Linux系统管理技术手册(第二版)(英文版)

[美] 内梅斯(Evi Nemeth),

文学

linux 系统管理

2007-10

人民邮电出版社

目录
SECTION ONE: BASIC ADMINISRATIONCHAPTER 1 WHERE TO START 3 Suggested background 4 Linux’s relationship to UNIX 4 Linux in historical context 5 Linux distributions 6  So what’s the best distribution? 8  Distribution-specific administration tools 9 Notation and typographical conventions 9  System-specific information 10 Where to go for information 11  Organization of the man pages 12  man: read manual pages 13  Other sources of Linux information 13 How to find and install software 14 Essential tasks of the system administrator 16  Adding, removing, and managing user accounts 16  Adding and removing hardware 16  Performing backups 17  Installing and upgrading software 17  Monitoring the system 17  Troubleshooting 17  Maintaining local documentation 17  Vigilantly monitoring security 17  Helping users 18 System administration under duress 18  System Administration Personality Syndrome 18 Recommended reading 19 Exercises 20CHAPTER 2 BOOTING AND SHUTTING DOWN 21 Bootstrapping 21  Automatic and manual booting 22  Steps in the boot process 22  Kernel initialization 23  Hardware configuration 23  Kernel threads 23  Operator intervention (manual boot only) 24  Execution of startup scripts 25  Multiuser operation 25 Booting PCs 25 Using boot loaders: LILO and GRUB 26  GRUB: The GRand Unified Boot loader 26  LILO: The traditional Linux boot loader 28  Kernel options 29  Multibooting on PCs 30  GRUB multiboot configuration 30  LILO multiboot configuration 31 Booting single-user mode 31  Single-user mode with GRUB 32  Single-user mode with LILO 32 Working with startup scripts 32  init and run levels 33  Red Hat and Fedora startup scripts 36  SUSE startup scripts 38  Debian and Ubuntu startup scripts 40 Rebooting and shutting down 40  Turning off the power 41  shutdown: the genteel way to halt the system 41  halt: a simpler way to shut down 42  reboot: quick and dirty restart 42  telinit: change init’s run level 42  poweroff: ask Linux to turn off the power 42 Exercises 43CHAPTER 3 ROOTLY POWERS 44 Ownership of files and processes 44 The superuser 46 Choosing a root password 47 Becoming root 48  su: substitute user identity 48  sudo: a limited su 48 Other pseudo-users 51  bin: legacy owner of system commands 51  daemon: owner of unprivileged system software 51  nobody: the generic NFS user 51 Exercises 52CHAPTER 4 CONTROLLING PROCESSES 53 Components of a process 53  PID: process ID number 54  PPID: parent PID 54  UID and EUID: real and effective user ID 54  GID and EGID: real and effective group ID 55  Niceness 55  Control terminal 56 The life cycle of a process 56 Signals 57 kill and killall: send signals 60 Process states 60 nice and renice: influence scheduling priority 61 ps: monitor processes 62 top: monitor processes even better 65 The /proc filesystem 65 strace: trace signals and system calls 66 Runaway processes 67 Recommended reading 69 Exercises 69CHAPTER 5 THE FILESYSTEM 70 Pathnames 72 Filesystem mounting and unmounting 73 The organization of the file tree 75 File types 76  Regular files 78  The localhost zone 439  A small security company 441  The Internet Systems Consortium, isc.org 444 Starting named 446 Updating zone files 447  Zone transfers 447  Dynamic updates 448 Security issues 451  Access control lists revisited 451  Confining named 453  Secure server-to-server communication with TSIG and TKEY 453  DNSSEC 456  Negative answers 463  Microsoft and DNS 464 Testing and debugging 466  Logging 466  Sample logging configuration 470  Debug levels 471  Debugging with rndc 471  BIND statistics 473  Debugging with dig 473  Lame delegations 475  doc: domain obscenity control 476  Other DNS sanity checking tools 478  Performance issues 478 Distribution specifics 478 Recommended reading 481  Mailing lists and newsgroups 481  Books and other documentation 481  On-line resources 482  The RFCs 482 Exercises 482CHAPTER 16 THE NETWORK FILE SYSTEM 484 General information about NFS 484  NFS protocol versions 484  Choice of transport 485  File locking 486  Disk quotas 486  Cookies and stateless mounting 486  Naming conventions for shared filesystems 487  Security and NFS 487  Root access and the nobody account 488 Server-side NFS 489  The exports file 490  nfsd: serve files 492 Client-side NFS 492  Mounting remote filesystems at boot time 495  Restricting exports to insecure ports 495 nfsstat: dump NFS