2.1 Introduction

Linux is an Open Source version of Unix developed by Linus Torvalds to port Unix to the Intel x86 processor [Torvalds+ 01]. This made Unix available on the most ubiquitous computer hardware that has ever existed, and therefore available to almost everyone. Linux has since been ported to almost every processor and function one could imagine, including game-boxes, personal digital assistants (PDAs), personal digital video recorders , and IBM mainframes, expanding the original concept of Unix for x86 to Unix for everything. Linux isn't the only version of Unix available to most people (also notable are the various BSD variants, also Open Source), but it's by far the most popular.

In this chapter, we discuss how to get Linux, how to install it, and some of the basic commands. Here we are caught in a familiar bind: If you are familiar with Linux, this will be too simplistic, and if you are not, it will not be nearly enough. If you are in the former category, you can skim or skip this chapter; if the latter, we try to point you in the right direction.

2.1.1 Linux Distributions

Although Linux is free and Open Source, and you can download individual packages and compile them all yourself, that's rather masochistic. Most people get Linux as a packaged distribution from a vendor, either by paying for a CD or downloading it. The distribution route is fast and easy and resolves many hardware and software dependency issues (though not all of them). Paying for a CD both gives the prospective user the documentation and usually some degree of technical support, and supports the companies that propagate and improve Linux.

Many individuals, organizations, and companies make Linux distributions for different purposes and with different philosophies. The following is a quick list of the main ones, in no particular order (see www. distrowatch .com to keep up with them):

Debian Debian GNU/Linux is developed and maintained entirely by volunteers. The Advanced Package Tool ( apt ) is very powerful and highly esteemed ”many people think this is the best updater around. It is one of the easiest distributions to keep up to date. The apt-get mechanism handles package dependencies neatly.

Red Hat This is probably the most popular Linux distribution in the United States. Red Hat has worked with a number of vendors to provide Red Hat Linux preinstalled on PCs. Red Hat is feature and application rich, and easy for new Linux users to learn. Red Hat created the Red Hat Package Manager (RPM) system, a system similar to apt to keep software up to date, which is used by many distributions. The Red Hat up2date mechanism provides a package dependency resolution similar to apt-get . For what it's worth, apt-get has been ported to Red Hat, and you can update your distribution in that manner. Red Hat boasts a number of high-profile Open Source software employees .

Slackware One of the first Linux distributions, Slackware is still used by many hard- core Linux users. It contains user-friendly interfaces similar to other Linux distributions, but it generally goes for "power over pretty."

SuSE The most popular distribution in Europe, especially Germany, SuSE has become more popular in the United States as well. It uses a variant of the RPM package format and includes a sophisticated system configuration tool called YaST (Yet another Setup Tool) to make administration easier. SuSE supports many types of hardware and many configurations not available in other distributions, and includes several security scripts and tools that can be run to inform you of problems.

Mandrake Mandrake took the Red Hat distribution, added an easy-to-use installer, and changed the default desktop from Gnome to KDE, thus arriving at one of the more popular distributions. It has a reputation for being easy to use, easy to install, and cutting-edge.

There's also Immunix, a distribution based on Red Hat, which is hardened for security. The NSA also makes a secure version of Linux (see www.nsa.gov/selinux/).

Because we have to choose something, Red Hat Linux version 7 (the latest distribution as of this writing ^[1] ) will be our base. Aside from the usual holy wars about Linux distributions (and you can always roll your own from the source) or Linux versus BSD, we've found that Red Hat is the one you're most likely to be able to walk into a store in the United States and buy. Although this is not an endorsement, ^[2] Red Hat does a good job of keeping up to date with bug fixes and security issues and making its distribution relatively painless. Many resources are available for Red Hat, and one of our favorites, the Unix System Administration Handbook, Third Edition [Nemeth+ 01], now includes Red Hat Linux explicitly, which is very nice since Red Hat, like all the other distributions of Linux, does things slightly different from other Unices. ^[3]

^[1] You'll grow weary of that phrase soon.

^[2] Unpaid, it should be noted. Call us, RH ”our people will talk with your people.

^[3] Unix is Unix is Unix, and once you know one, you pretty much know them all, but even aside from SysV versus BSD, all Unices do things slightly differently. Think Ford versus GM for Red Hat versus Debian, and GM versus Toyota for SysV versus BSD. You can jump in and drive any of them, though you might have to look around to find the dimmer switch.

The directory structure referenced here is based on Red Hat. The Red Hat structure differs slightly from the Filesystem Hierarchy Standard, aka Linux Filesystem Standard (www.pathname.com/fhs/). All the configurations and directory structures we discuss in this book are based on the standard Red Hat RPMs.

