Access Control List (Acls), 520, 755 Access Privileges, 756 Blanket

Index

A restrictions, 483–486 Ubuntu, 481–482 Access control list (ACLs), 520, 755 virtual host, 475–479 access privileges, 756 Apparmor, 576–578 blanket denial rule, 760 Application Installer break option, 761 categories, 301 continue option, 761 Firefox, 301 filters, 757 installed packages, 304 meta users, 759 new kernel, 306 password information, 758 refresh updates, 305 regex style, 756 restart & install, 305 stop option, 761 system up to date, 306 test, 776, 778 Application packages, 298 Active Directory (AD), 597, 599–600 Application programming interface (API), 89 Adduser command, 157 apropos command, 114 Advanced Packaging Tool (APT), 333, 335 Apt cache, 332 Alfresco, 627 apt-file command, 335 Aliases, 540 Aptitude tool Anaconda application, 14 add package dependencies, 328 Ansible, 957 become root, 327–328 commands, 959–961 command list, 331 installation and configuration, 958–959 defined, 323 inventory, 961–963 install package dependencies, 329 playbooks, 959, 964–965 linux-image, 325 Python, 958 main screen, 323 target systems/inventory, 958 noninteractive mode, 331–332 variables and conditionals, 965, 966 package description, 323–324 Antispam tool, 563–565 package information, 324–325 Antivirus, 573 removal, 330, 333 Apache authentication, 794–795, 902 repositories, 333–334 Apache virtual host, 782, 786 root user warning dialog, 326–327 Apache web server search by name, 326 CentOS, 474–475 update, 334–335 file and directory, 488 A2query command, 480–481 httpd, 482–483 A record, 445, 446 installation and configuration, 474 Array, 389–396 introduction, 473–474 Ataylor, 140, 149, 154, 159, 177, 179, 560 modules, 479–481, 486 Atlas, 88 MPMs, 473 AUTH command, 550 Nginx, 474 Authenticated contacts, 903, 905 PHP support, 486–487 Authenticated users, 903

Authentication, 707–712 Bayesian spam filters, 563 Authoritative name servers, 443 Bconsole, 686, 688, 690 Automating mounts, 381–382 Beats AWS storage, 638, 656–658 Apache, 864 defined, 861 Filebeat, 862 B YAML, 863 Backports, Ubuntu, 348 Begin Installation, 38 Backup Berkeley Internet Name Domain (BIND), 437 AWS storage, 638 Binary logs, 496 differential, 637 Binding, 734 duply, 652, 654–662, 664–665 Bind mount, 410 full, 637 Bin logs, 496 Google storage, 638 Blanket denial rule, 760 hot, 637 Block devices, 358 incremental, 637 Blocks, 371 network, 639–640 Boot partition, 21 Bare metal, 12 Boot loader Bareos BIOS, 184 Bacula, 666 problems bareos-dir.conf, 672–673 execute shell, 408 catalog, 679 questions, 408–409 clients, 678 re-install GRUB, 407–408 console, 682 rescue menu, 407 FileSets, 676–677 rescue mode, 405–406 JobDefs, 673–674 rescue shell, 409–410 jobs, 675–676 root partition, 407 messaging, 682–683 secure, 192–193 pools, 680–681 UEFI, 184–185 schedules, 678 Boot source, 182 storage, 679 Bootstrapping, 911 syntax test, 686 Branch server, 712–714 bareos-fd.conf, 684–685 Brick, 618, 625–626 bareos-sd.conf, 683–684 Brute-force cracking methods, 165 bconsole, 667, 686, 688, 690 Btrfs filesystem, 367–368, 374, 376–377 catalog records, 666 Build directory, 319 components, 666 Business continuity management configuration, 670, 672 (BCM), 636 database, 668–669 Director daemon, 666 File daemon, 666 C incremental backup, 673–674 Caching name server, 437–439, 441–443 introduction, 666 Carbon-aggregators, 815 plug-ins, 694–697 Carbon-cache, 815, 817–819 restore operation, 666 Carbon-relay, 815, 819–820 software, 667 Carriage return line feed (CRLF), 83–84 Storage daemon, 666 cat command, 132, 140 TCP ports, 667 cd command, 118 Web-UI, 698, 700 CentOS, 4–5, 7, 13–27, 29–31, 33–43, 45–52, 226, Bash 235–237 package, 318 Apache web server, 474–475 command, 140–141 diagnostic information, 71 shell, 168, 170, 831 graphical login, 100, 102 Basic Input/Output System GUI tool, 159 (BIOS), 182, 184 LiveCDs, 100

