Linux Help for Professionals
Students and Hobbyists

Linux Topics

Linux is growing. It is now used in many everyday gadgets such as cell phones, PDAs, MP3 players, TVs, printers, portable GPS systems and cameras. It's no longer just for systems administrators. Join the wave! This site covers topics needed for Linux software certification exams, such as the RHCE, and many computer training courses. There is also a companion Cisco PDF for home / branch office configurations.

The Linux File Server Project

The Linux Web Server Project

Advanced Linux Topics

Network Based Linux Installation

Linux Software RAID

Expanding Linux Partitions With LVM

Managing Disk Usage With Quotas

Remote Disk Access With NFS

Centralized Linux Logins With NIS

Centralized Linux Logins With LDAP And RADIUS

Controlling Web Usage With Squid

Modifying The Kernel To Improve Performance

Basic MySQL Configuration

Linux VPN Configuration

Miscellaneous Topics

Codes, Scripts & Configurations
Configuring Syslog On Cisco Devices

The site was awarded the 2005 LinuxWorld Reader's Choice Award for "Best Linux Book" and "Best Linux Training".

CHAPTER 1 - Why Host Your Own Site?

Introduction
Our Network
Figure 1-1 : Wireless home network topology
Alternatives To In-House Web Hosting
Virtual Hosting
Dedicated Hosting
Factors To Consider Before Hosting Yourself
Table 1-1 The Pros and Cons of Web Hosting In-House
Is In-House Hosting Preferred?
How to Migrate from an External Provider
In-House Server Considerations
Conclusion

CHAPTER 2 - Introduction to Networking

Introduction
The OSI Networking Model
Table 2-1: The Seven OSI Layers
An Introduction to TCP/IP
TCP Is a Connection-Oriented Protocol
How TCP Establishes A Connection
UDP, TCP's "Connectionless" Cousin
TCP and UDP Ports
The TCP/IP "Time To Live" Feature
The ICMP Protocol and Its Relationship to TCP/IP
How IP Addresses Are Used To Access Network Devices
Private IP Addresses
The localhost IP Address
Network Address Translation (NAT) Makes Private IPs Public
Port Forwarding with NAT Facilitates Home-Based Web sites
DHCP
How DNS Links Your IP Address To Your Web Domain
IP Version 6 (IPv6)
How Subnet Masks Group IP Addresses into Networks
Calculating The Number of Addresses Assigned to a Subnet
Table 2-2: The "Dotted Decimal" And "Slash" Subnet Mask Notations
Calculating the Range of Addresses on Your Network
Manual Calculation
Calculation Using a Script
Subnet Masks for the Typical Business DSL Line
The Physical and Link Layers
Networking Equipment Terminology
Network Interface Cards
The Meaning of the NIC Link Light
Duplex Explained
The MAC Address
How ARP Maps the MAC Address to Your IP Address
Common ARP Problems When Changing A NIC
The Two Broad Types Of Networking Equipment
Data Terminal Equipment
Data Communications Equipment
Using Straight-Through/Crossover Cables to Connect DTEs And DCEs
Table 2-3: Cabling Rules of Thumb
Connectivity Using Hubs
Using Switches as a Faster Alternative to Hubs
Local Area Networks
How Routers Interconnect LANs
How Simple Routing Works
Default Gateways, The Routers Of Last Resort
Firewalls Help Provide a Secure Routing Environment
Additional Introductory Topics
The File Transfer Protocol
Linux Help
Conclusion

CHAPTER 3 - Linux Networking

Introduction
How to Configure Your NIC's IP Address
Determining Your IP Address
Changing Your IP Address
Figure 3-1 - File formats for network-scripts
How DHCP Affects the DNS Server You Use
Multiple IP Addresses on a Single NIC
IP Address Assignment for a Direct DSL Connection
Some Important Files Created By adsl-setup
Simple Troubleshooting
IP Address Assignment for a Cable Modem Connection
How to Activate/Shut Down Your NIC
How to View Your Current Routing Table
How to Change Your Default Gateway
How to Configure Two Gateways
Adding Temporary Static Routes
Adding Permanent Static Routes
How to Delete a Route
Changing NIC Speed and Duplex
Using mii-tool
Setting Your NIC's Speed Parameters with mii-tool
Using ethtool
Setting Your NIC's Speed Parameters with ethtool
A Note About Duplex Settings
How to Convert Your Linux Server into a Simple Router
Configuring IP Forwarding
Configuring Proxy ARP
Configuring Your /etc/hosts File
The loopback Interface's localhost Entry
Debian / Ubuntu Network Configuration
The /etc/network/interfaces File
The auto Stanza
The mapping Stanza
The iface Stanza
Creating Interface Aliases
Adding Permanent Static Routes
A complete /etc/network/interfaces file
Conclusion

CHAPTER 5 - Troubleshooting Linux With Syslog

Introduction
syslog
Table 5-1 Syslog Facilities
The /etc/syslog.conf File
Activating Changes to the syslog Configuration File
How to View New Log Entries as They Happen
Logging syslog Messages to a Remote Linux Server
Configuring the Linux Syslog Server
Configuring the Linux Client
Syslog Configuration and Cisco Network Devices
Logrotate
The /etc/logrotate.conf File
Sample Contents of /etc/logrotate.conf
The /etc/logrotate.d Directory
Activating logrotate
Compressing Your Log Files
syslog-ng
The /etc/syslog-ng/syslog-ng.conf file
Figure 5-1 A Sample syslog-ng.conf File
Installing syslog-ng
Configuring syslog-ng Clients
Simple syslog Security
Conclusion