statistics 495 Dedicated NFS file servers 496 Automatic mounting 497  automount: mount filesystems on demand 497  The master file 498  Map files 499  Executable maps 499 Recommended reading 500 Exercises 501CHAPTER 17 SHARING SYSTEM FILES 502 What to share 503 nscd: cache the results of lookups 504 Copying files around 505  rdist: push files 505  rsync: transfer files more securely 508  Pulling files 510 NIS: the Network Information Service 511  Understanding how NIS works 512  Weighing advantages and disadvantages of NIS 514  Prioritizing sources of administrative information 515  Using netgroups 517  Setting up an NIS domain 517  Setting access control options in /etc/ypserv.conf 519  Configuring NIS clients 519  NIS details by distribution 520 LDAP: the Lightweight Directory Access Protocol 520  The structure of LDAP data 521  The point of LDAP 522  LDAP documentation and specifications 523  OpenLDAP: LDAP for Linux 523  NIS replacement by LDAP 525  LDAP and security 526 Recommended reading 526 Exercises 527CHAPTER 18 ELECTRONIC MAIL 528 Mail systems 530  User agents 531  Transport agents 532  Delivery agents 532  Message stores 533  Access agents 533  Mail submission agents 533 The anatomy of a mail message 534  Mail addressing 535  Mail header interpretation 535 Mail philosophy 539  Using mail servers 540  Using mail homes 542  Using IMAP or POP 542 Mail aliases 544  Getting mailing lists from files 546  Mailing to files 547  Mailing to programs 547  Aliasing by example 548  Forwarding mail 549  The hashed alias database 551 Mailing lists and list wrangling software 551  Software packages for maintaining mailing lists 551  LDAP: the Lightweight Directory Access Protocol 555 sendmail: ringmaster of the electronic mail circus 557  Versions of sendmail 557  sendmail installation from sendmail.org 559  sendmail installation on Debian and Ubuntu systems 561  The switch file 562  Modes of operation 562  The mail queue 563 sendmail configuration 565  Using the m4 preprocessor 566  The sendmail configuration pieces 567  Building a configuration file from a sample .mc file 568  Changing the sendmail configuration 569 Basic sendmail configuration primitives 570  The VERSIONID macro 570  The OSTYPE macro 570  The DOMAIN macro 572  The MAILER macro 573 Fancier sendmail configuration primitives 574  The FEATURE macro 574  The use_cw_file feature 574  The redirect feature 575  The always_add_domain feature 575  The nocanonify feature 576  Tables and databases 576  The mailertable feature 578  The genericstable feature 579  The virtusertable feature 579  The ldap_routing feature 580  Masquerading and the MASQUERADE_AS macro 581  The MAIL_HUB and SMART_HOST macros 583  Masquerading and routing 583  The nullclient feature 584  The local_lmtp and smrsh features 585  The local_procmail feature 585  The LOCAL_* macros 586  Configuration options 586 Spam-related features in sendmail 588  Relaying 589  The access database 591  User or site blacklisting 594  Header checking 595  Rate and connection limits 596  Slamming 597  Miltering: mail filtering 597  Spam handling 598  SpamAssassin 598  SPF and Sender ID 599 Configuration file case study 599  Client machines at sendmail.com 599  Master machine at sendmail.com 600 Security and sendmail 603  Ownerships 603  Permissions 604  Safer mail to files and programs 605  Privacy options 606  Running a chrooted sendmail (for the truly paranoid) 607  Denial of service attacks 608  Forgeries 608  Message privacy 610  SASL: the Simple Authentication and Security Layer 610 sendmail performance 611  Delivery modes 611  Queue groups and envelope splitting 611  Queue runners 613  Load average controls 613  Undeliverable messages in the queue 613  Kernel tuning 614 sendmail statistics, testing, and debugging 615  Testing and debugging 616  Verbose delivery 617  Talking in SMTP 618  Queue monitoring 619  Logging 619 The Exim Mail System 621  History 621  Exim on Linux 621  Exim configuration 622  Exim/sendmail similarities 622 Postfix 623  Postfix architecture 623  Receiving mail 624  The queue manager 624  Sending mail 625  Security 625  Postfix commands and documentation 625  Configuring Postfix 626  What to put in main.cf 626  Basic settings 626  Using postconf 627  Lookup tables 627  Local delivery 629  Virtual domains 630  Virtual alias domains 630  Virtual mailbox domains 631  Access control 632  Access tables 633  Authentication of clients 634  