Deployment guide

Red Hat Enterprise Linux 5.0.0
Red Hat Enterprise Linux Deployment
Guide

Red Hat Enterprise Linux 5.0.0: Red Hat Enterprise Linux De-
ployment Guide
Copyright © 2007 Red Hat, Inc.

This Deployment Guide documents relevant information regarding the deployment, configura-
tion and administration of Red Hat Enterprise Linux 5.0.0.

1801 Varsity Drive
Raleigh, NC 27606-2072
USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588
Research Triangle Park, NC 27709
USA

Documentation-Deployment

Copyright © 2007 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in
the Open Publication License, V1.0 or later (the latest version is presently available at ht-
tp://www.opencontent.org/openpub/).

Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copy-
right holder.

Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohib-
ited unless prior permission is obtained from the copyright holder.

Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other
countries.

All other trademarks referenced herein are the property of their respective owners.

The GPG fingerprint of the security@redhat.com key is:

CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E

Table of Contents
Introduction ............................................................................................................ xxii
1. Document Conventions ............................................................................... xxii
2. Send in Your Feedback ............................................................................... xxv
I. File Systems ........................................................................................................... 1
1. File System Structure ..................................................................................... 2
1. Why Share a Common Structure? ........................................................... 2
2. Overview of File System Hierarchy Standard (FHS) ................................. 2
2.1. FHS Organization ........................................................................ 2
3. Special File Locations Under Red Hat Enterprise Linux ............................ 6
2. The ext3 File System ...................................................................................... 7
1. Features of ext3 ..................................................................................... 7
2. Creating an ext3 File System .................................................................. 7
3. Converting to an ext3 File System ........................................................... 8
4. Reverting to an ext2 File System ............................................................. 9
3. The proc File System ....................................................................................10
1. A Virtual File System .............................................................................10
1.1. Viewing Virtual Files ...................................................................10
1.2. Changing Virtual Files ................................................................11
2. Top-level Files within the proc File System .............................................11
2.1. /proc/apm ..................................................................................11
2.2. /proc/buddyinfo ..........................................................................12
2.3. /proc/cmdline .............................................................................12
2.4. /proc/cpuinfo ..............................................................................13
2.5. /proc/crypto ................................................................................14
2.6. /proc/devices .............................................................................14
2.7. /proc/dma ..................................................................................15
2.8. /proc/execdomains .....................................................................15
2.9. /proc/fb ......................................................................................15
2.10. /proc/filesystems ......................................................................15
2.11. /proc/interrupts .........................................................................16
2.12. /proc/iomem .............................................................................17
2.13. /proc/ioports .............................................................................17
2.14. /proc/kcore ...............................................................................18
2.15. /proc/kmsg ...............................................................................18
2.16. /proc/loadavg ...........................................................................18
2.17. /proc/locks ...............................................................................18
2.18. /proc/mdstat .............................................................................19
2.19. /proc/meminfo ..........................................................................19
2.20. /proc/misc ................................................................................21
2.21. /proc/modules ..........................................................................21
2.22. /proc/mounts ............................................................................22
2.23. /proc/mtrr .................................................................................23
2.24. /proc/partitions .........................................................................23
2.25. /proc/pci ...................................................................................23
2.26. /proc/slabinfo ...........................................................................24

