Principles of Network and System Administration Second Edition Mark Burgess Oslo University College, Norway Principles of Network and System Administration Second Edition Principles of Network and System Administration Second Edition Mark Burgess Oslo University College, Norway Second edition copyright c 2004 John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England Telephone (+44) 1243 779777 Email (for orders and customer service enquiries): cs-books@wiley.co.uk Visit our Home Page on www.wileyeurope.com or www.wiley.com First edition copyright c 2000 John Wiley & Sons Ltd Cover painting: Man + Air + Space, 1915 (oil on canvas) by Lyubov’ Sergeena Popova (1889-1924) State Russian Museum, St Petersburg, Russia/Bridgeman Art Gallery All Rights Reserved No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the terms of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London W1T 4LP, UK, without the permission in writing of the Publisher, with the exception of any material supplied specifically for the purpose of being entered and executed on a computer system for exclusive use by the purchase of the publication Requests to the Publisher should be addressed to the Permissions Department, John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England, or emailed to permreq@wiley.co.uk, or faxed to (+44) 1243 770620 This publication is designed to provide accurate and authoritative information in regard to the subject matter covered It is sold on the understanding that the Publisher is not engaged in rendering professional services If professional advice or other expert assistance is required, the services of a competent professional should be sought Other Wiley Editorial Offices John Wiley & Sons Inc., 111 River Street, Hoboken, NJ 07030, USA Jossey-Bass, 989 Market Street, San Francisco, CA 94103-1741, USA Wiley-VCH Verlag GmbH, Boschstr 12, D-69469 Weinheim, Germany John Wiley & Sons Australia Ltd, 33 Park Road, Milton, Queensland 4064, Australia John Wiley & Sons (Asia) Pte Ltd, Clementi Loop #02-01, Jin Xing Distripark, Singapore 129809 John Wiley & Sons Canada Ltd, 22 Worcester Road, Etobicoke, Ontario, Canada M9W 1L1 Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books Library of Congress Cataloging-in-Publication Data Burgess, Mark, 1966– Principles of network and system administration / Mark Burgess – 2nd ed p cm ISBN 0-470-86807-4 (Paper : alk paper) Computer networks – Management Computer systems I Title TK5105.5.B863 2003 005.4 – dc22 2003019766 British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library ISBN 0-470-86807-4 Typeset in 10/12pt Bookman by Laserwords Private Limited, Chennai, India Printed and bound in Great Britain by Biddles Ltd, Guildford and King’s Lynn This book is printed on acid-free paper responsibly manufactured from sustainable forestry in which at least two trees are planted for each one used for paper production Contents Preface to second edition xi Introduction 1.1 What is network and system administration? 1.2 Applying technology in an environment 1.3 The human role in systems 1.4 Ethical issues 1.5 Is system administration a discipline? 1.6 The challenges of system administration 1.7 Common practice and good practice 1.8 Bugs and emergent phenomena 1.9 The meta principles of system administration 1.10 Knowledge is a jigsaw puzzle 1.11 To the student 1.12 Some road-maps 1 2 3 6 System components 2.1 What is ‘the system’? 2.2 Handling hardware 2.3 Operating systems 2.4 Filesystems 2.5 Processes and job control 2.6 Networks 2.7 IPv4 networks 2.8 Address space in IPv4 2.9 IPv6 networks 11 11 13 16 25 43 46 55 63 68 Networked communities 3.1 Communities and enterprises 3.2 Policy blueprints 3.3 System uniformity 3.4 User behavior: socio-anthropology 3.5 Clients, servers and delegation 3.6 Host identities and name services 75 75 76 77 78 78 80 vi CONTENTS 3.7 3.8 Common network sharing models Local network orientation and analysis Host management 4.1 Global view, local action 4.2 Physical considerations of server room 4.3 Computer startup and shutdown 4.4 Configuring and personalizing workstations 4.5 Installing a Unix disk 4.6 Installation of the operating system 4.7 Software installation 4.8 Kernel customization 82 86 109 109 109 111 114 121 124 131 140 and users 147 147 147 153 154 161 163 168 171 173 186 195 196 201 207 213 219 223 225 227 228 231 Configuration and maintenance 7.1 System configuration policy 