Index – Linux Administration: A Beginner's Guide, Eighth Edition, 8th Edition

Index

A

A and AAAA (Address) DNS records, 371

a2dismod command, 412

a2dissite command, 415–416

a2enmod command, 412

a2ensite command, 415–416

abbreviations for commands, 276

accept command for printer jobs, 569

access permissions, 123–125

account modules, 127

ACK flags in TCP connections, 250–252

acknowledgment numbers in TCP headers, 248

action field in rsyslog.conf, 193–194

Active Directory (AD), 12–13

active FTP mode, 390

Address (A and AAAA) DNS records, 371

Address of Record (AoR) section in Asterisk, 454

Address Resolution Protocol (ARP), 253–255

adept tool, 102

Advanced Maryland Automatic Network Disk Archiver (AMANDA) system, 609

Advanced Packaging Tool (APT)

Apache installation, 406

overview, 99

Postfix server, 423

Samba installation, 518

AF_INET sockets, 177

AF_LOCAL sockets, 177

AF_UNIX sockets, 177

aggressive parallelization, 176

Alias option for Apache web server, 415

aliasing IP addresses, 277–278

AMANDA (Advanced Maryland Automatic Network Disk Archiver) system, 609

Amazon Machine Image (AMI) identifiers, 295

Amazon Web Services (AWS)

overview, 42–43

VPCs, 292–295

ampersand (&) symbols for multiple commands, 53

Analog Telephone Adapter (ATA), 448

anchor points, 25

AND operation in netmasks, 257–258

anonymous FTP access, 395

anonymous-only FTP servers, 396–397

anycast addresses

domains, 357

IPv6, 269

AoR (Address of Record) section in Asterisk, 454

Apache web server, 403

configuring, 409–416

HTTP, 403–405

installing, 406–409

modules, 406–407

process ownership, 405

starting up and shutting down, 407–408

troubleshooting, 416–417

AppArmor security model, 336

application programming interface (API), 42

application programming interface (API) file systems, 221

cgroupsfs, 229–230

/proc directory, 221–227

SysFS, 227–228

tmpfs file system, 231

applying patches, 216–217

APT (Advanced Packaging Tool)

Apache installation, 406

overview, 99

Postfix server, 423

Samba installation, 518

apt-cache tool, 99

apt-get tool, 99–101

aptitude tool, 102

archives, tape, 66–68

ARP (Address Resolution Protocol), 253–255

arptables tool, 300

associate-route-table command, 294

Asterisk software, 451

configuration files and structure, 453–459

firewalls, 459–460

installing, 451–452

maintaining and troubleshooting, 475–478

starting and stopping, 452

asterisks (*) for filename expansion, 52

asynchronous replication, 536

ATA (Analog Telephone Adapter), 448

attach-internet-gateway command, 293

attacks, handling, 348–349

attributes

groups, 134

LDAP, 544

users, 133–134

auth logging facility, 190

auth_mechanisms option in Dovecot, 435, 438

auth modules, 127

Auth section in Asterisk, 454–455

authentication

Dovecot, 432, 438

OpenLDAP, 555–558

Windows server, 526–529

authoritative parameter in DHCP, 577

authoritative servers in DNS, 361

authorize-security-group-ingress command, 295

authpriv logging facility, 190

authselect utility

OpenLDAP, 557–558

Samba, 528

autocompletion of commands, 276

autogen.sh script, 109

automated monitoring, 338

availability

mail services, 445

server design, 16–17

virtualization, 584

AWS (Amazon Web Services)

overview, 42–43

VPCs, 292–295

aws tool, 43

aws-cli tool, 43

az tool, 43

Azure component, 43

B

B-tree file system (Btrfs) file system, 158–159

backgrounding tasks, 48–49

backslash (\) characters for escaping, 52

backticks (`) for text execution, 53–54

BackupPC systems, 609

backups, 599

amount of data, 600

command-line tools, 605–609

data deduplication, 602

hardware and media, 600–601

miscellaneous solutions, 609

needs for, 599–604

network throughput, 601

speed and ease of data recovery, 601–602

tape management, 603–605

Bacula systems, 609

bandwidth, monitoring, 348

base chains in Netfilter, 304

Bash package, 87–88

Bash shell, 48

environment variables, 49–51

job control, 48–49

multiple commands, 53

pipes, 51

redirection, 52

text execution, 53–54

.bashrc file, 115

Basic Input/Output System (BIOS), UEFI replacement for, 24

battery backups for servers, 16–17

bg command, 507

bidirectional TCP connections, 240

Big Iron file systems, 159

bind package, 364

BIND software

configuration file, 364–367

database files, 374–379

DNS servers, 362–363

bind-utils package, 364

binding interfaces, 344–345

BIOS (Basic Input/Output System), UEFI replacement for, 24

blivet-gui tool, 172

blkid command, 143, 163

block devices, 57

blocks in file systems, 156–157

boot disks in GRUB 2, 143–144

/boot/efi partition, 24

/boot/grub/grub.conf file, 214

/boot/grub2/grub.cfg file, 214

boot loaders

bootstrapping, 144–145

description, 137

GRUB, 138–144

systemd scripts, 145–149

/boot partition

creating, 27

description, 24

booting

Apache web server startup, 408

kernel, 144–145, 214–215

NIC setup at, 278

recovery mode, 152

Bourne Again Shell (Bash). See Bash shell

bricks in DFS, 535

broken source code, 109

BSD license, 6

BugTraq mailing lists, 338

build problems in source packages, 108–109

bundles, 83

bzip2 tool, 65

C

caching servers in DNS, 361–362

caching zones in named.conf file, 369

Canonical Name (CNAME) DNS records, 373

capacity in partition information, 26

carbon footprint and virtualization, 583

carpald.sh script, 147–151

case-sensitivity, 58

cat program, 68–69

CD/DVD drives for Fedora installation, 19

CentOS

hostname configuration, 296

NFS, 500–501

NIC setup, 278–280

PAM modules, 126

Postfix server installation, 422–423

RPM, 84

XFS file system, 159

Ceph system, 535

certificates in SSL, 442

cfdisk utility, 168

cgroup-bin package, 229

cgroups (control groups)

resource management, 229, 331

systemd manager, 176–177

cgroupsfs, 229–230

chains for firewalls

example, 322–323

managing, 310–311

types, 303–306

channel request commands in Asterisk, 476

character devices, 57–58

checksums

Ethernet, 239

IP headers, 245

TCP headers, 247

UDP headers, 250

chgrp command, 59

chkconfig utility

Apache web server startup, 408

Postfix server, 422

service shutdown, 346–347

xinetd services, 187

chmod command, 59–61, 124

choke points in NAT, 301

chown command, 58–59

chroot environments, 333–335

CIDR (classless interdomain routing), 258

classes

CUPS, 560

IP addresses, 255–256

classless interdomain routing (CIDR), 258

cleaning up package installation, 107–108

client/server model

FTP, 389–390

LDAP, 543

clients

DHCP daemon, 581–582

DNS, 383–386

Docker, 595

NFS, 506–510

OpenLDAP, 552–554, 557–558

printing tools, 570–571

SSH, 482–483

TCP connections, 250–252

Closest Mirror option, 22

closing TCP connections, 252–253

cloud

network configuration, 288–289

virtualization, 584

cloud server deployment, 39

commercial cloud service providers, 41–43

free-to-run virtual Linux servers, 40–41

CNAME (Canonical Name) DNS records, 373

codecs for VoIP, 450

colons (:) in IPv6 addresses, 268

command line, 47

Asterisk, 475–476

backups, 605–609

Bash, 48–52

documentation tools, 54–56

editors, 70–72

file characteristics, 56–61

file manipulation, 61–69

miscellaneous tools, 72–76

printer tools, 567–568

shortcuts, 52–54

user management, 118–122

commands

autocompletion, 276

entering, 85–86

location, 69

multiple, 53

commas (,) in permissions, 60

comments in named.conf file, 365

commercial cloud service providers, 41–43

commercial distributions, 4

Common UNIX Printing System (CUPS), 559

administration, 568–570

configuring, 562–563

installing, 561

printers, adding, 563

printers, command-line tools, 567–568

printers, default, 568

printers, jobs, 568–569

printers, local and remote, 564–565

printers, Web interface, 565–567, 569–570

running, 560

compatibility of IPv6, 269

compiling

BIND software, 363

kernel, 211–212

OpenSSH, 485

source packages, 106–107

compressing files, 64–65

concatenating files, 68–69

.config file, 207

configuration information in Registry vs. text files, 12

configure scripts

missing, 109

packages, 105–106

Connection State Match option for kernel, 307

connections

NAT, 302–303

network device configuration, 273–277

TCP, closing, 252–253

TCP, data transfer, 251–252

TCP, opening, 250–251

connectivity in mail services, 443–444

containerization in virtualization, 585, 594–598

contexts in dialplans, 457

control_flag entry, 129–130

control groups (cgroups)

resource management, 229, 331

systemd manager, 176–177

control ports in FTP, 390

copying files, 62

core commands in Asterisk, 476

core system services, 175

cron program, 197–199

logging daemon, 187–197

systemd, 175–181

xinetd, 181–187

cost savings from virtualization, 583

cp command, 62

cps variable in /etc/xinetd.conf file, 185

create-internet-gateway command, 293

create-route command, 294

create-route-table command, 293

create-security-group command, 295

create-vpc command, 293

cron logging facility, 190

cron program, 197–199

crontab tool, 197–199

cross-mounting disks in NFS, 508

cross-platform support in virtualization, 584

CUPS. See Common UNIX Printing System (CUPS)

cupsd.conf file, 562–564

cupsdisable command, 568

cupsenable command, 568

Cygwin client, 483

D

DAC (Discretionary Access Control) model, 335–336

Daemon entry in vsftpd, 393

daemon logging facility, 190

DATA command in SMTP, 421

data deduplication for backups, 602

data ports in FTP, 390

data recovery from backups, 601–602

data transfer in TCP connections, 251–252

database files in BIND, 374–379

date command, 117

date settings in Fedora installation, 21

dd command, 138

.deb files, 99

Debian distribution, 3–4

GUI package managers, 102

hostname configuration, 296

KVM setup, 591–593

NFS, 501

NIC setup, 280–281

Debian Package Management System (DPMS)

