments

Contents at a Glance

Contents

Red Hat Linux System and Network Administration Defined

CHAPTER 1

Duties of the System Administrator

CHAPTER 2

Planning the Network

CHAPTER 3

Installing Red Hat Linux

CHAPTER 4

Red Hat Linux File System

CHAPTER 5

Red Hat System Configuration Files

Part I

IN THIS PART:

This part introduces the system administrator’s duties. The chapters in

this part discuss planning a network, installing Red Hat Linux, and working with the Red Hat Linux file system and

configuration files.

Chapter 1

Duties of the System Administrator

The Linux System Administrator

Installing and Configuring Servers

Installing and Configuring Application Software

Creating and Maintaining User Accounts

Backing Up and Restoring Files

Red Hat ^® Linux ^® Networking and System