书籍详情

Linux系统管理技术手册(第二版 英文版)

Linux系统管理技术手册(第二版 英文版)

作者:(美)内梅斯(Nemeth,E.),(美)斯奈德(Snyder,G.),(美)海因(Hein,T.R.) 著

出版社:人民邮电出版社

出版时间:2007-10-01

ISBN:9787115164810

定价:¥128.00

购买这本书可以去
内容简介
  《Linux系统管理技术手册(第2版)(英文版)》(LAHv2)延续了该书第一版(LAH)以及《UNlX系统管理技术手册》(LISAFl)的讲解风格,以当前主流的5种Linux发行版本(Red Hat ES、SuSE、Debian、Fedora Core和Ubuntu)为例,把Linu×系统管理技术分为三个方面分别介绍。第一部分“基本管理技术”全面介绍了运行单机Linux系统涉及的各种管理知识和技术,如系统引导和关机、进程控制、文件系统管理、用户管理、设备管理、系统备份、软件配置以及cron和系统日志的管理使用等。第二部分“网络管理技术”从详细讲解TCP/IP协议基本原理开始,深入讨论了网络的两大基本应用——域名系统和路由技术,然后逐章讲解Linux上的各种Intemet关键应用,如电子邮件、NFS、文件共享、Web托管和Intemet服务,在这部分里还有专门的章节介绍网络硬件、网络管理与调试以及系统安全。第三部分“其他管理技术”包括了多种不容忽视的重要主题:X Wi rldow系统、打印系统、系统维护与环境、性能分析、与Wit‘idows系统的协作、串行设备、操作系统驱动程序和内核、系统守护进程以及政策与行政管理方面的知识等。《Linux系统管理技术手册(第2版)(英文版)》的几位作者是分别来自学术界、企业界以及职业培训领域的Li nLJx/LJNIx系统管理专家,这使得《Linux系统管理技术手册(第2版)(英文版)》从第1版开始,即成为全面、深入而且颇富实用性的Linux系统管理权威参考书。《Linux系统管理技术手册(第2版)(英文版)》适合于从Linux初学者到具有丰富经验的Linux专业技术人员使用。
作者简介
暂缺《Linux系统管理技术手册(第二版 英文版)》作者简介
目录
SECTION ONE: BASIC ADMINISRATION
CHAPTER 1 WHERE TO START 3
 Suggested background 4
 Linux’s relationship to UNIX 4
 Linux in historical context 5
 Linux distributions 6
  So what’s the best distribution? 8
  Distribution-specific administration tools 9
 Notation and typographical conventions 9
  System-specific information 10
 Where to go for information 11
  Organization of the man pages 12
  man: read manual pages 13
  Other sources of Linux information 13
 How to find and install software 14
 Essential tasks of the system administrator 16
  Adding, removing, and managing user accounts 16
  Adding and removing hardware 16
  Performing backups 17
  Installing and upgrading software 17
  Monitoring the system 17
  Troubleshooting 17
  Maintaining local documentation 17
  Vigilantly monitoring security 17
  Helping users 18 System administration under duress 18
  System Administration Personality Syndrome 18
 Recommended reading 19
 Exercises 20
CHAPTER 2 BOOTING AND SHUTTING DOWN 21
 Bootstrapping 21
  Automatic and manual booting 22
  Steps in the boot process 22
  Kernel initialization 23
  Hardware configuration 23
  Kernel threads 23
  Operator intervention (manual boot only) 24
  Execution of startup scripts 25
  Multiuser operation 25
 Booting PCs 25
 Using boot loaders: LILO and GRUB 26
  GRUB: The GRand Unified Boot loader 26
  LILO: The traditional Linux boot loader 28
  Kernel options 29
  Multibooting on PCs 30
  GRUB multiboot configuration 30
  LILO multiboot configuration 31
 Booting single-user mode 31
  Single-user mode with GRUB 32
  Single-user mode with LILO 32
 Working with startup scripts 32
  init and run levels 33
  Red Hat and Fedora startup scripts 36
  SUSE startup scripts 38
  Debian and Ubuntu startup scripts 40
 Rebooting and shutting down 40
  Turning off the power 41
  shutdown: the genteel way to halt the system 41
  halt: a simpler way to shut down 42
  reboot: quick and dirty restart 42
  telinit: change init’s run level 42
  poweroff: ask Linux to turn off the power 42
 Exercises 43
CHAPTER 3 ROOTLY POWERS 44
 Ownership of files and processes 44
 The superuser 46
 Choosing a root password 47
 Becoming root 48
  su: substitute user identity 48
  sudo: a limited su 48
 Other pseudo-users 51
  bin: legacy owner of system commands 51
  daemon: owner of unprivileged system software 51
  nobody: the generic NFS user 51
 Exercises 52
CHAPTER 4 CONTROLLING PROCESSES 53
 Components of a process 53
  PID: process ID number 54
  PPID: parent PID 54
  UID and EUID: real and effective user ID 54
  GID and EGID: real and effective group ID 55
  Niceness 55
  Control terminal 56
 The life cycle of a process 56
 Signals 57
 kill and killall: send signals 60
 Process states 60
 nice and renice: influence scheduling priority 61
 ps: monitor processes 62
 top: monitor processes even better 65
 The /proc filesystem 65
 strace: trace signals and system calls 66
 Runaway processes 67
 Recommended reading 69
 Exercises 69
CHAPTER 5 THE FILESYSTEM 70
 Pathnames 72
 Filesystem mounting and unmounting 73
 The organization of the file tree 75
 File types 76
  Regular files 78
  Directories 78
  Character and block device files 79
  Local domain sockets 80
  Named pipes 80
  Symbolic links 80
 File attributes 81
  The permission bits 81
  The setuid and setgid bits 82
  The sticky bit 82
  Viewing file attributes 82
  chmod: change permissions 84
  chown: change ownership and group 86
  umask: assign default permissions 86
  Bonus flags 87
 Access control lists 88
  ACL overview 88
  Default entries 91
 Exercises 92
CHAPTER 6 ADDING NEW USERS 93
 The /etc/passwd file 93
  Login name 94
