Index [ptgmedia.pearsoncmg.com]ptgmedia.pearsoncmg.com/images/0131480049/index/Nemeth... · 2009. 6. 9. · 973 Index We have alphabetized files under their last components. And in

973

Index

We have alphabetized files under their last components. And in most cases, only the last com-ponent is listed. For example, to find index entries relating to the /etc/passwd file, look under passwd. Our friendly Linux distributors have forced our hand by hiding standard files in new and inventive directories on each system.

A

A DNS records 396, 407A6 DNS records 404AAAA DNS records 404Abell, Vic 74access agents, email 533access control lists see ACLsaccess database, sendmail 589,

591–594accounts see user accountsACLs, DNS 429–430, 451–453ACLs, filesystem 88–92, 833ACLs, firewall 701–708Adams, Rick 320address match lists, BIND 422Address Resolution Protocol (ARP)

275, 296–297, 315addresses, email 95, 535addresses, Ethernet (aka MAC) 280,

292addresses, IP see IP addressesaddresses, SCSI 117adjtimex system call 903ADSM/TSM backup system 197agetty process 855–858aio daemon 894air conditioning 796–798AirPort 360AIT backup tapes 166Albitz, Paul 423

aliases file 106, 545–551aliases, email 544–551

see also emailsee also sendmailabuse 548, 594distribution 156examples 548file format 545global 95hashed database 551loops 546, 550and mailing lists 551–554for new users 95postmaster 545root 548

aliases.db file 551alien 235Allman, Eric 209, 530, 558, 566, 595allow-recursion option, DNS 425allow-update clause, DNS 433, 450always_add_domain feature,

sendmail 575Amanda backup system 197amavisd email virus filter 637amd 895American Power Conversion (APC)

799American Registry for Internet

Numbers (ARIN) 288–289, 293, 371

Amstadt, Bob 825Anaconda 226

anacron 156, 887Analog Apache log analyzer 727Anderson, Paul 261anonymous FTP see FTPAnvin, H. Peter 225Apache see web hostingApache Software Foundation 12,

724/etc/apache2 directory 724APC (American Power Conversion)

799APNIC (Asia-Pacific Network Infor-

mation Center) 383appropriate use policies (AUPs) 954APT, software tool 241–246apt-ftparchive 244apt-get 241–246apt-proxy 244ARIN (American Registry for Inter-

net Numbers) 288–289, 293, 371ARK language 262Armstrong, Jason 620ARP (Address Resolution Protocol)

275, 296–297, 315arp command 296ARPANET 272Arusha Project 261Asia-Pacific Network Information

Center (APNIC) 383at 887AT&T Bell Labs 5ata daemon 894

USAH.book Page 973 Thursday, October 5, 2006 2:46 AM

974 Linux Administration Handbook

ATA/ATAPI interface see IDEATAPI CD-ROM device names 873atd 887Athena, Project 741Atkins, Todd 220ATM networks 362–363auth.log file 206authors, contacting xxxvi/etc/auto.master file 497–498autofs script 497automount daemon 497–499, 895automounters

amd 895automount 497–499, 895configuration 498–500NFS and 497–500Windows 834

autonomous systems 340AutoYaST 230AUUG group 965avoid-v4-udp-ports option, DNS

427AWStats Apache log analyzer 727

B

backspace vs. delete keys 859backup software and systems

see also backupssee also BaculaADSM/TSM 197Amanda 197Bacula 179–196commercial systems 197–198cpio 178dd 178dump/restore 169–176tar 177–178Veritas 198

backups 158–198see also backup software and

systemssee also Baculasee also media, backupcompression 164of a damaged disk 133designing data for 163disaster planning 939filesystem size 161fitting on media 160full restore 175–176hints 159–163

backups continuedincremental 170interval between 159off-site storage 161programs 177–197to removable disks 165restoring 173–177, 939schedules 171–173security 161, 686setting up 169–176for ugprades 176–177when to make 162for Windows 197

Bacula 179–196see also Bacula configuration

filesarchitecture 180client file daemon 188daemons, starting 189installation 181–182manual backup 190–192media pools 190restoring files 192–195troubleshooting 195–196

Bacula configuration files 182–189see also Bacula/etc/bacula directory 182/etc/bacula-dir.conf file 183–

187/etc/bacula/bacula-fd.conf file

189bacula-sd.conf file 187bconsole.conf file 188

bad blocks, disk 123Bailey, Mick 885Baretta, Anne 860bash shell 4, 32, 98.bash_profile file 105.bashrc file 105Bastille Linux 710baud rate 863BCP documents 275Beowulf clusters 964Bergen Linux User Group 961Berkeley DB library 169, 253–254,

551, 560, 577, 628Berkeley Internet Name Domain

system see BINDBerkeley UNIX 5BGP routing protocol 339bidirectional modems 864/bin directory 75

BINDsee also DNSsee also name serverssee also namedACLs 451–453address match lists 422client configuration 418–420components 411configuration 420–446configuration examples 439–

446configuration files 421–423debugging 466–478distribution-specific informa-

tion 478–481DNSSEC 387, 456–463.key DNSSEC key file 454dnssec-keygen 454, 458dnssec-signzone 460–461doc (domain obscenity control)

476–478documentation 481–482forwarding zone, configuring

436hardware requirements 421incremental zone transfers 388,

429, 447ISC configuration example 444keys, generating 458KSK (key signing key) 458, 460localhost zone configuration ex-

ample 439logging 411, 432, 446, 466–471loopback address 437master server, configuring 433/etc/named directory 424/etc/named.conf file 421–446,

450–451, 470, 480–481named-checkconf 421, 455, 478named-checkzone 421, 478nanny script 446notification options 424nsupdate 449performance 478.private DNSSEC key file 454query forwarding 427/etc/resolv.conf file 418–420resolver testing 420rndc 436–438, 447, 471–473/etc/rndc.conf file 437/etc/rndc.key file 437rndc-confgen 437root server hints 435root.cache file 435


Index 975

BIND continuedsecurity 417, 424, 451–464shell interfaces see dig and

nslookupsigned zones, creating 458slave server, configuring 434split DNS 438–439, 441–444statistics 473stub zones, configuring 434/etc/syslog.conf file 466updating zone files 447–450versions 410–411zone transfers 413, 425, 447–448

BIOSes 25–26bootstrapping and IDE 113on SCSI cards 134

black hole lists, spam 598, 635blackhole option, DNS 428Blandy, Jim 253block device files 77, 79, 871blocking factor, tape 177bogus directive, DNS 431/boot directory 75boot loaders 23, 26–31, 124, 138

GRUB 26–28, 30, 32LILO 28–29, 31–32multibooting 30

boot.log file 207boot.msg file 206BOOTP protocol 312/etc/bootparams file 899bootstrapping 21–25

automatic vs. manual 22device probing 23directly to bash 37filesystem checking 132fsck and 25kernel initialization 23kernel options 29kernel threads 23mounting NFS filesystems 495multibooting 30–31options 883PC-specific issues 25single-user mode 22, 24–25, 31–

33startup scripts 32–40/etc/sysconfig directory 37–38

breakout boxes 865broadcast addresses 281broadcast domain 352broadcast storms 301, 357browsers, web 720BSD (Berkeley UNIX) 6

BSD FFS filesystem 120BugTraq 713Burgess, Mark 260bus errors 58BUS signal 58butt blocks (RJ-45 connectors) 851byte swapping 178

C

CA (Certificate Authority) 731cable modems 365cables

see also connectors10*Base* 352–355Category * 352–355, 366DB-9 to DB-25 848Ethernet 278, 353–355IDE 114labeling 370, 934mini DIN-8 to DB-25 848modem 846null modem 846–847RJ-45 to DB-25 850SATA 114SCSI 115–117serial, length limits 853STP 844straight-through 846UTP 844Yost RJ-45 standard 850–852

Cacti performance monitoring tool 664

CAIDA (Cooperative Association for Internet Data Analysis) 291, 402

Card, Rémy 120ccTLDs 379cdebconf 231cdebootstrap 231CentOS 7Cerf, Vint 273CERT 712Certificate Authority (CA) 731Certificate Signing Request (CSR)

731Certified Information Systems Au-

ditor (CISA) 675cf/cf directory, sendmail 568cfengine 260CGI scripting 722chage password aging program 680ChaosNet 390

Chapman, Brent 552character device files 77, 79, 871chat 325chat scripts, PPP 323, 326–328Chatsworth Products 799chattr 87checklists, system administration

943checksendmail 617chfn 98chgrp 86chkconfig 36, 39, 520chmod 81, 84–86, 89chown 86chroot

for FTP 735for named 451, 453for Postfix 625for sendmail 607

chsh 98–99ci, RCS check in 249–250CIA triad 673CIDR (Classless Inter-Domain

Routing) 283, 286–288CIFS see SambaCIM (Common Information Mod-

ule) system configuration 262CISA (Certified Information Sys-

tems Auditor) 675Cisco routers 346–348, 701, 714CiscoWorks 667CISSP (Certified Information Sys-

tems Security Professional) 674clocks, synchronization 902clone system call 56closelog routine 218–220CNAME DNS records 399co, RCS check out 249, 251COBIT (Control Objectives for In-

formation and related Technolo-gy) 960

commands, finding 15commands, scheduling 150–157Computer Systems Research Group

(CSRG) 5concentrators see Ethernet, hubsconfCOPY_ERRORS_TO option,

sendmail 569.config file for kernel 877–878configuration files

copying 505–511pulling 510pushing 505–510sharing 502–526



ConnectionRateThrottle option, sendmail 608

connectorssee also cables 843DB-25 844–847DB-9 848IDE 113mini DIN-8 847RJ-45 849RS-232 to USB adapters 865SCSI 115–117

console emulators 859/dev/console file 218console, logging to 218CONT signal 58, 61, 68contacting the authors xxxvicontrol characters

in filenames 77and the terminal driver 859–861

control terminal 56controls statement, DNS 436–438conventions used in this book 9–10cookies, NFS 486cooling systems 940Cooper, Mendel 11Cooperative Association for Inter-

net Data Analysis (CAIDA) 402copyright issues 950Corbet, Jonathan 325core files 154Council of European National Top-

level Domain Registries 383country code top-level domains 379cpio 178CPIP 961CPU

load averages 808statistics 808usage, analyzing 806–809, 813

cracklib 682cron daemon 150–156, 887

common uses 154–156configuration (crontab) files

151–153, 887logs 151management 153skipped commands 156to automate logging 201

/etc/cron.allow file 153/etc/cron.deny file 153crond see cron daemoncrontab command 153crontab files 151–153, 887crypt library routine 679

