IT training linux bible 9th ed (2015)

589 Chapter 22: Understanding Basic Linux Security ...591 Chapter 23: Understanding Advanced Linux Security ...627 Chapter 24: Enhancing Linux Security with SELinux ...669 Contents at a

Linux ®

Bible

Ninth Edition

Linux ®

BIBLE

Ninth Edition

Christopher Negus

John Wiley & Sons, Inc.

10475 Crosspoint Boulevard

Indianapolis, IN 46256

www.wiley.com

Copyright © 2015 by John Wiley & Sons, Inc., Indianapolis, Indiana

Published simultaneously in Canada

222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/

permissions.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS

OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING,

OR OTHER PROFESSIONAL SERVICES IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM THE FACT THAT AN ORGANIZATION OR WEB SITE IS REFERRED TO IN THIS WORK

AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand Some material included with standard print versions of this book may not be included in e-books or in print-on-demand If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com For more information about Wiley products, visit

www.wiley.com.

Library of Congress Control Number: 2015937667

Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc and/or

its affiliates, in the United States and other countries, and may not be used without written permission Linux is

a registered trademark of Linus Torvalds All other trademarks are the property of their respective owners John Wiley & Sons, Inc is not associated with any product or vendor mentioned in this book.

As always, I dedicate this book to my wife, Sheree

Chris Negus is a Red Hat Certifi ed Instructor (RHCI), Red Hat Certifi ed Examiner (RHCX),

Red Hat Certifi ed Architect (RHCA), and Principal Technical Writer for Red Hat Inc In more than six years with Red Hat, Chris has taught hundreds of IT professionals aspiring to become Red Hat Certifi ed Engineers (RHCE)

In his current position at Red Hat, Chris produces articles for the Red Hat Customer Portal The projects he works on include Red Hat Enterprise Linux 7, Red Hat Enterprise OpenStack Platform, Red Hat Enterprise Virtualization and Linux containers in Docker format

Besides his RHCA certifi cation, Chris is a Red Hat Certifi ed Virtualization Administrator (RHCVA) and Red Hat Certifi ed Datacenter Specialist (RHCDS) He also has certifi cates of expertise in Deployment and Systems Management, Clustering and Storage Management, Cloud Storage, and Server Hardening

Before joining Red Hat, Chris wrote or co-wrote dozens of books on Linux and UNIX,

includ-ing Red Hat Linux Bible (all editions), CentOS Bible, Fedora Bible, Linux Troubleshootinclud-ing Bible, Linux Toys and Linux Toys II Chris also co-authored several books for the Linux Toolbox series for power users: Fedora Linux Toolbox, SUSE Linux Toolbox, Ubuntu Linux Toolbox, Mac

OS X Toolbox, and BSD UNIX Toolbox.

For eight years Chris worked with the organization at AT&T that developed UNIX before moving to Utah to help contribute to Novell’s UnixWare project in the early 1990s When not writing about Linux, Chris enjoys playing soccer and just hanging out with his wife, Sheree, and son, Seth

About the Technical Editor

Richard Blum, LPIC-1, has worked in the IT industry for more than 20 years as both a

systems and network administrator and has published numerous Linux and open source books He has administered UNIX, Linux, Novell, and Microsoft servers, as well as helped design and maintain a 3,500-user network utilizing Cisco switches and routers He has used Linux servers and shell scripts to perform automated network monitoring and has written shell scripts in most of the common Linux shell environments Rich is an online instruc-tor for an Introduction to Linux course that is used by colleges and universities across the United States When he isn’t being a computer nerd, Rich plays electric bass in a couple of different church worship bands, and enjoys spending time with his wife, Barbara, and two daughters, Katie Jane and Jessica

Development & Assembly

Mary Beth Wakefield

Since I was hired by Red Hat Inc more than six years ago, I have been exposed to

many of the best Linux developers, testers, support professionals and instructors in the world Since I can’t thank everyone individually, I instead salute the culture of cooperation and excellence that serves to improve my own Linux skills every day

I don’t speak well of Red Hat because I work there; I work at Red Hat because it lives up

to the ideals of open source software in ways that match my own beliefs There are a few people at Red Hat I would like to acknowledge particularly Discussions with Victor Costea, Andrew Blum, and other Red Hat instructors have helped me adapt my ways of thinking about how people learn Linux I’m able to work across a wide range of technologies because

of the great support I get from my supervisor, Adam Strong, and my senior manager, Sam Knuth, who both point me toward cool projects but never hold me back

In this edition, particular help came from Ryan Sawhill Aroha, who helped me simplify my writing on encryption technology For the new content I wrote in this book on Linux cloud technologies, I’d like to thank members of OpenStack, Docker, and RHEV teams, who help

me learn cutting-edge cloud technology every day

As for the people at Wiley, thanks for letting me continue to develop and improve this book over the years Marty Minner has helped keep me on task through a demanding schedule Mary Beth Wakefi eld and Ken Brown have been there to remind me at the times I forgot it was a demanding schedule Thanks to Richard Blum for his reliably thorough job of tech editing Thanks to Margot Maley Hutchison from Waterside Productions for contracting the book for me with Wiley and always looking out for my best interests