  Encrypted password 96
  UID (user ID) number 96
  Default GID number 97
  GECOS field 98
  Home directory 98
  Login shell 98
 The /etc/shadow file 99
 The /etc/group file 101
 Adding users 102
  Editing the passwd and shadow files 103
  Editing the /etc/group file 104
  Setting an initial password 104
  Creating the user’s home directory 105
  Copying in the default startup files 105
  Setting the user’s mail home 106
  Verifying the new login 106
  Recording the user’s status and contact information 107
 Removing users 107
 Disabling logins 108
 Managing accounts 108
 Exercises 110
CHAPTER 7 ADDING A DISK 111
 Disk interfaces 111
  The PATA interface 112
  The SATA interface 114
  The SCSI interface 114
  Which is better, SCSI or IDE? 118
 Disk geometry 119
 Linux filesystems 120
  Ext2fs and ext3fs 120
  ReiserFS 121
  XFS and JFS 122
 An overview of the disk installation procedure 122
  Connecting the disk 122
  Formatting the disk 123
  Labeling and partitioning the disk 124
  Creating filesystems within disk partitions 125
  Mounting the filesystems 126
  Setting up automatic mounting 127
  Enabling swapping 129
 hdparm: set IDE interface parameters 129
 fsck: check and repair filesystems 131
 Adding a disk: a step-by-step guide 133
 Advanced disk management: RAID and LVM 138
  Linux software RAID 139
  Logical volume management 139
  An example configuration with LVM and RAID 140
  Dealing with a failed disk 144
  Reallocating storage space 146
 Mounting USB drives 147
 Exercises 148
CHAPTER 8 PERIODIC PROCESSES 150
 cron: schedule commands 150
 The format of crontab files 151
 Crontab management 153
 Some common uses for cron 154
  Cleaning the filesystem 154
  Network distribution of configuration files 155
  Rotating log files 156
 Other schedulers: anacron and fcron 156
 Exercises 157
CHAPTER 9 BACKUPS 158
 Motherhood and apple pie 159
  Perform all dumps from one machine 159
  Label your media 159
  Pick a reasonable backup interval 159
  Choose filesystems carefully 160
  Make daily dumps fit on one piece of media 160
  Make filesystems smaller than your dump device 161
  Keep media off-site 161
  Protect your backups 161
  Limit activity during dumps 162
  Verify your media 162
  Develop a media life cycle 163
  Design your data for backups 163
  Prepare for the worst 163
 Backup devices and media 163
  Optical media: CD-R/RW, DVD±R/RW, and DVD-RAM 164
  Removable hard disks (USB and FireWire) 165
  Small tape drives: 8mm and DDS/DAT 166
  DLT/S-DLT 166
  AIT and SAIT 166
  VXA/VXA-X 167
  LTO 167
  Jukeboxes, stackers, and tape libraries 167
  Hard disks 168
  Summary of media types 168
  What to buy 168
 Setting up an incremental backup regime with dump 169
  Dumping filesystems 169
  Dump sequences 171
 Restoring from dumps with restore 173
  Restoring individual files 173
  Restoring entire filesystems 175
 Dumping and restoring for upgrades 176
 Using other archiving programs 177
  tar: package files 177
  cpio: archiving utility from ancient times 178
  dd: twiddle bits 178
 Using multiple files on a single tape 178
 Bacula 179
  The Bacula model 180
  Setting up Bacula 181
  Installing the database and Bacula daemons 181
  Configuring the Bacula daemons 182
  bacula-dir.conf: director configuration 183
  bacula-sd.conf: storage daemon configuration 187
  bconsole.conf: console configuration 188
  Installing and configuring the client file daemon 188
  Starting the Bacula daemons 189
  Adding media to pools 190
  Running a manual backup 190
  Running a restore job 192
  Monitoring and debugging Bacula configurations 195
  Alternatives to Bacula 197
 Commercial backup products 197
  ADSM/TSM 197
  Veritas 198
  Other alternatives 198
 Recommended reading 198
 Exercises 198
CHAPTER 10 SYSLOG AND LOG FILES 201
 Logging policies 201
  Throwing away log files 201
  Rotating log files 202
  Archiving log files 204
 Linux log files 204
  Special log files 206
  Kernel and boot-time logging 206
 logrotate: manage log files 208
 Syslog: the system event logger 209
  Alternatives to syslog 209
  Syslog architecture 210
  Configuring syslogd 210
  Designing a logging scheme for your site 214
  Config file examples 214
  Sample syslog output 216
  Software that uses syslog 217
  Debugging syslog 217
  Using syslog from programs 218
 Condensing log files to useful information 220
 Exercises 222
CHAPTER 11 SOFTWARE AND CONFIGURATION MANAGEMENT 223
 Basic Linux installation 223
  Netbooting PCs 224
  Setting up PXE for Linux 225
  Netbooting non-PCs 226Kickstart: the automated installer for   Enterprise Linux and Fedora 226