Crypto-Gram newsletter 713cryptography

DES algorithm 679Diffie-Hellman key exchange

456, 679in DNS 387, 453–463IPsec 709in LDAP 526legal issues 949MD5 algorithm 96, 454password encryption 94, 96,

542, 830public key 456in sendmail 603–610SSL 730

.cshrc file 105CSLIP protocol 320CSMA/CD (Ethernet) 351CSR (Certificate Signing Request)

731CSRG (Computer Systems Research

Group) 5ctime file attribute 83CTS (clear to send) signal 853cu 864CUPS 767–790, 894

administration 772–780architecture 767–772command line utilities 779comparison to ATT/BSD print-

ing 779compatibility commands 778configuration examples 775documentation 780filters 771–772HTTP and 769logging 781network printing 768PPD printer description files

770–771print queues 767printer autoconfiguration 774printer classes 775printing a document 767removing a printer 776startup scripts 773, 780troubleshooting 780–782

/etc/cups directory 772cupsd daemon 768, 780/etc/cups/cupsd.conf file 768, 773,

781cupsdconf 773CVS 251–253Cygwin X server tools 823, 827

cylinders, disk 120cyrus mailer 573

D

daemonssee also individual daemon

namesbooting 898configuration 898email 897kernel 893network 900–901NFS 895–896printing 894remote command execution 898remote login 898Samba 895–896sendmail queue runner 613

damaged filesystems 133DARPA (Defense Advanced Re-

search Project Agency) 272, 712data center

cooling 797power 798racks 799standards 800temperature monitoring 798tool box 800wiring tracks 799

data compression, modems 864databases

see also MySQLadministrative 504, 511DNS 378, 389–409Foomatic printer database 771,

782NIS 511–512sendmail 577–578, 591–594of supported USB devices 784

datasize option, DNS 426date 203Dawson, Terry 12DB-25 connectors 844–847DB-9 connectors 848dbm/ndbm library 577DCD (data carrier detect) signal

852–853DCE (Data Communications Equip-

ment) interface 845–847dd 133, 178DDS/DAT tapes 166.deb software package format 235


Index 977

Debian network configuration 310debian-installer 231debugging see troubleshootingDEC VT100 terminal 858DeCSS 950default route 305, 329, 336DEFAULT_HOME variable in log-

in.defs 98DefaultUser option, sendmail 547,

603DELAY_LA option, sendmail 608,

613delegation-only option, DNS 429delete vs. backspace keys 859delivery agents, email 532denial of service (DOS) attacks 213,

397, 511, 608, 817Deraison, Renaud 690DES encryption 679desktop environments 757–759/dev directory 75, 79, 870–872device drivers 79, 868–870

adding to kernel 878–880device awareness 880device numbers 870–872hot-plugging 882–883loadable modules 880–882MODULE_DEVICE_TABLE

macro 880for PC hardware 870printer 765serial 872terminal and control characters

859–861Windows printer 838–839

device files 79attributes 84block vs. character 871creating 871for disks 122major/minor device numbers

870–872MAKEDEV script 79, 872names 872–873security 684for serial ports 853–855, 872for tape drives 171, 873udev 79

devices, pseudo 871df 127, 494DFS (Distributed File System, Win-

dows) 834

DHCP (Dynamic Host Configura-tion Protocol) 311–314

backward compatibility 312BIND and 449client configuration 314daemon 899duplicate addresses 314server configuration 313–314

dhcp.leases file 313–314dhcpcd daemon 313–314dhcpd daemon 899/etc/dhcpd.conf file 313–314dial-in modems 855dial-out programs 864dial-up networks see PPP protocolDiffie-Hellman key exchange 456,

679dig 408, 410, 435, 452, 473–476Digital Millennium Copyright Act

(DMCA) 950directed broadcasts, network 317directories 76–78directories, copying 177directory indexes 611directory statement, DNS 424disaster

planning for 163, 939power supplies 940recovery 710–712, 938–943

diskless clients 232–234, 898disks

see also LVM, RAID, SATA, IDE, and SCSI

as backup media 168boot loaders 124checking 131–133connecting 122device files for 122displaying free space 127failure and RAID 139Fibre Channel 112formatting 123geometry 119–120hot-swappable 112, 116, 145I/O analysis 813–815IDE 112–114, 118, 130installing 122–129, 133–138interfaces 111–119labels 124–125LBA (Logical Block Addressing)

112load balancing 805, 814

disks continuedpartitions 124–125, 134–136PATA see IDEperformance 806–816performance tuning 130quotas 486RAID 805RAM 815reallocating storage space 146removable 165SCSI 112, 114–118Serial ATA see SATAswap space 812, 814testing 123tracks and sectors 120USB 112, 147–148, 165

DISPLAY variable 744, 748displays (monitors) 794distance-vector routing protocols

338Distfile 506–508Distributed Management Task

Force (DMTF) 262distributions, Linux 6–9, 962

logos 10popularity 962

DIX Ethernet II 278DMA, tuning 130DMCA (Digital Millennium Copy-

right Act) 950dmesg command 206dmesg file 206DMTF (Distributed Management

Task Force) 262DNAME DNS records 404DNS 377–386

see also BINDsee also domain names, DNSsee also name serverssee also resource records, DNSsee also zones, DNSadding a new machine 374–375anycast routing 424architecture 415–418asynchronous notification of

zone changes 388authoritative servers 413, 416caching 384–386caching servers 413, 417use with CIDR 400–401client configuration 306CNAME hack 400–401



DNS continuedcountry code top-level domains

379cryptography in 387, 453–463database 378, 389–409delegation 383denial of service (DOS) attacks

397design 415–418doc (domain obscenity control)

476–478domain names see domain

names, DNSdynamic updates 312, 448–450EDNS0 protocol 389efficiency 384–386forward mapping 378, 382forward zone files 378fully qualified domain names

381gTLDs (generic top-level do-

mains) 378–379history 375implementations 376–377in-addr.arpa domain 396internationalization 388IP addresses 374–375, 396–397ip6.arpa for reverse IPv6 map-

pings 404IPv6 support 404–405ISP domain resgistration 381lame delegations 469, 475–476load balancing 385lookups, sendmail 576master name server 413Microsoft and 464–466namespace 378, 381, 415negative answers 463negative caching 385nonauthoritative servers 413nonrecursive servers 413protocol 376, 386public key cryptography 456Punycode 388query recursion 425record types 391recursive servers 413referrals 414resolver configuration 418–420resolver library 414resolver testing 420resource records see resource

records, DNS

DNS continuedreverse mapping 378, 382, 396–

397, 405, 444reverse zone files 378RFCs 375–376, 482root servers configuration file

383round-robin 723security 417, 424, 451–464server architecture 418server hints 414service switch file 306–307setup 415–418slave server 413SOA record serial number 393SOA record shell interfaces 415SOA record timeout values 393spam, eliminating 403SPF (Sender Policy Framework)

pseudo-records 403split DNS 438stub servers 413stub zones 408–409subdomains 383TKEY 453–456top-level domains 378–379, 381traceroute and 649TSIG (transaction signatures)

444, 453–456TTL harmonization 390us domain 380VeriSign Site Finder tool 429ZSK (zone-signing keys) 458

DNSKEY DNS records 457–458DNSSEC 387, 456–463dnssec-keygen 454, 458dnssec-signzone 460–461doc (domain obscenity control),

DNS 476–478documentation

Linux 11–14local 17, 930–934sources 11–13user 934

Doering, Gert 856domain directive, DNS 420DOMAIN macro, sendmail 572domain names, DNS 378–383

case sensitivity 380fully qualified 381hierarchy 378in-addr.arpa domain 396internationalization 388registration 371, 383

domain names, DNS continuedrules 378–383second-level 383selecting 382squatting 380subdomains 383syntax 380top-level 378, 381trailing dot in 381

domainname 520domains, setting up NIS 517–520DontBlameSendmail option 603,

605DOS (denial of service) attacks 397,

511, 608, 817dot files 105–106DoubleClick.net 951dpkg 237drivers directory, kernel source tree

879drivers see device driversDS DNS records 458, 460DSL networks 364–365DSR (data set ready) signal 852–853DTE (Data Terminal Equipment)

interface 845–847DTR (data terminal ready) signal

853dual booting 30–31, 826dump 123, 169–173/etc/dumpdates file 170dumps see backupsduplex, setting interface see mii-

toolDVD Copy Control Association 950DVMRP protocol 343

E

e2label 127ECN TCP option 307EDITOR environment variable 103EFF (Electronic Frontier Founda-

tion) 958, 969effective user IDs (EUIDs) 55EIGRP protocol 339, 342.emacs file 105email

see also MX DNS recordssee also Postfixsee also sendmailaccess agents 533addresses 95, 535


Index 979

email continuedaliases see aliases, emailarchitecture 539–544backup servers, ISP 541blacklists 594–595bounced messages 569clients 532components 530–534daemons 897delivery agents 532delivery status codes 593denial of service (DOS) attacks

608envelope 534Exim 621–623fallback MX 614forgery 608–609forwarding 549–550headers 535–539home mailbox 106, 542IMAP protocol 533, 543loops 546, 550mailing lists 551–554message stores 533message structure 534–535POP protocol 533, 543privacy 610proxies 540queue directory 563–565relaying 589–591SASL 610security 547, 603–610server setup 540–541, 614spam see spamsubmission agents (MSA) 533–

534system administration tasks 530system components 530–534system design 539–544to a disabled account 108to files 547to programs 547transport agents 532undeliverable messages 613user agents 531

emergency see disasterencryption see cryptographyEngarde Linux 710enscript 778, 780environmental monitoring 798equipment racks 799error correction protocols 863–864ESMTP protocol 532/etc directory 75

Ethernet 351–359addresses 280autonegotiation 302broadcast domain 352cables 278, 353–355collisions 352, 649–650congestion 356–357, 369design issues 368–370DIX II 278evolution 352frames see packetsframing standards 277hardware addresses 280, 292hubs/concentrators 356packet encapsulation 276–277routers 358–359speed 352speed, setting 303switches 353, 356–358topology 352troubleshooting 366UTP cables 353–355, 366