Finally, thanks to my wife, Sheree, for sharing her life with me and doing such a great job raising Seth and Caleb

Acknowledgments

Acknowledgments xi

Introduction xxxiii

Part I: Getting Started 1

Chapter 1: Starting with Linux 3

Chapter 2: Creating the Perfect Linux Desktop 29

Part II: Becoming a Linux Power User 63

Chapter 3: Using the Shell 65

Chapter 4: Moving around the Filesystem 97

Chapter 5: Working with Text Files 117

Chapter 6: Managing Running Processes 137

Chapter 7: Writing Simple Shell Scripts 153

Part III: Becoming a Linux System Administrator 171

Chapter 8: Learning System Administration 173

Chapter 9: Installing Linux 201

Chapter 10: Getting and Managing Software 233

Chapter 11: Managing User Accounts 259

Chapter 12: Managing Disks and Filesystems 283

Part IV: Becoming a Linux Server Administrator 313

Chapter 13: Understanding Server Administration 315

Chapter 14: Administering Networking 347

Chapter 15: Starting and Stopping Services 377

Chapter 16: Confi guring a Print Server 423

Chapter 17: Confi guring a Web Server 449

Chapter 18: Confi guring an FTP Server 477

Chapter 19: Confi guring a Windows File Sharing (Samba) Server 499

Chapter 20: Confi guring an NFS File Server 527

Chapter 21: Troubleshooting Linux 551

Part V: Learning Linux Security Techniques 589

Chapter 22: Understanding Basic Linux Security 591

Chapter 23: Understanding Advanced Linux Security 627

Chapter 24: Enhancing Linux Security with SELinux 669 Contents at a Glance

Part VI: Extending Linux into the Cloud 727

Chapter 26: Using Linux for Cloud Computing 729

Chapter 27: Deploying Linux to the Cloud 749

Part VII: Appendixes 769

Appendix A: Media 771

Appendix B: Exercise Answers 781

Index 839

Acknowledgments  . .  xi

Introduction  . . xxxiii

Part I: Getting Started 1 Chapter 1: Starting with Linux . . .  3

Understanding What Linux Is 4

Understanding How Linux Differs from Other Operating Systems 6

Exploring Linux History 6

Free-fl owing UNIX culture at Bell Labs 7

Commercialized UNIX 9

Berkeley Software Distribution arrives 9

UNIX Laboratory and commercialization 10

GNU transitions UNIX to freedom 11

BSD loses some steam 13

Linus builds the missing piece 13

OSI open source defi nition 14

Understanding How Linux Distributions Emerged 16

Choosing a Red Hat distribution 17

Using Red Hat Enterprise Linux 17

Using Fedora 18

Choosing Ubuntu or another Debian distribution 19

Finding Professional Opportunities with Linux Today 20

Understanding how companies make money with Linux 21

Becoming Red Hat certifi ed 22

RHCSA topics 23

RHCE topics 24

Summary 26

Chapter 2: Creating the Perfect Linux Desktop  . .  29

Understanding Linux Desktop Technology 30

Starting with the Fedora GNOME Desktop Live image 32

Using the GNOME 3 Desktop 33

After the computer boots up 33

Navigating with the mouse 34 Contents

Navigating with the keyboard 38

Setting up the GNOME 3 desktop 41

Extending the GNOME 3 desktop 42

Using GNOME shell extensions 42

Using the GNOME Tweak Tool 44

Starting with desktop applications 45

Managing fi les and folders with Nautilus 45

Installing and managing additional software 46

Playing music with Rhythmbox 48

Stopping the GNOME 3 desktop 49

Using the GNOME 2 Desktop 49

Using the Metacity window manager 50

Changing GNOME’s appearance 52

Using the GNOME panels 53

Using the Applications and System menus 54

Adding an applet 54

Adding another panel 55

Adding an application launcher 55

Adding a drawer 56

Changing panel properties 57

Adding 3D effects with AIGLX 58

Summary 60

Exercises 61

Part II: Becoming a Linux Power User 63 Chapter 3: Using the Shell  . .  65

About Shells and Terminal Windows 66

Using the shell prompt 67

Using a terminal window 68

Using virtual consoles 69

Choosing Your Shell 69

Running Commands 70

Understanding command syntax 71

Locating commands 74

Recalling Commands Using Command History 76

Command-line editing 77

Command-line completion 79

Command-line recall 80

Connecting and Expanding Commands 82

Piping between commands 82

Sequential commands 83

Background commands 83

Expanding commands 84

Expanding arithmetic expressions 84

Expanding variables 85

Using Shell Variables 85

Creating and using aliases 87

Exiting the shell 88

Creating Your Shell Environment 88

Confi guring your shell 88

Setting your prompt 89

Adding environment variables 91

Getting Information about Commands 92

Summary 94

Exercises 95

Chapter 4: Moving around the Filesystem  . . .  97

Using Basic Filesystem Commands 100

Using Metacharacters and Operators 102

Using fi le-matching metacharacters 102

Using fi le-redirection metacharacters 103

Using brace expansion characters 105

Listing Files and Directories 105

Understanding File Permissions and Ownership 109

Changing permissions with chmod (numbers) 111

Changing permissions with chmod (letters) 111

Setting default fi le permission with umask 112

Changing fi le ownership 113

Moving, Copying, and Removing Files 114

