Table of Contents

Open all
Close all
Preface
31
What This Book Can Do—and What It Can't
31
How This Book Is Organized
32
Formal Aspects
33
Part I Installation
35
1 What Is Linux?
37
1.1 Introduction
37
1.2 Hardware Support
38
1.3 Distributions
39
1.3.1 Common Linux Distributions
41
1.4 Open-Source Licenses (GPL and Company)
44
1.4.1 Licensing Conflicts between Open- and Closed-Source Software
46
1.5 The History of Linux
46
2 Installation Basics
49
2.1 Requirements
49
2.2 BIOS and EFI
50
2.2.1 EFI System Partition
51
2.2.2 UEFI Secure Boot
51
2.3 Installation Variants
53
2.3.1 Installation Medium
53
2.3.2 Network Installation
54
2.3.3 Installation Program
54
2.3.4 Installation Location
55
2.4 Overview of the Installation Process
56
2.5 Partitioning Basics
58
2.5.1 MBR Basics
59
2.5.2 GPT Basics
59
2.5.3 Partition Names
60
2.5.4 File Systems
61
2.6 LVM and Encryption
61
2.6.1 Logical Volume Manager
61
2.6.2 Encryption
62
2.6.3 Limitations
63
2.6.4 Recommendation
63
2.7 Creating Linux Partitions
64
2.7.1 Number and Size of Linux Partitions
65
2.7.2 Which File System?
67
2.8 Setting the Scope of the Installation
68
2.9 Basic Configuration
68
2.10 System Changes, Extensions, and Updates
70
2.10.1 Software Installation and Package Management
70
2.10.2 Updates
70
2.10.3 Configuration
72
3 Installation Instructions
75
3.1 Debian
76
3.1.1 Installing Debian
78
3.1.2 Live-Image Installation
78
3.1.3 Standard Installation
80
3.1.4 Getting Started
83
3.2 Fedora
84
3.2.1 Installing Fedora
86
3.2.2 Getting Started
90
3.3 Linux Mint
92
3.4 Manjaro Linux
95
3.5 openSUSE
98
3.5.1 Installing openSUSE
100
3.5.2 Getting Started
103
3.6 Pop!_OS
104
3.6.1 Installing Pop!_OS
105
3.6.2 Getting Started
107
3.7 Ubuntu
108
3.7.1 Installing Ubuntu
110
3.7.2 Getting Started
114
Part II Using Linux
117
4 GNOME
119
4.1 Personal Assessment
120
4.2 Getting Started
121
4.2.1 Panel
121
4.2.2 Activities
122
4.2.3 Dock (Dash)
124
4.2.4 Running Programs
124
4.2.5 Special Features of Keyboard, Mouse, and Touchpad
126
4.2.6 Using the Clipboard Efficiently
128
4.3 File Manager
128
4.3.1 Operation
129
4.3.2 Removable Media
132
4.3.3 Access to Network Directories
133
4.3.4 Sharing Network Directories
134
4.3.5 Plugins
137
4.3.6 Additional Programs
137
4.4 System Configuration
138
4.4.1 Mouse, Touchpad, and Keyboard
139
4.4.2 Network Configuration
141
4.4.3 Online Accounts
141
4.4.4 Printers
141
4.4.5 Monitor and Projector Configuration
143
4.4.6 High DPI Displays
144
4.4.7 Colors
145
4.4.8 User Administration
145
4.4.9 Software Installation and Updates
146
4.4.10 Remote Maintenance
147
4.5 Fonts
148
4.6 GNOME Tweak Tool
150
4.7 GNOME Shell Extensions
152
4.7.1 Useful Extensions
154
4.7.2 Tips and Tricks
155
4.8 GNOME Shell Themes
156
4.9 Internal Details of GNOME
156
4.9.1 XDG Directories and Scripts
158
4.10 GNOME Classic
159
5 KDE
161
5.1 Basic Principles
161
5.1.1 Terminology
162
5.1.2 Distributions
162
5.2 Operation
163
5.2.1 Important Plasmoids
166
5.3 File Manager
167
5.3.1 Renaming Files (KRename)
169
5.3.2 External Media and Network Directories
170
5.4 KDE Configuration
170
Part III Linux Basics
177
6 Using the Terminal
179
6.1 Text Consoles and Terminal Windows
179
6.1.1 Terminal Window
181
6.1.2 Running Commands
184
6.2 Displaying and Editing Text Files
185
6.2.1 Text Editors
186
6.3 man and info
189
7 Bash (Shell)
193
7.1 What Is a Shell?
193
7.1.1 Other Shells
194
7.2 Configuration
195
7.3 Command Input
198
7.3.1 Expanding Command and File Names
198
7.3.2 Important Keyboard Shortcuts
200
7.3.3 Alias Abbreviations
201
7.4 Input and Output Redirection
202
7.4.1 Output Multiplication Using tee
205
7.5 Executing Commands
205