EUIDs (effective user IDs) 55EULAs (End User License Agree-

ments) 953EUROPEN 965event correlation 221events daemon 894exec system call 56executable maps, NFS automounter

499Exim mail system 621–623expect 104, 348EXPN command 588exportfs 52, 491/etc/exports file 489–491EXPOSED_USER macro, sendmail

581, 584ext2fs filesystems 87, 120ext3fs filesystems 87, 120, 125

F

FAI 231fallback MX, email 614FAT filesystems 120fax mailer 573FC-AL (Fibre Channel Arbitrated

Loop) 112fcntl system call 486fcron 157FDDI networks 361–362fdisk 134–136, 140–141

FEATURE macro, sendmail 574–585

Fedora network configuration 308FHS (Filesystem Hierarchy Stan-

dard) 75Fibre Channel 112file attributes 81–88

ACLs 88–92change time 83changing 81, 84–86chattr 87on device files 84directory search bit 82displaying using ls 81–84group ID number 83inode number 84link count 83lsattr 87permission bits 81, 684setuid/setgid bits 45, 82–83sticky bit 82–83supplemental 87symbolic links 80user ID number 83

file statement, DNS 434filenames

control characters in 77encoding under Samba 830length restrictions 72pattern matching 10, 77quoting 72removing sneaky 77–78shell globbing 10, 77spaces in 72

filessee also configuration filessee also device filessee also file attributessee also filenamesblock device 77character device 77deleting 77device 122directory 77–78hard links 78links vs. original files 78local domain sockets 77, 80modes see file attributesnamed pipes 77, 80NFS locking 486ownership of 44–46permissions 81, 684regular 77–78removing temporary 154



files continuedservers, dedicated NFS 496servers, system files 510sharing with Samba 833symbolic links 77, 80types of 76–81

Filesystem Hierarchy Standard (FHS) 75

filesystems 70–71see also partitionsautomatic mounting 127backing up 160BSD FFS 120checking and repairing 25, 128,

131–133, 137cleaning using cron 154–155converting ext2fs to ext3fs 121copying 178creating 125–126, 136–138damaged 131–133disabling setuid execution 684enabling ACLs 88exporting NFS 489–492ext2fs 87, 120, 125ext3fs 87, 120FAT 120fuser 74inodes 126journaling 121labels 127Linux 120–122load balancing 805, 814loopback 73lost+found directories 127, 133lsof 74mounting 73–74, 126–129, 835mounting at boot time, NFS 495naming conventions, NFS 487organization 75patching 133quotas 486reinitializing 69ReiserFS 121root 24, 32, 75, 124sizing for backups 161smbfs 835superblocks 126sysfs 872, 882unmounting 73

filters, CUPS 771–772find 72, 155finger 98FireWall-1 318

firewalls 701–708host-based 318ICMP blocking 645, 647–648Linux IP tables 704–708Netfilter 704–708packet-filtering 701–702proxy 703stateful 703–704traceroute and 648

flock system call 486flow control, serial line 852–853Fogel, Karl 253Foomatic database 771, 782fork system call 56formatting disks 123.forward file, email 549–550, 605forward mapping, DNS 382forwarders option, DNS 427ForwardPath variable, sendmail

549fragmentation, IP 279frame relay networks 363frames see packetsframing standards, Ethernet 277Frampton, Steve 12free 811Free Software Foundation (FSF) 965free space, displaying 127Free Standards Group 959fsck 25, 128, 131–133, 137/etc/fstab file 127–129, 132, 137,

495, 497, 836FSUID process parameter 55FTP

chrooted 735through firewalls 702–703and HTTP, compared 735permissions 736security 684, 736server setup 734–736

ftp 900ftpd daemon 735, 900/etc/ftpusers file 736fully qualified hostnames 381, 396functions script 208fuser 74FYI documents 275

G

gated routing daemon 344, 901/etc/gateways file 344GDI printers 783

gdm 743GECOS information 98Geer, Dan 161$GENERATE directive, DNS 401,

406generic top-level domains 379genericstable feature, sendmail

579getfacl 89gethostbyname routine 414, 516gethostent routine 819getty process 25, 855–858gettydefs file 858Ghostscript 780Ghostview 785GIAC (Global Information Assur-

ance Certification) 675GIDs see group IDsglobbing, shell 10, 77GNOME 758–759

see also X Window SystemGNU

Free Software Foundation (FSF) 965

Openwall GNU/*/Linux (Owl) 710

Public License (GPL) 962Stow 266Zebra routing package 344

greet_pause feature, sendmail 597greylisting for spam 636/etc/group file 101–102

defining groups 45, 97editing 104for FTP servers 735permissions 684

group IDssee also /etc/group fileglobally unique 102kernel and 104in ls output 83mapping to names 45numbers 45real, effective, and saved 45saved 55

groupssee also /etc/group filedefault 97effective 55file attribute 83numbers (GIDs) 45passwords for 101of a process 55

grub 138


Index 981

GRUB boot loader 26–28multiboot configuration 30options 883single-user mode 32

grub.conf file 27, 30, 883grub-install 27/etc/gshadow file 102guest user accounts 944Gutenprint project 771gv 785

H

hald 899halt 42halting the system 40–42Hamilton, Bruce 14hard carrier 852hard disks see diskshard links 78hardened Linux 710hardware

see also diskssee also Ethernetsee also maintenancesee also networkssee also PC hardwareair conditioning 796–798BIND requirements 421computer displays 794cooling systems 940decommissioning 791environment 796–798equipment racks 799hubs 356kernel adaptation 869labeling 933logs 791memory 23, 794–795, 804power supplies 798probing 23purchasing 782–787, 916–917routers 358–359static electricity 793switches 353, 356–358, 360temperature monitoring 798tools 800USB see USBwarranties 793wiring 366–368, 934

Hayes command language 864Hazel, Philip 621hdparm 129–131

header checking, sendmail 595–596

Hesiod 390home directories 75

creating 105location 75logging in to 98missing 98removing 107

/home partition 125host 474/etc/host.conf file 307hostname command 299/etc/hostname file 310hostnames

fully qualified 396mapping to IP addresses 281,

298/etc/hosts file 281, 298–299, 420/etc/hosts.allow file 691–692/etc/hosts.deny file 691–692/etc/hosts.equiv file 685, 898hot-plugging kernel modules 882–

883hot-swappable drives 112, 116, 145Hotz, Steve 473HPAGE_SIZE kernel parameter 809HTTP

CUPS and 769protocol 720–722server see web hosting

httpd see web hostinghttpd.conf file 726–732hubs, Ethernet 356HUP signal 58–59hwconf file 37HylaFAX 573

I

I/O schedulers 815–816ICANN (Internet Corporation for

Assigned Names and Numbers) 273, 289, 371, 383

ICMP 275firewall blocking 645, 647–648netstat output 653packets 707ping and 645redirects 295, 317sequence numbers 646tracroute and 648TTL and 647

IDE 112–114accessing more than 1024 cylin-

ders 112altering disk parameters 129–

131device names 873DMA, tuning 130history 112–113performance tuning 130vs. SCSI 118

IDENT protocol 609IEEE 802.* standards 278, 352, 356,

358–359IETF (Internet Engineering Task

Force) 273ifconfig 299–302

adding routes using 304, 335PPP and 321subnet masks and 283virtual addresses and 728

ifdown 309, 311ifup 40, 309, 311, 327IGMP (Internet Group Management

Protocol) 281IGRP (Interior Gateway Routing

Protocol) 339, 342IIS web server 827IMAP (Internet Message Access

Protocol) 533, 543, 897imapd 897in.fingerd 901in.rlogind 898in.rshd 898in.telnetd 898in.tftpd 899in-addr.arpa domain 396$INCLUDE directive, DNS 406:include: directive, for email aliases

546include statement, DNS 423incremental backups 170indirect maps, NFS automounter

499inetd 885, 887–888, 890–893/etc/inetd.conf file 890–892init process 22–23, 56, 855–857,

886–887bootstrapping and 25logins and 886run levels and 33–36, 42, 886startup scripts and 32, 38, 40zombie processes and 56, 61

/etc/init.d directory 34–35, 38, 40initlog 207



/etc/inittab file 34, 855–857, 886inodes 84, 126insmod 880–882installation, Linux see Linux instal-

lationINT signal 58–59integrity monitoring 692/etc/interfaces file 311interfaces, network see networksInternational Organization for Stan-

dardization (ISO) 354Internet

dial-up connections see PPP protocol

Cache Protocol (ICP) 733Control Message Protocol see

ICMPCorporation for Assigned

Names and Numbers (ICANN) 289

Engineering Task Force (IETF) 273

governance 273–275history 272–274Network Information Center

(InterNIC) 288Official Protocol Standards 274protocol security (IPsec) 709protocol see IPregistries 289RFC series 274–275Society (ISOC) 273standards and documentation

274–275system administration resources

13Systems Consortium (ISC) 12,

312Worm 669

InterNIC (Internet Network Infor-mation Center) 288

intrusion detection, samhain 692–693

IOS (Cisco router OS) 346–348iostat 813IP 275

see also IP addressessee also IPv6see also routingdirected broadcast 317fragmentation 279masquerading see NAT

IP continuedpacket forwarding 303, 316source routing 317spoofing 317–318TOS (type-of-service) bits 330

IP addresses 279–293see also IPv6allocation 288–289broadcast 281CIDR (Classless Inter-Domain

Routing) 283, 286–288classes 282hostnames and 281, 298loopback interface 282, 294,

302, 397multicast 281–282netmasks 282–285ports 281PPP 322private 289–291, 409, 416, 438,

465shortage of 285–286subnetting 282–285unicast 292

ipcalc 284IPsec (Internet Protocol security)

709, 949iptables 319, 704–708IPv6 286, 291–293

DNS support 387, 404–405vs. CIDR 286

ISC (Internet Systems Consortium) 312, 376

ISDN networks 364IS-IS protocol 339, 343ISO (International Organization for

Standardization) 354ISO/IEC 17799 standard 675ISOC (Internet Society) 273ISPs

AOL 954domain registration 381IP address allocation 289–293

/etc/issue file 856ITIL (Information Technology In-

terface Library) 960

J

Jacobson, Van 273, 320, 329, 647, 656

JFS filesystem 122

jobs, scheduling 887John the Ripper 690journaling filesystems 121jukeboxes, tape media 167