Summary 115

Exercises 115

Chapter 5: Working with Text Files  . . 117

Editing Files with vim and vi 117

Starting with vi 119

Adding text 119

Moving around in the text 120

Deleting, copying, and changing text 121

Pasting (putting) text 122

Repeating commands 122

Exiting vi 122

Skipping around in the fi le 123

Searching for text 124

Using ex mode 124

Learning more about vi and vim 124

Finding Files 125

Using locate to fi nd fi les by name 125

Searching for fi les with fi nd 127

Finding fi les by name 127

Finding fi les by size 128

Finding fi les by user 128

Finding fi les by permission 129

Finding fi les by date and time 130

Using ‘not’ and ‘or’ when fi nding fi les 131

Finding fi les and executing commands 131

Searching in fi les with grep 132

Summary 134

Exercises 134

Chapter 6: Managing Running Processes  . .  137

Understanding Processes 137

Listing Processes 138

Listing processes with ps 138

Listing and changing processes with top 140

Listing processes with System Monitor 142

Managing Background and Foreground Processes 144

Starting background processes 144

Using foreground and background commands 145

Killing and Renicing Processes 146

Killing processes with kill and killall 146

Using kill to signal processes by PID 147

Using killall to signal processes by name 148

Setting processor priority with nice and renice 148

Limiting Processes with cgroups 149

Summary 151

Exercises 151

Chapter 7: Writing Simple Shell Scripts . . .  153

Understanding Shell Scripts 153

Executing and debugging shell scripts 154

Understanding shell variables 154

Special shell positional parameters 156

Reading in parameters 157

Parameter expansion in bash 157

Performing arithmetic in shell scripts 158

Using programming constructs in shell scripts 159

The “if…then” statements 159

The case command 162

The “for…do” loop 163

The “while…do” and “until…do” loops 164

Trying some useful text manipulation programs 164

The general regular expression parser 165

Remove sections of lines of text (cut) 165

Translate or delete characters (tr) 165

The stream editor (sed) 166

Using simple shell scripts 167

Telephone list 167

Backup script 168

Summary 168

Exercises 169

Part III: Becoming a Linux System Administrator 171 Chapter 8: Learning System Administration  . . 173

Understanding System Administration 173

Using Graphical Administration Tools 175

Using system-confi g-* tools 175

Using browser-based admin tools 177

Using the root user account 177

Becoming root from the shell (su command) 178

Allowing administrative access via the GUI 180

Gaining administrative access with sudo 180

Exploring Administrative Commands, Confi guration Files, and Log Files 182

Administrative commands 182

Administrative confi guration fi les 183

Administrative log fi les and systemd journal 188

Using journalctl to view the systemd journal 188

Managing log messages with rsyslogd 189

Using Other Administrative Accounts 189

Checking and Confi guring Hardware 190

Checking your hardware 191

Managing removable hardware 194

Working with loadable modules 197

Listing loaded modules 197

Loading modules 198

Removing modules 198

Summary 199

Exercises 199

Chapter 9: Installing Linux  . .  201

Choosing a Computer 202

Installing Fedora from Live media 203

Installing Red Hat Enterprise Linux from Installation Media 208

Understanding Cloud-Based Installations 211

Installing Linux in the Enterprise 211

Exploring Common Installation Topics 213Upgrading or installing from scratch 213Dual booting 214Installing Linux to run virtually 216Using installation boot options 216Boot options for disabling features 217Boot options for video problems 217Boot options for special installation types 218Boot options for kickstarts and remote repositories 218Miscellaneous boot options 219Using specialized storage 219Partitioning hard drives 220Understanding different partition types 221Reasons for different partitioning schemes 222Tips for creating partitions 222Using the GRUB boot loader 224Using GRUB Legacy (version 1) 225Using GRUB 2 229Summary 231Exercises 231

Chapter 10: Getting and Managing Software  . .  233

Managing Software on the Desktop 233Going Beyond the Software Window 235Understanding Linux RPM and DEB Software Packaging 236Understanding DEB packaging 237Understanding RPM packaging 238What is in an RPM? 238Where do RPMs come from? 239Installing RPMs 239Managing RPM Packages with YUM 240Understanding how yum works 241

1 Checking /etc/yum.conf 242

2 Checking /etc/sysconfi g/rhn/up2date (RHEL only) 242

3 Checking /etc/yum.repos.d/*.repo fi les 243

4 Downloading RPM packages and metadata from a YUM repository 243

5 RPM packages installed to Linux fi le system 244

6 Store YUM repository metadata to local RPM database 244Using YUM with third-party software repositories 244Managing software with the YUM command 245Searching for packages 246Installing and removing packages 247Updating packages 249Updating groups of packages 250

