Acknowledgments ixIntroduction xxixPart I: Getting Started 1Chapter 1: Starting with Linux 3Understanding What Linux is 4Understanding How Linux Differs from Other Operating Systems 6Exploring Linux History 7Free-flowing UNIX culture at Bell Labs 7Commercial UNIX 9Berkeley Software Distribution arrives 9UNIX Laboratory and commercialization 10GNU transitions UNIX to freedom 11BSD loses some steam 13Linus builds the missing piece 13OSI open source definition 14Understanding How Linux Distributions Emerged 16Understanding Red Hat 17Understanding Ubuntu and other Debian distributions 17Finding Professional Opportunities with Linux Today 18Understanding how companies make money with Linux 19Summary 20Chapter 2: Creating the Perfect Linux Desktop 21Understanding Linux Desktop Technology 22Starting with the GNOME 3 Desktop Live Image 24Using the GNOME 3 Desktop 25After the computer boots up 25Navigating with the mouse 25Navigating with the keyboard 30Setting up the GNOME 3 desktop 31Extending the GNOME 3 desktop 31Using GNOME shell extensions 32Using the GNOME Tweak Tool 33Starting with desktop applications 33Managing files and folders with Nautilus 33Installing and managing additional software 35Playing music with Rhythmbox 37Stopping the GNOME 3 desktop 37Using the Unity Graphical Shell with the GNOME Desktop 37Using the Metacity window manager 38Changing GNOME's appearance 40Using the panels 40Adding a drawer 41Changing panel properties 41Summary 42Exercises 42Part II: Becoming a Linux Power User 43Chapter 3: Using the Shell 45About Shells and Terminal Windows 46Using the shell prompt 47Using a Terminal window 48Using virtual consoles 49Choosing Your Shell 49Running Commands 50Understanding command syntax 51Locating commands 53Recalling Commands Using Command History 56Command-line editing 56Command-line completion 58Command-line recall 59Connecting and Expanding Commands 61Piping between commands 62Sequential commands 62Background commands 63Expanding commands 63Expanding arithmetic expressions 63Expanding variables 64Using Shell Variables 64Creating and using aliases 66Exiting the shell 67Creating Your Shell Environment 67Configuring your shell 67Setting your prompt 68Adding environment variables 70Getting Information about Commands 71Summary 74Exercises 74Chapter 4: Moving Around the Filesystem 77Using Basic Filesystem Commands 80Using Metacharacters and Operators 82Using fi le-matching metacharacters 82Using fi le-redirection metacharacters 84Using brace expansion characters 85Listing Files and Directories 86Understanding File Permissions and Ownership 90Changing permissions with chmod (numbers) 91Changing permissions with chmod (letters) 92Setting default file permission with umask 93Changing file ownership 93Moving, Copying, and Removing Files 94Summary 95Exercises 96Chapter 5: Working with Text Files 97Editing Files with vim and vi 97Starting with vi 99Adding text 99Moving around in the text 100Deleting, copying, and changing text 101Pasting (putting) text 102Repeating commands 102Exiting vi 102Skipping around in the file 103Searching for text 103Using ex mode 104Learning more about vi and vim 104Finding Files 105Using locate to find files by name 105Searching for files with find 107Finding files by name 108Finding files by size 108Finding files by user 109Finding files by permission 109Finding files by date and time 110Using "not" and "or" when finding files 111Finding files and executing commands 112Searching in files with grep 113Summary 115Exercises 115Chapter 6: Managing Running Processes 117Understanding Processes 117Listing Processes 118Listing processes with ps 118Listing and changing processes with top 120Listing processes with System Monitor 122Managing Background and Foreground Processes 124Starting background processes 124Using foreground and background commands 125Killing and Renicing Processes 126Killing processes with kill and killall 126Using kill to signal processes by PID 127Using killall to signal processes by name 128Setting processor priority with nice and renice 128Limiting Processes with cgroups 129Summary 131Exercises 131Chapter 7: Writing Simple Shell Scripts 133Understanding Shell Scripts 133Executing and debugging shell scripts 134Understanding