7.6 Globbing and Substitution/Expansion
208
7.6.1 Command Substitution
211
7.6.2 Single versus Double Quotation Marks
213
7.7 Variables
213
7.7.1 Environment Variables
215
7.7.2 Predefined Environment Variables
215
7.8 Bash Scripts
217
7.8.1 Example 1: grepall
217
7.8.2 Example 2: stripcomments
219
7.8.3 Example 3: applysedfile
219
7.8.4 Example 4: Backup Script
220
7.8.5 Example 5: Creating Thumbnails
221
7.8.6 Example 6: Setting Up Student Accounts
222
7.8.7 Example 7: Changing Multiple MySQL/MariaDB Databases
223
7.9 Basic Rules for Bash Scripts
223
7.10 Variables in Bash Scripts
225
7.10.1 The Scope of Variables
225
7.10.2 Variables Predefined by the Shell
226
7.10.3 Arrays
227
7.10.4 Parameter Substitution
228
7.10.5 Read Variables Using "read"
230
7.11 Branches, Loops, and Functions
230
7.11.1 If Branches
231
7.11.2 Formulating Conditions
231
7.11.3 Case Branches
233
7.11.4 For Loops
233
7.11.5 While Loops
235
7.11.6 Until Loops
236
7.11.7 Functions
236
7.11.8 Heredoc Syntax
237
7.12 Important Special Characters in Bash: Quick Reference
237
8 Zsh (Shell)
241
8.1 Installation and Configuration
242
8.2 Usage
247
8.3 Oh My Zsh
250
9 Files and Directories
253
9.1 Handling Files and Directories
253
9.1.1 Directories
254
9.1.2 Elementary Commands for Editing Files and Directories
255
9.1.3 Determining Space Requirements of Files and Directories
258
9.1.4 Wildcard Characters
259
9.1.5 Complications with Using Wildcard Characters
261
9.1.6 Hidden Files and Directories
262
9.1.7 Special Types of Files (Links, Devices, and the Like)
263
9.2 Links
264
9.3 Finding Files (find, grep, and locate Commands)
266
9.3.1 which and whereis
266
9.3.2 locate
267
9.3.3 find and grep
268
9.4 Greater Convenience with Modern Commands
271
9.5 Access Rights, Users, and Group Membership
273
9.5.1 Access Rights for Files
274
9.5.2 Access Rights for Directories
276
9.6 Special Bits and the umask Setting
279
9.6.1 Setuid, Setgid, and Sticky Bit
279
9.6.2 Owner and Group of New Files
282
9.6.3 Access Bits of New Files (umask)
283
9.7 Access Control Lists and Extended Attributes
285
9.7.1 Access Control Lists
286
9.7.2 Extended Attributes
288
9.7.3 Capabilities
289
9.8 The Linux Directory Structure
289
9.9 Device Files
293
10 Process Management
297
10.1 Starting, Managing, and Stopping Processes
297
10.1.1 Launching Programs
298
10.1.2 Foreground and Background Processes
298
10.1.3 List of All Running Processes (ps and top)
299
10.1.4 Process Hierarchy
302
10.1.5 Terminating Processes by Force (kill and xkill)
303
10.1.6 Distribution of Compute Time (nice, renice, and ionice)
304
10.1.7 Input and Output Redirection and Pipes
305
10.2 Running Processes under a Different Identity (su)
305
10.2.1 The su Command
306
10.3 Running Processes under a Different Identity (sudo)
307
10.3.1 sudo with Ubuntu
309
10.3.2 sudo with Raspberry Pi OS
310
10.3.3 sudo with Debian
311
10.3.4 sudo for RHEL and Fedora
311
10.3.5 sudo with SUSE
311
10.4 Running Processes under a Different Identity (PolicyKit)
312
10.5 System Processes (Daemons)
315
10.5.1 Kernel Threads
316
10.5.2 Starting and Stopping System Services
317
10.6 Starting Processes Automatically (Cron)
318
10.6.1 /etc/cron.hourly, .daily, .weekly, and .monthly
320
10.6.2 Anacron
322
10.7 Starting Processes Automatically (systemd Timer)
323
11 Network Tools
329
11.1 Determining the Network Status
329
11.2 Working on Other Computers (SSH)
334
11.2.1 Copying Files Securely Using scp
338
11.2.2 SSH Tunnel
339
11.2.3 SSH File System
340
11.2.4 telnet
340
11.3 Transferring Files (FTP and Others)
341
11.3.1 SFTP (Secure FTP)
342
11.3.2 wget
343
11.3.3 curl
344
11.3.4 lftp
344
11.3.5 rsync, mirror, and sitecopy