Maintaining your RPM package database and cache 251Downloading RPMs from a yum repository 252Installing, Querying, and Verifying Software

with the rpm Command 252Installing and removing packages with rpm 253Querying rpm information 254Verifying RPM packages 255Managing Software in the Enterprise 256Summary 257Exercises 258

Chapter 11: Managing User Accounts  . . .  259

Creating User Accounts 259Adding users with useradd 262Setting user defaults 265Modifying users with usermod 266Deleting users with userdel 268Understanding Group Accounts 268Using group accounts 269Creating group accounts 270Managing Users in the Enterprise 270Setting permissions with Access Control Lists 271Setting ACLs with setfacl 272Setting default ACLs 273Enabling ACLs 274Adding directories for users to collaborate 276Creating group collaboration directories (set GID bit) 276Creating restricted deletion directories (sticky bit) 278Centralizing User Accounts 278Using the Users window 279Using the Authentication Confi guration window 279Summary 281Exercises 281

Chapter 12: Managing Disks and Filesystems  . . .  283

Understanding Disk Storage 283Partitioning Hard Disks 285Understanding partition tables 286Viewing disk partitions 286Creating a single-partition disk 288Creating a multiple-partition disk 292Using Logical Volume Management Partitions 295Checking an existing LVM 296Creating LVM logical volumes 299Growing LVM logical volumes 300

Mounting Filesystems 301Supported fi lesystems 301Enabling swap areas 303Disabling a swap area 304Using the fstab fi le to defi ne mountable fi le systems 305Using the mount command to mount fi le systems 307Mounting a disk image in loopback 308Using the umount command 309Using the mkfs Command to Create a Filesystem 310Summary 311Exercises 311

CHAPTER 13: Understanding Server Administration  . .  315

Starting with Server Administration 316Step 1: Install the server 316Step 2: Confi gure the server 318Using confi guration fi les 318Checking the default confi guration 319Step 3: Start the server 319Step 4: Secure the server 321Password protection 321Firewalls 321TCP Wrappers 322SELinux 322Security settings in confi guration fi les 322Step 5: Monitor the server 322Confi gure logging 322Run system activity reports 323Keep system software up to date 323Check the fi lesystem for signs of crackers 323Managing Remote Access with the Secure Shell Service 323Starting the openssh-server service 324Using SSH client tools 326Using ssh for remote login 326Using ssh for remote execution 328Copying fi les between systems with scp and rsync 329Interactive copying with sftp 332Using key-based (passwordless) authentication 332Confi guring System Logging 334Enabling system logging with rsyslog 334Understanding the rsyslog.conf fi le 335Understanding the messages log fi le 337

Setting up and using a loghost with rsyslogd 337Watching logs with logwatch 339Checking System Resources with sar 340Checking System Space 341Displaying system space with df 342Checking disk usage with du 342Finding disk consumption with fi nd 343Managing Servers in the Enterprise 344Summary 344Exercises 345

Chapter 14: Administering Networking  . .  347

Confi guring Networking for Desktops 348Checking your network interfaces 350Checking your network from NetworkManager 350Checking your network from the command line 352Confi guring network interfaces 355Setting IP addresses manually 355Setting IP address aliases 356Setting routes 357Confi guring a network proxy connection 358Confi guring Networking from the Command Line 360Editing a connection 360Understanding networking confi guration fi les 362Network interface fi les 363Other networking fi les 365Setting alias network interfaces 367Setting up Ethernet channel bonding 368Setting custom routes 370Confi guring Networking in the Enterprise 371Confi guring Linux as a router 371Confi guring Linux as a DHCP server 372Confi guring Linux as a DNS server 372Confi guring Linux as a proxy server 373Summary 374Exercises 374

Chapter 15: Starting and Stopping Services  . . .  377

Understanding the Initialization Daemon (init or systemd) 378Understanding the classic init daemons 380Understanding the Upstart init daemon 386Learning Upstart init daemon basics 386Learning Upstart’s backward compatibility to SysVinit 388Understanding systemd initialization 392

Learning systemd basics 392Learning systemd’s backward compatibility to SysVinit 397Checking the Status of Services 399Checking services for SysVinit systems 400Checking services for Upstart systems 401Checking services for systemd systems 402Stopping and Starting Services 403Stopping and starting SysVinit services 403Stopping and starting Upstart services 405Stopping and starting systemd services 406Stopping a service with systemd 406Starting a service with systemd 406Restarting a service with systemd 407Reloading a service with systemd 407Enabling Persistent Services 408Confi guring persistent services for SysVinit 408Confi guring persistent services for Upstart 409Confi guring persistent services for systemd 410Enabling a service with systemd 410Disabling a service with systemd 411Confi guring a Default Runlevel or Target Unit 412Confi guring the SysVinit default runlevel 412Confi guring the default runlevel in Upstart 413Confi guring the default target unit for systemd 413Adding New or Customized Services 414Adding new services to SysVinit 414Step 1: Create a new or customized service script fi le 415Step 2: Add the service script to /etc/rc.d/init.d 416Step 3: Add the service to runlevel directories 417Adding new services to Upstart 417Adding new services to systemd 419Step 1: Create a new or customized service confi guration unit fi le 419Step 2: Move the service confi guration unit fi le 420Step 3: Add the service to the Wants directory 420Summary 422Exercises 422

