Red Hat Enterprise Linux 5

Deployment Guide

Deployment, configuration and administration of Red Hat Enterprise Linux 5

Edition 11

Logo

Legal Notice

Copyright © 2007–2013 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack Logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.

Abstract

The Deployment Guide documents relevant information regarding the deployment, configuration, and administration of Red Hat Enterprise Linux 5.
Introduction
1. Document Conventions
2. Send in Your Feedback
I. File Systems
1. File System Structure
1.1. Why Share a Common Structure?
1.2. Overview of File System Hierarchy Standard (FHS)
1.2.1. FHS Organization
1.3. Special File Locations Under Red Hat Enterprise Linux
2. Using the mount Command
2.1. Listing Currently Mounted File Systems
2.2. Mounting a File System
2.2.1. Specifying the File System Type
2.2.2. Specifying the Mount Options
2.2.3. Sharing Mounts
2.2.4. Moving a Mount Point
2.3. Unmounting a File System
2.4. Additional Resources
2.4.1. Installed Documentation
2.4.2. Useful Websites
3. The ext3 File System
3.1. Features of ext3
3.2. Creating an ext3 File System
3.3. Converting to an ext3 File System
3.4. Reverting to an ext2 File System
4. The ext4 File System
4.1. Features of ext4
4.2. Managing an ext4 File System
4.3. Creating an ext4 File System
4.4. Mounting an ext4 File System
4.5. Resizing an ext4 File System
5. The proc File System
5.1. A Virtual File System
5.1.1. Viewing Virtual Files
5.1.2. Changing Virtual Files
5.1.3. Restricting Access to Process Directories
5.2. Top-level Files within the proc File System
5.2.1. /proc/apm
5.2.2. /proc/buddyinfo
5.2.3. /proc/cmdline
5.2.4. /proc/cpuinfo
5.2.5. /proc/crypto
5.2.6. /proc/devices
5.2.7. /proc/dma
5.2.8. /proc/execdomains
5.2.9. /proc/fb
5.2.10. /proc/filesystems
5.2.11. /proc/interrupts
5.2.12. /proc/iomem
5.2.13. /proc/ioports
5.2.14. /proc/kcore
5.2.15. /proc/kmsg
5.2.16. /proc/loadavg
5.2.17. /proc/locks
5.2.18. /proc/mdstat
5.2.19. /proc/meminfo
5.2.20. /proc/misc
5.2.21. /proc/modules
5.2.22. /proc/mounts
5.2.23. /proc/mtrr
5.2.24. /proc/partitions
5.2.25. /proc/pci
5.2.26. /proc/slabinfo
5.2.27. /proc/stat
5.2.28. /proc/swaps
5.2.29. /proc/sysrq-trigger
5.2.30. /proc/uptime
5.2.31. /proc/version
5.3. Directories within /proc/
5.3.1. Process Directories
5.3.2. /proc/bus/
5.3.3. /proc/driver/
5.3.4. /proc/fs
5.3.5. /proc/ide/
5.3.6. /proc/irq/
5.3.7. /proc/net/
5.3.8. /proc/scsi/
5.3.9. /proc/sys/
5.3.10. /proc/sysvipc/
5.3.11. /proc/tty/
5.3.12. /proc/<PID>/
5.4. Using the sysctl Command
5.5. Additional Resources
5.5.1. Installed Documentation
5.5.2. Useful Websites
6. Redundant Array of Independent Disks (RAID)
6.1. What is RAID?
6.1.1. Who Should Use RAID?
6.1.2. Hardware RAID versus Software RAID
6.1.3. RAID Levels and Linear Support
6.2. Configuring Software RAID
6.2.1. Creating the RAID Partitions
6.2.2. Creating the RAID Devices and Mount Points
6.3. Managing Software RAID
6.3.1. Reviewing RAID Configuration
6.3.2. Creating a New RAID Device
6.3.3. Replacing a Faulty Device
6.3.4. Extending a RAID Device
6.3.5. Removing a RAID Device
6.3.6. Preserving the Configuration
6.4. Additional Resources
6.4.1. Installed Documentation
7. Swap Space
7.1. What is Swap Space?
7.2. Adding Swap Space
7.2.1. Extending Swap on an LVM2 Logical Volume
7.2.2. Creating an LVM2 Logical Volume for Swap
7.2.3. Creating a Swap File
7.3. Removing Swap Space
7.3.1. Reducing Swap on an LVM2 Logical Volume
7.3.2. Removing an LVM2 Logical Volume for Swap
7.3.3. Removing a Swap File
7.4. Moving Swap Space
8. Managing Disk Storage
8.1. Standard Partitions using parted
8.1.1. Viewing the Partition Table
8.1.2. Creating a Partition
8.1.3. Removing a Partition
8.1.4. Resizing a Partition
8.2. LVM Partition Management
9. Implementing Disk Quotas
9.1. Configuring Disk Quotas
9.1.1. Enabling Quotas