345
11.4 Lynx
346
11.5 Mutt
346
Part IV Text and Code Editors
349
12 Vim
351
12.1 Quick Start
352
12.1.1 Help
354
12.2 Cursor Movement
355
12.3 Editing Text
356
12.4 Search and Replace
360
12.5 Editing Multiple Files Simultaneously
361
12.6 Internal Details
363
12.7 Tips and Tricks
366
13 Emacs
369
13.1 Quick Start
369
13.1.1 Loading and Saving Texts and Exiting the Program
370
13.1.2 Online Help
371
13.1.3 Editing Modes
372
13.1.4 Keyboard
372
13.2 Cursor Movement
373
13.3 Editing Text
374
13.3.1 Tabs
376
13.3.2 Indenting and Outdenting Text Manually
376
13.3.3 Continuous Text
378
13.4 Search and Replace
379
13.4.1 Searching for Patterns (with Regular Expressions)
380
13.4.2 Search and Replace
381
13.5 Buffers and Windows
382
13.6 Special Editing Modes
384
13.7 Configuration
386
13.7.1 Setting the Font
386
13.7.2 Configuration at the Click of a Mouse
386
13.7.3 Manual Configuration Directly in .emacs
387
13.7.4 MELPA
388
Part V System Configuration and Administration
389
14 Basic Configuration
391
14.1 Introduction
391
14.2 Configuration of the Text Consoles
395
14.2.1 Keyboard Layout
395
14.2.2 Font
397
14.3 Date and Time
397
14.4 Synchronizing Date and Time via NTP
399
14.4.1 The systemd-timesyncd Process (Debian, Raspberry Pi OS, and Ubuntu)
400
14.4.2 Chrony (Fedora, RHEL, and SUSE)
400
14.5 Users, Groups, and Passwords
401
14.5.1 User Management
404
14.5.2 Group Management
405
14.5.3 Passwords
407
14.5.4 Interaction of the Configuration Files
411
14.5.5 Network User Management
412
14.6 PAM, NSS, and Nscd
412
14.6.1 PAM
413
14.6.2 Name Service Switch
416
14.6.3 Name Service Caching Daemon
417
14.6.4 System Security Services Daemon
418
14.7 Language Setting, Internationalization, and Unicode
418
14.7.1 Setting the Localization and Character Set
419
14.7.2 “Cannot Set/Change Locale” Error Message
423
14.8 Hardware Reference
423
14.8.1 CPU and Memory
425
14.8.2 Power Management
425
14.8.3 Interfaces and Bus Systems
426
14.8.4 Bluetooth
427
14.8.5 Hotplug System
430
14.8.6 Audio System
432
14.9 CPU Tuning
434
14.9.1 Controlling the CPU Frequency
435
14.9.2 Monitoring the CPU Temperature
437
14.10 Notebook Optimization
438
14.10.1 powertop
438
14.10.2 TLP
440
14.10.3 Controlling the Battery-Charging Behavior
442
14.10.4 Fan Control
443
14.11 Printing System (CUPS)
444
14.11.1 Sequence of the Printing Process
445
14.11.2 Internal Details of CUPS
447
14.11.3 CUPS Web Interface
449
14.11.4 Administrating CUPS Using Commands
450
14.12 Logging (Syslog)
452
14.12.1 rsyslogd
452
14.12.2 Kernel Logging
455
14.12.3 System Startup Log
456
14.12.4 Logrotate
456
14.12.5 Logwatch
457
14.13 Logging (Journal)
460
14.13.1 journalctl
461
14.13.2 Configuration
462
14.14 Cockpit
463
14.14.1 Installation
464
14.14.2 Security Concerns
465
14.14.3 Configuration
465
14.14.4 Operation
466
15 Network Configuration
469
15.1 NetworkManager
469
15.1.1 Configuration
470
15.1.2 Virtual Private Networks
473
15.1.3 Proxy Configuration
474
15.1.4 Configuring NetworkManager in Text Mode
475
15.1.5 Internal Details
476
15.2 Manual LAN and Wi-Fi Configuration
478
15.2.1 Activating the LAN Controller Manually
478
15.2.2 Retrieving DHCP Information
482
15.2.3 IPv6 Configuration
482
15.2.4 Manual Control of the Wi-Fi Controller
484
15.2.5 Encrypting the Wireless Network
485
15.3 LAN Configuration Files
487
15.3.1 Basic Configuration
487
15.3.2 DNS Configuration (resolv.conf)
489
15.3.3 Host Name
490
15.3.4 Mappings between Controllers and Network Interfaces
491
15.4 Distribution-Specific Configuration Files
491
15.4.1 RHEL and Fedora (NetworkManager)
492
15.4.2 Debian
495
15.4.3 SUSE
498
15.4.4 Ubuntu
499
15.4.5 networkd (systemd)
