Monday, 24 February 2014

Active Defense — A Comprehensive Guide to Network Security

Active Defense — A Comprehensive Guide to Network Security:

Introduction - 6

Chapter 1 - Why Secure Your Network? - 8

Chapter 2- How Much Security Do You Need? - 14

Chapter 3- Understanding How Network Systems Communicate - 27

Chapter 4- Topology Security - 62

Chapter 5- Firewalls - 81

Chapter 6- Configuring Cisco Router Security Features - 116

Chapter 7- Check Point’s FireWall-1 - 143

Chapter 8- Intrusion Detection Systems - 168

Chapter 9- Authentication and Encryption - 187

Chapter 10- Virtual Private Networking - 202

Chapter 11- Viruses, Trojans, and Worms: Oh My! - 218

Chapter 12- Disaster Prevention and Recovery - 233

Chapter 13- NetWare - 256

Chapter 14- NT and Windows 2000 - 273

Chapter 15- UNIX - 309

Chapter 16- The Anatomy of an Attack - 334

Chapter 17- Staying Ahead of Attacks - 352

Appendix A- About the CD-ROM - 366

Appendix B- Sample Network Usage Policy - 367

Overview
Some of us can remember a time when securing a network environment was a far easier task than it seems to be today. As long as every user had a password and the correct levels of file permissions had been set, we could go to sleep at night confident that our network environment was relatively secure. This confidence may or may not have been justified, but at least we felt secure.
Then along came the Internet and everything changed. The Internet has accelerated at an amazing rate the pace at which information is disseminated. In the early 1990s, most of us would not hear about a security vulnerability unless it made it into a major magazine or newspaper. Even then, the news release typically applied to an old version of software that most of us no longer used anyway. These days, hundreds of thousands of people can be made privy to the details of a specific vulnerability in less than an hour.
This is not to say that all this discussion of product vulnerabilities is a bad thing. Actually, quite the opposite is true. Individuals with malicious intent have always had places to exchange ideas. Pirate bulletin boards have been around since the 1980s. Typically, it was the rest of us who were left out in the cold with no means of dispersing this information to the people who needed it most: the network administrators attempting to maintain a secure environment. The Internet has become an excellent means to get vulnerability information into the hands of the people responsible for securing their environments.  Increased awareness also brings increased responsibility. This is not only true for the software company that is expected to fix the vulnerability; it is also true for the network administrator or security specialist who is expected to deploy the fix. Any end user with a subscription to a mailing list can find out about vulnerabilities as quickly as the networking staff. This greatly increases the urgency of deploying security-related fixes as soon as they are developed. (As if we didn’t have enough on our plates already!)
So, along with all of our other responsibilities, we need to maintain a good security posture. The first problem is where to begin. Should you purchase a book on firewalls or on securing your network servers? Maybe you need to learn more about network communications in order to be able to understand how these vulnerabilities can even exist. Should you be worried about running backups or redundant servers? 
One lesson that has been driven home since the publication of the first edition of this book is the need to view security not as a static package, but rather as a constant process incorporating all facets of networking and information technology. You cannot focus on one single aspect of your network and expect your environment to remain secure. Nor can this process be done in isolation from other networking activities. This book provides system and network administrators with the information they will need to run a network with multiple layers of security protection, while considering issues of usability, privacy, and manageability.


DOWNLOAD LINK:

Ad hoc networking with Bluetooth: key metrics and distributed protocols for scatternet formation:

Ad hoc networking with Bluetooth: key metrics and distributed protocols for scatternet formation:

Abstract

Bluetooth is a promising technology for personal/local area wireless communications. A Bluetooth scatternet is composed of simple overlapping piconets, each with a low number of devices sharing the same radio channel. A scatternet may have different topological configurations, depending on the number of composing piconets, the role of the devices involved and the configuration of the links. This paper discusses the scatternet formation issue by analyzing topological characteristics of the scatternet formed. A matrix-based representation of the network topology is used to define metrics that are applied to evaluate the key cost parameters and the scatternet performance. Numerical examples are presented and discussed, highlighting the impact of metric selection on scatternet performance. Then, a distributed algorithm for scatternet topology optimization is introduced, that supports the formation of a ‘‘locally optimal’’ scatternet based on a selected metric. Numerical results obtained by adopting this distributed approach to ‘‘optimize’’ the network topology are shown to be close to the global optimum.



DOWNLOAD LINK:

Adaptive Demand-Driven Multicast Routing in Multi-Hop Wireless Ad Hoc Networks

Adaptive Demand-Driven Multicast Routing in Multi-Hop Wireless Ad Hoc Networks:

Abstract
The use of on-demand techniques in routing protocols for multihop wireless ad hoc networks has been shown to have signficant advantages in terms of reducing the routing protocol’s overhead and improving its ability to react quickly to topology changes in the network. A number of on-demand multicast routing protocols have been proposed, but each also relies on significant periodic (non-on-demand) behavior within portions of the protocol. This paper presents the design and initial evaluation of the Adaptive Demand-Driven Multicast Routing protocol (ADMR), a new ondemand
ad hoc network multicast routing protocol that attempts to reduce as much as possible any non-on-demand components within the protocol. Multicast routing state is dynamically established and
maintained only for active groups and only in nodes located between multicast senders and receivers. Each multicast data packet is forwarded along the shortest-delay path with multicast forwarding
state, from the sender to the receivers, and receivers dynamically adapt to the sending pattern of senders in order to efficiently balance overhead and maintenance of the multicast routing state as nodes in the network move or as wireless transmission conditions in the network change. We describe the operation of the ADMR protocol and present an initial evaluation of its performance based on detailed simulation in ad hoc networks of 50 mobile nodes. We show that ADMR achieves packet delivery ratios within 1% of a floodingbased protocol, while incurring half to a quarter of the overhead.



DOWNLOAD LINK:

Adhoc-like routing in wired networks with genetic algorithms

Adhoc-like routing in wired networks with genetic algorithms

Abstract

Routing of packets in networks requires that a path be selected either dynamically while the packets are being forwarded, or statically (in advance) as in source routing from a source node to a destination. Quality of service (QoS) driven routing has been proposed using a protocol called the ‘‘Cognitive Packet Network’’ (CPN) which dynamically selects paths through a store and forward packet network so as to provide best effort QoS to route peer-to-peer connections. CPN operates very much as an adhoc protocol within a wired setting, and uses smart packets to select routes based on QoS requirements. We extend the path discovery process in CPN to include a genetic algorithm which can help discover new paths that may not have been discovered by smart packets. We describe how possible routes can ‘‘evolve’’ from prior knowledge, and then be selected based on ‘‘fitness’’ with respect to QoS. We detail the design of the algorithm and of its implementation, and report on resulting QoS measurements.


DOWNLOAD LINK:

Ad-Hoc Services

Ad-Hoc Services:

Contents
1 Introduction 2
2 Performance Measures 3
2.1 Testing what? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2 Testing communication with a small amount of data . . . . . . . . . . . 3
2.3 Testing communication with a big amount of data . . . . . . . . . . . . 3
2.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3 A Framework for System Wide Accessible Services 6
3.1 Demands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.3 Changing the Communication Technology . . . . . . . . . . . . . . . . . 8
3.4 Open Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4 Service Compiler for RMI Framework 9
4.1 Purpose of Compiler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.2 Description of Finite State Machines . . . . . . . . . . . . . . . . . . . . 9
4.3 Usage of Compiler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.4 Requirements of Compiler . . . . . . . . . . . . . . . . . . . . . . . . . . 10
5 Implementing new Services 12
5.1 Requirements of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.2 Implementing a new Service . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.3 Using Services in Applications . . . . . . . . . . . . . . . . . . . . . . . . 12
6 Ad-Hoc-Services 13
6.1 General design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
6.2 Basic Ad-Hoc-Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.2.1 Neighborhood service . . . . . . . . . . . . . . . . . . . . . . . . 14
6.2.2 Forwarding service . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.2.3 Sni er service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
6.3 Non-Basic Ad-Hoc-Services . . . . . . . . . . . . . . . . . . . . . . . . . 15
6.3.1 Flooding service . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
6.3.2 Messaging service . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
6.3.3 Noti er service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
7 Conclusions 17

Chapter 1
Introduction

The objective of this thesis was to implement some basic ad-hoc services which can be used by Java applications running on the system. To realize this task, we needed a framework which allows applications to access the functions of the services. The services should be started at the start-up of the machine and run in the background.
One of the demands was that the applications should not need to know anything about the kind of communication that is used between the application and the service.
It should be possible to add new services to the existing framework, too. Another requirement was that it is possible to easily exchange the communication technology without changing services and applications. Chapter 3 describes the architecture of the framework we designed for those demands. Chapter 4 describes the compiler which is used to add new services to the machine.
Another aspect we paid attention to was performance. For selecting the right communication, we measured di erent kinds of communication for the messaging between the two Java Virtual Machines (Application - Services). In chapter 2 the results of these measurements are described.


DOWNLOAD LINK:

Advanced Algorithm for Detection and Prevention of Cooperative Black and Gray Hole Attacks in MANETS

Advanced Algorithm for Detection and Prevention of Cooperative Black and Gray Hole Attacks in MANETS:

In this paper, we propose an algorithm to detect a chain of cooperative malicious node in ad-hoc network that disrupts transmission of data by feeding wrong routing information along with the detection algorithm. We also propose a mechanism to detect and remove the black and gray hole attacks. Our technique is based on sending data in terms of equal but small sized blocks instead of sending whole of data in one continuous stream. The flow of message is monitored independently at the neighborhood of both source and destination. The result of monitoring is gathered by a backbone network of trusted nodes. Our algorithm takes O(n) time on average to find the chain of malicious nodes which is better than earlier O(n2) time bound for detecting a single black hole network.


