USAH.book Page 973 Thursday, October 5, 2006 2:46 AM

Index

We have alphabetized files under their last components. And in most cases, only the last com- ponent is listed. For example, to index entries relating to the /etc/passwd , look under passwd. Our friendly distributors have forced our hand by hiding standard files in new and inventive directories on each system.

aliases file 106, 545–551 156, 887 A aliases, email 544–551 Analog Apache log analyzer 727 see also email Anderson, Paul 261 A DNS records 396, 407 see also sendmail anonymous FTP see FTP A6 DNS records 404 abuse 548, 594 Anvin, H. Peter 225 AAAA DNS records 404 distribution 156 Apache see web hosting Abell, Vic 74 examples 548 Apache Software Foundation 12, access agents, email 533 file format 545 724 access control lists see ACLs global 95 /etc/apache2 directory 724 access database, sendmail 589, hashed database 551 APC (American Power Conversion) 591–594 loops 546, 550 799 accounts see user accounts and mailing lists 551–554 APNIC (Asia-Pacific Network Infor- ACLs, DNS 429–430, 451–453 for new users 95 mation Center) 383 ACLs, filesystem 88–92, 833 postmaster 545 appropriate use policies (AUPs) 954 ACLs, firewall 701–708 root 548 APT, software tool 241–246 Adams, Rick 320 aliases.db file 551 apt-ftparchive 244 address match lists, BIND 422 alien 235 apt-get 241–246 Address Resolution Protocol (ARP) Allman, Eric 209, 530, 558, 566, 595 apt-proxy 244 275, 296–297, 315 allow-recursion option, DNS 425 ARIN (American Registry for Inter- addresses, email 95, 535 allow-update clause, DNS 433, 450 net Numbers) 288–289, 293, 371 addresses, Ethernet (aka MAC) 280, always_add_domain feature, ARK language 262 292 sendmail 575 Armstrong, Jason 620 addresses, IP see IP addresses Amanda backup system 197 ARP (Address Resolution Protocol) addresses, SCSI 117 amavisd email virus filter 637 275, 296–297, 315 adjtimex system call 903 amd 895 arp command 296 ADSM/TSM backup system 197 American Power Conversion (APC) ARPANET 272 agetty process 855–858 799 Arusha Project 261 aio daemon 894 American Registry for Internet Asia-Pacific Network Information air conditioning 796–798 Numbers (ARIN) 288–289, 293, Center (APNIC) 383 AirPort 360 371 887 AIT backup tapes 166 Amstadt, Bob 825 AT&T Bell Labs 5 Albitz, Paul 423 Anaconda 226 ata daemon 894

973 USAH.book Page 974 Thursday, October 5, 2006 2:46 AM

974 Linux Administration Handbook

ATA/ATAPI interface see IDE backups continued BIND ATAPI -ROM device names 873 incremental 170 see also DNS atd 887 interval between 159 see also name servers Athena, Project 741 off-site storage 161 see also named Atkins, Todd 220 programs 177–197 ACLs 451–453 ATM networks 362–363 to removable disks 165 address match lists 422 auth. 206 restoring 173–177, 939 client configuration 418–420 authors, contacting xxxvi schedules 171–173 components 411 /etc/auto.master file 497–498 security 161, 686 configuration 420–446 autofs script 497 setting up 169–176 configuration examples 439– automount daemon 497–499, 895 for ugprades 176–177 446 automounters when to 162 configuration files 421–423 amd 895 for Windows 197 debugging 466–478 automount 497–499, 895 Bacula 179–196 distribution-specific informa- configuration 498–500 see also Bacula configuration tion 478–481 NFS and 497–500 files DNSSEC 387, 456–463 Windows 834 architecture 180 .key DNSSEC key file 454 autonomous systems 340 client file daemon 188 dnssec-keygen 454, 458 AutoYaST 230 daemons, starting 189 dnssec-signzone 460–461 AUUG group 965 installation 181–182 doc (domain obscenity control) avoid-v4-udp-ports option, DNS manual backup 190–192 476–478 427 media pools 190 documentation 481–482 AWStats Apache log analyzer 727 restoring files 192–195 forwarding zone, configuring troubleshooting 195–196 436 Bacula configuration files 182–189 hardware requirements 421 B see also Bacula incremental zone transfers 388, /etc/bacula directory 182 429, 447 backspace vs. delete keys 859 /etc/bacula-dir.conf file 183– ISC configuration example 444 backup software and systems 187 keys, generating 458 see also backups /etc/bacula/bacula-fd.conf file KSK (key signing key) 458, 460 see also Bacula 189 localhost zone configuration - ADSM/TSM 197 bacula-sd.conf file 187 ample 439 Amanda 197 bconsole.conf file 188 logging 411, 432, 446, 466–471 Bacula 179–196 bad blocks, disk 123 loopback address 437 commercial systems 197–198 Bailey, Mick 885 master server, configuring 433 cpio 178 Baretta, Anne 860 /etc/named directory 424 178 shell 4, 32, 98 /etc/named.conf file 421–446, dump/restore 169–176 .bash_profile file 105 450–451, 470, 480–481 177–178 .bashrc file 105 named-checkconf 421, 455, 478 Veritas 198 Bastille Linux 710 named-checkzone 421, 478 backups 158–198 baud rate 863 nanny script 446 see also backup software and BCP documents 275 notification options 424 systems Beowulf clusters 964 nsupdate 449 see also Bacula Bergen Linux User Group 961 performance 478 see also media, backup Berkeley DB library 169, 253–254, .private DNSSEC key file 454 compression 164 551, 560, 577, 628 query forwarding 427 of a damaged disk 133 Berkeley Internet Name Domain /etc/resolv.conf file 418–420 designing data for 163 system see BIND resolver testing 420 disaster planning 939 Berkeley 5 rndc 436–438, 447, 471–473 filesystem size 161 BGP routing protocol 339 /etc/rndc.conf file 437 fitting on media 160 bidirectional modems 864 /etc/rndc.key file 437 full restore 175–176 /bin directory 75 rndc-confgen 437 hints 159–163 root server hints 435 root.cache file 435 USAH.book Page 975 Thursday, October 5, 2006 2:46 AM

Index 975

BIND continued BSD FFS filesystem 120 Chapman, Brent 552 security 417, 424, 451–464 BugTraq 713 character device files 77, 79, 871 shell interfaces see dig and Burgess, Mark 260 chat 325 nslookup bus errors 58 chat scripts, PPP 323, 326–328 signed zones, creating 458 BUS signal 58 Chatsworth Products 799 slave server, configuring 434 butt blocks (RJ-45 connectors) 851 chattr 87 DNS 438–439, 441–444 byte swapping 178 checklists, system administration statistics 473 943 stub zones, configuring 434 checksendmail 617 /etc/syslog.conf file 466 chfn 98 updating zone files 447–450 86 versions 410–411 CA (Certificate Authority) 731 chkconfig 36, 39, 520 zone transfers 413, 425, 447–448 cable modems 365 81, 84–86, 89 BIOSes 25–26 cables 86 bootstrapping and IDE 113 see also connectors chroot on SCSI cards 134 10*Base* 352–355 for FTP 735 black hole lists, spam 598, 635 Category * 352–355, 366 for named 451, 453 blackhole option, DNS 428 DB-9 to DB-25 848 for Postfix 625 Blandy, Jim 253 Ethernet 278, 353–355 for sendmail 607 block device files 77, 79, 871 IDE 114 chsh 98–99 blocking factor, tape 177 labeling 370, 934 ci, RCS check in 249–250 bogus directive, DNS 431 mini DIN-8 to DB-25 848 CIA triad 673 /boot directory 75 modem 846 CIDR (Classless Inter-Domain boot loaders 23, 26–31, 124, 138 null modem 846–847 Routing) 283, 286–288 GRUB 26–28, 30, 32 RJ-45 to DB-25 850 CIFS see Samba LILO 28–29, 31–32 SATA 114 CIM (Common Information Mod- multibooting 30 SCSI 115–117 ule) system configuration 262 boot.log file 207 serial, length limits 853 CISA (Certified Information Sys- boot.msg file 206 STP 844 tems Auditor) 675 BOOTP protocol 312 straight-through 846 Cisco routers 346–348, 701, 714 /etc/bootparams file 899 UTP 844 CiscoWorks 667 bootstrapping 21–25 Yost RJ-45 standard 850–852 CISSP (Certified Information Sys- automatic vs. manual 22 Cacti performance monitoring tool tems Security Professional) 674 device probing 23 664 clocks, synchronization 902 directly to bash 37 CAIDA (Cooperative Association clone system call 56 filesystem checking 132 for Internet Data Analysis) 291, closelog routine 218–220 fsck and 25 402 CNAME DNS records 399 kernel initialization 23 Card, Rémy 120 co, RCS check out 249, 251 kernel options 29 ccTLDs 379 COBIT (Control Objectives for In- kernel threads 23 cdebconf 231 formation and related Technolo- mounting NFS filesystems 495 cdebootstrap 231 gy) 960 multibooting 30–31 CentOS 7 commands, finding 15 options 883 Cerf, Vint 273 commands, scheduling 150–157 PC-specific issues 25 CERT 712 Computer Systems Research Group single-user mode 22, 24–25, 31– Certificate Authority (CA) 731 (CSRG) 5 33 Certificate Signing Request (CSR) concentrators see Ethernet, hubs startup scripts 32–40 731 confCOPY_ERRORS_TO option, /etc/sysconfig directory 37–38 Certified Information Systems Au- sendmail 569 breakout boxes 865 ditor (CISA) 675 .config file for kernel 877–878 broadcast addresses 281 cf/cf directory, sendmail 568 configuration files broadcast domain 352 cfengine 260 copying 505–511 broadcast storms 301, 357 CGI scripting 722 pulling 510 browsers, web 720 chage password aging program 680 pushing 505–510 BSD (Berkeley UNIX) 6 ChaosNet 390 sharing 502–526 USAH.book Page 976 Thursday, October 5, 2006 2:46 AM