501
15.5 Zeroconf and Avahi
502
16 Software and Package Management
505
16.1 Introduction
505
16.1.1 Disadvantages of Linux Package Management
507
16.1.2 New Concepts
508
16.2 RPM Package Management
509
16.2.1 Basic Principles
510
16.2.2 The rpm Command
511
16.3 DNF
513
16.3.1 Concept
513
16.3.2 Configuration
514
16.3.3 Searching, Installing, and Updating Packages
516
16.3.4 AppStream
518
16.3.5 Additional Functions
520
16.4 ZYpp
521
16.4.1 The zypper Command
522
16.5 Debian Package Management (dpkg)
524
16.5.1 The dpkg Command
525
16.6 APT
527
16.6.1 Configuration
528
16.6.2 apt Command
530
16.6.3 The apt-get Command
532
16.6.4 Additional APT Commands
532
16.6.5 Automating Updates
533
16.6.6 Synaptic
535
16.7 Pacman
537
16.8 PackageKit
540
16.9 Firmware, BIOS, and EFI Updates
541
16.9.1 fwupd and fwupdmgr
542
16.9.2 Internal Details of Microcode Updates
544
16.10 Managing Parallel Installations (Alternatives)
545
16.11 Flatpak and Snap
547
16.11.1 Flatpak
549
16.11.2 Snap
550
16.11.3 AppImages
552
16.12 Distribution-Specific Characteristics
554
16.12.1 Debian
554
16.12.2 Fedora
556
16.12.3 openSUSE
557
16.12.4 RHEL and Clones
559
16.12.5 Ubuntu
562
17 Graphics System
567
17.1 Basic Principles
567
17.1.1 The X Window System
568
17.1.2 Wayland
569
17.1.3 Wayland Limitations Compared to X
570
17.1.4 Glossary
571
17.2 Graphics Drivers
572
17.2.1 Drivers for AMD, Intel, and NVIDIA
573
17.2.2 Problems of Nonfree Drivers
575
17.3 NVIDIA Driver Installation
576
17.3.1 Operation and Configuration
578
17.4 Determining the Status of the Graphics System
582
17.5 Starting the Graphics System
586
17.5.1 Wayland or X?
586
17.5.2 The Role of the Display Manager
587
17.5.3 Configuring the Display Manager
588
17.5.4 Automatic Login
588
17.5.5 Monitor Configuration for gdm
589
18 File System Administration
591
18.1 How Everything Is Connected
593
18.2 Formatting and Using USB Media
594
18.2.1 Formatting a USB Flash Drive or SD Card
595
18.2.2 Mounting USB Media Manually
596
18.2.3 Mounting an External Hard Disk Automatically
596
18.3 Device Names for Hard Disks and Other Data Media
598
18.4 Partitioning the Hard Disk or SSD
603
18.4.1 MBR or GPT?
604
18.4.2 Basic Rules
604
18.5 The parted Command
605
18.5.1 Example 1 (MBR)
608
18.5.2 Example 2 (GPT)
609
18.6 Partitioning Tools with a Graphical User Interface
610
18.7 File System Types
611
18.8 mount, umount, and /etc/fstab
616
18.8.1 Determining the Current State of the File System
616
18.8.2 Mounting and Unmounting File Systems Manually (mount and umount)
617
18.8.3 Mounting File Systems Automatically (/etc/fstab)
619
18.8.4 The Syntax in /etc/fstab
619
18.8.5 Bind Mounts
623
18.8.6 Automatic Mounts without /etc/fstab
624
18.9 Basic Principles of File Systems
625
18.10 The ext File System (ext2, ext3, and ext4)
627
18.10.1 Administration
628
18.11 The btrfs File System
630
18.11.1 Administration
632
18.11.2 Deactivating Copy-On-Write
633
18.11.3 Compressing Files
634
18.11.4 Subvolumes
635
18.11.5 Snapshots
636
