SUSE LINUX Enterprise Server 9 Administrator's Handbook Book

I. SUSE SERVER INSTALLATION AND CONFIGURATION.

1. Installing SUSE LINUX Enterprise Server.

Installation Methods and Overview.

CD-ROM–Based Installation.

VNC-Based Installation.

Network-Based Installation.

AutoYaST-Based Installation.

Pre-Installation Planning.

Ten Easy Steps to SLES 9 Installation.

Selecting an Installation Method.

Selecting the Language.

Choosing Installation Settings.

Preparing the Hard Disks.

Configuring the System.

Specifying Network Settings.

Applying Online Updates.

Configuring Services.

Configuring User Information.

Configuring Hardware.

Troubleshooting.

Summary.

2. Updating the Server.

Maintaining Your System Configuration.

SuSEconfig.

YaST (Yet another Setup Tool).

Adding and Removing Packages.

Installing a Package.

Removing a Package or Subcomponents.

Adding and Removing Hardware.

Preparations.

Adding a Disk.

Changing Network Configuration.

Network Parameters.

Using YaST to Manage the Network Configuration.

Summary.

3. Booting and Shutting Down the Server.

Boot Loaders.

LILO.

Grub.

Kernel Boot.

init and Understanding Runlevels.

System Shutdown.

Emergency Boot and Recovery.

Summary.

II. USER ACCESS AND SECURITY MANAGEMENT.

4. User and Group Administration.

User and Group IDs.

User and Group Data Files.

The /etc/passwd File.

The /etc/shadow File.

The /etc/group File.

User Account and Group Management Applications.

Creating and Editing User Accounts.

Setting Default User Account Properties.

Creating and Editing Groups.

Security Considerations.

Using Strong Passwords.

Auditing Default Accounts.

The Root Account.

User in Too Many Groups?

Summary.

5. User Environment Management and Security.

Account Auditing.

Configuring the User Environment.

Default Shell.

Login Scripts and Environment Variables.

User Resource Management.

Authentication Using PAM.

PAM Module Configuration.

Resource Management.

Access Time Management.

Quota Management.

su or sudo.

Summary.

6. Filesystem Security.

A Review of File and Directory Permissions.

Changing Permissions.

Changing User and Group Ownership.

Security Considerations.

Default Access Permissions.

Special File Permissions.

Security Implications of SUID/SGID.

SGID and File Sharing.

A SUID Sample Program.

Securing Against SUID Programs.

Sticky Business.

Extended Attributes.

Data and Filesystem Encryption.

Secure File Deletion.

Journaled Filesystems.

Summary.

7. System Management and Monitoring.

Common Linux Commands.

Basic Commands.

Additional Tools.

The root Filesystem.

Health Checks and System Monitoring.

Machine Uptime.

Log Review.

Top Consumers.

Application Check.

System Resource Check.

User Login Activity.

System Tuning.

Tuning Kernel Parameters.

Tuning Filesystem Access.

Summary.

III. INSTALLING AND CONFIGURING NETWORKING SERVICES.

8. Network Services.

Angels and Daemons.

Configuring xinetd.

The /etc/xinetd.conf File.

Applying Access Control.

Security Considerations.

Network Time Services.

Configuring the NTP Client.

Configuring an NTP Server.

Troubleshooting Tips.

Email Services.

File Transfer Services.

Using Pure-FTPd.

Using vsftpd.

Using the Standard TFTP Server.

Network File-Sharing Services.

Setting Up an NFS Server.

Setting Up a Samba Server.

Remote Management Services.

Telnet.

ssh.

VNC and XDMCP.

Securing System Management Conversations.

Restricting Connections by IP Address.

A Secure System Management Environment.

Network Name Services.

Samba.

Service Location Protocol (SLP).

Domain Name Service (DNS).

Dynamic Host Configuration Protocol (DHCP).

DNS and DHCP.

Web Services.

Authentication Services.

Network Information Services (NIS).

Samba Domains.

Lightweight Directory Access Protocol (LDAP).

Kerberos.

Summary.

9. Printing Services.

Printer Configuration.

Local Printers.

Network Printers.

Adding a Local Printer.

Adding a Network Printer.

Print Job Lifecycle.

Job Spooling.

Applying Filters.

Printing the Information.

Queue Management.

YaST Queue Configuration.

Command-Line Queue Configuration.

Printer Queue Basics.

The CUPS Web Interface.

Summary.

10. Data Backup and Disaster Recovery.

A Look at Backup Strategies.

Implementing a Backup Strategy.

Grandfather-Father-Son Rotation Method.

Tower of Hanoi Rotation Method.

Some Tips and Tricks.

Database Backups: Cold or Hot?

Backup and Restore Tools.

Making Tarballs.

Archiving Data with cpio.

Converting and Copying Data Using dd.

Using dump and restore.

Data Mirroring Using rsync.

YaST’s System Backup and Restore Modules.

Getting to Know AMANDA.

Scheduling Backups.

Commercial Backup Products.

SLES Boot and Rescue Disks.

Summary.

IV. SECURING YOUR SUSE SERVER.

11. Network Security Concepts.

Corporate Security Policies.

Physical Security.

User Accounts.

Strong Passwords.

Remote Access.

Firewalls.

Acceptable Use Policy.

Information Protection.

Incident Response.

Summary.

12. Intrusion Detection.

Defining Intrusions.

Reducing Your Target Size.

Vulnerability Assessments.

nmap.

Nessus.

Detecting a Network-based Intrusion.

Know Your Traffic, Tune Your Firewall.

Network Intrusion Detection Systems.

Snort.

Analysis Console for Intrusion Databases.

Detecting a Host Intrusion.

Log Files.

chkrootkit.

Advanced Intrusion Detection Environment (AIDE).

Additional Tools.

Scan Detection Tools.

MRTG and Cacti.

Ethereal.

Summary.

13. System Security.

System Hardening Principles.

Using a Central syslog Server.

Hardening the Central Syslog Host.

A Stealth Logging Host.

Avoid Logging in As Root.

Securing Network Services.

Hardening Remote Services.

Limiting Rights of Services.

Using chroot Jails and User Mode Linux.

Packet Filtering Using iptables.

Hardening Your Physical Network Infrastructure.

Wireless Security.

System Hardening Packages.

Automating SLES Hardening.

Learning More About Threats.

Summary.

V. APPENDIXES.

Appendix A. Security Certifications.

Appendix B. Resources.

Linux Editors.

Website Resources.

Security and Linux-Related Websites.

SUSE-Specific Newsgroups and Websites.

Index.