وبلاگ بلیان

UNIX and Linux System Administration Handbook (5th Edition)

معرفی کتاب «UNIX and Linux System Administration Handbook (5th Edition)» نوشتهٔ Evi Nemeth، Garth Snyder، Trent R. Hein، Ben Whaley و Dan Mackin، منتشرشده توسط نشر Addison-Wesley Professional; Prentice Hall در سال 2017. این کتاب در 1232 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است. «UNIX and Linux System Administration Handbook (5th Edition)» در دستهٔ برنامه‌نویسی قرار دارد.

"As an author, editor, and publisher, I never paid much attention to the competition--except in a few cases. This is one of those cases. The UNIX System Administration Handbook is one of the few books we ever measured ourselves against." --Tim O'Reilly, founder of O'Reilly Media "This edition is for those whose systems live in the cloud or in virtualized data centers; those whose administrative work largely takes the form of automation and configuration source code; those who collaborate closely with developers, network engineers, compliance officers, and all the other worker bees who inhabit the modern hive." --Paul Vixie, Internet Hall of Fame-recognized innovator and founder of ISC and Farsight Security "This book is fun and functional as a desktop reference. If you use UNIX and Linux systems, you need this book in your short-reach library. It covers a bit of the systems' history but doesn't bloviate. It's just straight-forward information delivered in a colorful and memorable fashion." --Jason A. Nunnelley UNIX(R) and Linux(R) System Administration Handbook, Fifth Edition, is today's definitive guide to installing, configuring, and maintaining any UNIX or Linux system, including systems that supply core Internet and cloud infrastructure. Updated for new distributions and cloud environments, this comprehensive guide covers best practices for every facet of system administration, including storage management, network design and administration, security, web hosting, automation, configuration management, performance analysis, virtualization, DNS, security, and the management of IT service organizations. The authors--world-class, hands-on technologists--offer indispensable new coverage of cloud platforms, the DevOps philosophy, continuous deployment, containerization, monitoring, and many other essential topics. Whatever your role in running systems and networks built on UNIX or Linux, this conversational, well-written �guide will improve your efficiency and help solve your knottiest problems. Cover......Page 1 Title Page......Page 4 Copyright Page......Page 5 Table of Contents......Page 6 Tribute to Evi......Page 41 Preface......Page 43 Foreword......Page 45 Acknowledgments......Page 47 SECTION ONE: BASIC ADMINISTRATION......Page 48 Chapter 1 Where to Start......Page 50 Overseeing backups......Page 51 Maintaining local documentation......Page 52 Fire fighting......Page 53 Suggested background......Page 54 Linux distributions......Page 55 Example systems used in this book......Page 56 Example Linux distributions......Page 57 Example UNIX distribution......Page 58 Notation and typographical conventions......Page 59 Units......Page 60 Organization of the man pages......Page 61 Storage of man pages......Page 62 Package-specific documentation......Page 63 RFC publications......Page 64 Keeping current......Page 65 Ways to find and install software......Page 66 Determining if software is already installed......Page 68 Adding new software......Page 69 Building software from source code......Page 70 Installing from a web script......Page 71 Where to host......Page 72 DevOps......Page 73 Network operations center (NOC) engineers......Page 74 System administration and DevOps......Page 75 Essential tools......Page 76 Boot process overview......Page 77 BIOS vs. UEFI......Page 79 UEFI......Page 80 GRUB: the GRand Unified Boot loader......Page 82 GRUB configuration......Page 83 The GRUB command line......Page 84 Linux kernel options......Page 85 The UEFI path......Page 86 loader commands......Page 87 Responsibilities of init......Page 88 Implementations of init......Page 89 systemd vs. the world......Page 90 systemd in detail......Page 91 Units and unit files......Page 92 systemctl: manage systemd......Page 93 Unit statuses......Page 94 Targets......Page 96 Dependencies among units......Page 97 Execution order......Page 98 A more complex unit file example......Page 99 Local services and customizations......Page 100 Service and startup control caveats......Page 101 systemd logging......Page 103 FreeBSD init and startup scripts......Page 104 Shutting down cloud systems......Page 106 Stratagems for a nonbooting system......Page 107 Single-user mode......Page 108 Recovery of cloud systems......Page 109 Chapter 3 Access Control and Rootly Powers......Page 112 Filesysem accests control......Page 113 The root account......Page 114 Setuid and setgid execution......Page 115 Root account login......Page 116 sudo: limited su......Page 117 Example configuration......Page 118 sudo pros and cons......Page 119 sudo vs. advanced access control......Page 120 Environment management......Page 121 Precedence......Page 122 Sit e-wide sudo configuration......Page 123 System accounts other than root......Page 125 Extensions to the standard access control