this print for content only—size & color not accurate trim = 7.5" x 9.25" spine = 0.000" 000 page count
  CYAN
  MAGENTA
  YELLOW
  BLACK
Foundations of CentOS Linux
ThE ExpErT’s VOiCE
®
 iN LiNux
Foundations of
CentOS Linux
Enterprise Linux On the Cheap
Ryan Baclit, Chivas Sicam,
Peter Membrey, and John Newbigin
Companion
eBook Available
A truly free enterprise alternative
to Red Hat Enterprise Linux
Baclit
Sicam
Membrey
Newbigin
BOOKs fOr prOfEssiONALs BY prOfEssiONALs
®
US $42.99
Shelve in
Linux
User level:
Beginning
Companion eBook

See last page for details
on $10 eBook version
Foundations of CentOS Linux:
Enterprise Linux On the Cheap
Dear Reader,
I’ve been using Linux for years for software development, for personal enter-
tainment, and to create servers to be deployed on the network. But when asked
on which distribution I always use when creating and deploying network serv-
ers, I always say CentOS. With CentOS, I have all the tools that I need to do tasks
with Linux, from command-line shell scripting to graphical systems adminis-
tration with virtualization.
The book you are holding now contains expert advice that will help you
learn Linux administration with the CentOS distribution. You will be able to
write shell scripts, schedule automated tasks and use the GNOME desktop.
For network servers, you will learn how to properly install and configure file
sharing and print servers, combine servers with directory services for unified
authentication, and use virtualization to save on hardware costs.
With this book, you have a concrete starting guide to learning Linux with
CentOS. You will spend less time asking questions and more time to build-
ing whatever you need with CentOS as you learn about it with this book. If
you have plans of becoming an RHCE (Red Hat Certified Engineer), what you
have learned here will give you a boost in studying review materials for the
RHCE exam.
I hope that you will enjoy learning Linux with CentOS and use it to create
masterpiece servers with this book.
Ryan Baclit
THE APRESS ROADMAP
The Definitive
Guide to SUSE
Linux Enterprise Server

Pro Linux System
Administration
The Definitive Guide
to CentOS
Pro Ubuntu Server
Beginning the Linux
Command Line
Beginning Ubuntu Linux,
4th edition
Beginning SUSE Linux
Foundations of
CentOS Linux
Beginning Ubuntu
LTS Server Administration
)3".
  
   
Ryan Baclit
Chivas Sicam
Peter Membrey
John Newbigin
www.it-ebooks.info
www.it-ebooks.info
Foundations of CentOS
Linux
Enterprise Linux On the Cheap












■ ■ ■
Ryan Baclit, Chivas Sicam,
Peter Membrey, and
John Newbigin

www.it-ebooks.info
ii

Foundations of CentOS Linux: Enterprise Linux On the Cheap
Copyright © 2009 by Ryan Baclit, Chivas Sicam, Peter Membrey, and John Newbigin
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any information storage or retrieval
system, without the prior written permission of the copyright owner and the publisher.
The Evolution Mail Client logo is a copyright of Evolution project and was printed with permission.
ISBN-13 (pbk): 978-1-4302-1964-4
ISBN-13 (electronic): 978-1-4302-1965-1
Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1
Trademarked names may appear in this book. Rather than use a trademark symbol with every
occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of
the trademark owner, with no intention of infringement of the trademark.
President and Publisher: Paul Manning
Lead Editor: Frank Pohlmann
Technical Reviewers: Peter Membrey and Ann Tan-Pohlmann

Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Tony Campbell, Gary
Cornell, Jonathan Gennick, Michelle Lowman, Matthew Moodie, Jeffrey Pepper, Frank Pohlmann,
Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh
Coordinating Editor: Debra Kelly
Copy Editors: James A. Compton, Heather Lang, Patrick Meader, and Sharon Terdeman
Compositor: Bob Cooper
Indexer: BIM Indexing and e-Services
Artist: April Milne
Cover Designer: Anna Ishchenko
Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor,
New York, NY 10013. Phone 1-800-SPRINGER, fax 201-348-4505, e-mail , or
visit .
For information on translations, please e-mail , or visit .
Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use.
eBook versions and licenses are also available for most titles. For more information, reference our
Special Bulk Sales—eBook Licensing web page at
The information in this book is distributed on an “as is” basis, without warranty. Although every
precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have
any liability to any person or entity with respect to any loss or damage caused or alleged to be caused
directly or indirectly by the information contained in this work.
The source code for this book is available to readers at .

www.it-ebooks.info

I dedicate this book to all current and future users of Linux.
—Ryan Baclit

To Anna. May all your dreams come true.
—Chivas Sicam


For my granddad, Bill “Pappy” Membrey. Without his unwavering support and guidance (not
to mention patience), I would not be where I am today.
—Peter Membrey

To my fiancée, Jenna.
—John Newbigin
www.it-ebooks.info
iv

Contents at a Glance

■About the Authors xvii
■About the Technical Reviewer xx
■Acknowledgments xxi
■Introduction xxii
■Chapter 1: Installation 1
■Chapter 2: BASH 31
■Chapter 3: Client/Host Configuration 55
■Chapter 4: Data Storage Management 71
■Chapter 5: User Management 87
■Chapter 6: X Window System 105
■Chapter 7: Package Management 133
■Chapter 8: Basic Linux Security 153
■Chapter 10: Network Security 203
■Chapter 11: Network Services 227
■Chapter 12: Open Source Databases 261
■Chapter 13: Linux Web Services 289
■Chapter 14: File Sharing Services 313
■Chapter 15: Linux Mail Servers 335
■Chapter 16: Directory Services 373

■Chapter 17: The Linux Kernel 415
■Chapter 18: Linux Virtualization 435
■Chapter 19: Linux Troubleshooting 457
■Index 471

www.it-ebooks.info
■ CONTENTS

v

Contents
■About the Authors xvii
■About the Technical Reviewer xx
■Acknowledgments xxi
■Introduction xxii
■Chapter 1: Installation 1
Preinstallation Steps 1
Installation 3
Troubleshooting 29
Summary 30
■Chapter 2: BASH 31
Working with the Command-Line Interface 31
Identifying the Working User 32
The Linux Filesystem 33
Directory Management 35
Listing the Contents of a Directory 36
Traversing Directories 39
Absolute and Relative Paths 39
Creating Directories 40
Renaming and Moving Files 40

Deleting Directories and Files 41
Creating and Viewing Text Files 42
Viewing the Contents of a File 44
Text Processing 45
Standard I/O Devices 46
Redirection 47
Piping 47
Getting Help 48
Environment Variables 51
Creating and Running Your Own Script 52
Summary 54
■Chapter 3: Client/Host Configuration 55
The Boot Process 55
The Boot Loader 55
www.it-ebooks.info
■ CONTENTS

vi

Kernel, Init, and Runlevels 60
Services 62
Keyboard Settings 63
Language Settings 64
Date and Time Settings 65
Network Settings 67
Graphics Settings 68
Printer Settings 69
Summary 70
■Chapter 4: Data Storage Management 71
Provisioning a New Hard Drive 71

Partitioning a Disk Using RAID 77
Understanding RAID Types and Levels 78
RAID 0 78
RAID 1 78
RAID 5 79
Checking on RAID 81
Partitioning with LVM 81
Understanding How LVM Works 82
Volume Groups 83
Physical Volumes 83
Logical Volumes 84
Making Sure Your Volumes Work 85
Finding More Information on LVM 85
Summary 85
■Chapter 5: User Management 87
Managing Users and Groups with the Graphical Interface 87
Adding a User 87
Changing User Properties 89
Deleting a User 91
Adding a Group 91
Changing Group Properties 92
Deleting a Group 93
User Management on the Command Line 93
Adding a User 94
Changing User Properties 94
Deleting a User 95
Adding a Group 96
Changing Group Properties 96
Deleting a Group 96
Implementing Disk Quotas 98

