dcsimg

AEleen Frisch Archive

System Cloning
If you run a server farm or support a large number of desktops systems, cloning is a great way to build and deploy systems fast.
Hardening, Part 3: Locking Linux
This month, we finish our three-part series on hardening Linux systems. As we've seen, hardening is the process of reconfiguring an "out of the box" Linux distribution to make it more secure.
Hardening, Part 2: Securing Services
This month we continue our look at the steps required to harden a Linux system by considering how Linux services can be secured. In fact, securing system services -- subsystems like printing and electronic mail, file and web serving, and remote access (telnet, ftp, rlogin, rsh, imap, and so on) -- represents a large part of the hardening task.
Hardening Linux Systems
System security is always a trade-off between convenience and features on the one hand and protectiveness and removing unnecessary risks on the other. As the cliché goes, security is inversely proportional to convenience: the easier a system is to use, the less secure it's likely to be. In contrast to many discussions in this column, this month we turn our attention to the "secure if inconvenient" end of the spectrum.
Using USB Devices on Linux Systems
I f you're in the market for a new printer, you may want to consider one with a USB (Universal Serial Bus) interface. While serial line interfaces were a great improvement over parallel interfaces, USB is even better. USB-connected printers are easy to configure and print faster (due both to faster communication with the host and more modern printer hardware).
Managing Faxes with HylaFAX
Today's users expect their computing environment to provide a lot of services that used to be considered luxuries. Sending faxes from the desktop is one of them. These days, since most PCs come equipped with a modem, it's not uncommon for the standalone fax machine to be eliminated.
Monitoring Linux Hosts with SNMP
Last month's column introduced the Simple Network Management Protocol (SNMP) and described how SNMP can be used to monitor devices and hosts connected to your network. This month, we'll configure a Linux machine as an SNMP agent and learn how to keep SNMP secure.
Monitoring Network Services with NetSaint:
It can be a pain to pinpoint trouble spots on your network. Here's how to simplify things.
Getting Started with SNMP
A large portion of a system administrator's time can be consumed by network-related tasks. Installing and configuring a network can be daunting, especially if you're starting from scratch. But monitoring and managing the network on an ongoing basis can be just as daunting, especially for very large networks. Fortunately, network monitoring and management tools can make this job easier.
A Better Way of Booting
On those rare occasions when you have to reboot your Linux system, the first thing you probably see is the terse prompt of LILO, the most common bootloader for Linux on Intel-compatible systems. Its familiar prompt LILO: is itself a diagnostic indicating the progress of the booting process.
Managing Printing with LPRng
Despite years of hype about the coming paperless office, printing has actually become more frequent and more complex as time has passed, not less so. Ordinary users now routinely print tens or even hundreds of pages a week, a significant fraction of which is high-end, photo-quality graphics.
Disk Striping
For reasons that I don't really understand, November seems to be disk month for me. A year ago in this column, we looked at the Linux Logical Volume Manager, which allows you to combine and subdivide sets of disks in arbitrary ways. This month, we will consider disk striping while focusing primarily on how this is provided by the Linux disk striping facility.
Administrative Tools for Everybody
I have always had reservations about graphical tools for system administration. While such tools can be very convenient for experienced administrators, they offer some pitfalls to less seasoned ones. One of the prime advantages cited for these packages is that they allow people to begin performing basic administrative tasks quickly and with a minimum of training; this claim is certainly justified in many cases. However, lurking on the other side of the coin is the possibility that such tools will actually keep new administrators from learning some of the subtleties of the job because the tools hide their existence. In an effort to keep novices from getting in over their heads and causing damage, some of these tools tend to present a rather limited view of what is and isn't possible on the system.
Adding a New Hard Disk
I've been a system administrator for more than 20 years. While many aspects of the job have stayed pretty much the same, some tasks are now very different from what they previously were. One of the latter is administering disk space. In the past, one had to use a lot of tricks to efficiently manage what was then a very precious commodity. Now however, with the advent of relatively cheap disks, having enough storage space is rarely an issue since adding more disk space is seldom a problem.
More Mail Filtering with procmail
Welcome to the fourth and final installment of our look at administering electronic mail. Last month, we began talking about procmail, a powerful general purpose mail-filtering facility, and its ability to sort (and possibly reject) incoming messages based on any criteria you desire. This month we're going to look at some more advanced uses of procmail, such as identifying spam messages and scanning incoming mail for viruses.
Mail Filtering with procmail
This is the third installment in our detailed look at administering electronic mail. Previously, we considered general mail concepts and the sendmail transport agent. This month, we will look at procmail, a package designed for filtering electronic mail based upon a variety of criteria. This program was written by Stephen van den Berg, and the package's homepage can be found at http://www.procmail.org/.
Administering E-mail — Part II
Last month's Guru Guidance presented an overview of electronic mail on Linux and Unix systems. This month, we will continue our exploration of this topic by looking at sendmail, the most widely used mail transport agent in the world (most current estimates put sendmail usage at over 75 percent).
