Linux Administration Handbook
by Mirko Zorz - Wednesday, 30 April 2003.
Authors: Evi Nemeth, Garth Snyder and Trent R. Hein
Pages: 890
Publisher: Prentice Hall PTR
ISBN: 0130084662



Introduction

The review you're about to read is the Linux-only version of the "Unix Administration Handbook". Proven concepts have been taken from that book along with the addition of a ton of Linux-specific material. In the preface the authors note that their intention was to write a book that would be the professional Linux system administrator's best friend. Did they manage to accomplish such a task? Read on to find out.

About the authors

Evi Nemeth has retired from the computer science faculty at the University of Colorado but still dabbles in network research at CAIDA, the Cooperative Association for Internet Data Analysis at the San Diego Supercomputer Center. She is currently exploring the Caribbean on her new toy, a 40-foot sailboat named Wonderland.

Garth Snyder has worked at NeXT and Sun and holds a degree in Electrical Engineering from Swarthmore College. He is currently an MD/MBA candidate at the University of Rochester.

Trent R. Hein is the co-founder of Applied Trust Engineering, a company which provides network infrastructure security and performance consulting services. Trent holds a BS in Computer Science from the University of Colorado.

Inside the book

The first part of the book deals with topics surrounding basic administration. After a concise introduction to Linux and UNIX history, the authors guide us through the process of selecting the proper Linux distribution for your needs, they point to the right place for more information and give details on software installation. As regards booting and shutting down, we learn about a variety of things such as automatic and manual booting, system processes, the LILO and GRUB boot loaders, startup scripts, and so on.

Next we discover more about the basics of superuser access for administrators. Among other things, here we learn more about choosing an adequate root password and becoming root. When it comes to controlling both system and user processes, you can use a single set of tools to control them both, since they all follow the same rules. The authors depict the components of a process, analyze the life cycle of a process and write also about the monitoring of processes. After all of this, we move on to learn more about the filesystem with information on pathnames, file types, file attributes and more.

One of the keys to system security is certainly the proper handling of user accounts. Described here are the automated tools used to add and remove users as well as the underlying changes that these tools make. This chapter couldn't exist without a description of the /etc/passwd, /etc/shadow and /etc/group files. What follows is a chapter dedicated to serial devices where we see a lot about serial standards, alternative connectors, modems and a lot more. In case you're not familiar with all the devices, the various illustrations will make things clearer.

Since it's rather difficult to get users to clean up their portion of disk space, at some point the administrator will have to add a new hard disk to the machine. To aid you in this task the authors discuss the SCSI and IDE standards and then proceed to give an overview of how the disk is added to the machine and then formatted and partitioned.

Every system administrator that wants to keep control of his system tries to automate as many tasks as possible. This is exactly why you find a lot of information on the cron daemon next.

There are many ways you can lose your data - hardware failures, software bugs, human error, etc. That's why it's crucial for you to backup frequently. Not only that, you should also test the backup media regularly in order to make sure it works properly. In this chapter you get various tips on backup and an overview of commercial backup products.

When it comes to Syslog and log files the authors write quite a bit about logging policies and managing log files before moving forward to discuss drivers and the kernel. Here we find information on kernel tuning, adding device drivers, rebuilding the kernel, and much more.

The second part of the book deals with networking and opens with a chapter dedicated to TCP/IP networking. Here we learn about the history of TCP/IP and the Internet and we see how the Internet is managed today. There's also, naturally, some text dedicated to the TCP/IP protocols, IP addresses, DHCP, PPP, and more. Next we get juicy details on routing as the authors investigate several network protocols (RIP, RIP-2, OSPF, etc.) summarizing their major advantages and weaknesses. Since Cisco is the biggest player in the routers market, there's no surprise there's a part dedicated to them. If you want to learn more about network hardware, you'll be pleased to know that the authors discuss ATM, Ethernet, frame relay, DSL and design issues you are likely to face.

One of the largest chapters of the book is dedicated to the Domain Name System (DNS). Much detail is covered here: the history of DNS, the DNS namespace, Bind sever configuration, and so on. Perhaps you want to share filesystems among computers? You're going to use the Network File System (NFS). The authors hook you up with general information on NFS, server-side and client-side NFS, AMD, and more before moving on to discuss the sharing of system files. A properly functioning system depends on many configuration files. If you have many machines on a network it becomes difficult to manage all the configuration files by hand. The authors illustrate techniques you can use to keep your files synchronized on the network. Discussed here are NIS, NIS+ and LDAP.

When discussing e-mail, the authors provide a myriad of details on Sendmail with configuration examples, testing, debugging and spam-related features. When it comes to sendmail security we learn about ownerships, permissions, Denial of Service attacks, forgeries, etc. The more machines you have, the more problems you are likely to face. That's exactly why the authors dedicate a chapter to network management and debugging. Discussed here are traceroute, ping, netstat, tcpdump, Ethereal, etc.

The chapter dedicated to security addresses a wide variety of security concerns. Here you learn about security problems in the /etc/passwd and /etc/shadow files, setuid programs, file permissions, etc. Presented are also security tools the authors deem to be important, they are: nmap, ndiff, Saint, Nessus, Tripwire, Kerberos, PGP, SSH, and others. The discussion moves on to cover firewalls and virtual private networks. To close the chapter the authors write a bit on hardened Linux distributions and give you some advice on what you can do when your site has been attacked. When it comes to the discussion of web hosting and Internet servers, the authors provide details about the web and FTP. Covered here is the installation and configuration of Apache, information on proxy servers, and other topics.

The third part of the book entitled "Bunch o' stuff" contains exactly that - a bunch of different topics. This part kicks off with a discussion on software installation and localization where you learn about automating Linux installation, localization, keeping your systems up-to-date with rsync or rdist, package management, etc. Throughout the chapter you see distribution-specific information that should help you in getting the most out of your machine.

The chapter dedicated to printing and hardware maintenance should be interesting to all of you that are experiencing problems in these areas or need tips on how to improve. When it comes to performance analysis, you learn about what can be done to check system performance and improve it.

Windows are also mentioned in this book as the authors provide pointers on how to coexist with Windows by addressing a variety of topics that administrators face today. Some of the topics discussed here are: secure terminal emulation with SSH, dual booting, hardware tips, etc. In case you're interested to know more about daemons, you'll be glad to know that the authors provide an overview of the most common Linux daemons before closing the book with a chapter dedicated to policy and politics.

What I think of it

As the authors note, this book is not about how to run Linux at home - it describes the use of Linux in production environments. Therefore this book is not intended for novice users but for the intermediate to advanced audience.

At the end of every chapter you find a list of recommended reading as well as clever exercises, which you can use to test your knowledge. Throughout the book you find references to other parts of the book, which makes it a perfect reference guide.

If you're serious about Linux system administration, you want this book.



Spotlight

Lessons learned developing Lynis, an open source security auditing tool

Posted on 15 October 2014.  |  Lynis unearths vulnerabilities, configuration errors, and provides tips for system hardening. It is written in shell script, installation is not required and can be performed with a privileged or non-privileged account.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Oct 20th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //