Preface

31

What This Book Can Do—and What It Can't

31

How This Book Is Organized

32

Formal Aspects

33

1 What Is Linux?

37

1.1 Introduction

37

1.2 Hardware Support

38

1.3 Distributions

39

1.3.1 Common Linux Distributions

41

1.4 Open-Source Licenses (GPL and Company)

44

1.4.1 Licensing Conflicts between Open- and Closed-Source Software

46

1.5 The History of Linux

46

2 Installation Basics

49

2.1 Requirements

49

2.2 BIOS and EFI

50

2.2.1 EFI System Partition

51

2.2.2 UEFI Secure Boot

51

2.3 Installation Variants

53

2.3.1 Installation Medium

53

2.3.2 Network Installation

54

2.3.3 Installation Program

54

2.3.4 Installation Location

55

2.4 Overview of the Installation Process

56

2.5 Partitioning Basics

58

2.5.1 MBR Basics

59

2.5.2 GPT Basics

59

2.5.3 Partition Names

60

2.5.4 File Systems

61

2.6 LVM and Encryption

61

2.6.1 Logical Volume Manager

61

2.6.2 Encryption

62

2.6.3 Limitations

63

2.6.4 Recommendation

63

2.7 Creating Linux Partitions

64

2.7.1 Number and Size of Linux Partitions

65

2.7.2 Which File System?

67

2.8 Setting the Scope of the Installation

68

2.9 Basic Configuration

68

2.10 System Changes, Extensions, and Updates

70

2.10.1 Software Installation and Package Management

70

2.10.2 Updates

70

2.10.3 Configuration

72

3 Installation Instructions

75

3.1 Debian

76

3.1.1 Installing Debian

78

3.1.2 Live-Image Installation

78

3.1.3 Standard Installation

80

3.1.4 Getting Started

83

3.2 Fedora

84

3.2.1 Installing Fedora

86

3.2.2 Getting Started

90

3.3 Linux Mint

92

3.4 Manjaro Linux

95

3.5 openSUSE

98

3.5.1 Installing openSUSE

100

3.5.2 Getting Started

103

3.6 Pop!_OS

104

3.6.1 Installing Pop!_OS

105

3.6.2 Getting Started

107

3.7 Ubuntu

108

3.7.1 Installing Ubuntu

110

3.7.2 Getting Started

114

4 GNOME

119

4.1 Personal Assessment

120

4.2 Getting Started

121

4.2.1 Panel

121

4.2.2 Activities

122

4.2.3 Dock (Dash)

124

4.2.4 Running Programs

124

4.2.5 Special Features of Keyboard, Mouse, and Touchpad

126

4.2.6 Using the Clipboard Efficiently

128

4.3 File Manager

128

4.3.1 Operation

129

4.3.2 Removable Media

132

4.3.3 Access to Network Directories

133

4.3.4 Sharing Network Directories

134

4.3.5 Plugins

137

4.3.6 Additional Programs

137

4.4 System Configuration

138

4.4.1 Mouse, Touchpad, and Keyboard

139

4.4.2 Network Configuration

141

4.4.3 Online Accounts

141

4.4.4 Printers

141

4.4.5 Monitor and Projector Configuration

143

4.4.6 High DPI Displays

144

4.4.7 Colors

145

4.4.8 User Administration

145

4.4.9 Software Installation and Updates

146

4.4.10 Remote Maintenance

147

4.5 Fonts

148

4.6 GNOME Tweak Tool

150

4.7 GNOME Shell Extensions

152

4.7.1 Useful Extensions

154

4.7.2 Tips and Tricks

155

4.8 GNOME Shell Themes

156

4.9 Internal Details of GNOME

156

4.9.1 XDG Directories and Scripts

158

4.10 GNOME Classic

159

5 KDE

161

5.1 Basic Principles

161

5.1.1 Terminology

162

5.1.2 Distributions

162

5.2 Operation

163

5.2.1 Important Plasmoids

166

5.3 File Manager

167

5.3.1 Renaming Files (KRename)

169

5.3.2 External Media and Network Directories

170

5.4 KDE Configuration

170

6 Using the Terminal

179

6.1 Text Consoles and Terminal Windows

179

6.1.1 Terminal Window

181

6.1.2 Running Commands

184

6.2 Displaying and Editing Text Files

185

6.2.1 Text Editors

186

6.3 man and info

189

7 Bash (Shell)

193

7.1 What Is a Shell?

193

7.1.1 Other Shells

194

7.2 Configuration

195

7.3 Command Input

198

7.3.1 Expanding Command and File Names

198

7.3.2 Important Keyboard Shortcuts

200

7.3.3 Alias Abbreviations

201

7.4 Input and Output Redirection

202

7.4.1 Output Multiplication Using tee

205

7.5 Executing Commands

205

7.6 Globbing and Substitution/Expansion

208

7.6.1 Command Substitution

211

7.6.2 Single versus Double Quotation Marks

213

7.7 Variables

213

7.7.1 Environment Variables

215

7.7.2 Predefined Environment Variables

215

7.8 Bash Scripts

217

7.8.1 Example 1: grepall

217

7.8.2 Example 2: stripcomments

219

7.8.3 Example 3: applysedfile

219

7.8.4 Example 4: Backup Script

220

7.8.5 Example 5: Creating Thumbnails

221

7.8.6 Example 6: Setting Up Student Accounts

222

7.8.7 Example 7: Changing Multiple MySQL/MariaDB Databases

223

7.9 Basic Rules for Bash Scripts

223

7.10 Variables in Bash Scripts

225

7.10.1 The Scope of Variables

225

7.10.2 Variables Predefined by the Shell

226

7.10.3 Arrays

227

7.10.4 Parameter Substitution

228

7.10.5 Read Variables Using "read"

230

7.11 Branches, Loops, and Functions

230

7.11.1 If Branches

231

7.11.2 Formulating Conditions

231

7.11.3 Case Branches

233

7.11.4 For Loops

233

7.11.5 While Loops

235

7.11.6 Until Loops

236

7.11.7 Functions

236

7.11.8 Heredoc Syntax

237

7.12 Important Special Characters in Bash: Quick Reference

237

8 Zsh (Shell)

241

8.1 Installation and Configuration

242

8.2 Usage

247

8.3 Oh My Zsh

250

9 Files and Directories

253

9.1 Handling Files and Directories

253

9.1.1 Directories

254

9.1.2 Elementary Commands for Editing Files and Directories

255

9.1.3 Determining Space Requirements of Files and Directories

258

9.1.4 Wildcard Characters

259

9.1.5 Complications with Using Wildcard Characters

261

9.1.6 Hidden Files and Directories

262

9.1.7 Special Types of Files (Links, Devices, and the Like)

263

9.2 Links

264

9.3 Finding Files (find, grep, and locate Commands)

266

9.3.1 which and whereis

266

9.3.2 locate

267

9.3.3 find and grep

268

9.4 Greater Convenience with Modern Commands

271

9.5 Access Rights, Users, and Group Membership

273

9.5.1 Access Rights for Files

274

9.5.2 Access Rights for Directories

276

9.6 Special Bits and the umask Setting

279

9.6.1 Setuid, Setgid, and Sticky Bit

279

9.6.2 Owner and Group of New Files

282

9.6.3 Access Bits of New Files (umask)

283

9.7 Access Control Lists and Extended Attributes

285

9.7.1 Access Control Lists

286

9.7.2 Extended Attributes

288

9.7.3 Capabilities

289

9.8 The Linux Directory Structure

289

9.9 Device Files

293

10 Process Management

297

10.1 Starting, Managing, and Stopping Processes

297

10.1.1 Launching Programs

298

10.1.2 Foreground and Background Processes

298

10.1.3 List of All Running Processes (ps and top)

299

10.1.4 Process Hierarchy

302

10.1.5 Terminating Processes by Force (kill and xkill)

303

10.1.6 Distribution of Compute Time (nice, renice, and ionice)

304

10.1.7 Input and Output Redirection and Pipes

305

10.2 Running Processes under a Different Identity (su)

305

10.2.1 The su Command

306

10.3 Running Processes under a Different Identity (sudo)

307

10.3.1 sudo with Ubuntu

309

10.3.2 sudo with Raspberry Pi OS

310

10.3.3 sudo with Debian

311

10.3.4 sudo for RHEL and Fedora

311

10.3.5 sudo with SUSE

311

10.4 Running Processes under a Different Identity (PolicyKit)

312

10.5 System Processes (Daemons)

315

10.5.1 Kernel Threads

316

10.5.2 Starting and Stopping System Services

317

10.6 Starting Processes Automatically (Cron)

318

10.6.1 /etc/cron.hourly, .daily, .weekly, and .monthly

320

10.6.2 Anacron

322

10.7 Starting Processes Automatically (systemd Timer)

323

11 Network Tools

329

11.1 Determining the Network Status

329

11.2 Working on Other Computers (SSH)

334

11.2.1 Copying Files Securely Using scp

338

11.2.2 SSH Tunnel

339

11.2.3 SSH File System

340

11.2.4 telnet

340

11.3 Transferring Files (FTP and Others)

341

11.3.1 SFTP (Secure FTP)

342

11.3.2 wget

343

11.3.3 curl

344

11.3.4 lftp

344

11.3.5 rsync, mirror, and sitecopy

345

11.4 Lynx

346

11.5 Mutt

346

12 Vim

351

12.1 Quick Start

352

12.1.1 Help

354

12.2 Cursor Movement

355

12.3 Editing Text

356

12.4 Search and Replace

360

12.5 Editing Multiple Files Simultaneously

361

12.6 Internal Details

363

12.7 Tips and Tricks

366

13 Emacs

369

13.1 Quick Start

369

13.1.1 Loading and Saving Texts and Exiting the Program

370

13.1.2 Online Help

371

13.1.3 Editing Modes

372

13.1.4 Keyboard

372

13.2 Cursor Movement

373

13.3 Editing Text

374

13.3.1 Tabs

376

13.3.2 Indenting and Outdenting Text Manually

376

13.3.3 Continuous Text

378

13.4 Search and Replace

379

13.4.1 Searching for Patterns (with Regular Expressions)

380

13.4.2 Search and Replace

381

13.5 Buffers and Windows

382

13.6 Special Editing Modes

384

13.7 Configuration

386

13.7.1 Setting the Font

386

13.7.2 Configuration at the Click of a Mouse

386

13.7.3 Manual Configuration Directly in .emacs

387

13.7.4 MELPA

388

14 Basic Configuration

391

14.1 Introduction

391

14.2 Configuration of the Text Consoles

395

14.2.1 Keyboard Layout

395

14.2.2 Font

397

14.3 Date and Time

397

14.4 Synchronizing Date and Time via NTP

399

14.4.1 The systemd-timesyncd Process (Debian, Raspberry Pi OS, and Ubuntu)

400

14.4.2 Chrony (Fedora, RHEL, and SUSE)

400

14.5 Users, Groups, and Passwords

401

14.5.1 User Management

404

14.5.2 Group Management

405

14.5.3 Passwords

407

14.5.4 Interaction of the Configuration Files

411

14.5.5 Network User Management

412

14.6 PAM, NSS, and Nscd

412

14.6.1 PAM

413

14.6.2 Name Service Switch

416

14.6.3 Name Service Caching Daemon

417

14.6.4 System Security Services Daemon

418

14.7 Language Setting, Internationalization, and Unicode

418

14.7.1 Setting the Localization and Character Set

419

14.7.2 “Cannot Set/Change Locale” Error Message

423

14.8 Hardware Reference

423

14.8.1 CPU and Memory

425

14.8.2 Power Management

425

14.8.3 Interfaces and Bus Systems

426

14.8.4 Bluetooth

427

14.8.5 Hotplug System

430

14.8.6 Audio System

432

14.9 CPU Tuning

434

14.9.1 Controlling the CPU Frequency

435

14.9.2 Monitoring the CPU Temperature

437

14.10 Notebook Optimization

438

14.10.1 powertop

438

14.10.2 TLP

440

14.10.3 Controlling the Battery-Charging Behavior

442

14.10.4 Fan Control

443

14.11 Printing System (CUPS)

444

14.11.1 Sequence of the Printing Process

445

14.11.2 Internal Details of CUPS

447

14.11.3 CUPS Web Interface

449

14.11.4 Administrating CUPS Using Commands

450

14.12 Logging (Syslog)

452

14.12.1 rsyslogd

452

14.12.2 Kernel Logging

455

14.12.3 System Startup Log

456

14.12.4 Logrotate

456

14.12.5 Logwatch

457

14.13 Logging (Journal)

460

14.13.1 journalctl

461

14.13.2 Configuration

462

14.14 Cockpit

463

14.14.1 Installation

464

14.14.2 Security Concerns

465

14.14.3 Configuration

465

14.14.4 Operation

466

15 Network Configuration

469

15.1 NetworkManager

469

15.1.1 Configuration

470

15.1.2 Virtual Private Networks

473

15.1.3 Proxy Configuration

474

15.1.4 Configuring NetworkManager in Text Mode

475

15.1.5 Internal Details

476

15.2 Manual LAN and Wi-Fi Configuration

478

15.2.1 Activating the LAN Controller Manually

478

15.2.2 Retrieving DHCP Information

482

15.2.3 IPv6 Configuration

482

15.2.4 Manual Control of the Wi-Fi Controller

484

15.2.5 Encrypting the Wireless Network

485

15.3 LAN Configuration Files

487

15.3.1 Basic Configuration

487

15.3.2 DNS Configuration (resolv.conf)

489

15.3.3 Host Name

490

15.3.4 Mappings between Controllers and Network Interfaces

491

15.4 Distribution-Specific Configuration Files

491

15.4.1 RHEL and Fedora (NetworkManager)

492

15.4.2 Debian

495

15.4.3 SUSE

498

15.4.4 Ubuntu

499

15.4.5 networkd (systemd)