model......Page 126 PAM: Pluggable Authentication Modules......Page 127 Filesysem acces ts control lists......Page 128 Linux namespaces......Page 129 Modern access control......Page 130 Mandatory access control......Page 131 SELinux: Security-Enhanced Linux......Page 132 AppArmor......Page 134 Recommended reading......Page 136 Components of a process......Page 137 PPID: parent PID......Page 138 GID and EGID: real and effective group ID......Page 139 The life cycle of a process......Page 140 Signals......Page 141 Process and thread states......Page 144 ps: monitor processes......Page 145 Interactive monitoring with top......Page 148 nice and renice: influence scheduling priority......Page 149 The /proc filesystem......Page 151 strace and truss: trace signals and system calls......Page 152 Runaway processes......Page 154 cron: schedule commands......Page 156 The format of crontab files......Page 157 Other crontabs......Page 159 systemd timers......Page 160 systemd timer example......Page 161 systemd time expressions......Page 163 Transient timers......Page 164 Running batch jobs......Page 165 Backing up and mirroring......Page 166 Chapter 5 The Filesystem......Page 167 Filesystem mounting and unmounting......Page 169 Organization of the file tree......Page 172 File types......Page 173 Hard links......Page 176 Character and block device files......Page 177 Symbolic links......Page 178 The permission bits......Page 179 The setuid and setgid bits......Page 180 ls: list and inspect files......Page 181 chmod: change permissions......Page 183 chown and chgrp: change ownership and group......Page 184 umask: assign default permissions......Page 185 Linux bonus flags......Page 186 Access control lists......Page 187 ACL types......Page 188 Linux ACL support......Page 189 POSIX ACLs......Page 190 Interaction between traditional modes and ACLs......Page 191 POSIX ACL inheritance......Page 193 NFSv4 ACLs......Page 194 NFSv4 entities for which permissions can be specified......Page 195 ACL inheritance in NFSv4......Page 196 NFSv4 ACL viewing......Page 197 NFSv4 ACL setup......Page 198 Chapter 6 Software Installation and Management......Page 200 Installing from the network......Page 201 Setting up PXE......Page 202 Setting up a kickstart configuration file......Page 203 Pointing kickstart at your config file......Page 205 Automating installation for Debian and Ubuntu......Page 206 Automating FreeBSD installation......Page 208 Managing packages......Page 209 rpm: manage RPM packages......Page 211 High-level Linux package management systems......Page 213 Package repositories......Page 214 APT: the Advanced Package Tool......Page 216 Repository configuration......Page 217 An example /etc/apt/sources.list file......Page 218 Creation of a local repository mirror......Page 219 APT automation......Page 220 yum: release management for RPM......Page 221 The base system......Page 222 pkg: the FreeBSD package manager......Page 223 The ports collection......Page 224 Software localization and configuration......Page 225 Structuring updates......Page 226 Testing......Page 227 Recommended reading......Page 228 Chapter 7 Scripting and the Shell......Page 229 Write microscripts......Page 230 Automate all the things......Page 231 Don’t optimize prematurely......Page 232 Pick the right scripting language......Page 233 Follow best practices......Page 234 Shell basics......Page 236 Pipes and redirection......Page 237 Variables and quoting......Page 239 Environment variables......Page 240 sort: sort lines......Page 241 uniq: print unique lines......Page 242 head and tail: read the beginning or end of a file......Page 243 grep: search text......Page 244 Execution......Page 245 From commands to scripts......Page 246 Input and output......Page 248 Spaces in filenames......Page 249 Command-line arguments and functions......Page 250 Control flow......Page 252 Loops......Page 254 Regular expressions......Page 256 Special characters......Page 257 Example regular expressions......Page 258 Greediness, laziness, and catastrophic backtracking......Page 260 The passion of Python 3......Page 262 Python quick start......Page 263 Objects, strings, numbers, lists, dictionaries, tuples, and files......Page 265 Input validation example......Page 267 Loops......Page 268 Installation......Page 270 Ruby quick start......Page 271 Blocks......Page 272 Regular expressions in Ruby......Page 274 Finding and installing packages......Page 276 Creating reproducible environments......Page 277 Multiple environments......Page 278 RVM: the Ruby enVironment Manager......Page 279 Revision control with Git......Page 282 A simple Git example......Page 283 Social coding with Git......Page 286 Regular expressions......Page 288 Ruby......Page 289 Chapter 8 User Management......Page 290 Account mechanics......Page 291 Login name......Page 292 Encrypted password......Page 293 UID (user ID) number......Page 295 GECOS field......Page 296 The Linux /etc/shadow file......Page 297 The /etc/master.passwd file......Page 299 The /etc/login.conf file......Page 300 The /etc/group file......Page 301 Manual steps for adding users......Page 302 Editing the passwd and group files......Page 303 Creating the home directory and installing startup files......Page 304 Configuring