CHAPTER 6 - Installing Linux Software

Introduction
Where to Get Commonly Used Packages
Packages on Your Installation CDs
Manually Downloaded Packages
Table 6-1 Popular Package Download Sites
Automated Package Download
How to Download Software
Getting Software Using Web-Based FTP
Getting RPMs Using Command-Line Anonymous FTP
Table 6-2 FTP Commands
Getting Software Using wget
Installing Software From RPM Files
How To Install RPMs Manually
Using Downloaded Files
Using CD-ROMs
How to Install Source RPMs
RPM Installation Errors
Failed Dependencies
Signature Keys
How to List Installed RPMs
Listing Files Associated with RPMs
Listing Files for Already Installed RPMs
Listing Files in RPM Files
Listing the RPM to Which a File Belongs
Uninstalling RPMs
Which RPMs Will Start Up At Boot Time?
Automatic Updates with yum
Configuring yum
How to Automate yum
Creating Your Own yum Server
How to Automate yum
Keeping Your System current with Yum
Example of a yum Package Installation
Remember The Following Yum Facts
Installing Software From DEB Files
How To Install DEBs Manually
Using Downloaded Files
Using CD-ROMs
DEB Installation Errors
Failed Dependencies
How to List Installed DEBs
Table 6-3 Column Formatting for the dpkg command
Listing Files Associated with DEBs
Listing Files for Previously Installed DEBs
Listing Files in DEB Files
Listing the DEB Package to Which a File Belongs
Uninstalling DEBs
Which DEBs Will Start Up At Boot Time?
Automatic DEB Updates with apt-get
Configuring APT
Keeping Your System current with APT
Example of an apt-get Package Installation
Remember The Following APT Facts
Installing Software Using tar Files
Installing Perl Modules
Manual Installation of Perl Modules
Automatic Installation of Perl Modules
Conclusion

CHAPTER 7 - The Linux Boot Process

Introduction
The Linux Boot Sequence
Figure 7-1 Sample grub.conf file
Table 7-1 Linux Runlevels
Determining the Default Boot runlevel
Getting a GUI Console
Get a Basic Text Terminal Without Exiting the GUI
Using a GUI Terminal Window
Using Virtual Consoles
System Shutdown and Rebooting
Halt/Shut Down The System
Reboot The System
Entering Single-user Mode
Switching to Single-user Mode
Entering Single-user Mode At The Grub Splash Screen
Reverting To Your Default runlevel From Single User Mode
Root Password Recovery
Starting and Stopping Daemons
Starting a Daemon
Stopping a Daemon
Restarting a Daemon
The service command
Using chkconfig to Start Daemons at Each runlevel
chkconfig Examples
Use Chkconfig to Get a Listing of sendmail's Current Startup Options
Switch Off sendmail Starting Up in Levels 3 and 5
Double-check that sendmail Will Not Start Up
Turn On sendmail Again
Using chkconfig to Improve Security
Final Tips on chkconfig
Using sysv-rc-conf to Start Daemons at Each runlevel
Installing sysv-rc-conf
Listing the runlevels for Daemons
Setting the runlevels for Daemons
Conclusion

CHAPTER 8 - Configuring A Linux DHCP Server

Introduction
Download and Install the DHCP Package
The /etc/dhcpd.conf File
How to Get DHCP Started
DHCP Servers with Multiple NICs
Temporary Solution
Permanent Solution
Configuring Linux Clients to Use DHCP
Configuring Windows Clients to Use DHCP
Using a Single DHCP Server to Serve Multiple Networks
Simple DHCP Troubleshooting
DHCP Clients Obtaining 169.254.0.0 Addresses
Other DHCP Failures
Conclusion

CHAPTER 9 - Adding Linux Users And Sudo

Introduction
Who Is the Super User?
How To Add Users
How to Change Passwords
How to Delete Users
How to Tell the Groups to Which a User Belongs
How to Change the Ownership of a File
Using sudo
Simple Sudo Examples
Temporarily Gaining root Privileges
Becoming root for a Complete Login Session
Downloading and Installing the sudo Package
The /etc/sudoers File
Table 9-1 Format of the /etc/sudoers File
Simple /etc/sudoers Examples
Granting All Access to Specific Users
Granting Access To Specific Users To Specific Files
Granting Access to Specific Files as Another User
Granting Access Without Needing Passwords
Using Aliases in the sudoers File
Other Examples
Using syslog To Track All sudo Commands
Conclusion