  AutoYaST: SUSE’s automated installation tool 230
  The Debian and Ubuntu installer 231
  Installing from a master system 232
 Diskless clients 232
 Package management 234
  Available package management systems 235
  rpm: manage RPM packages 235
  dpkg: manage Debian-style packages 237
 High-level package management systems 237
  Package repositories 239
  RHN: the Red Hat Network 240
  APT: the Advanced Package Tool 241
  Configuring apt-get 242
  An example /etc/apt/sources.list file 243
  Using proxies to make apt-get scale 244
  Setting up an internal APT server 244
  Automating apt-get 245
  yum: release management for RPM 246
 Revision control 247
  Backup file creation 247
  Formal revision control systems 248
  RCS: the Revision Control System 249
  CVS: the Concurrent Versions System 251
  Subversion: CVS done right 253
 Localization and configuration 255
  Organizing your localization 256
  Testing 257
  Local compilation 258
  Distributing localizations 259
  Resolving scheduling issues 260
 Configuration management tools 260
  cfengine: computer immune system 260
  LCFG: a large-scale configuration system 261
  The Arusha Project (ARK) 261
  Template Tree 2: cfengine helper 262
  DMTF/CIM: the Common Information Model 262
 Sharing software over NFS 263
  Package namespaces 264
  Dependency management 265
  Wrapper scripts 265
  Implementation tools 266
 Recommended software 266
 Recommended reading 268
 Exercises 268
SECTION TWO: NETWORKING
CHAPTER 12 TCP/IP NETWORKING 271
 TCP/IP and the Internet 272
  A brief history lesson 272
  How the Internet is managed today 273
  Network standards and documentation 274
 Networking road map 275
 Packets and encapsulation 276
  The link layer 277
  Packet addressing 279
  Ports 281
  Address types 281
 IP addresses: the gory details 282
  IP address classes 282
  Subnetting and netmasks 282
  The IP address crisis 285
  CIDR: Classless Inter-Domain Routing 287
  Address allocation 288
  Private addresses and NAT 289
  IPv6 addressing 291
 Routing 293
  Routing tables 294
  ICMP redirects 295
 ARP: the address resolution protocol 296
 Addition of a machine to a network 297
  Hostname and IP address assignment 298
  ifconfig: configure network interfaces 299
  mii-tool: configure autonegotiation and other media-specific options 302
  route: configure static routes 303
  Default routes 305
  DNS configuration 306
  The Linux networking stack 307
 Distribution-specific network configuration 307
  Network configuration for Red Hat and Fedora 308
  Network configuration for SUSE 309
  Network configuration for Debian and Ubuntu 310
 DHCP: the Dynamic Host Configuration Protocol 311
  DHCP software 312
  How DHCP works 312
  ISC’s DHCP server 313
 Dynamic reconfiguration and tuning 314
 Security issues 316
  IP forwarding 316
  ICMP redirects 317
  Source routing 317
  Broadcast pings and other forms of directed broadcast 317
  IP spoofing 317
  Host-based firewalls 318
  Virtual private networks 318
  Security-related kernel variables 319
 Linux NAT 319
 PPP: the Point-to-Point Protocol 320Addressing PPP performance   issues 321
  Connecting to a network with PPP 321
  Making your host speak PPP 321
  Controlling PPP links 321
  Assigning an address 322
  Routing 322
  Ensuring security 323
  Using chat scripts 323
  Configuring Linux PPP 323
 Linux networking quirks 330
 Recommended reading 331
 Exercises 332
CHAPTER 13 ROUTING 334
 Packet forwarding: a closer look 335
 Routing daemons and routing protocols 337
  Distance-vector protocols 338
  Link-state protocols 339
  Cost metrics 340
  Interior and exterior protocols 340
 Protocols on parade 341
  RIP: Routing Information Protocol 341
  RIP-2: Routing Information Protocol, version 2 341
  OSPF: Open Shortest Path First 342
  IGRP and EIGRP: Interior Gateway Routing Protocol 342
  IS-IS: the ISO “standard” 343
  MOSPF, DVMRP, and PIM: multicast routing protocols 343
  Router Discovery Protocol 343
 routed: RIP yourself a new hole 343
 gated: gone to the dark side 344
 Routing strategy selection criteria 344
 Cisco routers 346
 Recommended reading 348
 Exercises 349
CHAPTER 14 NETWORK HARDWARE 350
 LAN, WAN, or MAN? 351
 Ethernet: the common LAN 351
  How Ethernet works 351
  Ethernet topology 352
  Unshielded twisted pair 353
  Connecting and expanding Ethernets 355
 Wireless: nomad’s LAN 359
  Wireless security 360
  Wireless switches 360
 FDDI: the disappointing, expensive, and outdated LAN 361
 ATM: the promised (but sorely defeated) LAN 362
 Frame relay: the sacrificial WAN 363
 ISDN: the indigenous WAN 364