DOWNLOAD LINK:

An Overview of MANETs Simulation

An Overview of MANETs Simulation:

Abstract
Mobile Ad hoc NETworks (MANETs) are dynamic networks populated by mobile stations. Stations in MANETs are usually laptops, PDAs or mobile phones. These devices feature Bluetooth and/or IEEE 802.11 (WiFi) network interfaces and communicate in a decentralized manner. Mobility is a key feature of MANETs. Because of their high cost and their lack of flexibility of such networks, experimentation is mostly achievable through simulation. Numerous tools exist for MANETs simulation, including ns-2 and GloMoSim which are the two most popular ones. This paper provides a State of the Art of MANETs simulators and associated simulation techniques. First it gives an overview of the domain. Then it provides a map of the main characteristics that MANETs simulation tools should feature and the current support of these. Finally, a description for each simulator is provided, including an explanation of what make them appealing solutions.

1 Introduction
Mobile ad hoc networks (MANETs) are networks composed of a set of communicating
devices able to spontaneously interconnect without any preexisting infrastructure. Devices in range can communicate in a point-to-point fashion. In addition to that, these devices are generally mobile.
More and more people are interested in ad hoc networks. Not only their importance in military applications is growing, but also their impact on business is increasing. The wide spread of lightweight and low-cost mobile devices—we are talking about mobile phones, PDAs, Pocket PCs, etc—which now embed Bluetooth and WiFi (IEEE 802.11) network adapters enable the spontaneous
creation of city-wide MANETs. These networks could then constitute the infrastructure of numerous applications such as emergency and health-care systems [44], groupware [18], gaming [61][31][57], advertisements, customerto-customer applications (like the UbiBay project [30]), etc.
Investigating MANETs is achievable by resorting either to software-based simulators or to experimentation networks (testbeds). Most researchers favour simulators as the expense of testbeds. What prevents (or at least hinders) the use of real-size testbeds is their cost and their inherent lack of flexibility. This becomes particularly impeding as the size of the experimented network grows. Software-based simulation then turns out to be a viable alternative and a widely used solution. This article surveys MANETs simulators. It is organized as follows: In section 2 testbeds solutions are over viewed, although they do not constitute the focus of this paper. Next in section 3, crucial
aspects of MANETs simulation are exposed. The techniques employed to implement them are described. Then in section 4, a list of the documented simulators is provided. Finally, section 5 gives some hints on which simulator to use for what needs and section 6 concludes by summarizing the current trends in MANETs simulation and by foreseeing its future directions.
Please note that this paper does not survey wired network simulators [5] and sensor network simulators [62][54]. The reason is that wired and sensor networks considerably diverge from MANETs in terms of structure, technologies, applications, etc. Thus they are considered to be out of the topic tackled herein.



DOWNLOAD LINK:

An Overview of the Singularity Project

An Overview of the Singularity Project:

Abstract.
Singularity is a research project in Microsoft Research that started with the question: what would a software platform look like if it was designed from scratch with the primary goal of dependability? Singularity is working to answer this question by building on advances in programming languages and tools to develop a new system architecture and operating system (named
Singularity), with the aim of producing a more robust and dependable software platform. Singularity demonstrates the practicality of new technologies and
architectural decisions, which should lead to the construction of more robust and dependable systems.

1 Introduction
Software runs on a platform that has evolved over the past 40 years and is increasingly showing its age. This platform is the vast collection of code—operating systems, programming languages, compilers, libraries, run-time systems, middleware, etc.—and hardware that enables a program to execute. On one hand, this platform is an enormous success in both financial and practical terms. The platform forms the foundation of the $179 billion dollar packaged software industry [3] and has enabled revolutionary innovations such as the Internet. On the other hand, the platform and software running on it are less robust, reliable, and secure than most users (and developers!) would wish.
Part of the problem is that our current platform has not evolved far beyond the computer architectures, operating systems, and programming languages of the 1960’s and 1970’s. The
computing environment of that period was very different from today’s milieu. Computers were
extremely limited in speed and memory capacity; used only by a small group of technically literate and non-malicious users; and were rarely networked or connected to physical devices.  None of these characteristics remains true, but modern computer architectures, operating systems,  and programming languages have not evolved to accommodate a fundamental shift in computers
and their use.
Singularity is a research project in Microsoft Research that started with the question: what would a software platform look like if it was designed from scratch with the primary goal of dependability, instead of the more common goal of performance?
Singularity is working to answer this question by building on advances in programming languages and programming tools to develop and build a new system architecture and operating system (named Singularity), with the aim of producing a more robust and dependable software platform. Although dependability is difficult to measure in a research prototype, Singularity shows the practicality of new
technologies and architectural decisions, which should lead to more robust and dependable
systems in the future.
With its exponential rate of progress, hardware evolution commonly appears to drive fundamental changes in systems and applications. Software, with its more glacial progress, rarely creates opportunities for fundamental improvements. However, software does evolve, and its change makes it possible—and necessary—to rethink old assumptions and practices. Advances in programming languages, run-time systems, and program analysis tools provide the building blocks to construct architectures and systems that are more dependable and robust than existing systems:
Expressive, safe programming languages, such as Java and C#. Type safety ensures a value or object is always correctly interpreted and manipulated. Memory safety ensures a program references memory only within the bounds of valid, live objects.
 Optimizing compilers and high performance run-time systems generate safe code that runs at speeds comparable to unsafe code [20]. These compilers, unlike the more common just-in-time (JIT) compilers, perform global optimizations that mitigate safetyrelated overhead. Garbage collectors in these systems reclaim memory with overhead comparable to that of explicit de-allocation.
Validation techniques ensure the end-to-end type safety of the compiler, compiled code, and run-time system. Typed intermediate and assembly language validate the proper operations of system components and ensure the language safety guarantees that underlie system correctness.
 Sound, specification-driven defect detection tools ensure the correctness of many aspects of the system. A sound tool finds all occurrences of an error—along with false positives—and consequently can reliably indicate when a particular defect has been eliminated. Specification-driven tools do not look for a hardwired collection of defects.
They are extensible and can be adapted to check that many program or library-specific abstractions are used correctly.
Languages and tools based on these advances are in use detecting and preventing programming errors. Less well explored is how these mechanisms enable deep changes in system architecture, which in turn might advance the ultimate goal of preventing and mitigating software defects [28].
The rest of this paper describes the Singularity system in detail. Section 2 contains an overview of the system and its novel aspects. Section 3 describes the Singularity system  architecture, focusing on the kernel, processes, and the language run-time system.
Section 4
describes the programming language support for the system. Section 5 describes the I/O and
security system. Section 6 provides some performance benchmarks. Section 7 surveys related
work. Appendix A contains a list of the kernel ABI calls.
2 Singularity
Singularity is a new operating system being developed as a basis for more dependable
system and application software [28]. Singularity exploits advances in programming languages
and tools to create an environment in which software is more likely to be built correctly, program
behavior is easier to verify, and run-time failures can be contained.
A key aspect of Singularity is an extension model based on Software-Isolated Processes
(SIPs), which encapsulate pieces of an application or a system and provide information hiding,
failure isolation, and strong interfaces. SIPs are used throughout the operating system and
application software. We believe that building a system on this abstraction will lead to more
dependable software.
SIPs are the OS processes on Singularity. All code outside the kernel executes in a SIP. SIPs
differ from conventional operating system processes in a number of ways:
 SIPs are closed object spaces, not address spaces. Two Singularity processes cannot  simultaneously access an object. Communications between processes transfers exclusive ownership of data.
 SIPs are closed code spaces. A process cannot dynamically load or generate code.
 SIPs do not rely on memory management hardware for isolation. Multiple SIPs can reside
in a physical or virtual address space.
 Communications between SIPs is through bidirectional, strongly typed, higher-order channels. A channel specifies its communications protocol as well as the values transferred, and both aspects are verified.
 SIPs are inexpensive to create and communication between SIPs incurs low overhead.
Low cost makes it practical to use SIPs as a fine-grain isolation and extension mechanism.
 SIPs are created and terminated by the operating system, so that on termination, a SIP’s resources can be efficiently reclaimed.  SIPs executed independently, even to the extent of having different data layouts, run-time systems, and garbage collectors.
SIPs are not just used to encapsulate application extensions. Singularity uses a single
mechanism for both protection and extensibility, instead of the conventional dual mechanisms of
processes and dynamic code loading. As a consequence, Singularity needs only one error
recovery model, one communication mechanism, one security policy, and one programming
model, rather than the layers of partially redundant mechanisms and policies in current systems.
A key experiment in Singularity is to construct an entire operating system using SIPs and
demonstrate that the resulting system is more dependable than a conventional system.
The Singularity kernel consists almost entirely of safe code and the rest of the system, which
executes in SIPs, consists of only verifiably safe code, including all device drivers, system
processes, and applications. While all untrusted code must
 be verifiably safe, parts of the
Singularity kernel and run-time system, called the trusted base, are not verifiably safe. Language
safety protects this trusted base from untrusted code.
The integrity of the SIPs depends on language safety and on a system-wide invariant that a
process does not hold a reference into another process’s object space.
Ensuring code safety is obviously essential. In the short term, Singularity relies on compiler
verification of source and intermediate code. In the future, typed assembly language (TAL) will
allow Singularity to verify the safety of compiled code [36, 38]. TAL requires that a program
executable supply a proof of its type safety (which can be produced automatically by a compiler
for a safe language). Verifying that a proof is correct and applicable to the instructions in an
executable is a straightforward task for a simple verifier of a few thousand lines of code. This
end-to-end verification strategy eliminates a compiler—a large, complex program—from
Singularity’s trusted base. The verifier must be carefully designed, implemented, and checked,
but these tasks are feasible because of its size and simplicity.
The memory independence invariant that prohibits cross-object space pointers serves several
purposes. First, it enhances the data abstraction and failure isolation of a process by hiding
implementation details and preventing dangling pointers into terminated processes. Second, it
relaxes implementation constraints by allowing processes to have different run-time systems and
their garbage collectors to run without coordination. Third, it clarifies resource accounting and
reclamation by making unambiguous a process’s ownership of a particular piece of memory.
Finally, it simplifies the kernel interface by eliminating the need to manipulate multiple types of
pointers and address spaces.
A major objection to this architecture is the difficulty of communicating through message
passing, as compared with the flexibility of directly sharing data. Singularity is addressing this
problem through an efficient messaging system, programming language extensions that concisely
specify communication over channels, and verification tools [19].