9.1.2. Remounting the File Systems
9.1.3. Creating the Quota Database Files
9.1.4. Assigning Quotas per User
9.1.5. Assigning Quotas per Group
9.1.6. Setting the Grace Period for Soft Limits
9.2. Managing Disk Quotas
9.2.1. Enabling and Disabling
9.2.2. Reporting on Disk Quotas
9.2.3. Keeping Quotas Accurate
9.3. Additional Resources
9.3.1. Installed Documentation
9.3.2. Related Books
10. Access Control Lists
10.1. Mounting File Systems
10.1.1. NFS
10.2. Setting Access ACLs
10.3. Setting Default ACLs
10.4. Retrieving ACLs
10.5. Archiving File Systems With ACLs
10.6. Compatibility with Older Systems
10.7. Additional Resources
10.7.1. Installed Documentation
10.7.2. Useful Websites
11. LVM (Logical Volume Manager)
11.1. What is LVM?
11.1.1. What is LVM2?
11.2. LVM Configuration
11.3. Automatic Partitioning
11.4. Manual LVM Partitioning
11.4.1. Creating the /boot Partition
11.4.2. Creating the LVM Physical Volumes
11.4.3. Creating the LVM Volume Groups
11.4.4. Creating the LVM Logical Volumes
11.5. Using the LVM utility system-config-lvm
11.5.1. Utilizing uninitialized entities
11.5.2. Adding Unallocated Volumes to a volume group
11.5.3. Migrating extents
11.5.4. Adding a new hard disk using LVM
11.5.5. Adding a new volume group
11.5.6. Extending a volume group
11.5.7. Editing a Logical Volume
11.6. Additional Resources
11.6.1. Installed Documentation
11.6.2. Useful Websites
II. Package Management
12. Package Management with RPM
12.1. RPM Design Goals
12.2. Using RPM
12.2.1. Finding RPM Packages
12.2.2. Installing
12.2.3. Uninstalling
12.2.4. Upgrading
12.2.5. Freshening
12.2.6. Querying
12.2.7. Verifying
12.3. Checking a Package's Signature
12.3.1. Importing Keys
12.3.2. Verifying Signature of Packages
12.4. Practical and Common Examples of RPM Usage
12.5. Additional Resources
12.5.1. Installed Documentation
12.5.2. Useful Websites
12.5.3. Related Books
13. Package Management Tool
13.1. Listing and Analyzing Packages
13.2. Installing and Removing Packages
14. YUM (Yellowdog Updater Modified)
14.1. Setting Up a Yum Repository
14.2. yum Commands
14.3. yum Options
14.4. Configuring yum
14.4.1. [main] Options
14.4.2. [repository] Options
14.5. Upgrading the System Off-line with ISO and Yum
14.6. Useful yum Variables
15. Registering a System and Managing Subscriptions
15.1. Using Red Hat Subscription Manager Tools
15.1.1. Launching the Red Hat Subscription Manager GUI
15.1.2. Running the subscription-manager Command-Line Tool
15.2. Registering and Unregistering a System
15.2.1. Registering from the GUI
15.2.2. Registering from the Command Line
15.2.3. Unregistering
15.3. Attaching and Removing Subscriptions
15.3.1. Attaching and Removing Subscriptions through the GUI
15.3.2. Attaching and Removing Subscriptions through the Command Line
15.4. Redeeming Vendor Subscriptions
15.4.1. Redeeming Subscriptions through the GUI
15.4.2. Redeeming Subscriptions through the Command Line
15.5. Attaching Subscriptions from a Subscription Asset Manager Activation Key
15.6. Setting Preferences for Systems
15.6.1. Setting Preferences in the UI
15.6.2. Setting Service Levels Through the Command Line
15.6.3. Setting a Preferred Operating System Release Version in the Command Line
15.6.4. Removing a Preference
15.7. Managing Subscription Expiration and Notifications
III. Network-Related Configuration
16. Network Interfaces
16.1. Network Configuration Files
16.2. Interface Configuration Files
16.2.1. Ethernet Interfaces
16.2.2. IPsec Interfaces
16.2.3. Channel Bonding Interfaces
16.2.4. Alias and Clone Files
16.2.5. Dialup Interfaces
16.2.6. Other Interfaces
16.3. Interface Control Scripts
16.4. Static Routes and the Default Gateway
16.5. Configuring Static Routes in ifcfg files
16.5.1. Static Routes Using the IP Command Arguments Format
16.5.2. Network/Netmask Directives Format
16.6. Network Function Files
