Index

A

ACK sweep, Description
AH, IPSEC
Apache
*, Name-based virtual hosting
.htaccess, Configuring authentication modules
443, Public key cryptography
?, Name-based virtual hosting
access_log, Apache access_log file
AllowOverride, Configuring authentication modules
APXS, APache eXtenSion (APXS) support tool
AuthDBMGroupFile, Configuring authentication modules
AuthGroupFile, Group files
AuthType, Configuring authentication modules
AuthUserFile, Configuring authentication modules
BindAddress, Name-based virtual hosting
CLF, Apache access_log file
CustomLog, Setting up a single daemon
Discretionary Access Control, Restricting client user access
DNS, Name-based virtual hosting
DocumentRoot, Name-based virtual hosting
htpasswd, User files
httpd -l, Run-time loading of modules (DSO)
IP-based virtual hosting, IP-based virtual hosting
libssl.so, Run-time loading of modules (DSO)
Limit, Configuring authentication modules
Listen, Name-based virtual hosting
Mandatory Access Control, Restricting client user access
MaxClients, Configuring Apache server options
MaxKeepAliveRequests, Configuring Apache server options
MaxSpareServers, Configuring Apache server options
MinSpareServers, Configuring Apache server options
modules, Modularity
mod_access, Restricting client user access
mod_auth, Restricting client user access
mod_auth_anon, Restricting client user access
mod_auth_digest, Restricting client user access
mod_ssl, Various Apache and SSL related projects, Apache with mod_ssl
multiple daemons, IP-based virtual hosting
Name-base virtual hosting, Name-based virtual hosting
NameVirtualHost, Name-based virtual hosting
OpenSSL, Various Apache and SSL related projects
PerlSetVar, Configuring mod_perl
Redirect, Customizing file access
Require valid-user, Configuring authentication modules
ServerAdmin, Setting up a single daemon
ServerAlias, Name-based virtual hosting
ServerName, Name-based virtual hosting
ServerRoot, IP-based virtual hosting
SSLCertificateFile, How to create a SSL server Certificate
SSLCertificateKeyFile, How to create a SSL server Certificate
SSLeay, Various Apache and SSL related projects
StartServers, Configuring Apache server options
TransferLog, Setting up a single daemon
User, IP-based virtual hosting
virtual hosting and SSL, IP-based virtual hosting
VirtualHost, Name-based virtual hosting
APXS, APache eXtenSion (APXS) support tool
arp, ifconfig, arp and arpwatch
ARP
cache, arp and arpwatch
arpwatch, arp and arpwatch
Attacks
DoS, Description
SYN, Description
automount, Autofs and automounter, NFS client: software and configuration
availability, Estimate throughput and identify bottlenecks in a system including networking

B

backup
plan, Where?
testing, How?
verifying, How?
badblocks, fsck (fsck.*)
bandwith usage, Objectives
bind, Name-server components in BIND
#, Syntax
//, Syntax
;, Syntax
@, Predefined zone statements, The db.local file
allow-query, Configuring the master on privdns
allow-transfer, Configuring the master on privdns
category, The logging statement
chrooted, Split DNS: two DNS servers on one machine
current origin, The db.127 file
db.127, The db.127 file
db.local, The db.local file
dialup, The options statement
directory, The options statement
exworks, Internal DNS
fetch-glue, Configuring the internal nameserver
file, Syntax
forward, The options statement
forward first;, The options statement
forward only;, The options statement
forwarders, Syntax, The options statement, Configuring DNS on liongate
heartbeat-interval, Limiting negotiations
hint, The hints file
jail, Configuring the internal nameserver
localhost, The db.local file
named.conf, The named.conf file
named.pid, Configuring the internal nameserver
options, The options statement
recursion, Configuring the internal nameserver
reload, Controlling named with a start/stop script
resolv.conf, Configuring the master on privdns
SIGHUP, Sending signals to named
slave, Alternatives
stand-alone master, Split DNS: stand-alone internal master
start, Controlling named with a start/stop script
stop, Controlling named with a start/stop script
version, The options statement
zone file, Predefined zone statements
{, Syntax
}, Syntax
blacklisting, Description
blank, Write the CD-image to a CD
boot, Configuring /etc/inittab
boot option
initrd=, The bootprocess
boot sequence, The bootprocess
bootwait, Configuring /etc/inittab
bottlenecks , Objectives
bounce attack, Description
broadcast, The company's shared-networks and subnets
broadcast address, Ethernet Interfaces
bugtraq, Description
bus
SCSI, Write the CD-image to a CD
BUS, Write the CD-image to a CD
bzImage, Kernel Components (201.1), Different types of kernel images