APT toolset, 99

description, 83, 99

debugging PAMs, 131

declarations in DHCP, 576–577

deduplication for backups, 602

default-lease-time parameter in DHCP, 577

default printers, 568

default routes

ARP, 254

network hosts, 285

defragmentation for file systems, 158

deleting

files and directories, 66

IP addresses, 275, 277

OpenLDAP entries, 545, 555

print jobs, 571

printers, 568

routes, 286

sed text, 72

users and groups, 134–135

demilitarized zones (DMZs) in NAT, 301

depmod command, 214

describe-instances command, 295

describe-route-tables command, 294

describe-subnets command, 294

Desired Capacity field in partition information, 26

destination addresses

Ethernet headers, 241–242

IP headers, 245–246

Destination NAT (DNAT), 301

destination ports in TCP/IP, 342

/dev/null device, 68

/dev/scsi directory, 604

/dev/XYZ pattern, 26

Device Type field for partition information, 26

devices

block, 57

character, 57–58

partition information, 26

units, 178

df command, 73, 338

DFS (Distributed File Systems), 531

implementations, 534–540

overview, 531–534

terminology, 535–536

dhclient daemon, 581–582

DHCP. See Dynamic Host Configuration Protocol (DHCP)

dhcpd.conf file, 575–581

dhcpd daemon, 574, 581

dhcpd.leases file, 581

dialplan show command, 476

dialplans

PBX configuration, 463–464

Twilio Elastic SIP Trunks, 473–474

VoIP, 457

Differentiated Services Code Point (DSCP) field in IP headers, 244

dig (domain information gopher) tool, 380–381

directories

creating, 65

LDAP, 542, 553–555

overview, 56

removing, 66

users, 114

working, 66

Directory entry

users, 114

vsftpd, 394

directory information tree (DIT) in LDAP, 542

Dirvish systems, 609

disable_plaintext_auth option in Dovecot, 435

disable variable in /etc/xinetd.conf file, 184

disabling

Apache modules, 412

echo, 186–187

Network Manager, 282

printers, 568

SELinux, 452

services, 150–151, 346

disconnected mode for mail, 431

Discretionary Access Control (DAC) model, 335–336

disks

adding, 165–166

free space, 73

layout, 169–170

monitoring, 338

mounting and unmounting, 159–163

partitions, 165–166

utilization information, 72–73

displaying

files, 69

routes, 287

distinguished names (DNs) in LDAP, 542

Distributed File Systems (DFS), 531

implementations, 534–540

overview, 531–534

terminology, 535–536

distributions overview, 3–4

DIT (directory information tree) in LDAP, 542

dmesg command, 165

DMZs (demilitarized zones) in NAT, 301

DNAT (Destination NAT), 301

dnf package manager, 96–97

Apache web server, 406

Dovecot, 432–433

OpenLDAP, 545

Postfix server, 422–423

RPM installation, 89–91

DNS. See Domain Name System (DNS)

DNs (distinguished names) in LDAP, 542

docker command, 597

Docker tool

containers, 594–598

images, 596

installing, 595–596

virtualization, 585

dockerfile file, 595

documentation

command-line tools, 54–56

source packages, 104–105

DocumentRoot option for Apache web server, 411

domain information gopher (dig) tool, 380–381

Domain Name System (DNS), 355

BIND database files, 374–379

client configuration, 383–386

description, 12

domain and host naming conventions, 356–358

hosts file, 356

in-addr.arpa domain, 360

record types, 369–373

server configuration, 367–369

server installation, 362–367

server setup, 374–379

server types, 361–362

subdomains, 358–359

tools, 379–383

troubleshooting, 266–267

domains

description, 12–13

naming conventions, 356

root, 357

second-level, 358

subdomains, 358–359

third-level, 358

top-level, 357

Xen, 586

doveadm tool, 439

doveconf utility, 434–438

dovecot.conf file, 434

Dovecot software

configuring, 434–438

installing, 432–433

overview, 431–432

running, 439

services and modules, 441

downloading

BIND software, 363

Fedora, 19

kernel source code, 203–204

OpenSSH, 484–485

patches, 216–218

software, 89–92

Ubuntu, 32

virtual machines, 40–41

downstream components, 6–7

dpkg application

DHCP installation, 575

overview, 99–100

DPMS (Debian Package Management System)

APT toolset, 99

description, 83, 99

drivers

Dovecot, 436

kernel modules, 210

DSCP (Differentiated Services Code Point) field in IP headers, 244

dselect tool, 102

du command, 72–73

dump tool for backups, 605–607

dumpfiles, reading and writing, 265

dynamic-bootp keyword in DHCP, 577

Dynamic Host Configuration Protocol (DHCP), 573

client daemon, 581–582

configuring, 575–582

Fedora installation, 30

installing, 574–575

ISC, 362

mechanics, 573–574

server installation, 18

servers, 574–581

starting and stopping, 581

dynamic routing IP addresses, 260–264

E

E.164 telecommunication numbering plan, 473

e-mail

IMAP. See Internet Message Access Protocol (IMAP)

POP. See Post Office Protocol (POP)

SMTP. See Simple Mail Transfer Protocol (SMTP)