976 Linux Administration Handbook

ConnectionRateThrottle option, Crypto-Gram newsletter 713 cylinders, disk 120 sendmail 608 cryptography cyrus mailer 573 connectors DES algorithm 679 see also cables 843 Diffie-Hellman key exchange DB-25 844–847 456, 679 D DB-9 848 in DNS 387, 453–463 IDE 113 IPsec 709 daemons mini DIN-8 847 in LDAP 526 see also individual daemon RJ-45 849 legal issues 949 names RS-232 to USB adapters 865 MD5 algorithm 96, 454 booting 898 SCSI 115–117 password encryption 94, 96, configuration 898 console emulators 859 542, 830 email 897 /dev/console file 218 public key 456 kernel 893 console, logging to 218 in sendmail 603–610 network 900–901 CONT signal 58, 61, 68 SSL 730 NFS 895–896 contacting the authors xxxvi .cshrc file 105 printing 894 control characters CSLIP protocol 320 remote command execution 898 in filenames 77 CSMA/CD (Ethernet) 351 remote login 898 and the driver 859–861 CSR (Certificate Signing Request) Samba 895–896 control terminal 56 731 sendmail queue runner 613 controls statement, DNS 436–438 CSRG (Computer Systems Research damaged filesystems 133 conventions used in this book 9–10 Group) 5 DARPA (Defense Advanced Re- cookies, NFS 486 ctime file attribute 83 search Project Agency) 272, 712 cooling systems 940 CTS (clear to send) signal 853 data center Cooper, Mendel 11 cu 864 cooling 797 Cooperative Association for Inter- CUPS 767–790, 894 power 798 net Data Analysis (CAIDA) 402 administration 772–780 racks 799 copyright issues 950 architecture 767–772 standards 800 Corbet, Jonathan 325 command line utilities 779 temperature monitoring 798 core files 154 comparison to ATT/BSD print- tool box 800 Council of European National Top- ing 779 wiring tracks 799 level Domain Registries 383 compatibility commands 778 data compression, modems 864 country code top-level domains 379 configuration examples 775 databases cpio 178 documentation 780 see also MySQL CPIP 961 filters 771–772 administrative 504, 511 CPU HTTP and 769 DNS 378, 389–409 load averages 808 logging 781 Foomatic printer database 771, statistics 808 network printing 768 782 usage, analyzing 806–809, 813 PPD printer description files NIS 511–512 cracklib 682 770–771 sendmail 577–578, 591–594 daemon 150–156, 887 print queues 767 of supported USB devices 784 common uses 154–156 printer autoconfiguration 774 datasize option, DNS 426 configuration (crontab) files printer classes 775 date 203 151–153, 887 printing a document 767 Dawson, Terry 12 logs 151 removing a printer 776 DB-25 connectors 844–847 management 153 startup scripts 773, 780 DB-9 connectors 848 skipped commands 156 troubleshooting 780–782 dbm/ndbm library 577 to automate logging 201 /etc/cups directory 772 DCD (data carrier detect) signal /etc/cron.allow file 153 cupsd daemon 768, 780 852–853 /etc/cron.deny file 153 /etc/cups/cupsd.conf file 768, 773, DCE (Data Communications Equip- crond see cron daemon 781 ment) interface 845–847 crontab command 153 cupsdconf 773 dd 133, 178 crontab files 151–153, 887 CVS 251–253 DDS/DAT tapes 166 crypt library routine 679 X server tools 823, 827 .deb software package format 235 USAH.book Page 977 Thursday, October 5, 2006 2:46 AM

Index 977

Debian network configuration 310 DHCP (Dynamic Host Configura- disks continued debian-installer 231 tion Protocol) 311–314 partitions 124–125, 134–136 debugging see troubleshooting backward compatibility 312 PATA see IDE DEC VT100 terminal 858 BIND and 449 performance 806–816 DeCSS 950 client configuration 314 performance tuning 130 default route 305, 329, 336 daemon 899 quotas 486 DEFAULT_HOME variable in log- duplicate addresses 314 RAID 805 in.defs 98 server configuration 313–314 RAM 815 DefaultUser option, sendmail 547, dhcp.leases file 313–314 reallocating storage space 146 603 dhcpcd daemon 313–314 removable 165 DELAY_LA option, sendmail 608, dhcpd daemon 899 SCSI 112, 114–118 613 /etc/dhcpd.conf file 313–314 Serial ATA see SATA delegation-only option, DNS 429 dial-in modems 855 swap space 812, 814 delete vs. backspace keys 859 dial-out programs 864 testing 123 delivery agents, email 532 dial-up networks see PPP protocol tracks and sectors 120 denial of service (DOS) attacks 213, Diffie-Hellman key exchange 456, USB 112, 147–148, 165 397, 511, 608, 817 679 DISPLAY variable 744, 748 Deraison, Renaud 690 dig 408, 410, 435, 452, 473–476 displays (monitors) 794 DES encryption 679 Digital Millennium Copyright Act distance-vector routing protocols desktop environments 757–759 (DMCA) 950 338 /dev directory 75, 79, 870–872 directed broadcasts, network 317 Distfile 506–508 device drivers 79, 868–870 directories 76–78 Distributed Management Task adding to kernel 878–880 directories, copying 177 Force (DMTF) 262 device awareness 880 directory indexes 611 distributions, Linux 6–9, 962 device numbers 870–872 directory statement, DNS 424 logos 10 hot-plugging 882–883 disaster popularity 962 loadable modules 880–882 planning for 163, 939 DIX Ethernet II 278 MODULE_DEVICE_TABLE power supplies 940 DMA, tuning 130 macro 880 recovery 710–712, 938–943 DMCA (Digital Millennium Copy- for PC hardware 870 diskless clients 232–234, 898 right Act) 950 printer 765 disks dmesg command 206 serial 872 see also LVM, RAID, SATA, IDE, dmesg file 206 terminal and control characters and SCSI DMTF (Distributed Management 859–861 as backup media 168 Task Force) 262 Windows printer 838–839 boot loaders 124 DNAME DNS records 404 device files 79 checking 131–133 DNS 377–386 attributes 84 connecting 122 see also BIND block vs. character 871 device files for 122 see also domain names, DNS creating 871 displaying free space 127 see also name servers for disks 122 failure and RAID 139 see also resource records, DNS major/minor device numbers Fibre Channel 112 see also zones, DNS 870–872 formatting 123 adding a new machine 374–375 MAKEDEV script 79, 872 geometry 119–120 anycast routing 424 names 872–873 hot-swappable 112, 116, 145 architecture 415–418 security 684 I/O analysis 813–815 asynchronous notification of for serial ports 853–855, 872 IDE 112–114, 118, 130 zone changes 388 for tape drives 171, 873 installing 122–129, 133–138 authoritative servers 413, 416 udev 79 interfaces 111–119 caching 384–386 devices, pseudo 871 labels 124–125 caching servers 413, 417 127, 494 LBA (Logical Block Addressing) use with CIDR 400–401 DFS (Distributed File System, Win- 112 client configuration 306 dows) 834 load balancing 805, 814 CNAME hack 400–401 USAH.book Page 978 Thursday, October 5, 2006 2:46 AM

978 Linux Administration Handbook

DNS continued DNS continued domain names, DNS continued country code top-level domains reverse mapping 378, 382, 396– rules 378–383 379 397, 405, 444 second-level 383 cryptography in 387, 453–463 reverse zone files 378 selecting 382 database 378, 389–409 RFCs 375–376, 482 squatting 380 delegation 383 root servers configuration file subdomains 383 denial of service (DOS) attacks 383 syntax 380 397 round-robin 723 top-level 378, 381 design 415–418 security 417, 424, 451–464 trailing dot in 381 doc (domain obscenity control) server architecture 418 domainname 520 476–478 server hints 414 domains, setting up NIS 517–520 domain names see domain service switch file 306–307 DontBlameSendmail option 603, names, DNS setup 415–418 605 dynamic updates 312, 448–450 slave server 413 DOS (denial of service) attacks 397, EDNS0 protocol 389 SOA record serial number 393 511, 608, 817 efficiency 384–386 SOA record shell interfaces 415 dot files 105–106 forward mapping 378, 382 SOA record timeout values 393 DoubleClick.net 951 forward zone files 378 spam, eliminating 403 dpkg 237 fully qualified domain names SPF (Sender Policy Framework) drivers directory, kernel source tree 381 pseudo-records 403 879 gTLDs (generic top-level do- split DNS 438 drivers see device drivers mains) 378–379 stub servers 413 DS DNS records 458, 460 history 375 stub zones 408–409 DSL networks 364–365 implementations 376–377 subdomains 383 DSR (data set ready) signal 852–853 in-addr.arpa domain 396 TKEY 453–456 DTE (Data Terminal Equipment) internationalization 388 top-level domains 378–379, 381 interface 845–847 IP addresses 374–375, 396–397 traceroute and 649 DTR (data terminal ready) signal ip6.arpa for reverse IPv6 map- TSIG (transaction signatures) 853 pings 404 444, 453–456 dual booting 30–31, 826 IPv6 support 404–405 TTL harmonization 390 dump 123, 169–173 ISP domain resgistration 381 us domain 380 /etc/dumpdates file 170 lame delegations 469, 475–476 VeriSign Site Finder tool 429 dumps see backups load balancing 385 ZSK (zone-signing keys) 458 duplex, setting interface see mii- lookups, sendmail 576 DNSKEY DNS records 457–458 tool master name server 413 DNSSEC 387, 456–463 DVD Copy Control Association 950 Microsoft and 464–466 dnssec-keygen 454, 458 DVMRP protocol 343 namespace 378, 381, 415 dnssec-signzone 460–461 negative answers 463 doc (domain obscenity control), negative caching 385 DNS 476–478 E nonauthoritative servers 413 documentation nonrecursive servers 413 Linux 11–14 e2label 127 protocol 376, 386 local 17, 930–934 ECN TCP option 307 public key cryptography 456 sources 11–13 EDITOR 103 Punycode 388 user 934 EFF (Electronic Frontier Founda- query recursion 425 Doering, Gert 856 tion) 958, 969 record types 391 domain directive, DNS 420 effective user IDs (EUIDs) 55 recursive servers 413 DOMAIN macro, sendmail 572 EIGRP protocol 339, 342 referrals 414 domain names, DNS 378–383 .emacs file 105 resolver configuration 418–420 case sensitivity 380 email resolver library 414 fully qualified 381 see also MX DNS records resolver testing 420 hierarchy 378 see also Postfix resource records see resource in-addr.arpa domain 396 see also sendmail records, DNS internationalization 388 access agents 533 registration 371, 383 addresses 95, 535 USAH.book Page 979 Thursday, October 5, 2006 2:46 AM