Administering E-mail
Making sure that users' electronic mail gets sent out and delivered is one of the system administrator's most important jobs, and it's also one that becomes extremely visible should things go wrong. Inevitably, administering e-mail is time-consuming and frustrating, at least intermittently.
You’ve Got Mail
This month, I've decided to break with our usual format and instead answer a few of the questions that I have received via e-mail. All of these concern system administration. The first one deals with the recently released 2.4 Linux kernel.
In the Beginning — Part II
Last month, we looked at the events that transpire when you boot up a Linux system, from the kernel being loaded to the init process getting started. This month we turn our attention to actions that follow init's startup -- the actions performed by the boot scripts that actually take care of all the tasks necessary to make the system ready for users.
In the Beginning
With any luck, system startup is something that administrators can ignore under normal circumstances. Most of the time the system boots automatically without the need for any human intervention. Of course, once in a while there will be a problem, and someone will have to address whatever glitch has arisen in order to successfully bring the system up.
How To Expect
In last month's column, I used a small Expect script to communicate with a highly accurate clock that was attached to my system's serial port. In this month's column, we will take a more extended look at this very useful tool.
The Linux Logical Volume Manager
One of the great strengths of the Linux operating system is its support for a wide variety of filesystem types. Users now have the choice of using several different production-level filesystems. For example, the recently released Reiser filesystem (reiserfs) has generated considerable interest and excitement among Linux users and system administrators.
Keeping Track of What Goes On — Part II
Last month, we discussed setting up and configuring the syslog facility. This month, we will look at two additional considerations that come into play where syslog is concerned. First, we need a way to manage all the log files that we are creating and insure that they do not consume too much disk space. Second, we will need to have a strategy for processing all of the information and discerning what is most important within it. All of the log files in the world are of little use if no one looks at them. This column will explore both of these issues.
Customizing Your Linux Kernel
This month, we'll look at the process of building a Linux kernel in detail. We'll be using a Red Hat system as our example. Although the kernels that are included with the various Linux distributions do in fact work well in most circumstances, there are several situations in which you might want to build a customized kernel:
Keeping Track of What Goes On, Part I
Although I understand the importance of keeping careful records of various sorts -- financial records for the IRS, hardware configuration records for my key computer systems, clothing size information about close relatives, and so on -- I am the type of person who continually forgets to note down such information when it is easy to do so or file away associated paperwork so I can find it again later. I do much better when I set up a system which collects and stores the relevant information automatically. That way, I set things up once and then forget about them until I actually need to use the information for some reason.
All about Groups
In last month's Guru Guidance column, we looked briefly at Linux user accounts in the context of the user authentication process. In this month's column, we will take a look at the fundamental Linux multiuser entity: groups.
Securing Linux with PAM
Like Unix, Linux system security has traditionally been based on the concept of passwords. But Linux also supports far more flexible authentication components that we'll look at this month, including shadow passwords, password-aging facilities, and its general authentication facility, PAM.
Managing Filesystems: Beyond the Basics
Whenever I sit down at an unfamiliar computer system for the first time, the first thing I do is run the df command. I like to get a feel for the landscape of that system, so to speak, before I proceed to explore it further. This makes sense to me since managing the filesystem is always a central area of concern for any system administrator. The basic tasks related to filesystems are simple and familiar to almost everyone: managing and mounting filesystems, performing simple filesystem consistency checks with fsck, and the like. This month, I delve deeper into this topic, discussing other tools for managing and manipulating filesystems, and describing the process for adding a new disk or partition.
A Guide to Administering TrueType Fonts and Commercial Font Managers
Last month I described how the X Window System handles fonts and explained how to install new Type 1 fonts. With TrueType fonts, the fun really begins. The X font facilities and Ghostscript were designed around bitmap and Type 1 fonts and PostScript printing. However, users tend to have access to lots of TrueType fonts, and they naturally want to use them under Linux. Fortunately, support for TrueType fonts within traditional X facilities is available.
Learn How to Administer Type 1 Fonts
One of the most obvious and painful imperfections of Linux systems is the X Window System's cumbersome font-handling facilities. The chief reason that fonts cause so much difficulty -- or at least inconvenience -- is that there is no unified font manager in this environment. Instead, most applications have their own unique font-handling methods and each one must be configured individually.
The Ins and Outs of LILO
LILO is the most commonly used boot loader for Linux on Intel-based/compatible systems. A boot loader is a program that loads the operating system into the computer's memory from its hard disk when the computer is first started up. When a computer is booted, the first thing it does is to look at a fixed sector of its hard disk; the "master boot record" (or MBR). The program it finds there (in this case LILO) is responsible for loading and starting whatever operating system the computer is going to run. LILO, which stands for LInux LOader, is a very efficient boot loader, and it may be used to start other operating systems in addition to Linux.
Gettin’ GUI Wit’ It
While the command line remains the hearth and home of many sysadmins, GUI tools can do a thing or two.