984 ■ INDEX

Nagios, 879 Centos7, 80 OpenLDAP, 740 CentOS Cobbler PAM, 172 CentOS7-x86_64 distribution, 922 PID, 194 configuration, 914–915 Postfix, 530–531 DHCP, 915–918 runlevel, 200 host server installation CentOS7-x86_64 profile, 927 anaconda application, 14 DHCP address, 924 assumptions, 13 hard disk, 925 ATA VBOX HARDDISK, 18 installation, 926 automatic configuration, 17–18 installing CentOS, 925 automatic partition, 21 installing Ubuntu, 925 Begin Installation, 38 list and report options, 927 boot partition, 21 MAC/IP addresses, 927 booting new host, 44 menu, 924 cloud storage, 49 setting network boot, 923 default gateway, 26 Ubuntu installation, 926 desktop language, 47–48 import command, 919 destination screen, 17 installation, 913 destroying and recreating disk layout, 20 kickstart, 928–929 DHCP server, 23–25 report, 921 disk encryption password, 45 and Spacewalk, 912 DNS server, 27, 35 TFTP, 919 encrypting disks, 17–18 troubleshoot, 928 encryption technology, 18 Ubuntu ISO, 920 end of desktop configuration, 51 Ubuntu Xenial, 920 EULA, 45 web interface, 928 find applications, 51–52 Centralized linux authentication, 787–788 Google sign, 50 Certbot, 514, 545 graphical user interface, 35, 36 Certificate authority (CA), 506, 545 host name, 24 commercial, 506 IPv4, 24–26, 28–30 creation, 510–512 IPv6, 28–30 non-commercial, 506–507 keyboard layout, 48–49 secure, 512 kickstart, 14 self-managed, 507 network confirmation screen, 28 sign in, 512–513 network installation source, 37 Certificate-based encryption, 506 NTP servers, 33 Certificates passphrase, 18–19 CA, 505–513 ready to use, 46–47 HTTPS, 514, 516–518 root password, 39 self-signed, 507 root user, 38 TLS, 505, 508–509 root volume, 21 type, 508 security profile, 34 Certificate signing request (CSR), 708 select network & host name, 22 Cfq scheduler, 836 setting date & time, 29, 31 chage command, 162 splash screen, 14 Chain loading, 186 summary screen, 16 chown command, 130 user creation, 40–43 Chrome, 522–523 UTC, 30–31 Chrony X Window System, 14–15 chronyc, 426–427 sudo command, 149, 175 install and configure, 424, 426 systemd, 194 introduction, 424 and Ubuntu hosts, 912 Chronyc, 426–427 wheel, 179 Chroot command, 410–411

985 ■ INDEX

Chroot jail, 642 Coordinated Universal Time (UTC), 30–31 ClamAV Correlation, 861 configuration, 578 Cosine schema, 750 defined, 573 CPU, 799–800, 802–803, 805–806, 812 help, 580 Createrepo package, 913 install, 574–578 CRLF. See Carriage return line feed (CRLF) Postfix, 579 Cron, 210–215, 419 signatures, 573 Crond, 215 Cloud, 7 Crontab, 648 CNAME, 446 CUPS Codec plug-ins, 862 administration page, 630 Collectd administrator’s credentials, 630 configuration, 810–814 defaults, 632 introduction, 810 home page, 629 plugin, 821 printer information, 631 start and stop, 814 printer model, 632 Command-line interface (CLI), 227, 314 ready to print, 634 Command-line, Linux, 100, 104 USB printer, 631 Computer operating systems, 3 Configuration management Apache service, 950 D bootstrapping, 911 Dandified (DNF), 314 CentOS installation, 939 Database, 638, 668–669, 694–697 client, 944–945 Data life cycle, 637 configuring puppet, 940 Data sharing, 378 configuring master, 940 Deadline scheduler, 836 creation, 946–949 Debian Linux distribution, 5 disks and partitions, 935 Debmirror package, 915 documentation, 957 Default gateway, 26–27 external nodes, 957 Defence Information Systems Agency (DISA), 35 facter, 951–953 Denial of Service attacks (DoS), 285 firewall and network, 935 Development packages, 298 functions, 956 Device-mapper, 398 installation source, 934 Devices, 357–359 installing serverspec, 974–977 DHCP. See Dynamic Host Configuration keyboard, language and time zone, 934–935 Protocol (DHCP) MAAS, 936 Diagnostic information, 71 managing users, 935 Differential backup, 637, 673 manifests, 941, 943 Dig command, 432–436 module, 942 Digital certificate, 506 multiple hosts, 950 DigitalOcean, 7 package management, 936 Director daemon, 666 preseeding, 911 Directory Access Protocol (DAP), 734 Puppet, 937–938, 949, 950, 956 Directory information tree (DIT), 735, 743, reports, 957 765–766 resources, 953–954 Directory structure, 119 running tests, 978–980 Disaster recovery planning (DRP), 635–636 serverspec testing, 973 Discretionary Access Control (DAC), 576 templates, 955–956 Disk, 360 troubleshooting puppet, 957 access, 807–808 Ubuntu installation, 939 failure, 411–413 Console directory, 682 partition table, 183 Contact groups, 889–891 space, 801 Content delivery networks (CDNs), 518 Distinguished name (DN), 735–736 Content management system (CMS), 500 Distributed Denial of Service attacks (DDoS), 285