18.11.6 Distributing btrfs File Systems across Multiple Devices (RAID)
638
18.11.7 Determining the Use of a btrfs File System (df)
640
18.11.8 btrfs Configuration in openSUSE
642
18.11.9 btrfs Configuration in Fedora
645
18.12 The xfs File System
646
18.13 Windows File Systems (vfat and ntfs)
647
18.13.1 The VFAT File System
649
18.13.2 The NTFS File System
650
18.14 Swap Partitions and Files
651
18.15 RAID
654
18.15.1 Manual Configuration Using mdadm
656
18.15.2 Administration
658
18.15.3 Replacing a Defective RAID-1 Hard Disk
663
18.16 Logical Volume Manager
665
18.17 Self-Monitoring, Analysis, and Reporting Technology
670
18.18 SSD TRIM
675
18.19 Encryption
676
18.19.1 Encrypt Individual Files
676
18.19.2 Encrypting a File System
677
18.19.3 Encrypting the Entire System
682
18.19.4 Emergency Plan
684
19 Grand Unified Bootloader
687
19.1 Basic Principles of GRUB
687
19.1.1 EFI System Startup
687
19.1.2 UEFI Secure Boot
690
19.1.3 BIOS System Boot
691
19.1.4 The initrd Files
692
19.1.5 The Future of the Boot Process
694
19.2 Operating GRUB (User View)
695
19.3 GRUB Configuration
696
19.3.1 Automatic Generation of grub.cfg
700
19.3.2 Syntax and Internal Details
701
19.3.3 GRUB Menu Items
702
19.4 Manual GRUB Installation and First Aid
704
19.4.1 Manual Installation and First Aid for EFI PCs
704
19.4.2 Changing EFI Boot Entries and Settings (efibootmgr)
706
19.5 systemd-boot
707
19.5.1 Operation
709
19.5.2 Configuration
709
20 The Init System
711
20.1 systemd
711
20.1.1 Administration
713
20.1.2 Targets
714
20.1.3 Configuration
716
20.1.4 systemd at User Level
718
20.1.5 Additional Functions
719
20.1.6 Compatibility
720
20.1.7 Documentation
721
20.2 Custom systemd Services
721
20.2.1 Custom systemd Configuration File
721
20.2.2 Example 1: Setting up Docker Containers as a Service
723
20.2.3 Example 2: Logging the Computer Startup and Shutdown
724
20.3 Shutdown, Reboot, and Halt
725
20.4 The Traditional Init-V System
726
20.4.1 Runlevel
727
20.4.2 Init-V Scripts
727
20.4.3 Links in the Runlevel Directories
728
20.5 System Startup on Fedora and RHEL
729
20.6 System Startup on Debian, Raspberry Pi OS, and Ubuntu
730
20.6.1 Raspberry Pi OS
731
20.7 System Startup on SUSE/openSUSE
732
21 Kernel and Modules
735
21.1 Kernel Modules
736
21.1.1 Commands for Module Management
737
21.1.2 Module Configuration
739
21.1.3 modprobe Syntax
741
21.2 Compiling Kernel Modules Yourself
742
21.2.1 Automating Module Updates
743
21.3 Configuring and Compiling the Kernel Yourself
745
21.3.1 Basic Principles
747
21.3.2 Installing the Kernel Code
748
21.3.3 Using Supplied Kernel Configuration Files
750
21.3.4 Configuring the Kernel Manually
752
21.3.5 Tools for a Manual Kernel Configuration
752
21.3.6 Compiling and Installing the Kernel
754
21.4 Kernel Live Patches
755
21.5 The /proc and /sys Directories
759
21.6 Kernel Boot Options
760
21.6.1 Important Kernel Boot Options
761
21.6.2 Symmetric Multiprocessing Options
763
21.6.3 Advanced Configuration and Power Interface Options
764
21.7 Changing Kernel Parameters
765
21.8 Spectre, Meltdown, and Others
