Copyrighted Material

Index

Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic. Italicized page numbers indicate illustrations.

0 runlevel, 17, 21 HTTPS configuration, 474–482 1 runlevel, 17, 21 installing, 462–464 2 runlevel, 17, 18 log files, 467–468 3 runlevel, 17, 18 modules, 459, 467, 470–472, 473–474 4 runlevel, 17 apache2ctl command, 463–464 5 runlevel, 17, 18 apachectl command, 463 6 runlevel, 17 APPEND command, IMAP, 337 AppleTalk, 274 application layer, 279 A archive files, 51, 61 media storage considerations, 54–55 A flag, procmail, 353 ARP (Address Resolution Protocol), 289–290 a flag, procmail, 353 arp command, 289–290 AAAA resource record, 409 ARP table, 289–290 absolute domain names, 374 asymmetric encryption, 433–434 access logs, Apache, 467–468 DNSSEC (DNS Security Extensions), access lookup table, Postfix, 349 434–439 access points, 273–274, 274, 283 ATA over Ethernet (AoE), 234–235 AccessFileName directive, Apache, 466 ATAPI (Advanced Technology Attachment AccessFilename directive, Apache, 466 Packet Interface) drives, 221–222, 223 account feature, PAM, 594 attack vectors, 621 action commands, Sieve, 357 auth configuration setting, Dovecot, 360 action response codes, SMTP, 329, 330 auth feature, PAM, 594 address command, Sieve, 357 authentication ADDRESS configuration setting, Courier, 353 Apache, 470–472 address match list, 383 Courier, 359–360 Address Resolution Protocol (ARP), 289–290 Exim, 321 ads security mode, Samba, 522 IMAP, 335–336 Advanced Host Controller Interface (AHCI), LDAP, 597–612 222, 232 PAM, 591–597 alerts, RAID arrays, COPYRIGHTED216–219 POP3 MATERIAL, 333 alias lookup table, Postfix, 349 Postfix, 349 allof command, Sieve, 357 Squid, 485–486 Amanda backup solution, 59–60 SSH, 642–643 anyof command, Sieve, 357 authoritative data, 407 AoE (ATA over Ethernet), 234–235 authoritative information, 376 Apache web server authoritative servers, 376, 377 configuring, 464–472 AUTHORS files, 75 dynamic web programming, 472–474 auto-mounting filesystems, 180–183 features, 459–460 AutoFS, 180–183

bindex--.indd 09/14/2016 Page 691 692 automatic trim – caching servers

automatic trim, 233 reverse zones, 414–415 automount unit configuration files, 183 security, 427–431 starting/stopping/reloading, 395–398 troubleshooting, 418–427 B zone configuration files, 403–407 zone databases, 407–414 B flag, procmail, 353 binmail, 322, 324 b flag, procmail, 353 binrpm-pkg, 119 BackupPC, 60 BIOS (Basic Input/Output System), 6–7 backups, 51 blacklists, 297 cloud solutions, 55 blkid command, 151–152, 159–160 data recovery, 57 block device files, 101 directories to back up, 57–59 /boot directory backup considerations, 58 media, 52–54 boot managers, 8, 15 performing boot process, 4 with dd, 71–72 failures, 27–29 with rsync, 70–71 initialization. See initialization process with shell scripts, 72 monitoring, 5–6 with tar, 61–66 steps, 4–5 software solutions, 59–61 bootloaders, 6–7, 8–9 strategy, 51–61 chainloading, 7 types, 55–57 GRUB Legacy, 8, 9–12, 31 Bacula backup solution, 60 GRUB2, 8–9, 12–14, 31 Bacula Systems, 60 LILO, 8, 30 bandwidth throttling, Apache, 459 Syslinux project, 14, 32 Bareos backup solution, 60 BOOTP (Bootstrap Protocol), 588–589 Berkeley Internet Name Domain. See BIND bottlenecks, 86 /bin directory backup considerations, 58 browseable directive, Samba, 509 /bin/bash file, 72 Btrfs filesystem, 142, 163–170 /bin/dash file, 72 formatting partitions, 164 /bin/init directory, 16 mounting, 164–165 /bin/mesg command, 39, 87 snapshots, 169–170 /bin/notify-send command, 42–44 subvolumes, 165–169 /bin/sh file, 72 btrfs filesystem show command, 165 binaries, 72 Bugtraq mailing list, 647 binary files, 104–105 built-in maps, AutoFS, 181 BIND, 372, 378–379. See also DNS --bunzip2 option, tar, 66 alternatives, 379 bzImage kernel binary file, 104, 115–116, 133 chroot jail, 392, 431–433 --bzip2 option, tar, 62 configuring, 388–395 daemon differences, 381–382 installing, 380 C logging, 385, 398–403 named.conf file, 382–386 c flag, procmail, 353 named.default-zones file, 386–387 CA. See certificate authority (CA) named.rfc1912.zones file, 386–387 caching servers, DNS, 376, 378, 380, 388–395

bindex--.indd 09/14/2016 Page 692 Cacti – device I/O 693

Cacti, 83–84, 85 COW (Copy-on-write) filesystems, 143, canonical lookup table, Postfix, 349 163, 194 CAPABILITY command, IMAP, 337 cpio command, 60 capacity planning, 83–85, 84–85 CPU, troubleshooting, 85–86 categories, BIND logging, 401–403 CREATE command, IMAP, 337 certificate authority (CA), 458–459, 475–479, --create option, tar, 62 481, 492 CSR (Certificate Signing Request) CGI (Common Gateway Interface), 473 creating, 475–476 chain of trust, DNSSEC, 435 signing, 476–479 chainloading, 7 curl, 76 chains, 634–638 character device files, 101 CHECK command, IMAP, 337 D chgrp command, 520 child zones, 417–418 D flag, procmail, 353 chkconfig command, 19–20, 32 DANE (DNS-based Authentication of chroot jail, 392, 431–433 Named Ethics), 442–445 CIDR (Classless Inter-Domain Routing), 277 DATA command, SMTP, 327, 328–329 CIFS (Common Internet File System), 180 data loggers, 83, 83 cifs-utils package, 500, 501 data recovery, 57 Classless Inter-Domain Routing dd command, 71–72 (CIDR), 277 deb-pkg, 119 clauses, named.conf file, 383 Debian client/server paradigm, 279 Apache log files, 467–468 CLOSE command, IMAP, 337 boot messages log file, 6 cloud backup solutions, 55 chkconfig, 20 CNAME resource record, 409, 412–413 configuration files, 280–281 coldplug devices, 128 initial RAM disk files, 117–118 collectd, 84 NFS packages, 534 commands OpenVPN installation, 644 GRUB Legacy, 9–11 runlevels, 17–18 IMAP, 336–337 Samba packages, 501 sendmail emulation, 348 debugfs command, 185, 187, 193 Sieve, 357–358 default routers, 276 SMTP, 327–329 route command, 287–288 comment directive, Samba, 509 traceroute command, 291–293 Common Gateway Interface (CGI), 473 default.target files, 24 Common Internet File System (CIFS), 180 defconfig script, 112 --compare option, tar, 64 define macro, sendmail, 341 computer networking. See network services deja-dup, 60 conditional configuration settings, DELE command, POP3, 333 Apache, 466 delegating zones, 417–418 control commands, Sieve, 357 DELETE command, IMAP, 337 COPY command, IMAP, 337 /dev directory backup considerations, 58 COPYING files, 74 device files, 101 Courier email server package, 359–360 device I/O, troubleshooting, 85–86

