Mastering Linux Network Administration
By Jay LaCroix
4/5
()
About this ebook
Jay LaCroix
My name is Jeremy "Jay" LaCroix, and I am a computer technician that has taken an interest in writing. My latest story is titled "Escape to Planet 55" (which is a complete rewrite of "What it Means to be Human" and I am very pleased with it. I hope that my story will be of value to someone.
Read more from Jay La Croix
Mastering Ubuntu Server: Explore the versatile, powerful Linux Server distribution Ubuntu 22.04 with this comprehensive guide Rating: 0 out of 5 stars0 ratingsLinux Mint Essentials Rating: 3 out of 5 stars3/5Mastering Ubuntu Server.: Master the art of deploying, configuring, managing, and troubleshooting Ubuntu Server 18.04 Rating: 0 out of 5 stars0 ratingsMastering Ubuntu Server Rating: 0 out of 5 stars0 ratings
Related to Mastering Linux Network Administration
Related ebooks
Mastering Ubuntu Server Rating: 5 out of 5 stars5/5Python Penetration Testing Essentials Rating: 5 out of 5 stars5/5Kali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5Learning RHEL Networking Rating: 0 out of 5 stars0 ratingsLearning Docker Rating: 5 out of 5 stars5/5Burp Suite Essentials Rating: 4 out of 5 stars4/5Nginx Essentials Rating: 0 out of 5 stars0 ratingsCentOS High Availability Rating: 5 out of 5 stars5/5Packet Tracer Network Simulator Rating: 5 out of 5 stars5/5Learning Linux Shell Scripting Rating: 4 out of 5 stars4/5Linux Networking Cookbook Rating: 0 out of 5 stars0 ratingsMastering Linux Shell Scripting Rating: 4 out of 5 stars4/5Linux Shell Scripting Cookbook, Second Edition Rating: 0 out of 5 stars0 ratingsMastering Bash Rating: 5 out of 5 stars5/5Linux Shell Scripting Cookbook - Third Edition Rating: 4 out of 5 stars4/5CentOS System Administration Essentials Rating: 0 out of 5 stars0 ratingsKali Linux – Assuring Security by Penetration Testing Rating: 3 out of 5 stars3/5Understanding TCP/IP Rating: 4 out of 5 stars4/5Ubuntu 20.04 Essentials: A Guide to Ubuntu 20.04 Desktop and Server Editions Rating: 0 out of 5 stars0 ratingsLinux Commands By Example Rating: 5 out of 5 stars5/5Ubuntu Server Essentials Rating: 0 out of 5 stars0 ratingsGetting Started with PowerShell Rating: 0 out of 5 stars0 ratingsBash Command Line Pro Tips Rating: 5 out of 5 stars5/5DNS in Action Rating: 0 out of 5 stars0 ratingsLinux Command Line and Shell Scripting Bible Rating: 3 out of 5 stars3/5Linux Bible Rating: 0 out of 5 stars0 ratingsMastering Python Networking Rating: 5 out of 5 stars5/5Kali Linux Cookbook Rating: 4 out of 5 stars4/5
System Administration For You
Learn PowerShell in a Month of Lunches, Fourth Edition: Covers Windows, Linux, and macOS Rating: 5 out of 5 stars5/5CompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102 Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Linux: Learn in 24 Hours Rating: 5 out of 5 stars5/5Linux Bible Rating: 0 out of 5 stars0 ratingsLinux for Beginners: Linux Command Line, Linux Programming and Linux Operating System Rating: 4 out of 5 stars4/5Learning Microsoft Endpoint Manager: Unified Endpoint Management with Intune and the Enterprise Mobility + Security Suite Rating: 0 out of 5 stars0 ratingsLinux Command-Line Tips & Tricks Rating: 0 out of 5 stars0 ratingsPractical Data Analysis Rating: 4 out of 5 stars4/5Linux Commands By Example Rating: 5 out of 5 stars5/5Bash Command Line Pro Tips Rating: 5 out of 5 stars5/5Mastering Windows PowerShell Scripting Rating: 4 out of 5 stars4/5Learn PowerShell Scripting in a Month of Lunches Rating: 0 out of 5 stars0 ratingsThe Complete Powershell Training for Beginners Rating: 0 out of 5 stars0 ratingsNetworking for System Administrators: IT Mastery, #5 Rating: 5 out of 5 stars5/5Design and Build Modern Datacentres, A to Z practical guide Rating: 3 out of 5 stars3/5Windows Security Basics: User Accounts Rating: 0 out of 5 stars0 ratingsMastering Linux Shell Scripting,: A practical guide