C

caching-only nameserver, A caching-only name server
Carnegie Mellon, Description
CD-ROM filesystem, Creating an image for a CD-ROM
cdrecord, Write the CD-image to a CD
CERT, Description
http://www.cert.org, Website
Certificate Authority, Public key cryptography, How to create a SSL server Certificate
Certificate Signing Request, How to create a SSL server Certificate
CGI, Enhancing Apache performance
CIAC, Description
BULLETIN, Subscribing to the mailing list
ciac-listproc@llnl.gov, Subscribing to the mailing list
NOTES, Subscribing to the mailing list
SPI-ANNOUNCE, Subscribing to the mailing list
SPI-NOTES, Subscribing to the mailing list
subscribing, Subscribing to the mailing list
unsubscribe, Unsubscribing from the mailing list
Common Log Format, Apache access_log file
Common Name, Directory /etc/ssl/
Configuring
Apache, Configuring Apache server options
Apache Authentication Modules, Configuring authentication modules
Apache mod_perl, Configuring mod_perl
Apache mod_php, Configuring mod_php support
bind, Domain Name Server (207)
disks, Physical installation
kernel modules, Configuring modules
LDAP Authentication, pam_ldap
Linux Kernel, Creating a .config file
Linux kernel options, Configuring kernel options
Logical Volume Manager, Configuring Logical Volume Management
Network Interface, Configuring the network interface
NFS, Setting up NFS
NIS Authentication, pam_nis
Openswan, IPSEC
PAM, How does it work?
RAID, Configuring RAID (204.1)
SMB Server, What is Samba?, NFS - The Network File System
Web Server, Basic Apache Configuration (208.1)
CONFIG_KMOD, kmod versus kerneld
CONFIG_MODULES, kmod versus kerneld
cpio, cpio
CPU Usage, Objectives
create filesystem, Creating Filesystems
Creating
filesystem, Creating Filesystems
SSL Server Certificate, How to create a SSL server Certificate
Cricket, Monitoring Apache load and performance
Cryptography
Public Key, Public key cryptography
CTRL-ALT-DEL, Configuring /etc/inittab
ctrlaltdel, Configuring /etc/inittab
custom kernel, Building A Custom Kernel
cylinder, Physical installation

D

dd, Making a copy of a data CD, dd
debugfs, Disk Checks
default gateway, Routing Through a Gateway
default route, Routing Through a Gateway
device or resource busy, Manipulating modules
DHCP, What is DHCP?
BOOTP, Static BOOTP hosts
Client, What is DHCP?
client identifier, Static hosts
default-lease-time, Leases
dhcpd.conf, How is the server configured?
dhcpd.leases, Leases
domain-name-servers, The global parameters for services
ethernet address, Static hosts
Global Parameters, What are (global) parameters?
group declaration, What is a group declaration?
host declaration, What is a host declaration?
IP-address, An example
max-lease-time, Leases
nntp-server, The global parameters for services
Normal Parameters, What are (global) parameters?
option, The global parameters for services
pop-server, The global parameters for services
relaying, What is DHCP-relaying?
reload, Reloading the DHCP-server after making changes
Server, What is DHCP?
shared network, What is a shared-network declaration?
smtp-server, The global parameters for services
Static Host, Static hosts
subnet declaration, What is a subnet declaration?
dhcrelay, What is DHCP-relaying?
Diagnose resource usage,
directory blocks, Filesystems
Disk, Disk
disk I/O, Objectives
dmesg, Physical installation
DNAT, Adding extra functionality
DNS, Name-server components in BIND
dnssec-keygen, dnssec-signzone
NSEC, dnssec-signzone
RRSIG, dnssec-signzone
DoS Attack, Description
DoS Attacks
IP address spoofing, Description
Network Ingress Filtering, Description
Packet Flooding, Description
SYN, Description
sysctl, Using /proc/sys/net/ipv4 (sysctl) to prevent simple DOS attacks
DoS with IP address spoofing, Description
dumpe2fs, Disk Checks, dumpe2fs
Dynamic Shared Objects, Run-time loading of modules (DSO)