Enabling User and Group Quotas on a Filesystem 99
Setting Up the Quota Files 99
www.it-ebooks.info
■ CONTENTS

vii

Setting Up Quotas 100
Setting Grace Periods 101
Managing Quotas for Groups 101
Enabling Quotas 101
Reporting on Quotas 101
Setting Resource Limits 102
Summary 103
■Chapter 6: X Window System 105
X.Org 106
xorg.conf 106
The Keyboard Section 107
The Device Section 108
The Screen Section 108
The ServerLayout Section 110
Making a New xorg.conf File 111
The GNOME Desktop 111
Top Panel 112
Applications 113
Places 115
System 117
Customizing Menus 118
Launchers 120
Separator, Update, Clock, and Sound Applet 121

Bottom Panel 121
XDMCP Remote Connections 122
GDM Configuration 123
Reloading Options with gdmflexiserver 125
Using XDMCP with GDM 125
Requesting an X Session with XDMCP 126
XDMCP with X Query 126
XDMCP with Xnest 128
X with SSH 130
Summary 131
■Chapter 7: Package Management 133
RPM 133
The RPM Filename Convention 134
The rpm Command 135
Installing a Package 135
Signed Packages 136
Importing Keys 136
Verifying Packages 137
Adding More Output 137
Package Dependencies 138
www.it-ebooks.info
■ CONTENTS

viii

Upgrading a Package 139
Removing a Package 140
Querying a Package 141
Information and File Contents of a Package 141
Source RPMs 142

The Spec File 143
The rpmbuild Command 144
Building a Binary Package from a Source Package 144
YUM 145
Installing Packages with YUM 146
Removing Packages with YUM 146
Updating Packages with YUM 147
Searching Packages with YUM 148
Adding Sources for YUM 148
Creating Repositories for YUM 150
Summary 151
■Chapter 8: Basic Linux Security 153
System Logger 153
Using syslog.conf 154
Selectors 155
Actions 157
Detecting Intruders with the System Logger 158
Automating Tasks with cron 160
Using crontab 161
Using cron.allow and cron.deny 161
Working with the crontab File 161
The crontab Task 161
Browsing Available Tasks 163
Removing Tasks 163
Pluggable Authentication Modules 163
Understanding PAM Rules and Configuration Files 165
servicename 166
Management Groups 167
Control 167
modulepath 168

Testing PAM 168
Testing pam_time.so with crond 169
Finding Other PAM Modules 170
Summary 170
■Chapter 9: Advanced Security 171
Using Digital Certificates 171
Creating Certificates 172
Deploying Certificates 176
www.it-ebooks.info
■ CONTENTS

ix

Configuration Files 176
Intermediate Certificates 178
Certificate File Formats 178
Signing Your Own Certificates 179
Go Wild 181
Intrusion Detection 181
Monitoring the filesystem with RPM 182
Monitoring the Filesystem with AIDE 185
Monitoring the Network with Netfilter 188
Security Enhanced Linux 191
Why Use SELinux 192
Enabling and Disabling SELinux 192
SELinux Policy 193
Drilling Down on Context 194
Booleans 196
Access Vectors 199
Interactive Users 200

Summary 201
■Chapter 10: Network Security 203
The Firewall 203
A Basic Firewall 203
An Advanced Firewall 207
How netfilter Works 207
Viewing the Current Firewall 209
Building netfilter Rules 211
Using CentOS as a Router 216
Using netfilter for IP Masquerading 217
Handling Complex Protocols with netfilter 218
tcp_wrappers 218
Centralized Logging 222
Configuring the Server to Receive Logs 225
Configuring the Client to Send Logs 225
Summary 226
■Chapter 11: Network Services 227
OpenSSH 227
The OpenSSH Configuration File 227
Connecting to the OpenSSH Server 228
Copying Files Securely with scp 229
OpenSSH Keys 229
OpenSSH Fingerprints 230
Getting the Fingerprint Value 230
The known_hosts File 231
Making Your Own Keys 231
www.it-ebooks.info
■ CONTENTS

