Linux Administration Cookbook电子书

Title Page

Copyright and Credits

Linux Administration Cookbook

About Packt

Why subscribe?

Packt.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Sections

Getting ready

How to do it

How it works

There's more

See also

Get in touch

Reviews

Introduction and Environment Setup

Introduction

Understanding and choosing a distribution

Ubuntu

Debian

CentOS - the one we'll mostly be using

Red Hat Enterprise Linux

Installing VirtualBox

Installing VirtualBox on Ubuntu

Command-line installation

Graphical installation

Installing VirtualBox on macOS

Command-line installation

Graphical installation

Installing VirtualBox on Windows

Graphical installation

Installing our chosen distribution manually

Obtaining our CentOS installation media

Checking the checksum

Setting up our VM

VirtualBox main window

CentOS installation

Accessing and updating our VM

Logging in from the VirtualBox window

Logging in from the host Terminal

Making sure sshd is running

Making sure that VirtualBox lets us through

Updating our VM

Understanding how VMs differ

dmidecode

lshw

Quick sudo explanation

Using Vagrant to automatically provision VMs

Kickstart

Vagrant

Anecdote - try, try, and try again

Remote Administration with SSH

Introduction

Technical requirements

Generating and using key pairs with ssh-keygen

Getting ready

How to do it...

RSA example

Ed25519 example

How it works...

The public and private key files

The authorized_keys file

There's more...

To passphrase or not to passphrase

Additional flags

See also

SSH client arguments and options

Getting ready

How to do it...

SSH using hostnames instead of IPs

SSHing to a different user

SSHing to a different port

SSHing to an IPv6 address

SSHing before running a command

SSH and X11 forwarding

How it works...

There's more...

See also

Using a client-side SSH configuration file

Getting ready

How to do it...

How it works...

There's more...

See also

Modifying the server-side SSH configuration file

Getting ready

How to do it...

Changing the default port

Changing the listen address

Changing the daemon logging level

Disallowing root login

Disabling passwords (force key use)

Setting a message of the day (motd)

The UseDNS setting

AllowUsers

How it works...

There's more...

See also

Rotating host keys and updating known_hosts

Getting ready

How to do it...

How it works...

There's more...

Technical requirements

Using local forwarding

Getting ready

How to do it...

On the command line

Using an SSH config file

How it works...

There's more...

Watching our SSH session

Connecting to systems beyond the remote host

See also

Using remote forwarding

Getting ready

How to do it...

On the command line

Using an SSH config file

How it works...

There's more...

See also

ProxyJump and bastion hosts

Getting ready

How to do it...

Using an SSH config file

How it works...

There's more...

Multiple hosts

ProxyCommand

Bastion hosts

Using SSH to create a SOCKS Proxy

Getting ready

How to do it...

On the command line

Using an SSH config file

How it works...

There's more...

Understanding and using SSH agents

Getting ready

How to do it...

How it works...

There's more...

ssh-add

AddKeysToAgent

See also

Running multiple SSH servers on one box

Getting ready

How to do it...

How it works...

There's more...

Summary

Networking and Firewalls

Introduction

Technical requirements

Determining our network configuration

Getting ready

How to do it...

Discerning the IP

Discerning the IP (deprecated method)

Discerning the gateway address

Discerning the gateway address (deprecated method)

How it works...

There's more...

Checking connectivity

Checking what route our box will take

See also

More examples of using the ip suite

Getting ready

How to do it...

Adding and removing an IP against an interface

Shutting down and bringing up an interface administratively

Adding a new route to our routing table

How it works...

There's more...

See also

Adding and configuring network interfaces

Getting ready

How to do it...

Configuring a new interface

How it works...

There's more...

See also

Modern domain name resolution on Linux

Getting ready

How to do it...

Querying a domain

Checking the domain resolution settings

Changing the domain resolution settings

How it works...

There's more...

See also

Configuring NTP and the problems we face

Getting ready

How to do it...

Checking if NTP is running

Checking if NTP traffic is flowing

Enabling an NTP client

Enabling an NTP server

How it works...

There's more...