ebtables tool, 300

EC2 (Elastic Compute Cloud), 42–43

Echo-Request packets, 241

echo service, 71

appending text with, 174

enabling and disabling, 186–187

example entry, 186

ECN (Explicit Congestion Notification) field in IP headers, 244

editors, 70–71

EFI system partition (ESP), 24

Elastic Compute Cloud (EC2), 42–43

emacs editor, 70–71

emergency power for servers, 16–17

enabling

Apache modules, 412

echo service, 186–187

Netfilter, 306–307

NFS, 500–501

printers, 568

services, 150

encryption

passwords, 113

public key cryptography, 479–481

Samba, 516–517

Endpoint section in Asterisk, 455–456

entities, 111

enumerated /proc entries, 223–225

environment variables

Bash shell, 49–51

as parameters, 53

environmental considerations in server installation, 15–16

equal-cost multipath in OSPF, 264

equal signs (=) in permissions, 60

ErrorLog option in Apache web server, 414

ESP (EFI system partition), 24

/etc/aliases file, 427

/etc/apache2/apache2.conf file, 410

/etc/apache2/sites-available directory, 416

/etc/asterisk/extensions.conf file, 457, 463, 473–474

/etc/asterisk/pjsip.conf file, 461–463, 471–473

/etc/asterisk/rtp.conf file, 459

/etc/cgconfig.conf file, 230

/etc/cron.allow file, 197

/etc/cron.deny file, 197

/etc/cups directory, 562

/etc/dhcp directory, 575

/etc directory, 12

/etc/dovecot/conf.d/10-mail.conf file, 437

/etc/dovecot/conf.d directory, 441

/etc/dumpdates file, 605

/etc/exports file, 503–506

/etc/firewalld file, 317

/etc/fstab file, 151, 162–163, 173, 231

/etc/group file, 117–118, 121

/etc/grub.d directory, 140

/etc/HOSTNAME file, 296

/etc/hosts file, 356

/etc/httpd/conf.d/welcome.conf file, 409

/etc/httpd/conf directory, 410

/etc/init.d directory, 346–347

/etc/inittab file, 145, 180

/etc/ld.so.conf.d directory, 109

/etc/ld.so.conf file, 109

/etc/modprobe.d directory, 272

/etc/named.rfc1912.zones file, 369

/etc/network/interfaces file, 280–281

/etc/nslcd.conf file, 547

/etc/nsswitch.conf file, 385–386, 527–528

/etc/openldap/ldap.conf file, 552

/etc/openldap/slapd.conf file, 548–551

/etc/pam.d directory, 127

/etc/pam.d/other file, 131

/etc/passwd file, 112

Directory field, 114

GECOS field, 114

GID field, 114

Password field, 113

Shell field, 116

UID field, 113–114

Username field, 113

/etc/pki/dovecot/ dovecot-openssl.cnf file, 438

/etc/postfix directory, 423

/etc/resolv.conf file, 384–385

/etc/rndc.conf file, 383

/etc/rsyslog.conf file, 189–190

format, 190–191

mail logs, 427

rules, 192–194

sample, 194–195

/etc/samba/smb.conf file, 519–520, 527

/etc/security directory, 127

/etc/security/limits.conf file, 330–332

/etc/services file, 344

/etc/shadow file, 116–117

/etc/shells file, 116

/etc/ssh/ssh_config file, 487–488, 493

/etc/sssd/sssd.conf file, 547

/etc/sysconfig/docker file, 595

/etc/sysconfig/network file, 285, 296

/etc/sysconfig/network-scripts directory, 275, 278–279

/etc/systemd/network directory, 281

/etc/systemd/resolved.conf file, 386

/etc/vsftpd.conf file, 392

/etc/vsftpd/vsftpd.conf file, 392, 396–397, 399

/etc/xinetd.conf file

attributes, 183–185

format, 182–183

/etc/xinetd.d directory, 346

/etc/xinetd.d/echo file, 187

Ethernet cards in Fedora installation, 30

Ethernet headers, 241–243

Ethernet layer in TCP/IP, 239

events in upstart daemon, 180

everyone permissions, 123

Execute permission, 123

executing kernel, 144–145

exit command, 80

expansion of filenames, 52–53

Explicit Congestion Notification (ECN) field in IP headers, 244

export command, 50–51

exportfs command, 504–505

ext4 (fourth extended file system), 157

extended instructions in virtualization, 584

Extensible Markup Language (XML), 240–241

Extensible Messaging and Presence Protocol (XMPP), 449

extensions, PBX, 461

extensions.conf file, 457, 463–464

extents

file systems, 158

volumes, 166

external IP addresses, 289

EXTRAVERSION variable for kernel, 211

F

F Virtual Window Manager (FVWM), 11

facilities in log messages, 188–190

fault tolerance in DFS, 535–536

fdisk utility, 168

Fedora, 6

GUI package manager, 97–98

hostname configuration, 296

NFS, 500–501

NIC setup, 278–280

PAM modules, 126

Postfix server installation, 422–423

Fedora installation, 18

localization settings, 21

process, 31–32

project prerequisites, 19

Settings section, 30–31

software settings, 21–22

starting, 20

system settings, 22–30

fg command, 49

FHS (Filesystem Hierarchy Standard), 6–7

file handles in NFS, 509

file systems, 155

adding disks, 165–166

components, 155–159

creating, 172–174

diagnosing and repairing, 163

GRUB 2, 139

layouts, 24–25

managing, 159–165

partition information, 26

Ubuntu installation, 34–36

volume management, 166–172

File Transfer Protocol (FTP), 389

mechanics, 389–390

server installation, 17

sftp program, 493

vsftpd. See Very Secure FTP Daemon (vsftpd) program and package

filename expansion, 52–53

filename parameter in DHCP, 577

files

characteristics, 56–61

command-line manipulation, 61–69

compressing, 64–65

concatenating, 68–69

copying, 62

displaying, 69

finding, 63–64

groups, 59

linking, 63

listing, 58

modes, 59–61

moving, 62–63

ownership, 58–59

PAMs, 126–127

redirection, 52

removing, 66

size, 158

Filesystem Hierarchy Standard (FHS), 6–7

Filetransfer entry in vsftpd, 394

FileZilla client, 483

filter tables in Netfilter, 300

filters, printing, 560

FIN packets in TCP connections, 252

find command, 63–64

finding files, 63–64

firewall-cmd command

Asterisk, 459

NFS, 506

firewalld manager, 317–320

firewalls, 299

Asterisk, 459–460

cloud, 289

iptables command, 322–324

Netfilter. See Netfilter firewall

fixed-address parameter in DHCP, 577

flags field

IP headers, 244

TCP headers, 247

flows in NAT, 301

fork bombs, 331–332

FORWARD chains in Netfilter, 305

forward references in zone files, 368

forward resolution in DNS, 360

FOSS (Free and Open Source Software), 3–4

mail servers, 431

SMTP, 420

standards, 7

fourth extended file system (ext4), 157

FQDNs (fully qualified domain names), 356–357

fragment offset field in IP headers, 244

frames in TCP/IP, 236

Free and Open Source Software (FOSS), 3–4

mail servers, 431

SMTP, 420

standards, 7

free space on disks, 73

free-to-run virtual Linux servers in server cloud deployment, 40–41

freemium model, 4

fsck tool, 151, 163–164

FTP. See File Transfer Protocol (FTP)

Full NAT option in kernel, 307

full virtualization, 584

fully qualified domain names (FQDNs), 356–357

fuser program, 161

FVWM (F Virtual Window Manager), 11

G

G.711 codec, 450

G.722 codec, 450

G.729A codec, 450

Gates, Bill, 9

GCC (GNU Compiler Collection), 86

gcc package installation, 91–92

GCE (Google Compute Engine), 43

gcloud tool, 43

GCP (Google Cloud Platform), 43

GECOS field for users, 114

GET command in HTTP, 404

get-lease-hostnames parameter in DHCP, 578

Ghostscript interpreter, 560

GID field in users, 114

GIDs (group IDs), 111, 117, 510

Git system, 219

gluster command, 539

glusterd daemon, 537–538

GlusterFS system, 534, 536–540

gnome-control-center system applet, 122

gnome-disks command, 172

gnome-terminal emulator, 86

GNOME window manager

description, 11

Fedora, 85, 97

terminal emulators, 86

virtual terminals, 47

GNU Compiler Collection (GCC), 86

GNU Public License (GPL), 6

GNU systems, 5–6, 103

encryption, 113

PAM modules, 131

source packages, 103–108

tape archive, 66

texinfo system, 56

vi editor, 70

Google Cloud Platform (GCP), 43

Google Compute Engine (GCE), 43

GPL (GNU Public License), 6

graphical.target target, 330

graphical user interface (GUI)

entering commands in, 85–86

limitations, 47

package managers, 97–98, 102

performance, 16

separation from kernel, 10–11

user managers, 122–123

greater-than symbols (>) for redirection, 52

grep utility

pipes, 51

redirection, 52

group declarations in DHCP, 576

group IDs (GIDs), 111, 117, 510

Group option in Apache web server, 413

group variable in /etc/xinetd.conf file, 184

groupadd command, 121, 133

groupdel command, 121, 134–135

groupmod command, 122, 134

groups

adding, 121, 133

control, 229–231

files, 59

identifiers, 111

modifying, 122

permissions, 59–60, 123

removing, 121, 134–135

security, 294–295

systemd manager, 176–177

users, 114

volumes, 170

GRUB boot loaders, 138

conventions, 138

GRUB 2, 139–144

grub.cfg file, 139–141

grub-install script, 138

grub2-install utility, 144

grub2-mkconfig command, 140

GSM codec, 450

guest OS in virtualization, 584

GUI. See graphical user interface (GUI)

gutenprintcups RPM package, 566

gzip utility, 64–65

H

H.323 protocol, 449

hard command in NFS, 507

hard links, 57

hard mounts in NFS, 508

hardphones, 448

hardware

backups, 600–601

server considerations, 15–16

hardware compatibility lists (HCLs), 15

hardware parameter in DHCP, 578

hardware virtual machines (HVMs), 584

HCLs (hardware compatibility lists), 15

head command, 73

headers

HTTP, 404

processes, 74–75

TCP/IP, 236, 241

TCP/IP, Ethernet, 241–243

TCP/IP, IP, 243–246

TCP/IP, TCP, 246–249

TCP/IP, UDP, 249–250

hello package, 103–108

HELO command in SMTP, 420

high-volume server issues, 227

home directories

moving, 78–80

NFS, 512

users, 114

/home partition, 25, 115

host declarations in DHCP, 576

host OS in virtualization, 584

host tool for DNS, 379–380

hostnamectl tool, 296–297

hostnames, configuring, 29–30, 295–297

hosts

Docker, 595

IP addresses, 255–256

naming conventions, 356

hosts.txt file, 355

httpd-*.rpm package, 406

HVMs (hardware virtual machines), 584

Hyper-V virtualization, 585

Hypertext Transfer Protocol (HTTP), 403

headers, 404

ports, 405

process ownership, 405

server installation, 17

TCP/IP layer, 240–241

hypervisors, 584

hyphens (-) in permissions, 59

I

i-nodes

file systems, 155–156

hard links, 57

ICMP (Internet Control Message Protocol)

description, 241

Netfilter firewall, 318

ICMP Time Exceeded message, 244

id variable in /etc/xinetd.conf file, 184

identification field in IP headers, 244

Identify section in Asterisk, 455

ifconfig program, 273–275

ifup command, 281

IGs (internet gateways), 293–294

IHL (Internet Header Length) field in IP headers, 244

iLBC (Internet Low Bitrate Codec), 450

images

Docker, 595–596

GRUB 2, 139

server installation, 18–19

Ubuntu installation, 32–33

IMAP. See Internet Message Access Protocol (IMAP)