CHAPTER 10 - Configuring Samba

Introduction
Download and Install Packages
How to Get Samba Started
The Samba Configuration File
Table 10-1 : File Format - smb.conf
How SWAT Makes Samba Simpler
Figure 10-1 Samba SWAT Main Menu
Basic SWAT Setup
Controlling SWAT
Encrypting SWAT
Create An stunnel User
Create The Certificates
Modify Certificate File Permissions
Create An /etc/stunnel/stunnel.conf Configuration File
Create A New /etc/xinetd.d File For Secure SWAT
Disable SWAT in the /etc/xinetd.d/swat File
Edit The /etc/services file To create a Secure SWAT entry
Activate swat-stunnel
Start stunnel
Test Secure SWAT
Test The Secure SWAT Login
Troubleshooting Secure SWAT
How To Make SWAT Changes Immediate
Creating A Starter Configuration
The [Global] Section
Table 10-2 : smb.conf Minimum Settings, "Global" Section
Using The SWAT Wizard
The [homes] Section
Table 10-3 : smb.conf Minimum Settings, "Home" Section
The [netlogon] and [profiles] Share Sections
The [printers] Share Section
Shares For Specific Groups Of Users
Samba Passwords
How To Create A Samba PDC Administrator User
Home Environment
Corporate Environment
How To Add Workstations To Your Samba Domain
Create Samba Trust Accounts For Each Workstation
Manual Creation Of Machine Trust Accounts (NT Only)
Dynamic Creation of Machine Trust Accounts
Make Your PC Clients Aware Of Your Samba PDC
Windows 95/98/ME and Windows XP Home
Windows NT
Windows 200x and Windows XP Professional
How To Add Users To Your Samba Domain
Adding The Users In Linux
Create the user
Give them a Linux Password
Mapping The Linux Users To An smbpassword
Mapping A Private Windows Drive Share
Mapping Using "My Computer"
Mapping from the Command Line
Domain Groups And Samba
How To Delete Users From Your Samba Domain
How To Modify Samba Passwords
Table 10-4 : smb.conf Settings, Enabling Online Password Changes
Conclusion

CHAPTER 11 - Sharing Resources with Samba

Introduction
Adding A Printer To A Samba PDC
Adding The Printer To Linux
Figure 11-1 Printer Configuration Screen
Make Samba Aware of the Printer
Configure The Printer Driver On The Workstations
Creating Group Shares in SAMBA
Create The Directory And User Group
Configure The Share In SWAT
Map The Directory Using "My Computer"
Sharing Windows Drives Using a Linux SAMBA Client
Windows Setup
For Windows 98/ME
For Windows 2000
For Windows XP
Test Your Windows Client Configuration
Create A CD-ROM Drive Mount Point On Your Samba Server
Password Prompt Method
No Prompt Method
Using The smbmount Command Method
Automating Mounting With Linux SAMBA Clients
Conclusion

CHAPTER 12 - Samba Security & Troubleshooting

Introduction
Testing The smb.conf file
Samba and Firewall Software
Linux iptables
Windows-based Zone Alarm
The Windows XP Built In Firewall
Testing Basic Client / Server Network Connectivity
Testing Samba Client / Server Connectivity
Checking the Samba Logs
Samba Network Troubleshooting
Basic Samba Security
Conclusion

CHAPTER 13- Linux Wireless Networking

Introduction
Wireless Linux Compatible NICs
Common Wireless Networking Terms
Wireless Access Points
Service Set ID
Encryption
Wired Equivalent Privacy
Wi-Fi Protected Access
Networking With Linux Wireless-Tools
Using iwconfig For wireless-tools Configuration
Permanent wireless-tools Configuration
Fedora / RedHat
Debian / Ubuntu
WEP Encryption Configuration
WEP Encryption Configuration
#1.1 WEP Key Generation
Table 13-1 Byte Count to WEP Key Length Conversion
#1.2 WEP Key Configuration for Fedora / RedHat
#1.3 WEP Key Configuration for Debian / Ubuntu
WPA Encryption
Installing WPA Supplicant
The wpa_supplicant.conf File
Further WPA Configuration Steps - Fedora / RedHat
Further WPA Configuration Steps - Debian / Ubuntu
Configuring Linux with Incompatible Wireless NICs
Using bcm43xx-fwcutter with Broadcom Wireless Chips
How to tell if you have a Broadcom 43XX Chipset
Installing your Broadcom 43XX firmware
Configuring your Broadcom NIC
Using ndiswrapper
Installing and Configuring ndiswrapper
Networking With Linux-WLAN
Linux-WLAN Preparation
Identifying The Correct RPMs
Determine The Kernel Type
Determine The OS Version
Determine The Kernel Version
Installing the RPMs
Linux-WLAN Post Installation Steps
Configure The New wlan0 Interface
Disable Your Existing Ethernet NIC
Start Linux-WLAN
PCI Cards - Installed Using RPMs
PCMCIA Cards
Testing Linux-WLAN
Linux-WLAN WEP Encryption For Security
De-activating Encryption
Troubleshooting Your Wireless LAN
Check The NIC Status
The iwconfig Command
The iwlist Command
The iwspy Command
Check For Interrupt Conflicts
Kernel Errors
Can't Ping Default Gateway
"Unknown Device" Errors
Hermes Chipset Errors
ndiswrapper Errors
CONFIG_4KSTACKS errors During Installation
Incorrect Driver
NICs that are Incompatible with ndiswrapper
A Common Problem With Linux-WLAN And Fedora Core 1
Wireless Networks In Businesses
Conclusion

