Red Hat [Electronic resources] : The Complete Reference Enterprise Linux Fedora Edition؛ The Complete Reference نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Red Hat [Electronic resources] : The Complete Reference Enterprise Linux Fedora Edition؛ The Complete Reference - نسخه متنی

Richard L. Petersen

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Table of Contents

BackCover

Red Hat - The Complete Reference Enterprise Linux & Fedora Edition

Introduction

Part I: Getting Started

Chapter 1: Introduction to Red Hat Linux

Red Hat and Fedora Linux

Red Hat Linux Fedora Core

Operating Systems and Linux

History of Linux and Unix

Linux Overview

Open Source Software

Linux Software

Online Information Sources

Documentation

Chapter 2: Installing Red Hat and Fedora Core Linux

Hardware, Software, and Information Requirements

Creating the Boot Disks

Installing Linux

Finishing Installation

Chapter 3: Interface Basics

User Accounts

Accessing Your Linux System

Bluecurve: The GNOME and KDE Desktops

Command Line Interface

Help

Chapter 4: Red Hat System Configuration

Red Hat Administrative Tools

Configuring Users

Printer Configuration

X Window System Configuration: redhat-config-xfree86

Updating Red Hat and Fedora Linux with RHN, Yum and APT

Installing Software Packages

Security Configuration

Unsupported Drivers

Bluetooth

Chapter 5: Red Hat Network Configuration

Network Information: Dynamic and Static

Network Configuration with Red Hat Network Tools

Command Line PPP Access: wvdial

Wireless Tools

Setting Up Your Firewall: redhat-config-securitylevel

Configuring a Local Area Network

Part II: Environments

Chapter 6: GNOME

GNOME Enhancements

GTK+

The GNOME Interface

The GNOME Desktop

The GNOME File Manager: Nautilus

The GNOME Panel

GNOME Applets

GNOME Configuration

GNOME Directories and Files

Chapter 7: The K Desktop Environment: KDE

Qt Library

KDE Desktop

The KDE Help Center

Applications

Mounting CD-ROMs and Floppy Disks from the Desktop

KDE File Manager and Internet Client: Konqueror

KDE Configuration: KDE Control Center

Chapter 8: The Shell

The Command Line

History

Filename Expansion: *, ?, [ ]

Standard Input/Output and Redirection

Pipes: |

Redirecting and Piping the Standard Error: >&, 2

Jobs: Background, Kills, and Interruptions

Shell Variables

Shell Scripts: User-Defined Commands

Control Structures

Filters and Regular Expressions

Chapter 9: Shell Configuration

Aliases

Controlling Shell Operations

Environment Variables and Subshells: export

Configuring Your Shell with Shell System Variables

Chapter 10: Managing Linux Files, Directories, and Archives

Linux Files

The File Structure

Listing, Displaying, and Printing Files: ls, cat, more, less, and lpr

Managing Directories: mkdir, rmdir, ls, cd, and pwd

File and Directory Operations: find, cp, mv, rm, and ln

The mtools Utilities: msdos

Archiving and Compressing Files

Archiving and Compressing Files with File Roller

Part III: Applications

Chapter 11: Office and Database Applications

Accessibility to Microsoft Office

OpenOffice

KOffice

GNOME Office and Ximian

Document Viewers (PostScript, PDF, and DVI)