imap-login service section, 441

in-addr.arpa domain, 360

Include option for Apache web server, 413

include statement in named.conf file, 365

indirection, i-nodes for, 156

inet_protocols option for Postfix, 425

inetd program, 346

info command, 56

information queries in RPM, 86–88

init command

kernel execution, 144–145

legacy notes, 179–180

initctl command, 181

initial RAM disk in GRUB 2, 141

initramfs file in kernel installation, 215

initramfs option in GRUB, 141

initrd option, 141

INPUT chains in Netfilter, 305

INSTALL files, 104–105

Installation Destination option in Fedora installation, 23

installing

Apache web server, 406–409

Asterisk, 451–452

BIND software, 363

CUPS, 561

DHCP, 574–575

DNS servers, 362–367

Docker, 595–596

Dovecot, 432–433

GlusterFS, 537

kernel, 212–214

Netfilter firewall, 306–308

OpenLDAP, 545–546

OpenSSH, 483–486

Postfix server, 422–423

Samba, 518

server. See server installation

snap apps, 108

software, 89–92, 100–101

source packages, 106–107

X-Lite softphones, 464

instances variable in /etc/xinetd.conf file, 184

interface variable in /etc/xinetd.conf file, 185

interfaces

binding, 344–345

iptables command, 313

Internet Control Message Protocol (ICMP)

description, 241

Netfilter firewall, 318

internet gateways (IGs), 293–294

Internet Header Length (IHL) field in IP headers, 244

Internet Low Bitrate Codec (iLBC), 450

Internet Message Access Protocol (IMAP), 429–431

basics, 431

checking, 440–441

connectivity, 443–444

Dovecot, 431–439

Internet Printing Protocol (IPP), 564

Internet Systems Consortium (ISC), 362–363

Internet telephony service provider (ITSP), 467

intr command, 507–508

IP addresses. See also TCP/IP (Transmission Control Protocol/Internet Protocol)

aliasing, 277–278

cloud, 288–289

configuring, 274–276

DHCP. See Dynamic Host Configuration Protocol (DHCP)

DNS. See Domain Name System (DNS)

dynamic routing, 260–264

headers, 243–246

hosts and networks, 255–256

iptables command, 312

IPv6, 268–270

NAT, 301–303

netmasks, 257–258

network configuration, 28–30

port numbers, 341–342

static routing, 258–260

subnetting, 256–257

Twilio Elastic SIP Trunks, 471

IP layer in TCP/IP, 239

IP phones, 448

ip utility for network device configuration, 272–277

ip6tables tool, 300

IPMI protocol, 18

IPP (Internet Printing Protocol), 564

iproute package, 272, 278, 288

iproute2 package, 272

iptables

chains, 303, 310–311

description, 310

firewalls, 322–324

NAT, 320–321

Netfilter, 300

Netfilter firewall, 306

rule-specification, 312–317

iptables-save command, 320

IPv6 addresses, 268–270, 276–277

ISC (Internet Systems Consortium), 362–363

ISO images

Fedora installation, 19

Ubuntu installation, 32–33

ITSP (Internet telephony service provider), 467

J

jitter in VoIP, 477

jobs

Bash shell, 48–49

printer, 559, 568–569

upstart daemon, 180–181

joe editor, 71

journalctl tool

Apache web server, 417

logging data, 195–197

journald daemon, 195

journaling

examples, 195–197

file systems, 157–158

K

kern logging facility, 190

kernel

booting, 214–215

building, 204–205

compiling, 211–212

configuring, 205–210

description, 3

differences, 4–5

executing, 144–145

forms, 10

GUI separation from, 10–11

installing, 212–214

loading, 144

modules, 210

Netfilter, 307–308

NFS support, 502–503

overview, 201–203

patching, 216–219

source code, 203–204

upgrades, 205

versions, 203–204

kernel-based virtual machine (KVM)

example, 587–590

managing, 590–591

overview, 585–587

setting up, 591–593

kernel-install command, 214

keyboard settings in Fedora installation, 21

keys

public key cryptography, 479–481

SSL, 442

killing processes, 75–76

konsole emulator, 86

Kubuntu hostname configuration, 296

KVM. See kernel-based virtual machine (KVM)

kvm-amd module, 592

kvm command, 592–593

kvm-intel module, 592

L

languages in Fedora installation, 20–21

latency in VoIP, 477

layers in TCP/IP, 235

Ethernet, 239

HTTP, SSL, and XML, 240–241

IP, 239

packets, 236–238

Physical, 238

TCP and UDP, 239–240

LD_LIBRARY_PATH environment variable, 109

LDAP Data Interchange Format (LDIF), 544, 553–554

ldapadd utility, 554

ldapdelete utility, 555

ldapsearch utility, 554–555

ldconfig command, 109

ldd command, 333–335

LDIF (LDAP Data Interchange Format), 544, 553–554

leases in DHCP, 574

length field in TCP headers, 249

less command, 69

less-than signs (<) for redirection, 52

/lib/security directory, 126

/lib/systemd/network directory, 281

/lib64/security directory, 126

libcgroup package, 229

libcgroup-tools package, 229

libdb-utils package, 398

libnss_ldap library, 547

libnss_winbind library, 527

library problems, 108–109

libvirtd service, 588

Lightweight Directory Access Protocol (LDAP), 541

basics, 541–542

client/server model, 543

directories, 542

OpenLDAP, 544–554

terminology, 543–544

uses, 543

Lightweight X11 Desktop Environment (LXDE), 11

limited resources, 330–332

limits module, 315

Line Printer Daemon (LPD), 565

link-local routes, 285

links

files, 63

hard, 57

symbolic, 57

Linode, 42

Linux Security Modules (LSM) framework, 336

Linux Standard Base (LSB) specification, 6–7

Listen option

Apache web server, 410

Dovecot, 435–436

listing

files, 58

logged in users, 77

processes, 73–75

live operating system environments for server installation, 18

ln command, 63

loading kernel, 144

LoadModule option in Apache web server, 412

local disks, mounting and unmounting, 159–163

local extensions in PBX, 461

local logging facilities, 190

local printers, adding, 564–565

local security, 325–326

limited resources, 330–332

nonhuman user accounts, 330

risk mitigation, 332–336

risk sources, 326–329

runlevels, 330

system monitoring, 337–338

local user logins in vsftpd, 395

localization settings in Fedora installation, 21

locating commands, 69

log_on_success variable in /etc/xinetd.conf file, 185

LOG Target Support option in kernel, 307

log_type_from variable in /etc/xinetd.conf file, 185

logged in users, listing, 77

logger command, 188

logging daemon, 187–197

Logging entry in vsftpd, 394

logging statement in named.conf file, 365–366

Logical Volume Management (LVM)

description, 166

partitions, 27–28

logical volumes (LVs)

creating, 168, 171–172

description, 166–167

login command in IMAP, 440

.login file, 115

login processes

Dovecot, 432

Fedora, 31–32

LogLevel option in Apache web server, 414

logout command in IMAP, 441

logrotate program, 337

logs

local security, 337

mail services, 445

parsing, 347

Postfix server, 427–428

storing entries, 347–348

logs directory for error files, 416

Long Term Support (LTS) release in Ubuntu, 32

loopback addresses, 256

loopback routes, 285

lost+found directory, 164–165

lpadmin command, 567–569

LPD (Line Printer Daemon), 565

lpinfo command, 567

lpq command, 571

lpr command, 570

lpr logging facility, 190

lprm command, 571

lpstat utility, 567, 569

ls command, 58

LSB (Linux Standard Base) specification, 6–7

lsb_release command, 77

lshw command, 205

lsinitrd command, 215

LSM (Linux Security Modules) framework, 336

lsof program, 161

lspci command, 205

lssubsys utility, 229

LTS (Long Term Support) release in Ubuntu, 32

Lustre system, 534

lvcreate command, 169

lvdisplay command, 169

LVM (Logical Volume Management)

description, 166

partitions, 27–28

LVs (logical volumes)

creating, 168, 171–172

description, 166–167

LXDE (Lightweight X11 Desktop Environment), 11

lynx application

installing, 89–90

uninstalling, 93

M

MAC addresses. See Media Access Control (MAC) addresses

MAC (Mandatory Access Control) model, 336

mail_access_groups option in Dovecot, 437–438

mail access protocols, 429

mail delivery agents (MDAs), 422

Mail Exchanger (MX) DNS records, 372–373

MAIL FROM: command in SMTP, 420

mail_location option in Dovecot, 435, 437

mail logging facility, 190

mail processes in Dovecot, 432

mail queues in Postfix server, 427

mail services

availability, 445

IMAP. See Internet Message Access Protocol (IMAP)

logs, 445

POP. See Post Office Protocol (POP)

SMTP. See Simple Mail Transfer Protocol (SMTP)

