自从2001年《Linux系统管理技术手册》一书问世以来，对于每一位必须有效解决各类技术问题，努力让某种生产环境达到可靠性最强、性能最好的系统管理员来说，该书俨然成为他们的权威参考资料。此次三位作者再度联手，系统地更新了这本经典工具书的内容，范围更是涵盖当今最重要的几种Linux发行版本，并且还加入了功能最强的系统管理新工具。

作者们在书中详细阐述了系统管理各个方面最出色的实践经验。包括存储管理、网络设计和管理、Web托管、软件配置管理、性能分析、与Windows系统的互操作等等。特别值得一提的是，系统管理员从书中还将读到针对DNS、LDAP、安全和IP服务组织管理这类艰涩话题新的而且全面的探讨。

《Linux系统管理技术手册(第二版)》(LAHv2)延续了该书第一版(LAH)以及《UNIX系统管理技术手册》(USAH)的讲解风格，以当前主流的5种Linux发行版本(Red Hat ES、SuSE、Debian、Fedora Core和Ubuntu)为例，把Linux系统管理技术分为三个方面分别介绍。第一部分“基本管理技术”全面介绍了运行单机Linux系统涉及的各种管理知识和技术，如系统引导和关机、进程控制、文件系统管理、用户管理、设备管理、系统备份、软件配置以及cron和系统日志的管理使用等。第二部分“网络管理技术”从详细讲解TCP/IP协议基本原理开始，深入讨论了网络的两大基本应用——域名系统和路由技术，然后逐章讲解Linux上的各种Internet关键应用，如电子邮件、NFS、文件共享、Web托管和Internet服务，在这部分里还有专门的章节介绍网络硬件、网络管理与调试以及系统安全。第三部分“其他管理技术”包括了多种不容忽视的重要主题：X Window系统、打印系统、系统维护与环境、性能分析、与Windows系统的协作、串行设备、操作系统驱动程序和内核、系统守护进程以及政策与行政管理方面的知识等。本书的几位作者是分别来自学术界、企业界以及职业培训领域的Linux/UNIX系统管理专家，这使得本书从第1版开始，即成为全面、深入而且颇富实用性的Linux系统管理权威参考书。本书适合于从Linux初学者到具有丰富经验的Linux专业技术人员使用。

