Pro Linux System Administration - Springer978-1-4842-2008-5/1.pdf · Pro Linux System...

Pro Linux System Administration

Learn to Build Systems for Your Business Using Free and Open Source Software

Second Edition

Dennis Matotek

James Turnbull

Peter Lieverdink

Pro Linux System Administration: Learn to Build Systems for Your Business Using Free and Open Source Software

Dennis Matotek James Turnbull Peter LieverdinkFootscray, Victoria, Brooklyn, New York, North Melbourne, Victoria, Australia United States Australia

ISBN-13 (pbk): 978-1-4842-2007-8 ISBN-13 (electronic): 978-1-4842-2008-5DOI 10.1007/978-1-4842-2008-5

Library of Congress Control Number: 2017935471

Copyright © 2017 by Dennis Matotek, James Turnbull and Peter Lieverdink

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.

Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights.

While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein.

Managing Director: Welmoed SpahrEditorial Director: Todd GreenAcquisitions Editor: Louise CorriganDevelopment Editor: James MarkhamTechnical Reviewer: Sander van VugtCoordinating Editor: Nancy ChenCopy Editors: Lori Jacobs and Kim WimpsettCompositor: SPi GlobalIndexer: SPi GlobalArtist: SPi Global

Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail [email protected], or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation.

For information on translations, please e-mail [email protected], or visit www.apress.com/rights-permissions.

Apress titles may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Print and eBook Bulk Sales web page at www.apress.com/bulk-sales.

Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub via the book's product page, located at www.apress.com/9781484220078. For more detailed information, please visit www.apress.com/source-code.

Printed on acid-free paper

mailto:[email protected]

www.springeronline.com

mailto:[email protected]

ww.apress.com/rights-permissions

www.apress.com/bulk-sales

www.apress.com/9781484220078

http://www.apress.com/source-code/

To Bianca, Ziggy, Anika, Othello, plus the cute little chickens.

And special thanks to Sander whose knowledge and advice were invaluable on this book.