501

15.5 Zeroconf and Avahi

502

16 Software and Package Management

505

16.1 Introduction

505

16.1.1 Disadvantages of Linux Package Management

507

16.1.2 New Concepts

508

16.2 RPM Package Management

509

16.2.1 Basic Principles

510

16.2.2 The rpm Command

511

16.3 DNF

513

16.3.1 Concept

513

16.3.2 Configuration

514

16.3.3 Searching, Installing, and Updating Packages

516

16.3.4 AppStream

518

16.3.5 Additional Functions

520

16.4 ZYpp

521

16.4.1 The zypper Command

522

16.5 Debian Package Management (dpkg)

524

16.5.1 The dpkg Command

525

16.6 APT

527

16.6.1 Configuration

528

16.6.2 apt Command

530

16.6.3 The apt-get Command

532

16.6.4 Additional APT Commands

532

16.6.5 Automating Updates

533

16.6.6 Synaptic

535

16.7 Pacman

537

16.8 PackageKit

540

16.9 Firmware, BIOS, and EFI Updates

541

16.9.1 fwupd and fwupdmgr

542

16.9.2 Internal Details of Microcode Updates

544

16.10 Managing Parallel Installations (Alternatives)

545

16.11 Flatpak and Snap

547

16.11.1 Flatpak

549

16.11.2 Snap

550

16.11.3 AppImages

552

16.12 Distribution-Specific Characteristics

554

16.12.1 Debian

554

16.12.2 Fedora

556

16.12.3 openSUSE

557

16.12.4 RHEL and Clones

559

16.12.5 Ubuntu

562

17 Graphics System

567

17.1 Basic Principles

567

17.1.1 The X Window System

568

17.1.2 Wayland

569

17.1.3 Wayland Limitations Compared to X

570

17.1.4 Glossary

571

17.2 Graphics Drivers

572

17.2.1 Drivers for AMD, Intel, and NVIDIA

573

17.2.2 Problems of Nonfree Drivers

575

17.3 NVIDIA Driver Installation

576

17.3.1 Operation and Configuration

578

17.4 Determining the Status of the Graphics System

582

17.5 Starting the Graphics System

586

17.5.1 Wayland or X?

586

17.5.2 The Role of the Display Manager

587

17.5.3 Configuring the Display Manager

588

17.5.4 Automatic Login

588

17.5.5 Monitor Configuration for gdm

589

18 File System Administration

591

18.1 How Everything Is Connected

593

18.2 Formatting and Using USB Media

594

18.2.1 Formatting a USB Flash Drive or SD Card

595

18.2.2 Mounting USB Media Manually

596

18.2.3 Mounting an External Hard Disk Automatically

596

18.3 Device Names for Hard Disks and Other Data Media

598

18.4 Partitioning the Hard Disk or SSD

603

18.4.1 MBR or GPT?

604

18.4.2 Basic Rules

604

18.5 The parted Command

605

18.5.1 Example 1 (MBR)

608

18.5.2 Example 2 (GPT)

609

18.6 Partitioning Tools with a Graphical User Interface

610

18.7 File System Types

611

18.8 mount, umount, and /etc/fstab

616

18.8.1 Determining the Current State of the File System

616

18.8.2 Mounting and Unmounting File Systems Manually (mount and umount)

617

18.8.3 Mounting File Systems Automatically (/etc/fstab)

619

18.8.4 The Syntax in /etc/fstab

619

18.8.5 Bind Mounts

623

18.8.6 Automatic Mounts without /etc/fstab

624

18.9 Basic Principles of File Systems

625

18.10 The ext File System (ext2, ext3, and ext4)

627

18.10.1 Administration

628

18.11 The btrfs File System

630

18.11.1 Administration

632

18.11.2 Deactivating Copy-On-Write

633

18.11.3 Compressing Files

634

18.11.4 Subvolumes

635

18.11.5 Snapshots

636