Chapter 16: Confi guring a Print Server  . .  423

Common UNIX Printing System 423Setting Up Printers 425Adding a printer automatically 425Using web-based CUPS administration 426Using the Print Settings window 428Confi guring local printers with the Print Settings window 429

Confi guring remote printers 432Adding a remote CUPS printer 433Adding a remote UNIX (LDP/LPR) printer 433Adding a Windows (SMB) printer 434Working with CUPS Printing 435Confi guring the CUPS server (cupsd.conf) 436Starting the CUPS server 437Confi guring CUPS printer options manually 438Using Printing Commands 439Printing with lpr 440Listing status with lpc 440Removing print jobs with lprm 441Confi guring Print Servers 441Confi guring a shared CUPS printer 442Confi guring a shared Samba printer 443Understanding smb.conf for printing 444Setting up SMB clients 445Summary 446Exercises 446

Chapter 17: Confi guring a Web Server . . .  449

Understanding the Apache Web Server 449Getting and Installing Your Web Server 450Understanding the httpd package 450Installing Apache 453Starting Apache 454Securing Apache 455Apache fi le permissions and ownership 455Apache and iptables 455Apache and SELinux 456Understanding the Apache confi guration fi les 457Using directives 457Understanding default settings 460Adding a virtual host to Apache 462Allowing users to publish their own web content 464Securing your web traffi c with SSL/TLS 465Understanding how SSL is confi gured 467Generating an SSL key and self-signed certifi cate 469Generating a certifi cate signing request 470Troubleshooting Your Web Server 471Checking for confi guration errors 472Accessing forbidden and server internal errors 474Summary 475Exercises 475

Chapter 18: Confi guring an FTP Server  . . .  477

Understanding FTP 477Installing the vsftpd FTP Server 479Starting the vsftpd Service 480Securing Your FTP Server 483Opening up your fi rewall for FTP 483Allowing FTP access in TCP wrappers 486Confi guring SELinux for your FTP server 486Relating Linux fi le permissions to vsftpd 488Confi guring Your FTP Server 488Setting up user access 488Allowing uploading 489Setting up vsftpd for the Internet 491Using FTP Clients to Connect to Your Server 492Accessing an FTP server from Firefox 493Accessing an FTP server with the lftp command 493Using the gFTP client 495Summary 496Exercises 497

Chapter 19: Confi guring a Windows File Sharing (Samba) Server  . .  499

Understanding Samba 499Installing Samba 500Starting and Stopping Samba 502Starting the Samba (smb) service 503Starting the NetBIOS (nmbd) name server 505Stopping the Samba (smb) and NetBIOS (nmb) services 506Securing Samba 506Confi guring fi rewalls for Samba 507Confi guring SELinux for Samba 508Setting SELinux Booleans for Samba 508Setting SELinux fi le contexts for Samba 510Confi guring Samba host/user permissions 510Confi guring Samba 511Using system-confi g-samba 511Choosing Samba server settings 511Confi guring Samba user accounts 512Creating a Samba shared folder 513Checking the Samba share 514Confi guring Samba in the smb.conf fi le 516Confi guring the [global] section 516Confi guring the [homes] section 518Confi guring the [printers] section 519Creating custom shared directories 519

Accessing Samba Shares 521Accessing Samba shares in Linux 522Accessing Samba shares in Windows 524Using Samba in the Enterprise 525Summary 525Exercises 526

Chapter 20: Confi guring an NFS File Server  . .  527

Installing an NFS Server 529Starting the NFS service 530Sharing NFS Filesystems 531Confi guring the /etc/exports fi le 532Hostnames in /etc/exports 533Access options in /etc/exports 534User mapping options in /etc/exports 534Exporting the shared fi lesystems 535Securing Your NFS Server 536Opening up your fi rewall for NFS 537Allowing NFS access in TCP wrappers 539Confi guring SELinux for your NFS server 539Using NFS Filesystems 540Viewing NFS shares 540Manually mounting an NFS fi lesystem 541Mounting an NFS fi lesystem at boot time 542Mounting noauto fi lesystems 543Using mount options 543Using autofs to mount NFS fi lesystems on demand 545Automounting to the /net directory 546Automounting home directories 547Unmounting NFS fi lesystems 549Summary 549Exercises 550

Chapter 21: Troubleshooting Linux  . .  551

Boot-Up Troubleshooting 551Understanding Startup Methods 552Starting with System V init scripts 552Starting with systemd 553Starting with Upstart 554Starting from the fi rmware (BIOS or UEFI) 554Troubleshooting BIOS setup 555Troubleshooting boot order 556Troubleshooting the GRUB boot loader 557Starting the kernel 559Troubleshooting the initialization system .560