CHAPTER 14 - Linux Firewalls Using iptables

Introduction
What Is iptables?
Download And Install The Iptables Package
How To Start iptables
Determining The Status of iptables
Packet Processing In iptables
Table 14-1 Processing For Packets Routed By The Firewall
Figure 14-1 Iptables Packet Flow Diagram
Targets And Jumps
Table 14-2 Descriptions Of The Most Commonly Used Targets
Important Iptables Command Switch Operations
Table 14-2 General Iptables Match Criteria
Table 14-4 Common TCP and UDP Match Criteria
Table 14-5 Common ICMP (Ping) Match Criteria
Table 14-6 Common Extended Match Criteria
Using User Defined Chains
Table 14.7 Custom Queues Example Listing
Saving Your iptables Scripts
Fedora's iptables Rule Generator
Recovering From A Lost Script
Loading Kernel Modules Needed By iptables
Sample iptables Scripts
Basic Operating System Defense
Advanced iptables Initialization
Allowing DNS Access To Your Firewall
Allowing WWW And SSH Access To Your Firewall
Allowing Your Firewall To Access The Internet
Allow Your Home Network To Access The Firewall
Masquerading (Many to One NAT)
Port Forwarding Type NAT (DHCP DSL)
Static NAT
Troubleshooting iptables
Checking The Firewall Logs
iptables Won't Start
Conclusion

CHAPTER 15 - Configuring a Linux FTP server

Introduction
FTP Overview
Types of FTP
Figure 15-1 Active And Passive FTP Illustrated
Active FTP
Passive FTP
Regular FTP
Anonymous FTP
Problems With FTP And Firewalls
Client Protected By A Firewall Problem
Table 15-1 Client Protected by Firewall - Required Rules for FTP
Server Protected By A Firewall Problem
Table 15-2 outlines the general rules needed to allow FTP servers through a firewall.
How To Download And Install VSFTPD
How To Get VSFTPD Started
Testing the Status of VSFTPD
The vsftpd.conf File
Other vsftpd.conf Options
FTP Security Issues
The /etc/vsftpd.ftpusers File
Anonymous Upload
FTP Greeting Banner
Using SCP As Secure Alternative To FTP
Troubleshooting FTP
Tutorial
FTP Users with Only Read Access to a Shared Directory
Sample Login Session To Test Functionality
Conclusion

CHAPTER 16 - Telnet, TFTP and XINETD

Introduction
Managing xinetd Programs
Controlling xinetd
Controlling xinetd-Managed Applications
Telnet
Using The Telnet Client
Installing The Telnet Server Software
Setting Up A Telnet Server
Redhat / Fedora
Debian / Ubuntu
Basic Telnet Security
Let Telnet Listen On Another TCP Port
Let Telnet Allow Connections From Trusted Addresses
TFTP
Installing The TFTP Server Software
Configuring The TFTP Server
Redhat / Fedora
Debian / Ubuntu
Preparing TFTP Server Files
Saving Cisco Configurations To The TFTP Server
Cisco PIX firewall
Cisco Switch Running CATOS
Cisco Router
Cisco CSS 11000 "Arrowpoints"
Cisco Local Director
Uploading Cisco Configurations From The TFTP Server
Sample Upload Configuration File
Procedure To Upload A Configuration File
Using TFTP To Restore Your Router Configuration
Conclusion

CHAPTER 17 - Secure Remote Logins & File Copying

Introduction
A Quick Introduction To SSH Encryption
Starting OpenSSH
Testing The Status of SSH
The /etc/ssh/sshd_config File
SSH Versions 1 and 2
How To Change The TCP Port On Which SSH Listens
Using SSH To Login To A Remote Machine
What To Expect With Your First Login
SSH Failures Due To Linux Reinstallations
Deactivating Telnet After Installing SSH
Executing Remote Commands on Demand with SSH
SSH Tunneling
Local Forwarding
Remote Forwarding
Configuring Forwarding with GUI Clients
Troubleshooting SSH Port Forwarding
SCP: A Secure Alternative to FTP
Copying Files To The Local Linux Box
Copying Files To The Remote Linux Box
SFTP: Another Secure Alternative to FTP
Using SSH and SCP without a password
Configuration: Client Side
Configuration - Server Side
Conclusion

CHAPTER 18 - Configuring DNS

Introduction
Introduction to DNS
DNS Domains
BIND
DNS Clients
Authoritative DNS Servers
How DNS Servers Find Out Your Site Information
When To Use A DNS Caching Name Server
When To Use A Static DNS Server
When To Use A Dynamic DNS Server
How To Get Your Own Domain
Basic DNS Testing of DNS Resolution
The Host Command
The nslookup Command
Downloading and Installing the BIND Packages
How To Get BIND Started
Redhat / Fedora
Debian / Ubuntu
The /etc/resolv.conf File
Table 18.1 Keywords In /etc/resolv.conf
Configuring A Caching Nameserver
Important File Locations
RedHat / Fedora
Table 18.2 Differences In Fedora And Redhat DNS File Locations
Debian / Ubuntu
Configuring A Regular Nameserver
Configuring resolv.conf
Preparing named.conf
Table 18.3 The Primary BIND Configuration Files
Configuring named.conf
Configuring The Zone Files
Time to Live Value
DNS Resource Records
The SOA Record
Table 18.4 The SOA Record Format
NS, MX, A And CNAME Records
Table 18.5 NS, MX, A, PTR and CNAME Record Formats
TXT Records
Sample Forward Zone File
Sample Reverse Zone File
BIND Views When Using NAT And DNS
The Internal View
The External View
The localhost_resolver View
Loading Your New Configuration Files
Make Sure Your /etc/hosts File Is Correctly Updated
Configure Your Firewall
Fix Your Domain Registration
Troubleshooting BIND
Configuration Troubleshooting Steps
Network Troubleshooting Steps
Migrating Your Web Site In-House
DHCP Considerations For DNS
Simple DNS Security
Zone Transfer Protection
Selectively Disabling Recursion
Naming Convention Security
Conclusion