bindex--.indd 09/14/2016 Page 693 694 Device Mapper – dynamic web programming

Device Mapper, 263–264 DNS (Domain Name System), 277, 282, 372. device nodes, 101–102 See also BIND devpts filesystem, 162 caching servers, 376, 378, 380, 388–395 df command, 183, 520 dig command, 295–297 dhclient, 288 exam essentials, 445–446 DHCP (Dynamic Host Configuration forwarding servers, 376, 379, 380, 406 Protocol), 277–278, 583 hierarchical structure, 373, 373–374 client programs, 287–288 host command, 295 client software packages, 584–585 name resolution, 372–378 configuring clients, 590–591, 591 review answers, 676–678 configuring servers, 585–590 review questions, 447–450 DHCP options, 583–584 security DHCP relaying, 589–590, 590 basic steps, 427–431 installing servers, 585 chroot jails, 431–433 log files, 590 DANE (DNS-based Authentication of sample Debian network, 281 Named Ethics), 442–445 dhcpcd, 288 DNS Security Extensions, 434–439 DHCPd, 584 TSIG (Transaction Signature), 440–442 dhcpd.conf file, 585–590 troubleshooting, 418–427 installing, 585 zones, 403 --diff option, tar, 64 delegating, 417–418 differential backups, 56 reverse zones, 414–415 dig command, 295–296, 394, 420–423 signing, 438–439 direct maps, AutoFS, 181–182, 193 updates, 430–431 direct memory access. See DMA zone configuration files, 403–406 directory configuration settings, zone databases, 407–417 Apache, 467 dnsmasq, 379, 388, 394 DirectoryIndex directive, Apache, 466 DNSSEC (DNS Security Extensions), 434–439 disable netbios directive, Samba, 506 dnssec-keygen utility, 438–439, 440–442 discard (TRIM), 233 dnssec-signzone command, 438 discard command, Sieve, 357 documentation, kernel, 107 disk mirroring (RAID 1), 201, 201–202 DocumentRoot directive, Apache, 466 disk recovery, 57 DocumentRoot folder, 468, 469–470, 489, 491 disk striping (RAID 0), 201, 201 DOMAIN macro, sendmail, 341 disk striping with double parity (RAID 6), Domain Name Space, 373–378 203–204, 204 domain security mode, Samba, 522 disk striping with parity (RAID 5), 203, 203 dotted-decimal notation, 275 distinguished names, LDAP, 599, 600, 605 Dovecot email server package, 360–362 divert(n) macro, sendmail, 341 dual horizon servers, 429–430 djbdns, 379 dumpe2fs command, 187 DKMS (Dynamic Kernel Module Support), Duplicity backup solution, 60 120 dynamic IP addresses, 582, 583. dm-crypt, 183–184 See also DHCP DMA (direct memory access), 223–227 Dynamic Kernel Module Support dmesg command, 5–6, 151–152, (DKMS), 120 288–289, 309 dynamic web programming, 472–474

bindex--.indd 09/14/2016 Page 694 E flag – /etc/init.d/rcx.d folder 695

ESMTP (Extended SMTP), 331–332 E ESP (EFI System Partition), 7 E flag, procmail, 353 /etc directory backup considerations, 58 e flag, procmail, 353 /etc/aliases file, 348 e2label command, 154, 161, 185, 193 /etc/auto.direct file, 181–182 eCryptfs, 184 /etc/auto.directory file, 182 EFI (Extensible Firmware Interface), 7, 14 /etc/auto.master file, 181 EFI System Partition (ESP), 7 /etc/auto.master.d folder, 182 El Torito filesystem, 171, 174, 175 /etc/auto.misc file, 182 email services, 318–319, 319 /etc/auto.tmp file, 182 binmail, 322 /etc/bind/named.conf file, 382, 385–386, ESMTP (Extended SMTP), 331–332 404–406, 414 Exim (Experimental Internet Mailer), /etc/conf,modules file, 120 320–321 /etc/courier directory, 359 IMAP (Internet Message Access /etc/cups/printers.conf file, 525 Protocol), 334–338 /etc/default/grub file, 13 MDA (mail delivery agent), 321, 321–322 /etc/default/nfs-common file, 535, MTA (mail transfer agent), 319–320 540, 550 MUA (mail user agent), 323–325 /etc/default/nfs-kernel-server file, POP (Post Office Protocol), 332–334 535, 540, 550 PostFix, 320, 342–351 /etc/default/sysstat file, 83 procmail, 322–323, 351–356 /etc/dhcp folder, 585 remote delivery, 359–362 /etc/dhcp/dhcp.conf file, 585 review answers, 673–675 /etc/dovecot directory, 360 sendmail, 320, 338–342 /etc/dovecot.conf file, 360 server setup and testing, 362–363 /etc/exports file, 535, 536–538, 539, Sieve, 356–358 545–547 SMTP (Simple Mail Transfer Protocol), /etc/exports.d/ directory, 535 326–331 /etc/fail2ban/jail.conf file, 628 encryption /etc/fstab file, 157, 188, 192 asymmetric, 433–434, 434–439 AutoFS, 180, 183 encrypted filesystems, 183–184 Device Mapper names, 264 OpenSSH, 640–643 eCryptFS, 184 OpenVPN, 643–646 fsck command, 188 SSL (Secure Sockets Layer), 458, 474–482 mounted arrays, 215 TLS (Transport Layer Security), 458, 481 persistent filesystems, 154–156 wireless networking, 274, 283, 287 swap filesystems, 177–180 encryption keys, OpenSSL, 475 /etc/grub.d folder, 13 Enhanced Status Codes options, ESMPT /etc/hostname file, 282 envelope command, Sieve, 357 /etc/hosts.allow file, 297, 551–552 EPEL (Extra Packages for Enterprise Linux) /etc/hosts.deny file, 297, 551–552 repositories, 568–570 /etc/idmapd.conf file, 531 error logs, Apache, 467–468 /etc/inetd.conf file, 297 error response codes, SMTP, 329, 330 /etc/init directory, 16 ErrorDocument directive, Apache, 466 /etc/init.d/rc script, 19 ErrorLog directive, Apache, 466 /etc/init.d/rcx.d folder, 19

