Index

A

ACK sweep, Description
AH, IPSEC
Apache
*, Name-based virtual hosting
.htaccess, Configuring authentication modules
443, Public key cryptography
?, Name-based virtual hosting
access_log, Apache access_log file
AllowOverride, Configuring authentication modules
APXS, APache eXtenSion (APXS) support tool
AuthDBMGroupFile, Configuring authentication modules
AuthGroupFile, Group files
AuthType, Configuring authentication modules
AuthUserFile, Configuring authentication modules
BindAddress, Name-based virtual hosting
CLF, Apache access_log file
CustomLog, Setting up a single daemon
Discretionary Access Control, Restricting client user access
DNS, Name-based virtual hosting
DocumentRoot, Name-based virtual hosting
htpasswd, User files
httpd -l, Run-time loading of modules (DSO)
IP-based virtual hosting, IP-based virtual hosting
libssl.so, Run-time loading of modules (DSO)
Limit, Configuring authentication modules
Listen, Name-based virtual hosting
Mandatory Access Control, Restricting client user access
MaxClients, Configuring Apache server options
MaxKeepAliveRequests, Configuring Apache server options
MaxSpareServers, Configuring Apache server options
MinSpareServers, Configuring Apache server options
modules, Modularity
mod_access, Restricting client user access
mod_auth, Restricting client user access
mod_auth_anon, Restricting client user access
mod_auth_digest, Restricting client user access
mod_ssl, Various Apache and SSL related projects, Apache with mod_ssl
multiple daemons, IP-based virtual hosting
Name-base virtual hosting, Name-based virtual hosting
NameVirtualHost, Name-based virtual hosting
OpenSSL, Various Apache and SSL related projects
PerlSetVar, Configuring mod_perl
Redirect, Customizing file access
Require valid-user, Configuring authentication modules
ServerAdmin, Setting up a single daemon
ServerAlias, Name-based virtual hosting
ServerName, Name-based virtual hosting
ServerRoot, IP-based virtual hosting
SSLCertificateFile, How to create a SSL server Certificate
SSLCertificateKeyFile, How to create a SSL server Certificate
SSLeay, Various Apache and SSL related projects
StartServers, Configuring Apache server options
TransferLog, Setting up a single daemon
User, IP-based virtual hosting
virtual hosting and SSL, IP-based virtual hosting
VirtualHost, Name-based virtual hosting
apsfilter, Using a Windows printer from Linux
APXS, APache eXtenSion (APXS) support tool
arp, ifconfig, arp and arpwatch
ARP
cache, arp and arpwatch
arpwatch, arp and arpwatch
Attacks
DoS, Description
SYN, Description
automount, Autofs and automounter, NFS client: software and configuration
availability, Estimate throughput and identify bottlenecks in a system including networking

B

backup
plan, Where?
testing, How?
verifying, How?
badblocks, fsck (fsck.*)
bandwith usage, Measure and Troubleshoot Resource Usage (200.1)
bind, Name-server components in BIND
#, Syntax
//, Syntax
;, Syntax
@, Predefined zone statements, The db.local file
allow-query, Configuring the master on privdns
allow-transfer, Configuring the master on privdns
category, The logging statement
chrooted, Split DNS: two DNS servers on one machine
current origin, The db.127 file
db.127, The db.127 file
db.local, The db.local file
dialup, The options statement
directory, The options statement
exworks, Internal DNS
fetch-glue, Configuring the internal name server
file, Syntax
forward, The options statement
forward first;, The options statement
forward only;, The options statement
forwarders, Syntax, The options statement, Configuring DNS on liongate
heartbeat-interval, Limiting negotiations
hint, The hints file
jail, Configuring the internal name server
localhost, The db.local file
named.conf, The named.conf file
named.pid, Configuring the internal name server
options, The options statement
recursion, Configuring the internal name server
reload, Controlling named with a start/stop script
resolv.conf, Configuring the master on privdns
SIGHUP, Sending signals to named
slave, Alternatives
stand-alone master, Split DNS: stand-alone internal master
start, Controlling named with a start/stop script
stop, Controlling named with a start/stop script
version, The options statement
zone file, Predefined zone statements
{, Syntax
}, Syntax
blacklisting, Description
blank, Write the CD-image to a CD
boot, Configuring /etc/inittab
boot option
initrd=, The bootprocess
boot sequence, The bootprocess
bootwait, Configuring /etc/inittab
bottlenecks , Measure and Troubleshoot Resource Usage (200.1)
bounce attack, Description
broadcast, The company's shared-networks and subnets
broadcast address, Ethernet Interfaces
bugtraq, Description
bus
SCSI, Write the CD-image to a CD
BUS, Write the CD-image to a CD
bzImage, Kernel Components (201.1), Different types of kernel images