I

ICMP, ping
ID, Write the CD-image to a CD
IDE, Physical installation
ifconfig, Configuring the network interface, ifconfig
IKE, IPSEC
include, Schemas and Whitepages
indirection blocks, Filesystems
init
order of scripts, The /etc/init.d/rc script
init scripts, The /etc/init.d/rc script
initdefault, Configuring /etc/inittab
initial RAM disk, The initial ram disk (initrd)
initrd, The initial ram disk (initrd)
manual creation, Manual initrd creation
mkinitrd, Create initrd using mkinitrd
inode, Filesystems
INPUT, Tables and Chains
insmod, Manipulating modules
interval between checks, tune2fs
iostat, Objectives, Estimate throughput and identify bottlenecks in a system including networking
IP, Configuring the network interface
Category 1, Private Network Addresses
Category 2, Private Network Addresses
Category 3, Private Network Addresses
private, Private Network Addresses
public, Private Network Addresses
IPSEC, VPN Types, IPSEC
IPTABLES, Implementation
FILTER, The FILTER table
MANGLE, The MANGLE table
NAT, The NAT table
statefull, Connection tracking: Stateful Firewalling
iptables
--state, Connection tracking: Stateful Firewalling
ACCEPT, Adding extra functionality
DNAT, Adding extra functionality
DROP, Adding extra functionality
extended modules, Adding extra functionality
filter, Tables and Chains
FORWARD, Tables and Chains
forwarding, Port and/or IP forwarding
icmp, Adding extra functionality
INPUT, Tables and Chains
ip_conntrack, Connection tracking: Stateful Firewalling
ip_conntrack_ftp, Connection tracking: Stateful Firewalling
limit, Adding extra functionality
LOG, Adding extra functionality
mac, Adding extra functionality
mangle, Tables and Chains
MARK, Adding extra functionality
mark, Adding extra functionality
MASQUERADE, Adding extra functionality
matching modules, Adding extra functionality
MIRROR, Adding extra functionality
multiport, Adding extra functionality
NAT, Tables and Chains
NF_ACCEPT, Netfilter “hooks”
NF_DROP, Netfilter “hooks”
NF_QUEUE, Netfilter “hooks”
NF_REPEAT, Netfilter “hooks”
NF_STOLEN, Netfilter “hooks”
OUTPUT, Tables and Chains
owner, Adding extra functionality
POSTROUTING, Tables and Chains
PREROUTING, Tables and Chains
QUEUE, Adding extra functionality
REDIRECT, Adding extra functionality
REJECT, Adding extra functionality
restore, Saving And Restoring Firewall Rules
RETURN, Adding extra functionality
save, Saving And Restoring Firewall Rules
SNAT, Adding extra functionality
state, Adding extra functionality
targets, Adding extra functionality
tcp, Adding extra functionality
TOS, Adding extra functionality
tos, Adding extra functionality
udp, Adding extra functionality
unclean, Adding extra functionality
iptables-restore, Saving And Restoring Firewall Rules
iptables-save, Saving And Restoring Firewall Rules
ip_conntrack, Connection tracking: Stateful Firewalling
ip_conntrack_ftp, Connection tracking: Stateful Firewalling
iso9660, Mounting and Unmounting
ISO9660, Creating an image for a CD-ROM