18.11.6 Distributing btrfs File Systems across Multiple Devices (RAID)

638

18.11.7 Determining the Use of a btrfs File System (df)

640

18.11.8 btrfs Configuration in openSUSE

642

18.11.9 btrfs Configuration in Fedora

645

18.12 The xfs File System

646

18.13 Windows File Systems (vfat and ntfs)

647

18.13.1 The VFAT File System

649

18.13.2 The NTFS File System

650

18.14 Swap Partitions and Files

651

18.15 RAID

654

18.15.1 Manual Configuration Using mdadm

656

18.15.2 Administration

658

18.15.3 Replacing a Defective RAID-1 Hard Disk

663

18.16 Logical Volume Manager

665

18.17 Self-Monitoring, Analysis, and Reporting Technology

670

18.18 SSD TRIM

675

18.19 Encryption

676

18.19.1 Encrypt Individual Files

676

18.19.2 Encrypting a File System

677

18.19.3 Encrypting the Entire System

682

18.19.4 Emergency Plan

684

19 Grand Unified Bootloader

687

19.1 Basic Principles of GRUB

687

19.1.1 EFI System Startup

687

19.1.2 UEFI Secure Boot

690

19.1.3 BIOS System Boot

691

19.1.4 The initrd Files

692

19.1.5 The Future of the Boot Process

694

19.2 Operating GRUB (User View)

695

19.3 GRUB Configuration

696

19.3.1 Automatic Generation of grub.cfg

700

19.3.2 Syntax and Internal Details

701

19.3.3 GRUB Menu Items

702

19.4 Manual GRUB Installation and First Aid

704

19.4.1 Manual Installation and First Aid for EFI PCs

704

19.4.2 Changing EFI Boot Entries and Settings (efibootmgr)

706

19.5 systemd-boot

707

19.5.1 Operation

709

19.5.2 Configuration

709

20 The Init System

711

20.1 systemd

711

20.1.1 Administration

713

20.1.2 Targets

714

20.1.3 Configuration

716

20.1.4 systemd at User Level

718

20.1.5 Additional Functions

719

20.1.6 Compatibility

720

20.1.7 Documentation

721

20.2 Custom systemd Services

721

20.2.1 Custom systemd Configuration File

721

20.2.2 Example 1: Setting up Docker Containers as a Service

723

20.2.3 Example 2: Logging the Computer Startup and Shutdown

724

20.3 Shutdown, Reboot, and Halt

725

20.4 The Traditional Init-V System

726

20.4.1 Runlevel

727

20.4.2 Init-V Scripts

727

20.4.3 Links in the Runlevel Directories

728

20.5 System Startup on Fedora and RHEL

729

20.6 System Startup on Debian, Raspberry Pi OS, and Ubuntu

730

20.6.1 Raspberry Pi OS

731

20.7 System Startup on SUSE/openSUSE

732

21 Kernel and Modules

735

21.1 Kernel Modules

736

21.1.1 Commands for Module Management

737

21.1.2 Module Configuration

739

21.1.3 modprobe Syntax

741

21.2 Compiling Kernel Modules Yourself

742

21.2.1 Automating Module Updates

743

21.3 Configuring and Compiling the Kernel Yourself

745

21.3.1 Basic Principles

747

21.3.2 Installing the Kernel Code

748

21.3.3 Using Supplied Kernel Configuration Files

750

21.3.4 Configuring the Kernel Manually

752

21.3.5 Tools for a Manual Kernel Configuration

752

21.3.6 Compiling and Installing the Kernel

754

21.4 Kernel Live Patches

755

21.5 The /proc and /sys Directories

759

21.6 Kernel Boot Options

760

21.6.1 Important Kernel Boot Options

761

21.6.2 Symmetric Multiprocessing Options

763

21.6.3 Advanced Configuration and Power Interface Options

764

