Linux Administration
This section is about the administration of Linux servers. According to traditional definitions:
  • Systems Administration involves the configuration, monitoring and control of services that run on computer systems. It is also about providing a quality of service to end users.
  • While systems administration is typically thought of as the administration of single servers. Network Administration involves connecting computer systems together using network protocols and services, and then managing those networked services.
In today's networked environment, all servers are connected to clients via a network, so the boundaries of what is systems admin and what is network admin can be blurred. (eg some purists follow the line that network admin only involves networking hardware like routers). So, the approach we've taken is that most administrators will have to undertake systems and network adminstration tasks in their workplace.

In the following section, the main topics that an administrator will encounter are presented. Since it's from the administrator's point of view, the network server software (rather than client software) is discussed more. The TCP/IP protocol suite is the most widely used today, by network applications and forms the backbone of the Internet. Network software usually invloves clients commnuicating with servers over a network. The client software such as a web browser communicates with the server software such as a web server. The complexity of the software can vary from a simple program to very large multi-tasking complex programming achievements.

Each of the following topics has hypertext links into the relevant manual, FAQ, HOWTO, and online book entries. As well as online example configuration files and links to distribution RPM and TGZ files. Click here for a list of places to go for Linux Software.

Networking-Overview-HOWTO
Linux-Networking-HOWTO
Diagnostic Tools
SuperServer
Routing
Name Services
Centralised Authentication Systems
E-mail Gateways
Web Servers
Search Engines
Networked File Systems
Remote Terminal Access

Diagnostic Tools

There are many tools to help you diagnose problems when using the network.  For example the output from the ifconfig command can be useful after using the ping command.  The number of packets transmitted out of a network interface may indicate that no packets were sent and hence you should check the routing table.   More powerful tools such as tcpdump and ethereal let you look at the contents of the packets to determine what is happening on your network.  Port scaners such as nmap and nessus allow you to check how vulnerable your systems are and also informs you on how to fix problems with services, while network intrusion detection systems such as snort allow you detect possible attacks, while acid is used to display the log files.

Manuals ifconfig, netstat, arp, arpwatch, ping, fping -h
Manuals tcpdump, ethereal, editcap, tethereal
Manuals dig, nslookup, traceroute, xtraceroute
Manuals lsof, ps, top, xosview
Manuals nmap, nessus, snort, acid, http://acidlab.sourceforge.net/acid_faq.html

Super-Server

The secure super server xinetd is used to protect services such as telnet, ftp and imap.  Many newer services such as vsftpd and cyrus-imap prefer to run as standalone daemons and hence are not started via a super server.  The tcp_wrappers software is still used by other services such as remote procedure calls and can be used with any service which has been built with tcp_wrappers libraries.

Manuals xinetd, xinetd.conf
Secure Superserver example xinetd.d
LDP The inetd Super-Server
LDP The tcpd access control facility
LDP The services and protocols Files
Example services, protocols
Manuals in.telnetd, telnet

FTP

Routing

The quagga/zebra software allows you to quickly setup routing using protocols such as RIP, OSPF and BGP.  The quagga/zebra interface is similar to that used by CISCO systems.  The gated software and documentation is included here for historical reasons.

LDP IP Routing
NET3-4-HOWTO 5.7 Routing
Networking-Overview-HOWTO 8.1 Router
Advanced Routing HOWTO
Manuals routed, udp, icmp
Quagga, Example zebra.conf
Manuals zebra, ripngd, ospfd, ospf6d, bgpd, vtysh
www.zebra.org [remote]
GateD Documentation [LARK]
Routing Protocols: RIP, OSPF, IS-IS, EGP, and BGP [LARK]
Example gated.conf [LARK]

Name Services (DNS)

Domain Name System maps the names of devices on the Internet to IP addresses.  The DNS used by most unix systems is called BIND, this software has recently added some security features such as authentication between master and slave name servers.  The alternative DNS name server software djbdns developed by D.J. Bernstein is worth considering.

DNS HOWTO, Chroot-BIND HOWTO
LDP Linux DNS and BIND Server, Running named
BIND 9 Administrator Reference Manual, Nameserver Configuration, Configuration Reference
Manual named
/etc/hosts to named database converter htn htn.man
Example /etc/named, named.cache, How to dig hints, Cache only
Download /pub/download/bind, contrib/nutshell [LARK]
www.isc.org/products/BIND [remote]
DNS Tricksi and Tips [remote]
DNS Q&A Corner (DNS Questions and Answers) [remote]
djbdns cr.yp.to/djbdns.html [remote] local copy [LARK]

Centralised Authenication Systems

Single sign-on systems typicalliy use a directory tree, Windows has Active Directory, Novell has E-directory and Open Source users have openLDAP and Radius servers. The database contains information about users such as name, phone, location, passwords, access privileges, etc. To validate access Linux users can use Pluggable Authentication Modules. PAM allows a common authentication scheme to be used for programs such as login, su and X windows server

User-Authentication-HOWTO
The Linux-PAM System Administrators' Guide
Manual pam

The Lightweight Directory Access Protocol LDAP is based on X.500, it provides a directory database, which can be used to store information about users such as login names, phone numbers, passwords and access privileges.