C

caching-only nameserver, A caching-only name server
Carnegie Mellon, Description
CD-ROM filesystem, Creating an image for a CD-ROM
cdrecord, Write the CD-image to a CD
CERT, Description
http://www.cert.org, Website
Certificate Authority, Public key cryptography, How to create a SSL server Certificate
Certificate Signing Request, How to create a SSL server Certificate
CGI, Enhancing Apache performance
CIAC, Description
BULLETIN, Subscribing to the mailing list
ciac-listproc@llnl.gov, Subscribing to the mailing list
NOTES, Subscribing to the mailing list
SPI-ANNOUNCE, Subscribing to the mailing list
SPI-NOTES, Subscribing to the mailing list
subscribing, Subscribing to the mailing list
unsubscribe, Unsubscribing from the mailing list
Common Log Format, Apache access_log file
Common Name, Directory /etc/ssl/*
Configuring
Apache, Configuring Apache server options
Apache Authentication Modules, Configuring authentication modules
Apache mod_perl, Configuring mod_perl
Apache mod_php, Configuring mod_php support
apsfilter, Using a Windows printer from Linux
bind, Domain Name Server (207)
disks, Physical installation
kernel modules, Configuring modules
LDAP Authentication, pam_ldap
Linux Kernel, Creating a .config file
Linux kernel options, Configuring kernel options
Logical Volume Manager, Configuring Logical Volume Management
Network Interface, Configuring the network interface
NFS, Setting up NFS
NIS Authentication, pam_nis
Openswan, IPSEC
PAM, How does it work?
RAID, Configuring RAID (204.1)
Samba, An example of the functionality we wish to achieve
SMB Server, What is Samba? , NFS - The Network File System
Web Server, Basic Apache Configuration (208.1)
CONFIG_KMOD, kmod versus kerneld
CONFIG_MODULES, kmod versus kerneld
cpio, cpio
CPU Usage, Measure and Troubleshoot Resource Usage (200.1)
create filesystem, Creating Filesystems
Creating
filesystem, Creating Filesystems
SSL Server Certificate, How to create a SSL server Certificate
Cricket, Monitoring Apache load and performance
Cryptography
Public Key, Public key cryptography
CTRL-ALT-DEL, Configuring /etc/inittab
ctrlaltdel, Configuring /etc/inittab
custom kernel, Building A Custom Kernel
cylinder, Physical installation

D

dd, Making a copy of a data CD, dd
debugfs, Maintaining a Linux Filesystem (203.2)
default gateway, Routing Through a Gateway
default route, Routing Through a Gateway
device or resource busy, Manipulating modules
DHCP, What is DHCP?
BOOTP, Static BOOTP hosts
Client, What is DHCP?
client identifier, Static hosts
default-lease-time, Leases
dhcpd.conf, How is the server configured?
dhcpd.leases, Leases
domain-name-servers, The global parameters for services
ethernet address, Static hosts
Global Parameters, What are (global) parameters?
group declaration, What is a group declaration?
host declaration, What is a host declaration?
IP-address, An example
max-lease-time, Leases
nntp-server, The global parameters for services
Normal Parameters, What are (global) parameters?
option, The global parameters for services
pop-server, The global parameters for services
relaying, What is DHCP-relaying?
reload, Reloading the DHCP-server after making changes
Server, What is DHCP?
shared network, What is a shared-network declaration?
smtp-server, The global parameters for services
Static Host, Static hosts
subnet declaration, What is a subnet declaration?
dhcrelay, What is DHCP-relaying?
Diagnose resource usage,
directory blocks, Filesystems
Disk, Disk
disk I/O, Measure and Troubleshoot Resource Usage (200.1)
dmesg, Physical installation
DNAT, Adding targets
DNS, Name-server components in BIND
dnssec-keygen, dnssec-signzone
NSEC, dnssec-signzone
RRSIG, dnssec-signzone
DoS Attack, Description
DoS Attacks
IP address spoofing, Description
Network Ingress Filtering, Description
Packet Flooding, Description
SYN, Description
sysctl, Using /proc/sys/net/ipv4 (sysctl) to prevent simple DOS attacks
DoS with IP address spoofing, Description
DSA-key, Host keys
dumpe2fs, Maintaining a Linux Filesystem (203.2), dumpe2fs
Dynamic Shared Objects, Run-time loading of modules (DSO)