765
Part VI Server Configuration
769
22 Server Installation
771
22.1 Basic Principles
771
22.1.1 Installation Method
772
22.1.2 Host Name
773
22.1.3 RAID/LVM Setup
774
22.1.4 Improving Reliability
776
22.2 Red Hat Enterprise Linux
779
22.2.1 CentOS
781
22.2.2 AlmaLinux, Oracle Linux, and Rocky Linux
782
22.2.3 Distribution Change on the Fly
784
22.2.4 RHEL versus Clones
785
22.2.5 Installation
786
22.2.6 Registering the RHEL Installation
789
22.3 Ubuntu Server
790
22.3.1 Installing Ubuntu Server
791
22.4 Debian Server Installation
793
22.5 Elastic Compute Cloud
795
22.5.1 Amazon EC2
795
22.5.2 Costs
796
22.5.3 Getting Started
797
22.5.4 Setting Up the First Instance
798
22.5.5 SSH Access
801
22.5.6 EC2 Administration
802
22.5.7 Network Configuration
805
22.5.8 Amazon Linux
807
22.5.9 Internal Details
807
23 Secure Shell (SSH)
809
23.1 Installation
809
23.2 Configuration and Security
810
23.3 Fail2Ban
812
23.4 Authentication with Keys
814
23.5 Two-Factor Authentication
818
23.5.1 2FA with Google Authenticator
818
23.5.2 2FA with YubiKey
822
23.6 Additional Tools
824
23.6.1 Cluster SSH
824
23.6.2 Parallel SSH
825
23.6.3 Mosh
825
23.6.4 screen
826
24 Apache
829
24.1 Apache
829
24.1.1 Configuration
832
24.1.2 Default Character Set
834
24.1.3 Logrotate
836
24.2 Encrypted Connections (HTTPS)
836
24.2.1 Certificates
837
24.2.2 Using Self-Signed Certificates
838
24.2.3 Apache Configuration for HTTPS Operation
841
24.2.4 Snake-Oil Certificates
843
24.3 Let's Encrypt
844
24.3.1 Installing acme.sh
845
24.3.2 Applying acme.sh
845
24.3.3 SSL Settings
849
24.4 Setting Up and Securing Web Directories
851
24.4.1 Host Configuration
852
24.4.2 Directory Configuration
853
24.4.3 Securing Directories
855
24.4.4 Password Protection for Web Directories
857
24.5 Virtual Hosts
859
24.5.1 Setting Up Virtual Hosts
860
24.6 Web Access Statistics
861
24.6.1 GoAccess
862
24.7 PHP
865
24.8 NGINX
869
25 MySQL and MariaDB
873
25.1 Installation and Commissioning
874
25.1.1 Access Protection
877
25.1.2 Securing MySQL/MariaDB
878
25.1.3 Checking the Protection
880
25.1.4 Setting Up New Users
881
25.1.5 First Tests
882
25.2 Administration Tools
883
25.2.1 mysql
883
25.2.2 mysqladmin
884
25.2.3 MySQL Workbench
885
25.2.4 phpMyAdmin
886
25.3 Backups
888
25.3.1 mysqldump
888
25.3.2 Backup Tools and Variants
890
25.4 Installing WordPress
891
26 Postfix and Dovecot
895
26.1 Introduction and Basic Principles
895
26.1.1 Components of an Email Server
895
26.1.2 Protocols and Ports
897
26.1.3 The Message Flow in Detail
899
26.1.4 Variants and Options
901
26.1.5 DNS Configuration
902
26.1.6 Reverse DNS Entry
905
26.2 Postfix (MTA)
906
26.2.1 Installation on Debian and Ubuntu
907
26.2.2 Installation on EHEL
907
26.2.3 Configuration
909
26.2.4 main.cf
909
26.2.5 Changes to the Configuration
912
26.2.6 Opening Port 587
913
26.2.7 Logging and Administration
914
26.3 Postfix Encryption (TLS/STARTTLS)
915
26.3.1 Sample Configuration and Keywords
915
26.3.2 Setting Up Custom Certificates
918
26.4 Postfix Accounts