CHAPTER 19 - Dynamic DNS

Introduction
Dynamic DNS Preparation
Testing ISP Connectivity For Your Website
Setup
Testing From The Internet
Test Port Forwarding
Registering DDNS
Install a DDNS Client On Your Server
Dynamic DNS And NAT Router/Firewalls
DDNS Client Software - SOHO Router / Firewalls
DDNS Client Software - Linux DDclient
The /etc/ddclient.conf file
How to Get DDclient Started
Finding DDclient Help
Testing Your Dynamic DNS
Conclusion

CHAPTER 20 - Web Hosting With The Apache Web Server

Introduction
Download and Install The Apache Package
How To Get Apache Started
Redhat / Fedora
Debian / Ubuntu
Configuring DNS For Apache
DHCP and Apache
General Configuration Steps
Where To Put Your Web Pages
The Default File Location
File Permissions And Apache
Security Contexts For Web Pages
Table 20-1 SELinux Security Context File Labels
Security Contexts For CGI Scripts
Named Virtual Hosting
Named Virtual Hosting Example
IP-Based Virtual Hosting
IP Virtual Hosting Example: Single Wild Card
IP Virtual Hosting Example: Wild Card and IP addresses
A Note On Virtual Hosting And SSL
Configuration - Multiple Sites And IP Addresses
Table 20-2 Web Hosting Scenario Summary
Testing Your Website Before DNS Is Fixed
Disabling Directory Listings
Handling Missing Pages
Using Data Compression On Web Pages
Compression Configuration Example
Apache Running On A Server Behind A NAT Firewall
Step 1: Configure Virtual Hosting on Multiple IPs
Step 2: Configure DNS "Views"
How To Protect Web Page Directories With Passwords
The conf.d Directory
Troubleshooting Apache
Testing Basic HTTP Connectivity
Browser 403 Forbidden Messages
Only The Default Apache Page Appears
Incompatible httpd.conf Files When Upgrading
Server Name Errors
The Apache Status Log Files
Table 20-3 Apache Log File Format
Table 20-4 HTTP Status Codes
The Apache Error Log Files
Conclusion

CHAPTER 21 - Configuring Linux Mail

Introduction
Configuring Sendmail
How Sendmail Works
Incoming Mail
Outgoing Mail
Sendmail Macros
Installing Sendmail
Starting Sendmail
How To Restart Sendmail After Editing Your Configuration Files
The /etc/mail/sendmail.mc File
How to Put Comments in sendmal.mc
Configuring DNS for sendmail
Configure Your Mail Server's Name In DNS
Configure The /etc/resolv.conf File
The /etc/hosts File
How To Configure Linux Sendmail Clients
Converting From a Mail Client to a Mail Server
A General Guide To Using The sendmail.mc File
The /etc/mail/relay-domains File
The /etc/mail/access File
The /etc/mail/local-host-names File
Which User Should Really Receive The Mail?
The /etc/mail/virtusertable file
The /etc/aliases File
Sendmail Masquerading Explained
Configuring masquerading
Testing Masquerading
Other Masquerading Notes
Using Sendmail to Change the Sender's Email Address
Troubleshooting Sendmail
Testing TCP connectivity
Further Testing of TCP connectivity
The /var/log/maillog File
Common Errors Due To Incomplete RPM Installation
Incorrectly Configured /etc/hosts Files
Fighting SPAM
Using Public SPAM Blacklists With Sendmail
Spamassassin
Downloading And Installing Spamassassin
Starting Spamassassin
Configuring procmail for spamassassin
Configuring Spamassassin
Testing spamassassin
Startup spamassassin
Tuning spamassassin
The Rules du Jour Spamassassin Tool
The /etc/rulesdujour/config Configuration File
Installing Rules du Jour
Using Greylisting
Downloading and Installing milter-greylist
Configuring milter-greylist
Configuring milter-greylist
A Simple PERL Script To Help Stop SPAM
Configuring Your POP Mail Server
Installing Your POP Mail Server
Starting Your POP Mail Server
The /etc/dovecot.conf File
How To Configure Your Windows Mail Programs
Configuring Secure POP Mail
How to handle overlapping email addresses.
Troubleshooting POP Mail
Conclusion

CHAPTER 22 - Monitoring Server Performance

(See Chapter 23 for advanced MRTG Topics)
Introduction
SNMP
OIDs And MIBs
Figure 22-1 SNMP OID Structure
Table 22-1 OIDs And Their Equivalent MIBs
SNMP Community Strings
SNMP Versions
Doing SNMP Queries
Installing SNMP Utilities on a Linux Server
SNMP Utilities Command Syntax
Configuring Simple SNMP on a Linux Server
SNMP On Other Devices
Basic SNMP Security
SNMP Versions 1 and 2
SNMP Version 3
Simple SNMP Troubleshooting
MRTG
Figure 22-2 A Typical MRTG Web Page
MRTG Download and Installation
Configuring MRTG
Getting MRTG To Poll Multiple Devices
Configuring Apache To Work With MRTG
Basic Security
How To View The MRTG Graphs In Your Web Browser
Using MRTG To Monitor Other Subsystems
Troubleshooting MRTG
Basic Steps
Setting The Correct Character Set
Fedora Core 1 MRTG Errors With Net-SNMP
Webalizer
How To View Your Webalizer Statistics
The Webalizer Configuration File
The top Command
The vmstat Command
The free Utility
Conclusion