DOWNLOAD LINK:

Ant Algorithm

Ant Algorithm:

Contents
1 Abstract 1
2 Introduction 2
2.1 An Ant Colony . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
2.2 Existing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2.1 Basic Ant Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2.2 The Ant-Colony-Based Routing Algorithm for MANETs (ARA) . . . . 5
3 Algorithm 6
3.1 Basics of the Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1.1 Random Walk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1.2 FAnts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.1.3 Updating Routing Information . . . . . . . . . . . . . . . . . . . . . . 9
3.1.4 BAnts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.1.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.2 Extensions of the Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.2.1 Improving the route . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.2.2 Dealing with mobility . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.2.3 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4 Discussion 22
4.1 Comparison with Flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.1.1 The Flooding Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.1.2 The Ant Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.1.3 Finding the Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.1.4 Quality of the found route . . . . . . . . . . . . . . . . . . . . . . . . 28
4.2 Route Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.2.1 Simulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
5 Summary and Conclusions 34
5.1 The ant algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
5.2 Simulation results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
6 Future Works 36
6.1 Ant parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
6.2 Route Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37


Abstract
In this report we present a routing algorithm for mobile ad hoc networks (MANETs). The algorithm uses techniques of route discovery that was observed by ants. FAnts walk randomly around the network to find the target. These FAnts leave their track in writing routing table entries in each node they pass. If the target is found, another ant (BAnt) can walk back along this route and also writes the routing table entries. When the BAnts reaches the source the routing table of all nodes between the source and the destination carry the necessary routing information and data packets can be sent.
The routing algorithm based on ants was developed by G. Di Carlo and M. Dorigo [3] and M. Günes, U. Sorges and I. Bouazizi in [7] and further discussed in [6]. However, none of these works investigated the problem of mobile networks, where nodes change their position over time. In such a mobile network, some nodes may be connected during route discovery, but are disconnected when the data should be transferred. If this happen a mechanism called Route Maintenance will start to find the node the messages should be sent to. That is how we guaranteed that the route is stable and doesn’t break down.
Simulation results show that the total number of messages to find the target can be reduced compared to a basic flooding algorithm.
Introduction
In this report we introduce a routing protocol we developed. It is based on ideas of different ant algorithms. In particular, we consider mobile ad hoc networks (MANETs), where the network
nodes are able to change their position and the communication between the network nodes is established over a wireless medium. Also, we consider homogenous networks with no additional
infrastructure. There is no difference between the nodes. This has among other things the following consequences:
• Nodes can leave and join the network at any time
• There is no centralized control or overview
• Packets have to be forwarded form node to node
Routing in MANETs is a challenge due to the fact that a good path can suddenly become an inefficent or even an infeasible one. To succeed, a routing algorithm for such an environment
needs to be adaptive and to be able to deal with sudden changes in the topology of the network. These properties can also be found in nature. Insect populations show us a robust and efficient
way to adapt to the changing environment. This fact inspired us to design a routing algorithm based on simple biological agents, in our case ants.



DOWNLOAD LINK:

A Tutorial on the Implementation of Ad-hoc On Demand Distance Vector (AODV) Protocol in Network Simulator (NS-2)

A Tutorial on the Implementation of Ad-hoc On Demand Distance Vector (AODV) Protocol in Network Simulator (NS-2)


Contents
1 Introduction 3
2 File Dependency of AODV Protocol 3
3 Flow of AODV 3
4 Trace Format of AODV 5
5 Main Implementation Files aodv.cc and aodv.h 6
5.1 How to Enable Hello Packets . . . . . . . . . . . . . . . . . . . . 6
5.2 Timers Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5.3 Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5.3.1 General Functions . . . . . . . . . . . . . . . . . . . . . . 7
5.3.2 Functions for Routing Table Management . . . . . . . . . 8
5.3.3 Functions for Neighbors Management . . . . . . . . . . . 9
5.3.4 Functions for Broadcast ID Management . . . . . . . . . 9
5.3.5 Functions for Packet Transmission Management . . . . . 9
5.3.6 Functions for Packet Reception Management . . . . . . . 10
6 Appendex : A Simple TCL Script to Run the AODV Protocol 11

Abstract
The Network Simulator (NS-2) is a most widely used network simulator. It has the capabilities to simulate a range of networks including wired and wireless networks. In this tutorial, we present the implementation of Ad Hoc On-Demand Distance Vector (AODV) Protocol in NS-2. This tutorial is targeted to the novice user who wants to understand the implementation of AODV Protocol in NS-2.



DOWNLOAD LINK:

Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks

Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks:

Abstract. An ad hoc network is a group of wireless mobile computers (or nodes), in which individual nodes cooperate by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range. Prior research in ad hoc networking has generally studied the routing problem in a non-adversarial setting, assuming a trusted environment. In this paper, we present attacks
against routing in ad hoc networks, and we present the design and performance evaluation of a new secure on-demand ad hoc network routing protocol, called Ariadne. Ariadne prevents attackers or compromised nodes from tampering with uncompromised routes consisting of uncompromised nodes, and also prevents many types of Denial-of-Service attacks. In addition, Ariadne is efficient, using only highly efficient symmetric cryptographic primitives.

1. Introduction
An ad hoc network is a group of wireless mobile computers (or nodes), in which nodes cooperate by forwarding packets for each other to allow them to communicate beyond direct wireless transmission range. Ad hoc networks require no centralized administration or fixed network infrastructure such as base stations or access points, and can be quickly and inexpensively set up as needed. They can be used in scenarios in which no infrastructure exists, or in which the existing infrastructure does not meet application requirements for reasons such as security or cost. Applications such as military
exercises, disaster relief, and mine site operation, for example, may benefit from ad hoc networking, but secure and reliable communication is a necessary prerequisite for such applications.



DOWNLOAD LINK:

Attacks on Peer-to-Peer Networks

Attacks on Peer-to-Peer Networks

Abstract
In this thesis, we collect information about known attacks on P2P networks. We try to classify them as well as study the different possible defense mechanisms. As a case study, we take Freenet, a third generation P2P system, which we deeply analyze, including simulating possible behaviors and reactions. Finally, we draw several conclusions about what should be avoided when designing P2P
applications and give a new possible approach to making a P2P application as resilient as possible to malicious users.

Contents
1 Introduction 3
1.1 Peer-to-Peer Network Definition . . . . . . . . . . . . . . . . . . . 3
1.2 Historical . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 Future and Vulnerability . . . . . . . . . . . . . . . . . . . . . . . 4
1.4 Thesis Organisation . . . . . . . . . . . . . . . . . . . . . . . . . 4
2 General Attacks and Defences 6
2.1 DOS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.1 Defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2 Man-in-the-middle Attack . . . . . . . . . . . . . . . . . . . . . . 7
2.2.1 Defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3 Worm Propagation . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3.1 Defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.4 The Human Factor . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 Specific P2P Attacks and Defenses 11
3.1 Rational Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2 File Poisoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.2.1 Defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.3 Sybil Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.3.1 Defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.4 Eclipse Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.4.1 Defenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4 First conclusions 16
4.1 Only Pure P2P! . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2 Reputation-based Systems . . . . . . . . . . . . . . . . . . . . . . 16
4.3 Randomization . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5 Case study: Freenet 18
5.1 Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.2 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.3 Protocol Details . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.3.1 Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.3.2 Retrieving Data . . . . . . . . . . . . . . . . . . . . . . . 20
5.3.3 Storing Data . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.3.4 Managing Data . . . . . . . . . . . . . . . . . . . . . . . . 21
5.3.5 Adding Nodes . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.4 Facts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.5 Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.5.1 DOS Attack I . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.5.2 Malice and Eavesdropping . . . . . . . . . . . . . . . . . . 23
5.5.3 Anonymity . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.5.4 More-then-just-routing Attacks . . . . . . . . . . . . . . . 24
5.5.5 Simulation . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.5.6 DOS Attack II . . . . . . . . . . . . . . . . . . . . . . . . 27
5.6 Future . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
6 Final Conclusions 29
6.1 Concluding Weaknesses . . . . . . . . . . . . . . . . . . . . . . . 29
6.2 Our Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
6.2.1 Observations . . . . . . . . . . . . . . . . . . . . . . . . . 30
6.2.2 PGP, Web of Trust and Darknets . . . . . . . . . . . . . . 30
6.2.3 P2GP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
6.3 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32



DOWNLOAD LINK:

Computer Networking : A Top-Down Approach Featuring the Internet

Computer Networking : A Top-Down Approach Featuring the Internet:

1.   Computer Networks and the Internet
1. What is the Internet?
2. What is a Protocol?
3. The Network Edge
4. The Network Core
   Interactive Programs for Tracing Routes in the Internet
   Java Applet: Message Switching and Packet Switching
5. Access Networks and Physical Media
6. Delay and Loss in Packet-Switched Networks
7. Protocol Layers and Their Service Models
8. Internet Backbones, NAPs and ISPs
9. A Brief History of Computer Networking and the Internet
10.ATM
11.Summary
12.Homework Problems and Discussion Questions
2. Application Layer
1. Principles of Application-Layer Protocols
2. The World Wide Web: HTTP
3. File Transfer: FTP
4. Electronic Mail in the Internet
5. The Internet's Directory Service: DNS
■  Interactive Programs for Exploring DNS
6. Socket Programming with TCP
7. Socket Programming with UDP
8. Building a Simple Web Server
9. Summary
10.Homework Problems and Discussion Questions
3. Transport Layer
1. Transport-Layer Services and Principles
2. Multiplexing and Demultiplexing Applications
3. Connectionless Transport: UDP
4. Principles of Reliable of Data Transfer
■  Java Applet: Flow Control in Action
5. Connection-Oriented Transport: TCP
6. Principles of Congestion Control
7. TCP Congestion Control
8. Summary
9. Homework Problems and Discussion Questions
4. Network Layer and Routing
1. Introduction and Network Service Model
2. Routing Principles
3. Hierarchical Routing
4. Internet Protocol
■  Java Applet: IP Fragmentation
5. Routing in the Internet
6. What is Inside a Router?
7. IPv6
8. Multicast Routing
9. Summary
10.Homework Problems and Discussion Questions
5. Link Layer and Local Area Networks
1. The Data Link Layer: Introduction, Services
2. Error Detection and Correction
3. Multiple Acces Protocols and LANs
4. LAN Addresses and ARP
5. Ethernet
■  CSMA/CD Applet
6. Hubs, Bridges and Switches
7. Wireless LANs: IEEE 802.11
8. The Point-to-Point Protocol
9.
ATM
10.
X.25 and Frame Relay
11.Summary
12.Homework Problems and Discussion Questions
6. Multimedia Networking
1. Multimedia Networking Applications
2. Streaming Stored Audio and Video
3. Making the Best of the Best-Effort Service: An Internet Phone Example
4. RTP
5. Beyond Best Effort
6. Scheduling and Policing Mechanisms for Providing QoS Guarantees
7. Integrated Services
8. RSVP
9. Differentiated Services
10. Summary
11. Homework Problems and Discussion Questions
7.  Security in Computer Networks
1. What is Network Security?
2. Principles of Cryptography
3. Authentication: Who are You?
4. Integrity
5. Key Distribution and Certification
6. Secure E-Mail
7. Internet Commerce
8. Network-Layer Security: IPsec
■  1999 Panel Discussion on Internet Security
9. Summary
10. Homework Problems and Discussion Questions
8.  Network Management
Appendix
1. What is Network Managmenet?
2. The Infrastructure for Network Management
3. The Internet Network Management Framework
4. ASN.1
5. Firewalls
6. Summary
7. Homework Problems and Discussion Questions
●     Lab: Building a multi-threaded Web server in Java
●     Lab: Building a mail user agent in Java
●     Lab: Implementing a reliable transport protocol
●     Lab: Implementing a distributed, asynchronous distance vector routing algorithm


