Red Hat® Linux® Networking and System Administration Third Edition Terry Collings and Kurt Wall ® ® Red Hat Linux Networking and System Administration Third Edition Red Hat® Linux® Networking and System Administration Third Edition Terry Collings and Kurt Wall Red Hat® Linux® Networking and System Administration, Third Edition Published by Wiley Publishing, Inc 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2005 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN-13: 978-0-7645-9949-1 ISBN-10: 0-7645-9949-6 Manufactured in the United States of America 10 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose No warranty may be created or extended by sales or promotional materials The advice and strategies contained herein may not be suitable for every situation This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services If professional assistance is required, the services of a competent professional person should be sought Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S at (800) 762-2974, outside the U.S at (317) 572-3993 or fax (317) 572-4002 Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books Trademarks: Wiley, the Wiley Publishing logo and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc and/or its affiliates in the United States and other countries, and may not be used without written permission Red Hat is a registered trademark of Red Hat, Inc Linux is a registered trademark of Linus Torvalds All other trademarks are the property of their respective owners Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book About the Authors Terry Collings is the owner of TAC Technology, located in eastern Pennsylvania He provides Linux consulting and training services to a variety of clients Terry has been an adjunct faculty member at several colleges in his area where he has taught A + and Network + certification courses He also has taught courses on Unix, Linux, TCP/IP, and Novell Netware Terry is the author of Red Hat Enterprise Linux For Dummies and has co-authored and contributed to several other Linux books He has been a technical editor for the following books: KDE Bible, The Samba Book, Unix Weekend Crash Course, Red Hat Linux For Dummies, Solaris For Dummies, Fedora Linux For Dummies, and Linux Timesaving Techniques For Dummies Kurt Wall first touched a computer in 1980 when he learned FORTRAN on an IBM mainframe of forgotten vintage; things have improved since then A professional technical writer by trade, a historian by training, and an all-around Linux guy by avocation, Kurt’s work history is diverse These days, Kurt works in the Customer Engineering group at TimeSys Corporation in Pittsburgh, Pennsylvania His primary responsibilities include building and maintaining TimeSys’s Developer Exchange and working with portal customers and users He also fixes broken servers, writes documentation, and builds TimeSys software Kurt, who dislikes writing about himself in the third person, receives entirely too much e-mail at kwall@kurtwerks.com v Credits Acquisitions Editor Debra Williams Cauley Development Editor Sydney Jones Technical Editor William von Hagen Production Editor Angela Smith Copy Editor Foxxe Editorial Services Editorial Manager Mary Beth Wakefield Production Manager Tim Tate Vice President & Executive Group Publisher Richard Swadley Vice President and Publisher Joseph B Wikert Graphics and Production Specialists Carrie Foster Denny Hager Jennifer Heleine Stephanie D Jumper Ron Terry Quality Control Technicians Amanda Briggs John Greenough Susan Moritz Joe Niesen Proofreading and Indexing TECHBOOKS Production Services This book is dedicated to my wife, Nancy, and daughter, Sabrina, who bring joy and wonder every day —Terry Collings To my new wife, Kelly, who is indeed flesh of my flesh and bone of my bone —Kurt Wall Preface C R O S S-R E F E R E N C E Cross-references direct you to related information in another section or chapter N OT E Notes highlight areas of interest or special concern related to a topic Conventions This book uses the following conventions for explanations of how to things on your computer: ■ ■ Italic type introduces new technical terms It also indicates replaceable arguments that you should substitute with actual values — the context makes clear the distinction between new terms and replaceable arguments ■ ■ Bold shows a command you type ■ ■ Monospaced text distinguishes commands, options, and arguments from surrounding explanatory content ■ ■ Keys to press in combination are shown as in this example: