In Using and Administering Linux: Volume 3 you’ll work with multiple VMs on a single physical host to create a network in which to sharpen your sysadmin skills. Chapters have been fully updated to Fedora Linux 38 with expanded content and figures as well brand new material on the BTRFS file system, using Zram for swap, NetworkManager, automation with Ansible, as well as systemd.
Focusing on network and other advanced services, this second edition of the final series volume builds upon the skills you have learned so far in volumes 1&2 and will depend upon the virtual network and VMs created there. Start by reviewing the administration of Linux servers and install and configure various Linux server services such as DHCP, DNS, NTP, and SSH server that will be used to provide advanced network services. You’ll then learn to install and configure servers such as BIND for name services, DHCP for network host configuration, and SSH for secure logins to remote hosts.
Other topics covered include public/private keypairs to further enhance security, SendMail and IMAP and antispam protection for email, using Apache and WordPress to create and manage web sites, NFS, SAMBA, and Chrony. This volume also covers SELinux and its use in making your systems even more secure., You will learn to build RPMs to be used to distribute automation scripts. All of these services are installed on a single server host over the course of the book and by the time you are finished you will have a single server that provides these services for your network.
What You Will Learn
Install, configure, and manage several Linux server services such as email with spam management and single and multiple web sites
Work with NTP time synchronization, DHCP, SSH, and file sharing with Unix/Linux and Windows clients
Create RPMs for distribution of scripts and administrative programs.
Understand and work with enhanced security.
Who This Book Is For
Those who are already Linux power users – SysAdmins who
…
Author(s): David Both
Edition: 2
Publisher: Apress
Year: 2023
Language: English
Pages: 536
Table of Contents
About the Author
About the Technical Reviewers
Acknowledgments
Introduction
Chapter 42: Server Preparation
Objectives
Overview
Creating the VM
Installing Linux
Personalization and Updates
Virtual Network Configuration
Adjusting the Firewall
Overview of DHCP
Installing the DHCP Server
Configuring the DHCP Server
Configuring the Client Host
Configuring Guest Hosts
The Final dhcpd.conf File
Configuring NTP with Chrony
Configuring the NTP Server
Configure and Test the NTP Client
Chapter Summary
Exercises
Chapter 43: Name Services
Objectives
Introducing Domain Name Services
How a Name Search Works
Top-Level Configuration
NSS and NSSwitch
resolv.conf
Historical Usage
Current Usage
systemd-resolved.service
Name Service Strategies
The /etc/hosts File
mDNS
How It Works
mDNS Performance
nss-DNS
The DNS Database
Using the dig and nslookup Commands
Interpreting dig Command Results
Advanced dig Command Results
Common DNS Record Types
SOA
$ORIGIN
NS
A
AAAA
CNAME
DNSKEY
DS
MX
PTR
RRSIG
Other Records
Using BIND
Preparation
Setting Up the Caching Name Server
Configuring the Firewall for DNS
Start the Name Service
Reconfiguring DHCP
Using the Top-Level DNS Servers
Creating a Primary Name Server
Creating the Forward Zone File
Adding the Forward Zone File to named.conf
Adding CNAME Records
Creating the Reverse Zone File
Adding the Reverse Zone to named.conf
Automating BIND Administration
Chapter Summary
Exercises
Chapter 44: Routing
Objectives
Introduction
Routing on a Workstation
Creating a Router
Setting Up the Router
Kernel Configuration
Firewall State
Firewall Requirements
Zones
Zoning Strategy
About the Trusted Zone
Adapting the Firewall
Network Routing
Complex Routing
Fail2Ban
Cleanup
Chapter Summary
Exercises
Chapter 45: Remote Access with SSH
Objectives
Introduction
Starting the SSH Server
How SSH Works – Briefly
Public/Private Key Pairs
How PPKPs Work
X-Forwarding
The X Window System
Remote Commands
Remote Backups
Chapter Summary
Exercises
Chapter 46: Security
Objectives
Introduction
Security by Obscurity
What Is Security?