DOWNLOAD LINK:

A Taxonomy of DDoS Attack and DDoS Defense Mechanisms

A Taxonomy of DDoS Attack and DDoS Defense Mechanisms:

ABSTRACT
Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classfication criteria was selected to highlight commonalities and important features of attack strategies, that define challenges and dictate the design of countermeasures. The defense taxonomy classifies the body of existing DDoS defenses based on their design decisions; it then shows how these decisions dictate the advantages and deficiencies of proposed solutions.



DOWNLOAD LINK:

A routing protocol based on node density for ad hoc networks:

A routing protocol based on node density for ad hoc networks:

Abstract

Ad  hoc networks are a type of mobile network that functions without any fixed infrastructure.  One of the weak- nesses of ad hoc networks is that a route used between a source and a destination is likely  to break during commu- nication. To solve this problem, one approach consists of selecting routes whose nodes have the most stable behavior. Another  strategy  aims  at  improving  the route  repair  procedure.  This  paper  proposes a  method for  improving  the success rate of local route repairs in mobile ad hoc networks. This  method is based on the density of the nodes in the neighborhood of a route and on the availability of nodes in this neighborhood. Theoretical computation and simulation results show that  the data  packet  loss rate  decreased significantly  compared  to  other methods which are well documented in the literature.  In  addition,  the time required to complete a local  route repair  following a failure was significantly reduced

DOWNLOAD LINK:

A Review of Current Routing Protocols for Ad Hoc Mobile Wireless Networks

A Review of Current Routing Protocols for Ad Hoc Mobile Wireless Networks


Abstract
An ad hoc mobile network is a collection of mobile nodes that are dynamically and arbitrarily  located  in such a manner  that the interconnections between  nodes are capable  of changing on a continual  basis. In order  to facilitate  communication within the network,  a routing  protocol  is used to discover routes  between  nodes. The primary goal of such an ad hoc network routing  protocol  is correct  and efficient route  establishment between  a pair of nodes so that messages may be delivered  in a timely manner.  Route  construction should be done with a minimum of overhead and bandwidth consumption. This article examines routing  protocols  for ad hoc networks and evaluates  these protocols  based on a given set of parameters. The article provides an overview of eight different  protocols  by presenting  their characteristics and functionality,  and then provides a comparison  and discussion of their respective  merits and drawbacks.


DOWNLOAD LINK:

A reinforcement learning ticket-based probing path discovery scheme for MANETs:

A  reinforcement learning ticket-based probing path discovery scheme for MANETs:

Abstract

In  this paper, a path discovery scheme which supports QoS routing in mobile ad hoc networks (MANETs)  in the presence of imprecise information  is investigated. The  aim is to increase the probability  of success in finding feasible paths and reduce average path cost of a previously proposed ticket based probing (TBP)  path discovery scheme. The proposed scheme integrates the original  TBP scheme with a reinforcement learning  method called the on-policy first- visit Monte Carlo (ONMC) method. We investigate the performance of the ONMC method in the presence of imprecise information. Our numerical study shows that, in respect to a flooding based algorithm, message overhead reduction can be achieved with marginal difference in the path search ability and additional computational  and storage requirements. When the average message overhead of the ONMC  method is reduced to the same order of magnitude of the original TBP, the ONMC method gains an improvement of 28% in success ratio and 7% reduction in the average path cost over the original TBP

DOWNLOAD LINK:

A quadratic optimization method for connectivity and coverage control in backbone-based wireless networks:

A quadratic optimization method for connectivity and  coverage control in backbone-based wireless networks:

a b s t r a c t 

The   use of  directional wireless communications to form flexible mesh backbone net- works, which provide broadband connectivity to capacity-limited wireless networks or hosts, promises to  circumvent the  scalability limitations of  traditional  homogeneous wireless networks. The  main challenge in  the design of  directional wireless backbone (DWB)  networks is to assure backbone network requirements such as  coverage and con- nectivity in  a  dynamic wireless environment. This  paper considers the use of  mobility control, as  the dynamic reposition of  backbone nodes, to provide assured coverage-con- nectivity in dynamic environments. This  paper presents a novel approach to the joint cov- erage-connectivity optimization problem by  formulating it as  a  quadratic minimization problem. Quadratic cost functions for  network coverage and backbone connectivity are defined in  terms of  the square distance between neighbor nodes, which are   related to the actual energy usage of  the network system. Our   formulation allows the design of self-organized network systems which autonomously achieve energy minimizing config- urations driven by  local forces  exerted on  network nodes. The  net force on  a  backbone node is  defined as  the negative energy gradient at the location of  the backbone node. A completely distributed algorithm is presented that allows backbone nodes to adjust their positions based on  information about neighbors’ position only. We  present initial simula- tion results that show the effectiveness of  our force-based mobility control algorithm to provide network configurations that optimize both network coverage and backbone con- nectivity in  different scenarios. Our  algorithm is shown to be  adaptive, scalable and self-
organized.

DOWNLOAD LINK:

A novel location estimation based on pattern matching algorithm in underwater environments

A novel  location estimation based on pattern matching algorithm in underwater environments:



a b s t r a  c t 



In this paper, we  present a novel approach based on  pattern recognition to treat the underwater locali- zation. The  goal  is  to achieve underwater localization by  the pattern matching algorithm. It should be noted that the reflected signals in underwater environments do not affect our location estimation. There- fore,  the underwater localization in this study is straightforward and efficient by using the pattern match- ing  algorithm. We  exploit the maximum likelihood (ML) to perform our study. Initially, the underwater signals are  collected by  the sound receiver at some sampling locations. These signals are  suitably pro- cessed by  the ML models and are  stored in database. The  test location in real-time is estimated through the database. Experimental results show that good accuracy of positioning can  be  obtained by  proposed schemes. The  proposed localization schemes can  be  applied to many other applications in  underwater

environments.