SECTION ONE: BASIC ADMINISRATION

CHAPTER 1　WHERE TO START　3

　Suggested background　4

　Linux’s relationship to UNIX　4

　Linux in historical context　5

　Linux distributions　6

　　So what’s the best distribution?　8

　　Distribution-specific administration tools　9

　Notation and typographical conventions　9

　　System-specific information　10

　Where to go for information　11

　　Organization of the man pages　12

　　man: read manual pages　13

　　Other sources of Linux information　13

　How to find and install software　14

　Essential tasks of the system administrator　16

　　Adding, removing, and managing user accounts　16

　　Adding and removing hardware　16

　　Performing backups　17

　　Installing and upgrading software　17

　　Monitoring the system　17

　　Troubleshooting　17

　　Maintaining local documentation　17

　　Vigilantly monitoring security　17

　　Helping users　18　System administration under duress　18

　　System Administration Personality Syndrome　18

　Recommended reading　19

　Exercises　20

CHAPTER 2　BOOTING AND SHUTTING DOWN　21

　Bootstrapping　21

　　Automatic and manual booting　22

　　Steps in the boot process　22

　　Kernel initialization　23

　　Hardware configuration　23

　　Kernel threads　23

　　Operator intervention (manual boot only)　24

　　Execution of startup scripts　25

　　Multiuser operation　25

　Booting PCs　25

　Using boot loaders: LILO and GRUB　26

　　GRUB: The GRand Unified Boot loader　26

　　LILO: The traditional Linux boot loader　28

　　Kernel options　29

　　Multibooting on PCs　30

　　GRUB multiboot configuration　30

　　LILO multiboot configuration　31

　Booting single-user mode　31

　　Single-user mode with GRUB　32

　　Single-user mode with LILO　32

　Working with startup scripts　32

　　init and run levels　33

　　Red Hat and Fedora startup scripts　36

　　SUSE startup scripts　38

　　Debian and Ubuntu startup scripts　40

　Rebooting and shutting down　40

　　Turning off the power　41

　　shutdown: the genteel way to halt the system　41

　　halt: a simpler way to shut down　42

　　reboot: quick and dirty restart　42

　　telinit: change init’s run level　42

　　poweroff: ask Linux to turn off the power　42

　Exercises　43

CHAPTER 3　ROOTLY POWERS　44

　Ownership of files and processes　44

　The superuser　46

　Choosing a root password　47

　Becoming root　48

　　su: substitute user identity　48

　　sudo: a limited su　48

　Other pseudo-users　51

　　bin: legacy owner of system commands　51

　　daemon: owner of unprivileged system software　51

　　nobody: the generic NFS user　51

　Exercises　52

CHAPTER 4　CONTROLLING PROCESSES　53

　Components of a process　53

　　PID: process ID number　54

　　PPID: parent PID　54

　　UID and EUID: real and effective user ID　54

　　GID and EGID: real and effective group ID　55

　　Niceness　55

　　Control terminal　56

　The life cycle of a process　56

　Signals　57

　kill and killall: send signals　60

　Process states　60

　nice and renice: influence scheduling priority　61

　ps: monitor processes　62

　top: monitor processes even better　65

　The /proc filesystem　65

　strace: trace signals and system calls　66

　Runaway processes　67

　Recommended reading　69

　Exercises　69

CHAPTER 5　THE FILESYSTEM　70

　Pathnames　72

　Filesystem mounting and unmounting　73

　The organization of the file tree　75

　File types　76

　　Regular files　78

　　Directories　78

　　Character and block device files　79

　　Local domain sockets　80

　　Named pipes　80

　　Symbolic links　80

　File attributes　81

　　The permission bits　81

　　The setuid and setgid bits　82

　　The sticky bit　82

　　Viewing file attributes　82

　　chmod: change permissions　84

　　chown: change ownership and group　86

　　umask: assign default permissions　86

　　Bonus flags　87

　Access control lists　88

　　ACL overview　88

　　Default entries　91

　Exercises　92

CHAPTER 6　ADDING NEW USERS　93

　The /etc/passwd file　93

　　Login name　94

　　Encrypted password　96

　　UID (user ID) number　96

　　Default GID number　97

　　GECOS field　98

　　Home directory　98

　　Login shell　98

　The /etc/shadow file　99

　The /etc/group file　101

　Adding users　102

　　Editing the passwd and shadow files　103

　　Editing the /etc/group file　104

　　Setting an initial password　104

　　Creating the user’s home directory　105

　　Copying in the default startup files　105

　　Setting the user’s mail home　106

　　Verifying the new login　106