to Linux command-line, Bash scripting, and Shell programming Rating: 0 out of 5 stars0 ratingsRHCSA Exam Pass: Red Hat Certified System Administrator Study Guide Rating: 0 out of 5 stars0 ratingsGit Essentials Rating: 4 out of 5 stars4/5Linux: A complete guide to Linux command line for beginners, and how to get started with the Linux operating system! Rating: 0 out of 5 stars0 ratingsEmail Newsletter Strategies For Profit Rating: 0 out of 5 stars0 ratingsThe Joy of Kotlin Rating: 0 out of 5 stars0 ratingsWordpress 2023 A Beginners Guide : Design Your Own Website With WordPress 2023 Rating: 0 out of 5 stars0 ratingsPowerShell: A Comprehensive Guide to Windows PowerShell Rating: 4 out of 5 stars4/5Ethical Hacking Rating: 4 out of 5 stars4/5PowerShell: A Beginner's Guide to Windows PowerShell Rating: 4 out of 5 stars4/5
Reviews for Mastering Linux Network Administration
3 ratings0 reviews
Book preview
Mastering Linux Network Administration - Jay LaCroix
Table of Contents
Mastering Linux Network Administration
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
1. Setting up Your Environment
Getting started
Distributions to consider
Physical machines versus virtual machines
Setting up and configuring VirtualBox
Acquiring VirtualBox
Downloading and installing the Extension Pack
Acquiring and installing Debian 8
Acquiring and installing CentOS 7
Summary
2. Revisiting Linux Network Basics
Understanding the TCP/IP protocol suite
Naming the network device
Understanding Linux hostname resolution
Understanding the net-tools and iproute2 suites
Manually managing network interfaces
Managing connections with Network Manager
Summary
3. Communicating Between Nodes via SSH
Using OpenSSH
Installing and configuring OpenSSH
Connecting to network hosts via openssh-client
The OpenSSH config file
Understanding and utilizing scp
Transferring files to another node via scp
Tunneling traffic via SSH
Generating public keys
Keeping SSH connections alive
Exploring an alternative to SSH – utilizing Mosh (mobile shell)
Summary
4. Setting up a File Server
File server considerations
NFS v3 versus NFS v4
Setting up an NFS server
Learning the basics of Samba
Setting up a Samba server
Mounting network shares
Automatically mounting network shares via fstab and systemd
Creating networked filesystems with SSHFS
Summary
5. Monitoring System Resources
Inspecting and managing processes
Understanding load average
Checking available memory
Using shell-based resource monitors
Scanning used storage
Introduction to logging
Maintaining log size with logrotate
Understanding the systemd init system
Understanding the systemd journal
Summary
6. Configuring Network Services
Planning your IP address layout
Installing and configuring a DHCP server
Installing and configuring a DNS server
Setting up an internal NTP server
Summary
7. Hosting HTTP Content via Apache
Installing Apache
Configuring Apache
Adding modules
Setting up virtual hosts
Summary
8. Understanding Advanced Networking Concepts
Dividing your network into subnets
Understanding the CIDR notation
Implementing Quality of Service
Routing TCP/IP traffic
Creating redundant DHCP and DNS servers
Summary
9. Securing Your Network
Limiting the attack surface
Securing OpenSSH
Configuring the iptables firewall
Protecting system services with fail2ban
Understanding SELinux
Configuring Apache to utilize SSL
Deploying security updates
Summary
10. Troubleshooting Network Issues
Tracing routing issues
Troubleshooting DHCP issues
Troubleshooting DNS issues
Displaying connection statistics with netstat
Scanning your network with Nmap and Zenmap
Installing missing firmware on Debian systems
Troubleshooting issues with Network Manager
Summary
Index
Mastering Linux Network Administration
Mastering Linux Network Administration
Copyright © 2015 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: October 2015
Production reference: 1231015