roles and administrative privileges......Page 306 Scrpits for adding users: useradd, adduser, and newusers......Page 307 useradd on Linux......Page 308 adduser on FreeBSD......Page 309 newusers on Linux: adding in bulk......Page 310 Safe removal of a user’s account and files......Page 311 User login lockout......Page 312 Centralized account management......Page 313 Application-level single sign-on systems......Page 314 Identity management systems......Page 315 Chapter 9 Cloud Computing......Page 317 The cloud in context......Page 318 Public, private, and hybrid clouds......Page 320 Amazon Web Services......Page 321 Digital Ocean......Page 322 Cloud service fundamentals......Page 323 Access to the cloud......Page 324 Regions and availability zones......Page 325 Virtual private servers......Page 326 Networking......Page 327 Identity and authorization......Page 328 Serverless functions......Page 329 Amazon Web Services......Page 330 Creating an EC2 instance......Page 331 Viewing the console log......Page 333 Stopping and terminating instances......Page 334 Running an instance on GCE......Page 335 Digital Ocean......Page 336 Cost control......Page 338 Recommended Reading......Page 340 Chapter 10 Logging......Page 341 Log locations......Page 343 How to view logs in the systemd journal......Page 345 The systemd journal......Page 346 Configuring the systemd journal......Page 347 Coexisting with syslog......Page 348 Syslog......Page 349 Reading syslog messages......Page 350 Rsyslog versions......Page 351 Rsyslog configuration......Page 352 Modules......Page 353 sysklogd syntax......Page 354 Legacy directives......Page 358 RainerScript......Page 359 Basic rsyslog configuration......Page 361 Network logging client......Page 362 Central logging host......Page 363 Syslog message security......Page 364 Kernel and boot-time logging......Page 365 logrotate: cross-platform log management......Page 366 The ELK stack......Page 368 Gray log......Page 369 Logging policies......Page 370 Chapter 11 Drivers and the Kernel......Page 372 Kernel chores for system administrators......Page 373 Linux kernel versions......Page 374 Devices and their drivers......Page 375 Device files and device numbers......Page 376 Challenges of device file management......Page 377 Linux device management......Page 378 Sysfs: a window into the souls of devices......Page 379 udevadm: explore devices......Page 380 Rules and persistent names......Page 381 Devfs: automatic device file configuration......Page 384 devd: higher-level device management......Page 385 Tuning Linux kernel parameters......Page 386 Setting up to build the Linux kernel......Page 388 Configuring kernel options......Page 389 Building the kernel binary......Page 390 Tuning FreeBSD kernel parameters......Page 391 Buildin ga FreeBSD kernel......Page 392 Loadable kernel modules in Linux......Page 393 Booting......Page 395 Linux boot messages......Page 396 FreeBSD boot messages......Page 400 Booting alternate kernels in the cloud......Page 402 Linux kernel errors......Page 403 Recommended reading......Page 406 Chapter 12 Printing......Page 407 Interfaces to the printing system......Page 408 The print queue......Page 409 Network printer browsing......Page 410 Filters......Page 411 Network print server setup......Page 412 Printer autoconfiguration......Page 413 Printer configuration examples......Page 414 Other configuration tasks......Page 415 Log files......Page 416 Network printing problems......Page 417 Recommended reading......Page 418 SECTION TWO: NETWORKING......Page 420 TCP/IP and its relationship to the Internet......Page 422 Network standards and documentation......Page 423 Networking basics......Page 425 IPv4 and IPv6......Page 426 Packets and encapsulation......Page 428 Maximum transfer unit......Page 429 Hardware (MAC) addressing......Page 431 Ports......Page 432 Address types......Page 433 IPv4 address classes......Page 434 IPv4 subnetting......Page 435 Tricks and tools for subnet arithmetic......Page 437 CIDR: Classless Inter-Domain Routing......Page 438 Private addresses and network address translation (NAT)......Page 439 IPv6 addressing......Page 441 IPv6 address notation......Page 442 IPv6 prefixes......Page 443 Stateless address autoconfiguration......Page 444 Routing......Page 445 Routing tables......Page 446 IPv4 ARP and IPv6 neighbor discovery......Page 448 DHCP: the Dynamic Host Configuration Protocol......Page 449 DHCP software......Page 450 ISC’s DHCP software......Page 451 IP forwarding......Page 453 Broadcast pings and other directed broadcasts......Page 454 Host-based firewalls......Page 455 Virtual private networks......Page 456 Basic network configuration......Page 457 Hostname and IP address assignment......Page 458 Network interface and IP configuration......Page 459 Routing configuration......Page 461 DNS configuration......Page 462 System-specific network configuration......Page 463 Network Manager......Page 464 ip: manually configure a network......Page 465 Red Hat and CentOS network configuration......Page 466 Linux network hardware options......Page 468 Linux TCP/IP options......Page 469 Security-related kernel variables......Page 471 ifconfig: configure network interfaces......Page 472 FreeBSD boot-time network configuration......Page 