 DSL and cable modems: the people’s WAN 364
 Where is the network going? 365
 Network testing and debugging 366
 Building wiring 366
  UTP cabling options 366
  Connections to offices 367
  Wiring standards 367
 Network design issues 368
  Network architecture vs building architecture 368
  Existing networks 369
  Expansion 369
  Congestion 369
  Maintenance and documentation 370
 Management issues 370
 Recommended vendors 371
  Cables and connectors 371
  Test equipment 371
  Routers/switches 372
 Recommended reading 372
 Exercises 372
CHAPTER 15 DNS: THE DOMAIN NAME SYSTEM 373
 DNS for the impatient: adding a new machine 374
 The history of DNS 375
  BIND implementations 376
  Other implementations of DNS 376
 Who needs DNS? 377
 The DNS namespace 378
  Masters of their domains 381
  Selecting a domain name 382
  Domain bloat 382
  Registering a second-level domain name 383
  Creating your own subdomains 383
 How DNS works 383
  Delegation 383
  Caching and efficiency 384
  The extended DNS protocol 386
 What’s new in DNS 386
 The DNS database 389
  Resource records 389
  The SOA record 392
  NS records 395
  A records 396
  PTR records 396
  MX records 397
  CNAME records 399
  The CNAME hack 400
  LOC records 401
  SRV records 402
  TXT records 403
  IPv6 resource records 404
  IPv6 forward records 404
  IPv6 reverse records 405
  Security-related records 405
  Commands in zone files 405
  Glue records: links between zones 407
 The BIND software 409
  Versions of BIND 410
  Finding out what version you have 410
  Components of BIND 411
  named: the BIND name server 412
  Authoritative and caching-only servers 412
  Recursive and nonrecursive servers 413
  The resolver library 414
  Shell interfaces to DNS 415
 Designing your DNS environment 415
  Namespace management 415
  Authoritative servers 416
  Caching servers 417
  Security 417
  Summing up 418
  A taxonomy of DNS/BIND chores 418
 BIND client issues 418
  Resolver configuration 418
  Resolver testing 420
  Impact on the rest of the system 420
 BIND server configuration 420
  Hardware requirements 421
  Configuration files 421
  The include statement 423
  The options statement 423
  The acl statement 429
  The key statement 430
  The trusted-keys statement 430
  The server statement 431
  The masters statement 432
  The logging statement 432
  The zone statement 432
  The controls statement 436
  Split DNS and the view statement 438
 BIND configuration examples 439
  The localhost zone 439
  A small security company 441
  The Internet Systems Consortium, isc.org 444
 Starting named 446
 Updating zone files 447
  Zone transfers 447
  Dynamic updates 448
 Security issues 451
  Access control lists revisited 451
  Confining named 453
  Secure server-to-server communication with TSIG and TKEY 453
  DNSSEC 456
  Negative answers 463
  Microsoft and DNS 464
 Testing and debugging 466
  Logging 466
  Sample logging configuration 470
  Debug levels 471
  Debugging with rndc 471
  BIND statistics 473
  Debugging with dig 473
  Lame delegations 475
  doc: domain obscenity control 476
  Other DNS sanity checking tools 478
  Performance issues 478
 Distribution specifics 478
 Recommended reading 481
  Mailing lists and newsgroups 481
  Books and other documentation 481
  On-line resources 482
  The RFCs 482
 Exercises 482
CHAPTER 16 THE NETWORK FILE SYSTEM 484
 General information about NFS 484
  NFS protocol versions 484
  Choice of transport 485
  File locking 486
  Disk quotas 486
  Cookies and stateless mounting 486
  Naming conventions for shared filesystems 487
  Security and NFS 487
  Root access and the nobody account 488
 Server-side NFS 489
  The exports file 490
  nfsd: serve files 492
 Client-side NFS 492
  Mounting remote filesystems at boot time 495
  Restricting exports to insecure ports 495
 nfsstat: dump NFS statistics 495
 Dedicated NFS file servers 496
 Automatic mounting 497
  automount: mount filesystems on demand 497
  The master file 498
  Map files 499
  Executable maps 499
 Recommended reading 500
 Exercises 501
CHAPTER 17 SHARING SYSTEM FILES 502
 What to share 503
 nscd: cache the results of lookups 504
 Copying files around 505
  rdist: push files 505
  rsync: transfer files more securely 508
  Pulling files 510
 NIS: the Network Information Service 511
  Understanding how NIS works 512
  Weighing advantages and disadvantages of NIS 514
  Prioritizing sources of administrative information 515
  Using netgroups 517
  Setting up an NIS domain 517
  Setting access control options in /etc/ypserv.conf 519
  Configuring NIS clients 519