bindex--.indd 09/14/2016 Page 695 696 /etc/inittab file – FEATURE macro

/etc/inittab file, 18–19, 26, 32 /etc/snort folder, 630 /etc/iscsi/initiatorname.iscsi /etc/sopenvas folder, 627 file, 244 /etc/squid folder, 483 /etc/iscsi/iscisid.conf file, 240–241 /etc/squid3 folder, 483 /etc/issue file, 47–48, 48 /etc/ssh folder, 640 /etc/issue.net file, 49–50, 50 /etc/ssh/sshd_conf file, 640–641, 649 /etc/lilo.conf file, 8 /etc/sysconfig/network file, 280 /etc/lvm/lvm.conf file, 261–262 /etc/sysconfig/network-scripts /etc/mail/sendmail.cf file, 339–340 directory, 280 /etc/mdadm folder, 215 /etc/sysconfig/nfs file, 535, 540 /etc/mdadm.conf file, 215–216 /etc/sysconfig/sysstat file, 83 /etc/modules file, 120 /etc/sysctl.conf file, 132 /etc/modules-load.d folder, 120 /etc/sysctl.d folder, 132 /etc/motd file, 50, 50–51 /etc/sysctl/conf file, 229 /etc/mtab file, 148 /etc/sysctl/d/99-sysctl.conf file, 229 /etc/named.conf file, 380, 382–390, /etc/systemd/system folder, 24 398–399, 400, 404, 414–415, 426 /etc/udev/rules.d folder, 128 /etc/network/interfaces file, 280 /etc/udev/rules.d/50-hdparm.rules /etc/nfsmount.conf file, 535 file, 223 /etc/nginx folder, 488 /etc/udev/udev.conf file, 128 /etc/nginx/sites-enabled/default /etc/vsftpd directory, 557 file, 489 eth0 network interface, 284–285 /etc/nsswitch.conf file, 524 Evolution email client, 324–325, 325 /etc/openvpn/client.conf file, 644–646 EXAMINE command, IMAP, 337 /etc/openvpn/server.conf file, 644–646 Exim (Experimental Internet Mailer), 320–321 /etc/pam.conf file, 594–595 exists command, Sieve, 357 /etc/pam.d directory, 561 EXPN command, SMTP, 327, 329 /etc/pam.d folder, 595–596 exportfs utility, NFS, 538, 539–540, 542, /etc/passwd file, 591, 594–595, 614 544, 546, 552 /etc/postfix directory, 345 EXPUNGE command, IMAP, 337 /etc/procmailrc file, 352, 365 Extended SMTP (ESMTP), 331–332 /etc/proftpd/proftpd.conf file, 556 EXTLINUX bootloader, 14, 32 /etc/rc.d/rc script, 19 --extract option, tar, 66 /etc/rcx.d folder, 19 /etc/resolv.conf file, 282, 523 /etc/samba directory, 503 F /etc/samba/smb.conf file, 503, 504–511, 520–521 f flag, procmail, 353 /etc/services file, 621, 622 fail2ban, 628, 650 /etc/shadow file, 591–592, 594–595, 614 failures /etc/shells file, 561–562 kernel, 27–29 /etc/slapd.conf file, 605–607 root drive, 29–31 /etc/slapd.d folder, 605, 607 false command, Sieve, 357 /etc/smartd.conf file, 190, 230 FCoE (Fibre Channel over Ethernet), 235 /etc/smartmontools/smartd.conf file, fdisk utility, 207–209 190, 230 FEATURE macro, sendmail, 341–342

bindex--.indd 09/14/2016 Page 696 FedCIRC (Federal Computer Incident Response Center) – [global] section 697

FedCIRC (Federal Computer Incident native, 142–143 Response Center), 646 network-based, 180 FETCH command, IMAP, 337 non-native, 143–144 Fibre Channel over Ethernet (FCoE), 235 optical, 171–177 Fibre Channel SAN, 234 review answers, 664–667 file sharing review questions, 195–198 exam essentials, 575–576 structures, 140–141 FTP, 553–554 swap, 177–180 operating modes, 554–555 swap partitions, 177–180 Pure-FTPd, 568–575 FILTER chain, 634 Very Secure FTP, 555–568 findfs command, 161–162 NFS fireproof backup media, 54 daemons, 531–532 firewalls, 633, 633 directories, 535–536 creating with iptables, 647–648 disabling, 540 firmware, 6 documentation, 532–533 BIOS startup, 6–7 /etc/exports file, 536–538 UEFI startup, 7–8 installing, 533–535 first-level domains, 374 permanent exports, 545–549 fluid messaging, 39 security, 549–552 notify-send command, 41–44 temporary exports, 540–544 shutdown command, 44–47 troubleshooting, 552–553 wall command, 39–41 utilities, 538–540 formatting filesystems, 144–146 versions, 530–531 FORWARD chain, 634, 639 review answers, 681–684 forwarding servers, DNS, 376, 379, 380, 406 review questions, 577–580 FQDNs (fully qualified domain names), Samba. See Samba 372–374. See also name resolution File Transfer Protocol. See FTP free command, 178 fileinto command, Sieve, 357 fsck command, 29, 32, 187 filesystems, 140 fstrim command, 233–234 Btrfs, 163–170 FTP (File Transfer Protocol), 553–554 encrypted, 183–184 operating modes, 554–555 exam essentials, 192–194 Pure-FTPd, 568–575 formatting, 144–146 Very Secure FTP, 556–568 maintenance, 185–192 full backups, 56 management, 102–104 full partition recovery, 57 memory-based, 162–163 mounting, 146 auto-mounting, 180–183 G Btrfs, 164–165 optical media, 171–177 gconfig script, 112 persistently, 154–159 Geany IDE, installing, 77–78 removable media, 151–152 --get option, tar, 66 temporarily, 146–149, 152–154 global addresses, IPv6, 276 unmounting, 149–151 global configuration settings, Apache, 466 viewing attached filesystems, 159–162 [global] section, smb.conf, 508

bindex--.indd 09/14/2016 Page 697 698 graphical.target unit configuration file – initialization process

graphical.target unit configuration file, hosts deny directive, Samba, 506 23–24 hotplug devices, 128 Group directive, Apache, 465 htop command, 80 group directive, Samba, 509 htpasswd utility, 471 GRUB Legacy bootloader, 8, 9–12, 31 HTTP, 452–454, 453 grub-install command, 11–12, 31–32 client requests, 454 grub-mkconfig command, 13 server responses, 454–458 grub.cfg file, 12, 13, 32 HTTPS (HTTP Secure), 458, 458–459 grub.conf file, 9, 31 humidity controls, 54 GRUB2 bootloader, 8–9, 12–14, 31 hybrid servers, 376 guest only directive, Samba, 509 Hypertext Transfer Protocol. See HTTP --gunzip option, tar, 66 --gzip option, tar, 62 I i flag, procmail, 353 H I/O blocking, 86 H flag, procmail, 353 Icinga, 84 h flag, procmail, 353 ICMP (Internet Control Message Protocol), halt command, 21 290–291, 304 hard disk drives (HDDs), 53 identity mapping (IDMAP), 524 hardware IDMAP (identity mapping), 524 automatically detecting, 128 IDSs (intrusion detection systems), 628–631 management, 101–102 if command, Sieve, 357 hashing, 434 ifconfig command, 284–287, 288 HDDs (hard disk drives), 53 iftop command, 80 hdparm utility, 223–227 image files, 104–105, 133 header command, Sieve, 357 IMAP (Internet Message Access Protocol), 334 header files, 106–107 commands, 336–337 HELO command, SMTP, 327 sample session, 334–335 HELP command, SMTP, 327, 329 user authentication, 335–336 HFS filesystem, 171 Include directive, Apache, 466 HFS+ filesystem, 171 incremental backups, 56 hidden DNS servers, 376 indirect maps, AutoFS, 182–183, 193 Hint for Root Level Servers, 385 informational response codes, SMTP, 329, /home directory backup considerations, 58 330 [homes] section, smb.conf, 508 init program, 16 host addresses, 275–276 changing runlevels, 21 default router, 276 location of, 16 DHCP, 277–278 SysV-init version, 16, 17–21 local loopback interfaces, 285–287 Upstart version, 17, 26–27 netmask addresses, 276–277 initialization process, 16–17, 99. See also static, 278 bootup process host command, 294–295 systemd method, 21–26 hostnames, 277, 282 SysV method, 17–21 hosts allow directive, Samba, 506 Upstart method, 26–27