473 FreeBSD TCP/IP configuration......Page 474 Network troubleshooting......Page 475 ping: check to see if a host is alive......Page 476 traceroute: trace IP packets......Page 478 Packet sniffers......Page 481 tcpdump: command-line packet sniffer......Page 482 Wireshark and TShark: tcpdump on steroids......Page 483 iPerf: track network performance......Page 484 Cacti: collect and graph data......Page 485 Linux iptables: rules, chains, and tables......Page 487 iptables rule targets......Page 488 A complete example......Page 489 Linux NAT and packet filtering......Page 491 IPFilter for UNIX systems......Page 492 AWS’s virtual private cloud (VPC)......Page 495 Subnets and routing tables......Page 496 Security groups and NACLs......Page 497 A sample VPC architecture......Page 498 Creating a VPC with Terraform......Page 499 Google Cloud Platform networking......Page 502 DigitalOcean networking......Page 503 History......Page 504 Protocols......Page 505 Chapter 14 Physical Networking......Page 506 Ethernet signaling......Page 507 Ethernet topology......Page 508 Unshielded twisted-pair cabling......Page 509 Optical fiber......Page 511 Switches......Page 512 VLAN-capable switches......Page 513 Autonegotiation......Page 514 Jumbo frames......Page 515 Wireless standards......Page 516 Wireless infrastructure and WAPs......Page 517 Wireless topology......Page 518 Big money wireless......Page 519 SDN: software-defined networking......Page 520 Network testing and debugging......Page 521 Wiring standards......Page 522 Network design issues......Page 523 Expansion......Page 524 Management issues......Page 525 Cables and connectors......Page 526 Recommended reading......Page 527 Chapter 15 IP Routing......Page 528 Packet forwarding: a closer look......Page 529 Routing daemons and routing protocols......Page 532 Distance-vector protocols......Page 533 Cost metrics......Page 534 RIP and RIPng: Routing Information Protocol......Page 535 OSPF: Open Shortest Path First......Page 536 Routing strategy selection criteria......Page 537 routed: obsolete RIP implementation......Page 539 Quagga: mainstream routing daemon......Page 540 Cisco routers......Page 541 Recommended reading......Page 543 Chapter 16 DNS: The Domain Name System......Page 545 Queries and responses......Page 546 resolv.conf: client resolver configuration......Page 547 nsswitch.conf: who do I ask for a name?......Page 548 The DNS namespace......Page 549 How DNS works......Page 550 Name servers......Page 551 Recursive and nonrecursive servers......Page 552 Delegation......Page 553 Multiple answers and round robin DNS load balancing......Page 555 Debugging with query tools......Page 556 Parser commands in zone files......Page 559 Resource records......Page 560 The SOA record......Page 563 NS records......Page 565 AAAA records......Page 566 PTR records......Page 567 MX records......Page 568 CNAME records......Page 569 SRV records......Page 570 TXT records......Page 571 Components of BIND......Page 572 Configuration files......Page 573 The include statement......Page 574 The options statement......Page 575 The (TSIG) key statement......Page 581 The masters statement......Page 582 The zone statement......Page 583 Configuring the master server for a zone......Page 584 Configuring a slave server for a zone......Page 585 Setting up a forwarding zone......Page 586 The controls statement for rndc......Page 587 Split DNS and the view statement......Page 588 The localhost zone......Page 590 A small security company......Page 591 Zone file updating......Page 594 Zone transfers......Page 595 Dynamic updates......Page 596 DNS security issues......Page 598 Access control lists in BIND, revisited......Page 599 Open resolvers......Page 600 Secure server-to-server communication with TSIG and TKEY......Page 601 Setting up TSIG for BIND......Page 602 DNSSEC......Page 604 DNSSEC resource records......Page 605 Key pair generation......Page 607 Zone signing......Page 609 The DNSSEC chain of trust......Page 611 DNSSEC key rollover......Page 612 dnssec tools.org......Page 613 Debugging DNSSEC......Page 614 Logging in BIND......Page 615 Channels......Page 616 Log messages......Page 617 Debug levels in BIND......Page 620 Name server control with rndc......Page 621 Command-line querying for lame delegations......Page 622 Recommended reading......Page 623 The RFCs......Page 624 Chapter 17 Single Sign-On......Page 625 Core SSO elements......Page 626 Uses for LDAP......Page 627 The structure of LDAP data......Page 628 OpenLDAP: the traditional open source LDAP server......Page 629 389 Directory Server: alternative open source LDAP server......Page 630 LDAP Querying......Page 631 Conversion of passwd and group files to LDAP......Page 632 Kerberos......Page 633 FreeBSD Kerberos configuration for AD integration......Page 634 sssd: the System Security Services Daemon......Page 636 PAM: cooking spray or authentication wonder?......Page 637 PAM configuration......Page 638 PAM example......Page 639 rsync: transfer files securely......Page 641 Recommended reading......Page 642 Chapter 18 Electronic Mail......Page 643 User agents......Page 644 Transport agents......Page 645 Access agents......Page 646 Anatomy of a mail message......Page 647 The SMTP protocol......Page 650 