K

kacpid daemon 894Kahn, Bob 273Kalt, Chrisophe 266kblockd daemon 894KDE 758–759

see also X Window SystemKonqueror 789Print Manager 773printing under 788–790

kdm 743Kerberos 464, 695–696kermit 864kernel 868–869

ARP cache 296boot time options 29, 883building 876–878.config file, customizing 877–

878configuration 873–874daemons 893device drivers 79, 868–870hot-plug blacklist 883hot-plugging modules 882–883HPAGE_SIZE 809initialization 23loadable modules 880–882location 75logging 206–208, 894network security variables 319options 874, 876–878panics 131, 133saved group IDs 55source tree 876–877, 879swappiness parameter 811threads 23TOS-based packet sorting 330tuning 314–316, 614, 874

kernel directory 877KEY DNS records 455, 458.key DNSSEC key file, DNS 454key statement, DNS 430keymap file, corrupted 37keys, generating BIND 458keys, SSH 697


Index 983

kghostview 788Kickstart 226–229kill 60, 818KILL signal 58–60killall 60, 203Kim, Gene 617Kirch, Olaf 12kjournald daemon 894klogd daemon 207, 894Knoppix 6, 232Kolstad, Rob 617Konqueror 789Kotsikonas, Anastasios 553kprinter 788–789Kristensen, Peter 266ks.cfg file 227–229ksoftirqd daemon 894kswapd daemon 810, 894Kudzu 37

L

lame delegations, DNS 469, 475–476

LAMP platform 719LANs 351

ATM 362Ethernet 351–359FDDI 361–362

lastlog file 206LBA (Logical Block Addressing)

112LCFG (large-scale configuration

system) 261LDAP (Lightweight Directory Ac-

cess Protocol) 520–526attribute names 522documentation 523–524OpenLDAP 523security 526setup 524–525structure of data 521use with sendmail 547, 555–

557, 580–581user IDs and 97uses of 522–523

ldap_routing feature, sendmail 556, 580–581

LDP (Linux Documentation Project) 11

leadership 907Leffler, Sam 573

legal issues 949–958appropriate use policies (AUPs)

954call records and web logs 952copyrights 950cryptography 949EULAs (End User License

Agreements) 953liability for data 954pornography 954privacy 951software licenses 955

Libes, Don 104licenses, software 955lilo 28–29, 31, 138LILO boot loader 28–29

configuring 883multiboot configuration 31single-user mode 32

/etc/lilo.conf file 28, 31, 883limit shell builtin 818link layer, networks 277–279links, hard 78–80, 83link-state routing protocols 339Linux

culture 961, 963distributions 6–9, 962documentation 11–14Documentation Project (LDP)

11history 5installation see Linux installa-

tionInternational (LI) 964mailing lists 967popularity 962Professional Institute (LPI) 964,

967resources 964–968security flaws 670standards 958–960Test Project 963vendor logos 10vs. UNIX 4

/usr/src/linux directory 876Linux installation 224–232

see also system administrationsee also system configurationautomating from a master sys-

tem 232automating with AutoYaST

230–231automating with cdebconf 231

Linux installation continuedautomating with cdebootstrap

231automating with debian-in-

staller 231automating with FAI 231automating with Kickstart 226–

229automating with system-con-

fig-kickstart 231ks.cfg file 227–229netbooting 224–226PXE protocol 225–226PXELINUX 225system-config-netboot 226TFTP protocol 225

LinuxWorld conference 966listen-on option, DNS 426listmanager 554ListProc 553LISTSERV Lite 554Liu, Cricket 423LMTP protocol 625ln 78, 80load average, sendmail 613load averages 808load balancing

disks and filesystems 805, 814DNS 385servers 805web server 722–724

loadable modules 880–882LOC DNS records 401local delivery agents, sendmail 533local domain sockets 77, 80/usr/local hierarchy 255–260

compilation 258–259distribution 259organizing 256–257testing 257–258

LOCAL_* macros, sendmail 586local_lmtp feature, sendmail 585local_procmail feature, sendmail

585localhost 282localhost zone configuration exam-

ple, BIND 439local-host-names file 574locate 15, 771lockd daemon 486lockf system call 486/var/log directory 204



log files 209–220see also loggingsee also sysloganalyzing and searching 220–

221for Apache 727archiving 204lists of 205, 218for logins and logouts 206monitoring 220–221replacing while in use 203rotating 156, 202, 208–209to system console 218web hosting 727

/dev/log socket 210logcheck 220logger 217–218logging

see also log filessee also syslogfor BIND 411, 432, 446, 466–471boot-time 206–208to central server 214, 216for cron 151for CUPS 781hardware failures 791kernel 206–208for sendmail 619–621for sudo 49through syslog 218–220to system console 218

logging in from Windows 821–822logging statement, DNS 432, 466logical unit numbers, SCSI 117logical volume managment see LVMlogin command 46, 856.login file 105login process 855login see user accounts/etc/login.defs file 98, 100logos, vendor 10logrotate 208–209/etc/logrotate.conf file 208/etc/logrotate.d directory 208logwatch 221loopback

address, BIND 437filesystem 73interface 282, 294, 302, 397

LOPSA 965lost+found directories 127, 133low-level formatting, disks 123lpd daemon 894lpd-errs file 215

lpinfo 772ls 45, 77, 81–84lsattr 87lsmod 881lsof 74, 494LTO backup tapes 167lvcreate 144lvextend 146LVM 139, 143–147

creating 143–144resizing 146–147

lwresd 897

M

m4 566–570, 586MAC addresses 280, 292Mackerras, Paul 508macros, sendmail 570–574magic cookies, NFS 486magic cookies, X Windows 746mail see emailmail.local delivery agent 533, 585,

605MAIL_HUB macro, sendmail 583,

600MAILER macro, sendmail 573–574mailers 573

cyrus 573discard 596error 591, 596fax 573local 573pop 573qpage 574

mailertable feature, sendmail 578mailing list software 551–554

listmanager 554ListProc 553LISTSERV Lite 554Mailman 553Majordomo 552SmartList 554

mailing lists 546, 551–554, 967mailq 619.mailrc file 105mailstats 615main.cf file 626maintenance 791–800

see also hardwarecontracts 792–793environment 796–798equipment racks 799

maintenance continuedpower 798preventive 795–796Uninterruptible Power Supply

(UPS) 799major device numbers 79, 870–872Majordomo 552–553, 605makedbm 512MAKEDEV script 79, 872makemap 576–577man pages 11–13management 907–915management standards, networks

658Manheimer, Ken 553MANs 351many-answers option, DNS 425map files, NFS automounter 499–

500masks in ACLs 90MASQUERADE_AS macro, send-

mail 581–583, 616masquerading, sendmail 581–583master boot record (MBR) 26master name server, DNS 413master server, NIS 511–513, 517–

518master.cf file 623masters statement, DNS 432, 434match-clients clause, DNS 438max-cache-size option, DNS 426MaxDaemonChildren option,

sendmail 608MaxMessageSize option, sendmail

608MaxRcptsPerMessage option,

sendmail 608MBR (master boot record) 26McKusick, Kirk 120MDA (mail delivery agent) 532mdadm RAID management utility

141–143, 145mdrecoveryd daemon 894/proc/mdstat file 142, 145media, backup 163–169

see also tapesCD and DVD 164jukeboxes 167labeling 159life of 163magnetic 164optical 164summary of types 168verifying 162


Index 985

memorybuffering 40effect on performance 804, 806kernel initialization and 23management 809–811modules 794–795paging 809–814, 818RAM disks 815usage, analyzing 811–813virtual (VM) 810–811

message of the day 856, 954message stores 533/var/log/messages file 207, 215Metcalfe, Bob 351mgetty process 855–858Microsoft Windows see Windowsmii-tool 303Miller, Todd 49miltering, sendmail 597MIME (Multipurpose Internet Mail

Extensions) 531, 601/etc/cups/mime.convs file 772/etc/cups/mime.types file 771Minar, Nelson 902mingetty process 855–858mini DIN-8 connectors 847minicom 864minor device numbers 79, 870–872mkdir 78mke2fs 125, 136–137mkfs 69mknod 79–80, 871mkpasswd 104MKS Toolkit 827mkswap 138Mockapetris, Paul 375model file 771modems 852, 862–864modprobe 881/etc/modprobe.conf file 881MODULE_DEVICE_TABLE macro

880Mondo Rescue 197monitoring log files 220–221monitors 794Moore’s Law 273Morris, Robert, Jr. 669MOSPF protocol 343/etc/motd file 856, 954Motion Picture Association of

America 950

mount 73, 126–128enabling filesystem ACLs 88NFS filesystems 492–495

mount point, filesystem 73mount.smbfs 836mountd daemon 489mounting filesystems see filesys-

tems, mountingmpstat 808/var/spool/mqueue directory 563,

619mreport program 620MRTG (Multi-Router Traffic Gra-

pher) 664MSA (mail submission agent) 533mt 178MTA (mail transport agent) 532MTU (maximum transfer unit)

278–279, 361mtx 179MUA (mail user agent) 531multibooting 30–31multicast addresses 281–282multiprocessor machines, analyzing

performance 808Multipurpose Internet Mail Exten-

sions (MIME) 531, 601multiuser mode 25MX DNS records 397–399MySQL 180–182, 377, 719, 936

N

Nagios SNMP monitoring tool 665name servers

see also DNSsee also BINDsee also namedauthoritative 413, 416caching 384–386, 417caching-only 413delegation 383dynamic updates 448–450forwarding 427hints 414keep-running script 417lame delegations 469, 475–476master 413negative caching 385nonauthoritative 413

name servers continuedrecursion 413, 425resolver 414, 418–420slave 413stub 413switch file 479zone delegation 407–409zone serial numbers 447

named 412, 446see also BINDsee also DNSsee also name serversacl statement 430ACLs 429, 451–453allow-recursion option 425allow-update clause 433, 450avoid-v4-udp-ports option 427blackhole option 428bogus directive 431chrooted 451, 453command-line interface see

named, rndccompiling with OpenSSL 458configuration 420–446configuration examples 439–