x


The DHCP Server 231
Setting Up the DHCP Server 232
The DHCP Configuration File 233
Assigning Fixed Addresses 234
Organizing with Groups 235
The NTP Server 236
Client-Server Mode 238
Symmetric Active/Passive Mode 238
Broadcast Mode 239
ntpq 240
DNS 240
Name Servers and Zones 242
Name Resolution 242
BIND Utilities 243
rndc-confgen 243
rndc 243
named 243
BIND Configuration Files 243
The Contents of rndc.conf 245
The Contents of named.conf 246
Caching DNS 246
The hints File 246
dig 247
nslookup 248
Configuring a Caching DNS 248
Configuring a Forwarder 251
Configuring a Slave DNS 251
Configuring a Master DNS 252
Reverse Lookup 255

The Squid Web Caching Server 256
Installing Squid 256
The Squid Main Configuration File 256
The visible_hostname directive 256
The cache_dir directive 257
ACLs and ACL-operators 258
Adding ACLs and ACL-operators 258
How ACL-operators Work 259
Talking to Squid Peers 259
More Squid 260
Summary 260
■Chapter 12: Open Source Databases 261
ACID 261
MySQL 262
Setting Up MySQL 263
www.it-ebooks.info
■ CONTENTS

xi

Running the MySQL Server 264
MySQL Users 264
MySQL Monitor 264
Securing the MySQL Root User 265
Creating a Database 266
Removing a Database 267
Adding a User 267
Removing a User 267
Granting Privileges 268
Removing Privileges 269

Getting a List of Available Databases 269
Creating Database Backups 269
Restoring Databases Using Backups 270
Restoring the toys Database 271
Customizing the MySQL Server Configuration 271
PostgreSQL 272
Setting up PostgreSQL 272
Starting PostgreSQL 273
PostgreSQL Interactive Terminal 273
Using the Interactive Terminal 273
PostgreSQL Roles 274
Creating a Role 274
Removing a User 275
Creating a Database 275
Dropping a Database 275
PostgreSQL Privileges 275
Granting Privileges to Objects 276
Revoking Privileges on Objects 276
Changing Role Attributes 277
Getting the List of Databases 277
Creating Database Backups 278
Restoring a Database 278
Configuring PostgreSQL 279
pg_hba.conf 279
CRUD and Databases 280
Creating 281
Verifying the Newly Created Tables 282
Viewing the Structures of the Tables 283
Adding Entries to the Table 283
Reading 284

Updating 285
Dropping Entries from a Table 286
Summary 287
■Chapter 13: Linux Web Services 289
www.it-ebooks.info
■ CONTENTS

xii

The Role of a Web Server 289
Apache Web Server 290
Setting Up Apache 290
Testing Apache 290
Apache Server Directories 291
The Apache Configuration File 293
Apache Configuration File Sections 293
Commonly Used Directives 294
Section 1: Global Environment 294
Section 2: Main Server Configuration 295
Distributed Configuration Files 297
DirectoryIndex 298
Alias 298
ScriptAlias 298
Creating Another Document and cgi-bin Directory 299
Virtual Hosts 302
IP-Based and Name-Based Virtual Hosting 303
The VirtualHost Directive 304
Configuring Name-Based Virtual Hosting 304
Adding PHP to Apache 308
Secure Apache with SSL 309