Fighting spam and viruses 634  Black hole lists 635  SpamAssassin and procmail 636  Policy daemons 636  Content filtering 636  Debugging 637  Looking at the queue 638  Soft-bouncing 638  Testing access control 638 Recommended reading 639 Exercises 640CHAPTER 19 NETWORK MANAGEMENT AND DEBUGGING 643 Network troubleshooting 644 ping: check to see if a host is alive 645 traceroute: trace IP packets 647 netstat: get network statistics 649  Inspecting interface configuration information 649  Monitoring the status of network connections 651  Identifying listening network services 652  Examining the routing table 652  Viewing operational statistics for network protocols 653 sar: inspect live interface activity 654 Packet sniffers 655  tcpdump: king of sniffers 656  Wireshark: visual sniffer 657 Network management protocols 657 SNMP: the Simple Network Management Protocol 659  SNMP organization 659  SNMP protocol operations 660  RMON: remote monitoring MIB 661 The NET-SMNP agent 661 Network management applications 662  The NET-SNMP tools 663  SNMP data collection and graphing 664  Nagios: event-based SNMP and service monitoring 665  Commercial management platforms 666 Recommended reading 667 Exercises 668CHAPTER 20 SECURITY 669 Is Linux secure? 670 How security is compromised 671  Social engineering 671  Software vulnerabilities 672  Configuration errors 673 Certifications and standards 673  Certifications 674  Standards 675 Security tips and philosophy 676  Packet filtering 677  Unnecessary services 677  Software patches 677  Backups 677  Passwords 677Vigilance 677  General philosophy 678 Security problems in /etc/passwd and /etc/shadow 678  Password checking and selection 679  Password aging 680  Group logins and shared logins 680  User shells 680  Rootly entries 681  PAM: cooking spray or authentication wonder? 681 POSIX capabilities 683 Setuid programs 683 Important file permissions 684 Miscellaneous security issues 685  Remote event logging 685  Secure terminals 685  /etc/hosts.equiv and ~/.rhosts 685  Security and NIS 685  Security and NFS 686  Security and sendmail 686  Security and backups 686  Viruses and worms 686  Trojan horses 687  Rootkits 688 Security power tools 688  Nmap: scan network ports 688  Nessus: next generation network scanner 690  John the Ripper: find insecure passwords 690  hosts_access: host access control 691  Samhain: host-based intrusion detection 692  Security-Enhanced Linux (SELinux) 693 Cryptographic security tools 694  Kerberos: a unified approach to network security 695  PGP: Pretty Good Privacy 696  SSH: the secure shell 697  One-time passwords 698  Stunnel 699 Firewalls 701  Packet-filtering firewalls 701  How services are filtered 702  Service proxy firewalls 703  Stateful inspection firewalls 703  Firewalls: how safe are they? 704 Linux firewall features: IP tables 704 Virtual private networks (VPNs) 708  IPsec tunnels 709  All I need is a VPN, right? 710 Hardened Linux distributions 710 What to do when your site has been attacked 710 Sources of security information 712  CERT: a registered service mark of Carnegie Mellon University 712  SecurityFocus.com and the BugTraq mailing list 713  Crypto-Gram newsletter 713  SANS: the System Administration, Networking, and Security Institute 713  Distribution-specific security resources 713  Other mailing lists and web sites 714 Recommended reading 715 Exercises 716CHAPTER 21 WEB HOSTING AND INTERNET SERVERS 719 Web hosting basics 720  Uniform resource locators 720  How HTTP works 720  Content generation on the fly 722  Load balancing 722 HTTP server installation 724  Choosing a server 724  Installing Apache 724  Configuring Apache 726  Running Apache 726  Analyzing log files 727  Optimizing for high-performance hosting of static content 727 Virtual interfaces 727  Using name-based virtual hosts 728  Configuring virtual interfaces 728  Telling Apache about virtual interfaces 729 The Secure Sockets Layer (SSL) 730  Generating a certificate signing request 731  Configuring Apache to use SSL 732 Caching and proxy servers 733  The Squid cache and proxy server 733  Setting up Squid 734 Anonymous FTP server setup 734 Exercises 736SECTION THREE: BUNCH O' STUFFCHAPTER 22 THE X WINDOW SYSTEM 741 The X display manager 743 Running an X application 744  The DISPLAY environment variable 744  Client authentication 745  X connection forwarding with SSH 747 X server configuration 748  Device sections 750  Monitor