M

major release, Scheme up to 2.6.0 kernels
make bzImage, make zImage/bzImage
make clean, make clean
make config, make config
make gconfig, make xconfig and gconfig
make menuconfig, make menuconfig
make modules, make modules
make modules_install, make modules_install
make oldconfig, make oldconfig
make xconfig, make xconfig and gconfig
make zImage, make zImage/bzImage
making a filesystem, Filesystems
mangle, Tables and Chains
masqueraded connections, netstat
MD, Software RAID
mdadm, Configuring RAID (using mdadm)
memory
physical, free
virtual, free
memory usage, Objectives
minor release, Scheme up to 2.6.0 kernels
mirroring, RAID levels
mkfs, Creating Filesystems
mkfs.ext2, Creating Filesystems
mkisofs, Creating an image for a CD-ROM
mkswap, Swap
modinfo, Manipulating modules
modprobe, Manipulating modules
monitor resource usage, Predict Future Resource Needs (200.2)
monitoring
IO load, iostat
mount, Mounting and Unmounting, NFS client: software and configuration
mount count, tune2fs
MRTG, Monitoring Apache load and performance
MTU, Ethernet Interfaces
multi-user runlevels, The init process

N

named, Name-server components in BIND
named.conf, Name-server components in BIND
NAT, Network Address Translation (NAT), Tables and Chains
ncd, Name-server components in BIND
net, net
netbios
name service, Installing the Samba components
netfilter, Implementation
hooks, Netfilter “hooks”
netmask, Ethernet Interfaces
netstat, Objectives, Estimate throughput and identify bottlenecks in a system including networking
network, Objectives
Network, Remote/Network storage
Network Address Translation, Network Address Translation (NAT)
network I/O, Objectives
Network Ingress Filtering, Description
network scanning, Description
NFS, The Loopback Interface, NFS - The Network File System
--all, The showmount command
--directories, The showmount command
-r, Activating an export list
-ua, Deactivating an export list
1024, NFS client: software and configuration
4096, NFS client: software and configuration
8192, NFS client: software and configuration
all_squash, Export options
bg, NFS client: software and configuration
client, Client, Server or both?
fg, NFS client: software and configuration
file handles, Best NFS version
firewall, Limiting access
hard, NFS client: software and configuration
intr, NFS client: software and configuration
kernel, Requirements for NFS
kernel space, The NFS daemon
mount, NFS client: software and configuration
NFSSVC_MAXBLKSIZE, NFS client: software and configuration
nfsvers=, NFS client: software and configuration
noatime, NFS client: software and configuration
noauto, NFS client: software and configuration
noexec, NFS client: software and configuration
nointr, NFS client: software and configuration
nosuid, NFS client: software and configuration
no_all_squash, Export options
no_root_squash, Export options
portmapper, Requirements for NFS
portmapper security, The portmapper
retry=, NFS client: software and configuration
ro, Export options, NFS client: software and configuration
root_squash, Export options
rpc.lockd, The nfs-utils package
rpc.mountd, The nfs-utils package
rpc.nfsd, The nfs-utils package
rpc.statd, The nfs-utils package
rsize, NFS client: software and configuration
rw, Export options, NFS client: software and configuration
securing, Securing NFS
server, Client, Server or both?
SIGHUP, The exportfs command
soft, NFS client: software and configuration
squashing, Export options
tcp, NFS client: software and configuration
timeo=, NFS client: software and configuration
udp, NFS client: software and configuration
user space, The NFS daemon
version 4, Best NFS version
without portmapper, The portmapper
wsize, NFS client: software and configuration
nfsstat, The nfsstat command
NIC address, What is a host declaration?
NIS, The Loopback Interface
nmap, Description
ACK sweep, Description
bounce attack, Description
network scanning, Description
NULL Scan, Description
options, Using the nmap command
ping sweep, Description
reverse-ident, Description
SYN sweep, Description
TCP SYN, Description
testing a firewall, Description
Xmas Tree, Description
nmblookup, nmblookup
nsswitch.conf, Name-server components in BIND
NULL Scan, Description