986 ■ INDEX

Distributed network filesystem (DNFS), 616 Dynamic Host Configuration Protocol Distributed volume, 618 (DHCP), 23–25, 915–918 Dmesg, 361, 362 configuration, 460–462 DNS block list (DNSBL), 564 dynamic DNS updates, 459 DNSKEY, 439 install and configure, 455–456 DNSSEC, 439–441 introduction, 455 Document management system (DMS), 626 static lease, 457–459 Domain block list (DBLs), 564 Domain Key Identified Mail (DKIM), 582–585 E Domain Name System (DNS), 27, 35, 529, 584, Elasticsearch 616, 692 cluster, 871 authoritative, 443 curl command, 872 caching, 437–439, 441–443 installations, 871 configuration, 459–460 Logstash, 871 dig command, 432–436 Zen Discovery module, 871 dynamic, 454, 459 ELS. See Extended life-cycle support (ELS) entries, 463 E-mail forwarders, 438 address, 528 forward lookup zones, 445–446 after sending, 529 host command, 431 before sending, 526–528 IP address, 427 configuration, 530 Name server, 35 DKIM, 582–585 querying name servers, 429–430 infected files, 579 reverse lookup zones, 446–449 SPF, 580–581 rezone, 444–445 work, 525 root servers, 427 End User License Agreement (EULA), 45–46 Samba, 599–600 Enterprise monitoring, 877 security, 449–452 Envelope, 527 slave server, 452 Environment variables, 167–169 types, 434 Ethtool, 246 Ubuntu, 452–453 Execute permission, 123, 125 whois command, 428–429 EXPIRE option, 152 zone metadata, 436–437 Ext2 filesystem, 367, 371–373 Dovecot, 550–554, 571–572, 586–591 Ext3 filesystem, 367, 371–373 Dpkg tool Ext4 filesystem, 367, 370–373, 380 contents, 347 Extended life-cycle support (ELS), 7 defined, 323 Extended SMTP (ESMTP), 526 details, 346–347 file search, 347 install, 347 F linux-images, 345 Fake RAID, 386 options and flags, 344 Fedora, 5, 7 packaging system, 5 LiveCD, 100 remove, 348 Files status codes, 345 copy, 138–139 Driftfile directive, 420 date and time, 131 dstat, 808–809 delete, 142 Duply disk space, 131 configuration, 660–662 edit, 143 defined, 652 link, 142–143 Duplicity, 659–660 move, 141 run, 662, 664–665 ownership, 130 S3 buckets, 652, 654–656 read, 132–134 usage, 659 rename, 141

987 ■ INDEX

Files (cont.) line feed to carriage return line feed, 84 search, 137–138 select terminal, 85 size, 130–131 VCS, 82 systems, 117–122 windows command line, 83 types, 122–123 Git Bash, 111–112 Filebeat, 862, 864, 871 Glob strings, 345 File daemon, 666, 685 GlusterFS, 618 Filegen directive, 420 Bareos, 690 FileSets directory, 674, 676–677 configure, 692–694 File share, 595–596 create, 691 Filesystem update DNS records, 692 automating mounts, 381–382 brick, 625–626 Btrfs, 374, 376–377 CLI commands, 619 creating swap, 368–369 concepts, 617–618 data sharing, 378 configuration, 619 e2fsck, 404–405 distributed replicated volume, 618 ext2, 371, 373 distributed volume, 618 ext3, 371, 373 install, 618 ext4, 371, 373 introduction, 617 features, 367 peers and volumes, 620–621 introduction, 366–368 replicated volume, 618 journaled, 368 settings, 623–624 maintenance mode, 403 striped volume, 618 other, 379 test, 622–623 /proc, 394 volume storage, 624–625 recovery, 402 Google storage, 638 repair tools, 402 GPG, 659 superblock, 370 Grafana unmounting, 381 graphite back end usage, 384–385 add data source, 826 UUIDs, 369 carbon metrics, 828 XFS, 373–374 create new dashboard, 828 Filesystem in UserSpacE (FUSE), 616 data source, 830 Filters, 757 graph, 829 Find command, 137–138 metrics dashboard, 827 Firewall, 718 test metric, 829 Firewall-cmd, 286–287 install, 825 Fork bomb, 800, 831 introduction, 824 Forwarders, 438 GRANT statement, 498 Forward lookup zones, 445 Graphical user interfaces (GUIs), 35–36, Forward Secure Sealing (FSS), 843–844 88, 226 FPM, 354–355 CentOS, 228 Full backup, 637, 662, 673, 688 edit, 143 Linux and Windows, 103 Ubuntu, 228–229 G Wired network, 227 Gateway server, 705–707 Graphite Gentoo, 6 -API, 816, 822–824 Gibibytes, 366 carbon, 815 Gigabytes, 366 installation, 816 Git, 74, 82–87 -web, 816 basics, 86–87 whisper, 816 installation grep command, 133–134, 140 carriage return line feed, 83 Grok function, 870 experimental performance options, 86 Groupadd command, 155

