Book Image

Linux Administration Cookbook

By : Adam K. Dean

Book Image

Linux Administration Cookbook

By: Adam K. Dean

Overview of this book

Linux is one of the most widely used operating systems among system administrators,and even modern application and server development is heavily reliant on the Linux platform. The Linux Administration Cookbook is your go-to guide to get started on your Linux journey. It will help you understand what that strange little server is doing in the corner of your office, what the mysterious virtual machine languishing in Azure is crunching through, what that circuit-board-like thing is doing under your office TV, and why the LEDs on it are blinking rapidly. This book will get you started with administering Linux, giving you the knowledge and tools you need to troubleshoot day-to-day problems, ranging from a Raspberry Pi to a server in Azure, while giving you a good understanding of the fundamentals of how GNU/Linux works. Through the course of the book, you’ll install and configure a system, while the author regales you with errors and anecdotes from his vast experience as a data center hardware engineer, systems administrator, and DevOps consultant. By the end of the book, you will have gained practical knowledge of Linux, which will serve as a bedrock for learning Linux administration and aid you in your Linux journey.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Introduction and Environment Setup

Introduction and Environment Setup

Understanding and choosing a distribution

Installing VirtualBox

Installing our chosen distribution manually

Accessing and updating our VM

Understanding how VMs differ

Quick sudo explanation

Using Vagrant to automatically provision VMs

Anecdote - try, try, and try again

Remote Administration with SSH

Remote Administration with SSH

Technical requirements

Generating and using key pairs with ssh-keygen

SSH client arguments and options

Using a client-side SSH configuration file

Modifying the server-side SSH configuration file

Rotating host keys and updating known_hosts

Technical requirements

Using local forwarding

Using remote forwarding

ProxyJump and bastion hosts

Using SSH to create a SOCKS Proxy

Understanding and using SSH agents

Running multiple SSH servers on one box

Networking and Firewalls

Networking and Firewalls

Technical requirements

Determining our network configuration

More examples of using the ip suite

Adding and configuring network interfaces

Modern domain name resolution on Linux

Configuring NTP and the problems we face

Listing firewall rules on the command line

Adding and removing firewall rules on the command line

Determining the running services and ports in use

Debugging with iftop

Services and Daemons

Services and Daemons

Technical requirements

Determining running services

Listing installed services

Starting and stopping services

Changing which services start and stop at boot

Common services you might expect to see

Understanding service unit files

Customizing systemd unit files

Testing running services

Writing a basic unit file

Working with systemd timers (and cron)

Other init systems

Round-up - services and daemons

Hardware and Disks

Hardware and Disks

Technical requirements

Determining hardware

Testing hardware

The role of the kernel

Disk configuration on Linux

The filesystem hierarchy

Configuring a blank disk and mounting it

Re-configuring a disk using LVM

Using systemd-mount and fstab

Disk encryption and working with encryption at rest

Current filesystem formats

Upcoming filesystem formats

Round-up - hardware and disks

Security, Updating, and Package Management

Security, Updating, and Package Management

Technical requirements

Checking package versions

Checking the OS version

Checking for updates

Automating updates

Checking mailing lists and errata pages

Using Pip, RubyGems, and other package managers

Dependency hell (a quick word)

Compiling from source

Technical requirements

Adding additional repositories

Roundup - security, updating, and package management

Monitoring and Logging

Monitoring and Logging

Technical requirements

Reading local logs

Using journalctl on systemd systems

Centralizing logging

Local resource measuring tools

Local monitoring tools

Remote monitoring tools

Centralizing logging with the Elastic Stack

Roundup - Monitoring and Logging

Permissions, SELinux, and AppArmor

Permissions, SELinux, and AppArmor

Technical requirements

Linux file permissions

Modifying file permissions

Technical requirements

Users and groups

AppArmor and modification

SELinux and modification

Checking SELinux is running, and the importance of keeping it running

Resetting SELinux permissions

Roundup - permissions, SELinux, and AppArmor

Containers and Virtualization

Containers and Virtualization

Technical requirements

What is a container?

Installing Docker

Running your first Docker container

Debugging a container

Searching for containers (and security)

What is virtualization?

Starting a QEMU machine with our VM

Using virsh and virt-install

Comparing the benefits of local installs, containers, and VMs

Brief comparison of virtualization options (VMware, proxmox, and more)

Roundup - containers and virtualization

Git, Configuration Management, and Infrastructure as Code

Git, Configuration Management, and Infrastructure as Code

Technical requirements

Setting up a Git server

Committing to our Git repository

Branching our Git repository and committing changes

Installing Ansible

Using Ansible to install Java from a role

Storing our Ansible configuration in Git

Exploring options for IaC

Roundup - Git, Configuration Management, and Infrastructure as Code

Web Servers, Databases, and Mail Servers

Web Servers, Databases, and Mail Servers

Technical requirements

Installing and understanding a web server

Basic Apache configuration

Basic Nginx configuration

SSL, TLS, and LetsEncrypt

Basic MySQL or MariaDB Installation

Basic PostgreSQL installation

Local MTA usage and configuration (Postfix)

Local MTA usage and configuration (Exim)

NoSQL documents (MongoDB example)

NoSQL KV (Redis example)

Messaging brokers and queues (RabbitMQ example)

Roundup - web servers, databases, and mail servers

Troubleshooting and Workplace Diplomacy

Troubleshooting and Workplace Diplomacy

Technical requirements

What is troubleshooting?

Isolating the real issue

Giving estimates and deciding on next steps

Using ss, iftop, tcpdump, and others for network issues

Using cURL, wget, and OpenSSL for remote web issues

Using iotop, top, and vmstat for local resource issues

Using ps, lsof, Strace, and /proc for service issues

Making a copy of problems for later debugging

Temporary solutions and when to invoke them

Handling irate developers

Handling irate managers

Handling irate business owners

Roundup - Troubleshooting and workplace diplomacy

BSDs, Solaris, Windows, IaaS and PaaS, and DevOps

BSDs, Solaris, Windows, IaaS and PaaS, and DevOps

Determining the type of system you're on

Understanding how the BSDs differ

Understanding how Solaris and illumos differ

Understanding how Windows differs

IaaS (Infrastructure as a Service)

PaaS (Platform as a Service)

The Ops versus DevOps Wars

Roundup - BSDs, Solaris, Windows, IaaS and PaaS, DevOps

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Roundup - security, updating, and package management

It's easy to forget about updates. It's comforting to get a system to a stable state, where no matter how much it's hammered, it's going to continue to chug along, doing what you've told it to do, and nothing more. What's uncomfortable is the idea of breaking that perfect peace, and that's where updates come in.

Software doesn't stand still; there are features being developed, security holes being patched, and tougher encryption methods being implemented, and all of these need to be accounted for by you, the sysadmin.

Package maintainers can do a lot, and they do, but it's up to you to make sure that what you're updating is tested, that it won't break anything else in your environment, and that those developers that were using an exploit to get their code to work on your...