iv


2.27. /proc/stat ..................................................................................25
2.28. /proc/swaps .............................................................................26
2.29. /proc/sysrq-trigger ....................................................................26
2.30. /proc/uptime .............................................................................26
2.31. /proc/version ............................................................................27
3. Directories within /proc/ .........................................................................27
3.1. Process Directories ....................................................................27
3.2. /proc/bus/ ..................................................................................29
3.3. /proc/driver/ ...............................................................................30
3.4. /proc/fs ......................................................................................30
3.5. /proc/ide/ ...................................................................................30
3.6. /proc/irq/ ....................................................................................32
3.7. /proc/net/ ...................................................................................32
3.8. /proc/scsi/ ..................................................................................33
3.9. /proc/sys/ ...................................................................................35
3.10. /proc/sysvipc/ ...........................................................................46
3.11. /proc/tty/ ..................................................................................47
4. Using the sysctl Command ....................................................................47
5. Additional Resources ............................................................................48
5.1. Installed Documentation .............................................................48
5.2. Useful Websites .........................................................................48
4. Redundant Array of Independent Disks (RAID) ...............................................49
1. What is RAID? ......................................................................................49
2. Who Should Use RAID? ........................................................................49
3. Hardware RAID versus Software RAID ...................................................49
3.1. Hardware RAID ..........................................................................49
3.2. Software RAID ...........................................................................50
4. RAID Levels and Linear Support ............................................................50
5. Configuring Software RAID ....................................................................51
5.1. Creating the RAID Partitions .......................................................52
5.2. Creating the RAID Devices and Mount Points ..............................55
5. Swap Space .................................................................................................61
1. What is Swap Space? ...........................................................................61
2. Adding Swap Space ..............................................................................61
2.1. Extending Swap on an LVM2 Logical Volume ..............................62
2.2. Creating an LVM2 Logical Volume for Swap ................................62
2.3. Creating a Swap File ..................................................................63
3. Removing Swap Space .........................................................................63
3.1. Reducing Swap on an LVM2 Logical Volume ...............................63
3.2. Removing an LVM2 Logical Volume for Swap ..............................64
3.3. Removing a Swap File ................................................................64
4. Moving Swap Space .............................................................................65
6. Managing Disk Storage .................................................................................66
1. Standard Partitions using parted ............................................................66
1.1. Viewing the Partition Table .........................................................67
1.2. Creating a Partition .....................................................................68
1.3. Removing a Partition ..................................................................70
1.4. Resizing a Partition ....................................................................71
2. LVM Partition Management ...................................................................72
7. Implementing Disk Quotas .............................................................................75

v


1. Configuring Disk Quotas ........................................................................75
1.1. Enabling Quotas ........................................................................75
1.2. Remounting the File Systems ......................................................76
1.3. Creating the Quota Database Files ..............................................76
1.4. Assigning Quotas per User .........................................................77
1.5. Assigning Quotas per Group .......................................................78
1.6. Setting the Grace Period for Soft Limits .......................................78
2. Managing Disk Quotas ..........................................................................78
2.1. Enabling and Disabling ...............................................................78
2.2. Reporting on Disk Quotas ...........................................................79
2.3. Keeping Quotas Accurate ...........................................................79
3.2. Related Books ...........................................................................80
8. Access Control Lists ......................................................................................81
1. Mounting File Systems ..........................................................................81
1.1. NFS ..........................................................................................81
2. Setting Access ACLs .............................................................................81
3. Setting Default ACLs .............................................................................83
4. Retrieving ACLs ....................................................................................83
5. Archiving File Systems With ACLs .........................................................83
6. Compatibility with Older Systems ...........................................................84
7.2. Useful Websites .........................................................................85
9. LVM (Logical Volume Manager) .....................................................................86
1. What is LVM? .......................................................................................86
1.1. What is LVM2? ..........................................................................87
2. LVM Configuration ................................................................................87
3. Automatic Partitioning ...........................................................................88
4. Manual LVM Partitioning ........................................................................89
4.1. Creating the /boot/ Partition .........................................................89
4.2. Creating the LVM Physical Volumes ............................................92
4.3. Creating the LVM Volume Groups ...............................................94
4.4. Creating the LVM Logical Volumes ..............................................95
5. Using the LVM utility system-config-lvm ..................................................98
5.1. Utilizing uninitialized entities ......................................................101
5.2. Adding Unallocated Volumes to a volume group .........................102
5.3. Migrating extents ......................................................................104
5.4. Adding a new hard disk using LVM ............................................106
5.5. Adding a new volume group ......................................................107
5.6. Extending a volume group ........................................................109
5.7. Editing a Logical Volume ..........................................................110
6. Additional Resources ..........................................................................113
6.1. Installed Documentation ...........................................................113
6.2. Useful Websites .......................................................................113
II. Package Management .........................................................................................114
10. Package Management with RPM ...............................................................115
1. RPM Design Goals ..............................................................................115
2. Using RPM .........................................................................................116