988 ■ INDEX

Group class, 124, 127 Internet Control Message Protocol Groupdel command, 156 (ICMP), 260, 264 Group ID (GID), 152, 154–155, 165 Internet Corporation for Assigned Names and Groups Numbers (ICANN), 440 create, 153–154, 156 Internet Message Access Protocol (IMAP) delete, 156 advantanges, 586 GUI, 159–160 defined, 585 store data, 166, 168 disadvantanges, 586 working with, 148 Dovecot GRUB, 69 configure, 587–588 GRUB2, 185 help, 591 boot loader, 184, 186 introduction, 586 configure, 188–192 test, 588–591 menu, 186–188 troubleshoot, 591 GUID Partition Table (GPT), 183, 359–360 Internet Protocol (IP), 23, 74, 427, 602 GUIs. See Graphical user interfaces (GUIs) -based virtual host, 476 Gunicorn, 822–823 Internet Protocol version 4 (IPv4), 24–26, 28–30 Internet superserver, 463 I/O elevators, 836 H I/O schedulers, 836 Hard disks, 637 Iptables Hard fail state, 893 command options, 273 Hardware, 7–8 filter table, 274 Hardware Abstraction Level (HAL), 628 firewall rules, 279–282 Hardware Compatibility Lists (HCLs), 8 IPV4-INCOMING chain, 275–276 Hardware RAID, 386 logging, 282–284, 286 Headers, 803 online tutorials, 279 Head office resources, 717 packet filtering and shaping, 264 Home directory, 107, 120 rate limiting and securing, 282–284, 286 Host command, 431 TCP/IP-based network, 264 Hot backups, 637 Ubuntu and CentOS, 278 htpasswd command, 902 IPv4. See Internet Protocol version 4 (IPv4) httpd, 482–483 IPv6, 28–30 Hypertext Transfer Protocol Secure (HTTPS), ISO file, 53, 71 514, 516–518, 544, 845, 901 J I Java process, 864 Incremental backups, 637, 673 JobDefs directory, 673–674 Indexes, 748–749 Journald Information technology (IT) companies, 6 journalctl command Initd scripts, 201–203 filters, 841–843 InnoDB, 494–495 ten lines of journal, 840 Inodes, 371 without arguments/filters, 840 Interfaces journal-remote, 845–846 active, 224 journal with FSS, 843–844 bonded, 222 Journaled filesystem, 368 CLI, 227 enp0s8, 225 GUI, 226–229 K ip help, 223 Kerberos, 600–601 MTU, 224 Kernel, 3, 191–193, 198 nmcli, 232–234 Kibana, 861 nmtui, 229–231 advanced settings tab, 874 SLAAC, 224 configure index pattern, 873

989 ■ INDEX

Kibana (cont.) Fedora, 100 log events, 875 installations, 63 saved objects tab, 875 Linux distributions, 99 SERVICE_STOP, 876 Ubuntu, 100 Kickstart, 14, 22, 928–929 Log analysis and correlation, 861 bootloader, 929 Logger, 857–858 disks and partitions, 932 LogicalDoc, 627 firewall and network, 931 Logical volume management (LVM), 21, 62–65 installation source, 929 commands, 401 keyboard, language and time zone, 930 expand, 399–400 managing users, 930 groups, 396–399 package management, 933 introduction, 396 pre-and post-installation, 933 shrink, 400 preseed, 928, 934 volumes, 396–399 requirement, 929 Login, 147 Killing, 805 Login messages, 167–168 Log rotation, 858 command-line options, 860 L options, 859 LDAP Account Manager (LAM) postrotate command, 860 Apache virtual host prerotate command, 860 Linux(Unix) details, 784 Logs, 744–745, 802, 821–822 listing user, 785 Logstash, 863 login, 783 codec plug-ins, 862 shadow details, 785 configuration files, 865 user, 784, 785 defined, 862 web GUI, 783 Elasticsearch, 861, 871 installation and configuration, 780–781 filebeat, 867 web-based GUI, 779 filters, 868–870 LDAP Directory Interchange Format grok function, 870 (LDIF), 741–742, 753–754, 763 input plug-ins, 862 ldapmodify, 746 Java process, 864 L F. See Line feed (LF) Kibana, 861 Library packages, 298 monitor host, 866 Lightning Memory Mapped Database mutate function, 870 (LMDB), 737 rsyslog, 867 Lightweight Directory Access Protocol (LDAP) rubydebug, 865 Apache authentication, 794–795 Ruby syntax, 865 authentication of web services, 739 Long-term support (LTS), 7 backup, 778–779 Lookup tables, 559–561 clients, 765–766 Loopstats, NTP, 420 defined, 734–737 LVM. See Logical volume management (LVM) delete entries, 774 management and tools, 766 replication, 738 M tool options, 769 MAAS. See Metal As A Service (MAAS) tree, 772, 774 Mac OS X, 611–613 Line feed (LF), 83 Magnetic tapes, 637 Linode, 7 Mailbox, 539, 541–543 Linux-image, 325, 345 Mail delivery agents (MDAs), 541, 544, 566 Linux Standard Base (LSB), 201–202 Maildir, 541, 543 List (ls) command, 113, 120–121 Maildrop package, 543 LiveCDs, 12 Mail filters, 541, 544 burn ISO files, 99 Mail transfer agents (MTAs), 530–531 CentOS, 100 Maintenance mode, 186–188