446confining with chroot 453controls statement 436–438datasize option 426debugging 466–478delegation-only option 386,

429directory statement 424domain directive 420error messages 469file statement 434forwarders option 427forwarding zone, configuring

436$GENERATE directive 401, 406hardware requirements 421$INCLUDE directive 406include statement 423init scripts 446ISC configuration example 444keep-running script 417key statement 430listen-on option 426localhost zone configuration ex-

ample 439logging 411, 446, 466–471



named continuedlogging statement 432, 466many-answers option 425master server, configuring 433masters statement 432, 434match-clients clause 438max-cache-size option 426/etc/named.conf file 421–446,

450–451, 470, 480–481named.run file 471named-checkconf 421, 455, 478named-checkzone 421, 478notify option 424options statement 423–429$ORIGIN directive 406provide-ixfr option 448query-source option 426recursion option 425recursive-clients option 426request-ixfr option 448rndc 436–438, 447, 471–473root server hints 435root.cache file 435rrset-order statement 428search directive 419server statement 431, 448slave server, configuring 434sortlist option 428starting 448statements, list of 422stub zones, configuring 434testing 466–478topology statement 428transfers-in option 425transfer-source option 426,

445transfers-out option 425transfers-per-ns option 425trusted-keys statement 430$TTL directive 390, 394, 406TTL options 428update-policy clause 450updating zone files 447–450versions 411, 424view statement 438zone commands 405–407zone serial numbers 447zone statement 432–436zone-statistics option 433

named pipes 77, 80/etc/named.conf file 421–446, 450–

451, 470, 480–481named.run file 471

named_dump.db file 472named-checkconf 421, 455, 478named-checkzone 421, 478namespace, DNS 378naming conventions

device files 872shared filesystems 487

nanny script 446NAT 290–291, 319National Science Foundation (NSF)

381ncftp 510ndbm library 169neigh directory 315Nemeth, Evi 679Nessus 690NetBIOS 828, 896netbooting 224–226Netfilter 704–708/etc/netgroup file 517netgroups, NIS 517netmasks 282–285NeTraverse 826NET-SNMP 661–664netstat 649–654

displaying interface names 300examining the routing table 294examples 335–337interfaces 649monitoring connections 651network statistics 649–654and NFS UDP overflows 492open ports 652routing table 652

Network Appliance, Inc. 496network configuration 298, 307–

311Debian and Ubuntu 310Red Hat and Fedora 308SUSE 309

Network Information Service see NIS

Network Solutions, Inc. 381Network Time Protocol (NTP) 902network unreachable error 304network wiring 934

building 366–368cable analyzer 366cable choices 352–355, 366for offices 367maintenance and documenta-

tion 370Wireshark network sniffer 366

networkssee also Ethernetsee also IP addressessee also network configurationsee also network wiringsee also routingsee also TCP/IPadding a machine to a LAN 297–

307address translation see NATaddresses 279–293administrative databases 504,

511ARP (Address Resolution Proto-

col) 296–297ATM 362–363broadcast storms 301, 357CIDR (Classless Inter-Domain

Routing) 286–287connecting and expanding 355–

359connecting with PPP 321daemons 900–901debugging with mii-tool 302–

303default route 293–294, 305, 329,

336design issues 368–370DHCP (Dynamic Host Configu-

ration Protocol) 311–314firewalls 318, 701–708interface activity reports 654interface configuration 299–302load balancing 385, 805loopback 282, 294, 302, 397management issues 370–371,

643management protocols 657–661management standards 658monitoring 650–651MTUs 278–279, 361NAT 290–291, 319netmasks 282–285packets see packetsPAT 319ping and 645–647port scanning 688–690ports 281PPP 320–330redundancy 941routing tables 652scanner, Nessus 690security see security


Index 987

networks continuedstatistics 649–654subnetting 282–285troubleshooting 366, 644–654tuning 314–316virtual private networks see

VPNsVLANs 357wireless 278, 359–361

network-scripts directory 38newaliases 551newgrp 102NFS (Network File System) 484–500

all_squash option 488, 491anongid option 488, 491anonuid option 488, 491buffer sizes 494client 492–495common options 491configuration, server 489–492cookies 486daemons 895–896dedicated file servers 496disk quotas 486and dump 170exporting filesystems 489–492file locking 486firewalls and 488and the fstab file 127hard vs. soft mounts 493insecure option 491, 495mount 492–495mounting filesystems at boot

time 495naming conventions 487no_root_squash option 488,

491nobody account 51, 488protocol versions 484root access 488RPC and 485secure option 491, 495secure_locks option 491security 487–489, 495, 686statistics 495subtree_check option 491TCP vs. UDP 485tuning 494using to export email 542

nfsd daemon 489, 492, 494nfsstat 495nice 61–62, 818nice value 55

NIS (Network Information Service) 511–520

architecture 512–514commands 514configuring clients 519configuring servers 518database files 511–512files to share 503LDAP vs. 525map files 512master server 511–513, 517–518netgroups 517query procedure 513security 685–686setting access control options

519setting up a domain 517–520slave servers 512–514, 517

nmap 688–690nmbd 829, 896nocanonify feature, sendmail 576nohup 59notify option, DNS 424NS DNS records 395, 407nscd daemon 504, 897/etc/nscd.conf file 505, 897NSEC DNS records 463NSF (National Science Foundation)

381NSFNET 272/etc/nsswitch.conf file 307, 515,

562nsupdate 449NTP (Network Time Protocol) 902/etc/ntp.conf file 902ntpd 902–903ntpdate 902null modem serial cable 846–847nullclient feature, sendmail 584–

585NXT DNS records 458

O

Oetiker, Tobias 262, 664office wiring 367off-site backup storage 161Oja, Joanna 11one-time passwords 698open relaying, email 589OpenLDAP 523, 555openlog routine 218–220OpenOffice.org 826

Openwall GNU/*/Linux (Owl) 710operating system installation see

Linux installationoprofile 817options statement, DNS 423–429$ORIGIN directive, DNS 406orphaned processes 56, 61, 63OSI layers 276OSPF protocol 339, 342–343OSTYPE macro, sendmail 570–572

P

Pack Management Project 266package management 234–247

alien conversion tool 235automating 244–246.deb format 235dpkg/APT 235, 237, 241–246Red Hat Network 240repositories 239–240RPM format 235rpm/yum 235–238, 246–247

packages see software packagespackets

see also networksdropped 646encapsulation 276–277filtering 677, 701forwarding 335–337handling with Netfilter 704–708ICMP 707round trip time 646sniffers 366, 655–657tracing 647–649

pages, memory 809–811paging 129, 809–814, 818Painter, Mark 376PAM (Pluggable Authentication

Modules) 681–682paper sizes for printers 777–778paperconfig 778PAPERSIZE environment variable

778/etc/papersize file 778Parain, Will 261partitions 124–125, 134–138

see also filesystemsload balancing 814resizing with LVM 146–147root 124setting up 134–136swap 124, 129, 138



passwd command 46, 96, 104/etc/passwd file 93–99

editing 96, 103for FTP servers 735group ID numbers 83permissions 684security 678–681, 684user ID numbers 45, 83

passwordsaging 680boot loader 673cracking 690encryption 94, 96, 830FTP 735group 101initial 104one-time 698root 47Samba 830security 47, 678–681selection 47, 104, 679–680shadow 94, 99–100, 678strength 682, 690

PAT (Port Address Translation) 319

PATA see IDEpatches, software 677patents

EU patent policy 957software 957–958U.S. patent office 957

pathnames 48, 72PC hardware

see also hardwareBIOSes 25boot device priority 26bootstrapping 25delete character 859device drivers 870multibooting 30–31vs. UNIX hardware 25

PCL printer language 763, 766PDF 764, 766pdftops 772performance 803–819

BIND 478CPU 806–809, 813disk 806, 813–815factors affecting 806–807improving 803–806kernel tuning for email 614load averages 808

performance continuedmeasuring and monitoring 664,

807memory 68, 804, 806, 811–813network, TOS bits 330NFS 494nice 61partitioning disks to improve

124PPP 321using RAID to improve 139SDSC Secure Syslog 210sendmail 611–615Squid web cache 733–734st_atime flag 87syncing log files 213troubleshooting 817–819tuning IDE drives 130web server 722–724, 727

performance analysis toolsfree 811iostat 813mpstat 808oprofile 817procinfo 812sar 816top 809uptime 808vmstat 807

Perl 14, 150, 719, 722, 827, 923in administrative scripts 4example scripts 525generating passwords 524insecure example 672module sources 662null password check 679and swatch 220and syslog 219user ID check 681wrapping cron jobs 511

permissionschmod and 84file 81, 684important 684sendmail 604–605umask and 86

personnel management 908–910PGP (Pretty Good Privacy) 610, 696Phonetics Sensaphone 798PIDs 54PIM protocol 343ping 317, 645–647

pipes, named 77, 80piracy 955PIX firewall box 318PJL printer language 765.plan file 901platters, disks 119Pluggable Authentication Modules

(PAM) 681–682poff command 330policy

agreements 107, 946–948backups 939documents 943–948enforcement 953logging 201Postfix policy daemons 636security 945–946

pon command 330POP (Post Office Protocol) 533, 543,

828, 897pop mailer 573popd 897pornography 954portmap daemon 488, 888, 893ports, network 281

numbers 893privileged 281, 689, 702scanning 688–690well known 688, 702

ports, serial 844–847POSIX 683, 959

APIs under Windows 827root account capabilities 46

Post Office Protocol (POP) 533, 543, 828, 897

postconf Postfix configuration tool 627

Postel, Jon 273Postfix 623–638

access control 632–634, 638amavisd virus filter 637architecture 623authentication 634black hole lists 635chrooted 625command-line utilities 625configuring 626–634content filtering 636debugging 637–639greylisting 636local delivery 629lookup tables 627


Index 989

Postfix continuedpolicy daemons 636queue manager 624receiving email 624security 625sending email 625spam control 634–637virtual domains 630–632virus filtering 637

PostScript 763, 766power management 798power supplies, emergency 940poweroff 42/etc/cups/ppd file 771PPD printer description files 770–