shell variables 135Special shell positional parameters 136Reading in parameters 137Parameter expansion in bash 137Performing arithmetic in shell scripts 138Using programming constructs in shell scripts 139The "if then" statements 139The case command 142The "for do" loop 143The "while do" and "until do" loops 144Trying some useful text manipulation programs 145The global regular expression print 145Remove sections of lines of text (cut) 145Translate or delete characters (tr) 146The stream editor (sed) 146Using simple shell scripts 147Telephone list 147Backup script 148Summary 149Exercises 149Part III: Becoming a Linux System Administrator 151Chapter 8: Learning System Administration 153Understanding System Administration 153Using Graphical Administration Tools 155Using Cockpit browser-based administration 155Using other browser-based admin tools 157Invoking Administration Privileges 158Becoming root from the shell 158Gaining temporary admin access with sudo 159Exploring Administrative Commands, Configuration Files, and Log Files 161Administrative commands 161Administrative configuration files 162Administrative log files and systemd journal 165Using journalctl to view the systemd journal 165Managing log messages with rsyslogd 166Using Other Administrative Accounts 167Checking and Configuring Hardware 167Checking your hardware 168Managing removable hardware 171Working with loadable modules 172Listing loaded modules 172Loading modules 173Removing modules 174Summary 174Exercises 175Chapter 9: Installing Linux 177Choosing a Computer 178Installing Ubuntu Desktop 180Installing Ubuntu Server 185Understanding Cloud-Based Installations 188Installing Linux in the Enterprise 189Exploring Common Installation Topics 189Upgrading or installing from scratch 189Dual booting 190Installing Linux to run virtually 191Using installation boot options 192Boot options for disabling features 192Boot options for video problems 193Boot options for special installation types 193Using specialized storage 194Partitioning hard drives 195Understanding different partition types 196Tips for creating partitions 196Using the GRUB 2 boot loader 198Summary 199Exercises 199Chapter 10: Getting and Managing Software 201Managing Software on the Desktop 201Going Beyond the Software Window 203Understanding Linux Software Packaging 204Working with Debian Packaging 205APT basics 205Working with APT repositories 209Working with dpkg 211Summary 214Exercises 214Chapter 11: Managing User Accounts 215Creating User Accounts 215Adding users with adduser 218Setting user defaults 220Modifying users with usermod 222Deleting users with deluser 223Understanding Group Accounts 223Using group accounts 224Creating group accounts 225Managing Users in the Enterprise 225Setting permissions with Access Control Lists 226Setting ACLs with setfacl 227Setting default ACLs 228Enabling ACLs 229Adding directories for users to collaborate 231Creating group collaboration directories (set GID bit) 231Creating restricted deletion directories (sticky bit) 233Centralizing User Accounts 233Summary 234Exercises 234Chapter 12: Managing Disks and Filesystems 237Understanding Disk Storage 237Partitioning Hard Disks 239Understanding partition tables 239Viewing disk partitions 240Creating a single-partition disk 241Creating a multiple-partition disk 245Using Logical Volume Manager Partitions 249Checking an existing LVM 249Creating LVM logical volumes 252Growing LVM logical volumes 254Mounting Filesystems 254Supported filesystems 255Enabling swap areas 257Disabling swap area 258Using the fstab file to define mountable filesystems 258Using the mount command to mount filesystems 261Mounting a disk image in loopback 262Using the umount command 262Using the mkfs Command to Create a Filesystem 263Managing Storage with Cockpit 264Summary 265Exercises 266Part IV: Becoming a Linux Server Administrator 267Chapter 13: Understanding Server Administration 269Getting Started with Server Administration 270Step 1: Install the server 270Step 2: Configure the server 272Using configuration files 272Checking the default configuration 272Step 3: Start the server 272Step 4: Secure the server 274Password protection 274Firewalls 274TCP Wrappers 274AppArmor 275Security settings in