S

Samba, What is Samba?
samba
global, special sections
homes, special sections
inetd, Installing the Samba components
ldapsam, ldapsam
logon scripts, Creating logon scripts for clients
nmbd, Installing the Samba components
passwd backend, Account information databases
port 137, Installing the Samba components
port 139, Installing the Samba components
printers, special sections
remote administration, net
smbd, Installing the Samba components
smbpasswd, Installing the Samba components, smbpasswd
tdbsam, tdbsam
username map, [global]
WINS, Using Samba as a WINS Server
sar, Objectives
scp, SSH client and server
SCSI, Write the CD-image to a CD, Hardware RAID
security alerts, Security alerts
security vulnerabilities, Description
securityfocus, Bugtraq website
SEI, Description
Server Message Block protocol, What is Samba?
showmount, Exporting filesystems, The showmount command, The showmount --exports command
single user mode, Booting into single user mode or a specific runlevel
slapcat, LDIF
slapd, slapd.conf
slapd.conf, slapd.conf
SMB, What is Samba?
smbclient, smbclient
smbfs, smbmount
smbmount, smbmount
smbpasswd, smbpasswd
smbstatus, smbstatus
snapshots, LVM Snapshots
SNAT, Adding extra functionality
software RAID, Software RAID
Split DNS, Split DNS: two DNS servers on one machine
split-level DNS, Internal DNS
squid, squid
-k reconfigure, squid
ACL, Access policies
authentication, Authenticators
auth_param, squid
cache_dir, squid
cache_mem, Utilizing memory usage
cache_swap, Utilizing memory usage
deny access, Redirectors
http_access, squid
http_access allow, Access policies
http_access deny, Access policies
http_port, squid
maximum_object_size, Utilizing memory usage
minimum_object_size, Utilizing memory usage
redirector, Redirectors
redirect_program, squid
squid.conf, Access policies
SSL, squid
StoreEntry, Utilizing memory usage
SSH, VPN Types
ssh, SSH client and server, Host keys
AllowGroups, Allow or deny non-root logins
AllowUsers, Allow or deny non-root logins
authorized_keys, User keys, public and private
Blowfish, Host keys
configure sshd, Configuring sshd
DenyGroups, Allow or deny non-root logins
DenyUsers, Allow or deny non-root logins
ForwardAgent, Enable agent forwarding
Host Keys, Host keys
id_rsa, User keys, public and private
id_rsa.pub, User keys, public and private
keys, Keys and their purpose
PasswordAuthentication, Allow or deny non-root logins
passwordless, Passwordless authentication
PermitRootLogin, Allow or deny root logins
Port mapping, Description
Protocol, Allow or deny non-root logins
protocol version 1, Host keys
PubkeyAuthentication, Passwordless authentication
RSA, Host keys
ssh-add, Login session
ssh-agent, ssh-agent
sshd_config, Configuring sshd
SSH_AGENT_PID, Login session
The X Window System, Enabling or disabling X forwarding
tunnel, Description
User Keys, User keys, public and private
X Sessions, Enabling X-sessions with ssh-agent
X11DisplayOffset, Enabling or disabling X forwarding
X11Forwarding, Enabling or disabling X forwarding
XAuthLocation, Enabling or disabling X forwarding
ssh-keygen, User keys, public and private
sshd, SSH client and server
sshd_config, Configuring sshd
SSL, Encrypted webservers: SSL
SSSD, OpenLDAP and SSSD
state, Connection tracking: Stateful Firewalling, Adding extra functionality
Stateful Firewall, Connection tracking: Stateful Firewalling
statistics
transfer rate, sar
strace, Tools and utilities to trace software and their system and library calls
striping, RAID levels
superblock, Filesystems
superblock location, debugfs
swap, Objectives, Swap
swapon, Swap
SYN Attack, Description
SYN sweep, Description
sysctl, Using sysctl, Using /proc/sys/net/ipv4 (sysctl) to prevent simple DOS attacks
sysinit, Configuring /etc/inittab

X

X.500, LDAP
XFS, Filesystems
Xmas Tree, Description
Copyright Snow B.V. The Netherlands