771PPIDs 54/etc/ppp directory 323PPP protocol 320–330

commands, list of 324configuration 323–330

pppd daemon 323, 325, 327, 329pppstats 329pr 780Practical Extraction and Report

Language see PerlPre-boot eXecution Environment

(PXE) 225–226, 899Preston, W. Curtis 198Pretty Good Privacy (PGP) 610,

696–697printers

see also printingaccounting 787cartridges 786drivers 765languages 763–766network 773, 784PPD printer description files

770–771purchasing 782–787security 787selection 782–785serial and parallel 784USB 774, 781WinPrinters 783

printingsee also CUPSsee also printersbanner pages 784–785daemons 894Foomatic database 771, 782Gutenprint project 771history 761–762

printing continuedKDE Print Manager 773Konqueror and 789paper sizes 777–778PPD printer description files

770–771previewers 785sharing printers using Samba

836–839software 779under KDE 788–790using kprinter 789Windows driver installation

838–839XHTML 764

priority, processes 55, 61–62privacy 951.private DNSSEC key file 454private IP addresses 289–291, 409,

416, 438, 465privileged ports 281, 689, 702/proc filesystem 65–66, 314–316,

872, 874processes 53

changing ownership credentials 45

changing user and group IDs 46control terminal 56EGID (effective group ID) 55EUID (effective user ID) 55execution states 60–61FSUID parameter 55GID (group ID) 55identities: real, effective, and

saved 45IDs 54monitoring 62–65orphaned 56, 61, 63owner 45, 54PPID (parent PID) 54priority 55, 61–62runaway 67–69scheduling 45sending signals to 60spontaneous 23standard I/O channels 56stopping and starting 61UID (user ID) 54zombie 56, 61, 63, 886

procinfo 812–813, 818procmail 533, 585, 636/etc/profile file 106/etc/profile.d directory 106profiler, system 817

programs, finding 15Project Athena 741.project file 901promiscuous relaying, sendmail

589provide-ixfr option, DNS 448proxies, service 703proxies, web servers 733ps 62–64, 809, 817pseudo-devices 871pseudo-users 97PTR DNS records 396, 444/dev/pts directory 75public key cryptography 456, 697Punycode 388purchasing hardware 782–787,

916–917PuTTY 821pvcreate LVM utility 143PXE (Pre-boot eXecution Environ-

ment) 225–226, 899PXELINUX 225Python 4, 15–16, 523, 923

Q

qmgr 625qpage mailer 574qpopper email server 543qshape 638quad A DNS records 404query-source option, DNS 426queue groups, sendmail 611–612queue runners, sendmail 613QUIT signal 58–59quotas, disk 486

R

racks, equipment 799RAID 139–147, 805, 894raidtools 141RAM disks 815/dev/ram0 and /dev/ram1 files 815rc scripts see startup scriptsrc.local script 36rcmd 898rcp 685, 898RCPT command, SMTP 588RCS 249–251rcsdiff 250



rdesktop 825rdist 505–508RDP (Remote Desktop Protocol)

824rdump 171real-time scheduling 56RealVNC 824reboot 42rebooting 40–41recursion option, DNS 425recursive-clients option, DNS 426Red Hat network configuration 308Red Hat Network, software reposi-

tory 240redirect feature, sendmail 575REFUSE_LA option, sendmail 608registration of domain names see

domain names, registrationregular files 77–78Reiser, Hans 121ReiserFS filesystem 121/etc/mail/relay-domains file 589Remote Desktop Protocol (RDP)

824Remote Procedure Call see RPCrenice 61–62, 818repositories, software 239, 266request-ixfr option, DNS 448reset 862resize_reiserfs 147resizing disk partitions 146–147/etc/resolv.conf file 418–420resolver library, DNS 414resource records, DNS 389–405

A 396, 407A6 404AAAA 404CNAME 399DNAME 404DNSKEY 457–458DS 458, 460format 389glue 407–409KEY 455, 458LOC 401MX 397–399NS 407NSEC 458, 460, 463NXT 458PTR 396, 444quad A 404RRSIG 457–458, 460, 463SIG 458SOA 392–395, 447

resource records, DNS continuedspecial characters in 389SRV 402–403, 464time to live 390trailing dot in names 389TXT 403, 424WKS 403

restore 173–176, 939reverse mapping, DNS 382, 396–

397, 405, 444revision control 248–255

CVS 251–253RCS 249–251Subversion 253–255

RFCsBCP documents 275DNS-related 375–376, 482email-related 532, 640FYI documents 275LDAP-related 523NFS-related 500overview 274–275private address space 289–291SNMP-related 667STD documents 275subnetting 285

RHN, repository package 240.rhosts file 685, 898Riggle, David 376RIP protocol 339, 341–344RIP-2 protocol 341RJ-11 connectors 862RJ-45 connectors 355, 849rlog 250rlogin 685rm 77, 79rmdir 78rmmod 881rndc 436–438, 447, 471–473/etc/rndc.conf file 437/etc/rndc.key file 437rndc-confgen 437root account 44, 46, 681

accessing 48–51accessing via NFS 488operations 46passwords 47POSIX capabilities 46restricting access 685squashing, NFS 488/etc/sudoers file 49–50user ID 46

root filesystem 24, 32, 75rootkits 688, 951

Rossi, Markku 778rotating log files 156, 202, 208–209route command 294, 303–305, 309,

900routed daemon 341, 343–344, 900Router Discovery Protocol 343routers 358–359routing 293–295, 334–348

autonomous systems 340BGP protocol 339CIDR (Classless Inter-Domain

Routing) 283–288Cisco routers 346–348cost metrics 340daemons and protocols 337–

344default route 293–294, 305, 329,

336distance-vector protocols 338,

342EIGRP protocol 342exterior gateway protocols 340ICMP redirects 295, 317, 337IGRP protocol 342interior gateway protocols 341–

343IS-IS protocol 343link-state protocols 339netmasks 282–285OSPF protocol 339, 342–343packet forwarding 303, 316,

335–337PPP 322protocols 341–343RIP protocol 339, 341–344sendmail 583static routes 294, 303–305static vs. dynamic routing 344–

345strategy 344–345subnetting 282–285tables 293–295, 335–337, 652unreachable networks 304with multiple ISPs 340XORP (eXtensible Open Router

Platform) 344Zebra package 344

Rowland, Craig 220RPC (Remote Procedure Call)

managing port assignments 888mapping service numbers to

ports 893NFS and 485portmap and 893


Index 991

rpc.bootparamd daemon 899rpc.lockd daemon 895rpc.mountd daemon 489, 895rpc.nfsd daemon 489, 895rpc.rquotad daemon 896rpc.statd daemon 895rpc.ypxfrd daemon 896rpciod daemon 896rpm 235–237RPM software package format 235rquotad daemon 486RRDTool graphing tool 664rrestore 175rrset-order statement, DNS 428RRSIG DNS records 457–458, 460,

463RS-232 standard 844–847, 853RS-232 to USB adapters 865rsh 898rsync 197, 508–511, 900rsyncd daemon 900rsyncd.secrets file 510RTS (request to send) signal 853run levels 856

changing 887init and 33–36, 42, 856, 886

RunAsUser sendmail user account 603

runaway processes 67–69running Linux programs from Win-

dows 822–823Russinovich, Mark 951rxvt 827

S

S/MIME 610SafeFileEnvironment option,

sendmail 606SAGE guild 965–966, 968SAIT tapes 166Samba 828–841

see also WindowsCIFS 828command-line file transfer pro-

gam 835configuration 829daemons 829, 895–896debugging 840–841display active connections and

locked files 840file and printer server daemon

896

Samba continuedfile sharing 833filename encoding 830group shares 833installation 829–830listing configuration options

830log files 840Network Neighborhood brows-

ing 831password encryption 830printer sharing 836–839security 829setting up passwords 830sharing files 828user authentication 832UTF-8 encoding 830WINS server 831

samhain 692–693SAN (Storage Area Network) serv-

ers 496SANE 965SANS Institute 675, 713, 965, 968sar 654, 816Sarbanes-Oxley Act (SOX) 675, 956,

960SASL (Simple Authentication and

Security Layer) 610SATA (Serial ATA) 112, 114savelog 209Sawyer, Michael 473/sbin directory 75SCA (Single Connector Attachment)

plug 116schedulers, I/O 815–816scheduling classes 56scheduling commands 150–157SCO 951scp 697SCSI 112, 114–118

BIOS 134connectors 115–117device names 873fast and wide 115installing 134troubleshooting 118vs. IDE 118

scsi_eh_N daemon 894SDSC Secure Syslog 210search directive, DNS 419search path 15SEC (Simple Event Correlator) 221sectors and tracks, disks 120secure file 206

secure terminals 685/etc/securetty file 685security

account hygiene 93Application Security Checklist

676auth.log file 206backups 161, 686BIND 417, 424, 451–464certifications 673–675CISA (Certified Information

Systems Auditor) 675CISSP (Certified Information

Systems Security Professional) 674

vs. convenience 673denial of service (DOS) attacks

397, 511, 608, 817device files 684directed broadcast 317DNS 417, 424, 451–464DNSSEC 387, 456–463DOS attack via syslog 213email 588email to programs 547, 605–606file permissions 684firewalls 701–708firewalls, host-based 318flaws in Linux 670FTP 684, 736GIAC (Global Information As-

surance Certification) 675of group file 684handling attacks 710–712hardened Linux 710hints 678hot-plug blacklist 883ICMP redirects 295, 317identifying open ports 652information sources 712–715intrusion detection 692–693IP forwarding 316IP spoofing 317–318iptables 704–708Kerberos 695–696kernel network variables 319LDAP and 526log files 201, 214login names, uniqueness 95monitoring 17, 677–678, 688,

692, 704of named 451, 453network 316–319NFS 487–489, 495, 686



security continuedNIS 519, 685–686overview 669–670packet sniffers 655–657PAM (Pluggable Authentication

Modules) 681–682of passwd file 678–681, 684of passwords 47, 94, 96, 679–

680, 690policy 945–946port scanning 688–690of Postfix 625of PPP 323of printers 787remote event logging 685reporting break-ins 712restricting root access 685.rhosts file 685root account 48, 681rootkits 688, 951running su 48Samba 829SDSC Secure Syslog 210search path 48secure file 206/etc/securetty file 685SELinux 693–694of sendmail 558, 588–598, 603–

610, 686setuid programs 683–684/etc/shadow file 678–681shadow passwords 94, 99–100,