DOWNLOAD LINK:
CLICK ME

Upgrading to Certified Linux Engineer 10

Upgrading to Certified Linux Engineer 10

Contents
Introduction
Course Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2
Audience  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2
Certification and Prerequisites. . . . . . . . . . . . . . . . . . . . . . . Intro-3
SUSE Linux Enterprise Server 10 Support and
Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-5
Novell Customer Center  . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-6
SUSE Linux Enterprise Server 10 Online Resources  . . . . . Intro-7
Exercise Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-8
SECTION 1 Installation of SUSE Linux Enterprise Server 10
Objective  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Objective 1 Understand the Novell Customer Center Configuration and
Online Update  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1-2
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
SECTION 2 Use the GNOME Desktop Environment
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Objective 1 Log In. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Objective 2 Log Out and Shut Down  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
Objective 3 Identify GNOME Desktop Components . . . . . . . . . . . . . . . . . 2-6
Objective 4 Manage Icons in GNOME . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-10
Desktop  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-10
Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-13
Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-14
Objective 5 Use the GNOME File Manager (Nautilus)  . . . . . . . . . . . . . . .2-15
Objective 6 Search for Files  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-17
Objective 7 Access the Command Line Interface From the Desktop . . . . .2-19
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-20
SECTION 3 Manage Hardware
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Objective 1 Describe the Differences between Devices and Interfaces  . . . 3-2
Objective 2 Describe how Device Drivers Work  . . . . . . . . . . . . . . . . . . . . 3-3
Objective 3 Describe how Device Drivers Are Loaded  . . . . . . . . . . . . . . . 3-6
Objective 4 Manage Kernel Modules Manually . . . . . . . . . . . . . . . . . . . . . 3-7
Kernel Module Basics  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-7
Manage Modules from the Command Line . . . . . . . . . . . . . . .   3-8
modprobe Configuration File (/etc/modprobe.conf)  . . . . . . .   3-11
Exercise 3-1 Manage the Linux Kernel Modules . . . . . . . . . . 3-12
Objective 5 Describe the sysfs File System  . . . . . . . . . . . . . . . . . . . . . . . .3-14
Objective 6 Describe how udev Works . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-17
Understand the Purpose of udev  . . . . . . . . . . . . . . . . . . . . . .   3-17
Understand how udev Works . . . . . . . . . . . . . . . . . . . . . . . . .   3-18
Understand Persistent Interface Names . . . . . . . . . . . . . . . . .   3-19
Exercise 3-2 Add a device symlink with udev . . . . . . . . . . . . 3-22
Objective 7 Use the hwup Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-23
From Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-24
From sysfs  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-27
Exercise 3-3 Explore Hardware Initialization. . . . . . . . . . . . . 3-28
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-30
SECTION 4 Configure Linux File System Partitions
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Objective 1 Finalize Partitioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Objective 2 Configure LVM with Command Line Tools . . . . . . . . . . . . . . 4-3
Tools to Administer Physical Volumes . . . . . . . . . . . . . . . . . .   4-3
Tools to Administer Volume Groups . . . . . . . . . . . . . . . . . . . .   4-4
Tools to Administer Logical Volumes . . . . . . . . . . . . . . . . . . .   4-5
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
SECTION 5 Use the NetworkManager to Configure the Network
Objective  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Objective 1 Use the NetworkManager to Configure the Network  . . . . . . . 5-2
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
SECTION 6 Administer User Access and Security
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Objective 1 Configure User Authentication with PAM  . . . . . . . . . . . . . . . 6-2
Location and Purpose of PAM Configuration Files  . . . . . . . .   6-4
PAM Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   6-5
PAM Configuration File Examples . . . . . . . . . . . . . . . . . . . . .   6-8
Secure Password Guidlines  . . . . . . . . . . . . . . . . . . . . . . . . . .   6-11
PAM Documentation Resources  . . . . . . . . . . . . . . . . . . . . . .   6-12
Exercise 6-1 Configure PAM Authentication . . . . . . . . . . . . . 6-13
Objective 2 Configure Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . .6-16
Exercise 6-2 Configure the Password Security Settings . . . . . 6-27
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-29
SECTION 7 Use Syslog Daemon syslog-ng
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Objective 1 Use Syslog Daemon syslog-ng  . . . . . . . . . . . . . . . . . . . . . . . . 7-2
/etc/sysconfig/syslog  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   7-3
/etc/syslog-ng/syslog-ng.conf.in  . . . . . . . . . . . . . . . . . . . . . . .   7-4
/etc/syslog-ng/syslog-ng.conf  . . . . . . . . . . . . . . . . . . . . . . . . .   7-4
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-11
SECTION 8 Manage Virtualization with Xen
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Objective 1 Understand the Concept of Virtualization . . . . . . . . . . . . . . . . 8-2
Objective 2 Understand How Xen Works. . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
Understand Virtualization Methods . . . . . . . . . . . . . . . . . . . . .   8-4
Understand the Xen Architecture  . . . . . . . . . . . . . . . . . . . . . .   8-6
Objective 3 Install Xen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8
Exercise 8-1 Install Xen  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11
Objective 4 Manage Xen Domains with YaST . . . . . . . . . . . . . . . . . . . . . .8-13
Exercise 8-2 Install a Guest Domain. . . . . . . . . . . . . . . . . . . . 8-20
Objective 5 Manage Xen Domains at the Command Line . . . . . . . . . . . . .8-22
Understand a Domain Configuration File  . . . . . . . . . . . . . . .   8-22
Use the xm Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   8-24
Exercise 8-3 Change Memory Allocation of a Guest Domain 8-28
Automate Domain Startup and Shutdown . . . . . . . . . . . . . . .   8-30
Exercise 8-4 Automate Domain Startup . . . . . . . . . . . . . . . . . 8-31
Objective 6 Understand Xen Networking . . . . . . . . . . . . . . . . . . . . . . . . . .8-32
Understand the Basic Networking Concept . . . . . . . . . . . . . .   8-32
Understand Bridging  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   8-33
Understand the Network Interfaces in domain0  . . . . . . . . . .   8-34
Exercise 8-5 Check the Network Configuration . . . . . . . . . . . 8-38
Objective 7 Migrate a Guest Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-39
Use Domain Save and Restore . . . . . . . . . . . . . . . . . . . . . . . .   8-39
Use Migration and Live Migration  . . . . . . . . . . . . . . . . . . . .   8-40
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-41
SECTION 9 Configure a DNS Server Using BIND
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Objective 1 Create a Key for Zone Transfer . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Objective 2 Configure Dynamic DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8
SECTION 10 Configure DHCP Pools and Failover
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1
Objective 1 Configure DHCP Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-2
Objective 2 Configure DHCP Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-4
Basics of DHCP Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-4
Configure Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-5
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-19
SECTION 11 Manage OpenLDAP
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-1
Objective 1 Install and Set Up an OpenLDAP Server  . . . . . . . . . . . . . . . .11-2
Install the Required Software and Start the Server  . . . . . . . .   11-2
Configure OpenLDAP with YaST . . . . . . . . . . . . . . . . . . . . .   11-6
Exercise 11-1 Set Up OpenLDAP with YaST . . . . . . . . . . . 11-21
Edit the OpenLDAP Configuration Files . . . . . . . . . . . . . . .   11-24
Objective 2 Activate LDAP Authentication . . . . . . . . . . . . . . . . . . . . . . . 11-34
Change the User Password  . . . . . . . . . . . . . . . . . . . . . . . . .   11-34
Activate pam_ldap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   11-37
Exercise 11-2 Set up an LDAP User Database . . . . . . . . . . . 11-39
Objective 3 Replicate OpenLDAP Servers . . . . . . . . . . . . . . . . . . . . . . . . 11-43
Add the Replicaton DN to the LDAP Directory  . . . . . . . . .   11-43
Configure slapd for Replication . . . . . . . . . . . . . . . . . . . . . .   11-44
The Command-Line Options of slurpd  . . . . . . . . . . . . . . . .   11-46
Transfer the LDAP Database . . . . . . . . . . . . . . . . . . . . . . . .   11-47
Exercise 11-3 Replicate OpenLDAP Servers . . . . . . . . . . . . 11-48
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-52
SECTION 12 Configure a Mail Server
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-1
Objective 1 Understand SMTP Communication. . . . . . . . . . . . . . . . . . . . .12-2
The SMTP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   12-2
Command Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   12-5
SMTP Reply Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   12-6
Minimal SMTP Command Implementation  . . . . . . . . . . . . .   12-8
An Example for Sending Mail with Telnet  . . . . . . . . . . . . . .   12-9
Objective 2 Manage Spam. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-10
Use SpamAssassin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   12-10
Test SpamAssassin  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   12-11
Objective 3 Use a Virus Scanner for Email. . . . . . . . . . . . . . . . . . . . . . . . 12-12
AVMailGate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   12-12
Exercise 12-1 Use AVMailGate as a Virus Scanner for
Email. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-24
AMaViSd-new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   12-27
Exercise 12-2 Use AMaViSd as Virus Scanner for Email . . 12-40
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-44
SECTION 13 Apply Security
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1
Objective 1 Apply Security Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-2
Configure the Novell Customer Center . . . . . . . . . . . . . . . . .   13-3
Use the YaST Online Update . . . . . . . . . . . . . . . . . . . . . . . . .   13-4
Objective 2 Understand Recent Match of iptables  . . . . . . . . . . . . . . . . . . .13-7
Objective 3 Log to a Remote Host  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-8
Client Side Configuration of Syslog-ng . . . . . . . . . . . . . . . . .   13-8
Server Side Configuration of Syslog-ng  . . . . . . . . . . . . . . . .   13-9
Exercise 13-1 Log to a Remote Host  . . . . . . . . . . . . . . . . . . 13-10
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-13
SECTION 14 AppArmor
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-1
Objective 1 Improve Application Security with AppArmor . . . . . . . . . . . .14-2
Objective 2 Create and Manage AppArmor Profiles  . . . . . . . . . . . . . . . . .14-4
Understand Profiles and Rules . . . . . . . . . . . . . . . . . . . . . . . .   14-5
Administer AppArmor Profiles with YaST . . . . . . . . . . . . . .   14-8
Administer AppArmor Profiles with Command Line Tools   14-17
Exercise 14-1 AppArmor  . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-22
Objective 3 Control AppArmor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-27
Start and Stop AppArmor  . . . . . . . . . . . . . . . . . . . . . . . . . .   14-27
View AppArmor’s Status . . . . . . . . . . . . . . . . . . . . . . . . . . .   14-28
Reload Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   14-31
Objective 4 Monitor AppArmor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-32
Security Event Report  . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   14-32
Security Event Notification . . . . . . . . . . . . . . . . . . . . . . . . .   14-35
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-37


CLICK ME to download

SUSE Linux Enterprise Server 10 Advanced Administration

SUSE Linux Enterprise Server 10 Advanced Administration

Contents
Course Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2
Audience  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2
Certification and Prerequisites. . . . . . . . . . . . . . . . . . . . . . . Intro-3
SUSE Linux Enterprise Server 10
Support and Maintenance  . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-6
Novell Customer Center  . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-7
SUSE Linux Enterprise Server 10 Online Resources  . . . . . Intro-8
Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-9
Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-10
Exercise Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-11
SECTION 1 Manage Virtualization with Xen
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Objective 1 Understand the Concept of Virtualization . . . . . . . . . . . . . . . . 1-3
Objective 2 Understand How Xen Works. . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Understand Virtualization Methods . . . . . . . . . . . . . . . . . . . . .   1-5
Understand the Xen Architecture  . . . . . . . . . . . . . . . . . . . . . .   1-7
Objective 3 Install Xen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
Exercise
1-1 Install Xen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12
Objective 4 Manage Xen Domains with YaST . . . . . . . . . . . . . . . . . . . . . .1-13
Exercise
1-2 Install a Guest Domain  . . . . . . . . . . . . . . . . . . . . 1-19
Objective 5 Manage Xen Domains at the Command Line . . . . . . . . . . . . .1-20
Understand a Domain Configuration File  . . . . . . . . . . . . . . .   1-20
Use the xm Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   1-22
Exercise 1-3 Change Memory Allocation of a Guest Domain. 1-25
Automate Domain Startup and Shutdown . . . . . . . . . . . . . . .   1-26
Exercise 1-4 Automate Domain Startup. . . . . . . . . . . . . . . . . . 1-27
Objective 6 Understand Xen Networking . . . . . . . . . . . . . . . . . . . . . . . . . .1-28
Understand the Basic Networking Concept . . . . . . . . . . . . . .   1-28
Understand Bridging  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   1-29
Understand the Network Interfaces in domain0  . . . . . . . . . .   1-30
Exercise 1-5 Check the Network Configuration. . . . . . . . . . . . 1-34
Objective 7 Migrate a Guest Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-35
Use Domain Save and Restore . . . . . . . . . . . . . . . . . . . . . . . .   1-35
Use Migration and Live Migration  . . . . . . . . . . . . . . . . . . . .   1-36
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-37
SECTION 2 Configure a Web Application Server
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Objective 1 Setup a Basic Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
The Basic Functionality of a Web Server  . . . . . . . . . . . . . . . .   2-2
Install a Basic Apache Web Server  . . . . . . . . . . . . . . . . . . . . .   2-3
Exercise 2-1 Install Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Exercise 2-2 Test the Apache Installation  . . . . . . . . . . . . . . . . . 2-7
Understand the Structure and the Basic Elements of the 
Apache Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-8
Understand the Default Apache Configuration . . . . . . . . . . .   2-10
Objective 2 Configure Virtual Hosts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-12
Exercise
2-3 Configure a Virtual Host . . . . . . . . . . . . . . . . . . . 2-16
Objective 3 Limit Access to the Web Server  . . . . . . . . . . . . . . . . . . . . . . .2-17
Exercise
2-4 Configure User Authentication . . . . . . . . . . . . . . 2-21
Objective 4 Configure Apache with OpenSSL . . . . . . . . . . . . . . . . . . . . . .2-22
Exercise
2-5 Configure SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30
Objective 5 Install PHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-31
Understand how PHP Works . . . . . . . . . . . . . . . . . . . . . . . . .   2-31
Install PHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-32
Test the PHP Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-33
Exercise 2-6 Install PHP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-35
Objective 6 Describe Tomcat  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-36
Objective 7 Install and Configure Tomcat  . . . . . . . . . . . . . . . . . . . . . . . . .2-38
Install the Tomcat Packages  . . . . . . . . . . . . . . . . . . . . . . . . .   2-38
Exercise 2-7 Install Tomcat . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-39
Understand the File System Structure . . . . . . . . . . . . . . . . . .   2-40
Edit the server.xml File  . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-41
Exercise 2-8 Use a Configuration Template. . . . . . . . . . . . . . . 2-48
Objective 8 Install Web Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-49
Exercise
2-9 Install an Example Application . . . . . . . . . . . . . . 2-51
Objective 9 Use Tomcat‘s Administration Tools . . . . . . . . . . . . . . . . . . . .2-52
Use the Manager to Control Web Applications . . . . . . . . . . .   2-52
Use the Admin Interface to Adjust the Server Configuration   2-55
Limit Access to the Administration Tools . . . . . . . . . . . . . . .   2-57
Exercise 2-10 Enable the Manager and Admin Tools . . . . . . . 2-58
Objective 10 Use Port 80 to Access Tomcat . . . . . . . . . . . . . . . . . . . . . . . . .2-59
Exercise
2-11 Configure rinetd to Forward Port 80 to 
Port 8080. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-61
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-62
SECTION 3 Configure and Use Samba
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Objective 1 Understand Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Objective 2 Configure a Simple File Server . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Install Samba  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-4
Exercise 3-1 Install Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Understand Samba‘s Configuration File  . . . . . . . . . . . . . . . . .   3-6
Objective 3 Configure User Authentication  . . . . . . . . . . . . . . . . . . . . . . . .3-10
Exercise
3-2 Configure a Share for the User Geeko  . . . . . . . . 3-16
Objective 4 Use Samba‘s Client Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-17
Use nmblookup  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-17
Use smbclient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-18
Exercise 3-3 Access the Share of the User Geeko with
smbclient. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21
Exercise
3-4 Mount Geeko's Share. . . . . . . . . . . . . . . . . . . . . . 3-23
Objective 5 Use Samba as a Domain Controller . . . . . . . . . . . . . . . . . . . . .3-24
Understand a Domain Controller . . . . . . . . . . . . . . . . . . . . . .   3-24
Configure /etc/samba/smb.conf . . . . . . . . . . . . . . . . . . . . . . .   3-25
Objective 6 Integrate Samba in a Windows Domain  . . . . . . . . . . . . . . . . .3-28
Objective 7 Configure Samba as Print Server. . . . . . . . . . . . . . . . . . . . . . .3-30
Preprocess on the Samba Server  . . . . . . . . . . . . . . . . . . . . . .   3-31
Share One Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-31
Preprocess on the Windows Client  . . . . . . . . . . . . . . . . . . . .   3-34
Exercise 3-5 Configure Samba as a Print Server . . . . . . . . . . . 3-36
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-37
SECTION 4 Enable Fundamental Network Services
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Objective 1 Enable the Extended Internet Daemon (xinetd). . . . . . . . . . . . 4-2
What xinetd Is  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   4-2
Configure xinetd with YaST  . . . . . . . . . . . . . . . . . . . . . . . . . .   4-3
Manage xinetd Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   4-4
Exercise 4-1 Configure the Internet Daemon (xinetd) . . . . . . . 4-15
Objective 2 Enable an FTP Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-16
The Role of an FTP Server  . . . . . . . . . . . . . . . . . . . . . . . . . .   4-16
How FTP Works  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   4-17
Advantages of PureFTPd Server  . . . . . . . . . . . . . . . . . . . . . .   4-18
Install and Run PureFTPd Server  . . . . . . . . . . . . . . . . . . . . .   4-19
Configure PureFTPd Server . . . . . . . . . . . . . . . . . . . . . . . . . .   4-21
Manage PureFTPd Logs  . . . . . . . . . . . . . . . . . . . . . . . . . . . .   4-26
Exercise 4-2 Configure Anonymous PureFTPd Access. . . . . . 4-27
Objective 3 Configure Time on SUSE Linux Enterprise Server 10 . . . . . .4-28
Overview  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   4-28
Synchronize Time with netdate and hwclock  . . . . . . . . . . . .   4-32
The Network Time Protocol (NTP) . . . . . . . . . . . . . . . . . . . .   4-35
Synchronize Time with NTP . . . . . . . . . . . . . . . . . . . . . . . . .   4-40
Exercise 4-3 Configure ntpd. . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49
Objective 4 Configure NFS (Network File System) . . . . . . . . . . . . . . . . . .4-50
Exercise
4-4 Set Up and Manage Network File System (NFS) 4-65
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-66
SECTION 5 Create Shell Scripts
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Objective 1 Understand the Course Project. . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Exercise
5-1 Prepare your Environment. . . . . . . . . . . . . . . . . . . 5-6
Objective 2 Use Basic Script Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Exercise
5-2 Create a Basic Shell Script  . . . . . . . . . . . . . . . . . 5-12
Objective 3 Understand Variables and Command Substitution . . . . . . . . .5-13
Exercise
5-3 Use Variables and Command Substitution . . . . . 5-16
Objective 4 Use Control Structures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-17
Create Branches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-17
Exercise 5-4 Use an if Control Structure . . . . . . . . . . . . . . . . . 5-21
Create Loops  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-22
Exercise 5-5 Use a while Loop. . . . . . . . . . . . . . . . . . . . . . . . . 5-26
Objective 5 Use Arithmetic Operators  . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-27
Exercise
5-6 Use Arithmetic Operators . . . . . . . . . . . . . . . . . . 5-30
Objective 6 Read User Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-31
Exercise
5-7 Read User Input. . . . . . . . . . . . . . . . . . . . . . . . . . 5-34
Objective 7 Use Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-35
Exercise
5-8 Use Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-38
Objective 8 Finalize the Course Project  . . . . . . . . . . . . . . . . . . . . . . . . . . .5-39
View Request Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-40
Delete Requests  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-41
Exercise 5-9 Add more Commands . . . . . . . . . . . . . . . . . . . . . 5-44
Objective 9 Use Advanced Scripting Techniques . . . . . . . . . . . . . . . . . . . .5-45
Use Shell Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-45
Exercise 5-10 Use Shell Functions. . . . . . . . . . . . . . . . . . . . . . 5-48
Read Options with getopts . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-49
Objective 10 Learn About Useful Commands in Shell Scripts. . . . . . . . . . .5-51
Use the cat Command  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-51
Use the cut Command  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-51
Use the date Command  . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-53
Use the grep and egrep Commands . . . . . . . . . . . . . . . . . . . .   5-54
Use the sed Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-54
Use the test Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-59
Use the tr Command  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-61
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-63
SECTION 6 Compile Software from Source
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Objective 1 Understand the Basics of C Programming. . . . . . . . . . . . . . . . 6-3
The Difference Between Source Code and an Executable  . . .   6-3
The Structure of a Simple C Program  . . . . . . . . . . . . . . . . . . .   6-5
Compile a Simple C Program  . . . . . . . . . . . . . . . . . . . . . . . . .   6-7
Exercise 6-1 Compile a Simple C Program . . . . . . . . . . . . . . . . 6-9
Objective 2 Understand the Concept of Shared Libraries . . . . . . . . . . . . . .6-10
Objective 3 Understand the GNU Build Tool Chain. . . . . . . . . . . . . . . . . .6-13
Use configure to Prepare the Build Process . . . . . . . . . . . . . .   6-13
Use make to Compile the Source Code . . . . . . . . . . . . . . . . .   6-14
Use make install to Install the Compiled Program  . . . . . . . .   6-15
Install the Required Packages for a Build Environment  . . . .   6-16
Objective 4 Perform a Standard Build Process . . . . . . . . . . . . . . . . . . . . . .6-17
Exercise
6-2 Compile Software from a Source Package . . . . . 6-22
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-23
SECTION 7 Perform a Health Check and Performance Tuning
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Objective 1 Find Performance Bottlenecks. . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Analyze Processes and Processor Utilization  . . . . . . . . . . . . .   7-4
Analyze Memory Utilization and Performance . . . . . . . . . . . .   7-6
Analyze Storage Performance . . . . . . . . . . . . . . . . . . . . . . . .   7-10
Analyze Network Utilization and Performance . . . . . . . . . . .   7-14
Exercise 7-1 Analyze System Performance . . . . . . . . . . . . . . . 7-18
Objective 2 Reduce System and Memory Load . . . . . . . . . . . . . . . . . . . . .7-19
Analyze CPU-Intensive Applications  . . . . . . . . . . . . . . . . . .   7-19
Run Only Required Software . . . . . . . . . . . . . . . . . . . . . . . . .   7-20
Keep Your Software Up to Date  . . . . . . . . . . . . . . . . . . . . . .   7-22
Optimize Swap Partitions  . . . . . . . . . . . . . . . . . . . . . . . . . . .   7-22
Change Hardware Components . . . . . . . . . . . . . . . . . . . . . . .   7-23
Exercise 7-2 Reduce Resource Utilization . . . . . . . . . . . . . . . . 7-26
Objective 3 Optimize the Storage System. . . . . . . . . . . . . . . . . . . . . . . . . .7-27
Configure IDE Drives with hdparm . . . . . . . . . . . . . . . . . . . .   7-27
Tune Kernel Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   7-29
Tune File System Access . . . . . . . . . . . . . . . . . . . . . . . . . . . .   7-32
Change Hardware Components . . . . . . . . . . . . . . . . . . . . . . .   7-35
Exercise 7-3 Tune an IDE Hard Drive with hdparm . . . . . . . . 7-36
Objective 4 Tune the Network Performance . . . . . . . . . . . . . . . . . . . . . . . .7-37
Change Kernel Network Parameters  . . . . . . . . . . . . . . . . . . .   7-37
Change Your Network Environment . . . . . . . . . . . . . . . . . . .   7-39
Objective 5 Use Powertweak. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-41
Exercise
7-4 Use Powertweak  . . . . . . . . . . . . . . . . . . . . . . . . . 7-45
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-46
SECTION 8 Manage Hardware
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Objective 1 Describe the Differences between Devices and Interfaces  . . . 8-3
Objective 2 Describe how Device Drivers Work  . . . . . . . . . . . . . . . . . . . . 8-4
Objective 3 Describe how Device Drivers Are Loaded  . . . . . . . . . . . . . . . 8-6
Objective 4 Manage Kernel Modules Manually . . . . . . . . . . . . . . . . . . . . . 8-7
Kernel Module Basics  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   8-7
Manage Modules from the Command Line . . . . . . . . . . . . . . .   8-8
modprobe Configuration File (/etc/modprobe.conf)  . . . . . . .   8-10
Exercise 8-1 Manage the Linux Kernel Modules. . . . . . . . . . . 8-12
Objective 5 Describe the sysfs File System  . . . . . . . . . . . . . . . . . . . . . . . .8-13
Objective 6 Describe how udev Works . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-16
Understand the Purpose of udev  . . . . . . . . . . . . . . . . . . . . . .   8-16
Understand how udev Works . . . . . . . . . . . . . . . . . . . . . . . . .   8-17
Understand Persistent Interface Names . . . . . . . . . . . . . . . . .   8-18
Exercise 8-2 Add a device symlink with udev . . . . . . . . . . . . . 8-21
Objective 7 Use the hwup Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-22
From Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . .   8-23
From sysfs  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   8-25
Exercise 8-3 Explore Hardware Initialization  . . . . . . . . . . . . . 8-27
Objective 8 Obtain Hardware Configuration Information from YaST . . . .8-28
Exercise
8-4 Obtain Hardware Configuration Information . . . 8-29
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-30
SECTION 9 Prepare for the Novell CLP 10 Practicum
Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Objective 1 Install a Xen Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3
Objective 2 Configure a Web Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
Objective 3 Configure a Samba File Server  . . . . . . . . . . . . . . . . . . . . . . . . 9-5
Objective 4 Automate System Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6


CLICK ME to download

SUSE Linux Enterprise Server 10 Advance Administration

SUSE Linux Enterprise Server 10 Administration

Contents
Introduction
Course Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Intro-2
Audience  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2
Certification and Prerequisites. . . . . . . . . . . . . . . . . . . . . . . Intro-3
SUSE Linux Enterprise Server 10 Support and
Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Intro-5
Novell Customer Center  . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-6
SUSE Linux Enterprise Server 10 Online Resources  . . . . . Intro-7
Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-8
Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-9
Exercises  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-9
Exercise Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-10
SECTION 1 Install SUSE Linux Enterprise Server 10
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1-1
Objective 1 Perform a SLES 10 Installation . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Boot From the Installation Media  . . . . . . . . . . . . . . . . . . . . . .   1-2
Select the System Language  . . . . . . . . . . . . . . . . . . . . . . . . . .   1-5
Select the Installation Mode  . . . . . . . . . . . . . . . . . . . . . . . . . .   1-6
Set the Clock and Time Zone  . . . . . . . . . . . . . . . . . . . . . . . . .   1-8
Understand and Change the Installation Settings  . . . . . . . . . .   1-9
Verify Partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   1-10
Select Software  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   1-25
Start the Installation Process  . . . . . . . . . . . . . . . . . . . . . . . . .   1-28
Objective 2 Configure the SLES 10 Installation . . . . . . . . . . . . . . . . . . . . .1-29
Set the Hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   1-29
Set the root Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   1-29
Configure the Network  . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   1-31
Test the Internet Connection  . . . . . . . . . . . . . . . . . . . . . . . . .   1-38
Novell Customer Center Configuration and Online Update  .   1-39
Configure Network Services  . . . . . . . . . . . . . . . . . . . . . . . . .   1-42
Manage Users  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   1-43
Configure Hardware  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   1-47
Finalize the Installation Process  . . . . . . . . . . . . . . . . . . . . . .   1-49
Objective 3 Troubleshoot the Installation Process  . . . . . . . . . . . . . . . . . . .1-50
Exercise
1-1 Install SUSE Linux Enterprise Server 10 . . . . . . 1-53
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-54
SECTION 2 Administer the Linux File System
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2-1
Objective 1 Select a Linux File System  . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Linux File Systems  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-3
Virtual Filesystem Switch  . . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-5
Linux File System Internals . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-6
File System Journaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-13
Additional File System Documentation . . . . . . . . . . . . . . . . .   2-14
Objective 2 Configure Linux File System Partitions  . . . . . . . . . . . . . . . . .2-16
Linux Device and Partition Names  . . . . . . . . . . . . . . . . . . . .   2-16
Design Guidelines for Implementing Partitions  . . . . . . . . . .   2-18
Manage Partitions with YaST  . . . . . . . . . . . . . . . . . . . . . . . .   2-21
Manage Partitions with fdisk . . . . . . . . . . . . . . . . . . . . . . . . .   2-23
Objective 3 Manage Linux File Systems. . . . . . . . . . . . . . . . . . . . . . . . . . .2-30
Create a File System Using YaST . . . . . . . . . . . . . . . . . . . . .   2-30
Create a File System Using Command Line Tools  . . . . . . . .   2-32
Mount File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-36
Exercise
2-1 Configure Partitions on Your Hard Drive . . . . . . 2-43
Monitor and Check a File System  . . . . . . . . . . . . . . . . . . . . .   2-44
Exercise
2-2 Manage File Systems from the Command Line  . 2-50
Objective 4 Configure Logical Volume Manager (LVM) and Software
RAID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2-51
How to Use VM Components  . . . . . . . . . . . . . . . . . . . . . . . .   2-51
How to Use VM Features  . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-53
How to Configure Logical Volumes With YaST  . . . . . . . . .   2-54
How to Configure LVM with Command Line Tools  . . . . . .   2-60
Manage Software RAID  . . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-63
Exercise
2-3 Create Logical Volumes . . . . . . . . . . . . . . . . . . . 2-66
Objective 5 Set Up and Configure Disk Quotas . . . . . . . . . . . . . . . . . . . . .2-67
Prepare the File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   2-68
Initialize the Quota System  . . . . . . . . . . . . . . . . . . . . . . . . . .   2-69
Start and Activate the Quota Service . . . . . . . . . . . . . . . . . . .   2-69
Configure and Manage User and Group Quotas  . . . . . . . . . .   2-70
Exercise
2-4 Set Up and Configure Disk Quotas . . . . . . . . . . . 2-74
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-75
SECTION 3 Administer User Access and Security
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-1
Objective 1 Configure User Authentication with PAM  . . . . . . . . . . . . . . . 3-2
Location and Purpose of PAM Configuration Files  . . . . . . . .   3-4
PAM Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-5
PAM Configuration File Examples . . . . . . . . . . . . . . . . . . . . .   3-8
Secure Password Guidlines  . . . . . . . . . . . . . . . . . . . . . . . . . .   3-11
PAM Documentation Resources  . . . . . . . . . . . . . . . . . . . . . .   3-12
Exercise
3-1 Configure PAM Authentication  . . . . . . . . . . . . . 3-13
Objective 2 Manage and Secure the Linux User Environment . . . . . . . . . .3-14
Perform Administrative Tasks as root . . . . . . . . . . . . . . . . . .   3-14
Delegate Administrative Tasks With sudo  . . . . . . . . . . . . . .   3-16
Set Defaults for New User Accounts . . . . . . . . . . . . . . . . . . .   3-19
Configure Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . .   3-22
Exercise
3-2 Configure the Password Security Settings  . . . . . 3-33
Objective 3 Use Access Control Lists (ACLs) for Advanced Access
Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-34
The Basics of ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-34
Basic ACL commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-35
Important ACL Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-36
ACL Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-37
How ACLs and Permission Bits Map to Each Other . . . . . . .   3-39
How to Use the ACL Command Line Tools . . . . . . . . . . . . .   3-41
How to Configure a Directory with an Access ACL . . . . . . .   3-42
How to Configure a Directory with a Default ACL  . . . . . . .   3-47
Additional setfacl Options . . . . . . . . . . . . . . . . . . . . . . . . . . .   3-51
The ACL Check Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . .   3-51
How Applications Handle ACLs . . . . . . . . . . . . . . . . . . . . . .   3-52
Exercise
3-3 Use ACLs  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-53
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-54
SECTION 4 Configure the Network Manually
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4-1
Objective 1 Understand Linux Network Terms  . . . . . . . . . . . . . . . . . . . . . 4-2
Objective 2 Set Up Network Interfaces with the ip Tool  . . . . . . . . . . . . . . 4-3
Display the Current Network Configuration . . . . . . . . . . . . . .   4-3
Change the Current Network Configuration  . . . . . . . . . . . . . .   4-8
Save Device Settings to a Configuration File  . . . . . . . . . . . .   4-10
Objective 3 Set Up Routing with the ip Tool . . . . . . . . . . . . . . . . . . . . . . .4-15
View the Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   4-15
Add Routes to the Routing Table  . . . . . . . . . . . . . . . . . . . . .   4-16
Delete Routes from the Routing Table  . . . . . . . . . . . . . . . . .   4-18
Save Routing Settings to a Configuration File  . . . . . . . . . . .   4-18
Objective 4 Test the Network Connection With Command Line Tools . . .4-20
Test Network Connections with ping  . . . . . . . . . . . . . . . . . .   4-20
Trace Network Packets with traceroute . . . . . . . . . . . . . . . . .   4-22
Exercise
4-1 Configure the Network Connection Manually  . . 4-24
Objective 5 Configure Host Name and Name Resolution. . . . . . . . . . . . . .4-25
Set the Host and Domain Name . . . . . . . . . . . . . . . . . . . . . . .   4-25
Configure Name Resolution  . . . . . . . . . . . . . . . . . . . . . . . . .   4-25
Objective 6 Use the NetworkManager to Configure the Network  . . . . . . .4-27
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-30
SECTION 5 Administer Linux Processes and Services
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5-1
Objective 1 View and Manage Processes . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Understand Process Definitions . . . . . . . . . . . . . . . . . . . . . . . .   5-2
Learn Jobs and Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-5
Manage Foreground and Background Processes . . . . . . . . . . .   5-5
View and Prioritize Processes  . . . . . . . . . . . . . . . . . . . . . . . . .   5-8
End a Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-16
Understand Services (Daemons)  . . . . . . . . . . . . . . . . . . . . . .   5-20
Manage a Daemon Process  . . . . . . . . . . . . . . . . . . . . . . . . . .   5-21
Exercise
5-1 Manage Linux Processes . . . . . . . . . . . . . . . . . . . 5-24