CHAPTER 23 - Advanced MRTG (CPU, Memory, Disk and TCP Connections

Monitoring)
Introduction
Locating And Viewing The Contents Of Linux MIBs
Testing Your MIB Value
Differences In MIB And MRTG Terminology
The CPU And Memory Monitoring MIB
Table 23-1 Important Objects In The UCD-SNMP-MIB MIB
The TCP/IP Monitoring MIB
Table 23-2 Important Objects In The TCP-MIB MIB
Manually Configuring Your MRTG File
Parameter Formats
Legend Parameters
Options Parameters
Scaling Parameters
Defining The MIB Target Parameters
Table 23-3 Mapping MIBs To The Graph Legends
Plotting Only One MIB Value
Adding MIB Values Together For a Graph
Sample Target: Total CPU Usage
Sample Target: Memory Usage
Sample Target: Newly Created Connections
Sample Target: Total TCP Established Connections
Sample Target: Disk Partition Usage
Defining Global Variables
Implementing Advanced Server Monitoring
A Complete Sample Configuration
Testing The Configuration
Creating A New MRTG Index Page To Include This File
Configuring cron To Use The New MRTG File
Monitoring Non Linux MIB Values
Scenario
Testing The OIDs
Speeding up MRTG with RRDtool
Scenario
Installing RRDtool
Storing the MRTG Data in RRDtool Format
The MRTG / RRDtool Integration Script
Troubleshooting
Conclusion

CHAPTER 24 - Configuring NTP

Introduction
Download and Install The NTP Package
The /etc/ntp.conf File
How To Get NTP Started
Verifying NTP is Running
Doing An Initial Synchronization
Determining If NTP Is Synchronized Properly
Your Linux NTP clients cannot Synchronize Properly
Fedora Core 2 File Permissions
Configuring Cisco Devices To Use An NTP Server
Cisco IOS
CATOS
NTP Security
Firewalls and NTP
NTP Authentication
Configuring A Windows NTP Client
Conclusion

CHAPTER 26 - Linux Software RAID

Introduction
RAID Types
Linear Mode RAID
RAID 0
RAID 1
Figure 26-1 RAID 0 And RAID 1 Operation
RAID 4
RAID 5
Figure 26-2 RAID 5 Operation
Before You Start
IDE Drives
Serial ATA Drives
SCSI Drives
Should I Use Software RAID Partitions Or Entire Disks?
Backup Your System First
Configure RAID In Single User Mode
Configuring Software RAID
RAID Partitioning
Determining Available Partitions
Unmount the Partitions
Prepare The Partitions With FDISK
Use FDISK Help
Set The ID Type To FD
Make Sure The Change Occurred
Save The Changes
Repeat For The Other Partitions
Preparing the RAID Set
Create the RAID Set
Confirm RAID Is Correctly Inititalized
Format The New RAID Set
Create the mdadm.conf Configuration File
Create A Mount Point For The RAID Set
Edit The /etc/fstab File
Mount The New RAID Set
Check The Status Of The New RAID
Conclusion

CHAPTER 27 - Expanding Linux Partitions With LVM

Introduction
Adding Disks To Linux
Scenario
Determining The Disk Types
Preparing Partitions on New Disks
Verifying Your New Partition
Putting A Directory Structure On Your New Partition
Migrating Data Over To your New Partition
Expanding Partitions With LVM
Configuring LVM Devices
Backup Your Data
Unmount your /home filesystem
Determine The Partition Types
Start FDISK
Set The ID Type T o 8e
Make Sure The Change Occurred
Save The Partition Changes
Define Each Physical Volume
Run VGscan
Create A Volume Group For the PVs
Create A Logical Volume From The Volume Group
Format The Logical Volume
Create A Mount Point
Update The /etc/fstab File
Mount The Volume
Restore Your Data
Get Out Of Single User Mode
Conclusion

CHAPTER 28 - Managing Disk Usage With Quotas

Introduction
Setting Up Quotas
Enter Single-User Mode
Edit Your /etc/fstab File
Remount The Filesystem
Get Out of Single-user Mode
Create The Partition Quota Configuration Files
Initialize The Quota Table
Edit The User's Quota Information
Testing
Other Quota Topics
Editing Grace Periods
Editing Group Quotas
Getting Quota Reports
Conclusion

CHAPTER 29 - Remote Disk Access With NFS

Introduction
NFS Operation Overview
General NFS Rules
Key NFS Concepts
VFS
Stateless Operation
Caching
NFS And Symbolic Links
NFS Background Mounting
Hard and Soft Mounts
NFS Versions
Important NFS Daemons
Installing NFS
Scenario
Configuring NFS on The Server
The /etc/exports File
Starting NFS on the Server
Configuring NFS on The Client
Starting NFS on the Client
NFS And DNS
Making NFS Mounting Permanent
The /etc/fstab File
Table 29.1 Possible NFS Mount Options
Permanently Mounting The NFS Directory
Manually Mounting NFS File Systems
Activating Modifications To The /etc/exports File
New Exports File
Adding A Shared Directory To An Existing Exports File
Deleting, Moving Or Modifying A Share
The NFS Automounter
Automounter Map Files
Direct Maps
Indirect Maps
The Structure Of Direct And Indirect Map Files
Indirect Map File Example
Direct Map File Example
Wildcards In Map Files
Using the Ampersand Wildcard
Using the Asterisk Wildcard
Starting Automounter
Automounter Examples
Troubleshooting NFS
Table 29.2 Some Common NFS Error Messages
The showmount Command
The "df" Command
The nfsstat Command
Table 29.3 Error Thresholds For The "nfsstat" Command
Other NFS Considerations
Security
NFS Hanging
File Locking
Nesting Exports
Limiting root Access
Restricting Access to the NFS server
File Permissions
Conclusion