See also

Listing firewall rules on the command line

Getting ready

How to do it...

iptables

firewall-cmd

ufw

How it works...

There's more...

See also

Adding and removing firewall rules on the command line

Getting ready

How to do it...

firewall-cmd

iptables

ufw

How it works...

There's more...

Determining the running services and ports in use

Getting ready

How to do it...

How it works...

There's more...

Debugging with iftop

Getting ready

How to do it...

How it works...

There's more...

Summary

Services and Daemons

Introduction

Technical requirements

Determining running services

How to do it...

How it works...

There's more...

See also

Listing installed services

Getting ready

How to do it...

How it works...

There's more...

See also

Starting and stopping services

How to do it...

Stopping our service

Starting our service

How it works...

There's more...

See also

Changing which services start and stop at boot

Getting ready

How to do it...

Enabling our service

Disabling our service

How it works...

There's more...

See also

Common services you might expect to see

How to do it...

auditd.service

chronyd.service

crond.service

lvm2-*.service

NetworkManager.service

nfs.service

postfix.service

rsyslog.service

sshd.service

systemd-journald.service

systemd-logind.service

How it works...

There's more...

See also

Understanding service unit files

How to do it...

How it works...

There's more...

See also

Customizing systemd unit files

How to do it...

How it works...

There's more...

See also

Testing running services

Getting ready

How to do it...

How it works...

There's more...

Writing a basic unit file

How to do it...

How it works...

There's more...

See also

Working with systemd timers (and cron)

How to do it...

systemd timers

cron

How it works...

There's more...

See also

Other init systems

Getting ready

How to do it...

CentOS 6 and Upstart

Debian 7 and SysV init

How it works...

There's more...

See also

Round-up - services and daemons

Hardware and Disks

Introduction

Technical requirements

Determining hardware

Getting ready

How to do it...

lspci

lshw

/proc

/sys

dmesg (and the kernel logs)

dmidecode

/dev

How it works...

Testing hardware

Getting ready

How to do it...

Self-monitoring, analysis, and reporting technology (SMART)

hdparm

Memory testing

How it works...

There's more...

The role of the kernel

Getting ready

How to do it...

How it works...

There's more...

Disk configuration on Linux

Getting ready

How to do it...

Listing disks with lsblk

Listing mount points with df

Listing filesystems with df

Listing logical volume manager disks, volume groups, and logical volumes

Physical disks

Volume groups

Logical volumes

Listing swap

How it works...

There's more...

The filesystem hierarchy

Getting ready

How to do it...

How it works...

There's more...

Configuring a blank disk and mounting it

Getting ready

How to do it...

How it works...

There's more...

Re-configuring a disk using LVM

Getting ready

How to do it...

How it works...

There's more...

Using systemd-mount and fstab

Getting ready

How to do it...

fstab

systemd-mount

How it works...

There's more...

See also

Disk encryption and working with encryption at rest

Getting ready

How to do it...

How it works...

There's more...

See also

Current filesystem formats

Getting ready

How to do it...

How it works...

Upcoming filesystem formats

Getting ready

How to do it...

How it works...

Round-up - hardware and disks

Security, Updating, and Package Management

Introduction

Technical requirements

Checking package versions

Getting ready

How to do it...

CentOS

Debian

How it works...

There's more...

Checking the OS version

How to do it...

CentOS

Debian

Ubuntu

How it works...

There's more...

See also...

Checking for updates

How to do it...

CentOS

Debian

How it works...

There's more...

Automating updates

How to do it...

CentOS

Debian

How it works...

There's more...

Automatic provisioning

Checking mailing lists and errata pages

Getting ready

How to do it...

Package changelogs

Official sources and mailing Lists

Other sources

How it works...

There's more...

Using snaps

How to do it...

Searching out snaps

Installing snaps

Listing installed snaps

Interacting with daemon snaps

Removing snaps

How it works...

There's more...

See also...

Using Flatpak

Getting ready

How to do it...

Searching for a package

Installing our package

Running our package

Listing installed packages

User installations

Removing packages

How it works...

There's more...

See also...