Troubleshooting System V initialization 560Troubleshooting rc.sysinit 561Troubleshooting runlevel processes 562Troubleshooting systemd initialization 566Troubleshooting Software Packages 568Fixing RPM databases and cache 572Troubleshooting Networking 573Troubleshooting outgoing connections 573View network interfaces 574Check physical connections 574Check routes 575Check hostname resolution 576Troubleshooting incoming connections 577Check if the client can reach your system at all 577Check if the service is available to the client 578Check the fi rewall on the server 578Check the service on the server 579Troubleshooting Memory 580Uncovering memory issues 581Checking for memory problems 583Dealing with memory problems 584Troubleshooting in Rescue Mode 585Summary 587Exercises 587

Chapter 22: Understanding Basic Linux Security . . .  591

Understanding Security Basics 591Implementing physical security 591Implementing disaster recovery 592Securing user accounts 593One user per user account 593Limit access to the root user account 594Setting expiration dates on temporary accounts 594Removing unused user accounts 595Securing passwords 596Choosing good passwords 597Setting and changing passwords 598Enforcing best password practices 599Understanding the password fi les and password hashes 601Securing the fi lesystem 603Managing dangerous fi lesystem permissions 603Securing the password fi les 604

Locking down the fi lesystem 606Managing software and services 607Updating software packages 607Keeping up with security advisories 607Advanced implementation 608Monitoring Your Systems 608Monitoring log fi les 608Monitoring user accounts 612Detecting counterfeit new accounts and privileges 612Detecting bad account passwords 614Monitoring the fi lesystem 615Verifying software packages 615Scanning the fi lesystem 616Detecting viruses and rootkits 618Auditing and Reviewing Linux 622Conducting compliance reviews 623Conducting security reviews 623Summary 624Exercises 624

Chapter 23: Understanding Advanced Linux Security  . .  627

Implementing Linux Security with Cryptography 627Understanding hashing 628Understanding encryption/decryption 630Understanding cryptographic ciphers 630Understanding cryptographic cipher keys 631Understanding digital signatures 637Implementing Linux cryptography 639Ensuring fi le integrity 639Encrypting a Linux fi lesystem 640Encrypting a Linux directory 642Encrypting a Linux fi le 645Encrypting Linux with miscellaneous tools 645Using Encryption from the Desktop 646Implementing Linux Security with PAM 648Understanding the PAM authentication process 649Understanding PAM contexts 650Understanding PAM control fl ags 651Understanding PAM modules 652Understanding PAM system event confi guration fi les 653Administering PAM on your Linux system 654Managing PAM-aware application confi guration fi les 654Managing PAM system event confi guration fi les 655Implementing resources limits with PAM 657

Enforcing good passwords with PAM 660Encouraging sudo use with PAM 664Locking accounts with PAM 665Obtaining more information on PAM 667Summary 668Exercises 668

Chapter 24: Enhancing Linux Security with SELinux . . .  669

Understanding SELinux Benefi ts 669Understanding How SELinux Works 671Understanding type enforcement 671Understanding multi-level security 672Implementing SELinux security models 673Understanding SELinux operational modes 673Understanding SELinux security contexts 674Understanding SELinux policy types 677Understanding SELinux policy rule packages 678Confi guring SELinux 679Setting the SELinux mode 680Setting the SELinux policy type 682Managing SELinux security contexts 683Managing the user security context 684Managing the fi le security context 684Managing the process security context 685Managing SELinux policy rule packages 686Managing SELinux via booleans 688Monitoring and Troubleshooting SELinux 689Understanding SELinux logging 689Reviewing SELinux messages in the audit log 690Reviewing SELinux messages in the messages log 690Troubleshooting SELinux logging 691Troubleshooting common SELinux problems 692Using a nonstandard directory for a service 692Using a nonstandard port for a service 693Moving fi les and losing security context labels 693Booleans set incorrectly 694Putting It All Together 694Obtaining More Information on SELinux 695Summary 695Exercises 696

Chapter 25: Securing Linux on a Network  . . .  699

Auditing Network Services 699Evaluating access to network services with nmap 701Using nmap to audit your network services advertisements 704

Controlling access to network services 708Working with Firewalls 710Understanding fi rewalls 710Implementing fi rewalls 711Starting with fi rewalld 712Understanding the iptables utility 713Using the iptables utility 716Summary 724Exercises 724

Chapter 26: Using Linux for Cloud Computing  . . .  729

Overview of Linux and Cloud Computing 729Cloud hypervisors (a.k.a compute nodes) 730Cloud controllers 730Cloud storage 731Cloud authentication 731Cloud deployment and confi guration 732Cloud platforms 732Trying Basic Cloud Technology 732Setting Up a Small Cloud 734Confi guring hypervisors 735Step 1: Get Linux software 735Step 2: Check your computers 735Step 3: Install Linux on hypervisors 736Step 4: Start services on the hypervisors 737Step 5: Edit /etc/hosts or set up DNS 738Confi guring storage 738Step 1: Install Linux software 738Step 2: Confi gure NFS share 739Step 3: Start the NFS service 739Step 4: Mount the NFS share on the hypervisors 740Creating virtual machines 740Step 1: Get images to make virtual machines 741Step 2: Check the network bridge 741Step 3: Start Virtual Machine Manager (virt-manager) 741Step 4: Check connection details 742Step 5: Create a new virtual machine 743Managing virtual machines 744Migrating virtual machines 745Step 1: Identify other hypervisors 745Step 2: Migrate running VM to another hypervisor 746Summary 747