7.2 Methods: controlling causes and symptoms 7.3 Change management 7.4 Declarative languages 7.5 Policy configuration and its ethical usage 7.6 Common assumptions: clock synchronization 7.7 Human–computer job scheduling 7.8 Automation of host configuration 7.9 Preventative host maintenance 235 236 237 239 240 240 241 242 248 252 User management 5.1 Issues 5.2 User registration 5.3 Account policy 5.4 Login environment 5.5 User support services 5.6 Controlling user resources 5.7 Online user services 5.8 User well-being 5.9 Ethical conduct of administrators 5.10 Computer usage policy Models of network and system administration 6.1 Information models and directory services 6.2 System infrastructure organization 6.3 Network administration models 6.4 Network management technologies 6.5 Creating infrastructure 6.6 System maintenance models 6.7 Competition, immunity and convergence 6.8 Policy and configuration automation 6.9 Integrating multiple OSs 6.10 A model checklist CONTENTS 7.10 7.11 7.12 vii SNMP tools 255 Cfengine 258 Database configuration management 268 Diagnostics, fault and change management 8.1 Fault tolerance and propagation 8.2 Networks and small worlds 8.3 Causality and dependency 8.4 Defining the system 8.5 Faults 8.6 Cause trees 8.7 Probabilistic fault trees 8.8 Change management revisited 8.9 Game-theoretical strategy selection 8.10 Monitoring 8.11 System performance tuning 8.12 Principles of quality assurance 281 281 283 285 287 288 297 299 303 304 313 314 324 Application-level services 9.1 Application-level services 9.2 Proxies and agents 9.3 Installing a new service 9.4 Summoning daemons 9.5 Setting up the DNS nameservice 9.6 Setting up a WWW server 9.7 E-mail configuration 9.8 OpenLDAP directory service 9.9 Mounting NFS disks 9.10 Samba 9.11 The printer service 9.12 Java web and enterprise services 331 331 332 333 333 337 353 365 373 374 378 379 382 10 Network-level services 10.1 The Internet 10.2 A recap of networking concepts 10.3 Getting traffic to its destination 10.4 Alternative network transport technologies 10.5 Alternative network connection technologies 10.6 IP routing and forwarding 10.7 Multi-Protocol Label Switching (MPLS) 10.8 Quality of Service 10.9 Competition or cooperation for service? 10.10 Service Level Agreements 391 391 392 393 397 400 401 407 408 413 415 11 Principles of security 423 11.1 Four independent issues 424 11.2 Physical security 426 620 BIBLIOGRAPHY [305] S Traugott and J Huddleston Bootstrapping an infrastructure Proceedings of the Twelfth Systems Administration Conference (LISA XII) (USENIX Association: Berkeley, CA), page 181, 1998 [306] M Urban Udb: Rand’s group and user database Proceedings of the Fourth Large Installation System Administrator’s Conference (LISA IV) (USENIX Association: Berkeley, CA), page 11, 1990 [307] D.L Urner Pinpointing system performance issues Proceedings of the Eleventh Systems Administration Conference (LISA XI) (USENIX Association: Berkeley, CA), page 141, 1997 [308] P van Epp and B Baines Dropping the mainframe without crushing the users: mainframe to distributed unix in nine months Proceedings of the Sixth Systems Administration Conference (LISA VI) (USENIX Association: Berkeley, CA), page 39, 1992 [309] R.R Vangala, M.J Cripps, and R.G Varadarajan Software distribution and management in a networked environment Proceedings of the Sixth Systems Administration Conference (LISA VI) (USENIX Association: Berkeley, CA), page 163, 1992 [310] A Vasilatos Automated dumping at project athena Proceedings of the Large Installation System Administration Workshop (USENIX Association: Berkeley, CA), page 7, 1987 [311] Wietse Venema Tcp wrappers http://ciac.llnl.gov/ciac/ToolsUnixNetSec html [312] J.S Vă ckler o tune.html http://www.rvs.uni-hannover.de/people/voeckler/tune/en/ [313] J von Neumann The general and logical theory of automata Reprinted in vol of his Collected Works, 1948 [314] J von Neumann Probabilistic logics and the synthesis of reliable organisms from unreliable components Reprinted in vol of his Collected Works, 1952 [315] W.A.Doster, Y.