Using Pip, RubyGems, and other package managers

Getting ready

How to do it...

Pip

RubyGems

How it works...

There's more...

When to use programming-language package managers

--user/ --system (pip) and --user-install (gem)

Python virtualenv

See also

Dependency hell (a quick word)

Getting ready

How to do it...

System-installed and third-party installed versions of Pip

Dependency problems in conflicting Pip packages

Apt's conflict solution

Potential solutions

How it works...

Compiling from source

Getting ready

How to do it...

How it works...

There's more...

See also...

Technical requirements

Adding additional repositories

Getting ready

How to do it...

CentOS - Adding the EPEL repository with epel-release

CentOS - Adding the ELRepo repository by file

Debian - Adding additional repositories

Ubuntu - Adding PPAs

How it works...

Roundup - security, updating, and package management

Monitoring and Logging

Introduction

Technical requirements

Reading local logs

Getting ready

How to do it...

How it works...

There's more...

Using journalctl on systemd systems

Getting ready

How to do it...

How it works...

There's more...

See also

Centralizing logging

Getting ready

How to do it...

Remote logging with rsyslog - UDP example

Remote logging with rsyslog - TCP example

Remote logging with journald

How it works...

There's more...

Local resource measuring tools

Getting ready

How to do it...

top

free

htop

NetData

How it works...

There's more...

Local monitoring tools

Getting ready

How to do it...

atop

sar

vmstat

How it works...

Remote monitoring tools

Getting ready

How to do it...

Nagios

Icinga2

How it works...

There's more...

See also

Centralizing logging with the Elastic Stack

Getting ready

How to do it...

centos2

debian1 and debian2

Kibana

How it works...

There's more...

Roundup - Monitoring and Logging

Permissions, SELinux, and AppArmor

Introduction

Technical requirements

Linux file permissions

Getting ready

How to do it...

How it works...

exampledir

examplefile

There's more...

Root access to directories and files

Other execute characters

Modifying file permissions

Getting ready

How to do it...

chown

chmod

chattr

How it works...

chown

chmod

chattr

There's more...

Avoiding octal notation (if you hate it) in chmod

Hierarchical permissions

See also

Technical requirements

Users and groups

Getting ready

How to do it...

whoami

Users on a system

Groups on a system

Daemons using users

How it works...

There's more...

AppArmor and modification

Getting ready

How to do it...

How it works...

There's more...

SELinux and modification

Getting ready

How to do it...

How it works...

There's more...

See also

Checking SELinux is running, and the importance of keeping it running

Getting ready

How to do it...

How it works...

There's more...

See also

Resetting SELinux permissions

Getting ready

How to do it...

How it works...

There's more...

Roundup - permissions, SELinux, and AppArmor

Containers and Virtualization

Introduction

Technical requirements

What is a container?

Getting ready

How to do it...

How it works...

cgroups (Linux control groups)

namespaces

The breakdown of our creation

There's more...

The LXD daemon

See also

Installing Docker

Getting ready

How to do it...

How it works...

There's more...

Slightly more

See also

Running your first Docker container

Getting ready

How to do it...

How it works...

Creating a container

Listing our container

Executing commands in our container

Stopping our container

Debugging a container

Getting ready

How to do it...

How it works...

There's more...

Searching for containers (and security)

Getting ready

How to do it...

How it works...

There's more...

What is virtualization?

Getting ready

How to do it...

How it works...

There's more...

Starting a QEMU machine with our VM

Getting ready

How to do it...

How it works...

There's more...

See also

Using virsh and virt-install

Getting ready

How to do it...

virt-install

virsh

How it works...

There's more...

Comparing the benefits of local installs, containers, and VMs

Getting ready

How to do it...

Local Nginx install

Docker Nginx install

VM Nginx install

How it works...

Brief comparison of virtualization options (VMware, proxmox, and more)

Getting ready

How to do it...

VMware ESXi

Proxmox Virtual Environment

OpenStack

How it works...

Roundup - containers and virtualization

Git, Configuration Management, and Infrastructure as Code

Introduction

Technical requirements

What is Git?