bindex--.indd 09/14/2016 Page 698 initrd – kernel 699

initrd, 116–118 checking, 242–243 INPUT chain, 634, 638 formatting, 243–244 INSTALL files, 74 initiator disk setup, 240–242 installing initiators, 235 Apache web server, 462–464 IQNs (iSCSI Qualified Names), 236 BIND, 380 LUNs (logical unit numbers), 235, kernel modules, 116, 122–125 236, 239 NFS, 533–535 mounting, 243–244 nginx web servers, 487–488 partitioning, 243–244 OpenLDAP, 602 target disk setup, 237–240 programs from source, 72–78 targets, 235 Samba, 500–502 iSCSI Qualified Name (IQN), 236 Squid web servers, 482–483 iscsiadm utility, 240–244 interfaces directive, Samba, 506 ISO images, 173–177 Internet Control Message Protocol (ICMP), ISO-9660 filesystem, 171 290–291, 304 ISOLINUX bootloader, 14, 15, 32 Internet Message Access Protocol. See IMAP isolinux.bin file, 15, 32 invalid users directive, Samba, 509 isolinux.cfg file, 15, 32 iostat command, 80, 82 iw command, 288 iotop command, 80 iwconfig command, 284, 287, 288 IP (Internet Protocol). See also IPv6 default routers, 276 DHCP, 277–278 J hostnames, 277 IP addresses, 275, 275–276 jailing BIND, 392, 431–433 netmask addresses, 276–277 Joliet filesystem, 171, 174, 176 IP addresses, 582–583. See also DHCP dynamic, 582, 583 static, 582, 587–588 K ip command, 80, 288 IP-based virtual web hosting, 469–470 keep command, Sieve, 357 ipcs command, 97 Kerberos, 592, 593, 604, 610 iptables, 633–639 kernel, 94 iptables command, 634–639, 647–648 binary files, 104–105 iptraf command, 80 compiling, 108 IPv6 (Internet Protocol version 6), 275–276 booting kernel, 118–119 default routers, 276 compiling/installing modules, 116 global addresses, 276 compiling/installing source code, link local addresses, 276, 281 114–116 local loopback interfaces, 285 creating configuration file, 110–114 open connections, 298 creating initial RAM disk, 116–118 test packets, 290–291 creating packages, 119 IQNs (iSCSI Qualified Names), 236 obtaining source code, 109–110 irqbalance utility, 80 documentation, 107 iSCSI, 222, 234 exam essentials, 133–134 alternatives, 234–235 failures, 27–29

bindex--.indd 09/14/2016 Page 699 700 kernel ring buffer – log level directive

features, 94 ldappasswd command, 607 filesystem management, 102–104 ldapsearch command, 607, 609–612 hardware management, 101–102 LE (logical extent), 246 header files, 106–107 levels, RAID, 200–204 maintaining lftp command, 556, 562–563, 565, hardware, 125–128 567–568, 572 module files, 120–125 /lib directory backup considerations, 58 modules, 105 /lib/modules directory, 105 files, 120 /lib/udev/rules.d folder, 128 getting information about, 122 libsmbclient package, 500, 501 installing, 116, 122 libwbbclient package, 500 listing, 121–122 Lightweight Directory Access Protocol. panic mode, 16 See LDAP patch releases, 106 LILO (Linux Loader) bootloader, 8, 32 process management, 98–101 lilo.conf file, 8, 32 review answers, 662–664 link local addresses, IPv6, 276, review questions, 135–138 281–282, 291 source code, 105–106, 109–110 linux command, 13, 28–29 system memory management, 95–98 Linux Foundation, 95 troubleshooting Linux Loader (LILO) bootloader, 8, 32 /proc filesystem, 130–132 Linux Standard Base (LSB), 27 displaying version number, 129–130 Linux Unified Key Setup (LUKS), 184 versions, 107–108 LIST command kernel ring buffer, 5–6 IMAP, 337 key signing key (KSK), 435, 438–439 POP3, 333 kill command, 395–396 --list option, tar, 64 KMail, 325 --listed-incremental=file option, .ko file extension, 105 tar, 62 KSK (key signing key), 435, 438–439 listen configuration setting, Dovecot, 360 Listen directive, Apache, 465 L lo interface, 284–285 load balancing LDAP (Lightweight Directory Access Apache, 460 Protocol). See also OpenLDAP nginx, 461 hierarchical database design, 597–598, LoadModule directive, Apache, 466 598 local loopback interface, 284–285 implementing clients, 607–612 lockd daemon, 532 LDAP tree, 598–599, 599 log file directive, Samba, 506 schemas, 598 log files designing, 604–605 Apache web server, 467–468 implementing, 605–607 BIND, 385, 398–403 storing database, 600–601 boot messages, 5–6, 288–289 ldapadd command, 607, 609 DHCP, 590 ldapdelete command, 607 Samba, 528 ldapmodify command, 607–609 log level directive, Samba, 507

bindex--.indd 09/14/2016 Page 700 LogFormat directive – mdadm utility 701

LogFormat directive, Apache, 466 logical extent (LE), 246 M logical volume management/manager. m4 macro processor, 340–342 See LVM MAC (media access control) addresses, 276, logical volumes, 245 289–290 creating, 246–254, 262–263 machine code, 72 Device Mapper, 263–264 magnetic tape, 52–53, 66–70, 67 increasing size, 254–257 MAIL command, SMTP, 327 LVM configuration file, 261–262 mail delivery agent (MDA), 321, 321–322 LVM overview, 245–246 mail transfer agent (MTA), 319–320 removing, 261–2262 mail_location configuration setting, renaming, 260 Dovecot, 360 snapshots, creating/maintaining, MAILDIRPATH configuration setting, 257–160 Courier, 359 login_max_connections configuration MAILER macro, sendmail, 341 setting, Dovecot, 360 mailq utility login_max_processes_count configuration Postfix, 345 setting, Dovecot, 360 sendmail, 348 login_process_per_connection make command, 76 configuration setting, Dovecot, 360 make install command, 76–77 logon messaging, 47. See also static Makefile, 75 messaging Makefile file, 76 LOGOUT command, IMAP, 337 MANGLE chain, 634 lookup tables, Postfix, 348–349 manual trim, 233 /lost+found directory backup MASQUERADE_AS macro, sendmail, 341 considerations, 58 Master Boot Record (MBR), 7, 11–12 ls command, 183 master map, AutoFS, 181–183 LSB (Linux Standard Base), 27 max log size directive, Samba, 507 lsblk command, 160–161, 207–209 MaxClients directive, Apache, 466 lsdev command, 131–132 MAXDAEMONS configuration setting, lsof command, 80, 150–151, 297–298 Courier, 359 lsscsi command, 68 MAXPERIP configuration setting, Courier, 359 LSUB command, IMAP, 337 MaxSpareServers directive, Apache, 466 LUKS (Linux Unified Key Setup), 184 MBR (Master Boot Record), 7, 11–12 LUNs (logical unit numbers), 235, md superblock, 207 236, 239 MDA (mail delivery agent), 321, 321–322 lusb command, 127–128 mdadm utility lvcreate command, 252 adding spare disks to RAID arrays, 219–220 lvdisplay command, 253 checking RAID arrays, 212–214 LVM (logical volume management), creating RAID configuration files, 215–216 245–246 grow mode options, 220 lvm.conf file, 261–262 installation, 206 LVs. See logical volumes modes, 209–212 lvs command, 253 monitoring RAID arrays, 216–219 lvscan command, 253 removing RAID arrays, 220–221 lwlist command, 287 syntax, 209

bindex--.indd 09/14/2016 Page 701 702 mdadm.conf file – MUA (mail user agent)