configuration files 275Step 5: Monitor the server 275Configure logging 275Run system activity reports 276Watch activity live with Cockpit 276Keep system software up to date 277Check the filesystem for signs of crackers 277Checking and Setting Servers 277Managing Remote Access with the Secure Shell Service 277Starting the openssh-server service 278Using SSH client tools 278Using ssh for remote login 279Using SSH for remote execution 280Copying files between systems with scp and rsync 281Interactive copying with sftp 284Using key-based (passwordless) authentication 285Configuring System Logging 286Enabling system logging with rsyslog 287Understanding the rsyslog.conf file 287Understanding log messages 289Setting up and using a loghost with rsyslogd 289Watching logs with logwatch 290Checking System Resources with sar 291Checking System Space 293Displaying system space with df 293Checking disk usage with du 294Finding disk consumption with find 294Managing Servers in the Enterprise 295Summary 296Exercises 296Chapter 14: Administering Networking 299Configuring Networking for Desktops 300Checking your network interfaces 302Checking your network from NetworkManager 302Checking your network from Cockpit 303Checking your network from the command line 304Configuring network interfaces 308Setting IP addresses manually 308Setting IP address aliases 309Setting routes 310Configuring a network proxy connection 311Configuring Networking from the Command Line 312Configure networking with nmtui 312Editing a NetworkManager TUI connection 313Understanding networking configuration files 314Other networking files 315Setting alias network interfaces 318Setting up Ethernet channel bonding 319Setting custom routes 320Configuring Networking in the Enterprise 321Configuring Linux as a router 321Configuring Linux as a DHCP server 322Configuring Linux as a DNS server 322Configuring Linux as a proxy server 323Summary 323Exercises 324Chapter 15: Starting and Stopping Services 327Understanding the Initialization Daemon (init or systemd) 328Understanding the classic init daemons 329Understanding systemd initialization 335Learning systemd basics 335Learning systemd's backward compatibility to SysVinit 341Checking the Status of Services 343Checking services for SysVinit systems 343Stopping and Starting Services 346Stopping and starting SysVinit services 346Stopping a service with systemd 347Starting a service with systemd 348Restarting a service with systemd 348Reloading a service with systemd 349Enabling Persistent Services 350Configuring persistent services for SysVinit 350Enabling a service with systemd 351Disabling a service with systemd 352Configuring a Default Runlevel or Target Unit 353Configuring the SysVinit default runlevel 353Adding New or Customized Services 354Adding new services to SysVinit 355Step 1: Create a new or customized service script file 355Step 2: Add the service script to /etc/rc.d/init.d 356Step 3: Set appropriate permission on the script 357Step 4: Add the service to runlevel directories 357Adding new services to systemd 357Step 1: Create a new or customized service configuration unit file 358Step 2: Move the service configuration unit file 358Step 3: Add the service to the Wants directory 359Summary 360Exercises 360Chapter 16: Configuring a Print Server 363Common UNIX Printing System 363Setting Up Printers 365Adding a printer automatically 365Using web-based CUPS administration 366Allow remote printing administration 367Add a printer not automatically detected 367Using the Print Settings window 368Configuring local printers with the Print Settings window 369Configuring remote printers 372Adding a remote CUPS printer 373Adding a remote UNIX (LDP/LPR) printer 373Adding a Windows (SMB) printer 374Working with CUPS Printing 375Configuring the CUPS server (cupsd.conf) 375Starting the CUPS server 376Configuring CUPS printer options manually 377Using Printing Commands 378Printing with lp 378Listing status with lpstat -t 379Removing print jobs with cancel 379Configuring Print Servers 380Configuring a shared CUPS printer 380Configuring a shared Samba printer 381Understanding smb.conf for printing 382Setting up SMB clients 382Summary 383Exercises 383Chapter 17: Configuring a Web Server r 