Dennis Matotek,

James Turnbull and

Peter Lieverdink

Pro Linux System Administration

Learn to Build Systems for Your Business Using Free and Open Source Software

2nd ed.

Dennis Matotek

Footscray, Victoria, Australia

James Turnbull

Brooklyn, New York, USA

Peter Lieverdink

North Melbourne, Victoria, Australia

Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub via the book's product page, located at www.apress.com/9781484220078 . For more detailed information, please visit www.apress.com/source-code .

ISBN 978-1-4842-2007-8

e-ISBN 978-1-4842-2008-5

DOI 10.1007/978-1-4842-2008-5

Library of Congress Control Number: 2017935471

© Dennis Matotek, James Turnbull and Peter Lieverdink 2017

Standard Apress

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.

Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights.

While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein.

Printed on acid-free paper

Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail [email protected], or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation.

To Bianca, Ziggy, Anika, Othello, plus the cute little chickens.

And special thanks to Sander whose knowledge and advice were invaluable on this book.

—Dennis

Contents

  1. Part I: The Beginning
    1. Chapter 1:​ Introducing Linux
      1. Linux Distributions
        1. Red Hat Enterprise Linux
        2. CentOS
        3. The Fedora Project
        4. Debian Linux
        5. Ubuntu
        6. Gentoo
        7. So Which Distribution Should You Choose?​
        8. So Which Distributions Does This Book Cover?​
      2. Picking Hardware
      3. Supported Hardware
      4. Getting the Software
      5. Getting Support
      6. Summary
    2. Chapter 2:​ Installing Linux
      1. LiveCDs and Virtual Machines
        1. LiveCDs
        2. Virtual Machines
      2. CentOS Server Installation
      3. Ubuntu Installation
      4. Troubleshooting
        1. Diagnostic Information
        2. Restarting Your Installation
        3. Troubleshooting Resources
      5. Summary
    3. Chapter 3:​ Introducing VirtualBox, Git, and Vagrant
      1. VirtualBox Installation
        1. Licensing
        2. Creating a New VirtualBox Machine
        3. Installing Git
        4. Git Basics
        5. Introducing Vagrant
        6. Installing Vagrant
        7. Vagrant Concepts
        8. Getting Started with Vagrant
      2. Summary
    4. Chapter 4:​ Linux Basics
      1. Getting Started
        1. Logging In
      2. Linux vs.​ Microsoft Windows
        1. The GUI Desktop
        2. The Command Line
        3. Shells
        4. Command-Line Prompt
        5. Typing Your First Command
      3. Remote Access
        1. Using SSH
      4. Getting Help
      5. Users and Groups
      6. Services and Processes
      7. Packages
      8. Files and Filesystems
        1. File Types and Permissions
        2. Links
        3. Users, Groups, and Ownership
        4. Size and Space
        5. Date and Time
      9. Working with Files
        1. Reading Files
        2. Searching for Files
        3. Copying Files
        4. Moving and Renaming Files
        5. Deleting Files
        6. Linking Files
        7. Editing Files
      10. Summary
    5. Chapter 5:​ Users and Groups
      1. What Happens When You Log In?​
      2. Working with Users and Groups
        1. Introducing sudo
        2. Creating Users
        3. Creating Groups
        4. Deleting Users and Groups
        5. Managing Users and Groups via the GUI
        6. Passwords
        7. Password Aging
        8. Disabling Users
        9. Storing User Data
        10. Storing Group Data
        11. Configuring Your Shell and Environment
      3. Controlling Access to Your Host
        1. Configuring PAM
      4. More about sudo
        1. Configuring sudo
      5. Summary
    6. Chapter 6:​ Startup and Services
      1. What Happens When Your Host Starts?​
        1. Powering On
        2. Boot Loaders
        3. Starting the Operating System
      2. Understanding the GRUB2 Boot Loader
        1. Using the GRUB2 Menu
        2. Configuring GRUB2
        3. Securing Your Boot Loader
      3. What Happens After You Boot?​
        1. Understanding Systemd
        2. Upstart:​ Ubuntu’s Init
        3. Remembering SystemV
      4. Managing Services
        1. Managing Services with Systemd
      5. Shutting Down and Rebooting Your Linux Host
      6. Scheduling Services and Commands
        1. Systemd Timers
        2. Introducing Cron
      7. Summary
    7. Chapter 7:​ Networking and Firewalls
      1. Introduction to Networks and Networking
        1. Getting Started with Interfaces
        2. Managing Interfaces
        3. Configuring Networks with Network Scripts
        4. Network Configuration Files for Ubuntu
        5. TCP/​IP 101
      2. General Network Troubleshooting