-H Leong, and S.J Matteson Uniqname overview Proceedings of the Fourth Large Installation System Administrator’s Conference (LISA IV) (USENIX Association: Berkeley, CA), page 27, 1990 [316] L Wall and R Schwarz Programming perl O’Reilly & Assoc., California, 1990 [317] C Warrender, S Forrest, and B Pearlmutter Detecting intrusions using system calls: Alternative data models Submitted to the 1999 IEEE Symposium on Security and Privacy, 1999 [318] A Watson and B Nelson Laddis: A multi-vendor and vendor-neutral spec nfs benchmark Proceedings of the Sixth Systems Administration Conference (LISA VI) (USENIX Association: Berkeley, CA), page 17, 1992 BIBLIOGRAPHY 621 [319] D.J Watts Small Worlds Princeton University Press, Princeton, 1999 [320] L.Y Weissler Backup without tapes Proceedings of the Fifth Large Installation Systems Administration Conference (LISA V) (USENIX Association: Berkeley, CA), page 191, 1991 [321] J Heiser and W.G Kruse Computer Forensics Essentials Addison-Wesley, New York, 2001 [322] B White, W.T Ng, and B.K Hillyer Performance comparison of ide and scsi disks Technical report, Bell Labs, 2001 [323] E.T Whittaker and G Robinson Calculus of observations Blackie and Son Ltd., London, 1929 [324] W Willinger and V Paxson Where mathematics meets the internet Notices of the Am Math Soc., 45(8):961, 1998 [325] W Willinger, V Paxson, and M.S Taqqu Self-similarity and heavy tails: structural modelling of network traffic In A Practical Guide to Heavy Tails: Statistical Techniques and Applications, pages 27–53, 1996 [326] C.E Wills, K Cadwell, and W Marrs Customizing in a unix computing environment Proceedings of the Seventh Systems Administration Conference (LISA VII) (USENIX Association: Berkeley, CA), page 43, 1993 [327] I.S Winkler and B Dealy Information security technology? Don’t rely on it A case study in social engineering Proceedings of the 5th Security Symposium (USENIX Association: Berkeley, CA), page 1, 1995 [328] W.C Wong Local disk depot: customizing the software environment Proceedings of the Seventh Systems Administration Conference (LISA VII) (USENIX Association: Berkeley, CA), page 51, 1993 [329] B Woodard Building an enterprise printing system Proceedings of the Twelfth Systems Administration Conference (LISA XII) (USENIX Association: Berkeley, CA), page 219, 1998 [330] M Wyers and S Eisenbach Lexis exam invigilation system Proceedings of the Fifteenth Systems Administration Conference (LISA XV) (USENIX Association: Berkeley, CA), page 199, 2001 [331] H.Y Yeom, J Ha, and I Kim Ip multiplexing by transparent port-address translator Proceedings of the Tenth Systems Administration Conference (LISA X) (USENIX Association: Berkeley, CA), page 113, 1996 [332] T Ylonen Ssh–secure login connections over the internet Proceedings of the 6th Security Symposium (USENIX Association: Berkeley, CA), page 37, 1996 [333] M Zapf, K Herrmann, K Geihs, and J Wolfang Decentralized snmp management with mobile agents Proceedings of the VI IFIP/IEEE IM Conference on Network Management, page 623, 1999 622 BIBLIOGRAPHY [334] M.V Zelkowitz and D.R Wallace Experimental models for validating technology IEEE Computer, May, 23, 1998 [335] E Zwicky Backup at Ohio State Proceedings of the Workshop on Large Installation Systems Administration (USENIX Association: Berkeley, CA), page 43, 1988 [336] E.D Zwicky Disk space management without quotas Proceedings of the Workshop on Large Installation Systems Administration III (USENIX Association: Berkeley, CA), page 41, 1989 [337] E.D Zwicky Enhancing your apparent psychic abilities Proceedings of the Fifth Large Installation Systems Administration Conference (LISA V) (USENIX Association: Berkeley, CA), page 171, 1991 [338] E.D Zwicky Torture testing backup and archive programs: things you ought to know but probably would rather not Proceedings of the Fifth Large Installation Systems Administration Conference (LISA V) (USENIX Association: Berkeley, CA), page 181, 1991 [339] E.D Zwicky Typecast: beyond cloned hosts Proceedings of the Sixth Systems Administration Conference (LISA VI) (USENIX Association: Berkeley, CA), page 73, 1992 [340] E.D Zwicky Getting more work out of work tracking systems Proceedings of the Eighth Systems Administration Conference (LISA VIII) (USENIX Association: Berkeley, CA), page 105, 1994 [341] E.D Zwicky, S Simmons, and R Dalton Policy as a system administration tool Proceedings of the Fourth Large Installation System Administrator’s Conference (LISA IV) (USENIX Association: Berkeley, CA), page 115, 1990 Index -D option, 263 -N option, 263 directory, 27 directory, 27 /etc/hosts, 127 Average time before failure, 508 + in make, 553 $< in make, 553 $? in make, 553 CACLS command, 37 PRINTER, 382 PwDump, Windows, 472 arch program, 88 biod, 377 cancel, 382 catman