Index 979

email continued Ethernet 351–359 FEATURE macro, sendmail 574– aliases see aliases, email addresses 280 585 architecture 539–544 autonegotiation 302 Fedora network configuration 308 backup servers, ISP 541 broadcast domain 352 FHS (Filesystem Hierarchy Stan- blacklists 594–595 cables 278, 353–355 dard) 75 bounced messages 569 collisions 352, 649–650 Fibre Channel 112 clients 532 congestion 356–357, 369 file attributes 81–88 components 530–534 design issues 368–370 ACLs 88–92 daemons 897 DIX II 278 change 83 delivery agents 532 evolution 352 changing 81, 84–86 delivery status codes 593 frames see packets chattr 87 denial of service (DOS) attacks framing standards 277 on device files 84 608 hardware addresses 280, 292 directory search bit 82 envelope 534 hubs/concentrators 356 displaying using 81–84 Exim 621–623 packet encapsulation 276–277 group ID number 83 fallback MX 614 routers 358–359 inode number 84 forgery 608–609 speed 352 link count 83 forwarding 549–550 speed, setting 303 lsattr 87 headers 535–539 switches 353, 356–358 permission bits 81, 684 home mailbox 106, 542 topology 352 setuid/setgid bits 45, 82–83 IMAP protocol 533, 543 troubleshooting 366 sticky bit 82–83 loops 546, 550 UTP cables 353–355, 366 supplemental 87 mailing lists 551–554 EUIDs (effective user IDs) 55 symbolic links 80 message stores 533 EULAs (End User License Agree- user ID number 83 message structure 534–535 ments) 953 file statement, DNS 434 POP protocol 533, 543 EUROPEN 965 filenames privacy 610 event correlation 221 control characters in 77 proxies 540 events daemon 894 encoding under Samba 830 queue directory 563–565 exec system call 56 length restrictions 72 relaying 589–591 executable maps, NFS automounter pattern matching 10, 77 SASL 610 499 quoting 72 security 547, 603–610 Exim mail system 621–623 removing sneaky 77–78 server setup 540–541, 614 expect 104, 348 shell globbing 10, 77 spam see spam EXPN command 588 spaces in 72 submission agents (MSA) 533– exportfs 52, 491 files 534 /etc/exports file 489–491 see also configuration files system administration tasks 530 EXPOSED_USER macro, sendmail see also device files system components 530–534 581, 584 see also file attributes system design 539–544 ext2fs filesystems 87, 120 see also filenames to a disabled account 108 ext3fs filesystems 87, 120, 125 block device 77 to files 547 character device 77 to programs 547 deleting 77 transport agents 532 F device 122 undeliverable messages 613 directory 77–78 user agents 531 FAI 231 hard links 78 emergency see disaster fallback MX, email 614 links vs. original files 78 encryption see cryptography FAT filesystems 120 local domain sockets 77, 80 Engarde Linux 710 fax mailer 573 modes see file attributes enscript 778, 780 FC-AL (Fibre Channel Arbitrated named pipes 77, 80 environmental monitoring 798 Loop) 112 NFS locking 486 equipment racks 799 fcntl system call 486 ownership of 44–46 error correction protocols 863–864 157 permissions 81, 684 ESMTP protocol 532 FDDI networks 361–362 regular 77–78 /etc directory 75 fdisk 134–136, 140–141 removing temporary 154 USAH.book Page 980 Thursday, October 5, 2006 2:46 AM

980 Linux Administration Handbook

files continued firewalls 701–708 gdm 743 servers, dedicated NFS 496 host-based 318 GECOS information 98 servers, system files 510 ICMP blocking 645, 647–648 Geer, Dan 161 sharing with Samba 833 Linux IP tables 704–708 $GENERATE directive, DNS 401, symbolic links 77, 80 Netfilter 704–708 406 types of 76–81 packet-filtering 701–702 generic top-level domains 379 Filesystem Hierarchy Standard proxy 703 genericstable feature, sendmail (FHS) 75 stateful 703–704 579 filesystems 70–71 traceroute and 648 getfacl 89 see also partitions flock system call 486 gethostbyname routine 414, 516 automatic mounting 127 flow control, serial line 852–853 gethostent routine 819 backing up 160 Fogel, Karl 253 getty process 25, 855–858 BSD FFS 120 Foomatic database 771, 782 gettydefs file 858 checking and repairing 25, 128, fork system call 56 Ghostscript 780 131–133, 137 formatting disks 123 Ghostview 785 cleaning using cron 154–155 .forward file, email 549–550, 605 GIAC (Global Information Assur- converting ext2fs to ext3fs 121 forward mapping, DNS 382 ance Certification) 675 copying 178 forwarders option, DNS 427 GIDs see group IDs creating 125–126, 136–138 ForwardPath variable, sendmail globbing, shell 10, 77 damaged 131–133 549 GNOME 758–759 disabling setuid execution 684 fragmentation, IP 279 see also enabling ACLs 88 frame relay networks 363 GNU exporting NFS 489–492 frames see packets Free Software Foundation (FSF) ext2fs 87, 120, 125 framing standards, Ethernet 277 965 ext3fs 87, 120 Frampton, Steve 12 Openwall GNU/*/Linux (Owl) FAT 120 free 811 710 74 Free Software Foundation (FSF) 965 Public License (GPL) 962 inodes 126 free space, displaying 127 Stow 266 journaling 121 Free Standards Group 959 Zebra routing package 344 labels 127 fsck 25, 128, 131–133, 137 greet_pause feature, sendmail 597 Linux 120–122 /etc/fstab file 127–129, 132, 137, greylisting for spam 636 load balancing 805, 814 495, 497, 836 /etc/group file 101–102 loopback 73 FSUID process parameter 55 defining groups 45, 97 lost+found directories 127, 133 FTP editing 104 lsof 74 chrooted 735 for FTP servers 735 mounting 73–74, 126–129, 835 through firewalls 702–703 permissions 684 mounting at boot time, NFS 495 and HTTP, compared 735 group IDs naming conventions, NFS 487 permissions 736 see also /etc/group file organization 75 security 684, 736 globally unique 102 patching 133 server setup 734–736 kernel and 104 quotas 486 ftp 900 in ls output 83 reinitializing 69 ftpd daemon 735, 900 mapping to names 45 ReiserFS 121 /etc/ftpusers file 736 numbers 45 root 24, 32, 75, 124 fully qualified hostnames 381, 396 real, effective, and saved 45 sizing for backups 161 functions script 208 saved 55 smbfs 835 fuser 74 groups superblocks 126 FYI documents 275 see also /etc/group file sysfs 872, 882 default 97 unmounting 73 effective 55 filters, CUPS 771–772 G file attribute 83 find 72, 155 numbers (GIDs) 45 finger 98 gated routing daemon 344, 901 passwords for 101 FireWall-1 318 /etc/gateways file 344 of a process 55 GDI printers 783 grub 138 USAH.book Page 981 Thursday, October 5, 2006 2:46 AM

Index 981

GRUB boot loader 26–28 header checking, sendmail 595– IDE 112–114 multiboot configuration 30 596 accessing than 1024 cylin- options 883 Hesiod 390 ders 112 single-user mode 32 home directories 75 altering disk parameters 129– grub.conf file 27, 30, 883 creating 105 131 grub-install 27 location 75 device names 873 /etc/gshadow file 102 logging in to 98 DMA, tuning 130 guest user accounts 944 missing 98 history 112–113 Gutenprint project 771 removing 107 performance tuning 130 gv 785 /home partition 125 vs. SCSI 118 host 474 IDENT protocol 609 /etc/host.conf file 307 IEEE 802.* standards 278, 352, 356, H hostname command 299 358–359 /etc/hostname file 310 IETF (Internet Engineering Task hald 899 hostnames Force) 273 halt 42 fully qualified 396 ifconfig 299–302 halting the system 40–42 mapping to IP addresses 281, adding routes using 304, 335 Hamilton, Bruce 14 298 PPP and 321 hard carrier 852 /etc/hosts file 281, 298–299, 420 subnet masks and 283 hard disks see disks /etc/hosts.allow file 691–692 virtual addresses and 728 hard links 78 /etc/hosts.deny file 691–692 ifdown 309, 311 hardened Linux 710 /etc/hosts.equiv file 685, 898 ifup 40, 309, 311, 327 hardware hot-plugging kernel modules 882– IGMP (Internet Group Management see also disks 883 Protocol) 281 see also Ethernet hot-swappable drives 112, 116, 145 IGRP (Interior Gateway Routing see also maintenance Hotz, Steve 473 Protocol) 339, 342 see also networks HPAGE_SIZE kernel parameter 809 IIS 827 see also PC hardware HTTP IMAP (Internet Message Access air conditioning 796–798 CUPS and 769 Protocol) 533, 543, 897 BIND requirements 421 protocol 720–722 imapd 897 computer displays 794 server see web hosting in.fingerd 901 cooling systems 940 httpd see web hosting in.rlogind 898 decommissioning 791 httpd.conf file 726–732 in.rshd 898 environment 796–798 hubs, Ethernet 356 in.telnetd 898 equipment racks 799 HUP signal 58–59 in.tftpd 899 hubs 356 hwconf file 37 in-addr.arpa domain 396 kernel adaptation 869 HylaFAX 573 $INCLUDE directive, DNS 406 labeling 933 :include: directive, for email aliases logs 791 546 memory 23, 794–795, 804 I include statement, DNS 423 power supplies 798 incremental backups 170 probing 23 I/O schedulers 815–816 indirect maps, NFS automounter purchasing 782–787, 916–917 ICANN (Internet Corporation for 499 routers 358–359 Assigned Names and Numbers) inetd 885, 887–888, 890–893 static electricity 793 273, 289, 371, 383 /etc/inetd.conf file 890–892 switches 353, 356–358, 360 ICMP 275 init process 22–23, 56, 855–857, temperature monitoring 798 firewall blocking 645, 647–648 886–887 tools 800 netstat output 653 bootstrapping and 25 USB see USB packets 707 logins and 886 warranties 793 ping and 645 run levels and 33–36, 42, 886 wiring 366–368, 934 redirects 295, 317 startup scripts and 32, 38, 40 Hayes command language 864 sequence numbers 646 zombie processes and 56, 61 Hazel, Philip 621 tracroute and 648 /etc/init.d directory 34–35, 38, 40 hdparm 129–131 TTL and 647 initlog 207 USAH.book Page 982 Thursday, October 5, 2006 2:46 AM

982 Linux Administration Handbook

/etc/inittab file 34, 855–857, 886 IP continued jobs, scheduling 887 inodes 84, 126 packet forwarding 303, 316 John the Ripper 690 insmod 880–882 source routing 317 journaling filesystems 121 installation, Linux see Linux instal- spoofing 317–318 jukeboxes, tape media 167 lation TOS (-of-service) bits 330 INT signal 58–59 IP addresses 279–293 integrity monitoring 692 see also IPv6 K /etc/interfaces file 311 allocation 288–289 interfaces, network see networks broadcast 281 kacpid daemon 894 International Organization for Stan- CIDR (Classless Inter-Domain Kahn, Bob 273 dardization (ISO) 354 Routing) 283, 286–288 Kalt, Chrisophe 266 Internet classes 282 kblockd daemon 894 dial-up connections see PPP hostnames and 281, 298 KDE 758–759 protocol loopback interface 282, 294, see also X Window System Cache Protocol (ICP) 733 302, 397 Konqueror 789 Control Message Protocol see multicast 281–282 Print Manager 773 ICMP netmasks 282–285 printing under 788–790 Corporation for Assigned ports 281 kdm 743 Names and Numbers PPP 322 Kerberos 464, 695–696 (ICANN) 289 private 289–291, 409, 416, 438, kermit 864 Engineering Task Force (IETF) 465 kernel 868–869 273 shortage of 285–286 ARP cache 296 governance 273–275 subnetting 282–285 boot time options 29, 883 history 272–274 unicast 292 building 876–878 Network Information Center ipcalc 284 .config file, customizing 877– (InterNIC) 288 IPsec (Internet Protocol security) 878 Official Protocol Standards 274 709, 949 configuration 873–874 protocol security (IPsec) 709 iptables 319, 704–708 daemons 893 protocol see IP IPv6 286, 291–293 device drivers 79, 868–870 registries 289 DNS support 387, 404–405 hot-plug blacklist 883 RFC series 274–275 vs. CIDR 286 hot-plugging modules 882–883 Society (ISOC) 273 ISC (Internet Systems Consortium) HPAGE_SIZE 809 standards and documentation 312, 376 initialization 23 274–275 ISDN networks 364 loadable modules 880–882 system administration resources IS-IS protocol 339, 343 location 75 13 ISO (International Organization for logging 206–208, 894 Systems Consortium (ISC) 12, Standardization) 354 network security variables 319 312 ISO/IEC 17799 standard 675 options 874, 876–878 Worm 669 ISOC (Internet Society) 273 panics 131, 133 InterNIC (Internet Network Infor- ISPs saved group IDs 55 mation Center) 288 AOL 954 source tree 876–877, 879 intrusion detection, samhain 692– domain registration 381 swappiness parameter 811 693 IP address allocation 289–293 threads 23 IOS (Cisco router OS) 346–348 /etc/issue file 856 TOS-based packet sorting 330 iostat 813 ITIL (Information Technology In- tuning 314–316, 614, 874 IP 275 terface Library) 960 kernel directory 877 see also IP addresses KEY DNS records 455, 458 see also IPv6 .key DNSSEC key file, DNS 454 see also routing J key statement, DNS 430 directed broadcast 317 keymap file, corrupted 37 fragmentation 279 Jacobson, Van 273, 320, 329, 647, keys, generating BIND 458 masquerading see NAT 656 keys, SSH 697 JFS filesystem 122 USAH.book Page 983 Thursday, October 5, 2006 2:46 AM