678SNMP 660social engineering 671software patches 677source routing 317SSH 685, 697–698SSL 730–732standards 675–676stunnel 699–701syslog 214terminals 685tools 688–701Trojan horses 687TSIG (transaction signatures)

444, 453–456viruses 686–687of VPNs (virtual private net-

works) 318, 708–710of wireless networks 360X Window System 744–748, 823

SecurityFocus.com 713segmentation violations 58

SEGV signal 58SELinux 693–694Sender ID 599Sender Policy Framework (SPF)

403, 599sendmail 530, 897

see also emailsee also spamaccess database 591–594acting as MSA/MTA 534aliases see aliases, emailauthentication and encryption

603–610chrooted 607command line flags 562configuration 559–561, 565–

587, 590–598configuration examples 599–

603configuration options 586–587controlling forgery 609debugging 558, 566, 615–621delivery agents 533delivery modes 611documentation 566email to a disabled account 108envelope splitting 611–612headers 535–539, 595–596history 557Installation and Operation

Guide 639installing 559–562logging 619–621m4 and 566–570, 586masquerading 581–583miltering 597MX backup sites 565ownership, files 603–604performance 611–615permissions 604–605privacy options 606–607queue groups 611–612queue runners 613queues 563–565, 611–613, 619rate and connection limits 596relaying 589–591security 558, 588–598, 603–610,

686and the service switch file 562slamming 597using SMTP to debug 618spam control features 588–598startup script 38statistics 615

sendmail continuedtables and databases 576–580verbose delivery 617–618versions 557virtusertable feature 579–580

Sendmail, Inc. 530, 610sendmail.cf file 559, 563, 565sendmail.cw file 574sendmail.st file 615SEPP 266serial

breakout boxes 865cables see serial cablesconnectors see serial connectorsdevice drivers 872device files 853–855devices, software configuration

855drivers, special characters 859–

862interface, DCE vs. DTE 845–847line, debugging 864line, flow control 852–853ports see serial portsterminals, configuring 855–859

Serial ATA (SATA) 112, 114serial cables

length limits 853null modem 846–847straight-through 846–847Yost RJ-45 standard 850–852

serial connectorsDB-25 844–847DB-9 848mini DIN-8 847RJ-11 862RJ-45 849

serial ports 844–847flow control 852–853hard/soft carrier 852parameters, setting 854–855resetting 862setting options 860–862

server statement, DNS 431, 448servers

Apache see web hostingDNS/BIND 412–414email backup 541FTP 734–736HTTP 724Kerberos Windows and DNS

464load balancing 385, 805master NIS 511–513, 517–518


Index 993

servers continuedname see BIND, DNS, and

namednetwork printer 773NFS 489–492, 496NIS slave 512–514, 517Squid 733–734Storage Area Network (SAN)

496system files 510TUX 727VNC 824web proxy 733web see web hostingWINS 831X Window System for Windows

823, 827service proxy firewalls 703service switch file 306–307, 562service.switch file 562/etc/services file 281, 702, 892–893setfacl 89, 91setrlimit system call 818setserial 854setuid/setgid file attribute 45, 82–

83, 683–684/etc/shadow file 99–100, 678–681,

856shadow passwords 94, 99–100, 678Shapiro, Gregory 610share (Samba) 828shell

filename globbing 10, 77login 98search path 48startup files 105

SHELL variable 861/etc/shells file 98, 108showmount 492shutdown 41–42, 215shutting the system down 40–42SIG DNS records 458signals 57–60

see also individual signal namescaught, blocked, or ignored 57CONT 61, 68KILL 59–60list of important 58sending to a process 60STOP 61, 68TERM 59–60tracing 66TSTP 61

Simple Network Management Pro-tocol see SNMP

single-user modebooting to 24, 32bypassing 24entering 31manual booting 22, 24remounting the root filesystem

24, 32size, file attribute 84skel directory 106slamming, controlling in sendmail

597slapd daemon 523, 555slave servers, NIS 512–514, 517SLIP 320slurpd daemon 523SMART_HOST macro, sendmail

583, 600SmartList 554SMB protocol see Sambasmb.conf file 829–831, 836, 840smbclient 835smbcontrol 840smbd daemon 829, 896smbfs filesystem 835smbpasswd 830smbstatus 840SMP (symmetric multiprocessing)

808smrsh email delivery agent 533,

585, 605–606SMTP protocol 532, 618, 625, 827smtpd 897smtpd/smtpfwdd 540smurf attacks 317SNMP 658–667, 900

agents 661–662using Cacti 664CiscoWorks and 667community string 660data collection 664data organization 659–660MIBs (Management Informa-

tion Bases) 659–660using Nagios 665NET-SNMP 661–664OIDs (object identifiers) 659–

660RMON MIB 661tools 663–666traps 660

snmpd daemon 662, 900snmpd.conf file 662

snmpwalk 663SOA DNS records 392–395, 447socket system call 80sockets, local domain 80soft carrier 852soft links 80software

see also software package toolssee also software packagesconfiguration errors 673development 919–924engineering principles 923–924licenses 955management tools 266patches 677patents 957–958piracy 955printing 779recommended 266sharing over NFS 263vulnerabilities 672

software package toolssee also package managementsee also softwaresee also software packagesalien 235APT 241–246apt-ftparchive 244apt-get 241–246apt-proxy 244dpkg 237high level 237–247RHN (Red Hat Network) 240rpm 235–237/etc/apt/sources.list file 242–

243yum 246

software packagessee also softwaresee also software package toolsdependencies 265installers 234list of 267localizations 255–260management 234–247namespaces 264repositories 239revision control 248–255RPM format 235

software RAID 139Sony rootkits 951sortlist option, DNS 428source routing 317/etc/apt/sources.list file 242–243



SOX (Sarbanes-Oxley Act) 675, 956, 960

spamamavisd virus filter 637blacklists 594–595, 598danger of replying to 588, 598eliminating using DNS 403email header checking 595–596fighting 598–599greylisting 636mobile spammers 598Postfix 634–637relaying 589–591Sender ID 599sendmail control features 588–

598Spam Cop 598SpamAssassin 598SPF 403, 599web resources for fighting 598

Spam Cop 598SpamAssassin 598speed, setting for a network inter-

face see mii-toolSPF (Sender Policy Framework)

403, 599split DNS 438–439, 441–444squatting, domain 380Squid web cache 733–734, 955SRV DNS records 402–403, 464SSH 697–698

forwarding for X 747–748security 685Windows clients 821X forwarding 823

ssh 697sshd daemon 697, 898/etc/sshd_config file 698, 823SSL 730–732stackers, tape media 167Stafford, Stephen 11standards 958–960

COBIT (Control Objectives for Information and related Tech-nology) 960

data center 800Ethernet 277, 352FHS (Filesystem Hierarchy

Standard) 75IEEE 802.* 278, 352, 356, 358–

359Internet 274–275ISO/IEC 27001 675

standards continuedITIL (Information Technology

Interface Library) 960Linux 958–960LSB (Linux Standard Base) 959network management 658POSIX 959security 675–676Windows email and web com-

pliance 827star 197StarOffice 826startup files 105–106startup scripts 32–40

bootstrapping 32–40CUPS 773, 780examples 34, 38init and 22, 32, 38, 40/etc/init.d directory 34–35, 38,

40NFS server 489sendmail 38

startx 743statd daemon 486stateful inspection firewalls 703static electricity 793static routes 294, 303–305statistics

BIND 473CPU 808network 649–654NFS 495performance 816reporting 816sendmail 615

STD documents 275sticky bit 82–83STOP signal 58, 61, 68Stow, GNU 266STP cables 844strace 66straight-through serial cables 846–

847stty 852, 860–862stunnel 699–701su 48subdomains, DNS 383submission agents, email (MSA)

533submit.cf file 559, 566subnet masks see networks, net-

maskssubnetting 282–285Subversion 253–255

sudo 48–51, 97, 206sudo.log file 206/etc/sudoers file 49–50superblocks 126superuser see root accountSUSE network configuration 309svn 254svnserve daemon, Subversion 253svnserve.conf file 254swap space 124, 129, 138, 812, 814swapon 128, 138, 812, 814swatch 220switch file 420, 479switches 353, 356–358, 360Swpkg 266symbolic links 77, 80symmetric multiprocessing (SMP)

808sync command 42sync system call 42, 126synchronization of clocks 902synchronizing files

copying 505rdist 505–508rsync 508–510wget/ftp/expect 510–511

/proc/sys directory 874/sys directory 872/etc/sysconfig directory 37–38, 309sysctl 874/etc/sysctl.conf file 316, 874sysfs virtual filesystem 872, 882syslog 209–220

see also log filessee also loggingactions 213alternatives 209architecture 210central server 214, 216configuration examples 214–

217configuring 210–213debugging 217–218and DNS logging 466–471DOS attack via 213example using Perl 220facility names 212libraries 218–220output 216programming interface 218–

220remote logging 685restarting 210security 214


Index 995

syslog continuedsetup 214severity levels 212software that uses 218/etc/syslog.conf file 204, 210–

216syslogd daemon 203, 210–213,

901time stamps 211

syslog routine 210, 218/etc/syslog.conf file 204, 210–216,

620syslogd daemon 203, 210–213, 901syslog-ng 209system administration 18

see also hardwaresee also securitysee also system administration

group responsibilitiesautomation 922–924checklists 943configuring multiple machines

502development 919–924disaster recovery 163, 938–943documentation 930–934emergency power supplies 940essential tasks 16–18Internet resources 13keeping users happy 904–906legal issues 949–958list of email tasks 530local scripts 922–924management 907–915operations 924–926orgs and conferences 964–967personality syndrome 18policy agreements 948purchasing hardware 782–787,

916–917role of 915–919SOX (Sarbanes-Oxley Act) 956support 927–930survey results 968testing solutions 910toolbox 800, 922–923trouble ticketing and tracking

935–938system administration roles

administration 915–919development 919–924management 906–915operations 924–927support 927–930

system configuration 255–263see also hardwaresee also Linux installationsee also system administrationArusha Project 261cfengine 260CIM (Common Information