990 ■ INDEX

Makefile, 352–353 functions, 878 man command, 112–113 hosts detail screen, 906 Mandatory Access Control (MAC), 576 host templates, 885 Manifests, 941, 943 htpasswd command, 902 Man-made disaster, 635 ICMP, 892 MariaDB, 668 logs, 899 administration, 496 macro, 887, 890 databases, 496–497 nagios.cfg, 881–883 to MySQL versions, 489 notification period, 888 storage engines, 492–493 plug-ins, 878, 900 Master boot record (MBR), 69, 183, 359–360 plug-in status conversions, 888 Maximum transmission unit (MTU), 224 process information screen, 908 Mbox, 539, 541 remote hosts, 895 MediaWiki, 518 service detail screen, 907 Memory, 76, 800–803, 805–806 ssh command, 897 Messaging directory, 682–683 systemctl command, 881 Metal As A Service (MAAS), 54 Tactical Monitoring Overview screen, 905 Meta users, 759 template, 884 Microsoft Windows time periods, 886 Linux vs., 102 troubleshoot, 908 command line, 104–105, 107–108 Ubuntu, 879–881 GUI desktop, 103 Name-based virtual hosts, 476 shells, 106 Netcat (nc), 537–538 type commands, 108–109 NetBIOS, 602 services, 114 Netfilter, 217 Mirroring, 387 Net installer, 53 Mobile VPN Network address translation (NAT), 267–268 clients, 721–722 Network File System (NFS), 595–596 configuring, 720–721 linux to linux, 614–616 routing, 728, 730 troubleshoot, 616 Modprobe, 239 Network mount, 614 Moodle, 518 Networks Mozilla Thunderbird, 588–590 architecture, 219 Multiple selectors, 854 backups, 639–640 Multiprocessing modules (MPMs), 473 configuration Multiuser mode, 200 bonded interfaces, 237–241 Multiuser operating system, 114 CentOS, 235–237 MX record, 529, 537, 564, 581 multiple IP addresses, 241–242 mydb database, 499 Ubuntu, 242–245 IP Addressing, 220–222 SaaS, 218 N subnetting, 220–222 Nagios TCP/IP, 247–249 alias attribute, 884 TCP Wrappers, 287–288 Apache basic authentication, 902 Network Time Protocol (NTP) authenticated contacts, 903 access control, 421 authenticated users, 903 configuration, 420 authorization directives, 904 cron method, 419 CentOS, 879 driftfile directive, 420 check_by_ssh plug-in, 895, 897 filegen directive, 420 check_command, 886 loopstats, 420 console, 901, 903, 905 ntpdate, 419 contact groups, 889–891 pool, 422–424 -core, 877 strata, 419 debug, 899 system clock, 419

991 ■ INDEX

Network Time service, 32–33 filesystem, 363 newaliases command, 559 IDs and types, 364 Nginx, 474, 823–824 introduction, 359 Nis schema, 750 to /etc/fstab, 382–383 nmcli, 232–234 Partition table, 183 nmtui, 229–231 Passphrase, 18–19 Noninteractive mode, 331–332 passwd command, 128 Noop scheduler, 836 Password aging, 162–163 NRPE, 895 Password Policy (ppolicy), 737, 746 NSCA, 895 overlay, 774, 776 Passwords aging, 162–163 O introduction, 161 Object classes, 736 Path, 109 Object identifier (OID), 751–752 Permissions, 123 Octal notation, 126–127, 129 class, 123–124 OEM. See Original Equipment Manufacturer (OEM) File breakdown, 124 OnCalendar option, 211 octal notation, 126–127 OpenKM, 627 setgid, 128–129 OpenLDAP, 737 setuid, 128–129 CentOS installation guide, 740 types, 123 configuration, 740–741 umask, 128 requirements, 741 PHP, 486–487 slapd, 742, 744 Physical volume (PV), 397–398 Ubuntu installation guide, 740 Pipelining, 564 Open relay, 528, 536 Piping, 140–141 OpenVPN client configuration, 723, 725–727 Platform as a Service (PaaS), 8 OpenVPN tunnel testing, 715–716 Playbook tasks Opportunistic TLS, 546 definition, 966–970 Optional flag, 172, 174 running, 971–973 Organizational units, 736 Pluggable Authentication Modules (PAM), 171, 550, Original Equipment Manufacturer (OEM), 8 553, 793–794 Orphan process, 804 configure, 171, 173–174 control flags, 172, 174 directives, 173 P introduction, 171 PaaS. See Platform as a Service (PaaS) login, 172 Package management, 4 Ubuntu login, 174 CentOS, Application Installer, 300–306 Pool.ntp.org project, 422 compiling from source, 348–350 Pools directory, 680–681 compile and make, 352 postalias command, 559 configure, 350–352 Postfix, 204, 206 install, 353 authentication, 549 uninstall, 354 Dovecot’s SASL, 550–554 defined, 297 SMTP AUTH and SASL, 550 introduction, 297–298 test, 555–556, 558–559 Ubuntu, 322 CentOS installation, 530–531 software app, 335–337, 339–341, 343 ClamAV, 579 Package manager, 117, 297 configuration, 532–533, 535 Packages, 117, 297, 299 edit, 534 PAM, 791 encryption, 544 Partitions SSL certificates, 545 disks and, 360 TLS, 545–549 fdisk, 360 help, 561–562