Objective 2 Schedule Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-25
Schedule a Job (cron) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   5-25
Run a Job One Time Only (at) . . . . . . . . . . . . . . . . . . . . . . . .   5-30
Exercise
5-2 Schedule Jobs with cron and at . . . . . . . . . . . . . . 5-32
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-33
SECTION 6 Monitor SUSE Linux Enterprise Server 10
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6-1
Objective 1 Monitor a SUSE Linux Enterprise Server 10 System . . . . . . . 6-2
Boot Log Information  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   6-2
Hardware Information (/proc/) . . . . . . . . . . . . . . . . . . . . . . . . .   6-5
Hardware Information (Command Line Utilities) . . . . . . . . . .   6-5
System and Process Information (Command Line Utilities) . .   6-7
Monitor Hard Drive Space . . . . . . . . . . . . . . . . . . . . . . . . . . .   6-10
Exercise
6-1 Gather Information About Your SUSE Linux
Enterprise Server 10 Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
Objective 2 Use System Logging Services . . . . . . . . . . . . . . . . . . . . . . . . .6-12
The Syslog Daemon syslog-ng  . . . . . . . . . . . . . . . . . . . . . . .   6-12
Important Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   6-21
Archive Log Files (logrotate)  . . . . . . . . . . . . . . . . . . . . . . . .   6-23
Exercise
6-2 Manage System Logging. . . . . . . . . . . . . . . . . . . 6-27
Objective 3 Monitor Login Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-28
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-33
SECTION 7 Manage System Initialization
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7-1
Objective 1 Describe the Linux Load Procedure  . . . . . . . . . . . . . . . . . . . . 7-2
Objective 2 GRUB (Grand Unified Bootloader). . . . . . . . . . . . . . . . . . . . . 7-7
What a Boot Manager Is  . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   7-7
Boot Managers in SUSE Linux . . . . . . . . . . . . . . . . . . . . . . . .   7-8
Start the GRUB Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   7-10
Modify the GRUB Configuration File . . . . . . . . . . . . . . . . . .   7-11
Configure GRUB with YaST . . . . . . . . . . . . . . . . . . . . . . . . .   7-13
Boot a System Directly into a Shell . . . . . . . . . . . . . . . . . . . .   7-18
Exercise
7-1 Manage the Boot Loader . . . . . . . . . . . . . . . . . . . 7-21
Objective 3 Manage Runlevels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-22
The init Program and Linux Runlevels  . . . . . . . . . . . . . . . . .   7-22
init Scripts and Runlevel Directories . . . . . . . . . . . . . . . . . . .   7-27
Change the Runlevel  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   7-39
Exercise
7-2 Manage Runlevels . . . . . . . . . . . . . . . . . . . . . . . . 7-42
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-43
SECTION 8 Manage Software for SUSE Linux Enterprise Server
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8-1
Objective 1 Manage RPM Software Packages . . . . . . . . . . . . . . . . . . . . . . 8-2
RPM Components and Features  . . . . . . . . . . . . . . . . . . . . . . .   8-2
RPM Basics  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   8-4
Manage Software Packages with rpm  . . . . . . . . . . . . . . . . . . .   8-6
Exercise
8-1 Manage Software with RPM . . . . . . . . . . . . . . . . 8-17
Objective 2 Verify and Update Software Library Access . . . . . . . . . . . . . .8-18
Software Library Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   8-18
View Shared Library Dependencies (ldd) . . . . . . . . . . . . . . .   8-20
Modify the Software Library Configuration File 
(/etc/ld.so.conf)  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   8-22
Update the Library Cache (/etc/ld.so.cache)  . . . . . . . . . . . . .   8-23
Exercise
8-2 Manage Shared Libraries. . . . . . . . . . . . . . . . . . . 8-24
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-25
SECTION 9 Manage Backup and Recovery
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Objective 1 Develop a Backup Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3
Choose a Backup Method  . . . . . . . . . . . . . . . . . . . . . . . . . . . .   9-3
Choose the Right Backup Media . . . . . . . . . . . . . . . . . . . . . . .   9-6
Objective 2 Backup Files with YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7
Back Up System Data with YaST  . . . . . . . . . . . . . . . . . . . . . .   9-7
Restore System Data with YaST . . . . . . . . . . . . . . . . . . . . . .   9-13
Exercise
9-1 Backup Files with YaST . . . . . . . . . . . . . . . . . . . 9-18
Objective 3 Create Backups with tar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-19
Create tar Archives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   9-19
Unpack tar Archives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   9-20
Exclude Files from Backup  . . . . . . . . . . . . . . . . . . . . . . . . . .   9-21
Perform Incremental and Differential Backups . . . . . . . . . . .   9-21
Use tar Command Line Options  . . . . . . . . . . . . . . . . . . . . . .   9-24
Exercise
9-2 Create Backup Files with tar . . . . . . . . . . . . . . . . 9-25
Objective 4 Work with Magnetic Tapes . . . . . . . . . . . . . . . . . . . . . . . . . . .9-26
Objective 5 Copy Data with dd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-29
Exercise
9-3 Create Drive Images with dd. . . . . . . . . . . . . . . . 9-31
Objective 6 Mirror Directories with rsync  . . . . . . . . . . . . . . . . . . . . . . . . .9-32
Perform Local Copying with rsync  . . . . . . . . . . . . . . . . . . . .   9-32
Perform Remote Copying with rsync  . . . . . . . . . . . . . . . . . .   9-34
Exercise 9-4 Create a Backup of a Home Directory with
rsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-36
Objective 7 Automate Data Backups with cron  . . . . . . . . . . . . . . . . . . . . .9-37
Exercise
9-5 Configure a cron Job for Data Backups  . . . . . . . 9-38
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-39
SECTION 10 Manage Printing
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10-1
Objective 1 Configure Local Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-2
When to Configure a Printer  . . . . . . . . . . . . . . . . . . . . . . . . .   10-2
Required Printing Software . . . . . . . . . . . . . . . . . . . . . . . . . .   10-3
Add a Printer  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-4
Exercise
10-1 Change Your Printer Configuration  . . . . . . . . 10-20
Objective 2 Manage Print Jobs and Queues  . . . . . . . . . . . . . . . . . . . . . . . 10-21
Generate a Print Job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-22
Display Information on Print Jobs . . . . . . . . . . . . . . . . . . . .   10-23
Cancel Print Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-24
Manage Queues  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-25
Configure Queues  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-26
Start and Stop CUPS  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-30
Exercise
10-2 Manage Printers from the Command Line. . . . 10-31
Objective 3 Understand How CUPS Works . . . . . . . . . . . . . . . . . . . . . . . 10-32
Steps of the Printing Process . . . . . . . . . . . . . . . . . . . . . . . .   10-32
Print Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-34
Log Files  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-37
Configuration File  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-41
Objective 4 Configure and Manage a Print Server . . . . . . . . . . . . . . . . . . 10-42
Broadcast Information about Printers to other Computers  .   10-43
Access Restrictions  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-47
Restrict Access to Printers for Users and Groups  . . . . . . . .   10-50
Restrict Access to the Web Interface . . . . . . . . . . . . . . . . . .   10-52
Exercise
10-3 Restrict Access  . . . . . . . . . . . . . . . . . . . . . . . . 10-54
Objective 5 Use the Web Interface to Manage a CUPS Server  . . . . . . . . 10-55
Do Administration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-56
Manage Printer Classes  . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-57
On-Line Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-58
Manage Jobs  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-58
Manage Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10-59
Exercise
10-4 Use the Web Interface to Manage a CUPS
Server  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-61
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-62
SECTION 11 Configure Remote Access
Objectives  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11-1
Objective 1 Provide Secure Remote Access with OpenSSH  . . . . . . . . . . .11-2
Cryptography Basics  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   11-3
SSH Features and Architecture  . . . . . . . . . . . . . . . . . . . . . . .   11-6
Configure the SSH Server  . . . . . . . . . . . . . . . . . . . . . . . . . .   11-14
Configure the SSH Client  . . . . . . . . . . . . . . . . . . . . . . . . . .   11-15
SSH-related Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .   11-16
Exercise
11-1 Practice Using OpenSSH. . . . . . . . . . . . . . . . . 11-21
Public Key Authentication Management . . . . . . . . . . . . . . .   11-22
Exercise
11-2 Perform Public Key Authentication  . . . . . . . . 11-27
Objective 2 Enable Remote Administration with YaST . . . . . . . . . . . . . . 11-28
VNC and YaST Remote Administration . . . . . . . . . . . . . . .   11-28
Configure Your Server for Remote Administration  . . . . . .   11-29
Access Your Server for Remote Administration . . . . . . . . .   11-31
Exercise
11-3 Use Remote Administration  . . . . . . . . . . . . . . 11-33
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-34


CLICK ME to download