　　Recording the user’s status and contact information　107

　Removing users　107

　Disabling logins　108

　Managing accounts　108

　Exercises　110

CHAPTER 7　ADDING A DISK　111

　Disk interfaces　111

　　The PATA interface　112

　　The SATA interface　114

　　The SCSI interface　114

　　Which is better, SCSI or IDE?　118

　Disk geometry　119

　Linux filesystems　120

　　Ext2fs and ext3fs　120

　　ReiserFS　121

　　XFS and JFS　122

　An overview of the disk installation procedure　122

　　Connecting the disk　122

　　Formatting the disk　123

　　Labeling and partitioning the disk　124

　　Creating filesystems within disk partitions　125

　　Mounting the filesystems　126

　　Setting up automatic mounting　127

　　Enabling swapping　129

　hdparm: set IDE interface parameters　129

　fsck: check and repair filesystems　131

　Adding a disk: a step-by-step guide　133

　Advanced disk management: RAID and LVM　138

　　Linux software RAID　139

　　Logical volume management　139

　　An example configuration with LVM and RAID　140

　　Dealing with a failed disk　144

　　Reallocating storage space　146

　Mounting USB drives　147

　Exercises　148

CHAPTER 8　PERIODIC PROCESSES　150

　cron: schedule commands　150

　The format of crontab files　151

　Crontab management　153

　Some common uses for cron　154

　　Cleaning the filesystem　154

　　Network distribution of configuration files　155

　　Rotating log files　156

　Other schedulers: anacron and fcron　156

　Exercises　157

CHAPTER 9　BACKUPS　158

　Motherhood and apple pie　159

　　Perform all dumps from one machine　159

　　Label your media　159

　　Pick a reasonable backup interval　159

　　Choose filesystems carefully　160

　　Make daily dumps fit on one piece of media　160

　　Make filesystems smaller than your dump device　161

　　Keep media off-site　161

　　Protect your backups　161

　　Limit activity during dumps　162

　　Verify your media　162

　　Develop a media life cycle　163

　　Design your data for backups　163

　　Prepare for the worst　163

　Backup devices and media　163

　　Optical media: CD-R/RW, DVD±R/RW, and DVD-RAM　164

　　Removable hard disks (USB and FireWire)　165

　　Small tape drives: 8mm and DDS/DAT　166

　　DLT/S-DLT　166

　　AIT and SAIT　166

　　VXA/VXA-X　167

　　LTO　167

　　Jukeboxes, stackers, and tape libraries　167

　　Hard disks　168

　　Summary of media types　168

　　What to buy　168

　Setting up an incremental backup regime with dump　169

　　Dumping filesystems　169

　　Dump sequences　171

　Restoring from dumps with restore　173

　　Restoring individual files　173

　　Restoring entire filesystems　175

　Dumping and restoring for upgrades　176

　Using other archiving programs　177

　　tar: package files　177

　　cpio: archiving utility from ancient times　178

　　dd: twiddle bits　178

　Using multiple files on a single tape　178

　Bacula　179

　　The Bacula model　180

　　Setting up Bacula　181

　　Installing the database and Bacula daemons　181

　　Configuring the Bacula daemons　182

　　bacula-dir.conf: director configuration　183

　　bacula-sd.conf: storage daemon configuration　187

　　bconsole.conf: console configuration　188

　　Installing and configuring the client file daemon　188

　　Starting the Bacula daemons　189

　　Adding media to pools　190

　　Running a manual backup　190

　　Running a restore job　192

　　Monitoring and debugging Bacula configurations　195

　　Alternatives to Bacula　197

　Commercial backup products　197

　　ADSM/TSM　197

　　Veritas　198

　　Other alternatives　198

　Recommended reading　198

　Exercises　198

CHAPTER 10　SYSLOG AND LOG FILES　201

　Logging policies　201

　　Throwing away log files　201

　　Rotating log files　202

　　Archiving log files　204

　Linux log files　204

　　Special log files　206

　　Kernel and boot-time logging　206

　logrotate: manage log files　208

　Syslog: the system event logger　209

　　Alternatives to syslog　209

　　Syslog architecture　210

　　Configuring syslogd　210

　　Designing a logging scheme for your site　214

　　Config file examples　214

　　Sample syslog output　216

　　Software that uses syslog　217

　　Debugging syslog　217

　　Using syslog from programs　218

　Condensing log files to useful information　220

　Exercises　222

CHAPTER 11　SOFTWARE AND CONFIGURATION MANAGEMENT　223

　Basic Linux installation　223

　　Netbooting PCs　224

　　Setting up PXE for Linux　225

　　Netbooting non-PCs　226Kickstart: the automated installer for 　　Enterprise Linux and Fedora　226