Index 983

kghostview 788 legal issues 949–958 Linux installation continued Kickstart 226–229 appropriate use policies (AUPs) automating with cdebootstrap 60, 818 954 231 KILL signal 58–60 call records and web logs 952 automating with debian-in- killall 60, 203 copyrights 950 staller 231 Kim, Gene 617 cryptography 949 automating with FAI 231 Kirch, Olaf 12 EULAs (End User License automating with Kickstart 226– kjournald daemon 894 Agreements) 953 229 klogd daemon 207, 894 liability for data 954 automating with system-con- Knoppix 6, 232 pornography 954 fig-kickstart 231 Kolstad, Rob 617 privacy 951 ks.cfg file 227–229 Konqueror 789 software licenses 955 netbooting 224–226 Kotsikonas, Anastasios 553 Libes, Don 104 PXE protocol 225–226 kprinter 788–789 licenses, software 955 PXELINUX 225 Kristensen, Peter 266 lilo 28–29, 31, 138 system-config-netboot 226 ks.cfg file 227–229 LILO boot loader 28–29 TFTP protocol 225 ksoftirqd daemon 894 configuring 883 LinuxWorld conference 966 kswapd daemon 810, 894 multiboot configuration 31 listen-on option, DNS 426 Kudzu 37 single-user mode 32 listmanager 554 /etc/lilo.conf file 28, 31, 883 ListProc 553 limit 818 LISTSERV Lite 554 L link layer, networks 277–279 Liu, Cricket 423 links, hard 78–80, 83 LMTP protocol 625 lame delegations, DNS 469, 475– link-state routing protocols 339 78, 80 476 Linux load average, sendmail 613 LAMP platform 719 culture 961, 963 load averages 808 LANs 351 distributions 6–9, 962 load balancing ATM 362 documentation 11–14 disks and filesystems 805, 814 Ethernet 351–359 Documentation Project (LDP) DNS 385 FDDI 361–362 11 servers 805 lastlog file 206 history 5 web server 722–724 LBA (Logical Block Addressing) installation see Linux installa- loadable modules 880–882 112 tion LOC DNS records 401 LCFG (large-scale configuration International (LI) 964 local delivery agents, sendmail 533 system) 261 mailing lists 967 local domain sockets 77, 80 LDAP (Lightweight Directory Ac- popularity 962 /usr/local hierarchy 255–260 cess Protocol) 520–526 Professional Institute (LPI) 964, compilation 258–259 attribute names 522 967 distribution 259 documentation 523–524 resources 964–968 organizing 256–257 OpenLDAP 523 security flaws 670 testing 257–258 security 526 standards 958–960 LOCAL_* macros, sendmail 586 setup 524–525 Project 963 local_lmtp feature, sendmail 585 structure of data 521 vendor logos 10 local_procmail feature, sendmail use with sendmail 547, 555– vs. UNIX 4 585 557, 580–581 /usr/src/linux directory 876 localhost 282 user IDs and 97 Linux installation 224–232 localhost zone configuration exam- uses of 522–523 see also system administration ple, BIND 439 ldap_routing feature, sendmail see also system configuration local-host-names file 574 556, 580–581 automating from a master sys- locate 15, 771 LDP (Linux Documentation tem 232 lockd daemon 486 Project) 11 automating with AutoYaST lockf system call 486 leadership 907 230–231 /var/log directory 204 Leffler, Sam 573 automating with cdebconf 231 USAH.book Page 984 Thursday, October 5, 2006 2:46 AM

984 Linux Administration Handbook

log files 209–220 lpinfo 772 maintenance continued see also logging ls 45, 77, 81–84 power 798 see also syslog lsattr 87 preventive 795–796 analyzing and searching 220– lsmod 881 Uninterruptible Power Supply 221 lsof 74, 494 (UPS) 799 for Apache 727 LTO backup tapes 167 major device numbers 79, 870–872 archiving 204 lvcreate 144 Majordomo 552–553, 605 lists of 205, 218 lvextend 146 makedbm 512 for logins and logouts 206 LVM 139, 143–147 MAKEDEV script 79, 872 monitoring 220–221 creating 143–144 makemap 576–577 replacing while in use 203 resizing 146–147 man pages 11–13 rotating 156, 202, 208–209 lwresd 897 management 907–915 to system console 218 management standards, networks web hosting 727 658 /dev/log socket 210 M Manheimer, Ken 553 logcheck 220 MANs 351 logger 217–218 566–570, 586 many-answers option, DNS 425 logging MAC addresses 280, 292 map files, NFS automounter 499– see also log files Mackerras, Paul 508 500 see also syslog macros, sendmail 570–574 masks in ACLs 90 for BIND 411, 432, 446, 466–471 magic cookies, NFS 486 MASQUERADE_AS macro, send- boot-time 206–208 magic cookies, X Windows 746 mail 581–583, 616 to central server 214, 216 mail see email masquerading, sendmail 581–583 for cron 151 mail.local delivery agent 533, 585, master boot record (MBR) 26 for CUPS 781 605 master name server, DNS 413 hardware failures 791 MAIL_HUB macro, sendmail 583, master server, NIS 511–513, 517– kernel 206–208 600 518 for sendmail 619–621 MAILER macro, sendmail 573–574 master.cf file 623 for sudo 49 mailers 573 masters statement, DNS 432, 434 through syslog 218–220 cyrus 573 match-clients clause, DNS 438 to system console 218 discard 596 max-cache-size option, DNS 426 logging in from Windows 821–822 error 591, 596 MaxDaemonChildren option, logging statement, DNS 432, 466 fax 573 sendmail 608 logical unit numbers, SCSI 117 local 573 MaxMessageSize option, sendmail logical volume managment see LVM pop 573 608 login command 46, 856 qpage 574 MaxRcptsPerMessage option, .login file 105 mailertable feature, sendmail 578 sendmail 608 login process 855 mailing list software 551–554 MBR (master boot record) 26 login see user accounts listmanager 554 McKusick, Kirk 120 /etc/login.defs file 98, 100 ListProc 553 MDA (mail delivery agent) 532 logos, vendor 10 LISTSERV Lite 554 mdadm RAID management utility logrotate 208–209 Mailman 553 141–143, 145 /etc/logrotate.conf file 208 Majordomo 552 mdrecoveryd daemon 894 /etc/logrotate.d directory 208 SmartList 554 /proc/mdstat file 142, 145 logwatch 221 mailing lists 546, 551–554, 967 media, backup 163–169 loopback mailq 619 see also tapes address, BIND 437 .mailrc file 105 CD and DVD 164 filesystem 73 mailstats 615 jukeboxes 167 interface 282, 294, 302, 397 main.cf file 626 labeling 159 LOPSA 965 maintenance 791–800 life of 163 lost+found directories 127, 133 see also hardware magnetic 164 low-level formatting, disks 123 contracts 792–793 optical 164 lpd daemon 894 environment 796–798 summary of types 168 lpd-errs file 215 equipment racks 799 verifying 162 USAH.book Page 985 Thursday, October 5, 2006 2:46 AM

Index 985

memory mount 73, 126–128 name servers continued buffering 40 enabling filesystem ACLs 88 recursion 413, 425 effect on performance 804, 806 NFS filesystems 492–495 resolver 414, 418–420 kernel initialization and 23 mount point, filesystem 73 slave 413 management 809–811 mount.smbfs 836 stub 413 modules 794–795 mountd daemon 489 switch file 479 paging 809–814, 818 mounting filesystems see filesys- zone delegation 407–409 RAM disks 815 tems, mounting zone serial numbers 447 usage, analyzing 811–813 mpstat 808 named 412, 446 virtual (VM) 810–811 /var/spool/mqueue directory 563, see also BIND message of the day 856, 954 619 see also DNS message stores 533 mreport program 620 see also name servers /var/log/messages file 207, 215 MRTG (Multi-Router Traffic Gra- acl statement 430 Metcalfe, Bob 351 pher) 664 ACLs 429, 451–453 mgetty process 855–858 MSA (mail submission agent) 533 allow-recursion option 425 see Windows mt 178 allow-update clause 433, 450 mii-tool 303 MTA (mail transport agent) 532 avoid-v4-udp-ports option 427 Miller, Todd 49 MTU (maximum transfer unit) blackhole option 428 miltering, sendmail 597 278–279, 361 bogus directive 431 MIME (Multipurpose Internet Mail mtx 179 chrooted 451, 453 Extensions) 531, 601 MUA (mail user agent) 531 command-line interface see /etc/cups/mime.convs file 772 multibooting 30–31 named, rndc /etc/cups/mime.types file 771 multicast addresses 281–282 compiling with OpenSSL 458 Minar, Nelson 902 multiprocessor machines, analyzing configuration 420–446 mingetty process 855–858 performance 808 configuration examples 439– mini DIN-8 connectors 847 Multipurpose Internet Mail Exten- 446 864 sions (MIME) 531, 601 confining with chroot 453 minor device numbers 79, 870–872 multiuser mode 25 controls statement 436–438 78 MX DNS records 397–399 datasize option 426 mke2fs 125, 136–137 MySQL 180–182, 377, 719, 936 debugging 466–478 mkfs 69 delegation-only option 386, mknod 79–80, 871 429 mkpasswd 104 N directory statement 424 MKS Toolkit 827 domain directive 420 mkswap 138 Nagios SNMP monitoring tool 665 error messages 469 Mockapetris, Paul 375 name servers file statement 434 model file 771 see also DNS forwarders option 427 modems 852, 862–864 see also BIND forwarding zone, configuring modprobe 881 see also named 436 /etc/modprobe.conf file 881 authoritative 413, 416 $GENERATE directive 401, 406 MODULE_DEVICE_TABLE macro caching 384–386, 417 hardware requirements 421 880 caching-only 413 $INCLUDE directive 406 Mondo Rescue 197 delegation 383 include statement 423 monitoring log files 220–221 dynamic updates 448–450 init scripts 446 monitors 794 forwarding 427 ISC configuration example 444 Moore’s Law 273 hints 414 keep-running script 417 Morris, Robert, Jr. 669 keep-running script 417 key statement 430 MOSPF protocol 343 lame delegations 469, 475–476 listen-on option 426 /etc/motd file 856, 954 master 413 localhost zone configuration ex- Motion Picture Association of negative caching 385 ample 439 America 950 nonauthoritative 413 logging 411, 446, 466–471 USAH.book Page 986 Thursday, October 5, 2006 2:46 AM