Database Management Systems

Editors

Chapter 12: Graphics Tools and Multimedia

Graphics Tools

Multimedia

Chapter 13: Mail and News Clients

Mail Clients

Usenet News

Chapter 14: Web, FTP, and Java Clients

Web Clients

Java for Linux: Blackdown

FTP Clients

Chapter 15: Network Tools

Network Information: ping, finger, traceroute, and host

Network Talk and Messenger Clients: ICQ, IRC, AIM, and Talk

Telnet

RSH, Kerberos, and SSH Remote Access Commands

Part IV: Security

Chapter 16: Encryption, Integrity Checks, and Signatures-GNU Privacy Guard

Public Key Encryption, Integrity Checks, and Digital Signatures

GNU Privacy Guard

Checking Software Package Digital Signatures

Intrusion Detection: Tripwire

Chapter 17: Internet Protocol Security: IPsec

IPsec Protocols

IPsec Modes

IPsec Security Databases

Configuring IPsec with redhat-config-network

Configuring Connections with setkey

Configuring IPsec with racoon: IKE

IPsec Tunnel Mode: Virtual Private Networks

Crypto IP Encapsulation for Virtual Private Networks

Chapter 18: Secure Shell and Kerberos

The Secure Shell: OpenSSH

Kerberos

Chapter 19: Network Firewalls: Netfilter

Firewalls: iptables and NAT

Packet Filtering

Network Address Translation (NAT)

IP Tables Scripts

IP Masquerading

Part V: Red Hat Servers

Chapter 20: Server Management

System Startup Files: /etc/rc.d and /etc/sysconfig

SysV Init: init.d Scripts

Starting Servers: Standalone and xinetd

Service Management Tools: chkconfig and redhat-config-serivces

Service Scripts: /etc/init.d

Extended Internet Services Daemon (xinetd)

Chapter 21: FTP Servers

FTP Servers

Anonymous FTP: vsftpd

The FTP User Account: anonymous

The Very Secure FTP Server

Professional FTP Daemon: ProFTPD

The Washington University FTP Daemon: WU-FTPD

ProFTPD and WU-FTPD Server Tools

Chapter 22: Web Servers: Apache

Tux

Apache Web Server

Apache Configuration Files

Apache Configuration and Directives

Virtual Hosting on Apache

Server-Side Includes

PHP

Apache GUI Configuration Tools

Web Server Security: SSL

Chapter 23: Proxy Servers-Squid

Configuring Client Browsers

squid.conf

Security

Caches

Logs

Web Server Acceleration: Reverse Proxy Cache

Chapter 24: Mail Servers: SMTP, POP, and IMAP

Mail Servers

Received Mail: MX Records

Postfix

Sendmail

POP Servers

IMAP

Chapter 25: Print Servers

CUPS and LPRng

Printer Devices and Configuration

Managing Printers with CUPS

The Line Printer Server: LPRng

Chapter 26: News and Search Servers

News Servers: INN

Dig Server

Part VI: System Administration

Chapter 27: Basic System Administration

Superuser Control: the Root User

System Time and Date

Scheduling Tasks: cron

System Runlevels: telinit, initab, and shutdown

Managing Services

Red Hat Administration Tools

System Directories

Configuration Directories and Files

System Logs: /var/log and syslogd

Performance Analysis Tools and Processes

Grand Unified Bootloader (GRUB)

Backups

Chapter 28: Managing Users

User Configuration Files

The Password Files

Managing User Environments

Adding and Removing Users with useradd, usermod, and userdel

Managing Groups

Controlling Access to Directories and Files: chmod

Disk Quotas

Lightweight Directory Access Protocol

Pluggable Authentication Modules

Chapter 29: Software Management

Software Repositories

Software Package Types

Red Hat Package Manager (RPM)