SSL/TLS security, 442–444

mail_spool_directory option in Postfix, 424–425

mail spools in NFS, 512

mail transport agents (MTAs), 421

mail user agents (MUAs), 421

mailing lists in local security, 338

mailq command, 427

mailx mail user agent, 427

main.cf file, 423–425

mainline kernels, 203

major kernel versions for patches, 216

major numbers for block devices, 57

make tool

kernel compilation, 211–212

package compilation, 106–107

makefiles

kernel, 205

targets, 205–206

man command, 55–56

Mandatory Access Control (MAC) model, 336

mangle tables in Netfilter, 300, 304, 306

manifests in netplan, 283

MANs (metro area networks), 239

Manual Partitioning screen in Fedora installation, 23–24

manual storage configuration overview, 24

mapped addresses in IPv6, 269

mark logging facility, 190

MASQUERADE Target Support option for kernel, 307

Masquerading in NAT, 301

Master Boot Record (MBR), 137–138

master.cf file, 423

master processes in Dovecot, 432

Match feature in iptables command, 314–317

max-lease-time parameter in DHCP, 578

Maximum Segment Size (MSS) value in TCP connections, 250

maximum transmission unit (MTU) in IP headers, 244

MaxRequestWorkers option in Apache web server, 412

mbox format, 429

MBR (Master Boot Record), 137–138

MDAs (mail delivery agents), 422

Media Access Control (MAC) addresses

ARP, 254

DHCP declarations, 578

Ethernet headers, 241–243

static routing, 258

media for backups, 600–601

Media Gateway Control Protocol (MGCP), 449

media images in server installation, 18

media protocols for VoIP, 450

media verification step in Fedora installation, 20

members in groups, 117

meta-packages, 101

metadata in DFS, 535

methods in HTTP, 404

metro area networks (MANs), 239

MGCP (Media Gateway Control Protocol), 449

micro-kernels, 10

Microsoft DFS (MS-DFS) system, 534

migration scripts in OpenLDAP, 556

MindTerm client for SSH, 483

minicom package, 348

minor numbers for block devices, 57

minus signs (−) in permissions, 60

mirrors

kernel, 203

server installation, 19

Ubuntu installation, 34

missing configure scripts, 109

mkcert.sh script, 438

mkdir command, 65

mkfs.xfs tool, 172–173

mkinitramfs command, 214

mknod command, 604

mkswap command, 163

mod_ Apache modules, 406–407

modes, file, 59–61

modifying

groups, 122, 134

users, 120, 133–134

modinfo command, 272

modprobe command, 320, 322

module_path entry, 128

module_type entry, 127–130

modules

Apache web server, 406–407

kernel, 210

network configuration, 271

VoIP, 458

modules.conf file, 458–459

Mondo Rescue systems, 609

monitoring

bandwidth, 348

system, 337–338, 347–348

monolithic kernels, 10

more command, 69

mount command

NFS, 506–508

options, 160–161

risk source, 327–328

mount points in partitions, 25–26

mount units in systemd manager, 178

mounting

description, 11

local disks, 159–163

partitions, 499–500

remote Samba shares, 524

moving

files, 62–63

users, 78–80

MRTG (Multi-Router Traffic Grapher), 348

MS-DFS (Microsoft DFS) system, 534

MSS (Maximum Segment Size) value in TCP connections, 250

mt utility, 604, 607

MTAs (mail transport agents), 421

MTU (maximum transmission unit) in IP headers, 244

MUAs (mail user agents), 421

Multi-Router Traffic Grapher (MRTG), 348

multi-user.target, 330

multicast addresses in IPv6, 269

multiple commands, 53

multiple user systems, 9–10

mutt mail user agent, 427

mv command, 62–63

MX (Mail Exchanger) DNS records, 372–373

My Network Places, 11–12

mydestination option in Postfix, 424

mydomain option in Postfix, 424

myhostname option in Postfix, 424

mynetworks option in Postfix, 425

mynetworks_style option in Postfix, 425

myorigin option in Postfix, 424

N

name resolution in GlusterFS, 537

name server database files, 369–373

Name Server (NS) DNS records, 371

named.conf file

statements in, 364–367

zones, 367–369

names

domain and host, 356

groups, 117

partitions, 164–165

NAT. See network address translation (NAT)

NAT of Local Connections option for kernel, 308

National Security Agency (NSA), 336

ncurses-devel package, 207

Nessus application, 350

net command in Samba, 528

Netfilter firewall, 299

chains, 303–304

configuring, 308–319

cookbook solutions, 320–324

firewalld manager, 317–320

installing, 306–308

iptables command, 310–317

NAT, 301–303

operation, 300

services, 318

zones, 317–318

netmasks for IP addresses, 257–258

netplan command, 282–284

netstat command

example output, 287–288

security implications, 343–344

service tracking, 342–344

system monitoring, 337

working with, 343

network address translation (NAT), 301

connection tracking, 302–303

examples, 301–302

iptables command, 320–321

nftables command, 321

network configuration, 271

AWS, 293–295

Fedora installation, 28–30

hostnames, 295–297

modules and network interfaces, 271

routers, 290–292

routes, 284–289

Ubuntu installation, 34

utilities, 272–278

VPCs, 293

Network File System (NFS), 497

client configuration, 506–510

components, 501–502

enabling, 500–501

mechanics, 497–498

partitions, 499–500

sample configuration files, 510–512

security, 499

server configuration, 503–506

server installation, 17

uses, 512

versions, 498–499

network interface cards (NICs)

configuring, 271–278

Debian-like systems setup, 280–281

Fedora, CentOS, and RHEL setup, 278–280

netplan setup, 282–284

systemd-networkd setup, 281–282

network security, 341

attack handling, 348–349

interface binding, 344–345

service shutdown, 345–347

service tracking, 342–344

system monitoring, 347–348

TCP/IP, 341–342

tools, 349–351

network throughput in backups, 601

network user systems, 9–10

networkctl command, 282

NetworkManager (NM) package, 273

networks

DFS, 532–534

IP addresses, 255–256

naming conventions, 356

printers, 565

new-kernel-pkg script, 214

newaliases command, 427

news logging facility, 190

next-server parameter in DHCP, 578

NFS. See Network File System (NFS)

nfsvers command, 507

nft utility, 321

nftables tool, 300, 304, 307, 321

NICs. See network interface cards (NICs)

NM (NetworkManager) package, 273

nmap program, 350

nmbd daemon, 517

nmcli utility, 273–277, 279

no_access variable in /etc/xinetd.conf file, 185

noncommercial distributions, 4

nonhuman user accounts, 330

normal files, 56

normal users, 111

[NOTFOUND=action] entry, 385

NS (Name Server) DNS records, 371

NSA (National Security Agency), 336

nslcd daemon, 547

nslookup utility, 382

nss-pam-ldapd package, 547

nsupdate utility, 382

null passwords in Samba, 525–526

O

octal permissions for files, 60

octets in IP addresses, 255–256, 258

offline mode for mail, 431

online defragmentation in file systems, 158

online mode for mail, 431

only_from variable in /etc/xinetd.conf file, 184

oops messages, 213

Open Shortest Path First (OSPF) protocol, 260, 264

open source software

advantages, 8–9

disadvantages, 9

overview, 5–7

Open Systems Interconnection (OSI) model, 238–241

OpenAFS system, 535

OpenBSD project, 482

opening TCP connections, 250–251

OpenLDAP, 544

clients, 552–554, 557–558

configuring, 546–554

directories, 553–555

installing, 545–546

server-side daemons, 544

user authentication, 555–558

utilities, 544–545

OpenSSH, 482

Apple systems, 483

files used by, 493

installing, 483–486

scp program, 492–493

secure tunnels, 489–491

server startup and shutdown, 486–487

sftp program, 493

shell tricks, 492

ssh client, 488–489

Ubuntu installation, 36

openssl command, 443–444, 550

OpenStack project, 41–42

openSUSE

GUI package manager, 98

hostname configuration, 296

RPM, 84

OpenVAS application, 350

OSI (Open Systems Interconnection) model, 238–241

OSPF (Open Shortest Path First) protocol, 260, 264

other configuration file for PAM modules, 131

out-of-order delivery in VoIP, 477

OUTPUT chains in Netfilter, 305–306

outside connections for PBX, 467

ownership

files, 58–59

HTTP processes, 405

permissions, 59–60, 123

P

packages

querying for, 87–88

validating, 94–95

verifying, 93–94

Packet Filtering option for kernel, 307

packet loss in VoIP, 477

Packet Mangling option for kernel, 308

packets

headers, 241–250

TCP/IP, 236–238

page description language (PDL), 560

pam_ldap library, 547

pam_nologin.so module, 130

pam_winbind module, 517, 527

PAMs. See Pluggable Authentication Modules (PAMs)

