LPI Linux Certification in a Nutshell (75 page)

Read LPI Linux Certification in a Nutshell Online

Authors: Adam Haeder; Stephen Addison Schneiter; Bruno Gomes Pessanha; James Stanger

Tags: #Reference:Computers

BOOK: LPI Linux Certification in a Nutshell
11.44Mb size Format: txt, pdf, ePub
Networking Fundamentals
Objective 109.1: Fundamentals of Internet Protocols
Addressing and masks
  • An address mask separates the network portion from
    the host portion of the 32-bit IP address.

  • Class A addresses have 8 bits of network address and 24 bits
    of host address.

  • Class B addresses have 16 bits of network address and 16
    bits of host address.

  • Class C addresses have 24 bits of network address and 8 bits
    of host address.

  • Subnets can be defined using the defined “class” schemes or
    using a locally defined split of network/host bits.

  • The all-zero and all-ones addresses are reserved on all
    subnets for the network and broadcast addresses,
    respectively. This implies that the maximum number of hosts on a
    network with
    n
    bits in the host portion
    of the address is 2
    n
    –2. For example, a
    class C network has 8 bits in the host portion. Therefore, it can
    have a maximum of 2
    8
    –2=254
    hosts.

Protocols

TCP/IP is a name representing a larger suite of network
protocols. Some network protocols maintain a constant connection,
whereas others do not.

IP

The Internet Protocol is the fundamental building
block of the Internet. It is used by other protocols.

ICMP

This connectionless messaging protocol uses IP. It
is used for flow control, detection of unreachable destinations,
redirecting routes, and checking remote hosts (the
ping
utility).

UDP

The User Datagram Protocol is a connectionless
transport agent. It is used by applications such as DNS and
NFS.

TCP

The Transmission Control Protocol is a
connection-oriented transport agent. It is used by applications
such as FTP and Telnet.

PPP

The Point-to-Point Protocol is used over serial
lines, including modems.

TCP/IP services
  • Inbound network requests to a host include a
    port number
    .

  • Ports are assigned to specific programs. Definitions are
    stored in
    /etc/services
    .

  • Ports 1–1023 are
    privileged ports, owned by superuser
    processes.

TCP/IP utilities
  • ftp
    implements the File
    Transfer Protocol client for the exchange of files to and from
    remote hosts.

  • The
    ssh
    client program
    implements a secure shell session to a remote host.

  • A web browser, such as Firefox, implements an
    http
    connection to a remote
    http
    server.

  • ping
    sends ICMP echo requests
    to a remote host to verify functionality.

  • dig
    obtains information from
    DNS servers.

  • traceroute
    attempts to display
    the route over which packets must travel to a remote host.

  • fwhois
    queries a
    whois
    database to determine the owner of a
    domain or IP
    address
    .

Objective 109.2: Basic Network Configuration
  • The
    ifconfig
    command is used to both
    view information about an interface in addition to changing the
    network configuration of an interface.

  • The program
    dhclient
    will query the local
    network for IP addressing information over
    dhcp
    and use this information to configure the settings for an
    interface.

  • The command
    route
    will display
    the path that packets will take when they leave the system. It is
    also used to manually add routes.

Objective 109.3: Basic Network Troubleshooting
  • Interfaces are configured through a number of
    configuration files.

  • /etc/hostname
    contains the assigned
    hostname for the system.

  • /etc/networks
    sets up equivalence between
    addresses and names for entire
    networks
    .

  • The
    host
    command returns DNS
    information.

  • The
    hostname
    ,
    domainname
    , and
    dnsdomainname
    commands set or
    display the current host, domain, or node name.

  • The
    netstat
    command displays network
    connections, routing tables, interface statistics, masquerade
    connections, and multicast memberships.

Objective 109.4: Configuring Client Side DNS
  • /etc/hosts
    contains static
    mappings between IP addresses and names.

  • /etc/nsswitch.conf
    directs system library
    functions to specific nameserver methods such as local files, DNS,
    and NIS.

  • /etc/host.conf
    controls name resolution
    for older libraries.

  • /etc/host.conf
    is rarely used and is
    replaced by
    /etc/nsswitch.conf
    .

  • /etc/resolv.conf
    contains information to
    direct the resolver to DNS servers.

Security
Objective 110.1: Perform Security Administration Tasks
  • find
    can perform searches for
    file attributes such as SUID using the
    -perm
    option.

  • The
    chage
    command is used to maintain
    password aging on user accounts.

  • The
    nmap
    program can be used to port
    scan local or remote systems for open ports.