Installing Software from RPM Source Code Files: SRPMs

Installing Software from Compressed Archives: .tar.gz

The Concurrent Versions System: CVS

Packaging Your Software with RPM

Chapter 30: File System Management

File Systems

Filesystem Hierarchy Standard

Journaling

Mounting File Systems Automatically: /etc/fstab

Mounting File Systems Directly: mount and umount

Installing IDE CD-R/RW and DVD R/RW Devices

Creating File Systems: mkfs, mke2fs, mkswap, parted, and fdisk

CD-ROM and DVD ROM Recording

Chapter 31: RAID and LVM

Enabling RAID and LVM in the Kernel

Configuring RAID Devices

Logical Volume Manager

Chapter 32: Devices and Modules

Device Files

Device Information: /proc and /etc/sysconfig/hwconf

Installing and Managing Terminals and Modems

Input Devices

PCMCIA Devices

Installing Sound, Network, and Other Cards

Sound Devices

Video, TV, and DVD Devices

Modules

Chapter 33: Kernel Administration

Kernel Versions

Kernel Tuning: Kernel Runtime Parameters

Installing a New Kernel Version

Precautionary Steps for Modifying a Kernel of the Same Version

Compiling the Kernel from Source Code

Important Kernel Configuration Features

Compiling and Installing the Kernel

Boot Loader Configurations

Module RAM Disks

Part VII: Network Administration

Chapter 34: Domain Name System

DNS Address Translations

Local Area Network Addressing

BIND

Domain Name Service Configuration

named.conf

options Statement

Resource Records

Zone Files

Subdomains and Slaves

IP Virtual Domains

Cache File

Dynamic Update: DHCP and Journal Files

DNS Security: Access Control Lists, TSIG, and DNSSEC

Split DNS: Views

Chapter 35: DHCP Server

Configuring DHCP Client Hosts

Configuring the DHCP Server

Dynamic Addresses

Dynamic DNS Updates

Subnetworks

Fixed Addresses

Chapter 36: NFS and NIS

Network File Systems: NFS and /etc/exports

Network Information Service: NIS

Chapter 37: Samba

Samba Documentation

Samba Applications

Starting Up Samba

Passwords

Configuring the Samba with redhat-config-samba

The Samba smb.conf Configuration File

SWAT and smb.conf

Testing the Samba Configuration

Domain Logons

Accessing Samba Services with Clients

Chapter 38: Administering TCP/IP Networks

TCP/IP Protocol Suite

IPv4 and IPv6

TCP/IP Network Addresses

IPv6 Addressing

TCP/IP Configuration Files

Domain Name Service (DNS)

Network Interfaces and Routes: ifconfig and route

Monitoring Your Network: ping, netstat, tcpdump, and Ethereal

IP Aliasing

Appendix A: About the DVD-ROM

Index

Index_A

Index_B

Index_C

Index_D

Index_E

Index_F

Index_G

Index_H

Index_I

Index_J

Index_K

Index_L

Index_M

Index_N

Index_O

Index_P

Index_Q

Index_R

Index_S

Index_T

Index_U

Index_V

Index_W

Index_X

Index_Y

Index_Z

List of Figures

List of Tables

List of Code Examples
توضیحات
افزودن یادداشت جدید


Security Configuration


Once you have installed your Linux system, you should carry out some basic security measures to protect your system from outside attacks. Systems connected to the Internet are open to attempts by outside users to gain unauthorized access. This usually takes the following forms:



    Trying to break into the system

    Having broken in, changing or replacing system files with hacked or corrupt versions

    Attempting to intercept communications from remote users

    Changing or replacing messages sent to or from users

    Pretending to be a valid user

    Firewalls, intrusion protection, encryption, data integrity, and authentication are ways of protecting against such attacks.



      A firewall prevents any direct unauthorized attempts at access.

      Intrusion detection checks the state of your system files to see if they have been tampered with by someone who has broken in.

      Encryption protects transmissions by authorized remote users, providing privacy.

      Integrity checks such as modification digests guarantee that messages and data have not been intercepted and changed or substituted en route.

      Authentication methods such as digital signatures can verify that the user claiming to send a message or access your system is actually that person.


      Security Services


      Red Hat includes several security services for protecting your system and your network transmissions (see Chapter 16). The digital signature also includes encrypted modification digest information that provides an integrity check, allowing the recipient to verify that the message received is the original and not one that has been changed or substituted.