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78439-959-7
www.packtpub.com
Cover image by Jay LaCroix
Credits
Author
Jay LaCroix
Reviewers
Adriano Dos Santos Gregório
Jitesh Marathe
Sabir Mustafa
Davor Lozić
Mosudi Isiaka
Commissioning Editor
Kartikey Pandey
Acquisition Editor
Harsha Bharwani
Content Development Editor
Sumeet Sawant
Technical Editor
Madhunikita Sunil Chindarkar
Copy Editor
Roshni Banerjee
Project Coordinator
Shweta H Birwatkar
Proofreader
Safis Editing
Indexer
Priya Sane
Production Coordinator
Shantanu N. Zagade
Cover Work
Shantanu N. Zagade
About the Author
Jay LaCroix is a Michigan-born technologist with a focus on Linux and open source software. He has over 13 years of experience working with Linux, including servers, networking, scripting, programming, virtualization, and any open source technology he can get his hands on. He is currently working as a Linux systems engineer and enjoys writing, training, and empowering others to use Linux. He is also the author of Linux Mint Essentials.
About the Reviewers
Adriano Dos Santos Gregório is an expert in the field of operating systems, he is curious about new technologies and is passionate about mobile technologies. He has been a Unix administrator since 1999 and he focuses primarily on networking projects with an emphasis on the physical and logical security of various network environments and databases. He has also reviewed some other Packt Publishing books such as Kali Linux Cookbook and Kali Linux CTF Blueprints.
He is a Microsoft Certified MCSA and MCT Alumni.
I would like to thank my mother and father, my friends, the many people who are a part of my life, and Packt for this opportunity.
Jitesh Marathe is an IT professional with a bachelor's degree in computer application. He has spent most of his career being a system administrator at various IT companies and he specializes in System and Applications Operations and Support. Jitesh enjoys traveling to new places with his family.
He has also reviewed Linux Utilities Cookbook, Packt Publishing.
I would especially like to thank my loving wife Darshna and son Nihar.
Sabir Mustafa has more than 13 years of work experience in the field of ICT and information technology, which includes:
Delivery and awareness of information and automation policies to the employees of an organization
Prepare, deploy, test, and manage solutions
Conduct continuous tests and upgrades to ensure the protection of configurations and data
Prepared and updated the technical documentation for teams and the data center
He is currently working as the project lead in a US-based multinational firm, Royal Cyber Inc. His expertise profile includes cloud services, Linux, JBoss Middleware, Windows Servers, and IBM Middleware.
Besides that, he holds a postgraduate degree in MCS (Master in Computer Science) and he is also multi-certified in industry recognized technologies including RHCE, MCSA, and Oracle Enterprise Linux. His hardware expertise includes DELL, HP Server Hardware, and EMC Storage. As a trainer, he has also launched a video training series on RHCSA at http://urduitacademy.com/.
He has a strong background in IT implementation in the government sector as well, which includes security policies, centralized SSH authentication using LDAP, data center deployment plans, and SAN storage.
I would like to thank my sweet wife and little kids for their support during the review.
Davor Lozić is a senior software engineer interested in various subjects, especially computer security, algorithms, and data structures. He creates web applications in CakePHP and Ext JS. In his spare time, he loves to read books about modern physics, graph databases such as OrientDB, and other related subjects. You can visit his website at http://warriorkitty.com and contact him from there. He likes cats! If you want to talk about any aspect of technology or if you have funny pictures of cats, feel free to contact him.