Model) 262LCFG (large-scale configuration

system) 261management 260–263Template Tree 2 262

system-config-kickstart 231system-config-netboot 226

T

talk 900talkd daemon 900Tanenbaum, Andrew S. 5tape drives, device names 873tapes, backup

see also media, backup4mm 1668mm 166AIT 166blocking factor 177copying 178DDS/DAT 166device files 171DLT/S-DLT 166library, robotic 179LTO 167positioning 178SAIT 166stackers 167VXA/VXA-X 167

tar 177–178target number, SCSI 117TCP

connection states 651vs. UDP for NFS 485wrappers 887

TCP/IP 271, 275–281CIDR (Classless Inter-Domain

Routing) 283, 286–288fancy options (SACK, ECN) 307fragmentation 279, 646history 272IPsec 949IPv6 286, 291–293loopback interface 282, 294,

302, 397

TCP/IP continuedNAT 290–291, 319netmasks 282–285network model 276packet encapsulation 276–277ports 281protocol suite 275–276subnetting 282–285TOS bits 330

tcpd daemon 887tcpdump 656tcpflow 657telinit 32, 42, 857, 887telnet 346TELNET protocol 898Tel-splice connector 852Template Tree 2, system configura-

tion 262temporary files, removing 154Tera Term Pro 821TERM environment variable 859,

861TERM signal 58–60/etc/termcap file 858–859Terminal Server service, Windows

825terminals 855–859

capability databases 858–859control 56secure 685setting options 860–862special characters 859–862unwedging 862

terminators, SCSI 117/etc/terminfo file 858Terry, Douglas 376testing, system 257testparm 830Texinfo 11TFTP 312, 899tftp 347Thomas, Eric 554threads, kernel 23TIA (Telecommunications Industry

Association) 354TightVNC 824time synchronization 902–903tip 864TLS see SSLTLT/S-DLT tapes 166/tmp directory 75/tmp partition 125tools, hardware 800top 65, 809, 817



top-level domains 379, 381topology statement, DNS 428Torvalds, Linus 5traceroute 647–649tracks and sectors, disks 120transfers-in option, DNS 425transfer-source option, DNS 426,

445transfers-out option, DNS 425transfers-per-ns option, DNS 425transport agents, email 532Tridgell, Andrew 508, 828Troan, Erik 208Trojan horses 687Trojnara, Michal 699trouble ticketing and tracking 935–

938troubleshooting

Bacula 195–196BIND 466–478CUPS 780–782named 466–478network hardware, cable analyz-

ers 366network hardware, sniffers 366network hardware, T-BERD line

analyzer 366network printing 781networks 366, 644–654networks with mii-tool 302–

303Postfix 637–639printers 780–782RAID 144–145runaway processes 67–69Samba 840–841SCSI 118sendmail 615–621serial line 864–865sluggish system 817–819syslog 217–218wedged terminal 862X Window System 754–757Xorg X server 754–757

trusted-keys statement, DNS 430TrustedUser sendmail user ac-

count 603Ts’o, Theodore 120tset 861–862TSIG (transaction signatures) 444,

453–456Tsirigotis, Panos 887

TSM (Tivoli Storage Manager) 197TSTP signal 58, 61TTL (time to live), packets 647$TTL directive, DNS 390, 394, 406TTL for DNS resource records 390tune2fs 121, 132tuning

IDE disks 130the kernel 314–316, 874network parameters 314–316NFS 494

TUX server 727Tweedie, Stephen 120TXT DNS records 403, 424typographic conventions 9–10

U

U (rack unit) 791Ubuntu network configuration 310udev 79udev system 872udev.conf directory 872udevd 872, 899UDP (User Datagram Protocol)

271, 275, 485UIDs see user IDsUltr@VNC project 824Ultra SCSI see SCSIumask 86, 105umount 73, 129, 494uname 881undeliverable messages, sendmail

613unicast addresses 292Uninterruptible Power Supply

(UPS) 799UNIX vs. Linux 4unlink system call 80unshielded twisted pair see UTP ca-

blesunsolicited commercial email see

spamupdate-policy clause, DNS 450update-rc.d 40updating zone files, DNS 447–450upgrades 176–177uptime 808, 818URLs 720–721us domain 380

USB 865–866device identification 869disks 112, 147–148, 165printers 774, 781RS-232 adapters 865in place of SCSI 115supported devices 784

use_cw_file feature, sendmail 574USENIX association 965–966, 968user accounts

adding 102–107, 109aliases, global (email) 95authentication under Samba

832bin 51daemon 51deleting 110disabling 108email home machine 106ftp 735GECOS information 98guest 944home directories 75, 98, 105hygiene 93ID number see user IDslogin process 46login shell 98modifying 109names 94–95nobody (NFS) 51, 488passwords 104pseudo-users 51removing 107root see root accountsendmail use of 603shared 680site-wide management 944startup files 105superuser see root account

user agents, email 531User Datagram Protocol see UDPuser IDs 45, 54–55, 96–97, 104useradd 102, 109userdel 110usermod 99, 109usernames see user accounts, namesusers

see also user accountsdocumentation 934keeping them happy 904–906policy agreements 946–948

/usr directory 75UTP cables 353–355, 366, 844


Index 997

V

V.90 modem standard 863van den Berg, Stephen R. 554, 585/var filesystem 75, 125variables, initializing in startup files

105vendor logos 10vendors we like 371–372Venema, Wietse 623, 856VeriSign Site Finder tool 429Veritas, backup tool 198VERSIONID macro, sendmail 570VFS (Virtual File System) 120vgcreate LVM utility 143vgdisplay LVM utility 143, 146vgscan LVM utility 143Viega, John 553view statement, DNS 438.vimrc file 105vipw 103virtual domains, Postfix 630–632Virtual File System (VFS) 120virtual hosts, web 727–730virtual memory (VM) 124, 129,

810–811Virtual Network Computing see

VNC protocolvirtual network interfaces 300virtual private networks see VPNsvirtual terminals and X 754–755VirtualHost clause, Apache 729virtusertable feature, sendmail

579–580viruses 686–687visudo 50Vixie, Paul 150, 376Vixie-cron see cron daemonVLANs 357vmlinuz file 29, 75vmstat 807–808, 818VMware 825VNC protocol 824vncserver 824VPNs (virtual private networks)

318, 328, 708–710IPsec tunnels 709SSH tunnels 709

VRFY command 588VT100 terminal 858VXA/VXA-X backup tapes 167

W

wait system call 57Wall, Larry 388WANs 351Ward, Grady 47WarGames 669warranties 793Warsaw, Barry 553Wassenaar, Eric 474Watchguard Firebox 319WBEM (Web-Based Enterprise

Management) standard 658web see World Wide WebWeb 2.0 719web hosting 719–734

Apache 724–732Apache configuration 726–732Apache installation 724–726caching server 733–734certificates 731–732CGI scripting 722httpd 901IIS (Windows) 827load balancing 385, 722–724log files 727performance 722–724proxy server 733–734Squid cache 733–734SSL 730–732static content 727TUX 727virtual interfaces 727–730

Weeks, Alex 11well-known ports 688, 702Wheeler, David A. 55whereis 15which 15white pages 901Win4Lin 826WINCH signal 58–59Windows

see also Sambaaccessing remote desktops 822–

825ACLs 833automounter 834backups 197DFS (Distributed File System)

834dual booting 826email and web standards com-

pliance 827

Windows continuedFAT filesystems 120IMAP 828Kerberos server and DNS 464logging in from 821–822mounting Windows filesystems

835multibooting with LINUX 30–

31Network Neighborhood brows-

ing using Samba 831POP (Post Office Protocol) 828printing 838–839RDP (Remote Desktop Proto-

col) 824running Linux programs from

822–823running under VMware 825running Windows programs un-

der Linux 825sharing files 828SMTP 827SSH clients 821Terminal Server service 825UNIX software running on 827VNC servers 824Wine project 825X forwarding 823X Window System servers 823,

827xterm for 827

Wine project 825Winmodems 863WinPrinters 783WINS server, Samba 831WinSCP 822wireless networks see networks,

wirelessWireshark packet sniffer 366, 657wiring see network wiringWirzenius, Lars 11WKS DNS records 403workstations, diskless 898World Wide Web

see also web hostingbrowsers 720HTTP protocol 720–722URLs 720

wrapper scripts for localization 265wtmp file 206WU-FTPD 900wvdial 325WWW see World Wide Web



X

X display manager 743–744X Window System

see also Xorg X serverarchitechture 742client authentication 745–746desktop environments 757–759DISPLAY environment variable

744, 748display manager 743–744history 741–742killing the X server 755magic cookies 746running an application 744–748security 744–748security under Windows 823SSH and 747–748startup files 105terminal window 859troubleshooting 754–757virtual terminals 754–755Windows servers 823, 827X forwarding 823X server output 755–756

/etc/X11 directory 743X11 see X Window Systemxargs 72xauth 746.Xclients file 105.Xdefaults file 105xdm directory 743xdm program 743xdpyinfo 756xdvi 785XFS filesystem 122xhost 745–746XHTML 764xinetd 887–890

configuring 888–890ftpd and 735/etc/services file 892–893/etc/xinetd.conf file 888–890

/etc/xinetd.conf file 888/etc/xinetd.d directory 888xinit 743.xinitrc file 105xntpd 62XON/XOFF 852–853Xorg X server 748–754

configuring 748–754debugging 754–757logging 755–757

xdpyinfo 756/etc/X11/xorg.conf file 749–

754xorgconfig 749

/etc/X11/xorg.conf file 749–754xorgconfig 749XORP (eXtensible Open Router

Platform) 344Xsession 743~/.xsession file 105, 743xtab file 489, 895xterm console emulator 827

Y

Yellow Pages see NISYlönen, Tatu 697Yost serial wiring system 850–852Yost, Dave 850/var/yp file 512yp* commands 513–518/etc/yp.conf file 512ypbind daemon 896ypserv daemon 896ypxfr 896yum 246

Z

Zebra routing package 344Zhou, Songnian 376Zimmermann, Philip 696zombie processes 56, 61, 63, 886zone statement, DNS 432–436zones, DNS 388, 412

commands 405–407files 389incremental transfers 388, 429IXFRs 447linkage 407–409signed, creating 458transfers 413, 425, 447–448updating files 447–450

zone-statistics option, DNS 433


Documents

Index [ptgmedia.pearsoncmg.com]ptgmedia.pearsoncmg.com/images/0131480049/index/Nemeth... · 2009. 6. 9. · 973 Index We have alphabetized files under their last components. And in