921
26.4.1 mbox or maildir Format
923
26.4.2 Mail Aliases
924
26.4.3 Explicit Recipients List
925
26.4.4 Email Addresses Differing from the Linux Account
926
26.4.5 Virtual Domains with Shared Email Users
927
26.4.6 Virtual Domains with Separate Email Users
928
26.4.7 Virtual Domains with Virtual Mailboxes
929
26.4.8 Disabling the Address Verification (VRFY)
931
26.5 Dovecot (POP and IMAP Server)
931
26.5.1 Operation as POP or IMAP Server
937
26.5.2 SMTP Authentication for Postfix
938
26.6 Client Configuration
939
26.7 SpamAssassin
941
26.7.1 Automatically Moving Spam to the Junk Folder
944
26.8 ClamAV (Virus Protection)
947
26.9 SPF, DKIM, and DMARC
949
26.9.1 Sender Policy Framework
950
26.9.2 DomainKeys Identified Mail
951
26.9.3 OpenDKIM
952
26.9.4 Postfix Configuration for OpenDKIM
958
26.9.5 Domain-Based Message Authentication, Reporting, and Conformance
959
26.10 Configuration Test and Troubleshooting
961
27 Samba
963
27.1 Basic Principles and Terminology
963
27.1.1 Access Rights and Security Systems
965
27.1.2 Centralized or Decentralized Server Topology?
967
27.1.3 NAS Instead of Tinkering with Samba?
968
27.2 Basic Configuration and Commissioning
969
27.2.1 Configuration Changes and Status
971
27.2.2 Firewall
972
27.2.3 Securing Samba
972
27.2.4 Logging
975
27.2.5 WS-Discovery (wsdd and wsdd2)
976
27.3 Password Management
976
27.3.1 Samba Passwords
977
27.3.2 Synchronizing Samba and Linux Passwords
978
27.3.3 Mapping of Windows and Linux User Names
980
27.3.4 Putting It All Together
981
27.3.5 Working Techniques
981
27.4 Network Directories
982
27.4.1 Sharing Network Directories in GNOME and KDE
987
27.5 Example: Home and Media Server
990
27.6 Example: Company Server
993
27.7 SMB Client Access
996
27.7.1 Using Desktop Systems
997
27.7.2 Finding a Samba Server Using nmblookup
998
27.7.3 Access to Network Directories Using smbclient
999
27.7.4 CIFS-mount
1000
Part VII Security
1005
28 Backups
1007
28.1 Déjà Dup
1007
28.1.1 Configuration and Use
1008
28.1.2 Restoring Data
1010
28.2 Back In Time
1010
28.2.1 Configuration and Use
1011
28.2.2 Restoring Data
1012
28.3 Grsync
1013
28.3.1 Configuration and Use
1014
28.4 Borg Backup
1015
28.4.1 Installation
1015
28.4.2 Usage
1015
28.4.3 Borg Backup in Scripts
1017
28.4.4 Borg Backup Using SSH
1018
28.4.5 Internal Details
1018
28.4.6 Borg User Interfaces
1018
28.5 Compressing and Archiving Files
1019
28.5.1 Compressing Files (gzip, bzip2, xz, and lzop)
1020
28.5.2 Creating Compressed Archives (tar and zip)
1021
28.6 Synchronizing Directories (rsync)
1022
28.7 Incremental Backups (rdiff-backup)
1025
28.8 Incremental Backups (rsnapshot)
1027
28.9 Backup Scripts
1030
28.10 Backups to S3 Storage
1032
28.10.1 Setting Up S3 Storage
1033
28.10.2 The aws Command
1034
28.10.3 Encryption and Example
1036
29 Firewalls
1039
29.1 Network Fundamentals and Analysis
1039
29.2 Basic Protection of Network Services
1045
29.2.1 The TCP Wrapper Library
1046
29.2.2 Starting Network Services without root Privileges
1047
29.2.3 Starting Network Services in a chroot Environment