16.7. Additional Resources
16.7.1. Installed Documentation
17. Network Configuration
17.1. Overview
17.2. Establishing an Ethernet Connection
17.3. Establishing an ISDN Connection
17.4. Establishing a Modem Connection
17.5. Establishing an xDSL Connection
17.6. Establishing a Token Ring Connection
17.7. Establishing a Wireless Connection
17.8. Managing DNS Settings
17.9. Managing Hosts
17.10. Working with Profiles
17.11. Device Aliases
17.12. Saving and Restoring the Network Configuration
18. Controlling Access to Services
18.1. Runlevels
18.2. TCP Wrappers
18.2.1. xinetd
18.3. Services Configuration Tool
18.4. ntsysv
18.5. chkconfig
18.6. Additional Resources
18.6.1. Installed Documentation
18.6.2. Useful Websites
19. Berkeley Internet Name Domain (BIND)
19.1. Introduction to DNS
19.1.1. Nameserver Zones
19.1.2. Nameserver Types
19.1.3. BIND as a Nameserver
19.2. /etc/named.conf
19.2.1. Common Statement Types
19.2.2. Other Statement Types
19.2.3. Comment Tags
19.3. Zone Files
19.3.1. Zone File Directives
19.3.2. Zone File Resource Records
19.3.3. Example Zone File
19.3.4. Reverse Name Resolution Zone Files
19.4. Using rndc
19.4.1. Configuring /etc/named.conf
19.4.2. Configuring /etc/rndc.conf
19.4.3. Command Line Options
19.5. Advanced Features of BIND
19.5.1. DNS Protocol Enhancements
19.5.2. Multiple Views
19.5.3. Security
19.5.4. IP version 6
19.6. Common Mistakes to Avoid
19.7. Additional Resources
19.7.1. Installed Documentation
19.7.2. Useful Websites
19.7.3. Related Books
20. OpenSSH
20.1. Features of SSH
20.1.1. Why Use SSH?
20.2. SSH Protocol Versions
20.3. Event Sequence of an SSH Connection
20.3.1. Transport Layer
20.3.2. Authentication
20.3.3. Channels
20.4. Configuring an OpenSSH Server
20.4.1. Requiring SSH for Remote Connections
20.5. OpenSSH Configuration Files
20.6. Configuring an OpenSSH Client
20.6.1. Using the ssh Command
20.6.2. Using the scp Command
20.6.3. Using the sftp Command
20.7. More Than a Secure Shell
20.7.1. X11 Forwarding
20.7.2. Port Forwarding
20.7.3. Generating Key Pairs
20.8. Additional Resources
20.8.1. Installed Documentation
20.8.2. Useful Websites
21. Network File System (NFS)
21.1. How It Works
21.1.1. Required Services
21.2. NFS Client Configuration
21.2.1. Mounting NFS File Systems using /etc/fstab
21.3. autofs
21.3.1. What's new in autofs version 5?
21.3.2. autofs Configuration
21.3.3. autofs Common Tasks
21.4. Common NFS Mount Options
21.5. Starting and Stopping NFS
21.6. NFS Server Configuration
21.6.1. Exporting or Sharing NFS File Systems
21.6.2. Command Line Configuration
21.6.3. Running NFS Behind a Firewall
21.6.4. Hostname Formats
21.7. The /etc/exports Configuration File
21.7.1. The exportfs Command
21.8. Securing NFS
21.8.1. Host Access
21.8.2. File Permissions
21.9. NFS and portmap
21.9.1. Troubleshooting NFS and portmap
21.10. Using NFS over TCP
21.11. Additional Resources
21.11.1. Installed Documentation
21.11.2. Useful Websites
21.11.3. Related Books
22. Samba
22.1. Introduction to Samba
22.1.1. Samba Features
22.2. Samba Daemons and Related Services
22.2.1. Samba Daemons
22.3. Connecting to a Samba Share
22.3.1. Command Line
22.3.2. Mounting the Share
22.4. Configuring a Samba Server
22.4.1. Graphical Configuration
22.4.2. Command Line Configuration
22.4.3. Encrypted Passwords
22.5. Starting and Stopping Samba
22.6. Samba Server Types and the smb.conf File
22.6.1. Stand-alone Server
22.6.2. Domain Member Server
22.6.3. Domain Controller
22.7. Samba Security Modes
22.7.1. User-Level Security
22.7.2. Share-Level Security
22.8. Samba Account Information Databases
22.9. Samba Network Browsing
22.9.1. Domain Browsing
22.9.2. WINS (Windows Internetworking Name Server)
22.10. Samba with CUPS Printing Support
22.10.1. Simple smb.conf Settings
22.11. Samba Distribution Programs
22.12. Additional Resources
22.12.1. Installed Documentation