Chapter 27: Deploying Linux to the Cloud. . . 749

Getting Linux to Run in a Cloud 749Creating Linux Images for Clouds 751Confi guring and running a cloud-init cloud instance 751Investigating the cloud instance 753Cloning the cloud instance 754Trying an Ubuntu cloud image 756Expanding your cloud-init confi guration 757Adding ssh keys with cloud-init 757Adding network interfaces with cloud-init 758Adding software with cloud-init 758Using cloud-init in enterprise computing 759Using OpenStack to Deploy Cloud Images 760Starting from the OpenStack Dashboard 761Confi guring your OpenStack virtual network 761Confi guring keys for remote access 763Launching a virtual machine in OpenStack 764Accessing the virtual machine via ssh 765Using Amazon EC2 to Deploy Cloud Images 765Summary 766

Appendix A: Media  . . .  771 Appendix B: Exercise Answers . . .  781 Index  . .  839

You can’t learn Linux without using it

I’ve come to that conclusion over more than a decade of teaching people to learn Linux You can’t just read a book; you can’t just listen to a lecture You need someone to guide you and you need to jump in and do it

In 1999, Wiley published my Red Hat Linux Bible The book’s huge success gave me the opportunity

to become a full-time, independent Linux author For about a decade, I wrote dozens of Linux books and explored the best ways to explain Linux from the quiet of my small home offi ce

In 2008, I hit the road I was hired by Red Hat, Inc., as a full-time instructor, teaching Linux to professional system administrators seeking Red Hat Certifi ed Engineer (RHCE) certifi cation In my three years as a Linux instructor, I honed my teaching skills in front of live people whose Linux experience ranged from none to experienced professional

In the previous edition, I turned my teaching experience into text to take a reader from someone who has never used Linux to someone with the skills to become a Linux professional In this edi-

tion, I set out to extend those skills into the cloud The focus of this ninth edition of the Linux Bible can be summed up in these ways:

■ Beginner to certified professional: As long as you have used a computer, mouse, and

keyboard, you can start with this book I tell you how to get Linux, begin using it, step through critical topics, and ultimately excel at administering and securing it

■ System administrator–focused: When you are fi nished with this book, you will know how

to use Linux and how to modify and maintain it All the topics needed to become a Red Hat Certifi ed Engineer are covered in this book That said, many software developers have also used this book to understand how to work on a Linux system as a development platform or target for their applications

■ Emphasis on command-line tools: Although point-and-click interfaces for managing

Linux have improved greatly in recent years, many advanced features can only be utilized

by typing commands and editing confi guration fi les manually I teach you how to become profi cient with the Linux command-line shell and occasionally compare shell features with graphical tools for accomplishing the same tasks

■ Aimed at fewer Linux distributions: In previous editions, I described about 18 different

Linux distributions With only a few notable exceptions, most popular Linux distributions are either Red Hat–based (Red Hat Enterprise Linux, Fedora, CentOS, and so on) or Debian-based (Ubuntu, Linux Mint, KNOPPIX, and so on) Although this book most thoroughly cov-

■ Many, many demos and exercises: Instead of just telling you what Linux does, I

actually show you what it does Then, to make sure you got it, you have the tunity to try exercises yourself Every procedure and exercise has been tested to work in Fedora or Red Hat Enterprise Linux Most work in Ubuntu as well

oppor-■ Lead into cloud technologies: Linux is at the heart of most technological advances

in cloud computing today That means you need a solid understanding of Linux

to work effectively in tomorrow’s data centers Learn Linux basics in the front of this book Then in the last few chapters, I demonstrate how you can try out Linux systems as hypervisors, cloud controllers, and virtual machines, as well as manage virtual networks and networked storage

How This Book Is Organized

The book is organized to enable you to start off at the very beginning with Linux and grow

to become a professional Linux system administrator and power user

Part I, “Getting Started,” includes two chapters designed to help you understand what Linux is and get you started with a Linux desktop:

■ Chapter 1, “Starting with Linux,” covers topics such as what the Linux operating system is, where it comes from, and how to get started using it

■ Chapter 2, “Creating the Perfect Linux Desktop,” provides information on how you can create a desktop system and use some of the most popular desktop features.Part II, “Becoming a Linux Power User,” provides in-depth details on how to use the Linux shell, work with fi lesystems, manipulate text fi les, manage processes, and use shell scripts:

■ Chapter 3, “Using the Shell,” includes information on how to access a shell, run commands, recall commands (using history), and do tab completion The chapter also describes how to use variables, aliases, and man pages (traditional Linux com-mand reference pages)