SMTP authentication......Page 651 Spam and malware......Page 652 SPF and Sender ID......Page 653 Message privacy and encryption......Page 654 Mail aliases......Page 655 Getting aliases from files......Page 657 Mailing to programs......Page 658 Email configuration......Page 659 sendmail......Page 660 The switch file......Page 661 Starting sendmail......Page 662 Mail queues......Page 663 The m4 preprocessor......Page 664 The sendmail configuration pieces......Page 665 A configurat ion file built from a sample .mc file......Page 666 Tables and databases......Page 667 DOMAIN macro......Page 668 use_cw_file feature......Page 669 access_db feature......Page 670 ldap_routing feature......Page 671 Masquerading features......Page 672 Client configuration......Page 673 m4 configuration options......Page 674 Spam-related features in sendmail......Page 675 Relay control......Page 676 User or site blacklisting......Page 677 Throttles, rates, and connection limits......Page 678 Security and sendmail......Page 679 Ownerships......Page 680 Safer mail to files and programs......Page 681 Privacy options......Page 682 Denia lof service attacks......Page 683 TLS: Transport Layer Security......Page 684 Queue monitoring......Page 685 Logging......Page 686 Exim installation......Page 687 Exim utilities......Page 689 Exim configuration language......Page 690 Exim configuration file......Page 691 Options......Page 692 Lists......Page 693 Access control lists (ACLs)......Page 694 Content scanning at ACL time......Page 697 Authenticators......Page 698 Routers......Page 699 The manualroute router......Page 700 The redirect router......Page 701 The appendfile transport......Page 702 Retry configuration......Page 703 Logging......Page 704 Postfix......Page 705 Receiving mail......Page 706 Sending mail......Page 707 Postfix configuration......Page 708 Null client......Page 709 Lookup tables......Page 710 Local delivery......Page 711 Virtual domains......Page 712 Virtual alias domains......Page 713 Access control......Page 714 Access tables......Page 716 Debugging......Page 717 Soft-bouncing......Page 718 Postfix references......Page 719 RFCs......Page 720 HTTP: the Hypertext Transfer Protocol......Page 721 Uniform Resource Locators (URLs)......Page 722 Structure of an HTTP transaction......Page 723 HTTP responses......Page 724 Header sand the message body......Page 725 curl: HTTP from the command line......Page 726 TCP connection reuse......Page 727 Virtual hosts......Page 728 Web software basics......Page 729 Web servers and HTTP proxy software......Page 730 Load balancers......Page 731 Caches......Page 733 Browser caches......Page 734 Cache problems......Page 735 Content delivery networks......Page 736 Node.js......Page 738 Application programming interfaces (APIs)......Page 739 Build versus buy......Page 741 Static content hosting......Page 742 Apache httpd......Page 743 httpd in use......Page 744 httpd configuration logistics......Page 745 Virtual host configuration......Page 746 HTTP basic authentication......Page 748 Running web applications within Apache......Page 749 Logging......Page 750 Installing and running NGINX......Page 751 Configuring NGINX......Page 752 Load balancing with NGINX......Page 755 HAProxy......Page 757 Health checks......Page 758 Sticky sessions......Page 759 TLS termination......Page 760 Recommended reading......Page 761 SECTION THREE: STORAGE......Page 762 Chapter 20 Storage......Page 764 I just want to add a disk!......Page 765 Linux recipe......Page 766 FreeBSD recipe......Page 767 Storage hardware......Page 768 Hard disks......Page 769 Failure modes and metrics......Page 770 Drive types......Page 771 Solid state disks......Page 772 Flash memory and controller types......Page 773 SSD reliability......Page 774 Hybrid drives......Page 775 Advanced Format and 4KiB blocks......Page 776 The PCI Express interface......Page 777 The SAS interface......Page 778 USB......Page 779 Installation verification at the hardware level......Page 780 Disk device files......Page 781 Formatting and bad block management......Page 782 ATA secure erase......Page 784 Hard disk monitoring with SMART......Page 785 The software side of storage: peeling the onion......Page 786 Elements of a storage system......Page 787 Disk partitioning......Page 789 Traditional partitioning......Page 791 MBR partitioning......Page 792 Linux partitioning......Page 793 Logical volume management......Page 794 Linux logical volume management......Page 795 Volume snapshots......Page 797 Filesystem resizing......Page 798 Software vs. hardware RAID......Page 800 RAID levels......Page 801 Disk failure recovery......Page 803 Draw backs of RAID 5......Page 804 Creating an array......Page 805 mdadm.conf: document array configuration......Page 807 Simulating a failure......Page 808 Filesystems......Page 809 Traditional filesystems: UFS, ext4, and XFS......Page 810 Filesystem terminology......Page 811 Filesystem polymorphism......Page 812 fsck: check and repair filesystems......Page 813 Filesystem mounting......Page 814 Setup for automatic mounting......Page 815 Swapping recommendations......Page 817 Error detection......Page 819 ZFS: all your storage problems solved......Page 820 ZFS architecture......Page 821 Example: disk addition......Page 