　　AutoYaST: SUSE’s automated installation tool　230

　　The Debian and Ubuntu installer　231

　　Installing from a master system　232

　Diskless clients　232

　Package management　234

　　Available package management systems　235

　　rpm: manage RPM packages　235

　　dpkg: manage Debian-style packages　237

　High-level package management systems　237

　　Package repositories　239

　　RHN: the Red Hat Network　240

　　APT: the Advanced Package Tool　241

　　Configuring apt-get　242

　　An example /etc/apt/sources.list file　243

　　Using proxies to make apt-get scale　244

　　Setting up an internal APT server　244

　　Automating apt-get　245

　　yum: release management for RPM　246

　Revision control　247

　　Backup file creation　247

　　Formal revision control systems　248

　　RCS: the Revision Control System　249

　　CVS: the Concurrent Versions System　251

　　Subversion: CVS done right　253

　Localization and configuration　255

　　Organizing your localization　256

　　Testing　257

　　Local compilation　258

　　Distributing localizations　259

　　Resolving scheduling issues　260

　Configuration management tools　260

　　cfengine: computer immune system　260

　　LCFG: a large-scale configuration system　261

　　The Arusha Project (ARK)　261

　　Template Tree 2: cfengine helper　262

　　DMTF/CIM: the Common Information Model　262

　Sharing software over NFS　263

　　Package namespaces　264

　　Dependency management　265

　　Wrapper scripts　265

　　Implementation tools　266

　Recommended software　266

　Recommended reading　268

　Exercises　268

SECTION TWO: NETWORKING

CHAPTER 12　TCP/IP NETWORKING　271

　TCP/IP and the Internet　272

　　A brief history lesson　272

　　How the Internet is managed today　273

　　Network standards and documentation　274

　Networking road map　275

　Packets and encapsulation　276

　　The link layer　277

　　Packet addressing　279

　　Ports　281

　　Address types　281

　IP addresses: the gory details　282

　　IP address classes　282

　　Subnetting and netmasks　282

　　The IP address crisis　285

　　CIDR: Classless Inter-Domain Routing　287

　　Address allocation　288

　　Private addresses and NAT　289

　　IPv6 addressing　291

　Routing　293

　　Routing tables　294

　　ICMP redirects　295

　ARP: the address resolution protocol　296

　Addition of a machine to a network　297

　　Hostname and IP address assignment　298

　　ifconfig: configure network interfaces　299

　　mii-tool: configure autonegotiation and other media-specific options　302

　　route: configure static routes　303

　　Default routes　305

　　DNS configuration　306

　　The Linux networking stack　307

　Distribution-specific network configuration　307

　　Network configuration for Red Hat and Fedora　308

　　Network configuration for SUSE　309

　　Network configuration for Debian and Ubuntu　310

　DHCP: the Dynamic Host Configuration Protocol　311

　　DHCP software　312

　　How DHCP works　312

　　ISC’s DHCP server　313

　Dynamic reconfiguration and tuning　314

　Security issues　316

　　IP forwarding　316

　　ICMP redirects　317

　　Source routing　317

　　Broadcast pings and other forms of directed broadcast　317

　　IP spoofing　317

　　Host-based firewalls　318

　　Virtual private networks　318

　　Security-related kernel variables　319

　Linux NAT　319

　PPP: the Point-to-Point Protocol　320Addressing PPP performance 　　issues　321

　　Connecting to a network with PPP　321

　　Making your host speak PPP　321

　　Controlling PPP links　321

　　Assigning an address　322

　　Routing　322

　　Ensuring security　323

　　Using chat scripts　323

　　Configuring Linux PPP　323

　Linux networking quirks　330

　Recommended reading　331

　Exercises　332

CHAPTER 13　ROUTING　334

　Packet forwarding: a closer look　335

　Routing daemons and routing protocols　337

　　Distance-vector protocols　338

　　Link-state protocols　339

　　Cost metrics　340

　　Interior and exterior protocols　340

　Protocols on parade　341

　　RIP: Routing Information Protocol　341

　　RIP-2: Routing Information Protocol, version 2　341

　　OSPF: Open Shortest Path First　342

　　IGRP and EIGRP: Interior Gateway Routing Protocol　342

　　IS-IS: the ISO “standard”　343

　　MOSPF, DVMRP, and PIM: multicast routing protocols　343

　　Router Discovery Protocol　343

　routed: RIP yourself a new hole　343

　gated: gone to the dark side　344

　Routing strategy selection criteria　344

　Cisco routers　346

　Recommended reading　348

　Exercises　349

CHAPTER 14　NETWORK HARDWARE　350

　LAN, WAN, or MAN?　351

　Ethernet: the common LAN　351

　　How Ethernet works　351

　　Ethernet topology　352

　　Unshielded twisted pair　353

　　Connecting and expanding Ethernets　355

　Wireless: nomad’s LAN　359

　　Wireless security　360

　　Wireless switches　360

　FDDI: the disappointing, expensive, and outdated LAN　361

　ATM: the promised (but sorely defeated) LAN　362

　Frame relay: the sacrificial WAN　363

　ISDN: the indigenous WAN　364

　DSL and cable modems: the people’s WAN　364

　Where is the network going?　365

　Network testing and debugging　366

　Building wiring　366

　　UTP cabling options　366

　　Connections to offices　367

　　Wiring standards　367

　Network design issues　368

　　Network architecture vs　building architecture　368

　　Existing networks　369

　　Expansion　369

　　Congestion　369

　　Maintenance and documentation　370

　Management issues　370

　Recommended vendors　371

　　Cables and connectors　371

　　Test equipment　371

　　Routers/switches　372

　Recommended reading　372

　Exercises　372