Ctrl+Alt+Delete means to press all three keys at the same time ■ ■ The term click means to press the left mouse button once Double-click means to press the left button twice in quick succession Right-click means to press the right mouse button once Drag means to hold down the left mouse button and move the mouse while holding down the button xiii Acknowledgments Terry Collings: My first thought when I was asked to write the third edition of this book was Wow! Now we are doing a third edition, so what can I say now? It appears that we did a good-enough job on the first and second editions that many people bought the book and found it useful So to everyone who bought the first and second editions of the book and made it possible for us to yet another edition, here’s a big thank you! Thanks to Kurt Wall, my co-author, for again doing a great job in our collaboration on this new edition Kurt is very easy to work with, and I hope I’ll have a chance to work with him again Thanks, Kurt, and I wish you all the best in your recent marriage! This book would not have been possible without the hard work of everyone at John Wiley & Sons, especially our acquisitions editor, Debra Williams Cauley, and our development editor, Sydney Jones Debra and Sydney are both consummate professionals who were always there to answer our questions or concerns and make sure we kept on track Thanks go to our copy editor, technical editor, and production staff at Wiley for ensuring that our book is technically accurate and grammatically correct Finally, I would like to thank my wife, Nancy, for all the hours she spent keeping our daughter Sabrina entertained so I could work undisturbed completing this new edition Kurt Wall: I agree with Terry: thanks to everyone who bought the previous editions of this book, which made it possible for us to write this one Unlike Terry, though, I knew what I’d say because many of you contacted me to let me know what we’d missed Thank you It is a privilege and an honor to write for you; I hope this book is worthy of that trust xv xvi Acknowledgments I’m grateful to Terry for again allowing me to work on this book with him Let’s this again, eh? As usual, the staff at Wiley has been terrific, despite the fact that they drove us to meet an insane deadline Debra Williams Cauley, our Acquisitions Editor and Voice of Deadlines Missed, is just a doll; Sydney Jones worked hard to mash the text into something presentable Thank you Debra and Sydney Kudos to the unsung, unnamed others who converted the manuscript into printable copy and who never get enough credit Our technical editor and my friend and colleague from TimeSys, Bill von Hagen, helped us write a tighter, more relevant book Bill also gets an award for keeping me sane during YAB (Yet Another Book) and for keeping me entertained during YADATO (Yet Another Day At The Office) Thanks, Bill! Thanks also to Christopher Faylor, another TimeSys colleague, for reviewing the chapter on RPM and to Tim Wunder, who suggested improvements in the Web services chapter Any remaining mistakes are either figments of your imagination or my responsibility Tim Wunder and the other residents of the Linux Step-by-Step mailing list (http://mail.linux-sxs.org/cgi-bin/mailman//listinfo/linuxusers) were quite forthcoming with ideas and input when I asked for it They’ve been a great group of people with whom to converse these last 12 years and are a big part of the reason I keep getting to write books about Linux Thanks guys Hats off to Red Hat Software and the Fedora Core Project earn mention here for providing our subject matter My agent, Marta Justak, is happy to see me finally nail a deadline but wants to know what Debra does that she couldn’t Beats me! Thanks to Kevin Bartlett for miscellaneous corrections and to Krischan Jodies for his excellent ipcalc tool Above all, if I have any talent as a writer, credit goes to God who gave me the talent, provided me the opportunities to develop and use it, and kept me sober long enough to so Thanks and Amen Contents Preface ix Acknowledgments xv Part One System and Network Administration Defined Chapter Duties of the System Administrator The Linux System Administrator Installing and Configuring Servers Installing and Configuring Application Software Creating and Maintaining User Accounts Backing Up and Restoring Files Monitoring and Tuning Performance Configuring a Secure System Using Tools to Monitor Security Summary 3 7 10 12 12 Chapter Planning the Network Deciding How Your Network Will Be Used 13 13 Understanding