I

ICMP, ping
ID, Write the CD-image to a CD
IDE, Physical installation
ifconfig, Configuring the network interface, ifconfig
IKE, IPSEC
indirection blocks, Filesystems
init
order of scripts, The /etc/init.d/rc script
init scripts, The /etc/init.d/rc script
initdefault, Configuring /etc/inittab
initial RAM disk, The initial ram disk (initrd)
initrd, The initial ram disk (initrd)
manual creation, Manual initrd creation
mkinitrd, Create initrd using mkinitrd
inode, Filesystems
INPUT, Tables and Chains
insmod, Manipulating modules
interval between checks, tune2fs
iostat, Measure and Troubleshoot Resource Usage (200.1) , Estimate throughput and identify bottlenecks in a system including networking
IP, Configuring the network interface
Category 1, Private Network Addresses
Category 2, Private Network Addresses
Category 3, Private Network Addresses
private, Private Network Addresses
public, Private Network Addresses
IPSEC, VPN Types, IPSEC
IPTABLES, Implementation
FILTER, The “filter” table
MANGLE, The “mangle” table
NAT, The “nat” table
statefull, Connection tracking: Stateful Firewalling
iptables
--state, Connection tracking: Stateful Firewalling
ACCEPT, Adding targets
DNAT, Adding targets
DROP, Adding targets
extended modules, Adding targets
filter, Tables and Chains
FORWARD, Tables and Chains
forwarding, Port and/or IP forwarding
icmp, Adding matching modules
INPUT, Tables and Chains
ip_conntrack, Connection tracking: Stateful Firewalling
ip_conntrack_ftp, Connection tracking: Stateful Firewalling
limit, Adding matching modules
LOG, Adding targets
mac, Adding matching modules
mangle, Tables and Chains
MARK, Adding targets
mark, Adding matching modules
MASQUERADE, Adding targets
matching modules, Adding matching modules
MIRROR, Adding targets
multiport, Adding matching modules
NAT, Tables and Chains
NF_ACCEPT, Netfilter “hooks”
NF_DROP, Netfilter “hooks”
NF_QUEUE, Netfilter “hooks”
NF_REPEAT, Netfilter “hooks”
NF_STOLEN, Netfilter “hooks”
OUTPUT, Tables and Chains
owner, Adding matching modules
POSTROUTING, Tables and Chains
PREROUTING, Tables and Chains
QUEUE, Adding targets
REDIRECT, Adding targets
REJECT, Adding targets
restore, Saving And Restoring Firewall Rules
RETURN, Adding targets
save, Saving And Restoring Firewall Rules
SNAT, Adding targets
state, Adding matching modules
targets, Adding targets
tcp, Adding matching modules
TOS, Adding targets
tos, Adding matching modules
udp, Adding matching modules
unclean, Adding matching modules
iptables-restore, Saving And Restoring Firewall Rules
iptables-save, Saving And Restoring Firewall Rules
ip_conntrack, Connection tracking: Stateful Firewalling
ip_conntrack_ftp, Connection tracking: Stateful Firewalling
iso9660, Mounting and Unmounting
ISO9660, Creating an image for a CD-ROM

M

major release, Scheme up to 2.6.0 kernels
make bzImage, make zImage/bzImage
make clean, make clean
make config, make config
make gconfig, make xconfig and gconfig
make menuconfig, make menuconfig
make modules, make modules
make modules_install, make modules_install
make oldconfig, make oldconfig
make xconfig, make xconfig and gconfig
make zImage, make zImage/bzImage
making a filesystem, Filesystems
mangle, Tables and Chains
masqueraded connections, netstat
MD, Software RAID
mdadm, Configuring RAID (using mdadm)
memory
physical, free
virtual, free
memory usage, Measure and Troubleshoot Resource Usage (200.1)
minor release, Scheme up to 2.6.0 kernels
mirroring, RAID levels
mkfs, Creating Filesystems
mkfs.ext2, Creating Filesystems
mkisofs, Creating an image for a CD-ROM
mkswap, Swap
modinfo, Manipulating modules
modprobe, Manipulating modules
monitor resource usage, Predict Future Resource Needs (200.2)
monitoring
IO load, iostat
mount, Mounting and Unmounting, NFS client: software and configuration
mount count, tune2fs
MRTG, Monitoring Apache load and performance
MTU, Ethernet Interfaces
multi-user runlevels, The init process