      A good foundation for your network security is to set up a Linux system to operate as a firewall for your network, protecting it from unauthorized access (see Chapter 19). You can use a firewall to implement either packet filtering or proxies. Packet filtering is simply the process of deciding whether a packet received by the firewall host should be passed on into the local system or network. The firewall package currently in use is Netfilter (iptables). Older distributions versions releases use an earlier version called ipchains. To implement a firewall, you simply provide a series of rules to govern what kind of access you want to allow on your system. If that system is also a gateway for a private network, the system's firewall capability can effectively protect the network from outside attacks. You can provide a simple configuration for your own system using redhat-config-securitylevel as described in Chapter 4.







































      Table 4-3: Security Applications


      Applications


      Description


      GNU Privacy Guard (GPG)


      Encryption and digital signatures (Chapter 16) www.gnupg.org


      Netfilter (iptables)


      Firewall packet filtering (Chapter 19) www.netfilter.org


      Squid


      Web proxy server (Chapter 23) www.squid-chache.org


      Open-SSH


      Secure Shell encryption and authentication for remote access (Chapter 18) www.openssh.org


      Kerberos


      User authentication for access to services (Chapter 18) web.mit.edu/kerberos/www/


      Pluggable Authorization Modules (PAM)


      Authentication management and configuration (Chapter 28)


      Shadow passwords


      Password encryption (Chapter 28)


      Lightweight Directory Access Protocol (LDAP)


      User management and authorization (Chapter 28) www.openldap.org


      authconfig-gtk


      Red Hat tool to enable and configure authentication tools: Kerberos, LDAP, and shadow passwords


      Outside users may also try to gain unauthorized access through any Internet services you may be hosting, such as a Web site. In such a case, you can set up a proxy to protect your site from attack. For Linux systems, use Squid proxy software to set up a proxy to protect your Web server (see Chapter 20).

      To further control access to your system is to provide secure user authentication with encrypted passwords, a Lightweight Directory Access Protocol (LDAP) service, and Pluggable Authentication Modules (PAM) (see Chapter 28). User authentication can further be controlled for certain services by Kerberos servers (see Chapter 18). Kerberos authentication provides another level of security whereby individual services can be protected, allowing use of a service only to users who are cleared for access. LDAP and Kerberos are all enabled and configured with authconfig-gtk (Authentication in the System Settings menu or window).

      To protect remote connections from hosts outside your network, transmissions can be encrypted. For Linux systems, you can use the Secure Shell (SSH) suite of programs to encrypt any transmissions, preventing them from being read by anyone else (see Chapter 18). The SSH programs are meant to replace the remote tools such as

      rsh and

      rcp (see Chapter 15), which perform no encryption.

      The IPsec protocol also provides encryption of network transmissions, but integrated into the IP packet structure (see Chapter 17). With IPsec you can both encrypt and authenticate transmissions, ensuring that they were not intercepted and tampered with. With IPsec you can implement Virtual Private Networks (VPN), using encrypted transmissions to connect one local network to another using a larger network like the Internet. Red Hat also provides a third-party solution for VPNs called CPIE (see Chapter 5).

      You can find the latest news on security issues at the Red Hat Web site (www.redhat.com) along with other Linux sites like Linux Security (www.linuxsecurity.com), Linux Weekly News (lwn.net), and Linux Today (linuxtoday.com).





      Note

      Numerous older security applications are also available for Linux such as COPS (Computer Oracle and Password System) to check password security; Tiger, which scans your system for unusual or unprotected files; and SATAN (Security Administration Tool for Analyzing Networks), which checks your system for security holes. Crack is a newer password auditing tool that you can use to check how well your password security performs under dictionary attacks.



      Authentication Configuration


      To confirm user identities, your network may provide several authentication services (see Chapter 28). These can be enabled on your system using authconfig-gtk (see Chapter 36) and LDAP (see Chapter 28), which maintain configuration information about systems and users on your network. The Authentication panel lists services for authenticating users. The Shadow and MD5 Password options are normally selected already and provide password protection (see Chapter 28). If your network also maintains LDAP, Kerberos (see Chapter 18), and SMB authentication servers (see Chapter 37), you can enable support for them here, specifying their servers and domains.


      Figure 4-6: Authentication with authconfig-gtk

/ 328