Topologies Star Topology Bus Topology Ring Topology Tree Topology Client-Server or Peer-to-Peer? What’s in the Mix? Determining System Requirements Planning and Implementing Security Addressing External and Internal Threats Formulating a Security Policy 15 15 16 16 17 18 19 20 21 21 22 xvii xviii Contents An Effective Password Policy General Security Rules Security Updates An Appropriate Firewall System Planning for Recovery from Disasters Clustering Solutions Disaster Recovery 22 22 23 23 23 24 25 Writing It Down: Good Records Can Save Your Job Summary Chapter 26 28 Standard Installation Exploring Your PC’s Components 29 30 Processor Bus Memory Video Card and Monitor Hard Drive Floppy Disk Drive Keyboard and Mouse SCSI Controller CD/DVD-R/RW Drive Sound Card Network Card Checking for Supported Hardware Creating the Red Hat Boot Disk Starting the Installation Partitioning the Hard Disk Using Disk Druid to Partition Your Disks Naming Disks and Devices Mounting a File System Understanding the Swap Partition Preparing Disk Partitions Setting Up the Partitions Configuring the Installation Installing the Boot Loader Configuring the Network Configuring the Firewall Choosing Additional Languages Setting the Time Zone Setting the Root Password 30 30 31 31 32 32 33 33 33 33 34 34 35 36 42 45 45 46 47 47 49 51 51 54 56 58 59 61 Selecting the Package Groups to Install Running Firstboot Summary Chapter 62 65 70 Kickstart Installation Using the Kickstart Configurator Installing the Kickstart Configurator 71 71 72 Contents Boot Loader Options Screen Partition Information Screen Network Configuration Authentication Firewall Configuration Display Configuration Package Selection Pre-Installation Script Post-Installation Script 77 78 83 84 86 87 90 91 92 Starting the Kickstart Installation 93 Creating a Bootable Floppy Creating a Bootable CD-ROM Starting a Kickstart Installation 93 94 95 Summary Chapter 96 Exploring the Desktops Examining the Graphical Login Screen Logging In and Using the GNOME Desktop 97 97 99 Playing with the Panel Managing Applets on the Panel Choosing Items from the Applications Menu in Fedora Core Choosing Items from the Places Menu in Fedora Core Choosing Items from the Desktop Menu in Fedora Core Choosing Items from the Applications Menu on Enterprise Linux Choosing Actions from the Actions Menu in Enterprise Linux Using the Nautilus File Manager Displaying Your Home Folder Displaying the Contents of a Folder Opening Files Accessing FTP Sites Using Bookmarks Adding a Bookmark Editing Bookmarks Deleting Bookmarks Managing Your Files and Folders Customizing the Nautilus File Manager Editing File Manager Preferences Changing the File Manager Background and Icon Emblems Showing and Hiding Views Configuring GNOME Logging Out Taking a Look at KDE Managing Applets Choosing Applications from the Applications Menu Using the Konqueror File Manager Logging Out of KDE Summary 101 102 103 105 106 107 109 110 112 112 112 113 113 113 113 114 114 115 115 117 118 118 119 119 121 122 124 126 126 xix xx Contents Chapter System Startup and Shutdown Examining the Boot Process 127 128 The Boot Loader Using GRUB during Boot The Kernel The /sbin/init Program 128 130 132 133 Exploring Runlevels 136 Changing the System Runlevel Chapter 136 Starting Programs at System Boot Shutting Down the System GRUB Configuration File Summary 137 138 139 140 The File System Explained Understanding the File System Structure 141 141 The / Directory Working with Linux-Supported File Systems 143 144 ext3 ext2 reiserfs SystemV ufs FAT NTFS IBM JFS SGI XFS Nonstandard Linux File Systems FREEVxFS GFS 145 146 146 147 147 147 147 147 148 148 148 148 Memory and Virtual File Systems 149 cramfs tmpfs ramfs romfs proc Proc Software Information Proc Hardware Information /dev/pts devfs sysfs 149 149 150 150 150 150 152 154 154 155 Linux Disk Management Disk Partitioning on an x86 Machine Mounting Other OS Partitions/Slices Metadevices Logical Volumes RAID Summary 155 155 155 156 156 160 161 Contents Chapter Examining the System Configuration Files Examining the System Configuration Files Systemwide Shell Configuration Scripts Shell Config Scripts: bashrc, csh.cshrc, zshrc bash, tcsh, zsh, and Their Config File Read Orders System Environmental Settings /etc/motd issue issue.net aliases fstab grub.conf cron files syslog.conf ld.so.conf logrotate.conf Examining the /etc/sysconfig/ Directory /etc/sysconfig/apmd /etc/sysconfig/authconfig /etc/sysconfig/clock /etc/sysconfig/crond /etc/sysconfig/desktop /etc/sysconfig/firstboot /etc/sysconfig/grub /etc/sysconfig/harddisks /etc/sysconfig/hwconf /etc/sysconfig/i18n /etc/sysconfig/init /etc/sysconfig/iptables /etc/sysconfig/irda /etc/sysconfig/kernel /etc/sysconfig/keyboard /etc/sysconfig/kudzu /etc/sysconfig/mouse /etc/sysconfig/named /etc/sysconfig/netdump /etc/sysconfig/network /etc/sysconfig/ntpd /etc/sysconfig/pcmcia /etc/sysconfig/selinux /etc/sysconfig/system-config-users /etc/sysconfig/system-logviewer /etc/sysconfig/samba /etc/sysconfig/sendmail /etc/sysconfig/vncservers /etc/sysconfig/xinetd 163 164 164 165 167 168 168 168 168 169 169 170 171 172 174 174 175 176 177 177 178 178 178 178 178 179 179 179 180 181 181 181 182 182 183 183 184 184 184 185 185 185 186 186 186 187 xxi xxii Contents Directories in the /etc/sysconfig/ Directory apm-scripts daemons networking network-scripts rhn 187 187 187 187 188 188 Examining the Network Configuration Files 188 Files to Change When Setting Up a System or Moving the System Setting Up the IP Address Setting Up the Hostname Setting Up the DNS Name Resolution Making a Local File of Hostname to IP Address Mappings Setting Up Name Service Resolution Order Starting Up Network Services from xinetd Starting Up Network Services from the rc Scripts Other Important Network Configuration Files in the /etc/sysconfig Directory static-routes Iptables Network Configuration Files in /etc/sysconfig/network-scripts ifcfg-networkinterfacename ifup and ifdown Managing the init Scripts Managing rc Scripts by Hand Managing rc Scripts Using chkconfig Summary 188 189 190 190 191 192 193 194 195 195 195 196 196 196 196 198 200 202 Part Two Network Services 203 Chapter Managing the X Window System Configuring the X Server with the X Configuration Tool 205 205 Changing the Display Resolution Changing the Display Color Depth Changing Monitor Type Settings Changing Your Video Card Type Configuring Dual Monitors Manually Configuring Your X Server The X Server Configuration File Summary Chapter 10 Configuring Printers Configuring Printers with the Printer Configuration Tool Configuring the Print Queue Selecting the Print Driver 206 207 207 208 209 210 210 215 217 217 219 224 Contents xxiii Editing the Printer Configuration Deleting a Printer Setting the Default Printer Managing Print Jobs Summary Chapter 11 TCP/IP Networking TCP/IP Explained Understanding Network Classes Setting Up a Network Interface Card (NIC) Configuring the Network Card Configuring an Internal Network Understanding Subnetting Interpreting IP Numbers Before You Subnet Your Network Classless InterDomain Routing Working with Gateways and Routers Configuring Dynamic Host Configuration Protocol Setting Up the Server Configuring the DHCP Client Configuring the Network Using the Network Configuration Tool Adding an Ethernet Device Adding a Wireless NIC Adding a Modem Connection 225 227 227 227 228 229 229 231 233 234 235 238 240 241 244 246 247 248 250 250 251 254 256 Editing Your Network Configuration 259 Removing a NIC Changing the NIC Configuration Managing DNS Settings Managing Hosts Working with Profiles Configuring IP Masquerading 259 260 261 261 262 263 Summary Chapter 12 The Network File System NFS Overview Understanding NFS What’s New with NFSv4? NFS Advantages and Disadvantages Planning an NFS Installation Configuring an NFS Server NFS Server Configuration and Status Files NFS Server Daemons NFS Server Scripts and Commands Using Secure NFS Example NFS Server Using the NFS Server Configuration Tool 263 265 265 266 268 269 271 273 274 283 285 290 290 292 xxiv Contents Configuring an NFS Client Configuring an NFSv4 Client Example NFS Client Using Automount Services Examining NFS Security General NFS Security Issues Server Security Considerations Client Security Considerations Summary Chapter 13 The Network Information System Understanding NIS Planning an NIS Installation Configuring an NIS Server Key Files and Commands Starting the NIS Password Daemon Starting the Server Transfer Daemon Starting the NIS Servers at Boot Time Configuring an Example NIS Server Configuring an NIS Client Setting the NIS Domain Name Configuring and Starting the Client Daemon Configuring the Client Startup Files NIS Client Commands Configuring an Example NIS Client Using NIS and NFS Together Summary Chapter 14 Connecting to Microsoft and Novell Networks Installing Samba Configuring the Samba Server [global] [homes] [printers] 296 299 300 301 305 305 306 307 308 309 309 311 315 315 321 321 322 324 326 326 326 331 331 333 334 337 339 340 341 342 343 344 Creating Samba Users Starting the