CHAPTER 30 - Centralized Linux Logins With NIS

Introduction
Scenario
Configuring The NFS Server
Configuring The NFS Client
Configuring The NIS Server
Install the NIS Server Packages
Edit Your /etc/sysconfig/network File
Edit Your /etc/yp.conf File
Start The Key NIS Server Related Daemons
Table 30-1 Required NIS Server Daemons
Initialize Your NIS Domain
Start The ypbind and ypxfrd Daemons
Make Sure The Daemons Are Running
Adding New NIS Users
Configuring The NIS Client
Run authconfig
Start The NIS Client Related Daemons
Verify Name Resolution
Test NIS Access To The NIS Server
Test Logins via The NIS Server
Logging In Via Telnet
Logging In Via SSH
NIS Slave Servers
Configuring NIS Slave Servers
Table 30-2 NIS Master / Slave /etc/hosts Files
Table 30-3 NIS Master / Slave /etc/yp.conf Files
Configuring NIS Clients With Slaves
Changing Your NIS Passwords
When There Is Only An NIS Master
Users Changing Their Own Passwords
User "Root" Changing Passwords
When There Is A NIS Master / Slave Pair
Possible Password Errors
Segmentation Faults
Daemon Errors
Considerations For A Non NFS Environment
NIS Troubleshooting
Conclusion

CHAPTER 31 - Centralized Linux Logins With LDAP And RADIUS

Introduction
The LDAP Directory Structure
Scenario
Downloading And Installing The LDAP Packages
Required LDAP Server RPMS
Required LDAP Client RPMS
Configuring The LDAP Server
Create a database directory
Create an LDAP "root" password
Edit the slapd.conf file
Start the LDAP daemon
Convert the /etc/passwd file to LDIF format
Create the ldapuser test account
Extract the desired records from /etc/passwd
Find the conversion script
Convert the ".ldapuser" file
Modify the LDIF files
Edit the user LDIF file
Create an LDIF file for the "example.com" domain
Import the LDIF files into the database
Test the LDAP database
Configuring The LDAP Client
Edit the ldap.conf configuration file
Edit the /etc/nsswitch file
Create Home Directories On The LDAP Client
Check if ldapuser is Missing From the /etc/passwd file
Create The Home Directory For ldapuser On The LDAP Client
Testing
Configuring Encrypted LDAP Communication
Using Transport Layer Security (TLS)Encryption
How TLS Communication Works
Configuring the TLS Server
Configuring the TLS Client
TLS Maintenance
Using stunnel Encryption
Configuring the stunnel LDAP client
Configuring the stunnel LDAP server
Troubleshooting LDAP Logins
Check Your /var/log/messages file
Testing Basic Connectivity
Testing Using ldapsearch
Use SSH or the Linux console
Use the tcpdump Command
Testing Regular LDAP
Testing Secure LDAP
LDAP Works but not When I Switch to LDAPS
Stunnel Doesn't Appear To Work
LDAP_BIND Errors
Possible stunnel Errors in Fedora Core 2
Common LDAP Administrative Tasks
Starting and Stopping LDAP
LDAP users changing their own passwords
Modifying LDAP users by user "root"
The Modify LDAP User Script
Adding new LDAP users
Create an LDAP Add User Script
Add the User to the Database
Deleting LDAP users
LDAP Web Management Tools
Configuring RADIUS for LDAP
How To Download and Install The FreeRADIUS Packages
Starting and Stopping FreeRADIUS
Configuring The /etc/raddb/radiusd.conf File
Configuring The /etc/raddb/users File
Configuring The /etc/raddb/clients.conf File
Troubleshooting And Testing RADIUS
Server Setup
Linux Client Setup
Cisco Client Setup
Errors With Fedora Core 2
Conclusion

CHAPTER 32 - Controlling Web Usage With Squid

Introduction
Download and Install The Squid Package
Starting Squid
The /etc/squid/squid.conf File
The Visible Host Name
Access Control Lists
Restricting Web Access By Time
Restricting Access to specific Web sites
Restricting Web Access By IP Address
Password Authentication Using NCSA
Forcing Users To Use Your Squid Server
Making Your Squid Server Transparent To Users
Squid Transparent Proxy Configuration
Configuring iptables to Support the Squid Transparent Proxy
Manually Configuring Web Browsers To Use Your Squid Server
Squid Disk Usage
Troubleshooting Squid
Conclusion