Securing with OpenSSL 310
Startup Without a Passphrase 311
Summary 312
■Chapter 14: File Sharing Services 313
Very Secure FTP Daemon 313
Configuring vsftpd 313
vsftpd.conf 313
ftpusers 314
user_list 314
Testing vsftpd 314
NFS 315
Configuring NFS 316
Sharing a Directory Using NFS 317
Sharing Directories Using NFS Daemons 318
Mounting a Shared Directory As the Client 318
Unmounting a Shared Directory as the Client 319
Using exportfs 319
Mounting Shared Directories at Boot Time 320
Setting Up a Samba Server 321
Installing Samba 322
Configuring Samba 322
lmhosts 322
smbusers 322
www.it-ebooks.info
■ CONTENTS

xiii

smb.conf 323
Configuring Stand-Alone Server Options 323

server string 323
netbios name 324
passdb backend 324
Adding a Samba User 324
Testing the Samba Stand-Alone Server 325
Adding Shares 326
Sharing a Printer 328
Preparing the Printer to Pass Print Data in Raw Form 329
Configuring Samba to Share a Printer 332
Installing the Samba Printer to the Windows Client 333
Summary 334
■Chapter 15: Linux Mail Servers 335
Basic Email Concepts 335
The Mail User Agent 336
Mail Transfer Agent 336
Mail Delivery Agent 337
POP3 and IMAP 337
Sendmail 338
Sending Email with Sendmail 339
Checking Mail with the mail Command 339
sendmail.mc 342
sendmail.cf 344
The Sendmail Administrative Configuration Files 345
local-host-names 345
aliases 345
access 346
The trusted-users File 348
The virtusertable File 348
mailertable 349
Postfix 349

Installing Postfix 350
Switching MTAs 350
Sending Email with Postfix 351
The Postfix Main Configuration File 351
Postfix Administrative Configuration Files 354
access 354
aliases 355
virtual 356
transport 356
generic 356
canonical 357
relocated 357
www.it-ebooks.info
■ CONTENTS

xiv

Mail Servers and DNS 358
Dovecot 359
Installing Dovecot 359
The dovecot.conf Configuration File 359
Configuration Options 360
protocols 360
ssl_cert_file 360
ssl_key_file 360
ssl_key_password 361
mail_location 361
Configuring Dovecot for Maildir 361
Configuring an Email Client to Send and Receive Email Using IMAP 362
Checking the IMAP Maildir contents 366

Receiving Email with POP3 367
Checking the POP3 Maildir contents 369
Dovecot and OpenSSL 370
Using Evolution with OpenSSL 370
Troubleshooting Tactics 372
Summary 372
■Chapter 16: Directory Services 373
The Need for Unified Authentication 373
Network Information System 375
Setting up NIS 375
The NIS Server 375
Creating Your First Domain 376
ypserv.conf 377
The NIS Client 378
Binding to an NIS Domain 379
yp.conf 379
nsswitch.conf 379
Testing the Setup 380
Maps 381
NIS Utilities 382
ypwhich 382
ypcat 383
ypmatch 383
yppasswd 383
NIS with NFS 384
Using NIS with NFS 384
OpenLDAP 385
Setting up OpenLDAP 385
slapd 386
ldap.conf 386

slapd.conf 386
www.it-ebooks.info
■ CONTENTS

xv

Modules 387
Schemas 388
Your First Database 390
Using the my-domain.com database 391
LDIF Format 392
Starting OpenLDAP 393
Adding Entries with ldapadd 393
Searching Entries with ldapsearch 396
Changing Entries with ldapmodify 397
Removing Entries Using ldapdelete 398
Creating a Backup 399
OpenLDAP and Samba 399
Installing Perl Modules 400
nss_ldap 402
The nss_ldap Configuration File 403
ldap.secret 404
nsswitch.conf 404
OpenLDAP 405
OpenLDAP Client Configuration File 405
Samba 406
Smbldap-tools 408
smbldap.conf 408
smbldap_bind.conf 408
Installing and Configuring smbldap-tools 409