command, 545 chgrp command, 31 chmod command, 30 chown command, 31 configure, 135 cp command, 544 cron, 259, 545 crontab command, 242 crypt(), 566 df command, 543 dig, 89 dnsquery, 547 domainname, 89 du command, 543 dump command, 544 etherfind command, 548 exportfs command, 375 find command, 545 for loop in Perl, 558 foreach loop in Perl, 558 fork(), 567 fsck program, 546 ftp, 134 groups and time intervals, 267 groups in cfengine, 261 host lookup, 89 ifconfig command, 61, 548 in.rarpd, 129 inetd, 545 installboot, SunOS, 142 iostat command, 547 kill command, 545 ldconfig command, 545 ldd command, 545 ln -s, 27 ln, 27 locate command, 545 lpc, 382 lpd, 382 lpq, 382 lprm, 382 lpr, 382 lpsched, 382 lpshut, 382 lpstat -a, 382 lpstat -o all, 382 lp, 382 ls -l, 28 mach program, 88 make, 135 mkfile command, 129 mkfs, 117 mount -a, 376 mount command, 376 mountd, 377 mwm window manager, 155 ncftp, 134 ndd, kernel parameters, 141 netstat command, 547 netstat -r and routing table, 547 netstat -r command, 62 624 newfs, 117 newfs command, 546 nfsd, 377 nfsiod, 377 nfsstat command, 547 nice, 546 nslookup, 89, 547 ping command, 446, 547 probe-scsi, Sun, 122 ps command, 545 rdump command, 544 renice command, 546 restore command, 544 rlogin command, 543 rm -i command, 455 route command, 548 rpc.mountd, 377 rpc.nfsd, 377 rsh command, 543 sendmail, 546 shareall, 376 share, 375, 376 snoop command, 548 ssh command, 543 startx, 155 su -c command, 138 swapon command, 546 tar command, 544 telnet command, 543 traceroute command, 548 ufsdump command, 544 umask variable, 30 uname, 88 updatedb script, 545 vmstat command, 547 whatis command, 545 which command, 545 whois command, 547 xdm, 155 xhost command, 477 xntpd, 242 bashrc, 155 cshrc, 150, 155 mwmrc, 155 profile, 150, 155 rhosts, 543 xinitrc, 155 INDEX xsession , 155 /bin, 26 /devices, 26 /dev, 26 /etc/aliases, 372 /etc/checklist, 376 /etc/checklist, HPUX, 117 /etc/dfs/dfstab, 41, 375 /etc/ethers, 63 /etc/exports, 41, 375 /etc/filesystems, AIX, 117 /etc/filesystems, 376 /etc/fstab, 117, 376 /etc/group, 28 /etc/hosts.allow, 377 /etc/inetd.conf, 333 /etc/inittab, 112 /etc/named.conf, 339 /etc/nsswitch.conf, 128 /etc/printcap, 379 /etc/resolv.conf, 90, 127 /etc/services, 333 /etc/system, 321 /etc/vfstab, 117, 376 /etc, 26 /export, 26 /home, 26 /sbin, 26 /sys, 26 /users, 26 /usr/bin, 26 /usr/etc/resolv.conf on IRIX, 127 /usr/local/gnu, 133 /usr/local/site, 133 /usr/local, 26, 133 /usr, 26 /var/adm, 27 /var/mail, 546 /var/spool, 27 /var, 27 INSTALL, 134 README, 134 cfagent.conf, 258 crack, passwords, 472 crontab, 242 dfstab, 41 INDEX ftp.funet.fi, 134 ftp.uu.net, 134 lost+found, 117 passwd file, 566 rc files, 112 filehandle in Perl, 561 ==, 555 ‘ ‘ in Perl, 553 chomp command in Perl, 564 chop command in Perl, 564 close command in Perl, 561 die, 564 while in Perl, 558 eq, 555 eq and == in Perl, 555 if in Perl, 558 open command in Perl, 561 rename in Perl, 569 sed as a Perl script, 568 shift and arrays, 556 shift and arrays in Perl, 556 split and arrays, 556 split command, 556 stty and switching off term echo, 566 unless in Perl, 558 while in Perl, 558 Network address, 58 /var/spool/mail, 546 A record, 346 Abstract Syntax Notation, 197 Access bits, 28 Access bits, octal form, 29 Access bits, text form, 29 Access control lists, 32 Access rights, 28 Access to files, 28 ACEs in Windows, 37 ACLs, 32, 483 ACLS in Windows, 37 ACLs, network services, 336 actionsequence, 258 Active Directory, 198, 201 Active users, 163 AD, 198 Administrator account, 21 625 AFS, 39, 150 Agents, 333 Aliases in mail, 372 Aliases, DNS, 81 Alive, checking a host, 547 Analyzing security, 469 Andrew filesystem, 38 Anomaly detection, 313 Application layer, 47 Area Border Router, 406 Area, routing, 403 Argument vector in Perl, 553, 556 ARP, 63, 71 ARP/RARP, 84 Arrays (associated) in Perl, 557 Arrays (normal) in Perl, 555 Arrays and split, 556 Arrays in Perl, 553 AS, 66 ASN, 67 ASN.1, 197 Associated arrays, iteration, 560 AT&T, 18 ATA disks, 14 Athena, 150 ATM, 395 Attacks, links, 138 Authentication, 170 Autonomous system, 66 Autonomous system number, 67 Autonomous System Routing, 407 Back-doors, 437 Background process, Windows, 44 Backup, 442 Backup schedule, 458 Backup tools, 458 Backups, 455 BGP, 65 Big endian, 54 Binary server, 100 BIND, 547 BIND version 9, 339 BIND, setting up, 127 Binding, socket service, 336 BIOS, 17, 113 Block, disk, 323 Blocks, 116 626 Bluetooth, 219 Boot