Trying the Recipes

Most recipes provide commands or scripts you can run, or a set of configuration options for a particular program. When trying a recipe, please keep in mind:

• Our default shell for recipes is bash . If you use another shell, you might need different syntax for setting environment variables and other shell-specific things.

• If you create a Linux shell script (say, "myscript") in your current directory, but the current directory (".") is not in your search path , you can't run it simply by typing the script name :

  $ myscript
  bash: myscript: command not found
  

  because the shell won't find it. To invoke the script, specify that it's in the current directory:

  $ ./myscript
  

  Alternatively, you could add the current directory to your search path, but we recommend against this. [Recipe 9.7]

• Linux commands may behave differently when run in an interactive shell, a script, or a batch job (e.g., via cron ). Each method may have a different environment (for example, search path), and some commands even are coded to behave differently depending how they are invoked. If a recipe does not behave as you expect in a script, try running it interactively, and vice versa. You can see your environment with the env command, and your shell variables with the set built-in command.

• Different Linux distributions may place important binaries and configuration files in locations different from those in our recipes. Programs are assumed to be in your search path. You might need to add directories to your path, such as /sbin , /usr/sbin , and /usr/kerberos/bin . If you cannot find a file, try the locate command: ^[1]

  ^[1] Contained in the RPM package slocate (for Red Hat) or findutils-locate (for SuSE).

  $ locate sshd.config
  /etc/ssh/sshd_config
  

  or in the worst case, the find command from the root of the filesystem, as root:

  # find / -name sshd_config -print
  

• Make sure you have the most recent versions of programs involved in the recipe, or at least stable versions, and that the programs are properly installed.

Finally, each Linux system is unique. While we have tested these recipes on various machines, yours might be different enough to produce unexpected results.

Before you run any recipe, make sure you understand how it will affect security on your system.

Conventions Used in This Book

The following typographic conventions are used in this book:

Italic is used to indicate new terms and for comments in code sections. It is also used for URLs, FTP sites, filenames, and directory names . Some code sections begin with a line of italicized text, which usually specifies the file that the code belongs in.

Constant width is used for code sections and program names.

Constant width italic is used to indicate replaceable parts of code.

Constant width bold is used to indicate text typed by the user in code sections.

We capitalize the names of software packages or protocols, such as Tripwire or FTP, in contrast to their associated programs, denoted tripwire and ftp .

We use the following standards for shell prompts, so it's clear if a command must be run by a particular user or on a particular machine:

$

#

myhost

$

myhost

#

myname

$

myname@myhost

$

This icon indicates a tip, suggestion, or general note.

This icon indicates a warning or caution.