  NIS details by distribution 520
 LDAP: the Lightweight Directory Access Protocol 520
  The structure of LDAP data 521
  The point of LDAP 522
  LDAP documentation and specifications 523
  OpenLDAP: LDAP for Linux 523
  NIS replacement by LDAP 525
  LDAP and security 526
 Recommended reading 526
 Exercises 527
CHAPTER 18 ELECTRONIC MAIL 528
 Mail systems 530
  User agents 531
  Transport agents 532
  Delivery agents 532
  Message stores 533
  Access agents 533
  Mail submission agents 533
 The anatomy of a mail message 534
  Mail addressing 535
  Mail header interpretation 535
 Mail philosophy 539
  Using mail servers 540
  Using mail homes 542
  Using IMAP or POP 542
 Mail aliases 544
  Getting mailing lists from files 546
  Mailing to files 547
  Mailing to programs 547
  Aliasing by example 548
  Forwarding mail 549
  The hashed alias database 551
 Mailing lists and list wrangling software 551
  Software packages for maintaining mailing lists 551
  LDAP: the Lightweight Directory Access Protocol 555
 sendmail: ringmaster of the electronic mail circus 557
  Versions of sendmail 557
  sendmail installation from sendmail.org 559
  sendmail installation on Debian and Ubuntu systems 561
  The switch file 562
  Modes of operation 562
  The mail queue 563
 sendmail configuration 565
  Using the m4 preprocessor 566
  The sendmail configuration pieces 567
  Building a configuration file from a sample .mc file 568
  Changing the sendmail configuration 569
 Basic sendmail configuration primitives 570
  The VERSIONID macro 570
  The OSTYPE macro 570
  The DOMAIN macro 572
  The MAILER macro 573
 Fancier sendmail configuration primitives 574
  The FEATURE macro 574
  The use_cw_file feature 574
  The redirect feature 575
  The always_add_domain feature 575
  The nocanonify feature 576
  Tables and databases 576
  The mailertable feature 578
  The genericstable feature 579
  The virtusertable feature 579
  The ldap_routing feature 580
  Masquerading and the MASQUERADE_AS macro 581
  The MAIL_HUB and SMART_HOST macros 583
  Masquerading and routing 583
  The nullclient feature 584
  The local_lmtp and smrsh features 585
  The local_procmail feature 585
  The LOCAL_* macros 586
  Configuration options 586
 Spam-related features in sendmail 588
  Relaying 589
  The access database 591
  User or site blacklisting 594
  Header checking 595
  Rate and connection limits 596
  Slamming 597
  Miltering: mail filtering 597
  Spam handling 598
  SpamAssassin 598
  SPF and Sender ID 599
 Configuration file case study 599
  Client machines at sendmail.com 599
  Master machine at sendmail.com 600
 Security and sendmail 603
  Ownerships 603
  Permissions 604
  Safer mail to files and programs 605
  Privacy options 606
  Running a chrooted sendmail (for the truly paranoid) 607
  Denial of service attacks 608
  Forgeries 608
  Message privacy 610
  SASL: the Simple Authentication and Security Layer 610
 sendmail performance 611
  Delivery modes 611
  Queue groups and envelope splitting 611
  Queue runners 613
  Load average controls 613
  Undeliverable messages in the queue 613
  Kernel tuning 614
 sendmail statistics, testing, and debugging 615
  Testing and debugging 616
  Verbose delivery 617
  Talking in SMTP 618
  Queue monitoring 619
  Logging 619
 The Exim Mail System 621
  History 621
  Exim on Linux 621
  Exim configuration 622
  Exim/sendmail similarities 622
 Postfix 623
  Postfix architecture 623
  Receiving mail 624
  The queue manager 624
  Sending mail 625
  Security 625
  Postfix commands and documentation 625
  Configuring Postfix 626
  What to put in main.cf 626
  Basic settings 626
  Using postconf 627
  Lookup tables 627
  Local delivery 629
  Virtual domains 630
  Virtual alias domains 630
  Virtual mailbox domains 631
  Access control 632
  Access tables 633
  Authentication of clients 634
  Fighting spam and viruses 634
  Black hole lists 635
  SpamAssassin and procmail 636
  Policy daemons 636
  Content filtering 636
  Debugging 637
  Looking at the queue 638
  Soft-bouncing 638
  Testing access control 638
 Recommended reading 639
 Exercises 640
CHAPTER 19 NETWORK MANAGEMENT AND DEBUGGING 643
 Network troubleshooting 644
 ping: check to see if a host is alive 645
 traceroute: trace IP packets 647
 netstat: get network statistics 649
  Inspecting interface configuration information 649
  Monitoring the status of network connections 651
  Identifying listening network services 652
  Examining the routing table 652
  Viewing operational statistics for network protocols 653
 sar: inspect live interface activity 654
 Packet sniffers 655