parameters, environment variables as, 53

paravirtualization, 585

parsing logs, 347

parted utility, 168–170

partitions

creating, 26–27, 168

GRUB 2, 139

layout, 169–170

names, 164–165

NFS, 499–500

overview, 165

schemes, 24–25

passive FTP mode, 390

passwd command

risk source, 327–328

users, 132–133

passwords

changing, 349

Dovecot databases, 436

encryption, 113

groups, 117

PAM modules, 127

POP, 440

root, 30

Samba, 516–517, 525–526

users, 113, 116, 132–133

patch program, 217

patches

kernel, 4–5, 216

kernel, downloading and applying, 216–217

kernel, errors, 219

kernel, release candidates, 218–219

SELinux, 336

PBX. See Private Branch Exchange (PBX) configuration

pdbedit command, 525

PDL (page description language), 560

performance

NFS, 508–509

server design, 16–17

tcpdump tool, 265–266

permissions

files, 59

NFS, 504, 509–510

processes, 405

SetUID programs, 326–328

users and access, 123–125

phone sets in PBX, 464–466

Physical layer in TCP/IP, 238

physical volumes (PVs), 166–167

pico editor, 71

pine editor, 71, 427

ping program

ICMP, 241

risk source, 326

pipes, 51

pjsip commands in Asterisk, 476

pjsip.conf file, 453–456

Pluggable Authentication Modules (PAMs), 12–13, 125–126

configuring, 127–128

debugging, 131

files, 126–127

fixing configuration files, 131

operation, 126

Samba, 516

sample configuration file, 128–130

plus signs (+) for permissions, 60

Pointer (PTR) DNS records, 372

POP. See Post Office Protocol (POP)

port variable in /etc/xinetd.conf file, 185

Portable Operating System Interface for UNIX (POSIX) compliance, 536

portmap manager, 498, 501–502, 506

ports

FTP, 390

HTTP, 405

TCP/IP, 341–342

POSIX (Portable Operating System Interface for UNIX) compliance, 536

Post Office Protocol (POP), 429–431

basics, 431

checking, 439–440

connectivity, 443–444

Dovecot, 431–439

postfix check command, 426

Postfix server

configuring, 423–426

installing, 422–423

running, 426–428

POSTROUTING chains in Netfilter, 306

PostScript files, 560

PowerShell client in SSH, 483

PREROUTING chains in Netfilter, 304–305

pretty hostnames, 296

primary servers in DNS, 361

primary zones in named.conf file, 367–368

printenv command, 50

printing, 559

client-side tools, 570–571

CUPS system. See Common UNIX Printing System (CUPS)

environment variables, 50

terminology, 559–560

priorities in log messages, 188–190

Private Branch Exchange (PBX) configuration, 460–461

dialplans, 463–464

local extensions, 461

outside connections, 467

phone sets, 464

test scenario, 466

trunking, 467–475

private IP addresses, 256

problems in source package builds, 108–109

/proc directory

contents, 221–222

editing files in, 222–223

entries, 223–225

settings and reports, 225–227

/proc/kcore file, 222

/proc/sys/fs/file-max entry, 227

/proc/sys/net/ipv4 file, 222

processes

killing, 75–76

listing, 73–75

ownership in HTTP, 405

unnecessary, 329

Procmail program, 429

.profile file, 115

profiles

NetworkManager package, 273

Ubuntu installation, 36

programs, scheduling, 197–199

project prerequisites in Fedora installation, 19

proto command, 507

protocol entry

/etc/xinetd.conf file, 184

Ethernet headers, 241–242

IP headers, 245

iptables command, 312

protocols option in Dovecot, 435

proxy configuration in Ubuntu installation, 34

ps command, 73–74, 328

ps auxww command, 337

pseudo-tty interface, 48

PTR (Pointer) DNS records, 372

pty interface, 48

public key cryptography, 479–481

pure acknowledgments in TCP connections, 252

PuTTY client in SSH, 482

pvcreate command, 169

pvdisplay command, 169–171

PVs (physical volumes), 166–167

pwd command, 335

PXE protocol in server installation, 18

Q

QEMU, 585–586

Quality of Service (QoS) in VoIP, 477

question marks (?) in filename expansion, 52

queues

Postfix server, 427

TCP/IP packets, 237

QUIT command in SMTP, 421

R

range declarations in DHCP, 577

RARP (Reverse ARP), 254

raw tables in Netfilter, 300

rawhide Fedora versions, 18

rccups command, 561

RCPT TO: command in SMTP, 420

Read permission for users, 123

reading dumpfiles, 265

README files, 104–105

Real-time Transport Control Protocol (RTCP), 450

Real-time Transport Protocol (RTP), 450

reboots with fsck tool, 151

record types in DNS, 369

A and AAAA, 371

CNAME, 373

MX, 372–373

NS, 371

PTR, 372

RP and TXT, 373

SOA, 370–371

recovery mode in booting, 152

Red Hat Enterprise Linux (RHEL) series

commercial release, 6

hostname configuration, 296

NFS, 500–501

NIC setup, 278–280

PAM modules, 126

Postfix server installation, 422–423

XFS file system, 159

Red Hat Package Manager (RPM)

description, 83

DHCP installation, 574

GUI package managers, 97–98

information queries, 86–88

OpenSSH installation, 483–484

overview, 84

package validation, 94–95

package verification, 93–94

Samba installation, 518

software installation, 89–92

software uninstallation, 92–93

REDIRECT Target Support option for kernel, 307–308

redirection in Bash shell, 52

Reformat field in partition information, 26

Registration section in Asterisk, 456

Registry, Windows, 12

registry for Docker, 595

reject command for printer jobs, 569

REJECT Target Support option for kernel, 307

release candidates for kernel, 218–219

remote file access in Samba, 522–524

remote name daemon control (rndc) utility, 383

remote printers, adding, 564–565

remote procedure calls (RPCs), 498

remote shares in Samba, 524

removing

files and directories, 66

groups, 121, 134–135

software, 92–93, 101–102

users, 121, 134–135

renderers in netplan, 283

reparse points, 11

replication in DFS, 536

reports in proc directory, 225–227

Representational State Transfer (REST) interface, 42

request headers in HTTP, 404

reset (RST) flag in TCP connections, 252

resolvconf program, 384, 386

resolvectl tool, 381

resolver in DNS, 383–385

resources, limited, 330–332

REST (Representational State Transfer) interface, 42

restore tool, 605, 607–608

retrans command, 507–508

return on investment (ROI) in virtualization, 583

Reverse ARP (RARP), 254

reverse resolution in DNS, 360

RHEL. See Red Hat Enterprise Linux (RHEL) series

Ring 0, 10

RIP (Routing Information Protocol), 260–264

risks in local security

mitigating, 332–336

sources, 326–329

rm command

files and directories, 66

package installation, 107–108

rndc-confgen tool, 383

rndc (remote name daemon control) utility, 383

ROI (return on investment) in virtualization, 583

root directory, 24

root domains, 357

root elements in LDAP, 542

root file system (/), 160

root-level pages in Apache web server, 409

root name servers, 357, 361

root user passwords, 30

route command, 285–288

router configuration, 290–292

routes

ARP, 254

configuring, 285–286

displaying, 287

network configuration, 284–285

Routing Information Protocol (RIP), 260–264

routing IP addresses, 258–264

routing tables, 259

RP DNS records, 373

rpc commands, 502

rpcbind service, 500–501

rpcinfo command, 500–501

RPCs (remote procedure calls), 498

RPM. See Red Hat Package Manager (RPM)

rsize command in NFS, 507, 509

RST (reset) flag in TCP connections, 252

rsync utility, 609

rsyslog package, 187–188

/etc/rsyslog.conf file, 189–191

log message classifications, 188–189

rsyslog daemon, 188

systemd-journald component, 195–197

templates, 191–194

RTCP (Real-time Transport Control Protocol), 450

RTP (Real-time Transport Protocol), 450

rules

/etc/rsyslog.conf file, 192–194

iptables command, 312–317

run-instances command, 295

/run/systemd/network directory, 281

runlevels, 145, 330

S

safety in servers, 16–17

Samba, 515

daemons, 517

installing, 518

passwords, 516–517, 525–526

remote file access, 522–524

remote shares, 524

servers, 522

shares, 519–524

starting and stopping, 519

troubleshooting, 529

usernames and passwords, 516–517

users, 524–525

Windows server authentication, 526–529

saving Netfilter configuration, 308–309

SCCP (Skinny Client Control Protocol), 449

scheduling programs, 197–199

schemas in LDAP, 544

SCM (Source Code Management) system, 219

scp (Secure Copy) program, 492–493

script kiddies, 325

ScriptAlias option in Apache web server, 415

scripts

Samba, 516

startup, 114–115

systemd, 145–149

scsidev program, 604

searching LDAP directories, 554–555

sec command, 507

second-level domains, 358

secondary DNS servers, 361

secondary zones in named.conf file, 368

sections in Asterisk, 453–456

Secure Copy (scp) program, 492–493

Secure FTP (sftp) program, 493

Secure Shell (SSH), 479

clients, 482–483

OpenSSH installation, 483–486

OpenSSH operation, 488–493

public key cryptography, 479–481

SSHD configuration file, 487–488

tunneling, 345

Ubuntu installation, 36

versions, 481–483

Secure Sockets Layer (SSL)