CHAPTER 33 - Modifying The Kernel To Improve Performance

Introduction
Table 33-1: Kernels Found On Fedora Installation CDs
The Pros And Cons Of Kernel Upgrades
The Kernel Sources Package
Installing Kernel Sources
Kernel Modules
Reasons For Kernel Modules
How Kernel Modules Load When Booting
Modules And The grub.conf File
Loading Kernel Modules On Demand
Creating A Custom Kernel
Make Sure Your Source Files Are In Order
The ".config" File
Backup Your Configuration
Customizing The ".config" File
Table 33-2 Scripts For Modifying The .config File
Table 33-3 Kernel Option Choices
Table 33-4 Kernel Configuration Options
Configure Dependencies
Edit The Makefile To Give The Kernel A Unique Name
Compile A New Kernel
Build The Kernel's Modules
Copy The New Kernel To The /boot Partition
Updating GRUB
Kernel Crash Recovery
How To Create A Boot CD
Updating The Kernel Using RPMs
Conclusion

CHAPTER 34 - Basic MySQL Configuration

Introduction
Preparing MySQL For Applications
Installing MySQL
Starting MySQL
The /etc/my.cnf File
The Location of MySQL Databases
Creating a MySQL "root" Account
Accessing The MySQL Command Line
Granting Privileges to Users
Running MySQL Scripts To Create Data Tables
Viewing Your New MySQL Databases
Listing The Data Tables In Your MySQL Database
Viewing Your MySQL Database's Table Structure
Viewing The Contents Of A Table
Configuring Your Application
Table 34.1 Required PHP and Perl RPMs for MySQL Support
Recovering / Changing Your MySQL Root Password
MySQL Database Backup
MySQL Database Restoration
MySQL Table Backup and Restoration
Very Basic MySQL Network Security
Basic MyQL Troubleshooting
Connectivity Testing
Test Database Access
A Common Fedora Core 1 MySQL Startup Error
Conclusion

Chapter 35 - Linux VPN Configuration

Introduction
VPN Guidelines
Scenario
Figure 35-1 Openswan Topolology Diagram
Download And Install The Openswan Package
How to get Openswan Started
How to fix common Status errors
IP forwarding
Opportunistic Encryption DNS Checks:
VPN Configuration Steps (Using RSA Keys)
The /etc/ipsec.conf file
Table 35-1 Parameters of the /etc/ipsec.conf file
Obtaining RSA Keys
Creating Your Own Keys
Get The Left Public Key
Get The Right Public Key
Some Important Notes About The /etc/ipsec.conf File
Restart Openswan
Initialize The New Tunnel
Testing The New Tunnel
Possible Changes To IP Tables NAT/Masquerade Rules
How To Ensure Openswan Starts When Rebooting
Using Pre-Shared Keys (PSK)
Troubleshooting Openswan
Determine the Tunnel Status
Testing VPN Connectivity
Check The Routes
Using TCPdump
Protected Interface TCPDUMP Output From "vpn2"
Unprotected Interface TCPDUMP Output From "vpn2"
Check Syslog Error Messages
"Invalid Key" Messages
Conclusion

APPENDIX I - Miscellaneous Topics

Introduction
Fedora Core 3
Linux Security With TCP Wrappers
The TCP Wrappers File Format
Determining the TCP Daemon's Name
Additional TCP Wrappers Help
Adjusting Kernel Parameters
Running Linux Without A Monitor
Preparing To Go "Headless"
Configuration Steps
Table I.1 How Physical COM Ports Map To Linux TTYS Devices
Make Your Linux Box Emulate A VT100 Dumb Terminal
Configuration Steps
VPN Terms and Methods
Figure I.1 Transport mode AH packet format
Figure I.2 Transport mode AH / ESP packet format
Figure I.3 Tunnel mode AH packet format
Figure I.4 Tunnel mode AH / ESP packet format
Authentication and Encryption methods
Internet Key Exchange (IKE)
Public Encrypted Keys
Private Shared keys
IKE's role in creating Security Associations
VPN Security And Firewalls
VPN User Authentication Methods For Temporary Connections
Table I-2 Types Of Dial Up VPN Authentication
TCP/IP Packet Format
Figure I.5
Table I.3 Contents Of The IP Header
Table I.4 Contents Of The TCP Header
Table I.5 Contents Of The UDP Header
ICMP Codes
Table I-6 ICMP Codes

APPENDIX II - Codes, Scripts & Configurations

Subnet Calculator Script
Apache File Permissions Script
Sendmail SPAM Filter Script
IPtables Basic Initialization Script
IPtables Firewall As A Webserver Script
IPtables IP Masquerading Script
IPtables Port Forwarding Script
IPtables Complex script
DNS Zone File For my-site.com
DNS Zone File For my-other-site.com
Forward Zone File For A Home Network Using NAT
Reverse Zone File For A Home Network Using NAT
Sendmail Sample /etc/mail/access File
Sendmail Sample /etc/aliases File
Sendmail Sample /etc/mail/local-host-names File
Sendmail Sample /etc/mail/sendmail.mc File
Sendmail Sample /etc/mail/virtusertable File

APPENDIX III - Configuring Syslog On Cisco Devices

Introduction
Cisco Routers
Catalyst CAT Switches running CATOS
Cisco Local Director
Table IV-1 Syslog Facility and Severity Numbering Scheme for Local Directors
Cisco PIX Filewalls
Table IV-2 Syslog Facility and Severity Numbering Scheme for PIX Firewalls
Cisco CSS11000 (Arrowpoints)
The Sample Cisco syslog.conf File

LXer
Other Sites

Linux Help for Professionals Students and Hobbyists