Joining the DCTOYS Domain Controller 411
Testing the Samba and OpenLDAP Setup 412
Troubleshooting Tactics 413
Pitfall #1: Cannot log into the domain controller 413
Pitfall #2: Cannot start the Samba server properly because only the nmbd process is running 413
Summary 413
■Chapter 17: The Linux Kernel 415
History of the Linux Kernel 415
Types of Linux Kernels 415
Kernel Modules 417
Loading Kernel Modules 418
insmod 418
modprobe 418
modprobe.conf 419
Unloading Kernel Modules 421
rmmod 421
modprobe 422
blacklist 422
When to Recompile the Kernel 422
Getting a New Linux Kernel 423
www.it-ebooks.info
■ CONTENTS

xvi

Preparing to Configure the New Linux Kernel 423
Ways to Configure the Kernel Sources 424
Configuring the Kernel with the Command Line 424
Configuring the Kernel Graphically 426
Configuring the Kernel with menuconfig 428

Preparing for Kernel Compilation 430
Building the Kernel 431
Building the Kernel Modules 432
Making the Boot Loader Initialized RAM Disk 432
Adding the New Kernel into the GRUB Boot Loader 432
Your Turn 434
Summary 434
■Chapter 18: Linux Virtualization 435
Understanding Virtualization 435
Deciding to Use Virtualization 436
Xen 437
Exploring Virtualization Technologies 437
Full Virtualization 437
Hardware-Assisted Virtualization 437
Operating System Virtualization 437
Paravirtualization 438
Hardware Requirements 439
Installing Xen 440
The xend Daemon 441
The xend Configuration Files 441
xend-config.sxp 441
xend-pci-permissive.sxp and xend-pci-quirks.sxp 442
qemu-ifup 442
The xend Network Configuration Scripts Directory 443
Checking Dom-0 443
Making a Guest with virt-install 444
Preparing the Installation Media 446
Using the virt-install Command 446
Understanding the Guest Configuration File 448
Xen Guest Example Configuration Files 450

Connecting to a Guest 450
Using xm 450
Using virt-viewer 451
Using vncviewer 452
Shutting Down a Guest 453
Starting a Guest 453
Cloning a Guest 453
Cleaning Up 454
Summary 455
www.it-ebooks.info
■ CONTENTS

xvii

■Chapter 19: Linux Troubleshooting 457
The CentOS Rescue Environment 457
Exploring the Rescue Environment 460
Troubleshooting Checklist 461
Changed the Root Password 461
Bootloader Was Overwritten 462
You’re Experimenting with the Files in /etc 463
Skipping /mnt/sysimage 463
Finding the Affected System’s Root (/) Directory 464
Mounting Logical Volumes 464
Mounting Logical Volumes 465
Single-User Mode 466
Booting into Single-User Mode 466
My New Kernel Is Stuck! 467
Creating the Required Device Files 468
Summary 469

■Index 471


www.it-ebooks.info
■ CONTENTS

xviii

About the Authors
■Ryan Baclit started to use Linux during his college days at De La Salle
University. His natural interest in computer technology prompted him to study
the operating system and its tools. Knowing that he needed to learn more about
open source technology to advance in Linux and the proper use of open source
tools, he enrolled in Bluepoint Institute of Higher Technology’s Total Linux
course in 2005. After graduating, he eventually became an instructor T that
institute. As an instructor, he usually teaches open source programming tools like
Bash shell scripting and software analysis and design with UML. When not
playing with Linux, he studies manga illustration, reads manga, and collects
anime toys.


■Chivas Sicam works as an entrepreneur and IT consultant. Chivas takes pride in
being part of the DOST-ASTI (Department of Science and Technology Advanced
Science and Technology Institute) Bayanihan Linux project. His team has
advocated the use of open source software for the computing needs of government
agencies, schools, and small and medium-size enterprises in the Philippines. He
also scored 100% in his RHCE exam in March 2005. He enjoys technology, road
trips, and keeping up-to-date on news of the Utah Jazz.