loader, 142 Boot scripts, 112 Booting Unix, 111 Booting, NT, 113 BOOTP protocol, 84 Bootstrapping an infrastructure, 219 Border gateway protocol, 65 Bridge, 50 Broadcast address, 58 BSD 4.3, 243 BSD Unix, 18 Byte order, 54 Cache file, DNS, 339 Cache poisoning, 449 Canonical name, 81, 345 Canonical names, 339 Causality, 287 CD-ROM player, Solaris, 122 cfdisk, 116 Cfengine, 170, 470 cfengine, 258 Cfengine, authentication, 466 Cfengine, checksums, 463 Cfengine, inhomogeneous networks, 204 Cfengine, prevention, 253 Cfengine, specialized hosts, 78 CGI protocol, 575 Checking the mode of installed software, 135 Checking whether host is alive, 547 Checksums, 463 CIDR, 55 Class A,B,C,D,E networks, 55 Classed addresses, 63 Classes, 261 Classes, compound, 263 Classes, defining and undefining, 263 Classless addresses, 64 Classless IP addresses, 55 Clock synchronization, 242 Cloning Windows, 131 Closed system, 522 CNAME, 345, 346 Collisions, 319 INDEX Command interpreter, 20 Command line arguments in Perl, 553, 556 Common Unix Print System, 380 Common Unix Printing system, 380 Community string, 256, 474 Community strings, 215 Compiling sendmail, 367 Components, handling, 14 Compound classes, 263 Computer immunology, 226 Connection times, TCP, 321 Contact with the outside world, 62 Contention, 104 Contention in networks, 393 Convergence, 220, 226 Corollary Aliases, 101 Authentication is re-identification, 444 Data invulnerability, 441 Minimum privilege, 21 Multiuser communities, 76 Network communities, 76 Performance, 318 Privileges ports, 356 Redundancy, 220 Reproducibility, 220 Trusted third parties, 465 Corruption in filesystem, 297 Cricket, 313 cron, 242 Cron jobs, controlling with cfagent, 265 CUPS, 379, 380 Cut as a Perl script, 561 Cutset, fault tree, 303 Cygwin Unix compatibility for NT, 134 Daemon, 336 Daemons, 79 Daemons and services, 333 Daemons, starting without privilege, 138 Data links layer, 47 Day of the week, 267 DCE, 39, 150 INDEX Death to the users, 95 Default nameserver, 90 Default printer, 379 Default route, 58, 62, 403, 548 Definition Directory service, 197 Directory User Agent, 199 human–computer system, 11 Peer-to-peer application, 206 Policy, 76 Secure system, 429 Small world network, 283 Defunct process, 44 Delegation, 58, 204 Delta distribution, 527 Demultiplexing, 223 Denial of service attack, 443, 447 DENIM, 200 Dependencies in Makefiles, 550 Dependency, 100 Dependency problems, 295 Depot, 133 Determinism Quality of Service, 410 Deterministic system, 522 Devices, 122 DFS, 39 DFS, Windows, 39 Diagnostics, 291 Differences, hosts, 78 Differentiated services, 411 Diffserv, 411 Digital signatures, 465 Directory services, 197 Disk backups, 455 Disk doctor, 546 Disk mirroring, 104, 442 Disk partition names, 123 Disk performance, 318 Disk quotas, 164 Disk repair, 546 Disk statistics, 547 Disk striping, 318 Disk, installing, 121 Distinguished Name, 198 Distributed Computing Environment, 39 627 Distribution, measurements, 526 DNS, 88, 89, 337, 547 DNS aliases, 81 DNS and Directory Services, 199 DNS and IPv6 registration, 347 DNS and IPv6, Solaris, 128 DNS cache file, 339 DNS lookup with host, 92 DNS, BIND setup, 127 DNS, mail records, 346 DNS, revoking ls rights, 342 Domain, 88 Domain name, 89 Domain name system, 337 Domain name, definition, 127 Domain OS, 32 Domain, listing hosts in, 94 Domain, Windows, 84 DOS, 17 DoS attack, 447 Dots in hostnames, 264 Down, checking a host, 547 Downtime, 508 Drive letter assignment, 117 Dynamical systems, 536 Encryption, 566 Entropy, 523 Entry points to OS code, 16 Environment variables, 45 Environment variables in Perl, 553, 557 Error law, 530 Error reporting, 291 Errors in Perl, 564 Ethernet, 397 Length limit, 397 Ethics responsibility for infrastructure, 238 Executable, making programs, 30 Exiting on errors in Perl, 564 Export files, 377 Exporting filesystems, Unix, 41 Exporting on GNU/Linux, 375 Exterior routing, 403 Exterior Routing Protocol, 407 External hosts not seem to exist, 62 628 Fail-over, 223 Fault tolerance, policy, 253 Fault tree analysis, 299 fdisk, 116 FEC, 408 Feedback regulation, 226 File access permission, 28 File handles in Perl, 561 File hierarchy, Unix, 25 File protection bits, 28 File sharing, Windows/Unix, 378 File type problem in WWW, 364 Files in Perl, 561 Files, iterating over lines, 561 Finding a mail server, 92 Finding domain information, 547 Finding the name server for other domains, 93 Fire cell, 110 