—Dennis

Contents at a Glance

About the Authors ��xxi

About the Technical Reviewer ��xxiii

■Part I: The Beginning �� 1

■Chapter 1: Introducing Linux �� 3

■Chapter 2: Installing Linux �� 11

■Chapter 3: Introducing VirtualBox, Git, and Vagrant �� 73

■Chapter 4: Linux Basics �� 99

■Chapter 5: Users and Groups �� 147

■Chapter 6: Startup and Services �� 181

■Chapter 7: Networking and Firewalls �� 217

■Chapter 8: Package Management �� 297

■Chapter 9: Storage Management and Disaster Recovery �� 357

■Part II: Making Linux Work for You �� 415

■Chapter 10: Infrastructure Services: NTP, DNS, DHCP, and SSH �� 417

■Chapter 11: Web and SQL Services �� 473

■Chapter 12: Mail Services �� 525

■Chapter 13: File Sharing and Printing �� 595

■Chapter 14: Backup and Recovery �� 635

■Chapter 15: Networking with VPNs �� 701

■Chapter 16: Directory Services �� 733

v

■ Contents at a GlanCe

vi

■Chapter 17: Performance Monitoring and Optimization �� 799

■Chapter 18: Logging and Monitoring �� 839

■Chapter 19: Configuration Management �� 911

Index �� 983

Contents

About the Authors ��xxi

About the Technical Reviewer ��xxiii

■Part I: The Beginning �� 1

■Chapter 1: Introducing Linux �� 3

Linux Distributions �� 3

Red Hat Enterprise Linux �� 4

CentOS �� 5

The Fedora Project �� 5

Debian Linux �� 5

Ubuntu �� 5

Gentoo �� 6

So Which Distribution Should You Choose? �� 6

So Which Distributions Does This Book Cover? �� 7

Picking Hardware �� 7

Supported Hardware �� 8

Getting the Software �� 8

Getting Support �� 9

Summary �� 10

■Chapter 2: Installing Linux �� 11

LiveCDs and Virtual Machines �� 12

LiveCDs �� 12

Virtual Machines �� 12

vii

■ Contents

viii

CentOS Server Installation �� 13

Ubuntu Installation �� 53

Troubleshooting �� 71

Diagnostic Information �� 71

Restarting Your Installation �� 71

Troubleshooting Resources �� 71

Summary �� 72

■Chapter 3: Introducing VirtualBox, Git, and Vagrant �� 73

VirtualBox Installation �� 74

Licensing �� 74

Creating a New VirtualBox Machine �� 75

Installing Git �� 82

Git Basics �� 86

Introducing Vagrant �� 87

Installing Vagrant �� 88

Vagrant Concepts �� 88

Getting Started with Vagrant �� 89

Summary �� 97

■Chapter 4: Linux Basics �� 99

Getting Started �� 99

Logging In �� 100

Linux vs� Microsoft Windows �� 102

The GUI Desktop �� 103

The Command Line �� 104

Shells �� 106

Command-Line Prompt �� 107

Typing Your First Command �� 108

Remote Access �� 110

Using SSH �� 110

■ Contents

ix

Getting Help �� 112

Users and Groups �� 114

Services and Processes �� 114

Packages �� 117

Files and Filesystems �� 117

File Types and Permissions �� 122

Links �� 129

Users, Groups, and Ownership �� 130

Size and Space �� 130

Date and Time �� 131

Working with Files �� 132

Reading Files �� 132

Searching for Files �� 137

Copying Files �� 138

Moving and Renaming Files �� 141

Deleting Files �� 142

Linking Files �� 142

Editing Files �� 143

Summary �� 145

■Chapter 5: Users and Groups �� 147

What Happens When You Log In? �� 147

Working with Users and Groups �� 148

Introducing sudo �� 149

Creating Users �� 150

Creating Groups �� 153

Deleting Users and Groups �� 156

Managing Users and Groups via the GUI �� 157

Passwords �� 160

Password Aging �� 161

Disabling Users �� 163

■ Contents

x

Storing User Data �� 164

Storing Group Data �� 166

Configuring Your Shell and Environment �� 167

Controlling Access to Your Host �� 170

Configuring PAM �� 170

More about sudo �� 174

Configuring sudo �� 175

Summary �� 180

■Chapter 6: Startup and Services �� 181

What Happens When Your Host Starts? �� 181

Powering On �� 181

Boot Loaders �� 184

Starting the Operating System �� 185

Understanding the GRUB2 Boot Loader �� 186

Using the GRUB2 Menu �� 186

Configuring GRUB2 �� 188

Securing Your Boot Loader �� 192

What Happens After You Boot? �� 193

Understanding Systemd �� 194

Upstart: Ubuntu’s Init �� 198

Remembering SystemV �� 200

Managing Services �� 203

Managing Services with Systemd �� 204