822 Filesystems and properties......Page 823 Property inheritance......Page 824 One filesystem per user......Page 825 Snapshots and clones......Page 826 Raw volumes......Page 827 Storage pool management......Page 828 Btr fs vs. ZFS......Page 830 Setup and storage conversion......Page 831 Volumes and subvolumes......Page 833 Volume snapshots......Page 834 Data backup strategy......Page 835 Recommended reading......Page 837 Meet network file services......Page 838 Issues of state......Page 839 Security......Page 840 Protocol versions and history......Page 841 Transport protocols......Page 842 Filesystem exports......Page 843 File locking......Page 844 Security concerns......Page 845 Identity mapping in version 4......Page 846 Root access and the nobody account......Page 847 Server-side NFS......Page 848 Linux exports......Page 849 FreeBSD exports......Page 851 nfsd: serve files......Page 853 Client-side NFS......Page 854 Identity mapping for NFS version4......Page 857 nfsstat: dump NFS statistics......Page 858 Automatic mounting......Page 859 Direct maps......Page 861 Executable maps......Page 862 Replicated filesystems and automount......Page 863 Specifics for Linux......Page 864 Recommended reading......Page 865 Chapter 22 SMB......Page 866 Samba: SMB server for UNIX......Page 867 Installing and configuring Samba......Page 868 File sharing with accounts authenticated by Active Directory......Page 869 Sharing home directories......Page 870 Sharing project directories......Page 871 Mounting SMB file shares......Page 872 Ensuring Samba security......Page 873 Querying Samba’s state with smbstatus......Page 874 Configuring Samba logging......Page 875 Recommended reading......Page 876 SECTION FOUR: OPERATIONS......Page 878 Chapter 23 Configuration Management......Page 880 Dangers of configuration management......Page 881 Operations and parameters......Page 882 Variables......Page 884 Bindings......Page 885 Environments......Page 886 Client in ventory and registration......Page 887 Popular CM systems compared......Page 888 Business models......Page 889 Architectural options......Page 890 Language options......Page 892 Dependency management options......Page 893 General comments on Chef......Page 895 General comments on Puppet......Page 896 YAML: a rant......Page 897 Introduction to Ansible......Page 899 Ansible example......Page 900 Client setup......Page 902 Client groups......Page 904 Variable assignments......Page 905 Dynamic and computed client groups......Page 906 Task lists......Page 907 Iteration......Page 909 Template rendering......Page 910 Bindings: plays and playbooks......Page 911 Roles......Page 913 Recommendations for structuring the configurationbase......Page 915 Ansible access options......Page 916 Introduction to Salt......Page 918 Minion setup......Page 920 Variable value binding for minions......Page 921 Minion matching......Page 923 Salt states......Page 924 Salt and Jinja......Page 925 State IDs and dependencies......Page 927 State and execution functions......Page 929 Parameters and names......Page 930 Highstates......Page 933 Salt formulas......Page 934 Environments......Page 935 Documentation roadmap......Page 939 Deployment flexibility and scalability......Page 940 Security......Page 941 Best practices......Page 942 Recommended reading......Page 946 Chapter 24 Virtualization......Page 947 Full virtualization......Page 948 Para virtualized drivers......Page 949 Type 1 vs. type 2 hypervisors......Page 950 Containerization......Page 951 Virtualization with Linux......Page 952 Xen......Page 953 Xen guest installation......Page 954 KVM......Page 955 KVM guest intsallation......Page 956 VMware......Page 957 Packer......Page 958 Vagrant......Page 960 Recommended reading......Page 961 Chapter 25 Containers......Page 962 Background and core concepts......Page 963 Images......Page 964 Networking......Page 965 Basic a rchitecture......Page 966 Client setup......Page 968 The container experience......Page 969 Volumes......Page 973 Docker networks......Page 974 Namespaces and the bridge network......Page 975 dockerd option editing......Page 977 Image building......Page 979 Building from a Dockerfile......Page 980 Composing a derived Dockerfile......Page 981 Registries......Page 983 Containers in practice......Page 984 Logging......Page 985 Restrict access to the daemon......Page 986 Run processes as unprivileged users......Page 987 Secure images......Page 988 Container clustering and management......Page 989 Kubernetes......Page 991 Mesos and Marathon......Page 993 AWS EC2 Container Service......Page 994 Recommended reading......Page 995 Chapter 26 Continuous Integration and Delivery......Page 996 Principles and practices......Page 998 Build every integration commit......Page 999 Environments......Page 1000 Pipelines......Page 1002 The build process......Page 1003 Testing......Page 1004 Deployment......Page 1006 Zero-downtime deployment techniques......Page 1007 Jenkins: the open source automation server......Page 1008 Basic Jenkins concepts......Page 1009 Pipeline as code......Page 1010 CI/CD in practice......Page 1011 Unit testing UlsahGo......Page 1013 Taking first steps with the Jenkins Pipeline......Page 1015 Buildinga DigitalOcean image......Page 1017 Provisioning