21.7 Changing Kernel Parameters

765

21.8 Spectre, Meltdown, and Others

765

22 Server Installation

771

22.1 Basic Principles

771

22.1.1 Installation Method

772

22.1.2 Host Name

773

22.1.3 RAID/LVM Setup

774

22.1.4 Improving Reliability

776

22.2 Red Hat Enterprise Linux

779

22.2.1 CentOS

781

22.2.2 AlmaLinux, Oracle Linux, and Rocky Linux

782

22.2.3 Distribution Change on the Fly

784

22.2.4 RHEL versus Clones

785

22.2.5 Installation

786

22.2.6 Registering the RHEL Installation

789

22.3 Ubuntu Server

790

22.3.1 Installing Ubuntu Server

791

22.4 Debian Server Installation

793

22.5 Elastic Compute Cloud

795

22.5.1 Amazon EC2

795

22.5.2 Costs

796

22.5.3 Getting Started

797

22.5.4 Setting Up the First Instance

798

22.5.5 SSH Access

801

22.5.6 EC2 Administration

802

22.5.7 Network Configuration

805

22.5.8 Amazon Linux

807

22.5.9 Internal Details

807

23 Secure Shell (SSH)

809

23.1 Installation

809

23.2 Configuration and Security

810

23.3 Fail2Ban

812

23.4 Authentication with Keys

814

23.5 Two-Factor Authentication

818

23.5.1 2FA with Google Authenticator

818

23.5.2 2FA with YubiKey

822

23.6 Additional Tools

824

23.6.1 Cluster SSH

824

23.6.2 Parallel SSH

825

23.6.3 Mosh

825

23.6.4 screen

826

24 Apache

829

24.1 Apache

829

24.1.1 Configuration

832

24.1.2 Default Character Set

834

24.1.3 Logrotate

836

24.2 Encrypted Connections (HTTPS)

836

24.2.1 Certificates

837

24.2.2 Using Self-Signed Certificates

838

24.2.3 Apache Configuration for HTTPS Operation

841

24.2.4 Snake-Oil Certificates

843

24.3 Let's Encrypt

844

24.3.1 Installing acme.sh

845

24.3.2 Applying acme.sh

845

24.3.3 SSL Settings

849

24.4 Setting Up and Securing Web Directories

851

24.4.1 Host Configuration

852

24.4.2 Directory Configuration

853

24.4.3 Securing Directories

855

24.4.4 Password Protection for Web Directories

857

24.5 Virtual Hosts

859

24.5.1 Setting Up Virtual Hosts

860

24.6 Web Access Statistics

861

24.6.1 GoAccess

862

24.7 PHP

865

24.8 NGINX

869

25 MySQL and MariaDB

873

25.1 Installation and Commissioning

874

25.1.1 Access Protection

877

25.1.2 Securing MySQL/MariaDB

878

25.1.3 Checking the Protection

880

25.1.4 Setting Up New Users

881

25.1.5 First Tests

882

25.2 Administration Tools

883

25.2.1 mysql

883

25.2.2 mysqladmin

884

25.2.3 MySQL Workbench

885

25.2.4 phpMyAdmin

886

25.3 Backups

888

25.3.1 mysqldump

888

25.3.2 Backup Tools and Variants

890

25.4 Installing WordPress

891

26 Postfix and Dovecot

895

26.1 Introduction and Basic Principles

895

26.1.1 Components of an Email Server

895

26.1.2 Protocols and Ports

897

26.1.3 The Message Flow in Detail

899

26.1.4 Variants and Options

901

26.1.5 DNS Configuration

902

26.1.6 Reverse DNS Entry

905

26.2 Postfix (MTA)

906

26.2.1 Installation on Debian and Ubuntu

907

26.2.2 Installation on EHEL

907

26.2.3 Configuration

909

26.2.4 main.cf

909

26.2.5 Changes to the Configuration

912

26.2.6 Opening Port 587

913

26.2.7 Logging and Administration

914

26.3 Postfix Encryption (TLS/STARTTLS)

915

26.3.1 Sample Configuration and Keywords

915