sections 750  Screen sections 751  InputDevice sections 752  ServerLayout sections 753 Troubleshooting and debugging 754  Special keyboard combinations for X 754  When good X servers go bad 755 A brief note on desktop environments 757  KDE 758  GNOME 758  Which is better, GNOME or KDE? 759 Recommended Reading 759 Exercises 759CHAPTER 23 PRINTING 761 Printers are complicated 762 Printer languages 763  PostScript 763  PCL 763  PDF 764  XHTML 764  PJL 765  Printer drivers and their handling of PDLs 765 CUPS architecture 767  Document printing 767  Print queue viewing and manipulation 767  Multiple printers 768  Printer instances 768  Network printing 768  The CUPS underlying protocol: HTTP 769  PPD files 770  Filters 771 CUPS server administration 772  Network print server setup 773  Printer autoconfiguration 774  Network printer configuration 774  Printer configuration examples 775  Printer class setup 775  Service shutoff 776  Other configuration tasks 777  Paper sizes 777  Compatibility commands 778  Common printing software 779  CUPS documentation 780 Troubleshooting tips 780  CUPS logging 781  Problems with direct printing 781  Network printing problems 781  Distribution-specific problems 782 Printer practicalities 782  Printer selection 782  GDI printers 783  Double-sided printing 783  Other printer accessories 783  Serial and parallel printers 784  Network printers 784 Other printer advice 784  Use banner pages only if you have to 784  Provide recycling bins 785  Use previewers 785  Buy cheap printers 785  Keep extra toner cartridges on hand 786  Pay attention to the cost per page 786  Consider printer accounting 787  Secure your printers 787 Printing under KDE 788  kprinter: printing documents 789  Konqueror and printing 789 Recommended reading 790 Exercises 790CHAPTER 24 MAINTENANCE AND ENVIRONMENT 791 Hardware maintenance basics 791 Maintenance contracts 792  On-site maintenance 792  Board swap maintenance 792  Warranties 793 Electronics-handling lore 793  Static electricity 793  Reseating boards 794 Monitors 794 Memory modules 794 Preventive maintenance 795 Environment 796  Temperature 796  Humidity 796  Office cooling 796  Machine room cooling 797  Temperature monitoring 798 Power 798 Racks 799 Data center standards 800 Tools 800 Recommended reading 800 Exercises 802CHAPTER 25 PERFORMANCE ANALYSIS 803 What you can do to improve performance 804 Factors that affect performance 806 System performance checkup 807  Analyzing CPU usage 807  How Linux manages memory 809  Analyzing memory usage 811  Analyzing disk I/O 813  Choosing an I/O scheduler 815  sar: Collect and report statistics over time 816  oprofile: Comprehensive profiler 817 Help! My system just got really slow! 817 Recommended reading 819 Exercises 819CHAPTER 26 COOPERATING WITH WINDOWS 821 Logging in to a Linux system from Windows 821 Accessing remote desktops 822  Running an X server on a Windows computer 823  VNC: Virtual Network Computing 824  Windows RDP: Remote Desktop Protocol 824 Running Windows and Windows-like applications 825  Dual booting, or why you shouldn’t 826  The OpenOffice.org alternative 826 Using command-line tools with Windows 826 Windows compliance with email and web standards 827 Sharing files with Samba and CIFS 828  Samba: CIFS server for UNIX 828  Samba installation 829  Filename encoding 830  Network Neighborhood browsing 831  User authentication 832  Basic file sharing 833  Group shares 833  Transparent redirection with MS DFS 834  smbclient: a simple CIFS client 835  The smbfs filesystem 835 Sharing printers with Samba 836  Installing a printer driver from Windows 838  Installing a printer driver from the command line 839 Debugging Samba 840 Recommended reading 841 Exercises 842CHAPTER 27 SERIAL DEVICES 843 The RS-232C standard 844 Alternative connectors 847  The mini DIN-8 variant 847  The DB-9 variant 848  The RJ-45 variant 849  The Yost standard for RJ-45 wiring 850 Hard and soft carrier 852 Hardware flow control 852 Cable length 853 Serial device files 853 setserial: set serial port parameters 854 Software configuration for serial devices 855 Configuration of hardwired terminals 855  The login process 855  The /etc/inittab file 856  Terminal support: the termcap and terminfo databases 858 Special characters and the terminal driver 859 stty: set terminal options 860 tset: set options automatically 861  Directories 78  Character and block device files 79  Local domain sockets 