OpenLDAP Administrator's Guide
LDAP-HOWTO
LDAP-Implementation-HOWTO
Manuals> slapd slapd.conf ldapd ldap.conf
Examples in /etc/openldap slapd.conf, ldap.conf
RFC1777, RFC2247 [LARK]
OpenLDAP [remote], openldap [AARNet]
LDAP Tutorial, Authentication using LDAP, Intro to LDAP [remote]

Radius servers become popular again with the introduction of wireless networks.

FreeRadius documentation [LARK]

E-mail

Electronic mail is delivered via the mail transport agent (MTA) such as sendmail.  The e-mail interface software or mail user agent (MUA) is usually run on the end-user's workstation.  The end-user downloads their e-mail  from the mail server using imap or pop protocol.   The e-mail is sent using SMTP protocol to the email server, which is effectively a gateway for the end-user's workstation.

Manuals procmail, procmailrc, aliases, sendmail
LDP Electronic Mail
LDP Sendmail
LDP Sendmail Access Database
LDP Getting EximUp and Running
Sendmail Installation and Operation Guide, README.cf
The Linux Electronic Mail Administrator HOWTO
The Linux Mail User HOWTO
Sendmail address rewriting mini-HOWTO
Example /etc/sendmail.cf, /etc/mail/ sendmail.mc, access...
FreeBSD Handbook - Mail [LARK]
www.sendmail.org [LARK]

Web Software

The Apache web server is currently very popular on Unix systems.  Extensions such web dav allow end-users to drag and drop files to the web server file systems.

Apache Web Server Documentation, FAQ
Apache Proxy Module mod_proxy
Apache manual Security Tips, Performance Notes
Apache manual Miscellaneous Documentation
Linux WWW HOWTO
HOWTO Apache+SSL+PHP+fp
Example apache configuration files
The Apache Software Foundation [AARNet]
Apache-SSL www.apache-ssl.org [remote], http://apache-ssl.planetmirror.com/ [Planet Mirror Australia]
Open-SSL www.openssl.org [remote], openssl [AARNet]
ModSSL www.modssl.org [remote], SSLeay source
mod_auth_ldap [remote]

Proxy Web Server

The squid proxy web server provides a gateway by which internal network users can surf the Internet.  The proxy web sever has a large cache so that the cost of surfing the Internet can be reduced.  A squid server can also be used for external users to reduce the load a web server. 

QUICKSTART, FAQ, Manual squid, Example /etc/squid
Users Guide [LARK]
Squid [AARNet]
Calamaris [remote], Calamaris
SquidGuard [remote], /usr/src/squidGuard, blacklists_tar.gz [LARK]

Search Engines

You can use google to search the Internet but if you setup a web server you may wish to consider setting a search engine.  The swish-e software is used on the ADIOS Linux CD.

http://webglimpse.org/ [remote]
http://www.htdig.org [remote]
http://swish-e.org [remote]

File Systems

Distributed file systems are used to share files between workstations and servers.  The Network File System (NFS) was developed for use between Unix systems.  The Samba software was developed to share files between Unix and Windows systems.  The Novell NetWare solution was developed to share files over the IPX protocol.  To support diskless workstations the DHCP protocol was developed so that the workstation could automatically connect to the server sharing the filesystem.

SMB

IPX

BOOTP/DHCP

Partitions

RAID

Ext2

NTFS

Remote Access

putty terminal access using ssh protocol
gFTP file transfer supports ssh protocol (use winscp for Windows)
vncviewer and vncserver virtual network console
rdesktop remote desktop

X Windows

The desktop environment for Unix systems has evolved on top of the X windows manager.  For Linux the two most popular desktops are Gnome and KDE.

XFree86 HOWTO
XWindow Overview HOWTO, User HOWTO
Manuals for X Windows, xterm, xwininfo, and xfs
Display Manager xdm
Gnome desktop documents
KDE desktop documents
XFCE documents
ICE documents

Linux® is a registered trademark of Linus Torvalds.
This page was last modified on 07 July, 2006 by N. Richter
Copyright GNU General Public License 2006