26.3.2 Setting Up Custom Certificates

918

26.4 Postfix Accounts

921

26.4.1 mbox or maildir Format

923

26.4.2 Mail Aliases

924

26.4.3 Explicit Recipients List

925

26.4.4 Email Addresses Differing from the Linux Account

926

26.4.5 Virtual Domains with Shared Email Users

927

26.4.6 Virtual Domains with Separate Email Users

928

26.4.7 Virtual Domains with Virtual Mailboxes

929

26.4.8 Disabling the Address Verification (VRFY)

931

26.5 Dovecot (POP and IMAP Server)

931

26.5.1 Operation as POP or IMAP Server

937

26.5.2 SMTP Authentication for Postfix

938

26.6 Client Configuration

939

26.7 SpamAssassin

941

26.7.1 Automatically Moving Spam to the Junk Folder

944

26.8 ClamAV (Virus Protection)

947

26.9 SPF, DKIM, and DMARC

949

26.9.1 Sender Policy Framework

950

26.9.2 DomainKeys Identified Mail

951

26.9.3 OpenDKIM

952

26.9.4 Postfix Configuration for OpenDKIM

958

26.9.5 Domain-Based Message Authentication, Reporting, and Conformance

959

26.10 Configuration Test and Troubleshooting

961

27 Samba

963

27.1 Basic Principles and Terminology

963

27.1.1 Access Rights and Security Systems

965

27.1.2 Centralized or Decentralized Server Topology?

967

27.1.3 NAS Instead of Tinkering with Samba?

968

27.2 Basic Configuration and Commissioning

969

27.2.1 Configuration Changes and Status

971

27.2.2 Firewall

972

27.2.3 Securing Samba

972

27.2.4 Logging

975

27.2.5 WS-Discovery (wsdd and wsdd2)

976

27.3 Password Management

976

27.3.1 Samba Passwords

977

27.3.2 Synchronizing Samba and Linux Passwords

978

27.3.3 Mapping of Windows and Linux User Names

980

27.3.4 Putting It All Together

981

27.3.5 Working Techniques

981

27.4 Network Directories

982

27.4.1 Sharing Network Directories in GNOME and KDE

987

27.5 Example: Home and Media Server

990

27.6 Example: Company Server

993

27.7 SMB Client Access

996

27.7.1 Using Desktop Systems

997

27.7.2 Finding a Samba Server Using nmblookup

998

27.7.3 Access to Network Directories Using smbclient

999

27.7.4 CIFS-mount

1000

28 Backups

1007

28.1 Déjà Dup

1007

28.1.1 Configuration and Use

1008

28.1.2 Restoring Data

1010

28.2 Back In Time

1010

28.2.1 Configuration and Use

1011

28.2.2 Restoring Data

1012

28.3 Grsync

1013

28.3.1 Configuration and Use

1014

28.4 Borg Backup

1015

28.4.1 Installation

1015

28.4.2 Usage

1015

28.4.3 Borg Backup in Scripts

1017

28.4.4 Borg Backup Using SSH

1018

28.4.5 Internal Details

1018

28.4.6 Borg User Interfaces

1018

28.5 Compressing and Archiving Files

1019

28.5.1 Compressing Files (gzip, bzip2, xz, and lzop)

1020

28.5.2 Creating Compressed Archives (tar and zip)

1021

28.6 Synchronizing Directories (rsync)

1022

28.7 Incremental Backups (rdiff-backup)

1025

28.8 Incremental Backups (rsnapshot)

1027

28.9 Backup Scripts

1030

28.10 Backups to S3 Storage

1032

28.10.1 Setting Up S3 Storage

1033

28.10.2 The aws Command

1034

28.10.3 Encryption and Example

1036

29 Firewalls

1039

29.1 Network Fundamentals and Analysis

1039

29.2 Basic Protection of Network Services

1045

29.2.1 The TCP Wrapper Library

1046

29.2.2 Starting Network Services without root Privileges