Firewall, 129 Firewalls, 486 For loop, 559 For loops in Perl, 558 Foreach loop, 559 Forking new processes, 567 Formatting a filesystem, 546 Forms in HTML, 575 Forwarding Equivalence Class, 408 Fourier analysis, 535 FQHN, 337 Fractal nature of network traffic, 511 Fragment, of block, 323 Fragmentation of IP, 448 Free software foundation, 133 FSF, 133 FTP, 331 Fully qualified names, 264 Game theory, 306, 536 Gateway, 548 Gaussian distribution, 530 Glue record, DNS, 353 GNU software, 133 Grouping time values, 267 groups, 28 GRUB, 127 Guest accounts, 154 INDEX Handling components, 14 Handshaking, 47 Hangup signal, 545 Hard links, 27 Hard links, Windows, 36 Heavy-tailed distribution, 534 Help desk, 161 Hewlett Packard, 18 Hierarchy, file, 25 HINFO, 346 hme fast Ethernet interface, 319 Home directories, location, 150 Home directory, 150 Homogeneity, 204 host -n, 92 host command and DNS, 92 Host name gets truncated, 264 Host name lookup, 90 Hostname lookup, 128 HTTP, 331 HTTPS, 332 Hub, 50 IBM AS/400s, 18 IBM S/370, 18 IBM S/390, 18 IDE disks, 14 IMAP, 332 Immune system, 226 Immunity model, 226 Immunology, 226 Incremental backup, 458, 459 Index nodes, 25, 28 index SONET, 400 inetd master-daemon, 334 Inheritance of environment, 45 Inode corruption, 297 inodes, 25, 28 Installing a new disk, 121 Integrity, 455 Interface configuration, 61, 548 Interior routing, 403 Interior Routing Protocol, 406 Internet domain, 88 Internet protocol IPSec, 480 Interpretation of values in Perl, 555 Interrupts, 17 INDEX Intranet, 360 IP address, 94 IP address lookup, 90 IP address, setting, 61 IP addresses, 55, 337 IP chains, 485 IP slash notation, 342 IP tables, 485 IPSec, 480, 483 IPv6, 55 IPv6 DNS lookup, 128 IPv6 DNS registration, 347 IPv6 in TCP wrappers, 337 ISO, 46 Iterating over files, 561 Iteration over arrays, 560 ITU, 216 junkfilter, 371 Kerberos, 150 Kernel architecture, 141 Kernel configuration, 141 Kernel tuning, Solaris, 321 keys, 560 kill, Windows process , 44 Labelling a disk, 116 Lambda switching, 393 Lame delegation, DNS, 353 Latency, 323 Law of errors, 530 Layer switch, 395, 396 LDAP, 198, 332 LDAP classes, 272 LDAP schema, 272 Lexis, 170 License servers, 136 Link attacks, 138 Linux, 18 Linux, exports, 375 Little endian, 54 lmgrd, license server, 136 Local variables in Perl, 564 Log rotation, 296 Logical NOT, 263 Login directory, 150 Logistic networks, 207 629 Long file listing, 28 Looking up name/domain information, 547 Lookup hosts in a domain, 94 Loopback address, 56, 58, 127 Loopback network in DNS, 339 lp default printer, 379 LPRng, 380 MacIntosh, 17, 229 Macintosh, 85 Magic numbers, 28 Mail address of administrator, 95 Mail aliases, 372 Mail exchangers, 92 Mail queue, 546 Mail records in DNS, 346 Mail relaying, 366 Mail spool directory, 546 Mail, finding the server, 92 Mailbox system, 365 Make program for configuration, 220 Management information base, 215 Management model, 217 Masking programs executable, 30 Master boot record, 113 Mean downtime, 508 Mean time before failure, 508 Mean value, 530 Memory leak, 316 Metropolitan Area Networks, 396 MIB, 215 Mime types in W3, 575 Mirroring of filesystems, 104 Mission critical systems, 425 Mixed strategies, 306 mkfs command, 117 Modular kernel, 322 Months, 267 Mounting filesystems, 42 Mounting filesystems., 544 Mounting problems, 377 MPLS, 395 MRTG, 313 Multi user OS, 16 Multi-port repeater, 50 multi-user mode, 111 Multicast address, 58 630 Multiplexing, 393 Multitasking system, 16 MX, 346 MX records, 346 MySQL, 355 Name service, 80 Name service lookups, 89 Nameserver for other domains, 93 Nameserver list, 127 Naming scheme for Internet, 88 NAT, 67 ndd command, Solaris, 321 NDS, 198 Netmask, 58 Netmask, examples, 59 Netmask, exporting, 377 Network Address Translation, 67 Network address translator, 67 Network byte order, 54 Network information service, 89, 149 Network interface, 46 Network interfaces, 547 Network layer, 47 Network Management Model, 217 Network numbers, 339 Network Operating System, 200 Network, transmission method, 48 Networks, 55 Newcastle filesystem, 38 newfs command, 117 Newsprint, 382 NFS, 38 NFS client/server statistics, 547 NFS, root access, 471 Nine Step Model, 162, 163 NIS, 89, 128, 149 NIS plus, 128 nmap program, 476 nmap, port scanner, 98 No contact with outside world, 62 Non-repudiation, 21 Normal distribution, 530 Normal error law, 530 Normalization, 78 Normalization of a system, 454 NOS, 200 NOT