Data Protection
Security Vectors
Self-Inflicted Problems
Environmental Problems
Physical Attacks
Network Attacks
Software Vulnerabilities
Linux and Security
Login Security
Checking Logins
Telnet
Some Basic Steps
PAM
Advanced DNS Security
About chroot
Enabling bind-chroot
Hardening the Network in the Kernel
Restrict SSH Root Login
More firewalld
Disabling All Traffic in Case of Emergency Using CLI
Access from Specific IP Addresses or Networks
Malware
Root Kits
ClamAV
Tripwire
SELinux
Additional SELinux Considerations
Social Engineering
Chapter Summary
Exercises
Chapter 47: Back Up Everything – Frequently
Introduction
Backups to the Rescue
The Problem
Backup Options
tar
Off-Site Backups
Disaster Recovery Services
Options
What About the “Frequently” Part?
How Frequent Is “Frequently?”
What Does “Full” Really Mean?
All vs. Diff
Considerations for Automation of Backups
Dealing with Offline Hosts
Advanced Backups
rsync
Performing Backups
Recovery Testing
Chapter Summary
Exercises
Chapter 48: Introducing Email
Objectives
Introduction
Definitions
Email Data Flow
Structure of an Email
Email Headers
Sendmail on the Server
Sendmail Installation
Sendmail Configuration
DNS Configuration
Sendmail on the Client
SMTP: The Protocol
Email-Only Accounts
Who Gets Email for Root?
Things to Remember
It Is Not Instant
There Is No Delivery Guarantee
Chapter Summary
Exercises
Chapter 49: Advanced Email Topics
Objectives
Introduction
The Real Problem with Email
Preparation
More mailx
Setup
Installing IMAP on the Server
Installing UW IMAP
Installing Dovecot IMAP
Testing IMAP
Email Clients
Alpine
Installation
Exploring Alpine
Thunderbird
Adding Authentication to the Server
SMTP Authentication
Certificates
Other Considerations
Resources
Chapter Summary
Exercises
Chapter 50: Combating Spam
Objectives
Introduction
The Problem
But Why?
My Email Server
Project Requirements
Procmail
How It Works
Preparation
Configuration
Configuring Sendmail
Hacking mimedefang-filter
Configuring Procmail
Reports of Procmail's Demise
SpamAssassin Rules
Additional Resources
Chapter Summary
Exercises
Chapter 51: Apache Web Server
Objectives
Introduction
Installing Apache
Testing Apache
Creating a Simple Index File
Adding DNS
Good Practice Configuration
Virtual Hosts
Configuring the Primary Virtual Host
Configuring the Second Virtual Host
Using Telnet to Test the Website
Using CGI Scripts
Using Perl
Using Bash
Redirecting the Web Page to CGI
Refreshing the Page Automatically
Chapter Summary
Exercises
Chapter 52: WordPress
Objectives
Introduction
Install PHP and MariaDB
Install WordPress
HTTPD Configuration
Creating the WordPress Database
Configuring WordPress
Administering WordPress
Updating WordPress
Exploring MariaDB
Chapter Summary
Exercises
Chapter 53: Mailing Lists
Objectives
Introduction
Installing Sympa
About Sympa Documentation
Sympa Configuration and Integration
Getting Started with a New List
Creating a Mailing List
Testing the List
Global and Local Settings
Startup Problems
Rejections from Large Email Services
Chapter Summary
Exercises
Chapter 54: Remote Desktop Access
Objectives
Introduction
TigerVNC
Security
Chapter Summary
Exercises
Chapter 55: Advanced Package Management
Objectives
Introduction
Preparation
Examining the Spec File
Preamble
%description
%prep
%files
%pre
%post
%postun
%clean
%changelog
Building the RPM
Testing the RPM
Rebuilding a Corrupted RPM Database
Chapter Summary
Exercises
Chapter 56: File Sharing
Objectives
Introduction
Preparation
Firewall Considerations
Firewall Configuration for FTP
Active Mode
Passive Mode
FTP and FTPS
VSFTP
Installation and Preparation of VSFTP
The FTP Client
Anonymous FTP Access
Securing VSFTP with Encryption
NFS
NFS Server
NFS Client
Cleanup
SAMBA
Using the SAMBA Client
Midnight Commander
Apache Web Server
Chapter Summary
Exercises
Chapter 57: Where Do I Go from Here?
Introduction
Curiosity
Convert
Tools
Resources
Contribute
Teaching
Writing
Coding and Packaging
Donate $$
Skip This
Compiling the Kernel
Chapter Summary
Bibliography
Books
Web sites
Web articles
systemd
Index