mdadm.conf file, 215–216 mod_perl module, Apache, 492 mechanisms configuration setting, mod_php module, 473, 474 Dovecot, 360 mod_php module, Apache, 492 media, backups, 52–54 mod_python module, 473 /media directory backup considerations, 58 mod_ruby module, 473 members, of archive files, 65 mod_ssl module, 474–475, 480 MEMDISK bootloader, 14 modprobe command, 205, 264–265 memory modules, Apache, 459, 467. See also free command, 80, 85, 178 specific modules management, 95–98 authentication, 470–472 pages, 96 configuration settings, 467 swapoff command, 179–180 programming, 473–474 swapping out, 96 modules, kernel, 101, 105 troubleshooting usage, 85 compiling and installing, 116 vmstat command, 81, 85, 86 files, 120 memory-based filesystems, 162–163 getting information about, 122 menu commands, GRUB, 12–13 header files, 106–107 menu.lst file, 9, 31 initial RAM disks, 116–118 menuconfig script, 112 installing, 122–125 menuentry command, GRUB2, 12–13 listing, 121–122 mesg command, 39, 87 removing, 125 messages. See also log files monitor mode events, RAID arrays, 216–219 boot, 5–6, 288–289 motd file, 50–51 fluid messaging, 39–47 mount command, 29–30, 32, 146–149, 151, static messaging, 47–51 517–519 MIME (Multipurpose Internet Mail mount.cifs utility, 503 Extensions), 323 mount.nfs utility, 538 mini-bootloaders, 15–16 mountd daemon, 532, 539, 550, 552 MinSpareServers directive, Apache, 466 mounting filesystems, 146 mke2fs command, 145 auto-mounting, 180–183 mkfs command, 141, 144–146, 154, 164 Btrfs, 164–165 mkinitramfs utility, 117–118 optical media, 171–177 mkinitrd utility, 116–117 persistently, 154–159 mkisofs command, 173–177 removable media, 151–152 mkswap command, 178–179 temporarily, 146–149, 152–154 /mnt directory backup considerations, 58 unmounting, 149–151 mod_access module, 471, 472, 492 viewing attached filesystems, 159–162 mod_access_compat module, 471 mountpoint command, 159 mod_authn_anon module, 470 mountstats utility, NFS, 538, 547–548 mod_authn_db module, 470 mpstat command, 80 mod_authn_dbm module, 470 MRTG (Multi Router Traffic Grapher), 84, mod_authn_file module, 470, 471 85, 86 mod_authnz_ldap module, 470 mt command, 68–70 mod_authnz_mysql module, 470 MTA (mail transfer agent), 319–320 mod_authz_host module, 471 mtr command, 80, 292–293 mod_perl module, 473, 474 MUA (mail user agent), 323–325

bindex--.indd 09/14/2016 Page 702 Multi Router Traffic Grapher (MRTG) – network services 703

Multi Router Traffic Grapher (MRTG), 84, client software packages, 584–585 85, 86 configuring clients, 590–591, 591 Multiple Device Administration. See mdadm configuring servers, 585–590 utility DHCP options, 583–584 Multiple Disk Administration. See mdadm utility DHCP relaying, 589–590, 590 Multipurpose Internet Mail Extensions installing servers, 585 (MIME), 323 log files, 590 MX resource record, 409, 412, 413, 422 sample Debian network, 281 My Traceroute. See mtr command exam essentials, 613–614 LDAP. See also OpenLDAP hierarchical database design, N 597–598, 598 implementing clients, 607–612 Nagios, 84, 85 LDAP tree, 598–599, 599 name resolution, 372–378 schemas, 598, 604–607 name servers, 375–378 storing database, 600–601 recursive, 377–378, 384 PAM, 591–594, 592 secondary, 407 application files, 595–596 security, 427–431 authentication modules, 592–593 name-based virtual web hosting, 469 configuring, 594–595 named-checkconf command, 390 control actions, 594 named-checkzone utility, 415–416 library modules, 593 named-compilezone utility, 408, 426 review answers, 684–687 named.conf file, 380, 382–390, 398–399, review questions, 615–617 400, 404, 414–415, 426 network device files, 101 naming systems, Btrfs subvolumes, 165 Network File System. See NFS NAS (network-attached storage), 55 Network Information Service (NIS), 592, 593 NAT (Network Address Translation), 632, network intrusion detection systems 632–633 (NIDS), 628 NAT chain, 634 network layer, 274–278 native Linux filesystems, 142–143 Network Manager, 282–284, 283 nc (netcat) command, 622–623 network services nc command, 293–294 configuring, 279–288 NDP (Neighbor Discovery Protocol), 378 command-line tools, 284–288 net utility, Samba, 509 configuration files, 280–282 NetBIOS, 529–530 Network Manager, 282–284, 283 netbios name directive, Samba, 506 documenting, 307 NetBIOS over TCP/IP, 499 layered system, 272 netcat (nc) command, 622–623 application layer, 279 [netlogin] section, smb.conf, 508 network layer, 274–278 netmask addresses, 276–277 physical layer, 272–274 netstat command, 80, 298–302, 622 transport layer, 278 network access points, 273–274, 274, 283 review answers, 670–673 network clients server security, 620 DHCP, 277–278, 583 external connections, 631–634 client programs, 287–288 intrusion detection systems, 628–631

bindex--.indd 09/14/2016 Page 703 704 Network Time Protocol (NTP) – OpenLDAP

iptables, 634–639 nginx web servers, 460, 487–489 OpenSSH, 640–643 nginx.conf file, 488–489 OpenVPN, 643–646 NIDS (network intrusion detection systems), port scanning, 620–627 628. See also Snort resources, 646–647 NIS (Network Information Service), 592, 593 routing tables, 639 nmap command, 302–303, 623–626 troubleshooting, 288 nmbd daemon, 499, 515, 528, 529–530 ARP cache, 289–290 nmblookup utility, Samba, 503, 528–529 client/server connectivity, 293–294 nodes, 101–102, 374 host information, 295–297 non-anonymous user accounts, 559 log files, 288–289 non-native Linux filesystems, 143–144 network routes, 291–293 NOOP command network statistics, 300–302 IMAP, 337 open connections, 297–300 POP3, 333 scanning, 302–303 SMTP, 327 security, 297 not command, Sieve, 357 test packets, 290–291 notify-send command, 42, 42–44, 43, 44 throughput, 86 NS resource record, 409, 412, 422 traffic, 303–307 nslookup command, 390–392, 423–425 Network Time Protocol (NTP), 523 ntfs filesystem, 143, 151, 152 network vulnerability tests (NVTs), 626–627 ntop utility, 81 network-attached storage (NAS), 55 NTP (Network Time Protocol), 523 network-based filesystems, 180 null, 373 newaliases command, sendmail, 348 NVM Host Controller Interface NEWS files, 75 (NVMHCI), 232 NFS (Network File System) NVMe (Non-Volatile Memory Express) daemons, 531–532 drives, 8, 222–223, 230–232, 265 directories, 535–536 nvme utility, 230–232 disabling, 540 NVMHCI ( NVM Host Controller documentation, 532–533 Interface), 232 /etc/exports file, 536–538 NVTs (network vulnerability tests), 626–627 installing, 533–535 permanent exports, 545–549 security, 549–552 O temporary exports, 540–544 troubleshooting, 552–553 object classes, LDAP, 598 utilities, 538–540 object IDs, LDAP, 598 versions, 530–531 oldconfig script, 112 NFS server export table, 535 open network connections, 297–300 nfs-common package, 534, 550 OpenLDAP, 597, 601–602 nfs-kernel-server package, 534 client programs, 607–612 nfs-utils package, 533, 534 designing directory schema, 604, nfs-utils-lib package, 533 604–605 nfsd daemon, 532, 550 implementing directory schema, 605–607 nfsiostat utility, NFS, 538 installing, 602 nfsstat utility, NFS, 538 server programs, 602–604