CHAPTER 15　DNS: THE DOMAIN NAME SYSTEM　373

　DNS for the impatient: adding a new machine　374

　The history of DNS　375

　　BIND implementations　376

　　Other implementations of DNS　376

　Who needs DNS?　377

　The DNS namespace　378

　　Masters of their domains 381

　　Selecting a domain name　382

　　Domain bloat　382

　　Registering a second-level domain name　383

　　Creating your own subdomains　383

　How DNS works　383

　　Delegation　383

　　Caching and efficiency　384

　　The extended DNS protocol　386

　What’s new in DNS　386

　The DNS database　389

　　Resource records　389

　　The SOA record　392

　　NS records　395

　　A records　396

　　PTR records　396

　　MX records　397

　　CNAME records　399

　　The CNAME hack　400

　　LOC records　401

　　SRV records　402

　　TXT records　403

　　IPv6 resource records　404

　　IPv6 forward records　404

　　IPv6 reverse records　405

　　Security-related records　405

　　Commands in zone files　405

　　Glue records: links between zones　407

　The BIND software　409

　　Versions of BIND　410

　　Finding out what version you have　410

　　Components of BIND　411

　　named: the BIND name server　412

　　Authoritative and caching-only servers　412

　　Recursive and nonrecursive servers　413

　　The resolver library　414

　　Shell interfaces to DNS　415

　Designing your DNS environment　415

　　Namespace management　415

　　Authoritative servers　416

　　Caching servers　417

　　Security　417

　　Summing up　418

　　A taxonomy of DNS/BIND chores　418

　BIND client issues　418

　　Resolver configuration　418

　　Resolver testing　420

　　Impact on the rest of the system　420

　BIND server configuration　420

　　Hardware requirements　421

　　Configuration files　421

　　The include statement　423

　　The options statement　423

　　The acl statement　429

　　The key statement　430

　　The trusted-keys statement　430

　　The server statement　431

　　The masters statement　432

　　The logging statement　432

　　The zone statement　432

　　The controls statement　436

　　Split DNS and the view statement　438

　BIND configuration examples　439

　　The localhost zone　439

　　A small security company　441

　　The Internet Systems Consortium, isc.org　444

　Starting named　446

　Updating zone files　447

　　Zone transfers　447

　　Dynamic updates　448

　Security issues　451

　　Access control lists revisited　451

　　Confining named　453

　　Secure server-to-server communication with TSIG and TKEY　453

　　DNSSEC　456

　　Negative answers　463

　　Microsoft and DNS　464

　Testing and debugging　466

　　Logging　466

　　Sample logging configuration　470

　　Debug levels　471

　　Debugging with rndc　471

　　BIND statistics　473

　　Debugging with dig　473

　　Lame delegations　475

　　doc: domain obscenity control　476

　　Other DNS sanity checking tools　478

　　Performance issues　478

　Distribution specifics　478

　Recommended reading　481

　　Mailing lists and newsgroups　481

　　Books and other documentation　481

　　On-line resources　482

　　The RFCs　482

　Exercises　482

CHAPTER 16　THE NETWORK FILE SYSTEM　484

　General information about NFS　484

　　NFS protocol versions　484

　　Choice of transport　485

　　File locking　486

　　Disk quotas　486

　　Cookies and stateless mounting　486

　　Naming conventions for shared filesystems　487

　　Security and NFS　487

　　Root access and the nobody account　488

　Server-side NFS　489

　　The exports file　490

　　nfsd: serve files　492

　Client-side NFS　492

　　Mounting remote filesystems at boot time　495

　　Restricting exports to insecure ports　495

　nfsstat: dump NFS statistics　495

　Dedicated NFS file servers　496

　Automatic mounting　497

　　automount: mount filesystems on demand　497

　　The master file　498

　　Map files　499

　　Executable maps　499

　Recommended reading　500

　Exercises　501

CHAPTER 17　SHARING SYSTEM FILES　502

　What to share　503

　nscd: cache the results of lookups　504

　Copying files around　505

　　rdist: push files　505

　　rsync: transfer files more securely　508

　　Pulling files　510

　NIS: the Network Information Service　511

　　Understanding how NIS works　512

　　Weighing advantages and disadvantages of NIS　514

　　Prioritizing sources of administrative information　515

　　Using netgroups　517

　　Setting up an NIS domain　517

　　Setting access control options in /etc/ypserv.conf　519

　　Configuring NIS clients　519

　　NIS details by distribution　520

　LDAP: the Lightweight Directory Access Protocol　520

　　The structure of LDAP data　521

　　The point of LDAP　522

　　LDAP documentation and specifications　523

　　OpenLDAP: LDAP for Linux　523

　　NIS replacement by LDAP　525

　　LDAP and security　526

　Recommended reading　526

　Exercises　527

CHAPTER 18　ELECTRONIC MAIL　528

　Mail systems　530

　　User agents　531

　　Transport agents　532

　　Delivery agents　532

　　Message stores　533

　　Access agents　533

　　Mail submission agents　533

　The anatomy of a mail message　534

　　Mail addressing　535

　　Mail header interpretation　535

　Mail philosophy　539

　　Using mail servers　540

　　Using mail homes　542

　　Using IMAP or POP　542

　Mail aliases　544

　　Getting mailing lists from files　546

　　Mailing to files　547

　　Mailing to programs　547

　　Aliasing by example　548

　　Forwarding mail　549

　　The hashed alias database　551

　Mailing lists and list wrangling software　551

　　Software packages for maintaining mailing lists　551

　　LDAP: the Lightweight Directory Access Protocol　555

　sendmail: ringmaster of the electronic mail circus　557

　　Versions of sendmail　557