22.12.2. Related Books
22.12.3. Useful Websites
23. Dynamic Host Configuration Protocol (DHCP)
23.1. Why Use DHCP?
23.2. Configuring a DHCP Server
23.2.1. Configuration File
23.2.2. Lease Database
23.2.3. Starting and Stopping the Server
23.2.4. DHCP Relay Agent
23.3. Configuring a DHCP Client
23.4. Configuring a Multihomed DHCP Server
23.4.1. Host Configuration
23.5. Additional Resources
23.5.1. Installed Documentation
24. Migrating from MySQL 5.0 to MySQL 5.5
24.1. Upgrading from MySQL 5.0 to MySQL 5.5
25. Apache HTTP Server
25.1. Apache HTTP Server 2.2
25.1.1. Features of Apache HTTP Server 2.2
25.2. Migrating Apache HTTP Server Configuration Files
25.2.1. Migrating Apache HTTP Server 2.0 Configuration Files
25.2.2. Migrating Apache HTTP Server 1.3 Configuration Files to 2.0
25.3. Starting and Stopping httpd
25.4. Apache HTTP Server Configuration
25.4.1. Basic Settings
25.4.2. Default Settings
25.5. Configuration Directives in httpd.conf
25.5.1. General Configuration Tips
25.5.2. Configuration Directives for SSL
25.5.3. MPM Specific Server-Pool Directives
25.6. Adding Modules
25.7. Virtual Hosts
25.7.1. Setting Up Virtual Hosts
25.8. Apache HTTP Secure Server Configuration
25.8.1. An Overview of Security-Related Packages
25.8.2. An Overview of Certificates and Security
25.8.3. Using Pre-Existing Keys and Certificates
25.8.4. Types of Certificates
25.8.5. Generating a Key
25.8.6. How to configure the server to use the new key
25.9. Additional Resources
25.9.1. Useful Websites
26. FTP
26.1. The File Transfer Protocol
26.1.1. Multiple Ports, Multiple Modes
26.2. FTP Servers
26.2.1. vsftpd
26.2.2. Files Installed with vsftpd
26.2.3. Starting and Stopping vsftpd
26.2.4. Encrypting vsftpd Connections Using TLS
26.2.5. vsftpd Configuration Options
26.2.6. Additional Resources
27. Email
27.1. Email Protocols
27.1.1. Mail Transport Protocols
27.1.2. Mail Access Protocols
27.2. Email Program Classifications
27.2.1. Mail Transport Agent
27.2.2. Mail Delivery Agent
27.2.3. Mail User Agent
27.3. Mail Transport Agents
27.3.1. Sendmail
27.3.2. Postfix
27.3.3. Fetchmail
27.4. Mail Transport Agent (MTA) Configuration
27.5. Mail Delivery Agents
27.5.1. Procmail Configuration
27.5.2. Procmail Recipes
27.6. Mail User Agents
27.6.1. Securing Communication
27.7. Additional Resources
27.7.1. Installed Documentation
27.7.2. Useful Websites
27.7.3. Related Books
28. Lightweight Directory Access Protocol (LDAP)
28.1. Why Use LDAP?
28.1.1. OpenLDAP Features
28.2. LDAP Terminology
28.3. OpenLDAP Daemons and Utilities
28.3.1. NSS, PAM, and LDAP
28.3.2. PHP4, LDAP, and the Apache HTTP Server
28.3.3. LDAP Client Applications
28.4. OpenLDAP Configuration Files
28.5. The /etc/openldap/schema/ Directory
28.6. OpenLDAP Setup Overview
28.6.1. Editing /etc/openldap/slapd.conf
28.7. Configuring a System to Authenticate Using OpenLDAP
28.7.1. PAM and LDAP
28.7.2. Migrating Old Authentication Information to LDAP Format
28.8. Migrating Directories from Earlier Releases
28.9. Additional Resources
28.9.1. Installed Documentation
28.9.2. Useful Websites
28.9.3. Related Books
29. Authentication Configuration
29.1. User Information
29.2. Authentication
29.3. Options
29.4. Command Line Version
30. Using and Caching Credentials with SSSD
30.1. About the sssd.conf File
30.2. Starting and Stopping SSSD
30.3. Configuring SSSD to Work with System Services
30.3.1. Configuring NSS Services
30.3.2. Configuring the PAM Service
30.4. Creating Domains
30.4.1. General Rules and Options for Configuring a Domain
30.4.2. Configuring an LDAP Domain
30.4.3. Configuring Kerberos Authentication with a Domain
30.4.4. Configuring a Proxy Domain
30.5. Configuring Access Control for SSSD Domains
30.5.1. Using the Simple Access Provider
30.5.2. Using the LDAP Access Filter
30.6. Configuring Domain Failover
30.6.1. Configuring Failover