  tcpdump: king of sniffers 656
  Wireshark: visual sniffer 657
 Network management protocols 657
 SNMP: the Simple Network Management Protocol 659
  SNMP organization 659
  SNMP protocol operations 660
  RMON: remote monitoring MIB 661
 The NET-SMNP agent 661
 Network management applications 662
  The NET-SNMP tools 663
  SNMP data collection and graphing 664
  Nagios: event-based SNMP and service monitoring 665
  Commercial management platforms 666
 Recommended reading 667
 Exercises 668
CHAPTER 20 SECURITY 669
 Is Linux secure? 670
 How security is compromised 671
  Social engineering 671
  Software vulnerabilities 672
  Configuration errors 673
 Certifications and standards 673
  Certifications 674
  Standards 675
 Security tips and philosophy 676
  Packet filtering 677
  Unnecessary services 677
  Software patches 677
  Backups 677
  Passwords 677Vigilance 677
  General philosophy 678
 Security problems in /etc/passwd and /etc/shadow 678
  Password checking and selection 679
  Password aging 680
  Group logins and shared logins 680
  User shells 680
  Rootly entries 681
  PAM: cooking spray or authentication wonder? 681
 POSIX capabilities 683
 Setuid programs 683
 Important file permissions 684
 Miscellaneous security issues 685
  Remote event logging 685
  Secure terminals 685
  /etc/hosts.equiv and ~/.rhosts 685
  Security and NIS 685
  Security and NFS 686
  Security and sendmail 686
  Security and backups 686
  Viruses and worms 686
  Trojan horses 687
  Rootkits 688
 Security power tools 688
  Nmap: scan network ports 688
  Nessus: next generation network scanner 690
  John the Ripper: find insecure passwords 690
  hosts_access: host access control 691
  Samhain: host-based intrusion detection 692
  Security-Enhanced Linux (SELinux) 693
 Cryptographic security tools 694
  Kerberos: a unified approach to network security 695
  PGP: Pretty Good Privacy 696
  SSH: the secure shell 697
  One-time passwords 698
  Stunnel 699
 Firewalls 701
  Packet-filtering firewalls 701
  How services are filtered 702
  Service proxy firewalls 703
  Stateful inspection firewalls 703
  Firewalls: how safe are they? 704
 Linux firewall features: IP tables 704
 Virtual private networks (VPNs) 708
  IPsec tunnels 709
  All I need is a VPN, right? 710
 Hardened Linux distributions 710
 What to do when your site has been attacked 710
 Sources of security information 712
  CERT: a registered service mark of Carnegie Mellon University 712
  SecurityFocus.com and the BugTraq mailing list 713
  Crypto-Gram newsletter 713
  SANS: the System Administration, Networking, and Security Institute 713
  Distribution-specific security resources 713
  Other mailing lists and web sites 714
 Recommended reading 715
 Exercises 716
CHAPTER 21 WEB HOSTING AND INTERNET SERVERS 719
 Web hosting basics 720
  Uniform resource locators 720
  How HTTP works 720
  Content generation on the fly 722
  Load balancing 722
 HTTP server installation 724
  Choosing a server 724
  Installing Apache 724
  Configuring Apache 726
  Running Apache 726
  Analyzing log files 727
  Optimizing for high-performance hosting of static content 727
 Virtual interfaces 727
  Using name-based virtual hosts 728
  Configuring virtual interfaces 728
  Telling Apache about virtual interfaces 729
 The Secure Sockets Layer (SSL) 730  Generating a certificate signing request 731
  Configuring Apache to use SSL 732
 Caching and proxy servers 733
  The Squid cache and proxy server 733
  Setting up Squid 734
 Anonymous FTP server setup 734
 Exercises 736
SECTION THREE: BUNCH O' STUFF
CHAPTER 22 THE X WINDOW SYSTEM 741
 The X display manager 743
 Running an X application 744
  The DISPLAY environment variable 744
  Client authentication 745
  X connection forwarding with SSH 747
 X server configuration 748
  Device sections 750
  Monitor sections 750
  Screen sections 751
  InputDevice sections 752
  ServerLayout sections 753
 Troubleshooting and debugging 754
  Special keyboard combinations for X 754
  When good X servers go bad 755
 A brief note on desktop environments 757
  KDE 758
  GNOME 758
  Which is better, GNOME or KDE? 759
 Recommended Reading 759
 Exercises 759
CHAPTER 23 PRINTING 761
 Printers are complicated 762
 Printer languages 763
  PostScript 763
  PCL 763
  PDF 764
  XHTML 764
  PJL 765
  Printer drivers and their handling of PDLs 765
 CUPS architecture 767
  Document printing 767
  Print queue viewing and manipulation 767
  Multiple printers 768
  Printer instances 768
  Network printing 768
  The CUPS underlying protocol: HTTP 769
  PPD files 770
  Filters 771