986 Linux Administration Handbook

named continued named_dump.db file 472 networks logging statement 432, 466 named-checkconf 421, 455, 478 see also Ethernet many-answers option 425 named-checkzone 421, 478 see also IP addresses master server, configuring 433 namespace, DNS 378 see also network configuration masters statement 432, 434 naming conventions see also network wiring match-clients clause 438 device files 872 see also routing max-cache-size option 426 shared filesystems 487 see also TCP/IP /etc/named.conf file 421–446, nanny script 446 adding a machine to a LAN 297– 450–451, 470, 480–481 NAT 290–291, 319 307 named.run file 471 National Science Foundation (NSF) address translation see NAT named-checkconf 421, 455, 478 381 addresses 279–293 named-checkzone 421, 478 ncftp 510 administrative databases 504, notify option 424 ndbm library 169 511 options statement 423–429 neigh directory 315 ARP (Address Resolution Proto- $ORIGIN directive 406 Nemeth, Evi 679 col) 296–297 provide-ixfr option 448 Nessus 690 ATM 362–363 query-source option 426 NetBIOS 828, 896 broadcast storms 301, 357 recursion option 425 netbooting 224–226 CIDR (Classless Inter-Domain recursive-clients option 426 Netfilter 704–708 Routing) 286–287 request-ixfr option 448 /etc/netgroup file 517 connecting and expanding 355– rndc 436–438, 447, 471–473 netgroups, NIS 517 359 root server hints 435 netmasks 282–285 connecting with PPP 321 root.cache file 435 NeTraverse 826 daemons 900–901 rrset-order statement 428 NET-SNMP 661–664 debugging with mii-tool 302– search directive 419 netstat 649–654 303 server statement 431, 448 displaying interface names 300 default route 293–294, 305, 329, slave server, configuring 434 examining the routing table 294 336 sortlist option 428 examples 335–337 design issues 368–370 starting 448 interfaces 649 DHCP (Dynamic Host Configu- statements, list of 422 monitoring connections 651 ration Protocol) 311–314 stub zones, configuring 434 network statistics 649–654 firewalls 318, 701–708 testing 466–478 and NFS UDP overflows 492 interface activity reports 654 topology statement 428 open ports 652 interface configuration 299–302 transfers-in option 425 routing table 652 load balancing 385, 805 transfer-source option 426, Network Appliance, Inc. 496 loopback 282, 294, 302, 397 445 network configuration 298, 307– management issues 370–371, transfers-out option 425 311 643 transfers-per-ns option 425 Debian and Ubuntu 310 management protocols 657–661 trusted-keys statement 430 Red Hat and Fedora 308 management standards 658 $TTL directive 390, 394, 406 SUSE 309 monitoring 650–651 TTL options 428 Network Information Service see MTUs 278–279, 361 update-policy clause 450 NIS NAT 290–291, 319 updating zone files 447–450 Network Solutions, Inc. 381 netmasks 282–285 versions 411, 424 Network Time Protocol (NTP) 902 packets see packets view statement 438 network unreachable error 304 PAT 319 zone commands 405–407 network wiring 934 ping and 645–647 zone serial numbers 447 building 366–368 port scanning 688–690 zone statement 432–436 cable analyzer 366 ports 281 zone-statistics option 433 cable choices 352–355, 366 PPP 320–330 named pipes 77, 80 for offices 367 redundancy 941 /etc/named.conf file 421–446, 450– maintenance and documenta- routing tables 652 451, 470, 480–481 tion 370 scanner, Nessus 690 named.run file 471 Wireshark network sniffer 366 security see security USAH.book Page 987 Thursday, October 5, 2006 2:46 AM

Index 987

networks continued NIS (Network Information Service) Openwall GNU/*/Linux (Owl) 710 statistics 649–654 511–520 installation see subnetting 282–285 architecture 512–514 Linux installation troubleshooting 366, 644–654 commands 514 oprofile 817 tuning 314–316 configuring clients 519 options statement, DNS 423–429 virtual private networks see configuring servers 518 $ORIGIN directive, DNS 406 VPNs database files 511–512 orphaned processes 56, 61, 63 VLANs 357 files to share 503 OSI layers 276 wireless 278, 359–361 LDAP vs. 525 OSPF protocol 339, 342–343 network-scripts directory 38 map files 512 OSTYPE macro, sendmail 570–572 newaliases 551 master server 511–513, 517–518 newgrp 102 netgroups 517 NFS (Network File System) 484–500 query procedure 513 P all_squash option 488, 491 security 685–686 anongid option 488, 491 setting access control options Pack Management Project 266 anonuid option 488, 491 519 package management 234–247 buffer sizes 494 setting up a domain 517–520 alien conversion tool 235 client 492–495 slave servers 512–514, 517 automating 244–246 common options 491 nmap 688–690 .deb format 235 configuration, server 489–492 nmbd 829, 896 dpkg/APT 235, 237, 241–246 cookies 486 nocanonify feature, sendmail 576 Red Hat Network 240 daemons 895–896 nohup 59 repositories 239–240 dedicated file servers 496 notify option, DNS 424 RPM format 235 disk quotas 486 NS DNS records 395, 407 rpm/yum 235–238, 246–247 and dump 170 nscd daemon 504, 897 packages see software packages exporting filesystems 489–492 /etc/nscd.conf file 505, 897 packets file locking 486 NSEC DNS records 463 see also networks firewalls and 488 NSF (National Science Foundation) dropped 646 and the fstab file 127 381 encapsulation 276–277 hard vs. soft mounts 493 NSFNET 272 filtering 677, 701 insecure option 491, 495 /etc/nsswitch.conf file 307, 515, forwarding 335–337 mount 492–495 562 handling with Netfilter 704–708 mounting filesystems at boot nsupdate 449 ICMP 707 time 495 NTP (Network Time Protocol) 902 round trip time 646 naming conventions 487 /etc/ntp.conf file 902 sniffers 366, 655–657 no_root_squash option 488, ntpd 902–903 tracing 647–649 491 ntpdate 902 pages, memory 809–811 nobody account 51, 488 null modem serial cable 846–847 paging 129, 809–814, 818 protocol versions 484 nullclient feature, sendmail 584– Painter, Mark 376 root access 488 585 PAM (Pluggable Authentication RPC and 485 NXT DNS records 458 Modules) 681–682 secure option 491, 495 paper sizes for printers 777–778 secure_locks option 491 paperconfig 778 security 487–489, 495, 686 O PAPERSIZE environment variable statistics 495 778 subtree_check option 491 Oetiker, Tobias 262, 664 /etc/papersize file 778 TCP vs. UDP 485 office wiring 367 Parain, Will 261 tuning 494 off-site backup storage 161 partitions 124–125, 134–138 using to export email 542 Oja, Joanna 11 see also filesystems nfsd daemon 489, 492, 494 one-time passwords 698 load balancing 814 nfsstat 495 open relaying, email 589 resizing with LVM 146–147 61–62, 818 OpenLDAP 523, 555 root 124 nice value 55 openlog routine 218–220 setting up 134–136 OpenOffice.org 826 swap 124, 129, 138 USAH.book Page 988 Thursday, October 5, 2006 2:46 AM

988 Linux Administration Handbook

passwd command 46, 96, 104 performance continued pipes, named 77, 80 /etc/passwd file 93–99 measuring and monitoring 664, piracy 955 editing 96, 103 807 PIX firewall box 318 for FTP servers 735 memory 68, 804, 806, 811–813 PJL printer language 765 group ID numbers 83 network, TOS bits 330 .plan file 901 permissions 684 NFS 494 platters, disks 119 security 678–681, 684 nice 61 Pluggable Authentication Modules user ID numbers 45, 83 partitioning disks to improve (PAM) 681–682 passwords 124 poff command 330 aging 680 PPP 321 policy boot loader 673 using RAID to improve 139 agreements 107, 946–948 cracking 690 SDSC Secure Syslog 210 backups 939 encryption 94, 96, 830 sendmail 611–615 documents 943–948 FTP 735 Squid web cache 733–734 enforcement 953 group 101 st_atime flag 87 logging 201 initial 104 syncing log files 213 Postfix policy daemons 636 one-time 698 troubleshooting 817–819 security 945–946 root 47 tuning IDE drives 130 pon command 330 Samba 830 web server 722–724, 727 POP (Post Office Protocol) 533, 543, security 47, 678–681 performance analysis tools 828, 897 selection 47, 104, 679–680 free 811 pop mailer 573 shadow 94, 99–100, 678 iostat 813 popd 897 strength 682, 690 mpstat 808 pornography 954 PAT (Port Address Translation) oprofile 817 portmap daemon 488, 888, 893 319 procinfo 812 ports, network 281 PATA see IDE sar 816 numbers 893 patches, software 677 top 809 privileged 281, 689, 702 patents uptime 808 scanning 688–690 EU patent policy 957 vmstat 807 well known 688, 702 software 957–958 14, 150, 719, 722, 827, 923 ports, serial 844–847 U.S. patent office 957 in administrative scripts 4 POSIX 683, 959 pathnames 48, 72 example scripts 525 APIs under Windows 827 PC hardware generating passwords 524 root account capabilities 46 see also hardware insecure example 672 Post Office Protocol (POP) 533, 543, BIOSes 25 module sources 662 828, 897 boot device priority 26 null password check 679 postconf Postfix configuration tool bootstrapping 25 and swatch 220 627 delete character 859 and syslog 219 Postel, Jon 273 device drivers 870 user ID check 681 Postfix 623–638 multibooting 30–31 wrapping cron jobs 511 access control 632–634, 638 vs. UNIX hardware 25 permissions amavisd virus filter 637 PCL printer language 763, 766 chmod and 84 architecture 623 PDF 764, 766 file 81, 684 authentication 634 pdftops 772 important 684 black hole lists 635 performance 803–819 sendmail 604–605 chrooted 625 BIND 478 and 86 command-line utilities 625 CPU 806–809, 813 personnel management 908–910 configuring 626–634 disk 806, 813–815 PGP (Pretty Good Privacy) 610, 696 content filtering 636 factors affecting 806–807 Phonetics Sensaphone 798 debugging 637–639 improving 803–806 PIDs 54 greylisting 636 kernel tuning for email 614 PIM protocol 343 local delivery 629 load averages 808 ping 317, 645–647 lookup tables 627 USAH.book Page 989 Thursday, October 5, 2006 2:46 AM