  • The
    sudo
    command is used to give
    elevated privileges to a defined set of users for a limited command
    set. The configuration file is
    /etc/sudoers
    .

  • The
    ulimit
    command is used to
    view and modify limits placed on users. The superuser maintains user
    limits in the file
    /etc/security/limits.conf
    .

  • Hard limits are limits that users cannot exceed, whereas soft
    limits are limits that users can exceed temporarily by calling the
    ulimit
    program.

Objective 110.2: Set Up Host Security
TCP wrappers
  • Configuring TCP wrappers (
    tcpd
    ) using
    /etc/hosts.allow
    and
    /etc/hosts.deny
    can enhance security for
    daemons controlled by
    inetd
    or
    xinetd
    .

  • tcpd
    is often configured to deny access
    to all systems for all services (a blanket deny), and then
    specific systems are specified for legitimate access to services
    (limited allow).

  • tcpd
    logs using syslog, commonly to
    /var/log/secure
    .

Shadow passwords
  • Enabling the use of
    shadow
    passwords
    can enhance local security by making
    encrypted passwords harder to steal.

  • The use of shadow passwords causes the removal of password
    information from the publicly readable
    passwd
    file and places it in
    shadow
    , readable only
    by root.

  • A similar system is implemented for shadow groups, using the
    gshadow
    file.

Objective 110.3: Securing Data with Encryption
  • The best way to communicate securely between two Linux
    systems is via SSH. SSH can be run either as a command line, opening
    up a shell into another system, or as a wrapper around other
    TCP-based applications.

  • SSH supports multiple authentication schemes, including
    standard username/password and
    /files/05/01/27/f050127/public/private key authentication.

  • The command
    ssh-keygen –t dsa
    will create
    a /files/05/01/27/f050127/public/private keypair. The keys are stored as
    ~/.ssh/id_dsa
    (private key) and
    ~/.ssh/id_dsa.pub
    (public key).

  • Placing a copy of your public key in the file
    ~/.ssh/authorized_keys2
    on a remote machine
    will allow you to perform passwordless, key-based authentication
    with that machine.

  • The command
    gpg --gen-key
    will create a
    /files/05/01/27/f050127/public/private key pair to use with the Gnu Privacy Guard (GPG).
    These keys will be stored in
    ~/.gnupg/
    .

  • To encrypt a file with another user’s public key, you
    must:

    • Import the user’s public key into your keyring:
      gpg --import bobskey.asc

    • Use that key to encrypt a file:
      gpg –e –u “My
      Name” –r “Bobs Name” /tmp/filename.txt

Index
A note on the digital index

A link in an index entry is displayed as the section title in which that entry appears. Because some sections have multiple index markers, it is not unusual for an entry to have several links to the same section. Clicking on any link will take you directly to the place in the text in which the marker appears.