However, you can use any other Linux distribution or package manager if you prefer, including ./configure; make; make install . If you've already installed a non “Red Hat Linux, you should be able to translate these instructions to another distribution with little difficulty.

2.1.2 Download and Install

The easiest way to get this free software is to pony up a sawbuck or two for a shrink-wrapped CD with instructions ”this might seem an oxymoron, but it's a capitalistic society. Or get it from www.cheapbytes.com for a very minimal cost. Because most of this is Open Source software, you don't have to buy any of it ”you can download it for free. But free might not be cheap, depending on how you value your time.

Failing that, you can download the software from Red Hat (or whatever distribution you choose) or a mirror under your existing non-Linux software and burn a CD or do a network install. Having a CD around is nice for reinstalling, fixing problems, having a backup, and other necessary tasks .

One issue to consider if you aren't purchasing a distribution with a CD, printed instructions, and so forth, is that the computer won't have a network connection or browser or printer while you are doing the installation, so you have to be prepared and have access to the instructions, documentation, etc., beforehand ”it's not always feasible to stop in the middle because you don't know the answer to a question. Once you start installing Linux, you can't click on the browser (on that machine ”if you have another, no problem) and look up the answer ”the browser won't be installed yet.

We're going assume you have a CD in hand, because otherwise the options branch too much for us to cover all the complications, and if you aren't installing from a CD, you aren't going to take our advice anyway ” you know what you are doing.

Once you have the software in hand, you can run the installer (whether Red Hat or not, most are fairly painless these days), following either the instructions you printed or the book you got with your distribution.

Having learned from experience, we highly recommend keeping an old-fashioned paper logbook of your setup, starting with how your disk is partitioned. If you have to tweak some odd configuration, you'll be very happy two years from now when you're installing your new system on your 5GHz Pentium 9 if you've written it down and very frustrated if you haven't ” especially when you're trying to recover your system after that hard disk that you got for $50 from Joe Bob's Computer Hut dies. The utility of keeping it on paper should be obvious, as is the canard about computers making for a paperless society. Back up your important data, and keep track of changes made to system configuration files somewhere other than on your system.

It's also a really good idea to make a copy of any configuration file before you change it, renaming it with the date, and placing it out of the install path. Extensions ”.orig, .bak, etc. ”are not recommended because many install scripts use those to save the files they're about to overwrite. Consider keeping a directory in your home path with the latest version of working configuration files, in addition to backups and paper copies, or better yet, on another computer entirely. You could also use something more technical for this purpose, such as CVS.

2.1.3 Decisions, Decisions

Before you start the installation, you must make some important decisions about your installation. Do you want to have a dual Windows/Linux boot or run strictly Linux? If you dual boot, do you want to put both operating systems on one disk, or do you want to install another hard drive for Linux? Is this going to be a workstation in addition to being a server, or strictly a command line interface (CLI) accessed server?

One advantage of dual booting is that you get to keep all the Windows software you already paid for, because of the nonmonopolistic practices that make it easy for you to buy a computer without a Microsoft operating system preinstalled (sarcasm alert!). ^[4] With dual booting, you can even run Windows under an emulator in Linux.

^[4] A large portion of the cost of any PC is due to the Microsoft operating system, which it is required to have (the so-called Microsoft tax ”try buying a computer in the United States without any operating system).

But if this machine is to be a full-time webserver , not a user machine, you may want to keep things simple and go with Linux as your only operating system. This does make installation much simpler.

As always, before you start any major system task like this, back up ! Back your system up ”you can lose everything when you start playing with fundamental things like disk partitions. At the very least, copy your important files to another computer, a CD-ROM, a tape, or an external disk. Therefore, there are several installation options.

Single disk, Linux boot Simple enough ”just insert the installation disk and follow the instructions.

Single disk, dual boot In a dual boot system, Windows must reside on its own partition ”not least because Windows and Linux use incompatible filesystems. The Red Hat installer comes with a disk utility, called fips , that allows you to shrink the existing Windows partition of your disk without destroying the existing data, though the disk must be defragmented before you do this (see www.igd.fhg.de/~aschaefe/fips/).

This program works for older versions of Windows that are based on the FAT filesystem: Windows 95, 98, 2000, and ME.

Unfortunately, newer versions of Windows (NT, XP) are based on the proprietary NTFS filesystem, which breaks fips . It is unlikely that someone will reverse engineer this system and implement something similar to fips for NTFS, because the Digital Millennium Copyright Act (DMCA) makes reverse engineering a proprietary closed system a felony! ^[5] A couple of programs purport to do the same thing as fips , but they aren't as well tested . Red Hat doesn't include them on the install disk ”draw your own conclusions. You pays your money, you takes your chances . It's your data.