Index 989

Postfix continued printing continued programs, finding 15 policy daemons 636 KDE Print Manager 773 Project Athena 741 queue manager 624 Konqueror and 789 .project file 901 receiving email 624 paper sizes 777–778 promiscuous relaying, sendmail security 625 PPD printer description files 589 sending email 625 770–771 provide-ixfr option, DNS 448 spam control 634–637 previewers 785 proxies, service 703 virtual domains 630–632 sharing printers using Samba proxies, web servers 733 virus filtering 637 836–839 62–64, 809, 817 PostScript 763, 766 software 779 pseudo-devices 871 power management 798 under KDE 788–790 pseudo-users 97 power supplies, emergency 940 using kprinter 789 PTR DNS records 396, 444 poweroff 42 Windows driver installation /dev/pts directory 75 /etc/cups/ppd file 771 838–839 public key cryptography 456, 697 PPD printer description files 770– XHTML 764 Punycode 388 771 priority, processes 55, 61–62 purchasing hardware 782–787, PPIDs 54 privacy 951 916–917 /etc/ppp directory 323 .private DNSSEC key file 454 PuTTY 821 PPP protocol 320–330 private IP addresses 289–291, 409, pvcreate LVM utility 143 commands, list of 324 416, 438, 465 PXE (Pre-boot eXecution Environ- configuration 323–330 privileged ports 281, 689, 702 ment) 225–226, 899 pppd daemon 323, 325, 327, 329 /proc filesystem 65–66, 314–316, PXELINUX 225 pppstats 329 872, 874 Python 4, 15–16, 523, 923 pr 780 processes 53 Practical Extraction and Report changing ownership credentials Language see Perl 45 Q Pre-boot eXecution Environment changing user and group IDs 46 (PXE) 225–226, 899 control terminal 56 qmgr 625 Preston, W. Curtis 198 EGID (effective group ID) 55 qpage mailer 574 Pretty Good Privacy (PGP) 610, EUID (effective user ID) 55 qpopper email server 543 696–697 execution states 60–61 qshape 638 printers FSUID parameter 55 quad A DNS records 404 see also printing GID (group ID) 55 query-source option, DNS 426 accounting 787 identities: real, effective, and queue groups, sendmail 611–612 cartridges 786 saved 45 queue runners, sendmail 613 drivers 765 IDs 54 QUIT signal 58–59 languages 763–766 monitoring 62–65 quotas, disk 486 network 773, 784 orphaned 56, 61, 63 PPD printer description files owner 45, 54 770–771 PPID (parent PID) 54 R purchasing 782–787 priority 55, 61–62 security 787 runaway 67–69 racks, equipment 799 selection 782–785 scheduling 45 RAID 139–147, 805, 894 serial and parallel 784 sending signals to 60 raidtools 141 USB 774, 781 spontaneous 23 RAM disks 815 WinPrinters 783 standard I/O channels 56 /dev/ram0 and /dev/ram1 files 815 printing stopping and starting 61 rc scripts see startup scripts see also CUPS UID (user ID) 54 rc.local script 36 see also printers zombie 56, 61, 63, 886 rcmd 898 banner pages 784–785 procinfo 812–813, 818 rcp 685, 898 daemons 894 procmail 533, 585, 636 RCPT command, SMTP 588 Foomatic database 771, 782 /etc/profile file 106 RCS 249–251 Gutenprint project 771 /etc/profile.d directory 106 rcsdiff 250 history 761–762 profiler, system 817 USAH.book Page 990 Thursday, October 5, 2006 2:46 AM

990 Linux Administration Handbook

rdesktop 825 resource records, DNS continued Rossi, Markku 778 rdist 505–508 special characters in 389 rotating log files 156, 202, 208–209 RDP (Remote Desktop Protocol) SRV 402–403, 464 route command 294, 303–305, 309, 824 time to live 390 900 rdump 171 trailing dot in names 389 routed daemon 341, 343–344, 900 real-time scheduling 56 TXT 403, 424 Router Discovery Protocol 343 RealVNC 824 WKS 403 routers 358–359 reboot 42 restore 173–176, 939 routing 293–295, 334–348 rebooting 40–41 reverse mapping, DNS 382, 396– autonomous systems 340 recursion option, DNS 425 397, 405, 444 BGP protocol 339 recursive-clients option, DNS 426 revision control 248–255 CIDR (Classless Inter-Domain Red Hat network configuration 308 CVS 251–253 Routing) 283–288 Red Hat Network, software reposi- RCS 249–251 Cisco routers 346–348 tory 240 Subversion 253–255 cost metrics 340 redirect feature, sendmail 575 RFCs daemons and protocols 337– REFUSE_LA option, sendmail 608 BCP documents 275 344 registration of domain names see DNS-related 375–376, 482 default route 293–294, 305, 329, domain names, registration email-related 532, 640 336 regular files 77–78 FYI documents 275 distance-vector protocols 338, Reiser, Hans 121 LDAP-related 523 342 ReiserFS filesystem 121 NFS-related 500 EIGRP protocol 342 /etc/mail/relay-domains file 589 overview 274–275 exterior gateway protocols 340 Remote Desktop Protocol (RDP) private address space 289–291 ICMP redirects 295, 317, 337 824 SNMP-related 667 IGRP protocol 342 Remote Procedure Call see RPC STD documents 275 interior gateway protocols 341– renice 61–62, 818 subnetting 285 343 repositories, software 239, 266 RHN, repository package 240 IS-IS protocol 343 request-ixfr option, DNS 448 .rhosts file 685, 898 link-state protocols 339 reset 862 Riggle, David 376 netmasks 282–285 resize_reiserfs 147 RIP protocol 339, 341–344 OSPF protocol 339, 342–343 resizing disk partitions 146–147 RIP-2 protocol 341 packet forwarding 303, 316, /etc/resolv.conf file 418–420 RJ-11 connectors 862 335–337 resolver library, DNS 414 RJ-45 connectors 355, 849 PPP 322 resource records, DNS 389–405 rlog 250 protocols 341–343 A 396, 407 rlogin 685 RIP protocol 339, 341–344 A6 404 77, 79 sendmail 583 AAAA 404 78 static routes 294, 303–305 CNAME 399 rmmod 881 static vs. dynamic routing 344– DNAME 404 rndc 436–438, 447, 471–473 345 DNSKEY 457–458 /etc/rndc.conf file 437 strategy 344–345 DS 458, 460 /etc/rndc.key file 437 subnetting 282–285 format 389 rndc-confgen 437 tables 293–295, 335–337, 652 glue 407–409 root account 44, 46, 681 unreachable networks 304 KEY 455, 458 accessing 48–51 with multiple ISPs 340 LOC 401 accessing via NFS 488 XORP (eXtensible Open Router MX 397–399 operations 46 Platform) 344 NS 407 passwords 47 Zebra package 344 NSEC 458, 460, 463 POSIX capabilities 46 Rowland, Craig 220 NXT 458 restricting access 685 RPC (Remote Procedure Call) PTR 396, 444 squashing, NFS 488 managing port assignments 888 quad A 404 /etc/sudoers file 49–50 mapping service numbers to RRSIG 457–458, 460, 463 user ID 46 ports 893 SIG 458 root filesystem 24, 32, 75 NFS and 485 SOA 392–395, 447 rootkits 688, 951 portmap and 893 USAH.book Page 991 Thursday, October 5, 2006 2:46 AM

Index 991

rpc.bootparamd daemon 899 Samba continued secure terminals 685 rpc.lockd daemon 895 file sharing 833 /etc/securetty file 685 rpc.mountd daemon 489, 895 filename encoding 830 security rpc.nfsd daemon 489, 895 group shares 833 account hygiene 93 rpc.rquotad daemon 896 installation 829–830 Application Security Checklist rpc.statd daemon 895 listing configuration options 676 rpc.ypxfrd daemon 896 830 auth.log file 206 rpciod daemon 896 log files 840 backups 161, 686 rpm 235–237 Network Neighborhood brows- BIND 417, 424, 451–464 RPM software package format 235 ing 831 certifications 673–675 rquotad daemon 486 password encryption 830 CISA (Certified Information RRDTool graphing tool 664 printer sharing 836–839 Systems Auditor) 675 rrestore 175 security 829 CISSP (Certified Information rrset-order statement, DNS 428 setting up passwords 830 Systems Security Professional) RRSIG DNS records 457–458, 460, sharing files 828 674 463 user authentication 832 vs. convenience 673 RS-232 standard 844–847, 853 UTF-8 encoding 830 denial of service (DOS) attacks RS-232 to USB adapters 865 WINS server 831 397, 511, 608, 817 rsh 898 samhain 692–693 device files 684 rsync 197, 508–511, 900 SAN (Storage Area Network) serv- directed broadcast 317 rsyncd daemon 900 ers 496 DNS 417, 424, 451–464 rsyncd.secrets file 510 SANE 965 DNSSEC 387, 456–463 RTS (request to send) signal 853 SANS Institute 675, 713, 965, 968 DOS attack via syslog 213 run levels 856 sar 654, 816 email 588 changing 887 Sarbanes-Oxley Act (SOX) 675, 956, email to programs 547, 605–606 init and 33–36, 42, 856, 886 960 file permissions 684 RunAsUser sendmail user account SASL (Simple Authentication and firewalls 701–708 603 Security Layer) 610 firewalls, host-based 318 runaway processes 67–69 SATA (Serial ATA) 112, 114 flaws in Linux 670 running Linux programs from Win- savelog 209 FTP 684, 736 dows 822–823 Sawyer, Michael 473 GIAC (Global Information As- Russinovich, Mark 951 /sbin directory 75 surance Certification) 675 rxvt 827 SCA (Single Connector Attachment) of group file 684 plug 116 handling attacks 710–712 schedulers, I/O 815–816 hardened Linux 710 S scheduling classes 56 hints 678 scheduling commands 150–157 hot-plug blacklist 883 S/MIME 610 SCO 951 ICMP redirects 295, 317 SafeFileEnvironment option, scp 697 identifying open ports 652 sendmail 606 SCSI 112, 114–118 information sources 712–715 SAGE guild 965–966, 968 BIOS 134 intrusion detection 692–693 SAIT tapes 166 connectors 115–117 IP forwarding 316 Samba 828–841 device names 873 IP spoofing 317–318 see also Windows fast and wide 115 iptables 704–708 CIFS 828 installing 134 Kerberos 695–696 command-line file transfer pro- troubleshooting 118 kernel network variables 319 gam 835 vs. IDE 118 LDAP and 526 configuration 829 scsi_eh_N daemon 894 log files 201, 214 daemons 829, 895–896 SDSC Secure Syslog 210 login names, uniqueness 95 debugging 840–841 search directive, DNS 419 monitoring 17, 677–678, 688, display active connections and search path 15 692, 704 locked files 840 SEC (Simple Event Correlator) 221 of named 451, 453 file and printer server daemon sectors and tracks, disks 120 network 316–319 896 secure file 206 NFS 487–489, 495, 686 USAH.book Page 992 Thursday, October 5, 2006 2:46 AM