■ Chapter 4, “Moving around the Filesystem,” includes commands for listing, ing, copying, and moving fi les and directories More advanced topics in this chapter include fi lesystem security, such as fi le ownership, permissions, and access control lists

creat-■ Chapter 5, “Working with Text Files,” includes everything from basic text editors to tools for fi nding fi les and searching for text within fi les

■ Chapter 6, “Managing Running Processes,” describes how to see what processes are running on your system and change those processes Ways of changing processes include killing, pausing, and sending other types of signals

■ Chapter 7, “Writing Simple Shell Scripts,” includes shell commands and functions you can gather together into a fi le to run as a command itself

In Part III, “Becoming a Linux System Administrator,” you learn how to administer Linux systems:

■ Chapter 8, “Learning System Administration,” provides information on basic

graphical tools, commands, and confi guration fi les for administering Linux

systems

■ Chapter 9, “Installing Linux,” covers common installation tasks, such as disk

partitioning and initial software package selection, as well as more advanced

installation tools, such as installing from kickstart fi les

■ Chapter 10, “Getting and Managing Software,” provides an understanding

of how software packages work and how to get and manage software

In Part IV, “Becoming a Linux Server Administrator,” you learn to create powerful network servers and the tools needed to manage them:

■ Chapter 13, “Understanding Server Administration,” covers remote logging,

monitoring tools, and the Linux boot process

■ Chapter 14, “Administering Networking,” discusses how to confi gure networking

■ Chapter 15, “Starting and Stopping Services,” provides information on starting and stopping services

■ Chapter 16, “Confi guring a Print Server,” describes how to confi gure printers to use locally on your Linux system or over the network from other computers

■ Chapter 17, “Confi guring a Web Server,” describes how to confi gure an Apache Web server

■ Chapter 18, “Confi guring an FTP Server,” covers procedures for setting up a vsftpd FTP server that can be used to enable others to download fi les from your Linux system over the network

■ Chapter 19, “Confi guring a Windows File Sharing (Samba) Server,” covers Windows

fi le server confi guration with Samba

■ Chapter 20, “Confi guring an NFS File Server,” describes how to use

Network File System features to share folders of fi les among systems over a

network

■ Chapter 21, “Troubleshooting Linux,” covers popular tools for troubleshooting your Linux system

In Part V, “Learning Linux Security Techniques,” you learn how to secure your Linux tems and services:

sys-■ Chapter 22, “Understanding Basic Linux Security,” covers basic security concepts and techniques

■ Chapter 23, “Understanding Advanced Linux Security,” provides information on using Pluggable Authentication Modules (PAM) and cryptology tools to tighten sys-tem security and authentication

■ Chapter 24, “Enhancing Linux Security with SELinux,” shows you how to enable Security Enhanced Linux (SELinux) to secure system services

■ Chapter 25, “Securing Linux on the Network,” covers network security features, such as firewalld and iptables fi rewalls, to secure system services

Part VI, “Extending Linux into the Cloud,” takes you into cutting-edge cloud technologies:

■ Chapter 26, “Using Linux for Cloud Computing,” introduces concepts of cloud puting in Linux by describing how to set up hypervisors, build virtual machines, and share resources across networks

com-■ Chapter 27, “Deploying Linux to the Cloud,” describes how to deploy Linux images

to different cloud environments, including OpenStack, Amazon EC2, or a local Linux system confi gured for virtualization

Part VII contains two appendixes to help you get the most from your exploration of Linux Appendix A, “Media,” provides guidance on downloading Linux distributions Appendix B,

“Exercise Answers,” provides sample solutions to the exercises included in chapters 2 through 26

Conventions Used in This Book

Throughout the book, special typography indicates code and commands Commands and code are shown in a monospaced font:

This is how code looks

In the event that an example includes both input and output, the monospaced font is still used, but input is presented in bold type to distinguish the two Here’s an example:

$ ftp ftp.handsonhistory.com

Name (home:jake): jake

Password: ******

As for styles in the text:

■ New terms and important words appear in italics when introduced.

■ Keyboard strokes appear like this: Ctrl+A This means to hold the Ctrl key as you also press the letter “a” key

■ Filenames, URLs, and code within the text appear like so: persistence.

properties

The following items call your attention to points that are particularly important

A Note box provides extra information to which you need to pay special attention

A Tip box shows a special way of performing a particular task

A Caution box alerts you to take special care when executing a procedure, or damage to your computer hardware or software could result

Jumping into Linux

If you are new to Linux, you might have vague ideas about what it is and where it came from You may have heard something about it being free (as in cost) or free (as in freedom

to use it as you please) Before you start putting your hands on Linux (which we will do soon enough), Chapter 1 seeks to answer some of your questions about the origins and fea-tures of Linux

Take your time and work through this book to get up to speed on Linux and how you can make it work to meet your needs This is your invitation to jump in and take the fi rst step

to becoming a Linux expert!

Visit the Linux Bible website

To fi nd links to various Linux distributions, tips on gaining Linux certifi cation, and corrections to the book as they become available, go to http://www.wiley.com/go/linuxbible9