Dovecot parameters, 438

mail services, 442–444

TCP/IP layer, 240–241

secure tunnels in OpenSSH, 489–491

security

groups, 294–295

HTTP, 405

kernel, 4–5, 502–503

local. See local security

mail services, 442–444

network. See network security

NFS, 499

OpenLDAP, 558

processes, 76

servers, 16–17

SMTP, 421

Security entry in vsftpd, 393

security logging facility, 190

security tables in Netfilter, 300

sed editor, 71–72

selector field in rsyslog.conf, 193

SELinux

Asterisk, 478

security, 335–336

semicolons (;) in multiple commands, 53

server_args variable in /etc/xinetd.conf file, 184

server cloud deployment, 39

commercial cloud service providers, 41–43

free-to-run virtual Linux servers, 40–41

server-identifier parameter in DHCP, 578

server installation

DNS, 362–367

Fedora. See Fedora installation

hardware and environmental considerations, 15–16

methods, 17–18

overview, 15

server design, 16–17

summary, 37

Ubuntu. See Ubuntu installation

Server Message Block/Common Internet File System (SMB/CIFS) protocol, 515

Server Message Block (SMB)

description, 565

server installation, 18

server-name parameter in DHCP, 578

server-side daemons in OpenLDAP, 544

server statement

/etc/xinetd.conf file, 184

named.conf file, 366

ServerAdmin option in Apache web server, 411

ServerName option in Apache web server, 411

ServerRoot option in Apache web server, 410

servers

DHCP, 574–581

DNS, configuring, 367–369

DNS, installing, 362–367

DNS, setup, 374–379

DNS, types, 361–362

high-volume, 227

NFS, 503–506

OpenLDAP, 555–556

Samba, 522

unnecessary processes on, 329

VoIP, 447–448

service command, 347

service option in Dovecot, 435

service units in systemd manager, 178

service utility in Apache web server, 407

services

disabling, 150–151

enabling, 150

Netfilter firewall, 318

shutting down, 345–347

tracking, 342–344

Session Initiation Protocol (SIP)

Asterisk, 453–456

description, 449

VoIP, 460–461

session modules, 127

SetGID program

finding, 328

user permissions, 123–124

setting environment variables, 50

SetUID program

finding and creating, 327–328

overview, 326–327

user permissions, 123–124

sfdisk utility, 168

sftp (Secure FTP) program, 493

shared mail spools in NFS, 512

shared-network declarations in DHCP, 576

shares in Samba, 519–524

Shell field for users, 116

shell tricks in OpenSSH, 492

shortcuts, command line, 52–54

showmount command, 505

shutdown

Apache web server, 407–408

OpenSSH, 487

services, 345–347

signaling protocols in VoIP, 449

signals for processes, 75–76

SIGTERM signal, 76

Simple Mail Transfer Protocol (SMTP), 419–420

e-mail components, 421–422

overview, 420–421

Postfix server, configuring, 423–426

Postfix server, installing, 422–423

Postfix server, running, 426–428

security, 421

troubleshooting, 428

single-user mode, booting into, 152

single-user systems, 9–10

SIP (Session Initiation Protocol)

Asterisk, 453–456

description, 449

VoIP, 460–461

size of files, 158

Skinny Client Control Protocol (SCCP), 449

slapd.conf file, 548–551

slapd daemon

configuring, 548–552

OpenLDAP, 544, 546

slaptest command, 551

slash (/) partition, 160

SLE (SUSE Linux Enterprise)

GUI package manager, 98

hostname configuration, 296

sliding windows in TCP headers, 248

slurpd daemon, 544

SMB/CIFS (Server Message Block/Common Internet File System) protocol, 515

SMB (Server Message Block)

description, 565

server installation, 18

smbclient program, 521–523, 525

smbd daemon, 517

smbpasswd program, 525–526

SMTP. See Simple Mail Transfer Protocol (SMTP)

smtpd_banner option in Postfix, 425

snap apps

installing, 108

Ubuntu installation, 37

snapd program, 108

snapshot units, 178

SNAT (Source NAT), 301

Snort program, 350

SOA (Start of Authority) DNS records, 370–371

Socket entry in vsftpd, 393

socket_type variable in /etc/xinetd.conf file, 184

sockets in systemd manager, 177–178

soft mounts in NFS, 507–508

softphones

description, 448

PBX, 464–466

software

DPMS, 99

Fedora installation settings, 21–22

GNU, 103–108

installing, 89–92, 100–101

testing, 107

Ubuntu, 99–102

uninstalling, 92–93, 101–102

software management, 83

DNF, 96–97

RPM. See Red Hat Package Manager (RPM)

Yum, 96

sort command, 73

source addresses

Ethernet headers, 241–242

IP headers, 245–246

source code

broken, 109

kernel, 203–204

managing, 83

Source Code Management (SCM) system, 219

Source NAT (SNAT), 301

source packages

build problems, 108–109

cleaning up, 107–108

compiling, 106

configuring, 106

documentation, 104–105

Fedora installation, 22

getting and unpacking, 103–104

installing, 106–107

source ports in TCP/IP, 342

sources.list file, 99, 101

speed of data recovery in backups, 601–602

spins, Fedora, 22

spoolers, printing, 560

SSH. See Secure Shell (SSH)

ssh client, 488–489

sshd_config file, 487–488, 493

sshd service, 486–487

ssl option in Dovecot, 435, 438

ssl_cert option in Dovecot, 435, 438

ssl_key option in Dovecot, 435, 438

SSL (Secure Sockets Layer)

Dovecot parameters, 438

mail services, 442–444

TCP/IP layer, 240–241

sssd daemon, 547

stability in server design, 16–17

stable point kernel releases, 203

stacks in TCP/IP, 235

stale file handles in NFS, 509

Stallman, Richard Matthew, 5–7

standards, 6–7

Start of Authority (SOA) DNS records, 370–371

starting up Apache web server, 407–408

startup scripts, 114–115

stat utility, 327

state module for iptables, 315

stateful connection tracking in NAT, 303

statement keywords in named.conf file, 365

static hostnames, 296

static routes

IP addresses, 258–260

routing with, 290–292

status command, 181

sticky bits in permissions, 125

storage pools in GlusterFS, 538

storing log entries, 347–348

su command, 77–78

subdomains, 358–359

subnets

DHCP declarations, 576–577

IP addresses, 256–257

VPCs, 293, 295

sudo command, 78

superblocks in file systems, 157

superusers, 111

SUSE Linux Enterprise (SLE)

GUI package manager, 98

hostname configuration, 296

swap space, 25

switching users, 77–78

symbolic links, 57

SYN flags in TCP connections, 250–252

SYN flood protection, 226

synaptic tool, 102

synchronous replication, 536

syncookies, 226

/sys/devices directory, 228

sysctl tool

hostname configuration, 296

Netfilter, 309

/proc directory, 225–226

SYN flood protection, 226

SysFS file system, 227–228

sysklogd daemon, 187

syslog logging facility, 190, 347–348

syslogd daemon, 187–188

system calls, 221

system-config-users utility, 122

system console, entering commands at, 85

System.map file, 213

system settings in Fedora installation, 22–30

system users in Dovecot, 436

systemctl command

Apache web server, 407–408

Asterisk, 452

CUPS, 561

DHCP, 581

Dovecot, 439

graphical environments, 85

KVM, 588

LDAP, 551–552

NFS, 500–501

OpenSSH, 486–487

Postfix server, 422, 426

runlevels, 330

Samba, 528

service shutdown, 346

systemd-journald component, 188, 195–197

systemd manager

aggressive parallelization, 176

control groups, 176–177

cron program, 199

human digestive system comparison, 177

legacy notes, 179–181

overview, 175–176

role, 176

scripts, 145–149

socket activation, 177

/tmp file system, 231

units, 178–179

systemd-networkd command, 278, 281–283

systemd-resolved manager, 384

systemd.timer object, 199

systems

details, 77

monitoring, 337–338, 347–348

sysv-rc-conf command, 346

T

tac command, 69

tail command, 416–417

tape archives, 66–68

tape backups, 603–605

tar tool

archives, 66–68

backups, 608

source packages, 103–104

tarballs, 103

targets

chains, 310, 313

makefiles, 205–206

systemd manager, 178

tasks, backgrounding, 48–49

TCP headers, 246–249

TCP/IP (Transmission Control Protocol/Internet Protocol), 235. See also IP addresses