1047

29.2.3 Starting Network Services in a chroot Environment

1048

29.3 Basic Firewall Principles

1049

29.3.1 Netfilter and Nftables

1049

29.4 Firewall Configuration Tools

1050

29.4.1 Debian

1050

29.4.2 Fedora and RHEL

1051

29.4.3 firewall-cmd

1053

29.4.4 SUSE

1055

29.4.5 Ubuntu

1055

29.5 Custom Firewall Built Using nft

1057

29.5.1 Nftables: Basic Principles

1057

29.5.2 Defining Rules

1060

29.5.3 Syntax for Firewall Rules

1062

29.5.4 Simple Protection of a Web Server

1066

29.5.5 More Examples

1067

30 SELinux and AppArmor

1069

30.1 SELinux

1069

30.1.1 Internal Workings of SELinux and Usage

1071

30.2 AppArmor

1077

30.2.1 AppArmor on Debian and Ubuntu

1078

30.2.2 AppArmor on SUSE

1084

31 VirtualBox

1087

31.1 Installing VirtualBox

1087

31.1.1 VirtualBox Packages of your Distribution

1088

31.1.2 VirtualBox Packages from Oracle

1089

31.1.3 Preparation Tasks

1090

31.1.4 Installing VirtualBox on Windows or macOS

1091

31.2 Setting Up VirtualBox Machines

1091

31.2.1 Setting Up a Linux Virtual Machine

1092

31.2.2 Installing Guest Additions

1095

31.2.3 Setting Up a Windows Virtual Machine

1096

31.3 Working Techniques and Configuration Tips

1096

31.3.1 Network Configuration

1097

31.3.2 SSH Access via Port Forwarding

1098

31.3.3 Data Exchange via the Clipboard

1099

31.3.4 Exchanging Data with a Shared Folder

1099

31.3.5 USB Devices in Virtual Machines

1100

31.3.6 Exporting/Importing Virtual Machines

1100

31.3.7 Grouping Virtual Machines and Running Them Invisibly

1101

31.3.8 Using VirtualBox with a High-Resolution Monitor

1101

31.3.9 Controlling VirtualBox by Command (vboxmanage)

1102

31.3.10 Enlarging Virtual Hard Disks

1102

32 QEMU and Kernel-Based Virtual Machine

1105

32.1 Basic Principles

1106

32.1.1 Internal Workings of libvirt

1109

32.1.2 Behavior when Rebooting the Host System

1111

32.1.3 Virtual Hardware

1111

32.2 Virtual Machine Manager

1113

32.2.1 Setting Up a New Virtual Machine

1116

32.2.2 Stopping Virtual Machines

1118

32.2.3 Windows Installation

1119

32.3 libvirt Commands

1119

32.3.1 virsh

1119

32.3.2 virt-clone

1123

32.3.3 virt-sysprep

1123

32.3.4 virt-viewer

1124

32.3.5 virt-top

1125

32.4 Integrating Virtual Machines into the LAN (Network Bridge)

1125

32.4.1 Configuring the Network Bridge on the Host Computer

1126

32.4.2 IP Forwarding

1128

32.4.3 Network Configuration on a Root Server

1128

32.4.4 Configuring the Virtual Machine

1129

32.4.5 MAC Trouble

1129

32.5 Direct Access to the Contents of an Image File

1130

32.5.1 Access to Partitioned RAW Images in the Host System

1130

32.5.2 libguestfs Tools

1131

32.5.3 Converting an Image Format

1134

32.5.4 Enlarging an Image

1134

32.5.5 Reducing an Image File

1135

33 Windows Subsystem for Linux

1137

33.1 Checking Out WSL

1138

33.1.1 Using WSL

1139

33.1.2 File System

1141

33.1.3 Running Programs in Graphics Mode (WSLg)

1143

33.2 WSL Network Integration

1145

33.3 The wsl Command and WSL Configuration

1146

33.3.1 Global WSL Configuration

1147

33.3.2 Linux-Specific Configuration

1148

33.3.3 Enlarging the WSL2 Disk

1149