Shutting Down and Rebooting Your Linux Host �� 210

Scheduling Services and Commands �� 210

Systemd Timers �� 211

Introducing Cron �� 212

Summary �� 216

■ Contents

xi

■Chapter 7: Networking and Firewalls �� 217

Introduction to Networks and Networking �� 218

Getting Started with Interfaces �� 222

Managing Interfaces �� 226

Configuring Networks with Network Scripts �� 235

Network Configuration Files for Ubuntu �� 242

TCP/IP 101 �� 247

General Network Troubleshooting �� 249

Ping! �� 249

MTR �� 250

The tcpdump Command �� 251

The Netcat Tool �� 254

You Dig It? �� 255

Other Troubleshooting Tools �� 257

Adding Routes and Forwarding Packets �� 257

Netfilter and iptables �� 263

How Netfilter/iptables Work �� 263

Tables �� 265

Chains �� 265

Policies �� 267

Network Address Translation �� 267

Using the Firewall-cmd Command �� 268

Using the ufw Command �� 270

Using the iptables Command �� 273

Explaining Firewall Rules�� 279

Logging and Rate Limiting and Securing Netfilter �� 282

Further Exploring firewall-cmd �� 286

TCP Wrappers �� 287

Setting Up a ppp Connection �� 288

ADSL Setup Using nmcli �� 288

Summary �� 295

■ Contents

xii

■Chapter 8: Package Management �� 297

Introduction to Package Management �� 297

Package Management on CentOS �� 299

Getting Started �� 300

The Application Installer �� 300

Yellowdog Updater Modified �� 306

DNF – or Dandified YUM �� 314

Red Hat Package Management �� 315

Package Management on Ubuntu �� 322

Aptitude �� 323

Package Management with Ubuntu Software App �� 335

Using dpkg �� 343

Examining Package Details �� 346

Examining Package Contents �� 347

Performing a File Search �� 347

Installing Packages �� 347

Removing a Package �� 348

Compiling from Source �� 348

Configure �� 350

Compile and Make �� 352

Install �� 353

Uninstall �� 354

Creating Packages with FPM �� 354

Summary �� 355

■Chapter 9: Storage Management and Disaster Recovery �� 357

Storage Basics �� 357

Devices �� 357

Partitions �� 359

Filesystems �� 366

Creating Swap Filesystem �� 368

Creating an Ext4 Partition �� 370

■ Contents

xiii

Tweaking ext2, ext3, and ext4 Filesystem Options �� 371

The XFS Filesystem �� 373

The Btrfs Filesystem�� 374

Filesystems for Data Sharing �� 378

Other Filesystems �� 379

Using Your Filesystem �� 379

Automating Mounts �� 381

Checking Filesystem Usage �� 384

RAID �� 386

Types of RAID �� 386

Logical Volume Management �� 396

Creating Groups and Volumes�� 396

Expanding a Logical Volume �� 399

Shrinking a Logical Volume �� 400

LVM Commands �� 401

Recovering from Failure �� 402

Boot Loader Problems �� 405

Disk Failure �� 411

Summary �� 413

■Part II: Making Linux Work for You �� 415

■Chapter 10: Infrastructure Services: NTP, DNS, DHCP, and SSH �� 417

Keeping Time �� 417

Time with timedatectl �� 418

Network Time Protocol �� 419

The Global NTP Server Pool �� 422

Chrony �� 424

Domain Name System �� 427

Root Servers �� 427

Querying Name Servers �� 429

Running Caching DNS �� 437

■ Contents

xiv

Authoritative DNS �� 443

Dynamic DNS �� 454

Dynamic Host Configuration Protocol �� 455

Installing and Configuring �� 455

Static Lease Assignments�� 457

Dynamic DNS Updates �� 459

Manually Changing DNS Entries �� 463

Secure Shell �� 463

Creating and Distributing Keys �� 464

Using SSH Agent �� 465

Tweaking SSH Configuration �� 466

Performing Quick and Secure File Transfers �� 470

Summary �� 471

■Chapter 11: Web and SQL Services �� 473

Apache Web Server �� 473

Installation and Configuration �� 474

HTTPD Performance �� 482

Access Restriction �� 483

Modules �� 486

File and Directory Permissions �� 488

SQL Database �� 488

Installation �� 489

Testing the Server�� 491

MariaDB Storage Engines �� 492

Basic Tuning for XtraDB �� 493

Basic MariaDB Administration �� 496

Managing Web Site Contents �� 499

Web Presence �� 500

Securing Your Web Services with SSL/TLS Certificates �� 505

Creating HTTPS Certificates with Let’s Encrypt �� 514

Other Web Applications �� 518

■ Contents

xv

Web Caching �� 518