a single system for testing......Page 1019 Testing the droplet......Page 1022 Deploying UlsahGo to a pair of droplets and a load balancer......Page 1023 Concluding the demonstration pipeline......Page 1024 Containers and CI/CD......Page 1025 Container images as build artifacts......Page 1026 Recommended reading......Page 1027 Chapter 27 Security......Page 1028 Social engineering......Page 1030 Software vulnerabilities......Page 1031 Distributed denial-of-service attacks (DDoS)......Page 1032 Network, system, or application configuration errors......Page 1033 Software updates......Page 1034 Unnecessary services......Page 1035 Viruses and worms......Page 1036 Root kits......Page 1037 Vigilance......Page 1038 Passwords and user accounts......Page 1039 Password vaults and password escrow......Page 1040 Password a Tribute to Evi Preface Foreword Acknowledgments Where to Start 1.1 Essential duties of a system administrator 1.2 Suggested background 1.3 Linux distributions 1.4 Example systems used in this book 1.5 Notation and typographical conventions 1.6 Units 1.7 Man pages and other on-line documentation 1.8 Other authoritative documentation 1.9 Other sources of information 1.10 Ways to find and install software 1.11 Where to host 1.12 Specialization and adjacent disciplines 1.13 Recommended reading Booting and System Management Daemons 2.1 Boot process overview 2.2 System firmware 2.3 Boot loaders 2.4 GRUB: the GRand Unified Boot loader 2.5 The FreeBSD boot process 2.6 System management daemons 2.7 systemd in detail 2.8 FreeBSD init and startup scripts 2.9 Reboot and shutdown procedures 2.10 Stratagems for a nonbooting system Access Control and Rootly Powers 3.1 Standard UNIX access control 3.2 Management of the root account 3.3 Extensions to the standard access control model 3.4 Modern access control 3.5 Recommended reading Process Control 4.1 Components of a process 4.2 The life cycle of a process 4.3 ps: monitor processes 4.4 Interactive monitoring with top 4.5 nice and renice: influence scheduling priority 4.6 The /proc filesystem 4.7 strace and truss: trace signals and system calls 4.8 Runaway processes 4.9 Periodic processes The Filesystem 5.1 Pathnames 5.2 Filesystem mounting and unmounting 5.3 Organization of the file tree 5.4 File types 5.5 File attributes 5.6 Access control lists Software Installation and Management 6.1 Operating system installation 6.2 Managing packages 6.3 Linux package management systems 6.4 High-level Linux package management systems 6.5 FreeBSD software management 6.6 Software localization and configuration 6.7 Recommended reading Scripting and the Shell 7.1 Scripting philosophy 7.2 Shell basics 7.3 sh scripting 7.4 Regular expressions 7.5 Python programming 7.6 Ruby programming 7.7 Library and environment management for Python and Ruby 7.8 Revision control with Git 7.9 Recommended reading User Management 8.1 Account mechanics 8.2 The /etc/passwd file 8.3 The Linux /etc/shadow file 8.4 FreeBSD's /etc/master.passwd and /etc/login.conf files 8.5 The /etc/group file 8.6 Manual steps for adding users 8.7 Scripts for adding users: useradd, adduser, and newusers 8.8 Safe removal of a user’s account and files 8.9 User login lockout 8.10 Risk reduction with PAM 8.11 Centralized account management Cloud Computing 9.1 The cloud in context 9.2 Cloud platform choices 9.3 Cloud service fundamentals 9.4 Clouds: VPS quick start by platform 9.5 Cost control 9.6 Recommended Reading Logging 10.1 Log locations 10.2 The systemd journal 10.3 Syslog 10.4 Kernel and boot-time logging 10.5 Management and rotation of log files 10.6 Management of logs at scale 10.7 Logging policies Drivers and the Kernel 11.1 Kernel chores for system administrators 11.2 Kernel version numbering 11.3 Devices and their drivers 11.4 Linux kernel configuration 11.5 FreeBSD kernel configuration 11.6 Loadable kernel modules 11.7 Booting 11.8 Booting alternate kernels in the cloud 11.9 Kernel errors 11.10 Recommended reading Printing 12.1 CUPS printing 12.2 CUPS server administration 12.3 Troubleshooting tips 12.4 Recommended reading TCP/IP Networking 13.1 TCP/IP and its relationship to the Internet 13.2 Networking basics 13.3 Packet addressing 13.4 IP addresses: the gory details 13.5 Routing 13.6 IPv4 ARP and IPv6 neighbor discovery 13.7 DHCP: the Dynamic Host Configuration Protocol 13.8 Security issues 13.9 Basic network configuration 13.10 Linux networking 13.11 FreeBSD networking 13.12 Network troubleshooting 13.13 Network monitoring 13.14 Firewalls and NAT 13.15 Cloud networking 13.16 Recommended reading Physical Networking 14.1 Ethernet: the Swiss Army knife of networking 14.2 Wireless: Ethernet for nomads 14.3 SDN: software-defined networking 14.4 Network testing and debugging 14.5 Building wiring 14.6 Network design issues 14.7 Management issues 14.8 Recommended vendors 14.9 Recommended reading IP Routing 15.1 Packet forwarding: a closer look 15.2 Routing daemons and routing protocols 15.3 Protocols on parade 15.4 Routing protocol multicast coordination 15.5 Routing strategy selection criteria 15.6 Routing daemons 15.7 Cisco routers 15.8 Recommended reading DNS: The Domain Name System 16.1 DNS architecture 16.2 DNS for lookups 16.3 The DNS namespace 16.4 How DNS works 16.5 The DNS database 