　　sendmail installation from sendmail.org　559

　　sendmail installation on Debian and Ubuntu systems　561

　　The switch file　562

　　Modes of operation　562

　　The mail queue　563

　sendmail configuration　565

　　Using the m4 preprocessor　566

　　The sendmail configuration pieces　567

　　Building a configuration file from a sample .mc file　568

　　Changing the sendmail configuration　569

　Basic sendmail configuration primitives　570

　　The VERSIONID macro　570

　　The OSTYPE macro　570

　　The DOMAIN macro　572

　　The MAILER macro　573

　Fancier sendmail configuration primitives 574

　　The FEATURE macro　574

　　The use_cw_file feature　574

　　The redirect feature　575

　　The always_add_domain feature　575

　　The nocanonify feature　576

　　Tables and databases　576

　　The mailertable feature　578

　　The genericstable feature　579

　　The virtusertable feature　579

　　The ldap_routing feature　580

　　Masquerading and the MASQUERADE_AS macro　581

　　The MAIL_HUB and SMART_HOST macros　583

　　Masquerading and routing　583

　　The nullclient feature　584

　　The local_lmtp and smrsh features　585

　　The local_procmail feature　585

　　The LOCAL_* macros　586

　　Configuration options　586

　Spam-related features in sendmail　588

　　Relaying　589

　　The access database　591

　　User or site blacklisting　594

　　Header checking　595

　　Rate and connection limits　596

　　Slamming　597

　　Miltering: mail filtering　597

　　Spam handling　598

　　SpamAssassin　598

　　SPF and Sender ID　599

　Configuration file case study　599

　　Client machines at sendmail.com　599

　　Master machine at sendmail.com　600

　Security and sendmail　603

　　Ownerships　603

　　Permissions　604

　　Safer mail to files and programs　605

　　Privacy options　606

　　Running a chrooted sendmail (for the truly paranoid)　607

　　Denial of service attacks　608

　　Forgeries　608

　　Message privacy　610

　　SASL: the Simple Authentication and Security Layer　610

　sendmail performance　611

　　Delivery modes　611

　　Queue groups and envelope splitting　611

　　Queue runners　613

　　Load average controls　613

　　Undeliverable messages in the queue　613

　　Kernel tuning　614

　sendmail statistics, testing, and debugging　615

　　Testing and debugging　616

　　Verbose delivery　617

　　Talking in SMTP　618

　　Queue monitoring　619

　　Logging　619

　The Exim Mail System　621

　　History　621

　　Exim on Linux　621

　　Exim configuration　622

　　Exim/sendmail similarities　622

　Postfix　623

　　Postfix architecture　623

　　Receiving mail　624

　　The queue manager　624

　　Sending mail　625

　　Security　625

　　Postfix commands and documentation　625

　　Configuring Postfix　626

　　What to put in main.cf　626

　　Basic settings　626

　　Using postconf　627

　　Lookup tables　627

　　Local delivery　629

　　Virtual domains　630

　　Virtual alias domains　630

　　Virtual mailbox domains　631

　　Access control　632

　　Access tables　633

　　Authentication of clients　634

　　Fighting spam and viruses　634

　　Black hole lists　635

　　SpamAssassin and procmail　636

　　Policy daemons　636

　　Content filtering　636

　　Debugging　637

　　Looking at the queue　638

　　Soft-bouncing　638

　　Testing access control 638

　Recommended reading　639

　Exercises　640

CHAPTER 19　NETWORK MANAGEMENT AND DEBUGGING　643

　Network troubleshooting　644

　ping: check to see if a host is alive　645

　traceroute: trace IP packets　647

　netstat: get network statistics　649

　　Inspecting interface configuration information　649

　　Monitoring the status of network connections　651

　　Identifying listening network services　652

　　Examining the routing table　652

　　Viewing operational statistics for network protocols　653

　sar: inspect live interface activity　654

　Packet sniffers　655

　　tcpdump: king of sniffers　656

　　Wireshark: visual sniffer　657

　Network management protocols　657

　SNMP: the Simple Network Management Protocol　659

　　SNMP organization　659

　　SNMP protocol operations　660

　　RMON: remote monitoring MIB　661

　The NET-SMNP agent　661

　Network management applications　662

　　The NET-SNMP tools　663

　　SNMP data collection and graphing　664

　　Nagios: event-based SNMP and service monitoring　665

　　Commercial management platforms　666

　Recommended reading　667

　Exercises　668

CHAPTER 20　SECURITY　669

　Is Linux secure?　670

　How security is compromised　671

　　Social engineering　671

　　Software vulnerabilities　672

　　Configuration errors　673

　Certifications and standards　673

　　Certifications　674

　　Standards　675

　Security tips and philosophy　676

　　Packet filtering　677

　　Unnecessary services　677

　　Software patches　677

　　Backups　677

　　Passwords　677Vigilance　677

　　General philosophy　678

　Security problems in /etc/passwd and /etc/shadow　678

　　Password checking and selection　679

　　Password aging　680

　　Group logins and shared logins　680

　　User shells　680

　　Rootly entries　681

　　PAM: cooking spray or authentication wonder?　681

　POSIX capabilities　683

　Setuid programs　683

　Important file permissions　684

　Miscellaneous security issues　685

　　Remote event logging　685

　　Secure terminals　685

　　/etc/hosts.equiv and ~/.rhosts　685

　　Security and NIS　685

　　Security and NFS　686

　　Security and sendmail　686

　　Security and backups　686

　　Viruses and worms　686

　　Trojan horses　687

　　Rootkits　688

　Security power tools　688

　　Nmap: scan network ports　688

　　Nessus: next generation network scanner　690

　　John the Ripper: find insecure passwords　690