Mosudi Isiaka is a graduate in electrical and computer engineering from Federal University of Technology, Minna, Niger State, Nigeria. He has demonstrated excellent skills in numerous aspects of Information and Communication Technology. He has very good experience in Local Area Network implementation and management, from a simple network to a mid-level complex network scenario of more than a thousand workstations (Microsoft Windows 7, Microsoft Windows Vista, and Microsoft Windows XP), with Microsoft Windows 2008 Server R2 Active Directory Domain Controllers deployed in more than a single location. He has set up data center infrastructure, VPN, WAN link optimization, a firewall and intrusion detection system, a web/e-mail hosting control panel, an OpenNMS network management application and so on.
He can use open source software and applications to achieve enterprise level network management solutions in scenarios that cover Virtual Private Network (VPN), IP PBX, cloud computing, clustering, virtualization, routing, high availability, customized firewall with advanced web filtering, network load balancing, failover and link aggregation for multiple Internet access solutions, traffic engineering, collaboration suits, Network Attached Storage (NAS), Linux systems administration, virtual networking, and computing.
He is currently employed as a data center manager at One Network Ltd., Nigeria. Mosudi also works with ServerAfrica (http://www.serverafrica.com) as a managing consultant (technical). More information about him is available on his website http://www.mioemi.com. Contact him at http://ng.linkedin.com/pub/isiaka-mosudi/1b/7a2/936/.
He has also reviewed Mastering Python High Performance by Fernando Doglio for Packt Publishing.
I would like to thank my lovely mother, Mrs. Mosudi R. Ekundayo, for her moral support.
I would also like to thank my colleague, Oyebode Micheal Tosin, for his timely reminders and technical suggestions during reviews.
www.PacktPub.com
Support files, eBooks, discount offers, and more
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Free access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.
Preface
In this book, we will learn about the concepts that are required to manage real Linux-based networks. The goal is to help the reader grow from a beginner or an intermediate-level Linux user, to someone who can manage and support real Linux-based networks. The book starts with a couple of introductory chapters, in which the reader will set up their environment and then refresh some basics that will serve as the foundation for the rest of the book. From there, more advanced topics will be covered with useful examples, which the reader will be able to follow along with gaining valuable hands on practice.
During this journey, we will cover the tasks that a network administrator will typically perform on the job such as installing Linux, setting up DHCP, sharing files, IP addressing, monitoring resources, and so on. These examples are covered for not one but two popular distributions, Debian and CentOS. Since these two are very popular distributions in the enterprise, the reader will be well prepared to manage networks based on one distribution or the other (and also the countless other distributions based on them).
Finally, the last few chapters will cover the best practices to prevent intrusions and attacks and also troubleshooting to assist you when things go wrong.
What this book covers
Chapter 1, Setting up Your Environment, covers the process of setting up your lab environment for use in this book. Installing Debian and CentOS is covered, along with the pros and cons of using virtual machines.
Chapter 2, Revisiting Linux Network Basics, refreshes the reader on core Linux concepts that provide a foundation for the rest of the book such as TCP/IP, hostname resolution, and the IP and net tools suites.
Chapter 3, Communicating Between Nodes via SSH, covers all things SSH. In this chapter, we take a look at how to use SSH and how to set up an OpenSSH server to allow other nodes to connect. The scp command is also covered, allowing us to transfer files from one machine to another.
Chapter 4, Setting up a File Server, covers both Samba and NFS. Here, we'll discuss when it's appropriate to use one over the other, as well as the configuring and mounting these shares.
Chapter 5, Monitoring System Resources, deals with the monitoring of resources on our Linux systems such as inspecting free disk space, checking available memory, rotating logs, and viewing journal logs.
Chapter 6, Configuring Network Services, is all about the services that make our network come together. Topics such as DHCP and DNS servers are covered here. NTP is also thrown in for good measure.