Symbols
! (bang) no
match,
Addressing
# (hash mark) root shell prompt,
Conventions Used in This Book
,
Objective 1: Work on the Command Line
$ (dollar sign) command substitution,
Command substitution
$ (dollar sign) user prompt,
Conventions Used in This Book
,
Objective 1: Work on the Command Line
,
Regular Expression Syntax
$# variable,
Configuration files
$? variable,
Return values
* (asterisk) regex modifier,
Regular Expression Syntax
+ (plus) regex modifier,
Regular Expression Syntax
- single dash character,
Entering commands at the command prompt
,
Entering command sequences
-- double dash character,
Entering commands at the command prompt
,
Examples
,
Example 2
. (period) shortcut,
Examples
,
Regular Expression Syntax
/etc directory,
Boot-time Kernel Parameters
< redirection operator,
Redirection
> redirection operator,
Redirection
>> redirection operator,
Redirection
? (question mark) regex modifier,
Regular Expression Syntax
\ (backslash) escape,
Regular Expression Syntax
\<\> match word boundaries,
Regular Expression Syntax
^
caret,
Regular Expression Syntax
| vertical line,
Regular Expression Syntax
~ (tilde) shortcut,
Examples
,
Invoking vi
,
Configuration files
A
access control,
Linux Access Control
,
The mode string
,
Access control
,
Security with TCP_WRAPPERS
,
Configuration
access logfile,
The Access Logfile
access mode,
Linux Access Control
,
The mode string
,
Example 1
access time, changing,
Description
accessibility,
Objective 3: Accessibility
,
Objective 3: Accessibility
,
Objective 106.3: Accessibility
action directive,
Configuring syslogd
addresses,
Frequently used options
,
,
Network Addressing
,
Internet Protocol Version 6 (IPv6)
,
DHCP
,
Frequently used options
,
Addressing and masks
IP allocation,
DHCP
,
Frequently used options
masks,
Addressing and masks
network,
Network Addressing
,
Internet Protocol Version 6 (IPv6)
in sed,
Frequently used options
,
administrative tasks,
Administrative
Tasks (Topic 107)
,
Objective 3: Localization and Internationalization
,
Review questions
,
passwd and group
Advanced Package Tool (APT),
Description
aggregate functions,
Aggregate Functions
,
Aggregate Functions
aliases,
An Overview of Shells
,
Aliases
,
.inputrc
,
Example
,
Bash
alien,
Description
anacron,
Administrative
Tasks (Topic 107)
anchors,
Description
annex,
Linux annex
Apache web server,
Overview of the /etc Directory Tree and the init Process
APT (Advanced Package Tool),
Description
apt-get,
Description
archives, creating/extracting,
Description
arguments,
Entering commands at the command prompt
,
Functions
ASCII mode,
Frequently used commands
at facility,
Objective 2: Automate System Administration Tasks by Scheduling
Jobs
,
Using at
,
Using at
authentication rhosts,
Example /etc/ssh/sshd_config file
automate sysadmin tasks by scheduling jobs,
Objective 2: Automate System Administration Tasks by Scheduling
Jobs
,
Controlling User Access to cron and at
,
Objective 107.2: Automate System Administration Tasks by Scheduling Jobs
automatic allocation,
DHCP
B
backends,
CUPS backends
background,
Shell Job Control
,
Example 1
backup schemes,
Backup
bash (Bourne-Again Shell),
Example
,
Objective 1: Work on the Command Line
,
Redirection
,
The Bash Shell
,
.inputrc
,
Configuration files
,
Basic Bash Scripts
,
Mailing from scripts
,
Abbreviated bash command reference
,
Example
,
Bash
basic scripts,
Basic Bash Scripts
,
Mailing from scripts
built-in commands,
Abbreviated bash command reference
,
Example
configuration files,
Configuration files
,
Bash
overview,
The Bash Shell
,
.inputrc
shared libraries,
Example
shell variables,
Objective 1: Work on the Command Line
standard I/O redirections for,
Redirection
.bashrc file,
Configuration files
,
Configuration files
Basic Input/Output System (BIOS),
BIOS
,
Using the /proc filesystem
basic network configuration,
Objective 2: Basic Network Configuration and Objective 4: Configuring Client Side DNS
,
A Standard Linux Network Configuration
basic network troubleshooting,
Basic
Network Troubleshooting (Topic 109.3)
,
dig
basic regular expression patterns,
Example 1
bg command,
Description
/bin directory,
The root Filesystem
/bin versus /sbin,
Example
binary,
Frequently used commands
binary files,
Where’s that binary?
BIOS (Basic Input/Output System),
BIOS
,
Using the /proc filesystem
BLINUX,
Objective 3: Accessibility
block devices, backing up,
Description
/boot directory,
Boot-time Kernel Parameters
,
The root Filesystem
boot loader,
LILO
boot manager,
Linux
Installation and Package Management (Topic 102)
,
Objective 2: Install a Boot Manager
,
The GRUB configuration file
,
LILO
boot time,
BIOS
,
Boot-time Kernel Parameters
,
Kernel boot-time messages
entering BIOS at,
BIOS
kernel parameters,
Boot-time Kernel Parameters
messages,
Kernel boot-time messages
bootable media types,
Disks and boot devices
,
Booting from a USB device
booting,
Objective 2: Boot the System
,
Reviewing system logs
,
Booting from a USB device
,
Boot order
the system,
Objective 2: Boot the System
,
Reviewing system logs
,
Boot order
from USB device,
Booting from a USB device