N

named, Name-server components in BIND
named.conf, Name-server components in BIND
NAT, Network Address Translation (NAT) , Tables and Chains
ncd, Name-server components in BIND
netfilter, Implementation
hooks, Netfilter “hooks”
netmask, Ethernet Interfaces
netstat, Measure and Troubleshoot Resource Usage (200.1) , Estimate throughput and identify bottlenecks in a system including networking
network, Measure and Troubleshoot Resource Usage (200.1)
Network, Remote/Network storage
Network Address Translation, Network Address Translation (NAT)
network I/O, Measure and Troubleshoot Resource Usage (200.1)
Network Ingress Filtering, Description
network scanning, Description
NFS, The Loopback Interface, NFS - The Network File System
--all, The showmount command
--directories, The showmount command
-r, Activating an export list
-ua, Deactivating an export list
1024, NFS client: software and configuration
4096, NFS client: software and configuration
8192, NFS client: software and configuration
all_squash, Export options
bg, NFS client: software and configuration
client, Client, Server or both?
fg, NFS client: software and configuration
file handles, Best NFS version
firewall, Limiting access
hard, NFS client: software and configuration
intr, NFS client: software and configuration
kernel, Requirements for NFS
kernel space, The NFS daemon
mount, NFS client: software and configuration
NFSSVC_MAXBLKSIZE, NFS client: software and configuration
nfsvers=, NFS client: software and configuration
noatime, NFS client: software and configuration
noauto, NFS client: software and configuration
noexec, NFS client: software and configuration
nointr, NFS client: software and configuration
nosuid, NFS client: software and configuration
no_all_squash, Export options
no_root_squash, Export options
portmapper, Requirements for NFS
portmapper security, The portmapper
retry=, NFS client: software and configuration
ro, Export options, NFS client: software and configuration
root_squash, Export options
rpc.lockd, The nfs-utils package
rpc.mountd, The nfs-utils package
rpc.nfsd, The nfs-utils package
rpc.statd, The nfs-utils package
rsize, NFS client: software and configuration
rw, Export options, NFS client: software and configuration
securing, Securing NFS
server, Client, Server or both?
SIGHUP, The exportfs command
soft, NFS client: software and configuration
squashing, Export options
tcp, NFS client: software and configuration
timeo=, NFS client: software and configuration
udp, NFS client: software and configuration
user space, The NFS daemon
version 4, Best NFS version
without portmapper, The portmapper
wsize, NFS client: software and configuration
nfsstat, The nfsstat command
NIC address, What is a host declaration?
NIS, The Loopback Interface
nmap, Description
ACK sweep, Description
bounce attack, Description
network scanning, Description
NULL Scan, Description
options, Using the nmap command
ping sweep, Description
reverse-ident, Description
SYN sweep, Description
TCP SYN, Description
testing a firewall, Description
Xmas Tree, Description
nsswitch.conf, Name-server components in BIND
NULL Scan, Description

P

Packet Flooding, Description
PAM
account, pam_unix
auth, pam_unix
login, How does it work?
nullok, pam_unix
optional, How does it work?
pam.conf, How does it work?
pam_ldap.so, pam_ldap
pam_nis.so, pam_nis
passwd, How does it work?
password, pam_unix
required, How does it work?
requisite, How does it work?
session, pam_unix
ssh, How does it work?
sufficient, How does it work?
try_first_pass, pam_unix
use_first_pass, pam_unix
panic, Hardware and Kernel Information
partition, Filesystems, Physical installation
patch, Patching a Kernel
--quiet, Patching a Kernel
--remove-empty-files, Patching a Kernel
--reverse, Patching a Kernel
--silent, Patching a Kernel
--strip, Patching a Kernel
-E, Patching a Kernel
-p, Patching a Kernel
-R, Patching a Kernel
-s, Patching a Kernel
patch level, Scheme up to 2.6.0 kernels
PEM, How to create a SSL server Certificate
PHP, Configuring mod_php support
Physical Extents, Configuring Logical Volume Management
Physical Volume, Configuring Logical Volume Management
ping, ifconfig
ping sweep, Description
PKC, Public key cryptography
Port mapping, Description
POSTROUTING, Tables and Chains
powerfail, Configuring /etc/inittab
powerfailnow, Configuring /etc/inittab
powerokwait, Configuring /etc/inittab
powerwait, Configuring /etc/inittab
PREROUTING, Tables and Chains
Print Services for Unix, Using lpr
printcap, Using a Windows printer from Linux
printers, Using Samba
Private Network Addresses, Private Network Addresses
processes blocked on I/O, Measure and Troubleshoot Resource Usage (200.1)
pstree, ps, Measure and Troubleshoot Resource Usage (200.1)