bindex--.indd 09/14/2016 Page 704 OpenMediaVault – /proc directory 705

OpenMediaVault, 180 physical volumes (PVs) OpenSSH, 640–643 adding to VGs, 250–251 openssl command, 475, 476, 477–478 displaying information about, 249–250 OpenVAS, 626–627, 627 physical extents (PEs), 246 OpenVPN, 643–646 ping command, 290–291 /opt directory backup considerations, 58 ping6 command, 290, 291 optical discs, as backup media, 53, 54, 87 pmap utility, 81 optical filesystems, 171–177 POP (Post Office Protocol), 332–334 optional control action, PAM, 594 PORT configuration setting, Courier, 359 OSTYPE macro, sendmail, 341 portmap package, 533, 534 portmapper daemon, 532, 552 ports Samba, 513–515 scanning, 620–628 P well-known, 279 pages, 85 POST (Power-On Self Test), 4 PAM (Pluggable Authentication Module), Post Office Protocol (POP), 332–334 591–594, 592 postalias utility, 345 application files, 595–596 postcat utility, 345 authentication modules, 592–593 postconf utility, 345 configuring, 594–595 Postfix, 320, 336–342, 343 control actions, 594 configuration files, 345–348 library modules, 593 core programs, 343–3344 panic mode, 16 lookup tables, 348–349 parent zones, 417–418 security, 349–350 parted utility, 146 starting, 344–345 partitioning, 140–141 utility programs, 345 Btrfs, 163, 164 postfix utility, 345 eCrtyptfs, 184 postkick utility, 345 mkfs example, 145 postlock utility, 345 mount point, 154 postlog utility, 345 swap partitions, 177–180 postmap utility, 345, 349 tune2fs example, 185–186 POSTROUTING chain, 634 passdb backend directive, Samba, 507 postsuper utility, 345 password feature, PAM, 594 Power-On Self Test (POST), 4 PATA (Parallel Advanced Technology PowerDNS, 379 Attachment) drives, 221, 223–226 poweroff command, 21 patch releases, 106 Pre-boot Execution (PXE) standard, 14 path directive, Samba, 509 preloader mini-bootloader, 16 PCI (Peripheral Component Interface) cards, PREROUTING chain, 634 125–127 [printers] section, smb.conf, 508 PCIe (PCI Express), 125 [profiles] section, smb.conf, 508 pdbedit utility, Samba, 509, 512 private network addresses, 631–632 pdnsd, 379 /proc directory physical extents (PEs), 246 backup considerations, 58 physical layer, 272–274 viewing, 130–132

bindex--.indd 09/14/2016 Page 705 706 /proc/fs/nfs/exports file – redirect command

/proc/fs/nfs/exports file, 535 creating arrays, 209–212 /proc/meminfo file, 97– determining support for, 204–206 proc filesystem, 162–163 formatting arrays, 214–215 processes grow mode options, 220 init, 99 implementing arrays, 204–216 shared memory pages, 98 managing arrays, 216–221 single-user mode, 99 monitoring arrays, 216–219 troubleshooting usage, 85–86 mounting arrays, 214–215 viewing, 99–101 preparing drives for membership, procmail, 322–323 206–209 installing, 351–352 removing arrays, 220–221 recipes, 352–356 saving array configurations, ProFTPD, 556 215–216 protocols configuration setting, structures, 200–204 Dovecot, 360 RAID 0 (disk striping), 201, 201 ps command, 99–101, 482 RAID 1 (disk mirroring), 201, 201–202 ps utility, 81, 85–86 RAID 10 (disk mirroring and striping), pstree utility, 81, 85 202, 202 PTR resource record, 409, 415, 421–422 RAID 2, 202 public directive, Samba, 509 RAID 3, 202–203 public/private key pair authentication, RAID 4, 202–203 642–643 RAID 5 (disk striping with parity), PulledPork, 630 203, 203 pump, 288 RAID 6 (disk striping with double parity), Pure-FTPd, 555, 568–575 203–204, 204 pvcreate command, 248–249 RAM, 85 pvdisplay command, 249–250 RCPT command, SMTP, 327 PXE (Pre-boot Execution) standard, 14 README files, 74 PXELINUX bootloader, 14, 15, 32 realm directive, Samba, 506 pxelinux.0 file, 15, 32 reboot command, 21 pxelinux.cfg directory, 15, 32 recovery time objective (RTO), 52, 57 recovery, data, 57 Recursive Name Server, 377–378, 384 Q Red Hat distributions Apache log files, 467–468 QUIT command BIND, 380, 381 POP3, 333 boot messages log file, 6 SMTP, 327 chkconfig, 19–20 GRUB Legacy configuration file, 9 kernel documentation, 107 R NFS packages, 533 OpenVPN installation, 644 r flag, procmail, 353 runlevels, 17–18 RAID, 200 Samba packages, 500–501 adding spare disks to arrays, 219–220 systemd, 17, 21–26 checking array status, 212–214 redirect command, Sieve, 357

bindex--.indd 09/14/2016 Page 706 Redundant Array of Independent Disks. – /sbin directory backup considerations 707

Redundant Array of Independent Disks. runlevels, 16–17 See RAID and kernel failures, 27 registering RPC services, 532 SysV initialization, 17–21 RELEASE-NOTES files, 75 Upstart initialization, 26–27 relocated lookup table, Postfix, 349 RENAME command, IMAP, 337 require command, Sieve, 357 S required control action, PAM, 594 requisite control action, PAM, 594 sa1 utility, 83 rescue disks, 29 sa2 utility, 83 resize2fs utility, 185, 193 sadc utility, 83 resolvers, 376–378, 388, 434–435 Samba, 498–499 response codes, SMTP, 329–331 configuring RETR command, POP3, 333 as Active Directory member, 522–524 reverse proxy servers, 460, 461. See also client file shares, 515–520 nginx web servers client printer shares, 526–527 reverse zones, 414–415 security levels, 521–522 RIP (Router Information Protocol), 639 server file shares, 504–515 rndc command, 383–384, 396–398, server printer shares, 525–526 425–426 username maps, 520–521 Rock Ridge filesystem, 171, 175, 176 Debian packages, 501 /root directory backup considerations, 59 directories, 502–503 root domain, 373 installing, 500–502 root drive failures, 29–31 ports, 513–515 root servers, 375, 377, 385 Red Hat packages, 500–501 route command, 284, 287, 287–288 troubleshooting, 527–530 Router Information Protocol (RIP), 639 utilities, 503–504 routers, default, 276 samba package, 500, 501 route command, 287–288 Samba Suite, 500 traceroute command, 291–293 samba-client package, 500, 501 routing tables, 639 samba-client-libs package, 501 rpcbind package, 532, 533, 534–535, 541, samba-common package, 501 551–552 samba-common-bin package, 501 rpcclient utility, Samba, 509 samba-common-libs package, 501 rpcinfo utility, NFS, 538, 539, 550 samba-common-tools package, 501 rpm-pkg, 119 samba-libs package, 501 rquotad daemon, 532 samba-winbind package, 501 RRDTool, 83, 84–85 samba-winbind-clients package, 501 RSET command SAML command, SMTP, 327 POP3, 333 SANs (storage area networks), 55 SMTP, 327 SANS Institute, 647 rsync command, 70, 70–71, 71, 88 sar command, 81, 82–83, 85, 86 RTO (recovery time objective), 52, 57 SAS (Serial Attached SCSI), 222 /run directory backup considerations, 59 SATA (Serial Advanced Technology /run/motd.dynamic file, 51 Attachment) drives, 221–222, 223–226 runlevel command, 21 /sbin directory backup considerations, 59