■Peter Membrey lives in Hong Kong and is actively promoting open source in all
its various forms and guises, especially in education. He has had the honor of
working for Red Hat and received his first RHCE at the tender age of 17. He is now
a Chartered IT Professional and one of the world’s first professionally registered
ICT Technicians. Currently studying for a master’s degree in IT, he hopes to study
locally and earn a PhD in the not-too-distant future. He lives with his wife, Sarah,
and is desperately trying (and sadly failing) to come to grips with Cantonese.


www.it-ebooks.info
■ ABOUT THE AUTHORS

xix

■John Newbigin has been passionate about Linux for more than 10 years. In that
time he has channeled much of his enthusiasm into writing a number of tools and
utilities. Ironically it is his Windows programs such as RawWrite for Windows and
Explore2fs that have generated the most interest, though they all help to bring
Linux to a larger audience.
John’s involvement with CentOS dates back to the early days when it was still part
of the CAOS Foundation. From late 2003 until mid-2009 when the product was
retired, John was the CentOS-2 lead developer. He still helps out on the other
releases where possible.
In between working on CentOS and his other programs, John still finds time for his
day job as a Linux systems administrator, where he continues to find new and
exciting ways to use Linux networking, file systems, and security.

www.it-ebooks.info
■ CONTENTS


xx

About the Technical Reviewer
■Ann Tan-Pohlmann has experience in many fields, including slinging regular
expressions, watching Linux servers, writing telecom billing systems, being an
obsessive-compulsive spreadsheet user, and arguing about machine learning. She
is learning Italian, has forgotten most of her Mandarin, trains cats using Cat-Kwan-
Do, and sings Videoke to survive the Manila night. She currently does GUI
development for a telecom testing company in her day job.

www.it-ebooks.info
■ ABOUT THE AUTHORS

xxi

Acknowledgments
Thanks to all of the following:
Dad, Mom, Joel (who gave me my very first Linux CDs), Eric, and Adrian. They were always there to help
me push forward when challenges got tough.
Bluepoint Institute of Higher Technology. They gave me the proper training to have concrete Linux skills
for the enterprise and to interact with their wonderful BLUE community.
Chivas and Frank. You two introduced me to the world of writing books with Apress.
The CentOS community. They created the alternative Linux distribution to RHEL for the use of all.
The rest of the open source community. They have shown a commitment to providing great open source
software.
God. If it were not for Him, I would not have everything I have now.
–Ryan Baclit

I would like to thank the people of Apress for their support in this endeavor.

–Chivas Sicam

The one person I would really like to acknowledge is my wife, Sarah.
Despite being pregnant through the majority of the work on this book, and despite somehow managing
to seemingly suffer all the potential side effects of pregnancy (which the doctor joyfully insisted was
"completely normal"), she always had a smile for me. I can honestly say that after pulling an all-nighter
(alas, entirely my own fault), there could be no better sight. So, please allow me to thank her for her
unlimited patience and tolerance. She is my best friend, and I love her dearly. Without her love and
support, I would never have been able to finish the book.
–Peter Membrey


www.it-ebooks.info
■ INTRODUCTION

xxii

Introduction
Community Enterprise Operating System, or CentOS, is an enterprise Linux distribution. It was
developed by the CentOS Project community using the source code of the commercial Linux
distribution from Redhat, the Redhat Enterprise Linux (RHEL). They created CentOS to have a free
alternative to RHEL and to have a Linux distribution that's as stable as its commercial counterpart and
can keep up with the requirements of the enterprise. Using CentOS is a good choice to learn Linux not
only for its RHEL roots but also for its compatibility, quality, and support.
CentOS is binary compatible with the RHEL because it was built using the source code of RHEL. Also, the
developers made sure to adhere to the redistribution rules of RHEL when they built CentOS so it would
be a truly free alternative to the original.
CentOS is continuously being developed by its core developers and its community. They make security
and software updates and quality assurance measures to maintain the stability of the distribution. The
packages they build for CentOS are placed on their distributed mirror network to allow users to