16.6 The BIND software 16.7 Split DNS and the view statement 16.8 BIND configuration examples 16.9 Zone file updating 16.10 DNS security issues 16.11 BIND debugging 16.12 Recommended reading Single Sign-On 17.1 Core SSO elements 17.2 LDAP: “lightweight” directory services 17.3 Using directory services for login 17.4 Alternative approaches 17.5 Recommended reading Electronic Mail 18.1 Mail system architecture 18.2 Anatomy of a mail message 18.3 The SMTP protocol 18.4 Spam and malware 18.5 Message privacy and encryption 18.6 Mail aliases 18.7 Email configuration 18.8 sendmail 18.9 Exim 18.10 Postfix 18.11 Recommended reading Web Hosting 19.1 HTTP: the Hypertext Transfer Protocol 19.2 Web software basics 19.3 Web hosting in the cloud 19.4 Apache httpd 19.5 NGINX 19.6 HAProxy 19.7 Recommended reading Storage 20.1 I just want to add a disk! 20.2 Storage hardware 20.3 Storage hardware interfaces 20.4 Attachment and low-level management of drives 20.5 The software side of storage: peeling the onion 20.6 Disk partitioning 20.7 Logical volume management 20.8 RAID: redundant arrays of inexpensive disks 20.9 Filesystems 20.10 Traditional filesystems: UFS, ext4, and XFS 20.11 Next-generation filesystems: ZFS and Btrfs 20.12 ZFS: all your storage problems solved 20.13 Btrfs: “ZFS lite” for Linux 20.14 Data backup strategy 20.15 Recommended reading The Network File System 21.1 Meet network file services 21.2 The NFS approach 21.3 Server-side NFS 21.4 Client-side NFS 21.5 Identity mapping for NFS version 4 21.6 nfsstat: dump NFS statistics 21.7 Dedicated NFS file servers 21.8 Automatic mounting 21.9 Recommended reading SMB 22.1 Samba: SMB server for UNIX 22.2 Installing and configuring Samba 22.3 Mounting SMB file shares 22.4 Browsing SMB file shares 22.5 Ensuring Samba security 22.6 Debugging Samba 22.7 Recommended reading Configuration Management 23.1 Configuration management in a nutshell 23.2 Dangers of configuration management 23.3 Elements of configuration management 23.4 Popular CM systems compared 23.5 Introduction to Ansible 23.6 Introduction to Salt 23.7 Ansible and Salt compared 23.8 Best practices 23.9 Recommended reading Virtualization 24.1 Virtual vernacular 24.2 Virtualization with Linux 24.3 FreeBSD bhyve 24.4 VMware 24.5 VirtualBox 24.6 Packer 24.7 Vagrant 24.8 Recommended reading Containers 25.1 Background and core concepts 25.2 Docker: the open source container engine 25.3 Containers in practice 25.4 Container clustering and management 25.5 Recommended reading Continuous Integration and Delivery 26.1 CI/CD essentials 26.2 Pipelines 26.3 Jenkins: the open source automation server 26.4 CI/CD in practice 26.5 Containers and CI/CD 26.6 Recommended reading Security 27.1 Elements of security 27.2 How security is compromised 27.3 Basic security measures 27.4 Passwords and user accounts 27.5 Security power tools 27.6 Cryptography primer 27.7 SSH, the Secure SHell 27.8 Firewalls 27.9 Virtual private networks (VPNs) 27.10 Certifications and standards 27.11 Sources of security information 27.12 When your site has been attacked 27.13 Recommended reading Monitoring 28.1 An overview of monitoring 28.2 The monitoring culture 28.3 The monitoring platforms 28.4 Data collection 28.5 Network monitoring 28.6 Systems monitoring 28.7 Application monitoring 28.8 Security monitoring 28.9 SNMP: the Simple Network Management Protocol 28.10 Tips and tricks for monitoring 28.11 Recommended reading Performance Analysis 29.1 Performance tuning philosophy 29.2 Ways to improve performance 29.3 Factors that affect performance 29.4 Stolen CPU cycles 29.5 Analysis of performance problems 29.6 System performance checkup 29.7 Help! My server just got really slow! 29.8 Recommended reading Data Center Basics 30.1 Racks 30.2 Power 30.3 Cooling and environment 30.4 Data center reliability tiers 30.5 Data center security 30.6 Tools 30.7 Recommended reading Methodology, Policy, and Politics 31.1 The grand unified theory: DevOps 31.2 Ticketing and task management systems 31.3 Local documentation maintenance 31.4 Environment separation 31.5 Disaster management 31.6 IT policies and procedures 31.7 Service level agreements 31.8 Compliance: regulations and standards 31.9 Legal issues 31.10 Organizations, conferences, and other resources 31.11 Recommended reading A Brief History of System Administration Colophon About the Contributors About the Authors Index UNIX and Linux System Administration Handbook, Fifth Edition is today's definitive guide to installing, configuring and maintaining any Unix or Linux system -- including the systems that provide core Internet and cloud infrastructure. Now fully updated for today's Linux distributions and cloud environments, it details best practices for every facet of system administration, including storage management, network design and administration, web hosting and scale-out, automation, configuration management, performance analysis, virtualization, DNS, security, management of IT service organizations, and much more. For modern system and network administrators, this edition contains indispensable new coverage of cloud deployments, continuous delivery, Docker and other containerization solutions, and much more
دانلود کتاب UNIX and Linux System Administration Handbook (5th Edition)