vi


2.1. Finding RPM Packages ............................................................116
2.2. Installing ..................................................................................117
2.3. Uninstalling ..............................................................................118
2.4. Upgrading ................................................................................119
2.5. Freshening ..............................................................................120
2.6. Querying ..................................................................................120
2.7. Verifying ..................................................................................121
3. Checking a Package's Signature ..........................................................122
3.1. Importing Keys .........................................................................122
3.2. Verifying Signature of Packages ................................................123
4. Practical and Common Examples of RPM Usage ..................................123
5.2. Useful Websites .......................................................................124
5.3. Related Books .........................................................................125
11. Package Management Tool .......................................................................126
1. Listing and Analyzing Packages ...........................................................127
2. Installing and Removing Packages .......................................................128
12. Red Hat Network .......................................................................................133
III. Network-Related Configuration ...........................................................................137
13. Network Interfaces ....................................................................................138
1. Network Configuration Files .................................................................138
2. Interface Configuration Files ................................................................139
2.1. Ethernet Interfaces ...................................................................139
2.2. IPsec Interfaces .......................................................................142
2.3. Channel Bonding Interfaces ......................................................143
2.4. Alias and Clone Files ................................................................144
2.5. Dialup Interfaces ......................................................................145
2.6. Other Interfaces .......................................................................146
3. Interface Control Scripts ......................................................................147
4. Network Function Files ........................................................................149
14. Network Configuration ...............................................................................150
1. Overview ............................................................................................151
2. Establishing an Ethernet Connection ....................................................152
3. Establishing an ISDN Connection .........................................................155
4. Establishing a Modem Connection .......................................................156
5. Establishing an xDSL Connection ........................................................158
6. Establishing a Token Ring Connection .................................................161
7. Establishing a Wireless Connection ......................................................164
8. Managing DNS Settings ......................................................................166
9. Managing Hosts ..................................................................................168
10. Working with Profiles .........................................................................169
11. Device Aliases ..................................................................................173
12. Saving and Restoring the Network Configuration .................................174
15. Controlling Access to Services ...................................................................176
1. Runlevels ...........................................................................................177
2. TCP Wrappers ....................................................................................177
2.1. xinetd ......................................................................................178

vii


3. Services Configuration Tool .................................................................178
4. ntsysv ................................................................................................180
5. chkconfig ............................................................................................182
6.2. Useful Websites .......................................................................183
16. Berkeley Internet Name Domain (BIND) .....................................................184
1. Introduction to DNS .............................................................................184
1.1. Nameserver Zones ...................................................................184
1.2. Nameserver Types ...................................................................185
1.3. BIND as a Nameserver .............................................................185
2. /etc/named.conf ..................................................................................186
2.1. Common Statement Types .......................................................186
2.2. Other Statement Types .............................................................191
2.3. Comment Tags ........................................................................193
3. Zone Files ..........................................................................................193
3.1. Zone File Directives ..................................................................193
3.2. Zone File Resource Records .....................................................194
3.3. Example Zone File ...................................................................197
3.4. Reverse Name Resolution Zone Files ........................................197
4. Using rndc ..........................................................................................198
4.1. Configuring /etc/named.conf .....................................................198
4.2. Configuring /etc/rndc.conf .........................................................199
4.3. Command Line Options ............................................................199
5. Advanced Features of BIND ................................................................200
5.1. DNS Protocol Enhancements ....................................................201
5.2. Multiple Views ..........................................................................201
5.3. Security ...................................................................................201
5.4. IP version 6 .............................................................................202
6. Common Mistakes to Avoid .................................................................202
7.2. Useful Websites .......................................................................203
7.3. Related Books .........................................................................204
17. OpenSSH .................................................................................................205
1. Features of SSH .................................................................................205
1.1. Why Use SSH? ........................................................................205
2. SSH Protocol Versions ........................................................................206
3. Event Sequence of an SSH Connection ................................................206
3.1. Transport Layer ........................................................................207
3.2. Authentication ..........................................................................208
3.3. Channels .................................................................................208
4. Configuring an OpenSSH Server ..........................................................208
4.1. Requiring SSH for Remote Connections ....................................209
5. OpenSSH Configuration Files ..............................................................209
6. Configuring an OpenSSH Client ...........................................................211
6.1. Using the ssh Command ...........................................................211
6.2. Using the scp Command ...........................................................212
6.3. Using the sftp Command ..........................................................212
7. More Than a Secure Shell ...................................................................213