992 ■ INDEX

initial configuration, 535–537 Red Hat Package Management (RPM), 4–5 lookup tables, 559–561 install, 318 start, 531–532 introduction, 315 test, 537–540 query, 315–318 Ubuntu installation, 531 remove, 318 virtual domains, 559–561 from source, 319–322 Post Office Protocol (POP3), 585–586 Redirection, 140 Power-on self-test (POST), 182 Redundant Array of Inexpensive Disks PowerShell, 88 (RAID), 359, 834 PPP service array, 389–396 ADSL fake, 386 dsl-provider, 294 hardware, 386 modem/concentrators, 289 introduction, 386 nmcli, 288 mdadm command, 390, 393 pppoeconf, 289–293 processor to rescue, 388 Ubuntu, 294–295 software, 386 Preboot Execution Environment (PXE), 912 striping and mirroring, 387 Preseeding, 911 types, 386 Primary domain controller (PDC), 602 Regex style, 756 Primary group, 130, 153 Regular expressions, 135–136 Print servers, 627 Relative distinguished name (RDN), 735 Private enterprise number (PEN), 751–752 Reliable event logging protocol (RELP) Process ID (PID), 115, 193–194 client, 855–856 Proc filesystem, 394, 833–834 defined, 847 Proposed VPN configuration, 704 server, 855–856 Public key encryption, 505 Remote access Public key infrastructure (PKI), 582 help, 112–114 Puppet masters, 937 SSH, 110–112 PuTTY client, 111 Remote host, 645–646 pwd command, 117 Replicated volume, 618 Python3, 915 Repositories, 306, 309–310, 333 Require directive, 484 Required flag, 172 Q Requisite flag, 172–173 Querying name servers, 429–430 Rescue mode, 14, 410–411 Reserved blocks, 371 Resource Abstraction Layer (RAL), 943 R Resource record sets (RRsets), 439 Rackspace, 7 Resource record signature (RRSIG), 440 RAM, 801 Reverse lookup zones, 446–449 Raspberry Pi, 627 Reverse proxy, 519 Read permissions, 123 Ring buffer, 361–362 Read plug-ins, 811 Root certificate, 506 Real-time blackhole lists (RBLs), 564 Root directory, 117, 120 Reboot, 210 Root name servers, 427–428 Red Hat, 617 Root password, 39 Red Hat Enterprise Linux Advanced Platform Root user, 38 (RHELAP), 4 Root volume, 21 Red Hat Enterprise Linux (RHEL), 300 Root zone, 427 CentOS, 5 Round-robin database (RRD), 812 Fedora Project, 5 Routing, 717 free of charge, 6 Rsync RHELAP, 4 backup script, 648–651 server platforms, 4 crontab, 648