ARP, 253–255

connections, 250–253

dynamic routing, 260–264

headers, 241–250

hosts and networks, 255–256

layers, 235–241

netmasks, 257–258

network security, 341–342

OSI model, 238–241

packets, 236–238

port numbers, 341–342

static routing, 258–260

subnetting, 256–257

tcpdump tool, 265–267

TCP layer in TCP/IP, 239–240

tcp module for iptables, 316

tcpdump tool, 241–243

ARP, 254

DNS issues, 266–267

dumpfiles, 265

IP headers, 245–246

network security, 350–351

own network traffic, 266

packet capturing, 265

performance impact, 265–266

TCP connections, 250–252

TCP headers, 246–248

UDP headers, 249

.tcshrc file, 115

tdbsam database, 524–525

tee command, 174

telinit command, 180

Telnet program

IMAP, 440

POP, 439

security, 442

SMTP, 420

templates in rsyslogd, 191–194

temporary files in package installation, 107–108

terminal interfaces in job control, 48

testing

Apache web server, 408–409

PBX, 466

PSTN, 474–475

software, 107

texinfo system, 56

text execution with backticks, 53–54

text files vs. Registry, 12

TFTP (Trivial File Transfer Protocol) service, 18

third-level domains, 358

three-way handshakes in TCP connections, 250

time settings

Fedora installation, 21

UNIX epoch, 117

time-to-live (TTL) field in IP headers, 244–245

timer object, 199

timer units in systemd manager, 178

TLDs (top-level domains), 357

TLS (Transport Layer Security)

mail services, 442–444

TCP/IP layer, 240–241

/tmp file system, 231

/tmp partition, 25

tmpfs file system, 231

top command, 75

top-level domains (TLDs), 357

Torvalds, Linus, 8

total length field in IP headers, 244

touch command, 62, 66

tracking services, 342–344

transient hostnames, 296

Transmission Control Protocol/Internet Protocol. See TCP/IP (Transmission Control Protocol/Internet Protocol)

Transport Layer Security (TLS)

mail services, 442–444

TCP/IP layer, 240–241

Transport section in Asterisk, 454

Trivial File Transfer Protocol (TFTP) service, 18

troubleshooting

Apache web server, 416–417

Asterisk, 475–478

DNS, 266–267

NFS, 506, 509–510

Samba, 529

SMTP, 428

trunking in PBX, 467–475

trust in network security, 349

trusted storage pools in GlusterFS, 538

$TTL entry in BIND database files, 374

TTL (time-to-live) field in IP headers, 244–245

tunnels

IPv6, 270

OpenSSH, 489–491

SSH, 345

Twilio Elastic SIP Trunks, 467–475

TXT DNS records, 373

type variable in /etc/xinetd.conf file, 184

U

Ubuntu, 99

DHCP installation, 575

GUI package manager, 97–98, 102

hostname configuration, 296

information queries, 100

KVM setup, 591–593

NFS, 501

OpenLDAP installation, 546

OpenSSH installation, 484–485

Postfix server installation, 423

software installation, 100–101

software uninstallation, 101–102

Ubuntu installation, 32–33

file system setup, 34–36

network configuration, 34

profile setup, 36

proxy configuration, 34

snaps, 37

SSH setup, 36

starting, 33–34

udev system, 227

udp module for iptables, 316–317

UDP (User Datagram Protocol)

description, 240

headers, 249–250

UDP (User Datagram Protocol) layer in TCP/IP, 239–240

UEFI (Unified Extensible Firmware Interface), 24

UIDs (user IDs), 111

NFS, 510

users, 113–114

ulimit facility, 330–332

umount command, 161–162

uname command, 77, 207, 214

unicast addresses in IPv6, 269

Unified Extensible Firmware Interface (UEFI), 24

Uniform Resource Information (URI) for printers, 564

uninstalling software, 92–93, 101–102

units in systemd manager, 178–179

UNIX epoch, 117

unmounting local disks, 159–163

unnecessary processes, 329

unpacking

kernel source code, 204

source packages, 103–104

unset command, 51

unsetting environment variables, 51

upgrades, kernel, 205

upstart daemon, 179–181

upstream components, 6–7

uptime

kernel, 202

servers, 17

urgent pointers in TCP headers, 249

URI (Uniform Resource Information) for printers, 564

USB boot disks in GRUB 2, 143–144

use-lease-addr-for-default-route parameter in DHCP, 579

user accounts

creating, 30–31

nonhuman, 330

user authentication in OpenLDAP, 555–558

User Datagram Protocol (UDP)

description, 240

headers, 249–250

User Datagram Protocol (UDP) layer in TCP/IP, 239–240

user IDs (UIDs), 111

NFS, 510

users, 113–114

user logging facility, 190

User option in Apache web server, 412

user variable in /etc/xinetd.conf file, 184

useradd command, 118–120, 132–133

userdel command, 121, 134–135

UserDir option in Apache web server, 413–414

usermod command, 120, 133–134

Username field, 113

usernames in Samba, 516

users

adding, 118–120, 132–133

characteristics, 111–112

command-line management, 118–122

Dovecot, 436

/etc/group file, 117–118

/etc/passwd file, 112–116

/etc/shadow file, 116–117

GUI managers, 122–123

information on, 112–118

modifying, 120, 133–134

moving, 78–80

PAM modules, 125–131

passwords, 132–133

permissions, 123–125

removing, 121, 134–135

Samba, 524–525

shells, 116

switching, 77–78

/usr/bin/dig tool, 364

/usr/bin/host tool, 364

/usr/lib/apache2/modules directory, 412

/usr/lib/firewalld file, 317

/usr/lib/systemd/system file, 145–146, 178

/usr/lib64/asterisk/modules directory, 458

/usr/local/src directory, 103

/usr partition, 25

/usr/sbin/named tool, 364

/usr/sbin/rndc tool, 364

/usr/share/doc/initscripts/sysconfig.txt file, 279

/usr/share/httpd/noindex/index.html file, 409

/usr/src directory, 204

utilization information for disks, 72–73

uucp logging facility, 190

V

validating packages, 94–95

vanilla kernels, 203

/var/lib/samba/private/passdb.tdb file, 525

/var/log directory, 337

/var/log/apache2 directory, 416

/var/log/httpd directory, 416

/var/log/mail file, 428

/var/log/maillog file, 427–428

/var/log/messages file, 366

/var/named/example.org.db file, 367

/var partition, 25

/var/spool/mail directory, 425

verbs in HTTP, 404

verifying packages, 93–94

versions

IP headers, 243

kernel, 203–204

vertical bar (|) character for pipes, 51

Very Secure FTP Daemon (vsftpd) program and package, 389

configuring, 391–392

FTP server, customizing, 395–401

FTP server, starting and testing, 392–395

FTP server, virtual user setup, 397–401

obtaining, 391

vgcreate command, 169

vgdisplay command, 169, 171

vgextend command, 169

VGs (volume groups), 166–167

vi editor, 70

vim editor, 70

virsh utility, 588, 590

virt-builder utility, 40–41

virt-install utility, 587–590

virt-manager application, 587

Virtual Machine Manager, 587

virtual machines (VMs), 39

virtual private clouds (VPCs), 289, 293

virtual users in FTP server, 397–401

VirtualBox platform, 586

VirtualHost option in Apache web server, 415–416

virtualization, 583

concepts, 584–585

containers, 594–598

implementations, 585–586

KVM, 586–593

purpose, 583–584

VMs (virtual machines), 39

VMware, 586

Voice over Internet Protocol (VoIP)

Asterisk, 451–459

ATA, 448

dialplans, 457

implementations, 450–451

IP phones, 448

modules, 458

overview, 447

PBX. See Private Branch Exchange (PBX) configuration

protocols, 448–450

servers, 447–448

Volume Group field in partition information, 26

volume groups (VGs), 166–167

volumes

creating, 171–172

exploring, 169

groups, 170

overview, 166–167

partitions and logical volumes, 168–172

VPCs (virtual private clouds), 289, 293

vsftpd. See Very Secure FTP Daemon (vsftpd) program and package

W

w command, 77

wait variable in /etc/xinetd.conf file, 184

WANs (wide area networks), 239

wbinfo utility, 529

Web interface

printer installation, 565–567

printer management, 569–570

well-known TCP/IP ports, 342

wget utility, 103, 203

whereis command, 69

which command, 69

whitelists for Twilio Elastic SIP Trunks, 471

who command, 77

whois command, 382

wide area networks (WANs), 239

wildcards in filename expansion, 52–53

winbind package, 527

winbindd daemon, 517, 526–527

Windows Registry system, 12

Windows server, Samba authentication for, 526–529

Windows vs. Linux, 9–13

Wireshark tool, 350–351

working directories, 66

world permissions, 59–60

Write permission, 123

writing dumpfiles, 265

wsize command, 507, 509

X

X-Lite softphones, 464–466

X Window System, 10

.Xdefaults file, 115

Xen virtualization, 586

XFCE window managers, 11

XFS file system, 159

xinetd program, 181–182

echo service example, 186–187

/etc/xinetd.conf file, 182–185

shutting down, 346

.xinitrc file, 115

XML (Extensible Markup Language), 240–241

XMPP (Extensible Messaging and Presence Protocol), 449

xterm emulator, 86

xz tool, 65

Y

YaST (Yet Another Setup Tool), 98

yast2 command, 172

Yum tool, 96

Z

zombie reapers, 180

zones

named.conf file, 367–369

Netfilter firewall, 317–318