Squid-Cache �� 519

Summary �� 524

■Chapter 12: Mail Services �� 525

How Does E-mail Work? �� 525

What Happens When You Send an E-mail? �� 526

What Happens After You Send an E-Mail? �� 529

Configuring E-mail �� 530


Starting Postfix �� 531

Understanding Postfix Configuration �� 532

Initial Configuration �� 535

Testing Postfix �� 537

Choosing a Mailbox Format �� 541

Extending Postfix Configuration �� 544

Using Encryption �� 544

Authentication �� 549

Postfix Lookup Tables and Virtual Domains �� 559

Getting Help for Postfix �� 561

Combating Viruses and Spam �� 562

Fighting Spam �� 562

Antivirus �� 573

Installing ClamAV �� 574

Configuring ClamAV �� 578

What to Do with an Infected E-mail? �� 579

Configuring IMAP and POP3 �� 585

IMAP �� 585

POP3 �� 585

What’s the Difference? �� 585

Choosing Between IMAP and POP3 �� 586

Introducing Dovecot IMAP �� 586

■ Contents

xvi

Virtual Domains and Users �� 592

Alternative Mail Servers for Linux �� 592

Summary �� 593

■Chapter 13: File Sharing and Printing �� 595

File Sharing with Samba and NFS �� 595

Samba �� 596

Configuring Samba AD �� 597

Testing Samba �� 599

Configuring Samba Shares �� 601

Adding Users to Samba �� 605

Required iptables Rules for Samba �� 608

Mounting Samba Shares on Linux�� 609

Mounting Shares on macOS �� 611

Resources �� 613

NFS Shares: Linux to Linux �� 614

Troubleshooting NFS �� 616

Resources �� 616

Distributed Network Filesystems �� 616

GlusterFS �� 617

Managing Documents �� 626

Using Document Management Systems �� 626

Print Servers �� 627

CUPS �� 627

Summary �� 634

■Chapter 14: Backup and Recovery �� 635

Disaster Recover Planning �� 635

Backup Process �� 637

Things to Think About �� 638

Network Backups �� 639

■ Contents

xvii

Using rsync �� 640

Using rsync over SSH �� 641

Backing Up with Duply �� 652

Setting Up S3 Buckets �� 652

AWS User Policies �� 656

Testing S3 Bucket Access �� 657

Installing and Configuring Duply �� 659

Using Bareos �� 666

Getting the Software �� 667

Configuring the Database �� 668

Configuring Bareos �� 670

Managing Bareos with bconsole �� 686

Using GlusterFS for Backup Storage �� 690

Backing Up Databases with Bareos Plug-Ins �� 694

Introducing the Bareos Web-UI �� 697

Summary �� 700

■Chapter 15: Networking with VPNs �� 701

Our Example Network �� 701

Introducing OpenVPN �� 703

Installing OpenVPN �� 703

Starting and Stopping OpenVPN �� 704

Configuring OpenVPN �� 704

Exposing Head Office Resources with OpenVPN �� 717

VPN Connections for Mobile Users �� 719

Troubleshooting OpenVPN �� 730

Summary �� 731

■Chapter 16: Directory Services �� 733

Overview �� 734

What Is LDAP? �� 734

General Considerations �� 737

■ Contents

xviii

Implementation �� 738


CentOS Installation Guide �� 740

Ubuntu Installation Guide �� 740

Configuration �� 740

Requirements �� 741

Configuring SLAPD�� 742

Listing, Adding, and Creating a Schema �� 749

Access Control Lists �� 754

Working with the slapd Daemon �� 762

Setting Up Your LDAP Client �� 765

LDAP Management and Tools �� 765

LDIFs and Adding Users �� 766

Adding Users from LDIF Files �� 768

Searching Your LDAP Tree �� 772

Deleting Entries from Your LDAP Directory �� 773

Password Policy Overlay �� 774

Testing Your Access Control Lists �� 775

Backing Up Your LDAP Directory �� 777

LDAP Account Manager: Web-Based GUI �� 779

Installation and Configuration �� 779

Adding the Apache Virtual Host for LAM �� 781

Integration with Other Services �� 786

Single Sign-On: Centralized Linux Authentication �� 786

How PAM Works �� 792

LDAP and Apache Authentication�� 794

Summary �� 797

■Chapter 17: Performance Monitoring and Optimization �� 799

Basic Health Checks �� 799

CPU Usage �� 799

Memory Usage �� 800

■ Contents

xix

Disk Space �� 801

Logs �� 802

Advanced Tools �� 802

CPU and Memory Use �� 802

Swap Space Use �� 806

Disk Access �� 807

Deeper with dstat �� 808

Continuous Performance Monitoring �� 810

Collectd �� 810

Graphite �� 815

Grafana �� 824

Performance Optimization �� 831