80  Named pipes 80  Symbolic links 80 File attributes 81  The permission bits 81  The setuid and setgid bits 82  The sticky bit 82  Viewing file attributes 82  chmod: change permissions 84  chown: change ownership and group 86  umask: assign default permissions 86  Bonus flags 87 Access control lists 88  ACL overview 88  Default entries 91 Exercises 92CHAPTER 6 ADDING NEW USERS 93 The /etc/passwd file 93  Login name 94  Encrypted password 96  UID (user ID) number 96  Default GID number 97  GECOS field 98  Home directory 98  Login shell 98 The /etc/shadow file 99 The /etc/group file 101 Adding users 102  Editing the passwd and shadow files 103  Editing the /etc/group file 104  Setting an initial password 104  Creating the user’s home directory 105  Copying in the default startup files 105  Setting the user’s mail home 106  Verifying the new login 106  Recording the user’s status and contact information 107 Removing users 107 Disabling logins 108 Managing accounts 108 Exercises 110CHAPTER 7 ADDING A DISK 111 Disk interfaces 111  The PATA interface 112  The SATA interface 114  The SCSI interface 114  Which is better, SCSI or IDE? 118 Disk geometry 119 Linux filesystems 120 Terminal unwedging 862 Modems 862  Modulation, error correction, and data compression protocols 863  minicom: dial out 864  Bidirectional modems 864 Debugging a serial line 864 Other common I/O ports 865  USB: the Universal Serial Bus 865 Exercises 866CHAPTER 28 DRIVERS AND THE KERNEL 868 Kernel adaptation 869 Drivers and device files 870  Device files and device numbers 870  Creating device files 871  sysfs: a window into the souls of devices 872  Naming conventions for devices 872 Why and how to configure the kernel 873 Tuning Linux kernel parameters 874 Building a Linux kernel 876  If it ain’t broke, don’t fix it 876  Configuring kernel options 876  Building the kernel binary 878 Adding a Linux device driver 878  Device awareness 880 Loadable kernel modules 880 Hot-plugging 882 Setting bootstrap options 883 Recommended reading 884 Exercises 884CHAPTER 29 DAEMONS 885 init: the primordial process 886 cron and atd: schedule commands 887 xinetd and inetd: manage daemons 887  Configuring xinetd 888  Configuring inetd 890  The services file 892  portmap: map RPC services to TCP and UDP ports 893 Kernel daemons 893  klogd: read kernel messages 894 Printing daemons 894  cupsd: scheduler for the Common UNIX Printing System 894  lpd: manage printing 894 File service daemons 895  rpc.nfsd: serve files 895  rpc.mountd: respond to mount requests 895  amd and automount: mount filesystems on demand 895  rpc.lockd and rpc.statd: manage NFS locks 895  rpciod: cache NFS blocks 896  rpc.rquotad: serve remote quotas 896  smbd: provide file and printing service to Windows clients 896  nmbd: NetBIOS name server 896 Administrative database daemons 896  ypbind: locate NIS servers 896  ypserv: NIS server 896  rpc.ypxfrd: transfer NIS databases 896  lwresd: lightweight resolver library server 897  nscd: name service cache daemon 897 Electronic mail daemons 897  sendmail: transport electronic mail 897  smtpd: Simple Mail Transport Protocol daemon 897  popd: basic mailbox server 897  imapd: deluxe mailbox server 897 Remote login and command execution daemons 898  sshd: secure remote login server 898  in.rlogind: obsolete remote login server 898  in.telnetd: yet another remote login server 898  in.rshd: remote command execution server 898 Booting and configuration daemons 898  dhcpd: dynamic address assignment 899  in.tftpd: trivial file transfer server 899  rpc.bootparamd: advanced diskless life support 899  hald: hardware abstraction layer (HAL) daemon 899  udevd: serialize device connection notices 899 Other network daemons 900  talkd: network chat service 900  snmpd: provide remote network management service 900  ftpd: file transfer server 900  rsyncd: synchronize files among multiple hosts 900  routed: maintain routing tables 900  gated: maintain complicated routing tables 901  named: DNS server 901  syslogd: process log messages 901  in.fingerd: look up users 901  httpd: World Wide Web server 901 ntpd: time synchronization daemon 902 Exercises 903CHAPTER 30 MANAGEMENT, POLICY, AND POLITICS 904 Make everyone happy 904 Components of a functional IT organization 906 The role of management 907  Leadership 907  Hiring, firing, and personnel management 908  Assigning and tracking tasks 911  Managing upper management 913  Conflict