        1. Ping!
        2. MTR
        3. The tcpdump Command
        4. The Netcat Tool
        5. You Dig It?​
        6. Other Troubleshooting Tools
        7. Adding Routes and Forwarding Packets
        8. Netfilter and iptables
        9. How Netfilter/​iptables Work
        10. Tables
        11. Chains
        12. Policies
        13. Network Address Translation
        14. Using the Firewall-cmd Command
        15. Using the ufw Command
        16. Using the iptables Command
        17. Explaining Firewall Rules
        18. Logging and Rate Limiting and Securing Netfilter
        19. Further Exploring firewall-cmd
      3. TCP Wrappers
      4. Setting Up a ppp Connection
        1. ADSL Setup Using nmcli
      5. Summary
    8. Chapter 8:​ Package Management
      1. Introduction to Package Management
      2. Package Management on CentOS
        1. Getting Started
        2. The Application Installer
        3. Yellowdog Updater Modified
        4. DNF – or Dandified YUM
        5. Red Hat Package Management
      3. Package Management on Ubuntu
        1. Aptitude
        2. Package Management with Ubuntu Software App
        3. Using dpkg
        4. Examining Package Details
        5. Examining Package Contents
        6. Performing a File Search
        7. Installing Packages
        8. Removing a Package
      4. Compiling from Source
        1. Configure
        2. Compile and Make
        3. Install
        4. Uninstall
        5. Creating Packages with FPM
      5. Summary
    9. Chapter 9:​ Storage Management and Disaster Recovery
      1. Storage Basics
        1. Devices
      2. Partitions
      3. Filesystems
        1. Creating Swap Filesystem
        2. Creating an Ext4 Partition
        3. Tweaking ext2, ext3, and ext4 Filesystem Options
        4. The XFS Filesystem
      4. The Btrfs Filesystem
        1. Filesystems for Data Sharing
        2. Other Filesystems
      5. Using Your Filesystem
        1. Automating Mounts
        2. Checking Filesystem Usage
      6. RAID
        1. Types of RAID
      7. Logical Volume Management
        1. Creating Groups and Volumes
        2. Expanding a Logical Volume
        3. Shrinking a Logical Volume
        4. LVM Commands
      8. Recovering from Failure
        1. Boot Loader Problems
        2. Disk Failure
      9. Summary
  2. Part II: Making Linux Work for You
    1. Chapter 10:​ Infrastructure Services:​ NTP, DNS, DHCP, and SSH
      1. Keeping Time
        1. Time with timedatectl
        2. Network Time Protocol
        3. The Global NTP Server Pool
        4. Chrony
      2. Domain Name System
        1. Root Servers
        2. Querying Name Servers
        3. Running Caching DNS
        4. Authoritative DNS
        5. Dynamic DNS
      3. Dynamic Host Configuration Protocol
        1. Installing and Configuring
        2. Static Lease Assignments
        3. Dynamic DNS Updates
        4. Manually Changing DNS Entries
      4. Secure Shell
        1. Creating and Distributing Keys
        2. Using SSH Agent
        3. Tweaking SSH Configuration
        4. Performing Quick and Secure File Transfers
      5. Summary
    2. Chapter 11:​ Web and SQL Services
      1. Apache Web Server
        1. Installation and Configuration
        2. HTTPD Performance
        3. Access Restriction
        4. Modules
        5. File and Directory Permissions
      2. SQL Database
        1. Installation
        2. Testing the Server
        3. MariaDB Storage Engines
        4. Basic Tuning for XtraDB
        5. Basic MariaDB Administration
      3. Managing Web Site Contents
        1. Web Presence
        2. Securing Your Web Services with SSL/​TLS Certificates
        3. Creating HTTPS Certificates with Let’s Encrypt
        4. Other Web Applications
      4. Web Caching
        1. Squid-Cache
      5. Summary
    3. Chapter 12:​ Mail Services
      1. How Does E-mail Work?​
        1. What Happens When You Send an E-mail?​
        2. What Happens After You Send an E-Mail?​
      2. Configuring E-mail
        1. Installation
        2. Starting Postfix
        3. Understanding Postfix Configuration
        4. Initial Configuration
        5. Testing Postfix
        6. Choosing a Mailbox Format
      3. Extending Postfix Configuration
        1. Using Encryption
        2. Authentication
      4. Postfix Lookup Tables and Virtual Domains
      5. Getting Help for Postfix
      6. Combating Viruses and Spam
        1. Fighting Spam
        2. Antivirus
        3. Installing ClamAV
        4. Configuring ClamAV
        5. What to Do with an Infected E-mail?​
      7. Configuring IMAP and POP3
        1. IMAP
        2. POP3
        3. What’s the Difference?​
        4. Choosing Between IMAP and POP3
        5. Introducing Dovecot IMAP
      8. Virtual Domains and Users
      9. Alternative Mail Servers for Linux