^[5] Search Slashdot, http://slashdot.org, for DMCA. Write your congressperson.

A program called Partition Magic does alter NTFS partitions, but it costs between $50 and $75, so you are left with the choice of ponying up for the software or just getting a cheap 10GB or 20GB disk and installing Linux on that. The cost is roughly the same, plus or minus an Andy Jackson. We recommend the latter, if your computer supports an extra hard drive. Same cost, much simpler, more flexible.

Multiple disks, dual boot If you decide to go with the two-disk method, Linux installation is simple enough. When you boot from the installation disk, it asks which disk you want to install on, hda or hdb (or something similar). Your Windows software will be on the former, so pick the latter and install Linux on that.

2.1.4 Linux Partition Sizes

You should create several partitions for Linux (see Table 2.1). You could use a single partition, but your life as a sysadmin and webmaster will be easier if you create several. The advantage to having several partitions is that it provides a degree of protection against filling up a disk, or accidently overwriting data, or should you need to reinstall the system, losing user data. It also makes for simpler upgrades because the system software will be installed into its own partition and will leave /home alone.

Table 2.1. Recommended Linux Partition Sizes.

Red Hat uses software called Disk Druid to partition the disk during installation. You can have the Red Hat installer automatically partition the disk if you wish.

Assuming you have a 10GB disk, we recommend making these partitions. If you have a larger disk, you could add extra partitions for such things as /web ^[6] and /root , and add more space in /home and /usr .

^[6] If you do this, translate /var/www/ throughout this book to /web .

After you've backed up and partitioned, the next thing to do is insert the Linux installation CD and reboot from it. Follow the directions included with your distribution, and install everything. ^[7] You probably have no need for Samba, cluster software, multiple language support, etc., but you can turn this stuff off and remove it later after reading HLE. It's possible to install Linux using a very small amount of disk space (a few megabytes), but this requires some know-how, and if you really have gigabytes of disk space, it's not worth doing ”it isn't Linux that'll be using it up, it's your MP3s. You do need to install the development packages so that you will have a compiler environment because some of the software that will be installed later will have to be compiled. If this is to be a user machine in addition to a webserver, install one or more of the graphical user interfaces (GUIs), KDE or Gnome.

^[7] We debated awhile the utility of installing everything . You don't need it, and some of it is a security risk. But a list would be very long and would change with every release, and it's difficult to determine all the interrelated dependencies. So install everything, read the USAH, and uninstall unused programs as you learn more.

In the best of all possible worlds , the webserver itself would be separate from the machine on which code is developed and tested, and the webserver would run only the necessary daemons to be a secure server, and all the X Windows and Gnome/KDE GUI and development code would be necessary only on the development machine.

For most of us, however, the server and development box will be one and the same, meaning that you should install everything you want on this one machine.

2.1.5 Accounts

The installer will ask you to create at least one account, the root account. The root account, or superuser, is the godlike figure of the system. Just like the real Supreme Being, as countless explanatory tales from Paradise Lost onward tell, it's easy to use your rootly powers for destructive purposes, and it requires care to use your superpowers only for good ”that is, you can screw up your system royally if you rm -rf * under the # prompt.

At this time, it would be convenient to create at least one other user account for yourself and an account for any other user of the system. Other users can be added later. As a general practice, you should not log in as root but as a user; then su to a root account.

 [root@localhost root]# 

 # 

The Red Hat installer creates several other users for specific purposes: Apache will be owned by the apache user, Squid under squid , etc. This is part of a strategy to keep powerful daemons that run on low ports walled away from the root account. Ports numbered under 1024 are owned by root , and by accessing one of these ports, a cracker could compromise your system. Apache runs on port 80 and thus must have this sort of access, but it can be walled off from an actual root account by running under its own user, which has certain powers but isn't root .

 [jrl@localhost jrl]$ 

2.1.6 Security

Red Hat now allows you to pick the services turned on during installation; in fact, it actively requires that you turn things on. Woo-hoo! This is a major security improvement and much better than in the old days (two years ago), when everything was turned on by default, and the secure user had to know to go through and turn things off.

Leave everything off except secure services that you know you will use, such as secure shell (SSH). Do not turn on FTP, Telnet, Apache ( httpd ), or any of the other services. Not to worry ”when and if they are needed, they can be started later in a secure fashion. Red Hat also allows you to pick a firewall level of security during installation, with the default of medium. Choose this for now.

Once you get started or even before, read Hacking Linux Exposed [Hatch+ 00]. Build a firewall and implement a log-watching program and a tripwire. Investing $80 in a firewalled router (such as an SMC Barricade) is a cheap first (but not last) step toward security.

Be paranoid . They are out to get you.