resolution 913 The role of administration 915  Sales 915  Purchasing 916  Accounting 917  Personnel 917  Marketing 918  Miscellaneous administrative chores 919 The role of development 919  Architectural principles 920  Anatomy of a management system 922  The system administrator’s tool box 922  Software engineering principles 923 The role of operations 924  Aim for minimal downtime 925  Document dependencies 925  Repurpose or eliminate older hardware 926 The work of support 927  Availability 927  Scope of service 927  Skill sets 929  Time management 930 Documentation 930  Standardized documentation 931  Hardware labeling 933  User documentation 934 Request-tracking and trouble-reporting systems 934  Common functions of trouble ticket systems 935  User acceptance of ticketing systems 935  Ticketing systems 936  Ticket dispatching 937 Disaster recovery 938  Backups and off-line information 939  Staffing your disaster 939  Power and HVAC 940  Network redundancy 941  Security incidents 941  Second-hand stories from the World Trade Center 942 Written policy 943  Security policies 945  User policy agreements 946  Sysadmin policy agreements 948 Legal Issues 949  Encryption 949  Copyright 950  Privacy 951  Click-through EULAs 953  Policy enforcement 953  Control = liability 954  Software licenses 955  Regulatory compliance 956 Software patents 957 Standards 958  LSB: the Linux Standard Base 959  POSIX 959  ITIL: the Information Technology Interface Library 960  COBIT: Control Objectives for Information and related Technology 960 Linux culture 961 Mainstream Linux 962 Organizations, conferences, and other resources 964  Conferences and trade shows 965  LPI: the Linux Professional Institute 967  Mailing lists and web resources 967  Sysadmin surveys 968 Recommended Reading 968  Infrastructure 968  Management 969  Policy and security 969  Legal issues, patents, and privacy 969  General industry news 970 Exercises 970INDEX 973ABOUT THE CONTRIBUTORS 999ABOUT THE AUTHORS 1001  Ext2fs and ext3fs 120  ReiserFS 121  XFS and JFS 122 An overview of the disk installation procedure 122  Connecting the disk 122  Formatting the disk 123  Labeling and partitioning the disk 124  Creating filesystems within disk partitions 125  Mounting the filesystems 126  Setting up automatic mounting 127  Enabling swapping 129 hdparm: set IDE interface parameters 129 fsck: check and repair filesystems 131 Adding a disk: a step-by-step guide 133 Advanced disk management: RAID and LVM 138  Linux software RAID 139  Logical volume management 139  An example configuration with LVM and RAID 140  Dealing with a failed disk 144  Reallocating storage space 146 Mounting USB drives 147 Exercises 148CHAPTER 8 PERIODIC PROCESSES 150 cron: schedule commands 150 The format of crontab files 151 Crontab management 153 Some common uses for cron 154  Cleaning the filesystem 154  Network distribution of configuration files 155  Rotating log files 156 Other schedulers: anacron and fcron 156 Exercises 157CHAPTER 9 BACKUPS 158 Motherhood and apple pie 159  Perform all dumps from one machine 159  Label your media 159  Pick a reasonable backup interval 159  Choose filesystems carefully 160  Make daily dumps fit on one piece of media 160  Make filesystems smaller than your dump device 161  Keep media off-site 161  Protect your backups 161  Limit activity during dumps 162  Verify your media 162  Develop a media life cycle 163  Design your data for backups 163  Prepare for the worst 163 Backup devices and media 163  Optical media: CD-R/RW, DVD±R/RW, and DVD-RAM 164  Removable hard disks (USB and FireWire) 165  Small tape drives: 8mm and DDS/DAT 166  DLT/S-DLT 166  AIT and SAIT 166  VXA/VXA-X 167  LTO 167  Jukeboxes, stackers, and tape libraries 167  Hard disks 168  Summary of media types 168  What to buy 168 Setting up an incremental backup regime with dump 169  Dumping filesystems 169  Dump sequences 171 Restoring from dumps with restore 173  Restoring individual files 173  Restoring entire filesystems 175 Dumping and restoring for upgrades 176 Using other archiving programs 177  tar: package files 177  cpio: archiving utility from ancient times 178  dd: twiddle bits 178 Using multiple files on a single tape 178 Bacula 179  The Bacula model 180  Setting up Bacula 181  Installing the database and Bacula daemons 181  Configuring the Bacula daemons 182  bacula-dir.conf: director configuration 183  bacula-sd.conf: storage daemon configuration 