BOOTP protocol,
DHCP
BounceKeys,
Objective 3: Accessibility
Bourne, Stephen,
Objective 1: Work on the Command Line
Bourne-Again Shell,
The Bash Shell
(see bash)
break command,
Description
BrLTTY,
Objective 3: Accessibility
brute force attacks,
Shadow Passwords
BSD and System V interfaces,
BSD and System V Interfaces
BSD syntax,
Description
bulk logins,
Enabling bulk logins on multiple hosts for multiple
users
Burrows-Wheeler block sorting,
Description
bzip2 command,
Description
,
File and directory management commands
C
C-shells,
Objective 105.1: Customize and Use the Shell Environment
cancel command,
Description
case command,
Description
case, changing,
Example 1
cat command,
Description
chage,
Description
,
Examples
,
Objective 110.1: Perform Security Administration Tasks
character sets,
Regular Expression Syntax
check-updates command,
Checking for updates
checking remote hosts,
Protocols
chgrp command,
Description
child processes,
Processes
,
Objective 1: Perform Security Administration Tasks
chipset, video,
Supported video hardware
chmod command,
Applying commands recursively through a directory tree
,
Changing access modes
chown command,
Example 4
CIDR (classless inter-domain routing),
Classless Inter-Domain Routing (CIDR)
class drivers,
USB Drivers
classes, user,
Linux Access Control
classless inter-domain routing (CIDR),
Classless Inter-Domain Routing (CIDR)
clear command,
Configuration files
client side DNS,
Objective 2: Basic Network Configuration and Objective 4: Configuring Client Side DNS
,
A Standard Linux Network Configuration
,
Objective 109.4: Configuring Client Side DNS
client/server logging,
Client/Server Logging
clock,
Date and time
,
NTP Concepts
,
Examples
,
The Hardware Clock
coldplugging,
Device Management Definitions
command history and editing,
Command History and Editing
,
Applying commands recursively through a directory tree
command line,
GNU and Unix Commands
(Topic 103)
,
Objective 1: Work on the Command Line
,
man mechanics
,
File and directory management commands
,
The interactive shell and shell variables
command separator,
Entering command sequences
command substitution,
Command History and Editing
,
Command substitution
,
Environment
commands,
Entering command sequences
,
Recursive execution
,
User and Group Management Commands
,
Description
recursive,
Recursive execution
sequencing,
Entering command sequences
user and group management,
User and Group Management Commands
,
Description
comments,
Configuration files
common code,
Accessing a MySQL Server
compressing files,
Description
,
Description
concatenation,
Description
configuration files,
LILO
,
An Overview of Shells
,
Configuration files
,
Configuration files
configuring client side DNS,
Objective 2: Basic Network Configuration and Objective 4: Configuring Client Side DNS
,
A Standard Linux Network Configuration
,
Objective 109.4: Configuring Client Side DNS
continue command,
Description
control characters,
Description
control mounting and unmounting of filesystems,
Devices, Linux
Filesystems, and the Filesystem Hierarchy
Standard (Topic 104)
,
Objective 3: Control Filesystem Mounting and Unmounting
,
Example 2
,
Managing the filesystem table
Coordinated Universal Time (UTC),
Examples
cp command,
Applying commands recursively through a directory tree
,
Description
,
,
File and directory management commands
cpio command,
Description
,
File and directory management commands
create and change hard and symbolic links,
Devices, Linux
Filesystems, and the Filesystem Hierarchy
Standard (Topic 104)
,
Objective 6: Create and Change Hard and Symbolic Links
,
,
Concepts
create partitions and filesystems,
Devices, Linux
Filesystems, and the Filesystem Hierarchy
Standard (Topic 104)
,
Objective 1: Create Partitions and Filesystems
,
Example
,
Disk drives and partitions
create, monitor, and kill processes,
GNU and Unix Commands
(Topic 103)
,
Objective 5: Create, Monitor, and Kill Processes
,
Example 1
,
Concepts
cron facility,
Administrative
Tasks (Topic 107)
,
Using cron
,
Controlling User Access to cron and at
,
Logfile Rotation
,
Other SSH Tricks
,
Using cron
crond,
Using cron
,
Using cron
crontab,
Using cron
,
Using cron
cryptography, public-key,
Example /etc/ssh/sshd_config file
Ctrl-C,
Signaling Active Processes
Ctrl-Z,
Signaling Active Processes
,
Shell Job Control
CUPS,
CUPS
,
Example 3
,
CUPS
cups-config utility,
Using the cups-config Utility for Debugging
cupsd,
CUPS printing overview
current working directory,
Processes
curses system,
Managing partitions
customize and use the shell environment,
Objective 1: Customize and Use the Shell Environment
,
.inputrc
,
Objective 105.1: Customize and Use the Shell Environment
customize or write simple scripts,
Objective 2: Customize or Write Simple Scripts
,
Example
,
Objective 105.2: Customize or Write Simple Scripts
cut command,
Description

Other books

Agorafabulous! by Sara Benincasa
Old Yeller by Fred Gipson
Judas and the Vampires by Aiden James
Justice Denied by J. A. Jance
Kill Dusty Fog by J. T. Edson
Murder for Bid by Furlong Bolliger, Susan
Fan Girl by Marla Miniano