A Linux server which is freshly installed has, in general, a high level of security. When applications are installed and configured, care must be taken for the level of security to remain high.

Essential security measures for the server itself includes using BIOS and boot loader security, having sound password policies, using commands such as su, sudo and disabling root logins when possible, making sure that services have maximum availability and always using security enhanced communication tools (like SSH) instead of more vulnerable ones.

Services also need to be secured. For example, TCP wrappers and xinetd are useful for securing, say, portmap. NIS, NFS, the Apache HTTP Server, FTP and Sendmail (or Postfix) need be to properly secured. The system administrator must routinely verify which TCP ports are opened and for what reasons.

Naturally, all Linux servers (especially those which are exposed on the Internet) should have a properly configured firewall. Netfilter, the Linux firewall, and its associated command line tool, iptables, are very powerful and need to be understood in details.

It is essential that a Linux professional be able to manually and automatically configure network interfaces and routing tables to include adding, starting, stopping, restarting, deleting or reconfiguring network interfaces.

He/she should also be able to change, view, or configure the routing table and correct an improperly set default route manually and debug problems associated with the network configuration

Linux is a multiuser operating system. It is important therefore to be able to manage users (EL6 and EL7):

• Add a new user
• Modify the properties of that new user (e.g. password aging)
• Crate a new group and add existing users to it
• Create users in bulk
• etc.

Linux is a multitasking operating system and, as such, runs multiple processes concurrently. Managing these processes correctly is important if we want to have an efficient server. We will learn the following aspects of process management:

• Manage foreground and background processes
• Monitor running processes
• Get detailed information on running processes
• Send signals to processes
• Run a process after log out

Then we are going to learn how to manage processes priorities e.g. by examining default and current priorities, setting priorities, changing priorities, etc.

TCP and IP form part of a set of protocols called the Internet Protocol Suite (which consists of four layers: Link, Internet, Transport and Application)

IP (which stands for Internet Protocol requires hosts to be given IP addresses and then can route packets among them.

TCP (which stands for Transmission Control Protocol) setup a virtual circuit between two hosts. Data of arbitrary size can then be sent across this circuit using the segmentation and reassembling capabilities of TCP. Other Transport protocols include UDP and ICMP.

TCP/IP utilities

To fully understand how networking works in Linux, it is important to know the following commands:

• ping
• traceroute
• nslookup and dig
• telnet and ftp
• whois

TCP/IP configuration and troubleshooting

In Linux, TCP/IP networking is configured either graphically or using the command line.

• Graphical network configuration tool (such as the one provided by Gnome)
• Network Configuration Files
• Interfaces Configuration Files
• ifconfig and route
• etc.

When a computer is switched on, the following happens:

• The BIOS does a Power On Self Test
• The BIOS launches a bootloader (generally found in the Master Boot Record of the first hard disk)
• This bootloader (generally Grub) allows the user to choose a Linux kernel…
• … which then boots.

A system administrator should know how to:

• Configure Grub properly (EL6 and EL7) so that the Linux kernel can boot properly.
• Configure the Linux boot process itself so that only the needed services and drivers are loaded. In EL6, this includes knowing about the SysV init process, runlevels and the role of the inittab. In subsequent releases of RHEL/CentOS (EL7 onwards), SysV is replaced by systemd.

Of course, the system administrator should also know how to reboot and shutdown the computer.

Linux allows for remote execution of applications (which is particularly important when administering distant or headless servers). Various possibilities exist:

• Using telnet (which is insecure)
• Using Secure Shell (SSH)

In addition to text mode, it is also possible to administer remote servers graphically e.g.

• Running an application distantly but displaying it locally
• Running an application locally but displaying it remotely. This requires DisallowTCP=false in security section of /etc/gdm/custom.conf. By precaution these changes may require a reboot.

This can be done using the X-Window System. X-Window (and not X-Windows) is the fundamental graphical environment on which Gnome or KDE run. X-Window has a client/server architecture and the two parts communicate using a special protocol.

Naturally, there exists other possibilities:

• VNC
• Setting up an SSH tunnel
• etc.

Email

Email is an important network service and Postfix is the default email server in CentOS Linux (The venerable Sendmail is also available if needed). Postfix will handle sending emails through SMTP as well as delivering them locally. The default /etc/postfix/main.cf file does not allow Postfix to accept network connections from a host other than the local computer.

To configure Postfix to accept emails from external sources, the following needs to be done (section 15.3.1.2. Basic Postfix Configuration)

• Edit the /etc/postfix/main.cf file with a text editor, such as vi.
• Uncomment the mydomain line by removing the hash sign (#), and replace domain.tld with the domain the mail server is servicing, such as example.com.
• Uncomment the myorigin = $mydomain line.
• Uncomment the myhostname line, and replace host.domain.tld with the hostname for the machine.
• Add mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
• Uncomment the mynetworks line, and replace 168.100.189.0/28 with a valid network setting for hosts that can connect to the server.
• Uncomment the inet_interfaces = all line.
• Comment the inet_interfaces = localhost line.
• Restart the postfix service.

Any email user agent (e.g. Evolution or Outlook) can be used to test the configuration.

POP3 Server

People who use clients like Outlook need a POP3 server and Dovecot can configured to become one:

• In dovecot.conf, indicate that “protocols = pop3” and “listen = *, ::”
• In 10-auth.conf, indicate that “disable_plaintext_auth = no”
• In 10-mail.conf, indicate that “mail_location = mbox:~/mail:INBOX=/var/mail/%u”

All mailboxes in /var/mail need to have permissions 600 for Dovecot to work properly.

Printing

Printing is an important service. Linux uses CUPS, an open source software by Apple, to provide printing capabilities. Using the Printer Configuration Tool, the system administrator can:

• Add a local printer
• Add a network printer (e.g. IPP, Windows or JetDirect)
• Define printing policies
• Group printers into classes
• Manage print jobs

Sometimes, it’s difficult to install some printers (especially the ones which rely on Windows drivers). The OpenPrinting website then becomes a great source of technical information.

vi (which stands for visual) is the standard Linux text editor. Unlike most text editors, it is modal. Learning vi is essential if one wants to become a good Linux system administrator.

The following aspects of vi need to be known:

• Starting vi
• Moving around
• Moving to lines
• Editing text
• Search & replace
• Quitting vi

Text Processing

One area where Linux excels is the processing of enormous volumes of text using pipes and filters.

We will start by looking at text streams and filters in order to master:

• Piping
• wc, head, and tail
• expand, unexpand, and tr
• sort and uniq
• cut, paste, and join
• sed etc.

Then we will cover all aspects of redirection:

• Output redirection
• Input redirection

Finally, we will learn about regular expressions as used in most text processing utilities in Linux.

Installing an Enterprise Linux distribution (such as CentOS or RedHat) is now relatively straightforward (compared to the situation a few years ago when installation programs were very complex to use).

The steps to follow are essentially:

• Starting the Installation Program
• Selecting an Installation Method
• Language Selection
• Keyboard Configuration
• Disk Partitioning Setup
• Boot Loader Configuration
• Network Configuration
• Time Zone Configuration
• Set Root Password
• Package Group Selection
• Installing Packages

The most complex steps are arguably Disk Partitioning Setup and Boot Loader Configuration.

Both require a good understanding of disk partitions and the partitioning scheme recommended by Red Hat.