Resource Limits �� 831

sysctl and the proc File System �� 833

Storage Devices �� 834

File System Tweaks �� 835

I/O Schedulers �� 836

Summary �� 837

■Chapter 18: Logging and Monitoring �� 839

Logging�� 839

journald �� 839

rsyslogd �� 846

Configuring rsyslog �� 847

Configuring RELP �� 855

Starting and Stopping rsyslog �� 857

Testing Logging with logger �� 857

Log Management and Rotation �� 858

Log Analysis and Correlation �� 861

Introducing Beats and Logstash �� 861

Elasticsearch for Log Stashing �� 871

■ Contents

xx

Kibana Installation and Configuration �� 873

Further Information �� 876

Monitoring �� 876

Introducing Nagios-Core �� 877

Installing Nagios �� 879

Starting Nagios �� 881

Nagios Configuration �� 881

Setting Up the Nagios Console �� 901

Troubleshooting Nagios �� 908

Summary �� 909

■Chapter 19: Configuration Management �� 911

Provisioning �� 912

Provisioning with CentOS Cobbler �� 912

MAAS �� 936

Configuration Management �� 936

Introducing Puppet �� 937

Installing Puppet �� 939

Configuring Puppet �� 940

Writing the Manifest �� 941

Connecting Our First Client �� 944

Creating Our First Configuration �� 946

Applying Our First Configuration �� 949

Specifying Configuration for Multiple Hosts �� 950

Relating Resources �� 953

Using Templates �� 955

More Puppet �� 956

Troubleshooting Puppet �� 957

Introducing Ansible �� 957

Serverspec Testing �� 973

Summary �� 980

Index �� 983

About the Authors

Dennis Matotek lives and works in Melbourne, Australia—possibly the birthplace of great coffee and the home to several exemplary coffeehouses and many, many average ones too.

He works as a senior development operations engineer at Envato, an online digital marketplace where a community of creatives can help bring ideas to life. There he helps a team of engineers deploy code, build infrastructure, and monitor performance for varying systems, mostly written in Rails. He usually works with AWS rather than bare metal and appreciates not having to change failed disks.

With two young children, Ziggy and Anika, he happily lives with his partner Bianca and a number of pets—one dog and six chickens.

James Turnbull is the CTO at Empatico, co-chair of O’Reilly’s Velocity conference, an advisor at AccessNow and Docker Inc.

Previously CTO at Kickstarter, VP of Engineering at Venmo and was an early employee and executive at Docker and Puppet Labs.

He is a contributor to a number of open source projects and regularly speaks on topics related to writing, systems administration, and open source technologies. He is the author of several books: https://terraformbook.com/, https://www.artofmonitoring.com/, https://www.dockerbook.com/, https://www.logstashbook.com/, Pro Puppet (Apress, 2011), Pulling Strings with Puppet: Systems Administration Made Easy (Apress, 2008), Hardening Linux (Apress, 2008), and Pro Nagios 2.0 (Apress, 2006).

Peter Lieverdink was born in a small Dutch country town. He owns a pair of clogs but has never eaten tulips or lived in a windmill. On his 22nd birthday, Peter moved to Australia and briefly worked in an office cubicle. He now runs his own business, Creative Contingencies Pty, Ltd. The business depends on open source software for infrastructure and development as well as daily office tasks.

Peter specializes in web application development and helping other businesses implement open source solutions using Linux on both desktops and servers.

xxi

https://terraformbook.com/

https://www.artofmonitoring.com/

https://www.dockerbook.com/

https://www.logstashbook.com/

About the Technical Reviewer

Sander van Vugt is a best-selling author and technical trainer, living in the Netherlands. In his professional life, Sander focuses on enterprise Linux distributions and has authored several books and video courses about them. For more information, visit his web site, www.sandervanvugt.com.

xxiii

http://www.sandervanvugt.com/

Date post:	25-Mar-2018
Category:	Documents
Upload:	doandat
View:	220 times
Download:	5 times