993 ■ INDEX

Rsync (cont.) Sealing key, 843 introduction, 640 Secure Shell (SSH), 88, 640–643, 897 options, 648 agent, 465 over SSH check_by_ssh plug-in, 895 authorized_keys, 642–643 client configuration, 467–468 Bash script, 641 configuration, 466–467 chroot jail, 642 defined, 110 test, 646–647 file transfer, 470 Rsyslog Git Bash, 111 actions, 852–853 introduction, 463 combine multiple selectors, 854 keys, 464–465 configuration, 847–848, 850 PuTTY client’s, 111 facilities, 851 TCP/IP, 110 priorities, 852 tunnelng, 468–469 start, 857 Secure Sockets Layer (SSL), 544–545 stop, 857 Security Content Automation Protocol syslog, 847 (SCAP), 33 uses UDP port 514, 853 Security profile, 34 rsyslogd daemon, 198 Self-signed certificates, 507 Ruby code, 91 SELinux, 575–578, 913 Ruby hash syntax, 865 Sender Policy Framework (SPF), 580–581 Runlevels, 200–202, 206 Sendmail, 530 Service configuration files, 171 Services S check_command, 892 S3 buckets check_smtp, 894 AWS user policies, 656–657 defined, 892 Glacier storage, 655 disable, 207 life-cycle option, 654 enable, 207–208 life-cycle policy, 654 local-service, 893 our-backups, 653–654 manage, 203 test, 657–659 systemd, 204–206 Safe-upgrade, 334 Setgid permissions, 128–129 Samba Shadow passwords, 165–166 AD, 597, 599 SHA512 hashes, 166 configuration, 601–605 Shell, 106 DNS test, 600 command aliases, 170 interactive mode, 598–599 configuration, 168 introduction, 596 environment variables, 168–169 iptables rules, 608 Shut down, 210 Kerberos test, 600–601 Sieve, 572–573 linux, 609–611 Signatures, 573 Mac OS X, 611–613 Simple Authentication and Security test, 599 Layer (SASL), 738 tool, 598, 605 Dovecot, 550–554 users, 605–608 SMTP AUTH and, 550 variable substitutions, 605 Simple Mail Transfer Protocol Schedules directory, 678 (SMTP), 506, 526, 536 Schema Simple method, 737 cosine, 750 Single sign-on, 787–788 creation, 750–753 Single-user mode, 186–187 definition, 736 SKEL option, 152 ldapsearch, 754 Slapd nis, 750 OpenLDAP, 740, 742, 744 slaptest command, 753 run, 763 vi editor, 754 with TLS, 764–765 994 ■ INDEX slaptest command, 753 sudo command, 60, 108, 149 Slave server, 444, 452 CentOS, 175 Small Computer System Interface (SCSI), 358 command-line options, 179 Smarthosts, 558–559 configure, 176–179 Snapshots, 377 send e-mail, 178 Socket, 247, 551 Ubuntu, 175 Soft fail state, 893 unauthorized, 176 Software RAID, 386 using, 175 Source Network Address Translation (SNAT), 221 Sufficient flag, 172, 174 Sources directory, 319 Superblock, 370 Spam Supplementary groups, 130, 153 defined, 562 Support models, 4 Maildir directory, 571 Swap memory, 800 Postfix for Antispam, 563–565 Swap space, 65, 806–807 Sieve, 572–573 Symbolic links, 122 SpamAssassin sysctl, 833–834 help, 570 syslog, 847, 851 install and configure, 565–566 System administrators, 861 Postfix, 566–567 System clocks, 419 test, 567–570 systemctl command, 204, 206, 208, 209 spamc command, 567 systemd, 115, 203–206, 210 Spamd daemon, 565 AllowIsolate option, 196 Specs directory, 320 CentOS, 194 Splash screen, 13–14, 54–55 EnvironmentFile, 197 SQL database ExecStart option, 197 configuration, 489–491 install section, 196–197 installation, 489 load path, 195 introduction, 488–489 Restart option, 197 MariaDB administration, 496 Service sections, 197 MariaDB databases, 496–497 targets to boot to rescue mode, 195 MariaDB storage engines, 492–493 timers server test, 491 Cron, 211 users and privileges, 498–499 OnCalendar option, 211 XtraDB, 493–496 section, 211 Squid-Cache, 519 UMask sets, 197 ACLs, 520 unit files, 198 client configuration, 522–523 unit section, 196 configuration, 519–521 SystemV, 193–194, 198–200, 208–210 transparency, 523 SysV init, 198, 200–203, 206 web accelerator, 519 SysV init.d, 208–209 SRPMS directory, 319 SSF, 764–765 sssd, 788–790, 792–793 T Standard Technical Implementation Tarball file, 349 Guide (STIG), 35 TCP, 667 Start of Authority (SOA), 436 TCP Wrappers, 287–288 Stateless address autoconfiguration (SLAAC), 224 Terminal emulator tool, 105 Static addresses, 24 Terminator Statistics-file, 442 install, 339 Sticky permissions, 129 more information, 338 Storage, 357–359 remove, 340 Storage daemon, 666 search, 337 Storage devices, 834 Test Driven Development (TDD), 974 Strata, 419 Thunderbird, Mozilla, 588–590 Striped volume, 618 timedatactl command, 418 Striping, 387 Time, NTP, 419–421 995 ■ INDEX