Chapter 7, Hosting HTTP Content via Apache, covers Apache, which is currently the most used web server software in the world. Here, we'll not only install Apache, but we'll configure it and manage the modules as well. The virtual hosts are also covered.
Chapter 8, Understanding Advanced Networking Concepts, takes the reader to the next level by discussing more advanced topics such as subnetting, Quality of Service, redundancy in DHCP and DNS, and many more.
Chapter 9, Securing Your Network, deals with hardening our systems in order to prevent unauthorized access. Here, we'll cover iptables, fail2ban, SELinux, and much more.
Chapter 10, Troubleshooting Network Issues, rounds up our journey with some troubleshooting tips you can use if you run into problems.
What you need for this book
This book requires you to have one or more computers at your disposal that are capable of running either Debian or CentOS, preferably both. It really doesn't matter if you run them on a virtual machine or physical hardware, as the only requirement is that you should be able to install one or both of these distributions and access them via a terminal. Root level access is required for these installations.
While you can certainly use any Linux installations you may already have, it's highly recommended to have separate, fresh installations to work with, as some of our topics can be disruptive if they are run on production networks. If you are in doubt, VirtualBox or older machines that you may have lying around will do just fine. Network access is required, but that goes without saying, given the subject matter of this book.
Some general Linux know-how is expected. By no means is the user required to be advanced, as the purpose of this book is to upgrade your existing knowledge. That being said, there are a few things that you should already be familiar with in order to have the smoothest possible experience. First, you should already know how to modify configuration files using a text editor. No assumptions are made in this book as to which text editor you use, it's really up to you. As long as you understand any text editor, whether it be nano, vim, or even gedit—you're in good shape. If you can open a root-owned configuration file, then make changes and save it—you're all set. If in doubt, nano is a great text editor for beginners and only takes a few minutes to learn. For the more advanced users, vim is a good choice. Speaking of root, you should also understand the difference between running commands as a root or a normal user. Also, you should be able to navigate the file system and browse around.
However, even if you need to brush up on the editing of text files or switching to the root user, don't let that stop you. There is quite a bit of knowledge online that you can use to brush up, most text editors available for Linux offer really good documentation.
Who this book is for
This book is targeted at the users who already know the basics of Linux, who want to learn how to manage Linux-based networks or take their skills to the next level. This can either be for the purpose of supporting an all-Linux network or even a mixed environment. This book takes the reader through easier topics such as installing Debian, to the more advanced concepts such as subnetting. By the end of this book, you should have enough knowledge to set up a completely networked environment, including all the components that such a network should feature. If this excites you, then this book is definitely for you!
However, in this book we focus on real-world examples pertaining only to Linux. If your goal is to become certified with Cisco or obtain some other high-level certification, this may not be the best place for you. Here, it's all about practical examples, without focusing too much on the theory. While certification cram books are neat, in this book we get things done – the real things that you will be required to do if asked by your boss or client to implement a Linux network. If that's your goal, you're definitely in the right place.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: In most cases, this will be /dev/sda.
A block of code is set as follows:
default-lease-time 86400;
max-lease-time 86400;
option subnet-mask 255.255.252.0;
option broadcast-address 10.10.99.255;
option domain-name local.lan
;
authoritative;
subnet 10.10.96.0 netmask 255.255.252.0 {
range 10.10.99.100 10.10.99.254;
option routers 10.10.96.1;
option domain-name-servers 10.10.96.1;
}
Any command-line input or output is written as follows:
systemctl status httpd
Any command that is required to be run with root previleges will be prefixed with a # character, like this:
# yum install httpd
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: Once it's finished, you can save the results by clicking Scan and then Save Scan.
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the example code
You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Downloading the color images of this book
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from http://www.packtpub.com/sites/default/files/downloads/9597OS_ColorImages.pdf.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.
Chapter 1. Setting up Your Environment
Welcome to the world of Linux networking! This book will be your guide to perfecting your Linux network management skills. In this chapter, we will go over what's needed to get your environment up and running. We'll talk