1048
29.3 Basic Firewall Principles
1049
29.3.1 Netfilter and Nftables
1049
29.4 Firewall Configuration Tools
1050
29.4.1 Debian
1050
29.4.2 Fedora and RHEL
1051
29.4.3 firewall-cmd
1053
29.4.4 SUSE
1055
29.4.5 Ubuntu
1055
29.5 Custom Firewall Built Using nft
1057
29.5.1 Nftables: Basic Principles
1057
29.5.2 Defining Rules
1060
29.5.3 Syntax for Firewall Rules
1062
29.5.4 Simple Protection of a Web Server
1066
29.5.5 More Examples
1067
30 SELinux and AppArmor
1069
30.1 SELinux
1069
30.1.1 Internal Workings of SELinux and Usage
1071
30.2 AppArmor
1077
30.2.1 AppArmor on Debian and Ubuntu
1078
30.2.2 AppArmor on SUSE
1084
Part VIII Virtualization
1085
31 VirtualBox
1087
31.1 Installing VirtualBox
1087
31.1.1 VirtualBox Packages of your Distribution
1088
31.1.2 VirtualBox Packages from Oracle
1089
31.1.3 Preparation Tasks
1090
31.1.4 Installing VirtualBox on Windows or macOS
1091
31.2 Setting Up VirtualBox Machines
1091
31.2.1 Setting Up a Linux Virtual Machine
1092
31.2.2 Installing Guest Additions
1095
31.2.3 Setting Up a Windows Virtual Machine
1096
31.3 Working Techniques and Configuration Tips
1096
31.3.1 Network Configuration
1097
31.3.2 SSH Access via Port Forwarding
1098
31.3.3 Data Exchange via the Clipboard
1099
31.3.4 Exchanging Data with a Shared Folder
1099
31.3.5 USB Devices in Virtual Machines
1100
31.3.6 Exporting/Importing Virtual Machines
1100
31.3.7 Grouping Virtual Machines and Running Them Invisibly
1101
31.3.8 Using VirtualBox with a High-Resolution Monitor
1101
31.3.9 Controlling VirtualBox by Command (vboxmanage)
1102
31.3.10 Enlarging Virtual Hard Disks
1102
32 QEMU and Kernel-Based Virtual Machine
1105
32.1 Basic Principles
1106
32.1.1 Internal Workings of libvirt
1109
32.1.2 Behavior when Rebooting the Host System
1111
32.1.3 Virtual Hardware
1111
32.2 Virtual Machine Manager
1113
32.2.1 Setting Up a New Virtual Machine
1116
32.2.2 Stopping Virtual Machines
1118
32.2.3 Windows Installation
1119
32.3 libvirt Commands
1119
32.3.1 virsh
1119
32.3.2 virt-clone
1123
32.3.3 virt-sysprep
1123
32.3.4 virt-viewer
1124
32.3.5 virt-top
1125
32.4 Integrating Virtual Machines into the LAN (Network Bridge)
1125
32.4.1 Configuring the Network Bridge on the Host Computer
1126
32.4.2 IP Forwarding
1128
32.4.3 Network Configuration on a Root Server
1128
32.4.4 Configuring the Virtual Machine
1129
32.4.5 MAC Trouble
1129
32.5 Direct Access to the Contents of an Image File
1130
32.5.1 Access to Partitioned RAW Images in the Host System
1130
32.5.2 libguestfs Tools
1131
32.5.3 Converting an Image Format
1134
32.5.4 Enlarging an Image
1134
32.5.5 Reducing an Image File
1135
33 Windows Subsystem for Linux
1137
33.1 Checking Out WSL
1138
33.1.1 Using WSL
1139
33.1.2 File System
1141
33.1.3 Running Programs in Graphics Mode (WSLg)
1143
33.2 WSL Network Integration
1145
33.3 The wsl Command and WSL Configuration
1146
33.3.1 Global WSL Configuration
1147
33.3.2 Linux-Specific Configuration
1148
33.3.3 Enlarging the WSL2 Disk
1149
The Author
1151
Index
1153