187  bconsole.conf: console configuration 188  Installing and configuring the client file daemon 188  Starting the Bacula daemons 189  Adding media to pools 190  Running a manual backup 190  Running a restore job 192  Monitoring and debugging Bacula configurations 195  Alternatives to Bacula 197 Commercial backup products 197  ADSM/TSM 197  Veritas 198  Other alternatives 198 Recommended reading 198 Exercises 198CHAPTER 10 SYSLOG AND LOG FILES 201 Logging policies 201  Throwing away log files 201  Rotating log files 202  Archiving log files 204 Linux log files 204  Special log files 206  Kernel and boot-time logging 206 logrotate: manage log files 208 Syslog: the system event logger 209  Alternatives to syslog 209  Syslog architecture 210  Configuring syslogd 210  Designing a logging scheme for your site 214  Config file examples 214  Sample syslog output 216  Software that uses syslog 217  Debugging syslog 217  Using syslog from programs 218 Condensing log files to useful information 220 Exercises 222CHAPTER 11 SOFTWARE AND CONFIGURATION MANAGEMENT 223 Basic Linux installation 223  Netbooting PCs 224  Setting up PXE for Linux 225  Netbooting non-PCs 226Kickstart: the automated installer for   Enterprise Linux and Fedora 226  AutoYaST: SUSE’s automated installation tool 230  The Debian and Ubuntu installer 231  Installing from a master system 232 Diskless clients 232 Package management 234  Available package management systems 235  rpm: manage RPM packages 235  dpkg: manage Debian-style packages 237 High-level package management systems 237  Package repositories 239  RHN: the Red Hat Network 240  APT: the Advanced Package Tool 241  Configuring apt-get 242  An example /etc/apt/sources.list file 243  Using proxies to make apt-get scale 244  Setting up an internal APT server 244  Automating apt-get 245  yum: release management for RPM 246 Revision control 247  Backup file creation 247  Formal revision control systems 248  RCS: the Revision Control System 249  CVS: the Concurrent Versions System 251  Subversion: CVS done right 253 Localization and configuration 255  Organizing your localization 256  Testing 257  Local compilation 258  Distributing localizations 259  Resolving scheduling issues 260 Configuration management tools 260  cfengine: computer immune system 260  LCFG: a large-scale configuration system 261  The Arusha Project (ARK) 261  Template Tree 2: cfengine helper 262  DMTF/CIM: the Common Information Model 262 Sharing software over NFS 263  Package namespaces 264  Dependency management 265  Wrapper scripts 265  Implementation tools 266 Recommended software 266 Recommended reading 268 Exercises 268SECTION TWO: NETWORKINGCHAPTER 12 TCP/IP NETWORKING 271 TCP/IP and the Internet 272  A brief history lesson 272  How the Internet is managed today 273  Network standards and documentation 274 Networking road map 275 Packets and encapsulation 276  The link layer 277  Packet addressing 279  Ports 281  Address types 281 IP addresses: the gory details 282  IP address classes 282  Subnetting and netmasks 282  The IP address crisis 285  CIDR: Classless Inter-Domain Routing 287  Address allocation 288  Private addresses and NAT 289  IPv6 addressing 291 Routing 293  Routing tables 294  ICMP redirects 295 ARP: the address resolution protocol 296 Addition of a machine to a network 297  Hostname and IP address assignment 298  ifconfig: configure network interfaces 299  mii-tool: configure autonegotiation and other media-specific options 302  route: configure static routes 303  Default routes 305  DNS configuration 306  The Linux networking stack 307 Distribution-specific network configuration 307  Network configuration for Red Hat and Fedora 308  Network configuration for SUSE 309  Network configuration for Debian and Ubuntu 310 DHCP: the Dynamic Host Configuration Protocol 311  DHCP software 312  How DHCP works 312  ISC’s DHCP server 313 Dynamic reconfiguration and tuning 314 Security issues 316  IP forwarding 316  ICMP redirects 317  Source routing 317  Broadcast pings and other forms of directed broadcast 317  IP spoofing 317  Host-based firewalls 318  Virtual private networks 318  Security-related kernel variables 319 Linux NAT 319 PPP: the Point-to-Point Protocol 320Addressing PPP performance   issues 321  Connecting to a network with PPP 321  Making your host speak PPP 321  Controlling PPP links 321  Assigning an address 322  Routing 322  Ensuring security 323  Using