30.6.2. Using SRV Records with Failover
30.7. Deleting Domain Cache Files
30.8. Using NSCD with SSSD
30.9. Troubleshooting SSSD
30.9.1. Checking SSSD Log Files
30.9.2. Problems with SSSD Configuration
IV. System Configuration
31. Console Access
31.1. Disabling Shutdown Via Ctrl+Alt+Del
31.2. Disabling Console Program Access
31.3. Defining the Console
31.4. Making Files Accessible From the Console
31.5. Enabling Console Access for Other Applications
31.6. The floppy Group
32. The sysconfig Directory
32.1. Files in the /etc/sysconfig/ Directory
32.1.1. /etc/sysconfig/amd
32.1.2. /etc/sysconfig/apmd
32.1.3. /etc/sysconfig/arpwatch
32.1.4. /etc/sysconfig/authconfig
32.1.5. /etc/sysconfig/autofs
32.1.6. /etc/sysconfig/clock
32.1.7. /etc/sysconfig/desktop
32.1.8. /etc/sysconfig/dhcpd
32.1.9. /etc/sysconfig/exim
32.1.10. /etc/sysconfig/firstboot
32.1.11. /etc/sysconfig/gpm
32.1.12. /etc/sysconfig/hwconf
32.1.13. /etc/sysconfig/i18n
32.1.14. /etc/sysconfig/init
32.1.15. /etc/sysconfig/ip6tables-config
32.1.16. /etc/sysconfig/iptables-config
32.1.17. /etc/sysconfig/irda
32.1.18. /etc/sysconfig/keyboard
32.1.19. /etc/sysconfig/kudzu
32.1.20. /etc/sysconfig/named
32.1.21. /etc/sysconfig/network
32.1.22. /etc/sysconfig/nfs
32.1.23. /etc/sysconfig/ntpd
32.1.24. /etc/sysconfig/radvd
32.1.25. /etc/sysconfig/samba
32.1.26. /etc/sysconfig/selinux
32.1.27. /etc/sysconfig/sendmail
32.1.28. /etc/sysconfig/spamassassin
32.1.29. /etc/sysconfig/squid
32.1.30. /etc/sysconfig/system-config-securitylevel
32.1.31. /etc/sysconfig/system-config-selinux
32.1.32. /etc/sysconfig/system-config-users
32.1.33. /etc/sysconfig/system-logviewer
32.1.34. /etc/sysconfig/tux
32.1.35. /etc/sysconfig/vncservers
32.1.36. /etc/sysconfig/xinetd
32.2. Directories in the /etc/sysconfig/ Directory
32.3. Additional Resources
32.3.1. Installed Documentation
33. Date and Time Configuration
33.1. Time and Date Properties
33.2. Network Time Protocol (NTP) Properties
33.3. Time Zone Configuration
34. Keyboard Configuration
35. The X Window System
35.1. The X11R7.1 Release
35.2. Desktop Environments and Window Managers
35.2.1. Desktop Environments
35.2.2. Window Managers
35.3. X Server Configuration Files
35.3.1. xorg.conf
35.4. Fonts
35.4.1. Fontconfig
35.4.2. Core X Font System
35.5. Runlevels and X
35.5.1. Runlevel 3
35.5.2. Runlevel 5
35.6. Additional Resources
35.6.1. Installed Documentation
35.6.2. Useful Websites
36. X Window System Configuration
36.1. Display Settings
36.2. Display Hardware Settings
36.3. Dual Head Display Settings
37. Users and Groups
37.1. User and Group Configuration
37.1.1. Adding a New User
37.1.2. Modifying User Properties
37.1.3. Adding a New Group
37.1.4. Modifying Group Properties
37.2. User and Group Management Tools
37.2.1. Command Line Configuration
37.2.2. Adding a User
37.2.3. Adding a Group
37.2.4. Password Aging
37.2.5. Explaining the Process
37.3. Standard Users
37.4. Standard Groups
37.5. User Private Groups
37.5.1. Group Directories
37.6. Shadow Passwords
37.7. Additional Resources
37.7.1. Installed Documentation
38. Printer Configuration
38.1. Adding a Local Printer
38.2. Adding an IPP Printer
38.3. Adding a Samba (SMB) Printer
38.4. Adding a JetDirect Printer
38.5. Selecting the Printer Model and Finishing
38.5.1. Confirming Printer Configuration
38.6. Printing a Test Page
38.7. Modifying Existing Printers
38.7.1. The Settings Tab
38.7.2. The Policies Tab
38.7.3. The Access Control Tab
38.7.4. The Printer and Job OptionsTab
38.8. Managing Print Jobs
38.9. Additional Resources
38.9.1. Installed Documentation
38.9.2. Useful Websites
39. Automated Tasks
39.1. Cron
39.1.1. Configuring Cron Jobs
39.1.2. Controlling Access to Cron
39.1.3. Starting and Stopping the Service
39.2. At and Batch
39.2.1. Configuring At Jobs
39.2.2. Configuring Batch Jobs
39.2.3. Viewing Pending Jobs