　　hosts_access: host access control　691

　　Samhain: host-based intrusion detection　692

　　Security-Enhanced Linux (SELinux)　693

　Cryptographic security tools　694

　　Kerberos: a unified approach to network security　695

　　PGP: Pretty Good Privacy　696

　　SSH: the secure shell　697

　　One-time passwords　698

　　Stunnel　699

　Firewalls　701

　　Packet-filtering firewalls　701

　　How services are filtered　702

　　Service proxy firewalls　703

　　Stateful inspection firewalls　703

　　Firewalls: how safe are they?　704

　Linux firewall features: IP tables　704

　Virtual private networks (VPNs)　708

　　IPsec tunnels　709

　　All I need is a VPN, right?　710

　Hardened Linux distributions　710

　What to do when your site has been attacked　710

　Sources of security information　712

　　CERT: a registered service mark of Carnegie Mellon University　712

　　SecurityFocus.com and the BugTraq mailing list　713

　　Crypto-Gram newsletter　713

　　SANS: the System Administration, Networking, and Security Institute　713

　　Distribution-specific security resources　713

　　Other mailing lists and web sites　714

　Recommended reading　715

　Exercises　716

CHAPTER 21　WEB HOSTING AND INTERNET SERVERS　719

　Web hosting basics　720

　　Uniform resource locators　720

　　How HTTP works　720

　　Content generation on the fly　722

　　Load balancing　722

　HTTP server installation　724

　　Choosing a server　724

　　Installing Apache　724

　　Configuring Apache　726

　　Running Apache　726

　　Analyzing log files　727

　　Optimizing for high-performance hosting of static content　727

　Virtual interfaces　727

　　Using name-based virtual hosts　728

　　Configuring virtual interfaces　728

　　Telling Apache about virtual interfaces　729

　The Secure Sockets Layer (SSL)　730　　Generating a certificate signing request　731

　　Configuring Apache to use SSL　732

　Caching and proxy servers　733

　　The Squid cache and proxy server　733

　　Setting up Squid　734

　Anonymous FTP server setup　734

　Exercises　736

SECTION THREE: BUNCH O' STUFF

CHAPTER 22　THE X WINDOW SYSTEM　741

　The X display manager　743

　Running an X application　744

　　The DISPLAY environment variable　744

　　Client authentication　745

　　X connection forwarding with SSH　747

　X server configuration　748

　　Device sections　750

　　Monitor sections　750

　　Screen sections　751

　　InputDevice sections　752

　　ServerLayout sections　753

　Troubleshooting and debugging　754

　　Special keyboard combinations for X　754

　　When good X servers go bad　755

　A brief note on desktop environments　757

　　KDE　758

　　GNOME　758

　　Which is better, GNOME or KDE?　759

　Recommended Reading　759

　Exercises　759

CHAPTER 23　PRINTING　761

　Printers are complicated　762

　Printer languages　763

　　PostScript　763

　　PCL　763

　　PDF　764

　　XHTML　764

　　PJL　765

　　Printer drivers and their handling of PDLs　765

　CUPS architecture　767

　　Document printing　767

　　Print queue viewing and manipulation　767

　　Multiple printers　768

　　Printer instances　768

　　Network printing　768

　　The CUPS underlying protocol: HTTP　769

　　PPD files　770

　　Filters　771

　CUPS server administration　772

　　Network print server setup　773

　　Printer autoconfiguration　774

　　Network printer configuration　774

　　Printer configuration examples　775

　　Printer class setup　775

　　Service shutoff　776

　　Other configuration tasks　777

　　Paper sizes　777

　　Compatibility commands　778

　　Common printing software　779

　　CUPS documentation　780

　Troubleshooting tips　780

　　CUPS logging　781

　　Problems with direct printing　781

　　Network printing problems　781

　　Distribution-specific problems　782

　Printer practicalities　782

　　Printer selection　782

　　GDI printers　783

　　Double-sided printing　783

　　Other printer accessories　783

　　Serial and parallel printers　784

　　Network printers　784

　Other printer advice　784

　　Use banner pages only if you have to　784

　　Provide recycling bins　785

　　Use previewers　785

　　Buy cheap printers　785

　　Keep extra toner cartridges on hand　786

　　Pay attention to the cost per page　786

　　Consider printer accounting　787

　　Secure your printers　787

　Printing under KDE　788

　　kprinter: printing documents　789

　　Konqueror and printing　789

　Recommended reading　790

　Exercises　790

CHAPTER 24　MAINTENANCE AND ENVIRONMENT　791

　Hardware maintenance basics　791

　Maintenance contracts　792

　　On-site maintenance　792

　　Board swap maintenance　792

　　Warranties　793

　Electronics-handling lore　793

　　Static electricity　793

　　Reseating boards　794

　Monitors　794

　Memory modules　794

　Preventive maintenance　795

　Environment　796

　　Temperature　796

　　Humidity　796

　　Office cooling　796

　　Machine room cooling　797

　　Temperature monitoring　798

　Power　798

　Racks　799

　Data center standards　800

　Tools　800

　Recommended reading　800

　Exercises　802

CHAPTER 25　PERFORMANCE ANALYSIS　803

　What you can do to improve performance　804

　Factors that affect performance　806

　System performance checkup　807

　　Analyzing CPU usage　807

　　How Linux manages memory　809

　　Analyzing memory usage　811

　　Analyzing disk I/O　813

　　Choosing an I/O scheduler　815

　　sar: Collect and report statistics over time　816

　　oprofile: Comprehensive profiler　817

　Help! My system just got really slow!　817

　Recommended reading　819

　Exercises　819

CHAPTER 26　COOPERATING WITH WINDOWS　821　Logging in to a Linux system from Windows　821

