Trying the Recipes

Most recipes provide commands or scripts you can run, or a set of configuration options for a particular program. When trying a recipe, please keep in mind:

  • Our default shell for recipes is bash. If you use another shell, you might need different syntax for setting environment variables and other shell-specific things.

  • If you create a Linux shell script (say, "myscript") in your current directory, but the current directory (".") is not in your search path, you can't run it simply by typing the script name:

    $ myscript
    bash: myscript: command not found

    because the shell won't find it. To invoke the script, specify that it's in the current directory:

    $ ./myscript

    Alternatively, you could add the current directory to your search path, but we recommend against this. [Recipe 9.7]

  • Linux commands may behave differently when run in an interactive shell, a script, or a batch job (e.g., via cron). Each method may have a different environment (for example, search path), and some commands even are coded to behave differently depending how they are invoked. If a recipe does not behave as you expect in a script, try running it interactively, and vice versa. You can see your environment with the env command, and your shell variables with the set built-in command.

  • Different Linux distributions may place important binaries and configuration files in locations different from those in our recipes. Programs are assumed to be in your search path. You might need to add directories to your path, such as /sbin, /usr/sbin, and /usr/kerberos/bin. If you cannot find a file, try the locate command:[1]

    [1] Contained in the RPM package slocate (for Red Hat) or findutils-locate (for SuSE).

    $ locate sshd.config

    or in the worst case, the find command from the root of the filesystem, as root:

    # find / -name sshd_config -print
  • Make sure you have the most recent versions of programs involved in the recipe, or at least stable versions, and that the programs are properly installed.

Finally, each Linux system is unique. While we have tested these recipes on various machines, yours might be different enough to produce unexpected results.

Before you run any recipe, make sure you understand how it will affect security on your system.

    Chapter 9. Testing and Monitoring