operator, 263 INDEX Novell, 32, 85, 131, 200 Novell Directory Services, 198 Novell disk purge, 293 NS, 346 NTP, 332 Null client (mail), 349 One time passwords, 473 Online examinations, 170 Open system, 522 OpenAFS, 39 Operating system, 16 Operator ordering, 264 Oracle, 355 OSI Management Model, 217 OSI model, 46, 197 Outsourcing, 416 Overheads, performance, 318 Paging, 118 PAM, 230 Parallelism, 223 Parameters in Perl functions, 564 Pareto distribution, 534 Partitions, 122 Passive users, 163 Password cracking, Windows, 472 Password sniffing, 472, 473 Paste as a Perl script, 562 Pattern matching in Perl, 568, 571 Pattern replacement in Perl, 568 PCNFS, 229 Peer-to-peer and BGP, 407 Perl, 251, 470 Perl variables and types, 553 Perl, strings and scalar, 554 Perl, truncating strings, 564 Permissions on files, 28 Permissions on installed software, 135 Persistent connections, 358 PHP, 355 Physical layer, 47 PID, 43 ping, 182 Ping attacks, 446 Pluggable authentication modules, 230 INDEX Police service, policy, 252 Policy, 230 IPSec, 481 Quality assurance, 324 Users, 153 Policy, formalizing, 227 Policy, user support, 161 Port, 336 Port numbers, 408 Port scanning, 87, 98 Port sniffing, 475 Portmapper, 377 Posix ACLs, 32 Predictability, 7, 77, 103, 153 Presentation layer, 47 Preventing loss, 455 Prey-Predator models, 226 Principle Abstraction generalizes, 221 Access and privilege, 426 Active users, 163 Adaptability, 100, 195 Causality, 285 Communities, 75 Community borders, 488 Conflicting rules, 483 Conflicts of interest, 181 Contention/competition, 319 Data invulnerability, 441 Delegation I, 78 Delegation II, 205 Diagnostics, 291 Disorder, 235 Distributed accounts, 149 Equilibrium, 236 Flagging customization, 139 Freedom, 166 Harassment, 181 Homogeneity/Uniformity I, 203 Homogeneity/Uniformity II, 220 Identification requires trust, 444 Inter-dependency, 103 Minimum privilege, 21 Nash dilemma, 306 One name for one object I, 101 One name for one object II, 230 Perceived authority, 176 631 Policy, 236 Policy is the foundation, Predictability, Predictability vs determinism, 410 Predictable failure, 281 Predictable failure of humans, 192 Protocols offer predictability, 443 Rapid maintenance, 324 Rate guarantees, 410 Reliability, 219 Resource chokes and drains, 255 Resource map, 86 Risk, 429 Routing policy, 407 Scalability, 7, 219 Security is a property of systems, 426 Security is about trust, 426 Separate user IDs for services, 356 Separation I, 119 Separation II, 120 Separation III, 136 Service corruption, 480 Simplest is best, 153 Standardized methods offer predictability, 238 Strategic administration, 304 Symptoms and cause, 239, 315 System interaction, 195 System management’s role, 196 Temporary files, 138 Trusted third parties, 465 Uncertainty, 529 Uniformity, 77 Variety, 77 Weakest link, 318 Principle of uniformity, 204 Print services, 379 Print spool area, 379 Print-queue listing, 382 Print-queue, remove job, 382 Print-queue, start, 382 Print-queue, stop, 382 632 Printer registration, 379 Printer, choosing a default, 379 Privilege Limited privilege, 137 Privileged users, 161 Probability distributions, 526 Process ID, 43 Process starvation, 255 procmail, 371 Promiscuous mode, 392 Protection bits, 28 Protocols, 46 Proxy, 333 Proxy, firewall, 488 PTR records, 349 pty’s increasing number, 321 Public keys, 464 q=any, nslookup, 93 q=mx, nslookup, 92 q=ns, nslookup, 93 Quality of Service, 47, 68 queso program, 476 Quotas, 164 Race conditions, 138 RAID, 455 RARP, 63, 84, 129 Real time systems, 425 Redundancy, 223, 441 Registering a printer, 379 Registry, Windows, 131 Regulation, feedback, 226 Relaying, mail, 366 Reliability, 103 Repairing a damaged disk, 546 Repeater, 50 Resolver, setting up, 127 Resources, competition, 204 Restarting daemons, 545 Restricting privilege, 16, 19, 21, 28, 36 root account, 21 Root partition, 123 Rotation, logs, 296 Router, 49, 50, 393, 394 Router/switch difference, 50 Routers, 50 INDEX Routing Domain, 407 Routing domain, 66, 67 Routing information, 548 Routing table, 62, 547 RPC service not registered error, 377 RRDtool, 313 RSVP, 411 Running jobs at specified times, 242 s-bit, 30, 31 S-HTTP, 332 S/KEY, 473 Samba, 229, 378 Scalar variables in Perl, 554 Scheduling priority, 546 Scheduling service, Windows, 243 scli for SNMP, 257 Script aliases in W3, 575 Scripts, 20 SCSI disks, 14 SCSI probe on SunOS, 122 SDH, 50, 400 Searching and replacing in Perl (example), 