385Understanding the Apache Web Server 385Getting and Installing Your Apache Web Server 386Controlling Apache 389Securing Apache 389Apache file permissions and ownership 389Apache and firewalls 390Apache and AppArmor 390Understanding the Apache configuration files 393Using directives 393Understanding default settings 395Adding a virtual host to Apache 398Allowing users to publish their own web content 400Securing your web traffic with TLS 401Understanding how SSL is configured 402Generating an SSL key and self-signed certificate 403Generating a certificate signing request 405Troubleshooting Your Web Server 406Checking for configuration errors 406Access forbidden and server internal errors 408Summary 410Exercises 410Chapter 18: Configuring an FTP Server 413Understanding FTP 413Installing the vsftpd FTP Server 415Controlling the vsftpd Service 416Securing your FTP server 417Integrating Linux file permissions with vsftpd 418Configuring Your FTP Server 418Setting up user access 418Allowing uploading 419Setting up vsftpd for the Internet 420Using FTP Clients to Connect to Your Server 422Accessing an FTP server from a browser 422Accessing an FTP server with the lftp command 423Using the gFTP client 425Summary 426Exercises 426Chapter 19: Configuring a Windows File Sharing (Samba) Server r 429Understanding Samba 429Installing Samba 430Controlling Samba 431Viewing Samba processes 431Configuring Samba 435Configuring the [global] section 435Configuring the [homes] section 437Configuring the [printers] section 437Creating a Samba shared folder 438Checking the Samba share 438Accessing Samba Shares 441Accessing Samba shares in Linux 442Accessing Samba shares from a Linux file manager 442Mounting a Samba share from a Linux command line 442Accessing Samba shares in Windows 444Using Samba in the Enterprise 444Summary 444Exercises 445Chapter 20: Configuring an NFS File Server 447Installing an NFS Server 448Starting the NFS Service 449Sharing NFS Filesystems 450Configuring the /etc/exports file 450Hostnames in /etc/exports 451Access options in /etc/exports 452User mapping options in /etc/exports 453Exporting the shared filesystems 454Securing Your NFS Server 454Using NFS Filesystems 455Viewing NFS shares 456Manually mounting an NFS filesystem 456Mounting an NFS filesystem at boot time 457Mounting noauto filesystems 458Using mount options 458Using autofs to mount NFS filesystems on demand 460Automounting to the /net directory 460Automounting home directories 461Unmounting NFS Filesystems 463Summary 464Exercises 464Chapter 21: Troubleshooting Linux 467Boot-Up Troubleshooting 467Understanding startup 468Starting from the firmware (BIOS or UEFI) 469Troubleshooting BIOS setup 470Troubleshooting boot order 471GRUB 2 boot loader 471Starting the kernel 472Troubleshooting the initialization system 474Troubleshooting Software Packages 476Troubleshooting Networking 479Troubleshooting outgoing connections 479View network interfaces 480Check physical connections 480Check routes 481Check hostname resolution 482Troubleshooting incoming connections 483Check if the client can reach your system at all 483Check if the service is available to the client 484Check the service on the server 485Troubleshooting Memory 485Uncovering memory issues 486Checking for memory problems 488Dealing with memory problems 489Summary 490Exercises 490Part V: Learning Linux Security Techniques 493Chapter 22: Understanding Basic Linux Security y 495Implementing Physical Security 495Implementing disaster recovery 496Securing user accounts 496One user per user account 497Limiting access to the root user account 497Setting expiration dates on temporary accounts 497Removing unused user accounts 498Securing passwords 500Choosing good passwords 500Setting and changing passwords 501Enforcing best password practices 502Understanding the password files and password hashes 504Securing the filesystem 506Managing dangerous filesystem permissions 506Securing the password files 507Locking down the filesystem 508Managing software and services 509Updating software packages 509Keeping up with security advisories 509Advanced implementation 510Monitoring Your Systems 510Monitoring log files 510Monitoring user accounts 512Detecting counterfeit accounts