39.2.4. Additional Command Line Options
39.2.5. Controlling Access to At and Batch
39.2.6. Starting and Stopping the Service
39.3. Additional Resources
39.3.1. Installed Documentation
40. Log Files
40.1. Locating Log Files
40.2. Viewing Log Files
40.3. Adding a Log File
40.4. Monitoring Log Files
V. System Monitoring
41. SystemTap
41.1. Introduction
41.2. Implementation
41.3. Using SystemTap
41.3.1. Tracing
42. Gathering System Information
42.1. System Processes
42.2. Memory Usage
42.3. File Systems
42.4. Hardware
42.5. Additional Resources
42.5.1. Installed Documentation
43. OProfile
43.1. Overview of Tools
43.2. Configuring OProfile
43.2.1. Specifying the Kernel
43.2.2. Setting Events to Monitor
43.2.3. Separating Kernel and User-space Profiles
43.3. Starting and Stopping OProfile
43.4. Saving Data
43.5. Analyzing the Data
43.5.1. Using opreport
43.5.2. Using opreport on a Single Executable
43.5.3. Getting more detailed output on the modules
43.5.4. Using opannotate
43.6. Understanding /dev/oprofile/
43.7. Example Usage
43.8. Graphical Interface
43.9. Additional Resources
43.9.1. Installed Docs
43.9.2. Useful Websites
VI. Kernel and Driver Configuration
44. Manually Upgrading the Kernel
44.1. Overview of Kernel Packages
44.2. Preparing to Upgrade
44.3. Downloading the Upgraded Kernel
44.4. Performing the Upgrade
44.5. Verifying the Initial RAM Disk Image
44.6. Verifying the Boot Loader
44.6.1. x86 Systems
44.6.2. Itanium Systems
44.6.3. IBM S/390 and IBM System z Systems
44.6.4. IBM eServer iSeries Systems
44.6.5. IBM eServer pSeries Systems
45. General Parameters and Modules
45.1. Kernel Module Utilities
45.2. Persistent Module Loading
45.3. Specifying Module Parameters
45.4. Storage parameters
45.5. Ethernet Parameters
45.5.1. The Channel Bonding Module
45.6. Additional Resources
45.6.1. Installed Documentation
45.6.2. Useful Websites
46. The kdump Crash Recovery Service
46.1. Installing the kdump Service
46.2. Configuring the kdump Service
46.2.1. Configuring kdump at First Boot
46.2.2. Using the Kernel Dump Configuration Utility
46.2.3. Configuring kdump on the Command Line
46.2.4. Testing the Configuration
46.3. Analyzing the Core Dump
46.3.1. Displaying the Message Buffer
46.3.2. Displaying a Backtrace
46.3.3. Displaying a Process Status
46.3.4. Displaying Virtual Memory Information
46.3.5. Displaying Open Files
46.4. Additional Resources
46.4.1. Installed Documentation
46.4.2. Useful Websites
VII. Security And Authentication
47. Security Overview
47.1. Introduction to Security
47.1.1. What is Computer Security?
47.1.2. Security Controls
47.1.3. Conclusion
47.2. Vulnerability Assessment
47.2.1. Thinking Like the Enemy
47.2.2. Defining Assessment and Testing
47.2.3. Evaluating the Tools
47.3. Attackers and Vulnerabilities
47.3.1. A Quick History of Hackers
47.3.2. Threats to Network Security
47.3.3. Threats to Server Security
47.3.4. Threats to Workstation and Home PC Security
47.4. Common Exploits and Attacks
47.5. Security Updates
47.5.1. Updating Packages
48. Securing Your Network
48.1. Workstation Security
48.1.1. Evaluating Workstation Security
48.1.2. BIOS and Boot Loader Security
48.1.3. Password Security
48.1.4. Administrative Controls
48.1.5. Available Network Services
48.1.6. Personal Firewalls
48.1.7. Security Enhanced Communication Tools
48.2. Server Security
48.2.1. Securing Services With TCP Wrappers and xinetd
48.2.2. Securing Portmap
48.2.3. Securing NIS
48.2.4. Securing NFS
48.2.5. Securing the Apache HTTP Server
48.2.6. Securing FTP
48.2.7. Securing Sendmail
48.2.8. Verifying Which Ports Are Listening
48.3. Single Sign-on (SSO)
48.3.1. Introduction
48.3.2. Getting Started with your new Smart Card
48.3.3. How Smart Card Enrollment Works
48.3.4. How Smart Card Login Works
48.3.5. Configuring Firefox to use Kerberos for SSO
48.4. Pluggable Authentication Modules (PAM)