569 Sectors, 116 Secure attention sequence, 444 Secure Socket Layer, 466 Secure socket layer, 465 Security holes, 437 Security, analysis, 469 Security, passive users, 163 Self-similar network traffic, 511 Sequence guessing, 448 Serial number, DNS, 351 Server message block, 378 Server room, 109 Service configuration, 333 Service Level Agreement, 416 Service packs, Windows, 126 Services, 79, 204 Services and daemons, 333 Services, starting without privilege, 138 Session layer, 47 setgid bit, 30 setuid bit, 30 Setuid programs, 437 Setuid software, 138 INDEX Shadow password files, 472 Shannon entropy, 523 Sharing filesystems, Unix, 41 Shell, 20, 43 Short cuts, Windows, 36 Shutdown, NT, 113 SIMM, 14 Simple Network Management Protocol, 215 Single point of failure, 488 Single task system, 16 Single user mode, 334 Single user OS, 16 single-user mode, 111 Site specific data, 133 SLA, 416 Slash notation, IP, 342 Slowly running systems, 293 SMB protocol, 378 Smurf attack, 449 SNMP, 215, 257, 474 SNMP security, 216 SOA, 346 SOAP, 417 Socket connections, 547 Sockets, 47 Soft links, 27 SONET, 50 Spectrum of frequencies, 535 SQL, 269 SSH, 332 SSL, 465, 466 Standard deviation, 530 Standard error of the mean, 532 Standard I/O in Perl, 561 Standardization, 78 Start up files for Unix, 112 Starvation of process, 255 Static kernel, 322 Statistics, disks, 547 Statistics, NFS, 547 Statistics, virtual memory, 547 Sticky bit, 31 Strategy, 306 Strings in Perl, 554 Structured query language, 269 Subnets, 58 633 Subroutines in Perl, 564 Suffix rules in Makefiles, 550 Suggestion Clear prompts, 156 Cron management, 243 Environment, 155 FAQs, 291 Network security, 429 OS configuration files, 461 Passwords, 150 Platform independent languages, 221 Problem users, 164 SNMP containment, 216 Static data, 458 Tape backup, 460 Unix printing, 380 Unix shell defaults, 156 URL filesystem names, 462 Vigilance, 137 Work defensively, 429 Sun Microsystems, 18 Superuser, 21 Support, 161 SVR4, 596 Swap partition, 123 Swap space, 546 Swapping, 118 Swapping, switching on, 546 Switch, 393 Switch/router difference, 50 Switched networks, 50 Switches, 50, 52 Sybase, 355 Symbolic link attacks, 138 Symbolic links, 27 Symmetric keys, 464 SYN flooding, 447 System 5/System V, 18 System accounting, 164 System policy, 227, 230 System registry, 131 System type, 88 t-bit, 31 T1, 400 T3, 400 TCP tuning, 321 634 TCP wrappers, 336 TCP/IP, 46 TCP/IP security, privilege, 21 TCP/IP spoofing, 447 Team work, 201, 234 Teardrop, 448 Telecommunications Management Network, 216 Terminal echo and stty, 566 Text form of access bits, 29 Thin clients, 128 Thrashing, 320 Time classes, 266 Time service, 242 Time, executing jobs at specified, 242 timezone, 87 TLS, 466 TMN, 216 Token rings, 397 traceroute, 182 Traffic analysis, 534 Transport layer, 47 Transport Layer Security, 466 Tripwire, 463 Troubleshooting, 291 Truncating strings in Perl, 564 Trust relationship, 148 Trusted ports, 21 Trusted third party, 465, 468 TTL, 596 Types in Perl, 553 uid, 150 umask, 33 Undeleting files, 455 Uniformity, 78, 204 Up, checking a host, 547 Usage patterns, understanding, 205 User interface, 16 User name, 19 User support, 161 INDEX user-id, 150 UWIN Unix toolkit for Windows, 134 virtual circuits, 396 Virtual machine model, 220 Virtual memory statistics, 547 Virtual Network Computing, 161 Virtual private network, 477 VLANS, 50 VNC, 161 VPN, 477 WAN, 51 Weather, 15 Web of trust, 465 White Pages, 197 Wide area network, 51 Windows, 17, 84 Windows 2000, 201 Windows, ACL/ACEs, 37 Windows, drive letter assignment, 117 Windows, install, 126 Workstation, NT, 23 WWW security, 479 X.500, 197 xhost access control, 477 XML, 417 XML-RPC, 417 Years, 266 Yellow Pages, 197 Yellow pages, 149 YP, 149 z-OS, 18 z-os, 25 z-series, 25 z/series, 18 Zenworks, 131 Zombie process, 44 .. .Principles of Network and System Administration Second Edition Mark Burgess Oslo University College, Norway Principles of Network and System Administration Second Edition Principles of Network. .. computing systems of all sizes and shapes Mark Burgess Oslo University College Chapter Introduction 1.1 What is network and system administration? Network and system administration is a branch of engineering... security and automation of system administrative tasks Not only is system administration a fascinating and varied line of work, it can also be lucrative 1.6 The challenges of system administration System