S

Samba, What is Samba?
samba
%S, Accessing Samba shares from Windows 2000
download, With smbclient
get, With smbclient
global, Accessing Samba shares from Windows 2000
homes, Accessing Samba shares from Windows 2000
inetd, Installing the Samba components
logon scripts, Creating logon scripts for clients
messaging, Sending a message with smbclient
mget, With smbclient
MS Windows quirk, Making the second connection from Windows 2000
nmbd, Installing the Samba components
nmblookup, Using nmblookup to test the WINS Server
password, Making the first connection from Windows 2000
path, Using Samba
port 137, Installing the Samba components
port 139, Installing the Samba components
printers, Accessing Samba shares from Windows 2000
printing, Using Samba
smb.conf, Accessing Samba shares from Windows 2000
smbd, Installing the Samba components
smbmount, With smbmount
smbpasswd, Installing the Samba components
smbspool, Using a Windows printer from Linux
smbstatus, Making the first connection from Windows 2000
username, Making the first connection from Windows 2000
WINS, Using Samba as a WINS Server
sar, Measure and Troubleshoot Resource Usage (200.1)
scp, SSH client and server
SCSI, Write the CD-image to a CD, Hardware RAID
security alerts, Security alerts
security vulnerabilities, Description
securityfocus, Bugtraq website
SEI, Description
Server Message Block protocol, What is Samba?
showmount, Exporting filesystems, The showmount command, The showmount --exports command
single user mode, Booting into single user mode or a specific runlevel
slapcat, LDIF
slapd, slapd.conf
slapd.conf, slapd.conf
SMB, What is Samba?
smbclient, An example of the functionality we wish to achieve , With smbclient
smbmount, With smbmount
snapshots, LVM Snapshots
SNAT, Adding targets
software RAID, Software RAID
Split DNS, Split DNS: two DNS servers on one machine
split-level DNS, Internal DNS
squid, squid
-k reconfigure, squid
ACL, Access policies
authentication, Authenticators
auth_param, squid
cache_dir, squid
cache_mem, Utilizing memory usage
cache_swap, Utilizing memory usage
deny access, Redirectors
http_access, squid
http_access allow, Access policies
http_access deny, Access policies
http_port, squid
maximum_object_size, Utilizing memory usage
minimum_object_size, Utilizing memory usage
redirector, Redirectors
redirect_program, squid
squid.conf, Access policies
SSL, squid
StoreEntry, Utilizing memory usage
SSH, VPN Types
ssh, SSH client and server
.rhosts, Host keys , The .rhosts and .shosts files
.shosts, The .rhosts and .shosts files
AllowGroups, Allow or deny non-root logins
AllowUsers, Allow or deny non-root logins
authorized_keys, User keys, public and private
Blowfish, Host keys
configure sshd, Configuring sshd
DenyGroups, Allow or deny non-root logins
DenyUsers, Allow or deny non-root logins
ForwardAgent, Enable agent forwarding
Host Keys, Host keys
id_dsa, User keys, public and private
id_dsa.pub, User keys, public and private
keys, Keys and their purpose
PasswordAuthentication, Allow or deny non-root logins
passwordless, Enabling or disabling Passwordless Authentication
PermitRootLogin, Allow or deny root logins
Port mapping, Description
Protocol, Allow or deny non-root logins
protocol version 1, Host keys
protocol version 2, Host keys
PubkeyAuthentication, Allow or deny non-root logins , Enabling or disabling Passwordless Authentication
RSA, Host keys
ssh-add, Login session
ssh-agent, ssh-agent
sshd_config, Configuring sshd
SSH_AGENT_PID, Login session
The X Window System, Enabling or disabling X forwarding
tunnel, Description
User Keys, User keys, public and private
Version, Setting the Protocol version
X Sessions, Enabling X-sessions
X11DisplayOffset, Enabling or disabling X forwarding
X11Forwarding, Enabling or disabling X forwarding
XAuthLocation, Enabling or disabling X forwarding
ssh-keygen, User keys, public and private
sshd, SSH client and server
sshd_config, Configuring sshd
SSL, Encrypted webservers: SSL
SSSD, OpenLDAP and SSSD
state, Connection tracking: Stateful Firewalling , Adding matching modules
Stateful Firewall, Connection tracking: Stateful Firewalling
statistics
transfer rate, sar
strace, Tools and utilities to trace software and their system and library calls
striping, RAID levels
superblock, Filesystems
superblock location, debugfs
swap, Measure and Troubleshoot Resource Usage (200.1) , Swap
swapon, Swap
SYN Attack, Description
SYN sweep, Description
sysctl, Using sysctl, Using /proc/sys/net/ipv4 (sysctl) to prevent simple DOS attacks
sysinit, Configuring /etc/inittab
Copyright Snow B.V. The Netherlands