 CUPS server administration 772
  Network print server setup 773
  Printer autoconfiguration 774
  Network printer configuration 774
  Printer configuration examples 775
  Printer class setup 775
  Service shutoff 776
  Other configuration tasks 777
  Paper sizes 777
  Compatibility commands 778
  Common printing software 779
  CUPS documentation 780
 Troubleshooting tips 780
  CUPS logging 781
  Problems with direct printing 781
  Network printing problems 781
  Distribution-specific problems 782
 Printer practicalities 782
  Printer selection 782
  GDI printers 783
  Double-sided printing 783
  Other printer accessories 783
  Serial and parallel printers 784
  Network printers 784
 Other printer advice 784
  Use banner pages only if you have to 784
  Provide recycling bins 785
  Use previewers 785
  Buy cheap printers 785
  Keep extra toner cartridges on hand 786
  Pay attention to the cost per page 786
  Consider printer accounting 787
  Secure your printers 787
 Printing under KDE 788
  kprinter: printing documents 789
  Konqueror and printing 789
 Recommended reading 790
 Exercises 790
CHAPTER 24 MAINTENANCE AND ENVIRONMENT 791
 Hardware maintenance basics 791
 Maintenance contracts 792
  On-site maintenance 792
  Board swap maintenance 792
  Warranties 793
 Electronics-handling lore 793
  Static electricity 793
  Reseating boards 794
 Monitors 794
 Memory modules 794
 Preventive maintenance 795
 Environment 796
  Temperature 796
  Humidity 796
  Office cooling 796
  Machine room cooling 797
  Temperature monitoring 798
 Power 798
 Racks 799
 Data center standards 800
 Tools 800
 Recommended reading 800
 Exercises 802
CHAPTER 25 PERFORMANCE ANALYSIS 803
 What you can do to improve performance 804
 Factors that affect performance 806
 System performance checkup 807
  Analyzing CPU usage 807
  How Linux manages memory 809
  Analyzing memory usage 811
  Analyzing disk I/O 813
  Choosing an I/O scheduler 815
  sar: Collect and report statistics over time 816
  oprofile: Comprehensive profiler 817
 Help! My system just got really slow! 817
 Recommended reading 819
 Exercises 819
CHAPTER 26 COOPERATING WITH WINDOWS 821 Logging in to a Linux system from Windows 821
 Accessing remote desktops 822
  Running an X server on a Windows computer 823
  VNC: Virtual Network Computing 824
  Windows RDP: Remote Desktop Protocol 824
 Running Windows and Windows-like applications 825
  Dual booting, or why you shouldn’t 826
  The OpenOffice.org alternative 826
 Using command-line tools with Windows 826
 Windows compliance with email and web standards 827
 Sharing files with Samba and CIFS 828
  Samba: CIFS server for UNIX 828
  Samba installation 829
  Filename encoding 830
  Network Neighborhood browsing 831
  User authentication 832
  Basic file sharing 833
  Group shares 833
  Transparent redirection with MS DFS 834
  smbclient: a simple CIFS client 835
  The smbfs filesystem 835
 Sharing printers with Samba 836
  Installing a printer driver from Windows 838
  Installing a printer driver from the command line 839
 Debugging Samba 840
 Recommended reading 841
 Exercises 842
CHAPTER 27 SERIAL DEVICES 843
 The RS-232C standard 844
 Alternative connectors 847
  The mini DIN-8 variant 847
  The DB-9 variant 848
  The RJ-45 variant 849
  The Yost standard for RJ-45 wiring 850
 Hard and soft carrier 852
 Hardware flow control 852
 Cable length 853
 Serial device files 853
 setserial: set serial port parameters 854
 Software configuration for serial devices 855
 Configuration of hardwired terminals 855
  The login process 855
  The /etc/inittab file 856
  Terminal support: the termcap and terminfo databases 858
 Special characters and the terminal driver 859
 stty: set terminal options 860
 tset: set options automatically 861
 Terminal unwedging 862
 Modems 862
  Modulation, error correction, and data compression protocols 863
  minicom: dial out 864
  Bidirectional modems 864
 Debugging a serial line 864
 Other common I/O ports 865
  USB: the Universal Serial Bus 865
 Exercises 866
CHAPTER 28 DRIVERS AND THE KERNEL 868
 Kernel adaptation 869
 Drivers and device files 870
  Device files and device numbers 870
  Creating device files 871  sysfs: a window into the souls of devices 872
  Naming conventions for devices 872
 Why and how to configure the kernel 873
 Tuning Linux kernel parameters 874
 Building a Linux kernel 876
  If it ain’t broke, don’t fix it 876
  Configuring kernel options 876
  Building the kernel binary 878
 Adding a Linux device driver 878
  Device awareness 880
 Loadable kernel modules 880
 Hot-plugging 882