bindex--.indd 09/14/2016 Page 707 708 /sbin/init directory – shares

/sbin/init directory, 16 SSL, 458, 474–482 /sbin/named-checkzone utility, 415–416 TLS, 458, 481 /sbin/named-compilezone utility, 408, 426 wireless networking, 274, 283, 287 /sbin/shutdown command, 44–47 external network connections, 631–633 schemas, LDAP, 598 intrusion detection systems (IDSs), 628–631 designing, 604–605 iptables, 633–639 implementing, 605–607 NFS, 549–552 scp command, 642, 645 OpenSSH, 640–643 scripts OpenVPN, 643–646 for backups, 72 port scanning, 620–628 Sieve, 358 Postfix, 348–349 SCSI (Small Computer System Interface) resources, 646–647 drives, 222, 223 review answers, 687–689 backstores, 237–238 routing tables, 639 hdparm utility, 223–227 security directive, Samba, 507 logging, 228 SELECT command, IMAP, 337 sdparm utility2, 227 self-signed certificates, 476–479 smartd daemon, 230 SEND command, SMTP, 327 sdparm utility, 227 sendmail, 320, 320, 332–336 SEARCH command, IMAP, 337 configuring, 339–342 secondary name servers, 407 emulation commands, 348 secure boot, 15–16 m4 macro processor, 340–342 Secure Shell (SSH), 642–643 running, 342 Secure Sockets Layer (SSL), 458, 474–482 sendmail.cf file, 339–340 security Serial Attached SCSI (SAS), 222 authentication Server Name Indication (SNI), 482 Courier, 359–360 server security mode, Samba, 522 Exim, 321 server string directive, Samba, 506 IMAP, 335–336 ServerAdmin directive, Apache, 465 LDAP, 597–612 ServerName directive, Apache, 466 PAM, 591–597 ServerRoot directive, Apache, 466 POP3, 333 ServerSignature directive, 481 Postfix, 349 ServerTokens directive, 481 Samba, 521–522 service response codes, SMTP, 329, 330 SSH, 642–643 session feature, PAM, 594 DNS, 427 sestatus command, 513 basic steps, 427–431 set command, GRUB2, 12 chroot jails, 431–433 [share-name] section, smb.conf, 508 DANE, 442–445 share security mode, Samba, 522 DNS Security Extensions, 434–439 shared memory pages, 97–98 TSIG, 440–442 shares encryption NFS, 531 asymmetric, 433–434, 434–439 exporting, 531 encrypted filesystems, 183–184 permanent configurations, 545–549 OpenSSH, 640–643 temporary configurations, 540–544 OpenVPN, 643–646 typical directories, 536

bindex--.indd 09/14/2016 Page 708 shim mini-bootloader – star command 709

Samba, 499 SMTP (Simple Mail Transfer Protocol), 319, cifs-utils package, 501 320–331 file shares, 504–510 basic client commands, 327–329 printer shares, 525–527 ESMTP (Extended SMTP), 331–332 security, 521 response codes, 329–331 smbclient utility, 503 snapshot backups, 56–57 verifying, 512–513 snapshot files, 63 shim mini-bootloader, 16 snapshots, Btrfs, 169–170 showmount utility, NFS, 538, 542, 544, 546, SNI (Server Name Indication), 476 552, 553 Snort, 628–631, 629 shutdown command, 21, 44–47, 45 snort.conf file, 630 Sieve programming language, 356–358 SOA resource record, 403, 405–407, 410 Simple Mail Transfer Protocol. See SMTP socket statistics, 302 single-user mode, 25, 28, 30–31, 99 SOML command, SMTP, 327 size command, Sieve, 357 source code slapadd command, 606–607, 609 compiling/installing, 114–116 slapcat command, 606 installing programs from, 72–78 slapd command, 602–603 kernel, 105–106, 109–110 slapd-config, 605 obtaining, 109–110 slapindex command, 606 split configuration, 406 slappasswd command, 606 split DNS servers, 429–430 slurpd command, 602, 603–604 split horizon servers, 429–430 smarctl utility, 230 split-mirror snapshot, 56 SMART devices, 189–192 Squid web servers, 460, 461, 482–487 scheduled tests, 230 client configuration, 486–487 smartctl command, 190–192 configuring, 483–486 smartd daemon, 230 installing, 482–483 SMB (Service Message Block), 498. /srv directory backup considerations, 59 See also Samba ss command, 81, 302, 514–515 security levels, 521–522 SSDs (solid state drives), 53–54 smb encrypt directive, Samba, 507 fragmentation, 232–233 smb ports directive, Samba, 506 internal fragmentation, 232 smb.conf file, 503, 504–511, 520–521 SSH (Secure Shell), 642–643 smbcacls utility, Samba, 503 ssh client program, OpenSSH, 640 smbclient package, 501 sshd server program, OpenSSH, 640 smbclient utility, 503, 512–513, 516–517, sshd.service unit configuration file, 23 525–527 SSID (Service Set Identifier), 273–274, smbcontrol utility, 503 284, 287 smbd daemon, 499, 514–515 SSL (Secure Sockets Layer), 458, 474–482 SMBFS, 180 SSLACertificateChainFile directive, 481 smbmount utility, 503 SSLCACertificateFile directive, 481 smbpasswd utility, 502, 503, 511–512 SSLCACertificatePath directive, 481 smbspool utility, Samba, 503 SSLCipherSuite directive, 481 smbstatus utility, Samba, 504, 528 SSLProtocol directive, 481 smbtar utility, Samba, 504 star command, 61

bindex--.indd 09/14/2016 Page 709 710 StartServers directive – system startup

StartServers directive, Apache, 466 mounting arrays, 214–215 startup. See system startup preparing drives for membership, STAT command, POP3, 333 206–209 statd daemon, 532 removing arrays, 220–221 static host addresses, 278 saving array configurations, 215–216 static IP addresses, 582, 587–588 structures, 200–204 static messaging, 47–51 review answers, 667–670 STATUS command, IMAP, 337 review questions, 267–270 Stealth DNS servers, 376 storage fabrics, 237 stop command, Sieve, 357 STORE command, IMAP, 337 storage area networks (SANs), 55 structures, RAID, 200–204 storage devices subnetting, 586–587 drive interfaces, 221–223 SUBSCRIBE command, IMAP, 337 exam essentials, 264–266 subvolumes, Btrfs, 165–169 iSCSI, 222, 234 sufficient control action, PAM, 594 alternatives, 234–235 swap filesystems, 177–180 checking, 242–243 swap partitions, 177–180 formatting, 243–244 swap space, 85, 96 initiator disk setup, 240–242 free command, 178 initiators, 235 mkswap command, 178–179 IQNs (iSCSI Qualified Names), 236 swapoff command, 179–180 LUNs (logical unit numbers), 235, swapon command, 179 236, 239 vmstat command, 81, 85, 86 mounting, 243–244 swapoff command, 179–180 partitioning, 243–244 swapon command, 178, 179 target disk setup, 237–240 swapping, 85 targets, 235 swapping out, 96 logical volumes, 245 sync command, 152 creating, 246–254, 262–263 /sys directory backup considerations, 59 Device Mapper, 263–264 sysctl utility, 228–229 increasing size, 254–257 sysfs filesystem, 162 LVM configuration file, 261–262 SYSLINUX bootloader, 14, 32 LVM overview, 245–246 System Activity Data Collector, 83 removing, 261–2262 System Activity Reporter. See sar command renaming, 260 system maintenance, 36 snapshots, creating/maintaining, backups. See backups 257–160 installing programs from source, 72–78 RAID, 200 managing resource usage, 79–86 adding spare disks to arrays, 219–220 notifying users, 38 checking array status, 212–214 fluid messaging, 38–47 creating arrays, 209–212 static messaging, 47–51 determining support for, 204–206 system recovery, 27, 57 formatting arrays, 214–215 kernel failures, 27–29 grow mode options, 220 root drive failures, 29–31 implementing arrays, 204–216 system startup managing arrays, 216–221 boot loaders, 8–16 monitoring arrays, 216–219 boot process, 4–6

bindex--.indd 09/14/2016 Page 710 system uptime – UEFI (Unified Extensible Firmware Interface) 711