　Accessing remote desktops　822

　　Running an X server on a Windows computer　823

　　VNC: Virtual Network Computing　824

　　Windows RDP: Remote Desktop Protocol　824

　Running Windows and Windows-like applications　825

　　Dual booting, or why you shouldn’t　826

　　The OpenOffice.org alternative　826

　Using command-line tools with Windows　826

　Windows compliance with email and web standards　827

　Sharing files with Samba and CIFS　828

　　Samba: CIFS server for UNIX　828

　　Samba installation　829

　　Filename encoding　830

　　Network Neighborhood browsing　831

　　User authentication　832

　　Basic file sharing　833

　　Group shares　833

　　Transparent redirection with MS DFS　834

　　smbclient: a simple CIFS client　835

　　The smbfs filesystem　835

　Sharing printers with Samba　836

　　Installing a printer driver from Windows　838

　　Installing a printer driver from the command line　839

　Debugging Samba　840

　Recommended reading　841

　Exercises　842

CHAPTER 27　SERIAL DEVICES　843

　The RS-232C standard　844

　Alternative connectors　847

　　The mini DIN-8 variant　847

　　The DB-9 variant　848

　　The RJ-45 variant　849

　　The Yost standard for RJ-45 wiring　850

　Hard and soft carrier　852

　Hardware flow control　852

　Cable length　853

　Serial device files　853

　setserial: set serial port parameters　854

　Software configuration for serial devices　855

　Configuration of hardwired terminals　855

　　The login process　855

　　The /etc/inittab file　856

　　Terminal support: the termcap and terminfo databases　858

　Special characters and the terminal driver　859

　stty: set terminal options　860

　tset: set options automatically　861

　Terminal unwedging　862

　Modems　862

　　Modulation, error correction, and data compression protocols　863

　　minicom: dial out　864

　　Bidirectional modems　864

　Debugging a serial line　864

　Other common I/O ports　865

　　USB: the Universal Serial Bus　865

　Exercises　866

CHAPTER 28　DRIVERS AND THE KERNEL　868

　Kernel adaptation　869

　Drivers and device files　870

　　Device files and device numbers　870

　　Creating device files　871　　sysfs: a window into the souls of devices　872

　　Naming conventions for devices　872

　Why and how to configure the kernel　873

　Tuning Linux kernel parameters　874

　Building a Linux kernel　876

　　If it ain’t broke, don’t fix it　876

　　Configuring kernel options　876

　　Building the kernel binary　878

　Adding a Linux device driver　878

　　Device awareness　880

　Loadable kernel modules　880

　Hot-plugging　882

　Setting bootstrap options　883

　Recommended reading　884

　Exercises　884

CHAPTER 29　DAEMONS　885

　init: the primordial process　886

　cron and atd: schedule commands　887

　xinetd and inetd: manage daemons　887

　　Configuring xinetd　888

　　Configuring inetd　890

　　The services file　892

　　portmap: map RPC services to TCP and UDP ports　893

　Kernel daemons　893

　　klogd: read kernel messages　894

　Printing daemons　894

　　cupsd: scheduler for the Common UNIX Printing System　894

　　lpd: manage printing　894

　File service daemons　895

　　rpc.nfsd: serve files　895

　　rpc.mountd: respond to mount requests　895

　　amd and automount: mount filesystems on demand　895

　　rpc.lockd and rpc.statd: manage NFS locks　895

　　rpciod: cache NFS blocks　896

　　rpc.rquotad: serve remote quotas　896

　　smbd: provide file and printing service to Windows clients　896

　　nmbd: NetBIOS name server　896

　Administrative database daemons　896

　　ypbind: locate NIS servers　896

　　ypserv: NIS server　896

　　rpc.ypxfrd: transfer NIS databases　896

　　lwresd: lightweight resolver library server　897

　　nscd: name service cache daemon　897

　Electronic mail daemons　897

　　sendmail: transport electronic mail　897

　　smtpd: Simple Mail Transport Protocol daemon　897

　　popd: basic mailbox server　897

　　imapd: deluxe mailbox server　897

　Remote login and command execution daemons　898

　　sshd: secure remote login server　898

　　in.rlogind: obsolete remote login server　898

　　in.telnetd: yet another remote login server　898

　　in.rshd: remote command execution server　898

　Booting and configuration daemons　898

　　dhcpd: dynamic address assignment　899

　　in.tftpd: trivial file transfer server　899

　　rpc.bootparamd: advanced diskless life support　899

　　hald: hardware abstraction layer (HAL) daemon　899

　　udevd: serialize device connection notices　899

　Other network daemons　900

　　talkd: network chat service　900

　　snmpd: provide remote network management service　900

　　ftpd: file transfer server　900

　　rsyncd: synchronize files among multiple hosts　900

　　routed: maintain routing tables　900

　　gated: maintain complicated routing tables　901

　　named: DNS server　901

　　syslogd: process log messages　901

　　in.fingerd: look up users　901

　　httpd: World Wide Web server　901

　ntpd: time synchronization daemon　902

　Exercises　903

CHAPTER 30　MANAGEMENT, POLICY, AND POLITICS　904

　Make everyone happy　904

　Components of a functional IT organization　906

　The role of management　907

　　Leadership　907

　　Hiring, firing, and personnel management 908

　　Assigning and tracking tasks　911

　　Managing upper management　913

　　Conflict resolution　913

　The role of administration　915

　　Sales　915

　　Purchasing　916

　　Accounting　917

　　Personnel　917

　　Marketing　918

　　Miscellaneous administrative chores　919

　The role of development　919

　　Architectural principles　920

　　Anatomy of a management system　922

　　The system administrator’s tool box　922

　　Software engineering principles　923

　The role of operations　924

　　Aim for minimal downtime　925

　　Document dependencies　925

　　Repurpose or eliminate older hardware　926

　The work of support　927

　　Availability　927

　　Scope of service　927

　　Skill sets　929

　　Time management　930

　Documentation　930

　　Standardized documentation 931

　　Hardware labeling　933

　　User documentation　934

　Request-tracking and trouble-reporting systems　934

　　Common functions of trouble ticket systems　935

　　User acceptance of ticketing systems　935

　　Ticketing systems　936

　　Ticket dispatching　937

　Disaster recovery　938

　　Backups and off-line information　939

　　Staffing your disaster　939

　　Power and HVAC　940

　　Network redundancy　941

　　Security incidents　941

　　Second-hand stories from the World Trade Center　942

　Written policy　943

　　Security policies　945

　　User policy agreements　946

　　Sysadmin policy agreements　948

　Legal Issues　949

　　Encryption　949

　　Copyright　950

　　Privacy　951

　　Click-through EULAs　953

　　Policy enforcement　953

　　Control = liability　954

　　Software licenses　955

　　Regulatory compliance　956

　Software patents　957

　Standards　958

　　LSB: the Linux Standard Base　959

　　POSIX　959

　　ITIL: the Information Technology Interface Library　960

　　COBIT: Control Objectives for Information and related Technology　960

　Linux culture　961

　Mainstream Linux　962

　Organizations, conferences, and other resources　964

　　Conferences and trade shows　965

　　LPI: the Linux Professional Institute　967

　　Mailing lists and web resources　967

　　Sysadmin surveys　968

　Recommended Reading　968

　　Infrastructure　968

　　Management　969

　　Policy and security　969

　　Legal issues, patents, and privacy　969

　　General industry news　970

　Exercises　970

INDEX　973

ABOUT THE CONTRIBUTORS　999

ABOUT THE AUTHORS　1001