Samba Server Connecting to a Samba Client Connecting from a Windows PC to the Samba Server Connecting to Novell Networks Summary 344 345 345 Chapter 15 Configuring a Database Server Linux Database Servers Using MySQL 351 351 353 Securing the MySQL Installation Using the MySQL Client Programs 347 348 350 355 359 Contents Using PostgreSQL Verifying the PostgreSQL Installation Finalizing the PostgreSQL Installation Initializing the Installation Modifying Access Privileges Creating a Test Database Testing Connectivity to the Test Database Using the PostgreSQL Client Programs Summary Chapter 16 Creating a VNC Server What Is VNC? Setting Up a VNC Server Configuring Your Firewall for VNC Customizing the VNC Server Testing the VNC Summary Chapter 17 Providing Additional Network Services Configuring a Time Server Selecting a Time Server Solution Configuring the Time Server Selecting Reference Clocks Configuring an NTP Client Playing Nicely and Wisely with NTP Providing a Caching Proxy Server Verifying the Kernel Configuration Configuring Squid Modifying Netfilter Starting Squid Testing the Configuration Summary 362 365 366 366 368 372 374 375 379 381 381 383 384 386 388 392 393 394 395 396 397 401 405 406 408 409 411 412 412 414 Chapter 18 Optimizing Network Services Optimizing the X Window System Optimizing NFS Optimizing NIS Optimizing Samba Networking Getting More from a Database Server Summary 415 416 418 423 423 424 425 Part Three Internet Services 427 Chapter 19 What Are Internet Services? Learning about Secure Services 429 430 SSH scp sftp 430 431 433 xxv xxvi Contents Less Secure Services Telnet FTP rsync rsh rlogin finger talk and ntalk Using Your Linux Machine as a Server HTTP sshd ftpd DNS Configuring the xinetd Server Comparing xinetd and Standalone xinetd-Started Services Standalone Services Configuring Linux Firewall Packages Summary Chapter 20 Configuring BIND: The Domain Name System Understanding DNS Installing the Software Understanding Types of Domain Servers Examining Server Configuration Files The named.conf file Options Include Acl Logging server zones Zone Files SOA — Start of Authority The Reverse Zone File Configuring a Caching DNS Server Configuring a Secondary Master DNS Server Configuring a Primary Master Server Checking Your Configuration The Host Program The dig Program Summary Chapter 21 Configuring Mail Services Email Explained Tracing the Email Delivery Process Mail User Agent (MUA) 434 434 434 435 435 435 435 435 436 436 436 436 437 437 439 439 440 441 441 443 443 446 447 449 450 451 454 455 455 457 457 458 459 460 461 462 462 464 464 465 466 467 467 468 468 Contents xxvii Mail Transfer Agent (MTA) Mail Delivery Agent (MDA) Introducing SMTP Understanding POP3 Understanding IMAP4 Configuring Sendmail Configuring Sendmail The m4 Macro Processor Understanding and Managing the Mail Queue Setting Up Aliases to Make Life Easier Using Other Sendmail Files and Commands Using the Postfix Mail Server Switching to Postfix Configuring Postfix Running Postfix behind a Firewall or Gateway Running Postfix on a Mail Host Serving Email with POP3 and IMAP Setting up an IMAP Server Configuring Dovecot Testing Cyrus Maintaining Email Security Protecting against Eavesdropping Using Encryption Using a Firewall Don’t Get Bombed, Spammed, or Spoofed Be Careful with SMTP Summary Chapter 22 Configuring FTP Services Introducing vsftpd Configuring vsftpd 469 469 470 471 471 472 474 475 476 476 478 479 479 480 482 483 484 485 485 486 486 487 487 487 488 488 489 491 492 493 Configuring User Level FTP Access Configuring vsftpd Features Disabling Anonymous FTP 496 497 501 Advanced FTP Server Configuration 502 Running vsftpd from xinetd Enabling Anonymous Uploads Enabling Guest User FTP Accounts Running vsftpd over SSL 502 503 504 507 Using SFTP Summary Chapter 23 Configuring a Web Server Introducing Apache Apache Features Changes in Apache How Web Servers Work 509 510 511 511 512 516 517 .. .Red Hat? ? Linux? ? Networking and System Administration Third Edition Terry Collings and Kurt Wall ® ® Red Hat Linux Networking and System Administration Third Edition Red Hat? ? Linux? ? Networking. .. for the following books: KDE Bible, The Samba Book, Unix Weekend Crash Course, Red Hat Linux For Dummies, Solaris For Dummies, Fedora Linux For Dummies, and Linux Timesaving Techniques For Dummies... covered is the Red Hat Network, a subscription service available with Red Hat Enterprise Linux that you can use to keep your system current You can register your systems with Red Hat and then receive