Getting ready

How to do it...

Cloning

Exploring and making changes

How it works...

There's more...

Setting up a Git server

Getting ready

How to do it...

How it works...

There's more...

Committing to our Git repository

Getting ready

How to do it...

How it works...

Matching versus simple

Branching our Git repository and committing changes

Getting ready

How to do it...

How it works...

There's more...

See also

Installing Ansible

Getting ready

How to do it...

How it works...

There's more...

The raw module

The shell and command modules

See also

Using Ansible to install Java from a role

Getting ready

How to do it...

How it works...

There's more...

See also

Storing our Ansible configuration in Git

Getting ready

How to do it...

How it works...

Exploring options for IaC

Getting ready

How to do it...

Terraform

Packer

How it works...

There's more...

See also

Roundup - Git, Configuration Management, and Infrastructure as Code

Web Servers, Databases, and Mail Servers

Introduction

Technical requirements

Installing and understanding a web server

Getting ready

How to do it...

Installing httpd (Apache) on CentOS

Installing Nginx on Debian

How it works...

There's more...

Basic Apache configuration

Getting ready

How to do it...

How it works...

There's more...

See also

Basic Nginx configuration

Getting ready

How to do it...

How it works...

There's more...

See also

SSL, TLS, and LetsEncrypt

Getting ready

How to do it...

How it works...

There's more...

Let's Encrypt

Work environment certificates

See also

Basic MySQL or MariaDB Installation

Getting ready

How to do it...

Listing, creating, and selecting databases and tables

How it works...

There's more...

See also

Basic PostgreSQL installation

Getting ready

How to do it...

Listing, creating, and selecting databases and tables

How it works...

Local MTA usage and configuration (Postfix)

Getting ready

How to do it...

main.cf

/etc/aliases

How it works...

There's more...

See also

Local MTA usage and configuration (Exim)

Getting ready

How to do it...

How it works...

There's more...

NoSQL documents (MongoDB example)

Getting ready

How to do it...

How it works...

There's more...

NoSQL KV (Redis example)

Getting ready

How to do it...

How it works...

Messaging brokers and queues (RabbitMQ example)

Getting ready

How to do it...

How it works...

Roundup - web servers, databases, and mail servers

Super personal preference time!

Troubleshooting and Workplace Diplomacy

Introduction

Technical requirements

What is troubleshooting?

How to do it...

Isolating the real issue

Getting ready

How to do it...

Giving estimates and deciding on next steps

Getting ready

How to do it...

There's more...

Using ss, iftop, tcpdump, and others for network issues

Getting ready

How to do it...

Ping

ss

iftop

tcpdump

Using cURL, wget, and OpenSSL for remote web issues

Getting ready

How to do it...

cURL

Wget

OpenSSL

Using iotop, top, and vmstat for local resource issues

Getting ready

How to do it...

iotop

top

vmstat

Using ps, lsof, Strace, and /proc for service issues

Getting ready

How to do it...

ps

lsof

Strace

/proc

Making a copy of problems for later debugging

Getting ready

How to do it...

Temporary solutions and when to invoke them

How to do it...

Handling irate developers

How to do it...

Handling irate managers

How to do it...

Handling irate business owners

How to do it...

Roundup - Troubleshooting and workplace diplomacy

Don't trust time

Don't overlook the simple

On "cloud" deployments

Learn from my mistakes

BSDs, Solaris, Windows, IaaS and PaaS, and DevOps

Introduction

Determining the type of system you're on

How to do it...

uname

The filesystem check

How it works...

There's more...

Understanding how the BSDs differ

The differences

FreeBSD

OpenBSD

Understanding how Solaris and illumos differ

The differences

Oracle Solaris

illumos

Understanding how Windows differs

The differences

IaaS (Infrastructure as a Service)

IaaS providers and features

PaaS (Platform as a Service)

PaaS providers and features

The Ops versus DevOps Wars

More of a skirmish, really

Roundup - BSDs, Solaris, Windows, IaaS and PaaS, DevOps

Other Books You May Enjoy

Leave a review - let other readers know what you think