      10. Summary
    4. Chapter 13:​ File Sharing and Printing
      1. File Sharing with Samba and NFS
      2. Samba
        1. Configuring Samba AD
        2. Testing Samba
        3. Configuring Samba Shares
        4. Adding Users to Samba
        5. Required iptables Rules for Samba
      3. Mounting Samba Shares on Linux
        1. Mounting Shares on macOS
        2. Resources
      4. NFS Shares:​ Linux to Linux
        1. Troubleshooting NFS
        2. Resources
      5. Distributed Network Filesystems
        1. GlusterFS
      6. Managing Documents
        1. Using Document Management Systems
      7. Print Servers
        1. CUPS
      8. Summary
    5. Chapter 14:​ Backup and Recovery
      1. Disaster Recover Planning
      2. Backup Process
        1. Things to Think About
      3. Network Backups
      4. Using rsync
        1. Using rsync over SSH
      5. Backing Up with Duply
        1. Setting Up S3 Buckets
        2. AWS User Policies
        3. Testing S3 Bucket Access
        4. Installing and Configuring Duply
      6. Using Bareos
        1. Getting the Software
        2. Configuring the Database
        3. Configuring Bareos
        4. Managing Bareos with bconsole
        5. Using GlusterFS for Backup Storage
        6. Backing Up Databases with Bareos Plug-Ins
        7. Introducing the Bareos Web-UI
      7. Summary
    6. Chapter 15:​ Networking with VPNs
      1. Our Example Network
      2. Introducing OpenVPN
        1. Installing OpenVPN
        2. Starting and Stopping OpenVPN
        3. Configuring OpenVPN
        4. Exposing Head Office Resources with OpenVPN
        5. VPN Connections for Mobile Users
      3. Troubleshooting OpenVPN
      4. Summary
    7. Chapter 16:​ Directory Services
      1. Overview
      2. What Is LDAP?​
      3. General Considerations
      4. Implementation
      5. Installation
        1. CentOS Installation Guide
        2. Ubuntu Installation Guide
      6. Configuration
        1. Requirements
        2. Configuring SLAPD
        3. Listing, Adding, and Creating a Schema
        4. Access Control Lists
        5. Working with the slapd Daemon
        6. Setting Up Your LDAP Client
      7. LDAP Management and Tools
        1. LDIFs and Adding Users
        2. Adding Users from LDIF Files
        3. Searching Your LDAP Tree
        4. Deleting Entries from Your LDAP Directory
        5. Password Policy Overlay
        6. Testing Your Access Control Lists
        7. Backing Up Your LDAP Directory
        8. LDAP Account Manager:​ Web-Based GUI
        9. Installation and Configuration
        10. Adding the Apache Virtual Host for LAM
      8. Integration with Other Services
        1. Single Sign-On:​ Centralized Linux Authentication
        2. How PAM Works
        3. LDAP and Apache Authentication
      9. Summary
    8. Chapter 17:​ Performance Monitoring and Optimization
      1. Basic Health Checks
        1. CPU Usage
        2. Memory Usage
        3. Disk Space
        4. Logs
      2. Advanced Tools
        1. CPU and Memory Use
        2. Swap Space Use
        3. Disk Access
        4. Deeper with dstat
      3. Continuous Performance Monitoring
        1. Collectd
        2. Graphite
        3. Grafana
      4. Performance Optimization
        1. Resource Limits
        2. sysctl and the proc File System
        3. Storage Devices
        4. File System Tweaks
        5. I/​O Schedulers
      5. Summary
    9. Chapter 18:​ Logging and Monitoring
      1. Logging
        1. journald
        2. rsyslogd
        3. Configuring rsyslog
        4. Configuring RELP
        5. Starting and Stopping rsyslog
        6. Testing Logging with logger
        7. Log Management and Rotation
      2. Log Analysis and Correlation
        1. Introducing Beats and Logstash
        2. Elasticsearch for Log Stashing
        3. Kibana Installation and Configuration
        4. Further Information
      3. Monitoring
        1. Introducing Nagios-Core
        2. Installing Nagios
        3. Starting Nagios
        4. Nagios Configuration
        5. Setting Up the Nagios Console
        6. Troubleshooting Nagios
      4. Summary
    10. Chapter 19:​ Configuration Management
      1. Provisioning
        1. Provisioning with CentOS Cobbler
        2. MAAS
      2. Configuration Management
        1. Introducing Puppet
        2. Installing Puppet
        3. Configuring Puppet
        4. Writing the Manifest
        5. Connecting Our First Client
        6. Creating Our First Configuration
        7. Applying Our First Configuration
        8. Specifying Configuration for Multiple Hosts
        9. Relating Resources
        10. Using Templates
        11. More Puppet
        12. Troubleshooting Puppet
        13. Introducing Ansible
        14. Serverspec Testing
      3. Summary
  3. Index