992 Linux Administration Handbook

security continued SEGV signal 58 sendmail continued NIS 519, 685–686 SELinux 693–694 tables and databases 576–580 overview 669–670 Sender ID 599 verbose delivery 617–618 packet sniffers 655–657 Sender Policy Framework (SPF) versions 557 PAM (Pluggable Authentication 403, 599 virtusertable feature 579–580 Modules) 681–682 sendmail 530, 897 Sendmail, Inc. 530, 610 of passwd file 678–681, 684 see also email sendmail.cf file 559, 563, 565 of passwords 47, 94, 96, 679– see also spam sendmail.cw file 574 680, 690 access database 591–594 sendmail.st file 615 policy 945–946 acting as MSA/MTA 534 SEPP 266 port scanning 688–690 aliases see aliases, email serial of Postfix 625 authentication and encryption breakout boxes 865 of PPP 323 603–610 cables see serial cables of printers 787 chrooted 607 connectors see serial connectors remote event logging 685 command line flags 562 device drivers 872 reporting break-ins 712 configuration 559–561, 565– device files 853–855 restricting root access 685 587, 590–598 devices, software configuration .rhosts file 685 configuration examples 599– 855 root account 48, 681 603 drivers, special characters 859– rootkits 688, 951 configuration options 586–587 862 running su 48 controlling forgery 609 interface, DCE vs. DTE 845–847 Samba 829 debugging 558, 566, 615–621 line, debugging 864 SDSC Secure Syslog 210 delivery agents 533 line, flow control 852–853 search path 48 delivery modes 611 ports see serial ports secure file 206 documentation 566 terminals, configuring 855–859 /etc/securetty file 685 email to a disabled account 108 Serial ATA (SATA) 112, 114 SELinux 693–694 envelope splitting 611–612 serial cables of sendmail 558, 588–598, 603– headers 535–539, 595–596 length limits 853 610, 686 history 557 null modem 846–847 setuid programs 683–684 Installation and Operation straight-through 846–847 /etc/shadow file 678–681 Guide 639 Yost RJ-45 standard 850–852 shadow passwords 94, 99–100, installing 559–562 serial connectors 678 logging 619–621 DB-25 844–847 SNMP 660 m4 and 566–570, 586 DB-9 848 social engineering 671 masquerading 581–583 mini DIN-8 847 software patches 677 miltering 597 RJ-11 862 source routing 317 MX backup sites 565 RJ-45 849 SSH 685, 697–698 ownership, files 603–604 serial ports 844–847 SSL 730–732 performance 611–615 flow control 852–853 standards 675–676 permissions 604–605 hard/soft carrier 852 stunnel 699–701 privacy options 606–607 parameters, setting 854–855 syslog 214 queue groups 611–612 resetting 862 terminals 685 queue runners 613 setting options 860–862 tools 688–701 queues 563–565, 611–613, 619 server statement, DNS 431, 448 Trojan horses 687 rate and connection limits 596 servers TSIG (transaction signatures) relaying 589–591 Apache see web hosting 444, 453–456 security 558, 588–598, 603–610, DNS/BIND 412–414 viruses 686–687 686 email backup 541 of VPNs (virtual private net- and the service switch file 562 FTP 734–736 works) 318, 708–710 slamming 597 HTTP 724 of wireless networks 360 using SMTP to debug 618 Kerberos Windows and DNS X Window System 744–748, 823 spam control features 588–598 464 SecurityFocus.com 713 startup script 38 load balancing 385, 805 segmentation violations 58 statistics 615 master NIS 511–513, 517–518 USAH.book Page 993 Thursday, October 5, 2006 2:46 AM

Index 993

servers continued Simple Network Management Pro- snmpwalk 663 name see BIND, DNS, and tocol see SNMP SOA DNS records 392–395, 447 named single-user mode socket system call 80 network printer 773 booting to 24, 32 sockets, local domain 80 NFS 489–492, 496 bypassing 24 soft carrier 852 NIS slave 512–514, 517 entering 31 soft links 80 Squid 733–734 manual booting 22, 24 software Storage Area Network (SAN) remounting the root filesystem see also software package tools 496 24, 32 see also software packages system files 510 size, file attribute 84 configuration errors 673 TUX 727 skel directory 106 development 919–924 VNC 824 slamming, controlling in sendmail engineering principles 923–924 web proxy 733 597 licenses 955 web see web hosting slapd daemon 523, 555 management tools 266 WINS 831 slave servers, NIS 512–514, 517 patches 677 X Window System for Windows SLIP 320 patents 957–958 823, 827 slurpd daemon 523 piracy 955 service proxy firewalls 703 SMART_HOST macro, sendmail printing 779 service switch file 306–307, 562 583, 600 recommended 266 service.switch file 562 SmartList 554 sharing over NFS 263 /etc/services file 281, 702, 892–893 SMB protocol see Samba vulnerabilities 672 setfacl 89, 91 smb.conf file 829–831, 836, 840 software package tools setrlimit system call 818 smbclient 835 see also package management setserial 854 smbcontrol 840 see also software setuid/setgid file attribute 45, 82– smbd daemon 829, 896 see also software packages 83, 683–684 smbfs filesystem 835 alien 235 /etc/shadow file 99–100, 678–681, smbpasswd 830 APT 241–246 856 smbstatus 840 apt-ftparchive 244 shadow passwords 94, 99–100, 678 SMP (symmetric multiprocessing) apt-get 241–246 Shapiro, Gregory 610 808 apt-proxy 244 share (Samba) 828 smrsh email delivery agent 533, dpkg 237 shell 585, 605–606 high level 237–247 filename globbing 10, 77 SMTP protocol 532, 618, 625, 827 RHN (Red Hat Network) 240 login 98 smtpd 897 rpm 235–237 search path 48 smtpd/smtpfwdd 540 /etc/apt/sources.list file 242– startup files 105 smurf attacks 317 243 SHELL variable 861 SNMP 658–667, 900 yum 246 /etc/shells file 98, 108 agents 661–662 software packages showmount 492 using Cacti 664 see also software shutdown 41–42, 215 CiscoWorks and 667 see also software package tools shutting the system down 40–42 community string 660 dependencies 265 SIG DNS records 458 data collection 664 installers 234 signals 57–60 data organization 659–660 list of 267 see also individual signal names MIBs (Management Informa- localizations 255–260 caught, blocked, or ignored 57 tion Bases) 659–660 management 234–247 CONT 61, 68 using Nagios 665 namespaces 264 KILL 59–60 NET-SNMP 661–664 repositories 239 list of important 58 OIDs (object identifiers) 659– revision control 248–255 sending to a process 60 660 RPM format 235 STOP 61, 68 RMON MIB 661 software RAID 139 TERM 59–60 tools 663–666 Sony rootkits 951 tracing 66 traps 660 sortlist option, DNS 428 TSTP 61 snmpd daemon 662, 900 source routing 317 snmpd.conf file 662 /etc/apt/sources.list file 242–243 USAH.book Page 994 Thursday, October 5, 2006 2:46 AM

994 Linux Administration Handbook

SOX (Sarbanes-Oxley Act) 675, 956, standards continued sudo 48–51, 97, 206 960 ITIL (Information Technology sudo.log file 206 spam Interface Library) 960 /etc/sudoers file 49–50 amavisd virus filter 637 Linux 958–960 superblocks 126 blacklists 594–595, 598 LSB (Linux Standard Base) 959 superuser see root account danger of replying to 588, 598 network management 658 SUSE network configuration 309 eliminating using DNS 403 POSIX 959 svn 254 email header checking 595–596 security 675–676 svnserve daemon, Subversion 253 fighting 598–599 Windows email and web com- svnserve.conf file 254 greylisting 636 pliance 827 swap space 124, 129, 138, 812, 814 mobile spammers 598 star 197 swapon 128, 138, 812, 814 Postfix 634–637 StarOffice 826 swatch 220 relaying 589–591 startup files 105–106 switch file 420, 479 Sender ID 599 startup scripts 32–40 switches 353, 356–358, 360 sendmail control features 588– bootstrapping 32–40 Swpkg 266 598 CUPS 773, 780 symbolic links 77, 80 Spam Cop 598 examples 34, 38 symmetric multiprocessing (SMP) SpamAssassin 598 init and 22, 32, 38, 40 808 SPF 403, 599 /etc/init.d directory 34–35, 38, sync command 42 web resources for fighting 598 40 sync system call 42, 126 Spam Cop 598 NFS server 489 synchronization of clocks 902 SpamAssassin 598 sendmail 38 synchronizing files speed, setting for a network inter- startx 743 copying 505 face see mii-tool statd daemon 486 rdist 505–508 SPF (Sender Policy Framework) stateful inspection firewalls 703 rsync 508–510 403, 599 static electricity 793 wget/ftp/expect 510–511 split DNS 438–439, 441–444 static routes 294, 303–305 /proc/sys directory 874 squatting, domain 380 statistics /sys directory 872 Squid web cache 733–734, 955 BIND 473 /etc/sysconfig directory 37–38, 309 SRV DNS records 402–403, 464 CPU 808 sysctl 874 SSH 697–698 network 649–654 /etc/sysctl.conf file 316, 874 forwarding for X 747–748 NFS 495 sysfs virtual filesystem 872, 882 security 685 performance 816 syslog 209–220 Windows clients 821 reporting 816 see also log files X forwarding 823 sendmail 615 see also logging ssh 697 STD documents 275 actions 213 sshd daemon 697, 898 sticky bit 82–83 alternatives 209 /etc/sshd_config file 698, 823 STOP signal 58, 61, 68 architecture 210 SSL 730–732 Stow, GNU 266 central server 214, 216 stackers, tape media 167 STP cables 844 configuration examples 214– Stafford, Stephen 11 strace 66 217 standards 958–960 straight-through serial cables 846– configuring 210–213 COBIT (Control Objectives for 847 debugging 217–218 Information and related Tech- stty 852, 860–862 and DNS logging 466–471 nology) 960 stunnel 699–701 DOS attack via 213 data center 800 su 48 example using Perl 220 Ethernet 277, 352 subdomains, DNS 383 facility names 212 FHS (Filesystem Hierarchy submission agents, email (MSA) libraries 218–220 Standard) 75 533 output 216 IEEE 802.* 278, 352, 356, 358– submit.cf file 559, 566 programming interface 218– 359 subnet masks see networks, net- 220 Internet 274–275 masks remote logging 685 ISO/IEC 27001 675 subnetting 282–285 restarting 210 Subversion 253–255 security 214 USAH.book Page 995 Thursday, October 5, 2006 2:46 AM