chat scripts 323  Configuring Linux PPP 323 Linux networking quirks 330 Recommended reading 331 Exercises 332CHAPTER 13 ROUTING 334 Packet forwarding: a closer look 335 Routing daemons and routing protocols 337  Distance-vector protocols 338  Link-state protocols 339  Cost metrics 340  Interior and exterior protocols 340 Protocols on parade 341  RIP: Routing Information Protocol 341  RIP-2: Routing Information Protocol, version 2 341  OSPF: Open Shortest Path First 342  IGRP and EIGRP: Interior Gateway Routing Protocol 342  IS-IS: the ISO “standard” 343  MOSPF, DVMRP, and PIM: multicast routing protocols 343  Router Discovery Protocol 343 routed: RIP yourself a new hole 343 gated: gone to the dark side 344 Routing strategy selection criteria 344 Cisco routers 346 Recommended reading 348 Exercises 349CHAPTER 14 NETWORK HARDWARE 350 LAN, WAN, or MAN? 351 Ethernet: the common LAN 351  How Ethernet works 351  Ethernet topology 352  Unshielded twisted pair 353  Connecting and expanding Ethernets 355 Wireless: nomad’s LAN 359  Wireless security 360  Wireless switches 360 FDDI: the disappointing, expensive, and outdated LAN 361 ATM: the promised (but sorely defeated) LAN 362 Frame relay: the sacrificial WAN 363 ISDN: the indigenous WAN 364 DSL and cable modems: the people’s WAN 364 Where is the network going? 365 Network testing and debugging 366 Building wiring 366  UTP cabling options 366  Connections to offices 367  Wiring standards 367 Network design issues 368  Network architecture vs building architecture 368  Existing networks 369  Expansion 369  Congestion 369  Maintenance and documentation 370 Management issues 370 Recommended vendors 371  Cables and connectors 371  Test equipment 371  Routers/switches 372 Recommended reading 372 Exercises 372CHAPTER 15 DNS: THE DOMAIN NAME SYSTEM 373 DNS for the impatient: adding a new machine 374 The history of DNS 375  BIND implementations 376  Other implementations of DNS 376 Who needs DNS? 377 The DNS namespace 378  Masters of their domains 381  Selecting a domain name 382  Domain bloat 382  Registering a second-level domain name 383  Creating your own subdomains 383 How DNS works 383  Delegation 383  Caching and efficiency 384  The extended DNS protocol 386 What’s new in DNS 386 The DNS database 389  Resource records 389  The SOA record 392  NS records 395  A records 396  PTR records 396  MX records 397  CNAME records 399  The CNAME hack 400  LOC records 401  SRV records 402  TXT records 403  IPv6 resource records 404  IPv6 forward records 404  IPv6 reverse records 405  Security-related records 405  Commands in zone files 405  Glue records: links between zones 407 The BIND software 409  Versions of BIND 410  Finding out what version you have 410  Components of BIND 411  named: the BIND name server 412  Authoritative and caching-only servers 412  Recursive and nonrecursive servers 413  The resolver library 414  Shell interfaces to DNS 415 Designing your DNS environment 415  Namespace management 415  Authoritative servers 416  Caching servers 417  Security 417  Summing up 418  A taxonomy of DNS/BIND chores 418 BIND client issues 418  Resolver configuration 418  Resolver testing 420  Impact on the rest of the system 420 BIND server configuration 420  Hardware requirements 421  Configuration files 421  The include statement 423  The options statement 423  The acl statement 429  The key statement 430  The trusted-keys statement 430  The server statement 431  The masters statement 432  The logging statement 432  The zone statement 432  The controls statement 436  Split DNS and the view statement 438 BIND configuration examples 439
【展开】
内容简介
《Linux系统管理技术手册(第2版)(英文版)》(LAHv2)延续了该书第一版(LAH)以及《UNlX系统管理技术手册》(LISAFl)的讲解风格,以当前主流的5种Linux发行版本(Red Hat ES、SuSE、Debian、Fedora Core和Ubuntu)为例,把Linu×系统管理技术分为三个方面分别介绍。第一部分“基本管理技术”全面介绍了运行单机Linux系统涉及的各种管理知识和技术,如系统引导和关机、进程控制、文件系统管理、用户管理、设备管理、系统备份、软件配置以及cron和系统日志的管理使用等。第二部分“网络管理技术”从详细讲解TCP/IP协议基本原理开始,深入讨论了网络的两大基本应用——域名系统和路由技术,然后逐章讲解Linux上的各种Intemet关键应用,如电子邮件、NFS、文件共享、Web托管和Intemet服务,在这部分里还有专门的章节介绍网络硬件、网络管理与调试以及系统安全。第三部分“其他管理技术”包括了多种不容忽视的重要主题:X Wi rldow系统、打印系统、系统维护与环境、性能分析、与Wit‘idows系统的协作、串行设备、操作系统驱动程序和内核、系统守护进程以及政策与行政管理方面的知识等。《Linux系统管理技术手册(第2版)(英文版)》的几位作者是分别来自学术界、企业界以及职业培训领域的Li nLJx/LJNIx系统管理专家,这使得《Linux系统管理技术手册(第2版)(英文版)》从第1版开始,即成为全面、深入而且颇富实用性的Linux系统管理权威参考书。《Linux系统管理技术手册(第2版)(英文版)》适合于从Linux初学者到具有丰富经验的Linux专业技术人员使用。
【展开】
下载说明

1、追日是作者栎年创作的原创作品,下载链接均为网友上传的的网盘链接!

2、相识电子书提供优质免费的txt、pdf等下载链接,所有电子书均为完整版!

下载链接