and privileges 512Detecting bad account passwords 514Monitoring the filesystem 516Verifying software packages 516Scanning the filesystem 516Detecting viruses and rootkits 518Auditing and Reviewing Linux 521Conducting compliance reviews 521Conducting security reviews 522Summary 522Exercises 523Chapter 23: Understanding Advanced Linux Security y 525Implementing Linux Security with Cryptography 525Understanding hashing 526Understanding encryption/decryption 527Understanding cryptographic ciphers 527Understanding cryptographic cipher keys 527Understanding digital signatures 533Implementing Linux cryptography 535Ensuring file integrity 535Encrypting a Linux filesystem at installation 536Encrypting a Linux directory 537Encrypting a Linux file 540Encrypting Linux with miscellaneous tools 540Using Encryption from the Desktop 541Implementing Linux Security with PAM 541Understanding the PAM authentication process 542Understanding PAM contexts 543Understanding PAM control flags 544Understanding PAM modules 545Understanding PAM system event configuration files 545Administering PAM on your Linux system 546Managing PAM-aware application configuration files 546Implementing resources limits with PAM 547Implementing time restrictions with PAM 549Enforcing good passwords with PAM 550Encouraging sudo use with PAM 551Obtaining more information on PAM 551Summary 552Exercises 552Chapter 24: Enhancing Linux Security with AppArmor 553Understanding AppArmor 553Working with AppArmor 556Summary 559Exercises 560Chapter 25: Securing Linux on a Network 561Auditing Network Services 561Evaluating access to network services with nmap 563Using nmap to audit your network services' advertisements 566Working with Firewalls 570Understanding firewalls 571Implementing firewalls 572Starting with UFW 572Understanding the iptables utility 574Using the iptables utility 576Summary 583Exercises 583Part VI: Engaging with Cloud Computing 585Chapter 26: Shifting to Clouds and Containers 587Understanding Linux Containers 588Namespaces 589Container registries 589Base images and layers 590Working with Linux Containers 590Deploying LXD containers 590Deploying Docker containers 593Using containers in the enterprise 600Summary 600Exercises 600Chapter 27: Deploying Linux to the Public Cloud 601Running Linux in the Cloud Using cloud-init 601Creating LXD Linux Images for Cloud Deployments 604Working with LXD profiles 604Working with LXD images 607Using OpenStack to deploy cloud images 608Using Amazon EC2 to Deploy Cloud Images 610Installing the AWS CLI 611Provisioning and launching an EC2 instance 613Summary 618Exercises 618Chapter 28: Automating Apps and Infrastructure with Ansible 619Understanding Ansible 620Exploring Ansible Components 621Inventories 621Playbooks 622Plays 622Tasks 622Modules 622Roles, imports, and includes 623Stepping Through an Ansible Deployment 623Prerequisites 624Setting up SSH keys to each node 624Installing Ansible 626Creating an inventory 626Authenticating to the hosts 626Creating a playbook 627Run the playbook 628Running Ad-Hoc Ansible Commands 629Trying ad-hoc commands 629Summary 631Exercises 631Chapter 29 Deploying Applications as Containers with Kubernetes 633Understanding Kubernetes 634Kubernetes masters 634Kubernetes workers 635Kubernetes applications 635Kubernetes interfaces 636Trying Kubernetes 636Getting Kubernetes up and running 637Deploying a Kubernetes application 638Getting information on the deployment's pods 639Exposing applications with services 643Scaling up an application 644Checking the load balancer 645Scaling down an application 646Deleting a service 646Summary 647Exercises 647Appendix: Exercise Answers 649Index 701

David Clinton is a Linux server administrator who has worked with IT infrastructure in academic and enterprise environments. He has taught video courses for Amazon Web Services, as well as other technologies. He is a co-author of AWS Certified Solutions Architect Study Guide: Associate (SAA-C01) Exam and AWS Certified Cloud Practitioner Study Guide: Foundational (CLF-C01) Exam.Christopher Negus is a senior open source technical writer at Amazon Web Services. He has written dozens of books on Linux, including Red Hat Linux Bible, Linux Troubleshooting Bible and Linux Toys.