Time-series database, 812 PAM, 172 Time to live (TTL), 444–445 parameters, 243 Top-level domains (TLDs), 439 PID, 194 Transmission control protocol/internet protocol Postfix, 531 (TCP/IP), 110 runlevel, 200 OSI model, 247–248 server installation, 53 socket, 247 applications for host, 67 Transmission Control Protocol (TCP), 264 assumptions, 53 Transparent proxy, 523 automatic install system updates, 66 Transport Layer Security (TLS), 505–506, 508–509, base system requirements, 65 530, 544–549, 764–765 booting, 70 Trivial File Transfer Protocol (TFTP), 912, 919 configure mail server, 68 Troubleshooting, 71 decrypt hard drives, 69–70 diagnostic information, 71 disk encryption password, 64 resources, 71 disks partitions, 62–63 restart installation, 71 full name of new user, 60 network GRUB, 69 chains, 265–266 home directory, 61 diagnostic tools, 257 installation complete, 69 dig, 255–257 language, 54, 56 Firewalld, 268–270 LVM partition, 64–65 MTR, 250–251 master boot record, 69 NAT, 267–268 Metal As A Service, 54 Netcat, 254 MySQL database, 67 Netfilter/iptables, 263–264 origin of keyboard, 58 ping, 249–250 password for new user, 60–61 policy, 267 proxy server settings, 66 routes and forwarding packets, 257, 259–263 select keyboard, 57, 59 tables, 265 select region, 56–57 tcpdump, 251–253 setting hostname, 59 ufw, 270–272 splash screen, 55 OpenVPN, 730 sudo command, 60 Trusted facts, 951 time zone, 61 Trusted pool, 617 username, 60 tune2fs, 371, 373 sudo command, 149, 175 Tunneling protocol, 468–469 SysV init.d, 208–209 TXT record, 580, 584 unity desktop, 104 useradd command, 151 Udev, 628 U ulimit command, 831–832 Ubuntu, 4–6, 53–60, 62–70, 92, 226 Umask, 128, 197 adduser command, 157 Unified Extensible Firmware Interface admin, 179 (UEFI), 69, 181–185 backports, 348 Unity desktop, 104, 335 bond device, 244 Universal unique identifier (UUID), 89, 369 command-line login, 100, 101 Update-rc.d command, 209 Debian, 11 Upstart, 198–199 DHCP, 243 Upstream RPMs, 319 diagnostic information, 71 Uptime command, 799 EFI partition, 185 USB drive, 11–12 GUI tool, 159 useradd command, 150, 154 LiveCDs, 100, 102 User class, 124–126 login PAM service configuration file, 174 User Datagram Protocol (UDP), 264 Nagios, 879–881 User ID (UID), 154, 156, 165 OpenLDAP, 740 User private group (UPG), 153

996 ■ INDEX

Users IP-based, 476 auditing access, 180 name-based, 476 control, 170 PHP, 486, 488 create, 150–151 Ubuntu, 477–479 default settings, 151–153 Virtualization, 73–74, 88 delete, 156 Virtual Machine Manager disable, 163–164 information screen, 302 GUI, 159–160 installation, 303 store data, 164–166 pending installation, 302–303 working with, 148 select, 302 User space filesystem, 617 Virtual Machines, 12 UUID. See Universal unique identifier (UUID) Virtual private network (VPN) application, 703 authentication, 707–712 V branch server, 712–714 Vagrant, 74, 88–92, 94–96, 100 configuring, 704 base box, 94 gateway server, 705–707 box, 92 head office with hosts, 702 concepts, 88 installation, 703 Git Bash terminal, 95–96 IP address, 702 installation, 88 mobile users, 719 integrates with virtualbox, 89 platforms, 703 introduction, 87 private network, 701 licensing, 88 software, 701 options, 90 start and stop services, 704 SSH, 95 Virtual users, 592 start with, 94 Viruses, 579 status, 95 visudo command, 176 subcommands, 90 vmstat, 806–807 up, 93–94 VRFY command, 565 Vagrantfile, 91–93 vagrant init, 91 VDI. See VirtualBox Disk Image (VDI) W Verify key, 843 Web accelerator, 519 Version control systems (VCS), 82, 883, 940 Web applications, 518 VirtualBox, 17, 23, 73, 75–80, 82, 88, 92 Web-based GUI, 779 installation, 74 Web caching, 518–519 Centos7, 80 Web presence, 500–504 CentOS ISO ready, 81 Web server, 739 Choose disk, 77 Web services, 505 console, 75 Web-UI, 698, 700 disk amount, 79 wget command, 349 dynamically disk allocation, 79 Whisper, 816, 818 licensing, 74 whoami command, 108 memory allocation, 77 who command, 180 memory size, 76 Whois command, 428–429 naming and setting, 76 Winbind, 607 select image, 81 WordPress VirtualBox Disk Image, 78 administration console, 504 VirtualBox Disk Image (VDI), 78 administration details, 502–503 VirtualBox host, 922 edit, 501 Virtual domains, 559–561, 592 installation, 502 Virtual host, Apache, 478–479 login, 504 apachectl command, 476 password, 503 curl command, 477 Workgroup, 602

997 ■ INDEX

Wrapper script, 643–644 DNF, 314 Write permissions, 123 install, 308–309 Write plug-ins, 811 introduction, 306–307 options, 307 remove, 310 X repositories, 309–310 X application, 103 X.500 DAP OSI model, 734–735 XFS filesystem, 373–374 Z XtraDB engine, 493–496 Zen Discovery module, 871 Zombie process, 805 Zone metadata, 436–437 Y Zones YAML, 863 defined, 427 Yellowdog Updater Modified (YUM) forward lookup, 445 additional tasks, 310–311 header fields, 444 configure, 311 reverse lookup, 446–449 repository options, 312 rezone, 444 variables, 313

998