download and install software on their system manually if needed. Because of the core developers and
its community, CentOS is able to have a constant release upgrade schedule to allow users to use new
software and to support new hardware. They are also increasing in numbers, and that means there's
always a better CentOS after each release.
CentOS has an interactive community, and you can ask them for assistance (go to ) if
you need it. You can send email to community members to share ideas or ask for solutions on the
problems that you may have encountered while using CentOS. For business users that plan to use
CentOS on their organization, they can avail of commercial support for CentOS through companies that
specialize in it.
The Book
Foundations of CentOS Linux: Enterprise Linux on the Cheap was written for beginning to intermediate
level administrators who want to learn Linux using CentOS. This book was designed to be a hands-on
type of book to enable you to grasp Linux concepts fast. Starting with Chapter 1, you will be given
background and instructions on how to install CentOS in your computers properly. Then you will install
CentOS on your computers. This pattern continues throughout the book to optimize your Linux learning
experience.
The CentOS systems that you will install in Chapter 1 will also be used with the other topics of the book
such as shell scripting, securing your system, and setting up servers for network services. While reading
the book and learning CentOS, you are also learning how to use the RHEL distribution at the same time.
The scripts and server software that you will learn can also be used on a running RHEL system. This
forms a strong foundation not only for both CentOS and RHEL but also for the core Linux concepts.
www.it-ebooks.info
■ INTRODUCTION

xxiii

Here is a brief summary of what each chapter covers on the book:
Chapter 1 will give you a walkthrough on how to install CentOS into your computers. You will be given
advice on how to prepare for your first Linux installations such as where to get an install CentOS DVD
and having a checklist for an enterprise server setup and enterprise workstation setup. After this chapter,

you now have at least two working CentOS machines that are good enough for you to experiment with
Linux.
Chapter 2 will introduce you to the command-line interface of Linux using the Bourne-again shell or
BASH. With BASH, you will be able to find out who is currently logged in, see the concepts behind the
Linux filesystem and why the directories are arranged like that, and how to manage directories such as
making symbolic links (or shortcuts) or removing directories. If you ever get stumped on any of the shell
commands, you will be given an overview on how to get help about it using the man pages.
Chapter 3 will show you how to customize your installed CentOS systems depending on your
requirements. You will be given an overview of the Linux boot process, the importance of a bootloader,
the runlevels your systems can use, and configuring the system services needed to be started at boot. In
addition, you will see how you can configure other system settings such as the keyboard, the current
language, the system networking, the graphical adjustment, and the printer.
Chapter 4 will dig deeper into the realm of storage. You will learn how to manage storage devices such as
preparing and adding hard drives and what filesystems you can use for them on your system. You will be
shown how to set them up for redundancy using RAID or have an extensible partitioning capability with
the Logical Volume Manager.
Chapter 5 will show you how to manage users on your systems. You will learn how to add, remove, and
modify users, and change passwords on both the graphical desktop and on the command-line interface.
Armed with the concepts of Linux users, you will know how to put restrictions on the amount of storage
space users can access through the use of disk quotas.
Chapter 6 will introduce you to the X Windows, the base system that is used by graphical Linux
applications such as the GNOME Desktop. You will also learn how to use the GNOME Desktop controls
like menus and buttons. Later, you will see how you can use your desktop to connect to another X
Windows server for remote graphical administration.
Chapter 7 will show you how to manage packages in your system. You will learn how to install, update,
and remove packages, and use repositories to further streamline package management in your system.
Chapter 8 will give you a background on basic Linux security to secure your system. You will know how
to configure the system logger and view log files to monitor your system in case of a break-in. You will
also see how to schedule tasks for automation. Lastly, you will learn how to use Linux-PAM to have a
central way of authenticating users with PAM-enabled applications.

Chapter 9 will show you advanced methods of securing your system. You will learn how to use digital
certificates for encryption, install and configure intrusion detection tools to detect unwanted attacker
break-ins, and monitor system consistency through packages and additional tools. You will be
introduced to how to apply a strict security mechanism in your system through SELinux policies.
Chapter 10 will show you how to secure your system on the network. You will learn how to create firewall
rules to prevent unwanted traffic and attackers from entering your system through the network. You will
also see how to use tcp_wrappers that can provide security for services that can interface with it. To have
a secure way to save your system log files, you will learn how to configure a central log server in this
chapter.

www.it-ebooks.info