firmware, 6–8 transport lookup table, Postfix, 349 initialization process, 16–27 TRIM command, 233 system recovery, 27–31 troubleshooting system uptime, 81 BIND, 418–427 systemctl command, 22, 24–26, 32 kernel systemd, 17, 21–26 displaying version number, 129–130 default target, 24 failures, 27–29 units, 21–24 /proc filesystem, 130–132 Systemd-boot bootloader, 14 network services, 288 SysV, 16, 17–21 ARP cache, 289–290 client/server connectivity, 293–294 host information, 295–297 T log files, 288–289 open connections, 297–300 tar command, 61–66 routes, 291–293 tarball, 61–70 security, 297 targetcli utility, 237–240 statistics, 300–302 targets, systemd, 21–26 test packets, 290–291 TCP (Transmission Control Protocol), 278 throughput, 86 lsof command, 298 traffic, 303–307 nc command, 293, 294 NFS, 552–553 netstat command, 299 resource usage, 85–86 nmap command, 303 root drive failures, 29–31 telnet command, 621 Samba, 527–530 well-known ports, 279 true command, Sieve, 357 TCP Wrappers, 532, 551–552 trust anchors, DNSSEC, 435 tcpdump command, 81, 303–307 TSIG (Transaction Signature), 440–442 telinit command, 21 tty1.conf file, 26–27 Telnet, 621 tune2fs command, 185–186, 187 temperature controls, 54 tune2fs utility, 161, 185–186, 187, 193 test commands, Sieve, 357 TURN command, SMTP, 327 testparm utility, Samba, 510–511, 527 TXT resource record, 403 throughput, troubleshooting, 86 Thunderbird email client, 325 time command, 391–392 TLDs (Top-Level Domains), 374 U TLS (Transport Layer Security), 458, 481 TLSA publisher, 443 U-Boot bootloader, 14 /tmp directory backup considerations, 59 udev device manager, 128 tmpfs filesystem, 162 UDF (Universal Disk Format) filesystem, top command, 81, 86 171, 172, 175, 193 TOP command, POP3, 333 UDP (User Datagram Protocol), 278 Torvalds, Linus, 94–95, 107–108 netstat command, 299 TraceEnable directive, 481 well-known ports, 279 traceroute command, 291–292 UEFI (Unified Extensible Firmware Transaction Signature. See TSIG Interface), 6, 7–8, 9 transport layer, 278 secure boot, 15–16

bindex--.indd 09/14/2016 Page 711 712 UID command – vsftpd (Very Secure FTP)

UID command, IMAP, 337 /var/log directory, 6 UIDL command, POP3, 333 /var/log/apache2/error.log file, 467 umount command, 149–151 /var/log/boot directory, 6 umount.nfs utility, 538 /var/log/boot.log directory, 6 uname -r command, 204 /var/log/httpd/error_log file, 467 uninterruptible sleep, 86 /var/log/messages file, 553 units, systemd, 21–24 /var/log/sa directory, 83 Unix System V. See SysV /var/log/samba directory, 502, 528 unmount command, 30 /var/www/html directory, 468 UNSUBSCRIBE command, IMAP, 337 variable ??, procmail special condition, --unxz option, tar, 66 354 update-rc.d, 19, 20, 32 variable substitutions, 507 --update option, tar, 62 --verbose option, tar, 64 Upstart initialization process, 26–27 --verify option, tar, 64 uptime command, 81, 86 versioning system, kernel, 107–108, US-CERT, 646–647 129–130 USB (Universal Serial Bus) devices, 127–128 Very Secure FTP (vsftpd), 555, 556–568 User Datagram Protocol. See UDP vfat filesystem, 143, 151, 152 User directive, Apache, 465 VFS (Virtual File System), 104 user security mode, Samba, 522 vgcreate command, 250–251 user-based web hosting, 460, 468 vgdisplay command, 251 username maps, Samba, 520–521 Virtual File System (VFS), 104 /usr directory backup considerations, 59 virtual lookup table, Postfix, 349 /usr/bin/mesg command, 39, 87 virtual memory, 85, 96 /usr/bin/notify-send command, 42–44 free command, 80, 85, 178 /usr/bin/wall command, 39–41 swapoff command, 179–180 /usr/sbin/sendmail file, 351 vmstat command, 81, 85, 86 /usr/scr/kernels folder, 107 virtual web hosting, 460, 469–470 /usr/scr/linux folder, 106, 107, 110 Vital Product Data (VPD), 227 /usr/scr/linux/Documentation folder, 107 vmlinux kernel binary file, 104, 133 /usr/src folder, 107 vmlinuz kernel binary file, 104, 115, 133 uuidgen command, 186 vmstat command, 81, 85, 86 UUIDs (Universally Unique IDentifiers), 154 volume groups (VGs), 245, 246 checking, 251 creating, 250–251 V increasing size, 254–257 VPD (Vital Product Data), 227 vacation extension, Dovecot, 361 VPNs (virtual private networks), 643, 643 valid users directive, Samba, 509 OpenVPN, 643–646 validating resolvers, 435 VRFY command, SMTP, 327 /var directory backup considerations, 59 vsftpd (Very Secure FTP), 555, 556–568 /var/lib/nfs/etab, 536 access /var/lib/nfs/etab file, 542, 553 via anonymous accounts, 563–568 /var/lib/nfs/rmtab, 536 via TCP Wrappers, 563 /var/lib/nfs/rmtab file, 544, 553 via username/password, 560–563 /var/lib/nfs/xtab, 536 configuration directives, 557–559 /var/lib/samba directory, 502 installing, 556–557

bindex--.indd 09/14/2016 Page 712 w command – ZSK (zone signing key) 713

Wired Equivalent Privacy (WEP), 274 W wired network connections, 272–273, 273 w command, 81 eth0 interface, 284–285 w flag, procmail, 353 kernel boot messages, 289 W flag, procmail, 353 Network Manager, 282–284 wall command, 39–41, 41 wireless network connections, 272, wbinfo utility, Samba, 504, 524, 529 273–274, 274 weak cache consistency, 530–531 encyption, 274, 283, 287 wear leveling, 232 Network Manager, 282–284, 283 web proxy servers, 460. See also Squid web wlan0 interface, 286–287 servers wlan0 interface, 286–287 web servers, 452–453 workgroup directive, Samba, 506 Apache, 459, 461 World Wide Identifiers (WWIDs), 236 configuring, 464–472 World Wide Names (WWNs), 236 dynamic web programming, 472–474 WPA (Wi-Fi Protected Access), 274 features, 459–460 WPA2 (Wi-Fi Protected Access version 2), HTTPS configuration, 474– 482 274 installing, 462–464 writable directive, Samba, 509 exam essentials, 491–492 write command, 39–40, 40 HTTP standard, 452–459 write list directive, Samba, 509 client requests, 454 write-back caching, 223–227 server responses, 454–458 WWIDs (World Wide Identifiers), 236 nginx, 461, 487 WWNs (World Wide Names), 236 configuring, 488–489 installing, 487–488 review answers, 678–681 review questions, 493–496 Squid, 460, 461, 482, 482–487 X client configuration, 486, 486–487, xconfig script, 112, 113 487 --xz option, tar, 62 configuring, 483–486 installing, 482–483 testing, 489–490 well-known ports, 279 WEP (Wired Equivalent Privacy), 274 Z wget command, 73 whitelists, 297 ZFS filesystem, 144 who -t command, 40 zimage kernel binary file, 104, 133 Wi-Fi Protected Access (WPA), 274 Zmanda Management Console, 60 Wi-Fi Protected Access version 2 ZoL (ZFS on Linux), 144, 149 (WPA2), 274 zone signing key (ZSK), 435 winbind idmap backends, 524 zones, DNS winbind package, 499, 501 child, 417–418 winbindd, 499, 501, 515, 524, parent, 417–418 529, 530 zone configuration files, 403–407 wins support directive, Samba, 506 zone databases, 407–414 ZSK (zone signing key), 435

bindex--.indd 09/14/2016 Page 713