48.4.1. Advantages of PAM
48.4.2. PAM Configuration Files
48.4.3. PAM Configuration File Format
48.4.4. Sample PAM Configuration Files
48.4.5. Creating PAM Modules
48.4.6. PAM and Administrative Credential Caching
48.4.7. PAM and Device Ownership
48.4.8. Additional Resources
48.5. TCP Wrappers and xinetd
48.5.1. TCP Wrappers
48.5.2. TCP Wrappers Configuration Files
48.5.3. xinetd
48.5.4. xinetd Configuration Files
48.5.5. Additional Resources
48.6. Kerberos
48.6.1. What is Kerberos?
48.6.2. Kerberos Terminology
48.6.3. How Kerberos Works
48.6.4. Kerberos and PAM
48.6.5. Configuring a Kerberos 5 Server
48.6.6. Configuring a Kerberos 5 Client
48.6.7. Domain-to-Realm Mapping
48.6.8. Setting Up Secondary KDCs
48.6.9. Setting Up Cross Realm Authentication
48.6.10. Additional Resources
48.7. Virtual Private Networks (VPNs)
48.7.1. How Does a VPN Work?
48.7.2. VPNs and Red Hat Enterprise Linux
48.7.3. IPsec
48.7.4. Creating an IPsec Connection
48.7.5. IPsec Installation
48.7.6. IPsec Host-to-Host Configuration
48.7.7. IPsec Network-to-Network Configuration
48.7.8. Starting and Stopping an IPsec Connection
48.8. Firewalls
48.8.1. Netfilter and IPTables
48.8.2. Basic Firewall Configuration
48.8.3. Using IPTables
48.8.4. Common IPTables Filtering
48.8.5. FORWARD and NAT Rules
48.8.6. Malicious Software and Spoofed IP Addresses
48.8.7. IPTables and Connection Tracking
48.8.8. IPv6
48.8.9. Additional Resources
48.9. IPTables
48.9.1. Packet Filtering
48.9.2. Differences Between IPTables and IPChains
48.9.3. Command Options for IPTables
48.9.4. Saving IPTables Rules
48.9.5. IPTables Control Scripts
48.9.6. IPTables and IPv6
48.9.7. Additional Resources
49. Security and SELinux
49.1. Access Control Mechanisms (ACMs)
49.1.1. Discretionary Access Control (DAC)
49.1.2. Access Control Lists (ACLs)
49.1.3. Mandatory Access Control (MAC)
49.1.4. Role-based Access Control (RBAC)
49.1.5. Multi-Level Security (MLS)
49.1.6. Multi-Category Security (MCS)
49.2. Introduction to SELinux
49.2.1. SELinux Overview
49.2.2. Files Related to SELinux
49.2.3. Additional Resources
49.3. Brief Background and History of SELinux
49.4. Multi-Category Security (MCS)
49.4.1. Introduction
49.4.2. Applications for Multi-Category Security
49.4.3. SELinux Security Contexts
49.5. Getting Started with Multi-Category Security (MCS)
49.5.1. Introduction
49.5.2. Comparing SELinux and Standard Linux User Identities
49.5.3. Configuring Categories
49.5.4. Assigning Categories to Users
49.5.5. Assigning Categories to Files
49.6. Multi-Level Security (MLS)
49.6.1. Why Multi-Level?
49.6.2. Security Levels, Objects and Subjects
49.6.3. MLS Policy
49.6.4. Enabling MLS in SELinux
49.6.5. LSPP Certification
49.7. SELinux Policy Overview
49.7.1. What is the SELinux Policy?
49.7.2. Where is the Policy?
49.7.3. The Role of Policy in the Boot Process
49.7.4. Object Classes and Permissions
49.8. Targeted Policy Overview
49.8.1. What is the Targeted Policy?
49.8.2. Files and Directories of the Targeted Policy
49.8.3. Understanding the Users and Roles in the Targeted Policy
50. Working With SELinux
50.1. End User Control of SELinux
50.1.1. Moving and Copying Files
50.1.2. Checking the Security Context of a Process, User, or File Object
50.1.3. Relabeling a File or Directory
50.1.4. Creating Archives That Retain Security Contexts
50.2. Administrator Control of SELinux
50.2.1. Viewing the Status of SELinux
50.2.2. Relabeling a File System
50.2.3. Managing NFS Home Directories
50.2.4. Granting Access to a Directory or a Tree
50.2.5. Backing Up and Restoring the System
50.2.6. Enabling or Disabling Enforcement
50.2.7. Enable or Disable SELinux
50.2.8. Changing the Policy
50.2.9. Specifying the Security Context of Entire File Systems
50.2.10. Changing the Security Category of a File or User
50.2.11. Running a Command in a Specific Security Context