 Setting bootstrap options 883
 Recommended reading 884
 Exercises 884
CHAPTER 29 DAEMONS 885
 init: the primordial process 886
 cron and atd: schedule commands 887
 xinetd and inetd: manage daemons 887
  Configuring xinetd 888
  Configuring inetd 890
  The services file 892
  portmap: map RPC services to TCP and UDP ports 893
 Kernel daemons 893
  klogd: read kernel messages 894
 Printing daemons 894
  cupsd: scheduler for the Common UNIX Printing System 894
  lpd: manage printing 894
 File service daemons 895
  rpc.nfsd: serve files 895
  rpc.mountd: respond to mount requests 895
  amd and automount: mount filesystems on demand 895
  rpc.lockd and rpc.statd: manage NFS locks 895
  rpciod: cache NFS blocks 896
  rpc.rquotad: serve remote quotas 896
  smbd: provide file and printing service to Windows clients 896
  nmbd: NetBIOS name server 896
 Administrative database daemons 896
  ypbind: locate NIS servers 896
  ypserv: NIS server 896
  rpc.ypxfrd: transfer NIS databases 896
  lwresd: lightweight resolver library server 897
  nscd: name service cache daemon 897
 Electronic mail daemons 897
  sendmail: transport electronic mail 897
  smtpd: Simple Mail Transport Protocol daemon 897
  popd: basic mailbox server 897
  imapd: deluxe mailbox server 897
 Remote login and command execution daemons 898
  sshd: secure remote login server 898
  in.rlogind: obsolete remote login server 898
  in.telnetd: yet another remote login server 898
  in.rshd: remote command execution server 898
 Booting and configuration daemons 898
  dhcpd: dynamic address assignment 899
  in.tftpd: trivial file transfer server 899
  rpc.bootparamd: advanced diskless life support 899
  hald: hardware abstraction layer (HAL) daemon 899
  udevd: serialize device connection notices 899
 Other network daemons 900
  talkd: network chat service 900
  snmpd: provide remote network management service 900
  ftpd: file transfer server 900
  rsyncd: synchronize files among multiple hosts 900
  routed: maintain routing tables 900
  gated: maintain complicated routing tables 901
  named: DNS server 901
  syslogd: process log messages 901
  in.fingerd: look up users 901
  httpd: World Wide Web server 901
 ntpd: time synchronization daemon 902
 Exercises 903
CHAPTER 30 MANAGEMENT, POLICY, AND POLITICS 904
 Make everyone happy 904
 Components of a functional IT organization 906
 The role of management 907
  Leadership 907
  Hiring, firing, and personnel management 908
  Assigning and tracking tasks 911
  Managing upper management 913
  Conflict resolution 913
 The role of administration 915
  Sales 915
  Purchasing 916
  Accounting 917
  Personnel 917
  Marketing 918
  Miscellaneous administrative chores 919
 The role of development 919
  Architectural principles 920
  Anatomy of a management system 922
  The system administrator’s tool box 922
  Software engineering principles 923
 The role of operations 924
  Aim for minimal downtime 925
  Document dependencies 925
  Repurpose or eliminate older hardware 926
 The work of support 927
  Availability 927
  Scope of service 927
  Skill sets 929
  Time management 930
 Documentation 930
  Standardized documentation 931
  Hardware labeling 933
  User documentation 934
 Request-tracking and trouble-reporting systems 934
  Common functions of trouble ticket systems 935
  User acceptance of ticketing systems 935
  Ticketing systems 936
  Ticket dispatching 937
 Disaster recovery 938
  Backups and off-line information 939
  Staffing your disaster 939
  Power and HVAC 940
  Network redundancy 941
  Security incidents 941
  Second-hand stories from the World Trade Center 942
 Written policy 943
  Security policies 945
  User policy agreements 946
  Sysadmin policy agreements 948
 Legal Issues 949
  Encryption 949
  Copyright 950
  Privacy 951
  Click-through EULAs 953
  Policy enforcement 953
  Control = liability 954
  Software licenses 955
  Regulatory compliance 956
 Software patents 957
 Standards 958
  LSB: the Linux Standard Base 959
  POSIX 959
  ITIL: the Information Technology Interface Library 960
  COBIT: Control Objectives for Information and related Technology 960
 Linux culture 961
 Mainstream Linux 962
 Organizations, conferences, and other resources 964
  Conferences and trade shows 965
  LPI: the Linux Professional Institute 967
  Mailing lists and web resources 967
  Sysadmin surveys 968
 Recommended Reading 968
  Infrastructure 968
  Management 969
  Policy and security 969
  Legal issues, patents, and privacy 969
  General industry news 970
 Exercises 970
INDEX 973
ABOUT THE CONTRIBUTORS 999
ABOUT THE AUTHORS 1001
猜您喜欢

读书导航