Index 995

syslog continued system configuration 255–263 TCP/IP continued setup 214 see also hardware NAT 290–291, 319 severity levels 212 see also Linux installation netmasks 282–285 software that uses 218 see also system administration network model 276 /etc/syslog.conf file 204, 210– Arusha Project 261 packet encapsulation 276–277 216 cfengine 260 ports 281 syslogd daemon 203, 210–213, CIM (Common Information protocol suite 275–276 901 Model) 262 subnetting 282–285 time stamps 211 LCFG (large-scale configuration TOS bits 330 syslog routine 210, 218 system) 261 tcpd daemon 887 /etc/syslog.conf file 204, 210–216, management 260–263 tcpdump 656 620 Template Tree 2 262 tcpflow 657 syslogd daemon 203, 210–213, 901 system-config-kickstart 231 telinit 32, 42, 857, 887 syslog-ng 209 system-config-netboot 226 346 system administration 18 TELNET protocol 898 see also hardware Tel-splice connector 852 see also security T Template Tree 2, system configura- see also system administration tion 262 group responsibilities 900 temporary files, removing 154 automation 922–924 talkd daemon 900 Pro 821 checklists 943 Tanenbaum, Andrew S. 5 TERM environment variable 859, configuring multiple machines tape drives, device names 873 861 502 tapes, backup TERM signal 58–60 development 919–924 see also media, backup /etc/termcap file 858–859 disaster recovery 163, 938–943 4mm 166 Terminal Server service, Windows documentation 930–934 8mm 166 825 emergency power supplies 940 AIT 166 terminals 855–859 essential tasks 16–18 blocking factor 177 capability databases 858–859 Internet resources 13 copying 178 control 56 keeping users happy 904–906 DDS/DAT 166 secure 685 legal issues 949–958 device files 171 setting options 860–862 list of email tasks 530 DLT/S-DLT 166 special characters 859–862 local scripts 922–924 library, robotic 179 unwedging 862 management 907–915 LTO 167 terminators, SCSI 117 operations 924–926 positioning 178 /etc/terminfo file 858 orgs and conferences 964–967 SAIT 166 Terry, Douglas 376 personality syndrome 18 stackers 167 testing, system 257 policy agreements 948 VXA/VXA-X 167 testparm 830 purchasing hardware 782–787, tar 177–178 Texinfo 11 916–917 target number, SCSI 117 TFTP 312, 899 role of 915–919 TCP tftp 347 SOX (Sarbanes-Oxley Act) 956 connection states 651 Thomas, Eric 554 support 927–930 vs. UDP for NFS 485 threads, kernel 23 survey results 968 wrappers 887 TIA (Telecommunications Industry testing solutions 910 TCP/IP 271, 275–281 Association) 354 toolbox 800, 922–923 CIDR (Classless Inter-Domain TightVNC 824 trouble ticketing and tracking Routing) 283, 286–288 time synchronization 902–903 935–938 fancy options (SACK, ECN) 307 tip 864 system administration roles fragmentation 279, 646 TLS see SSL administration 915–919 history 272 TLT/S-DLT tapes 166 development 919–924 IPsec 949 /tmp directory 75 management 906–915 IPv6 286, 291–293 /tmp partition 125 operations 924–927 loopback interface 282, 294, tools, hardware 800 support 927–930 302, 397 top 65, 809, 817 USAH.book Page 996 Thursday, October 5, 2006 2:46 AM

996 Linux Administration Handbook

top-level domains 379, 381 TSM (Tivoli Storage Manager) 197 USB 865–866 topology statement, DNS 428 TSTP signal 58, 61 device identification 869 Torvalds, Linus 5 TTL (time to live), packets 647 disks 112, 147–148, 165 traceroute 647–649 $TTL directive, DNS 390, 394, 406 printers 774, 781 tracks and sectors, disks 120 TTL for DNS resource records 390 RS-232 adapters 865 transfers-in option, DNS 425 tune2fs 121, 132 in place of SCSI 115 transfer-source option, DNS 426, tuning supported devices 784 445 IDE disks 130 use_cw_file feature, sendmail 574 transfers-out option, DNS 425 the kernel 314–316, 874 USENIX association 965–966, 968 transfers-per-ns option, DNS 425 network parameters 314–316 user accounts transport agents, email 532 NFS 494 adding 102–107, 109 Tridgell, Andrew 508, 828 TUX server 727 aliases, global (email) 95 Troan, Erik 208 Tweedie, Stephen 120 authentication under Samba Trojan horses 687 TXT DNS records 403, 424 832 Trojnara, Michal 699 typographic conventions 9–10 bin 51 trouble ticketing and tracking 935– daemon 51 938 deleting 110 troubleshooting U disabling 108 Bacula 195–196 email home machine 106 BIND 466–478 U (rack unit) 791 ftp 735 CUPS 780–782 Ubuntu network configuration 310 GECOS information 98 named 466–478 udev 79 guest 944 network hardware, cable analyz- udev system 872 home directories 75, 98, 105 ers 366 udev.conf directory 872 hygiene 93 network hardware, sniffers 366 udevd 872, 899 ID number see user IDs network hardware, T-BERD line UDP (User Datagram Protocol) login process 46 analyzer 366 271, 275, 485 login shell 98 network printing 781 UIDs see user IDs modifying 109 networks 366, 644–654 Ultr@VNC project 824 names 94–95 networks with mii-tool 302– Ultra SCSI see SCSI nobody (NFS) 51, 488 303 umask 86, 105 passwords 104 Postfix 637–639 umount 73, 129, 494 pseudo-users 51 printers 780–782 881 removing 107 RAID 144–145 undeliverable messages, sendmail root see root account runaway processes 67–69 613 sendmail use of 603 Samba 840–841 unicast addresses 292 shared 680 SCSI 118 Uninterruptible Power Supply site-wide management 944 sendmail 615–621 (UPS) 799 startup files 105 serial line 864–865 UNIX vs. Linux 4 superuser see root account sluggish system 817–819 unlink system call 80 user agents, email 531 syslog 217–218 unshielded twisted pair see UTP ca- User Datagram Protocol see UDP wedged terminal 862 bles user IDs 45, 54–55, 96–97, 104 X Window System 754–757 unsolicited commercial email see useradd 102, 109 Xorg X server 754–757 spam userdel 110 trusted-keys statement, DNS 430 update-policy clause, DNS 450 usermod 99, 109 TrustedUser sendmail user ac- update-rc.d 40 usernames see user accounts, names count 603 updating zone files, DNS 447–450 users Ts’o, Theodore 120 upgrades 176–177 see also user accounts tset 861–862 uptime 808, 818 documentation 934 TSIG (transaction signatures) 444, URLs 720–721 keeping them happy 904–906 453–456 us domain 380 policy agreements 946–948 Tsirigotis, Panos 887 /usr directory 75 UTP cables 353–355, 366, 844 USAH.book Page 997 Thursday, October 5, 2006 2:46 AM

Index 997

Windows continued V W FAT filesystems 120 IMAP 828 V.90 modem standard 863 system call 57 Kerberos server and DNS 464 van den Berg, Stephen R. 554, 585 Wall, Larry 388 logging in from 821–822 /var filesystem 75, 125 WANs 351 mounting Windows filesystems variables, initializing in startup files Ward, Grady 47 835 105 WarGames 669 multibooting with LINUX 30– vendor logos 10 warranties 793 31 vendors we like 371–372 Warsaw, Barry 553 Network Neighborhood brows- Venema, Wietse 623, 856 Wassenaar, Eric 474 ing using Samba 831 VeriSign Site Finder tool 429 Watchguard Firebox 319 POP (Post Office Protocol) 828 Veritas, backup tool 198 WBEM (Web-Based Enterprise printing 838–839 VERSIONID macro, sendmail 570 Management) standard 658 RDP (Remote Desktop Proto- VFS (Virtual File System) 120 web see World Wide Web col) 824 vgcreate LVM utility 143 Web 2.0 719 running Linux programs from vgdisplay LVM utility 143, 146 web hosting 719–734 822–823 vgscan LVM utility 143 Apache 724–732 running under VMware 825 Viega, John 553 Apache configuration 726–732 running Windows programs un- view statement, DNS 438 Apache installation 724–726 der Linux 825 .vimrc file 105 caching server 733–734 sharing files 828 vipw 103 certificates 731–732 SMTP 827 virtual domains, Postfix 630–632 CGI scripting 722 SSH clients 821 Virtual File System (VFS) 120 httpd 901 Terminal Server service 825 virtual hosts, web 727–730 IIS (Windows) 827 UNIX software running on 827 virtual memory (VM) 124, 129, load balancing 385, 722–724 VNC servers 824 810–811 log files 727 project 825 Virtual Network Computing see performance 722–724 X forwarding 823 VNC protocol proxy server 733–734 X Window System servers 823, virtual network interfaces 300 Squid cache 733–734 827 virtual private networks see VPNs SSL 730–732 for 827 virtual terminals and X 754–755 static content 727 Wine project 825 VirtualHost clause, Apache 729 TUX 727 Winmodems 863 virtusertable feature, sendmail virtual interfaces 727–730 WinPrinters 783 579–580 Weeks, Alex 11 WINS server, Samba 831 viruses 686–687 well-known ports 688, 702 WinSCP 822 visudo 50 Wheeler, David A. 55 wireless networks see networks, Vixie, Paul 150, 376 whereis 15 wireless Vixie-cron see cron daemon which 15 Wireshark packet sniffer 366, 657 VLANs 357 white pages 901 wiring see network wiring vmlinuz file 29, 75 Win4Lin 826 Wirzenius, Lars 11 vmstat 807–808, 818 WINCH signal 58–59 WKS DNS records 403 VMware 825 Windows workstations, diskless 898 VNC protocol 824 see also Samba World Wide Web vncserver 824 accessing remote desktops 822– see also web hosting VPNs (virtual private networks) 825 browsers 720 318, 328, 708–710 ACLs 833 HTTP protocol 720–722 IPsec tunnels 709 automounter 834 URLs 720 SSH tunnels 709 backups 197 wrapper scripts for localization 265 VRFY command 588 DFS (Distributed File System) wtmp file 206 VT100 terminal 858 834 WU-FTPD 900 VXA/VXA-X backup tapes 167 dual booting 826 wvdial 325 email and web standards com- WWW see World Wide Web pliance 827 USAH.book Page 998 Thursday, October 5, 2006 2:46 AM

998 Linux Administration Handbook

xdpyinfo 756 X /etc/X11/xorg.conf file 749– 754 X display manager 743–744 xorgconfig 749 X Window System /etc/X11/xorg.conf file 749–754 see also Xorg X server xorgconfig 749 architechture 742 XORP (eXtensible Open Router client authentication 745–746 Platform) 344 desktop environments 757–759 Xsession 743 DISPLAY environment variable ~/.xsession file 105, 743 744, 748 xtab file 489, 895 display manager 743–744 xterm console emulator 827 history 741–742 killing the X server 755 magic cookies 746 Y running an application 744–748 security 744–748 Yellow Pages see NIS security under Windows 823 Ylönen, Tatu 697 SSH and 747–748 Yost serial wiring system 850–852 startup files 105 Yost, Dave 850 terminal window 859 /var/yp file 512 troubleshooting 754–757 yp* commands 513–518 virtual terminals 754–755 /etc/yp.conf file 512 Windows servers 823, 827 ypbind daemon 896 X forwarding 823 ypserv daemon 896 X server output 755–756 ypxfr 896 /etc/X11 directory 743 yum 246 X11 see X Window System 72 xauth 746 Z .Xclients file 105 .Xdefaults file 105 Zebra routing package 344 xdm directory 743 Zhou, Songnian 376 xdm program 743 Zimmermann, Philip 696 xdpyinfo 756 zombie processes 56, 61, 63, 886 xdvi 785 zone statement, DNS 432–436 XFS filesystem 122 zones, DNS 388, 412 xhost 745–746 commands 405–407 XHTML 764 files 389 xinetd 887–890 incremental transfers 388, 429 configuring 888–890 IXFRs 447 ftpd and 735 linkage 407–409 /etc/services file 892–893 signed, creating 458 /etc/xinetd.conf file 888–890 transfers 413, 425, 447–448 /etc/xinetd.conf file 888 updating files 447–450 /etc/xinetd.d directory 888 zone-statistics option, DNS 433 xinit 743 .xinitrc file 105 xntpd 62 XON/XOFF 852–853 Xorg X server 748–754 configuring 748–754 debugging 754–757 logging 755–757