50.2.12. Useful Commands for Scripts
50.2.13. Changing to a Different Role
50.2.14. When to Reboot
50.3. Analyst Control of SELinux
50.3.1. Enabling Kernel Auditing
50.3.2. Dumping and Viewing Logs
51. Customizing SELinux Policy
51.1. Introduction
51.1.1. Modular Policy
51.2. Building a Local Policy Module
51.2.1. Using audit2allow to Build a Local Policy Module
51.2.2. Analyzing the Type Enforcement (TE) File
51.2.3. Loading the Policy Package
52. References
VIII. Red Hat Training And Certification
53. Red Hat Training and Certification
53.1. Three Ways to Train
53.2. Microsoft Certified Professional Resource Center
54. Certification Tracks
54.1. Free Pre-assessment tests
55. RH033: Red Hat Linux Essentials
55.1. Course Description
55.1.1. Prerequisites
55.1.2. Goal
55.1.3. Audience
55.1.4. Course Objectives
55.1.5. Follow-on Courses
56. RH035: Red Hat Linux Essentials for Windows Professionals
56.1. Course Description
56.1.1. Prerequisites
56.1.2. Goal
56.1.3. Audience
56.1.4. Course Objectives
56.1.5. Follow-on Courses
57. RH133: Red Hat Linux System Administration and Red Hat Certified Technician (RHCT) Certification
57.1. Course Description
57.1.1. Prerequisites
57.1.2. Goal
57.1.3. Audience
57.1.4. Course Objectives
57.1.5. Follow-on Courses
58. RH202 RHCT EXAM - The fastest growing credential in all of Linux.
58.1. Course Description
58.1.1. Prerequisites
59. RH253 Red Hat Linux Networking and Security Administration
59.1. Course Description
59.1.1. Prerequisites
59.1.2. Goal
59.1.3. Audience
59.1.4. Course Objectives
59.1.5. Follow-on Courses
60. RH300: RHCE Rapid track course (and RHCE exam)
60.1. Course Description
60.1.1. Prerequisites
60.1.2. Goal
60.1.3. Audience
60.1.4. Course Objectives
60.1.5. Follow-on Courses
61. RH302 RHCE EXAM
61.1. Course Description
61.1.1. Prerequisites
61.1.2. Content
62. RHS333: RED HAT enterprise security: network services
62.1. Course Description
62.1.1. Prerequisites
62.1.2. Goal
62.1.3. Audience
62.1.4. Course Objectives
62.1.5. Follow-on Courses
63. RH401: Red Hat Enterprise Deployment and systems management
63.1. Course Description
63.1.1. Prerequisites
63.1.2. Goal
63.1.3. Audience
63.1.4. Course Objectives
63.1.5. Follow-on Courses
64. RH423: Red Hat Enterprise Directory services and authentication
64.1. Course Description
64.1.1. Prerequisites
64.1.2. Goal
64.1.3. Audience
64.1.4. Course Objectives
64.1.5. Follow-on Courses
65. SELinux Courses
65.1. RHS427: Introduction to SELinux and Red Hat Targeted Policy
65.1.1. Audience
65.1.2. Course Summary
65.2. RHS429: Red Hat Enterprise SELinux Policy Administration
66. RH436: Red Hat Enterprise storage management
66.1. Course Description
66.1.1. Prerequisites
66.1.2. Goal
66.1.3. Audience
66.1.4. Course Objectives
66.1.5. Follow-on Courses
67. RH442: Red Hat Enterprise system monitoring and performance tuning
67.1. Course Description
67.1.1. Prerequisites
67.1.2. Goal
67.1.3. Audience
67.1.4. Course Objectives
67.1.5. Follow-on Courses
68. Red Hat Enterprise Linux Developer Courses
68.1. RHD143: Red Hat Linux Programming Essentials
68.2. RHD221 Red Hat Linux Device Drivers
68.3. RHD236 Red Hat Linux Kernel Internals
68.4. RHD256 Red Hat Linux Application Development and Porting
69. JBoss Courses
69.1. RHD161 JBoss and EJB3 for Java
69.1.1. Prerequisites
69.2. RHD163 JBoss for Web Developers
69.2.1. Prerequisites
69.3. RHD167: JBOSS - HIBERNATE ESSENTIALS
69.3.1. Prerequisites
69.3.2. Course Summary
69.4. RHD267: JBOSS - ADVANCED HIBERNATE
69.4.1. Prerequisites
69.5. RHD261:JBOSS for advanced J2EE developers
69.5.1. Prerequisites
69.6. RH336: JBOSS for Administrators
69.6.1. Prerequisites
69.6.2. Course Summary
69.7. RHD439: JBoss Clustering
69.7.1. Prerequisites
69.8. RHD449: JBoss jBPM
69.8.1. Description
69.8.2. Prerequisites
69.9. RHD451 JBoss Rules
69.9.1. Prerequisites
A. Revision History
B. Colophon