About the Authors and About the Technical Reviewer

About the Authors

A185439_2_En_BookFrontmatter_Figb_HTML.jpg

Dennis Matotek lives and works in Melbourne, Australia—possibly the birthplace of great coffee and the home to several exemplary coffeehouses and many, many average ones too.

He works as a senior development operations engineer at Envato, an online digital marketplace where a community of creatives can help bring ideas to life. There he helps a team of engineers deploy code, build infrastructure, and monitor performance for varying systems, mostly written in Rails. He usually works with AWS rather than bare metal and appreciates not having to change failed disks.

With two young children, Ziggy and Anika, he happily lives with his partner Bianca and a number of pets—one dog and six chickens.

James Turnbull is the CTO at Empatico, co-chair of O’Reilly’s Velocity conference, an advisor at AccessNow and Docker Inc.

Previously CTO at Kickstarter, VP of Engineering at Venmo and was an early employee and executive at Docker and Puppet Labs.

He is a contributor to a number of open source projects and regularly speaks on topics related to writing, systems administration, and open source technologies. He is the author of several books: https://terraformbook.com/ , https://www.artofmonitoring.com/ , https://www.dockerbook.com/ , https://www.logstashbook.com/ , Pro Puppet (Apress, 2011), Pulling Strings with Puppet: Systems Administration Made Easy (Apress, 2008), Hardening Linux (Apress, 2008), and Pro Nagios 2.0 (Apress, 2006).

Peter Lieverdink was born in a small Dutch country town. He owns a pair of clogs but has never eaten tulips or lived in a windmill. On his 22nd birthday, Peter moved to Australia and briefly worked in an office cubicle. He now runs his own business, Creative Contingencies Pty, Ltd. The business depends on open source software for infrastructure and development as well as daily office tasks.

Peter specializes in web application development and helping other businesses implement open source solutions using Linux on both desktops and servers.

About the Technical Reviewer

A185439_2_En_BookFrontmatter_Figc_HTML.jpg

Sander van Vugt is a best-selling author and technical trainer, living in the Netherlands. In his professional life, Sander focuses on enterprise Linux distributions and has authored several books and video courses about them. For more information, visit his web site, www.sandervanvugt.com .

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.149.251.142