viii


7.1. X11 Forwarding ........................................................................213
7.2. Port Forwarding .......................................................................213
7.3. Generating Key Pairs ...............................................................214
8.2. Useful Websites .......................................................................218
18. Network File System (NFS) ........................................................................219
1. How It Works ......................................................................................219
1.1. Required Services ....................................................................220
2. NFS Client Configuration .....................................................................221
2.1. Mounting NFS File Systems using /etc/fstab ..............................221
3. autofs .................................................................................................222
3.1. What's new in autofs version 5? ................................................222
3.2. autofs Configuration .................................................................223
3.3. autofs Common Tasks ..............................................................225
4. Common NFS Mount Options ..............................................................228
5. Starting and Stopping NFS ..................................................................230
6. NFS Server Configuration ....................................................................231
6.1. Exporting or Sharing NFS File Systems .....................................232
6.2. Command Line Configuration ....................................................235
6.3. Hostname Formats ...................................................................236
7. The /etc/exports Configuration File .......................................................236
7.1. The exportfs Command ............................................................238
8. Securing NFS .....................................................................................240
8.1. Host Access .............................................................................240
8.2. File Permissions .......................................................................242
9. NFS and portmap ................................................................................242
9.1. Troubleshooting NFS and portmap ............................................242
10. Using NFS over TCP .........................................................................243
11. Additional Resources .........................................................................244
11.1. Installed Documentation .........................................................244
11.2. Useful Websites .....................................................................244
11.3. Related Books ........................................................................245
19. Samba .....................................................................................................246
1. Introduction to Samba .........................................................................246
1.1. Samba Features ......................................................................246
2. Samba Daemons and Related Services ................................................247
2.1. Samba Daemons .....................................................................247
3. Connecting to a Samba Share .............................................................247
3.1. Command Line ........................................................................249
3.2. Mounting the Share ..................................................................250
4. Configuring a Samba Server ................................................................250
4.1. Graphical Configuration ............................................................250
4.3. Encrypted Passwords ...............................................................256
5. Starting and Stopping Samba ..............................................................256
6. Samba Server Types and the smb.conf File ..........................................257
6.1. Stand-alone Server ..................................................................257
6.2. Domain Member Server ............................................................259
6.3. Domain Controller ....................................................................261

ix


7. Samba Security Modes .......................................................................263
7.1. User-Level Security ..................................................................263
7.2. Share-Level Security ................................................................264
8. Samba Account Information Databases ................................................265
9. Samba Network Browsing ....................................................................266
9.1. Domain Browsing .....................................................................266
9.2. WINS (Windows Internetworking Name Server) .........................266
10. Samba with CUPS Printing Support ....................................................267
10.1. Simple smb.conf Settings ........................................................267
11. Samba Distribution Programs ............................................................268
12. Additional Resources .........................................................................271
12.1. Installed Documentation .........................................................271
12.2. Related Books ........................................................................272
12.3. Useful Websites .....................................................................272
20. Dynamic Host Configuration Protocol (DHCP) .............................................273
1. Why Use DHCP? ................................................................................273
2. Configuring a DHCP Server .................................................................273
2.1. Configuration File .....................................................................273
2.2. Lease Database .......................................................................277
2.3. Starting and Stopping the Server ...............................................277
2.4. DHCP Relay Agent ...................................................................278
3. Configuring a DHCP Client ..................................................................279
21. Apache HTTP Server ................................................................................281
1. Apache HTTP Server 2.2 .....................................................................281
1.1. Features of Apache HTTP Server 2.2 ........................................281
2. Migrating Apache HTTP Server Configuration Files ...............................282
2.1. Migrating Apache HTTP Server 2.0 Configuration Files ...............282
2.2. Migrating Apache HTTP Server 1.3 Configuration Files to 2.0 .....282
3. Starting and Stopping httpd .................................................................293
4. Apache HTTP Server Configuration .....................................................294
4.1. Basic Settings ..........................................................................295
4.2. Default Settings ........................................................................296
5. Configuration Directives in httpd.conf ...................................................308
5.1. General Configuration Tips .......................................................308
5.2. Configuration Directives for SSL ................................................319
5.3. MPM Specific Server-Pool Directives .........................................320
6. Adding Modules ..................................................................................321
7. Virtual Hosts .......................................................................................322
7.1. Setting Up Virtual Hosts ............................................................322
8. Apache HTTP Secure Server Configuration ..........................................323
8.1. An Overview of Security-Related Packages ...............................323
8.2. An Overview of Certificates and Security ...................................324
8.3. Using Pre-Existing Keys and Certificates ...................................324
8.4. Types of Certificates .................................................................325
8.5. Generating a Key .....................................................................326
8.6. How to configure the server to use the new key ..........................334
9.1. Useful Websites .......................................................................334

x


22. FTP ..........................................................................................................336
1. The File Transport Protocol .................................................................336
1.1. Multiple Ports, Multiple Modes ...................................................336
2. FTP Servers .......................................................................................337
2.1. vsftpd ......................................................................................337
3. Files Installed with vsftpd .....................................................................338
4. Starting and Stopping vsftpd ................................................................338
4.1. Starting Multiple Copies of vsftpd ..............................................339
5. vsftpd Configuration Options ................................................................340
5.1. Daemon Options ......................................................................341
5.2. Log In Options and Access Controls ..........................................341
5.3. Anonymous User Options .........................................................342
5.4. Local User Options ...................................................................343
5.5. Directory Options .....................................................................344
5.6. File Transfer Options ................................................................345
5.7. Logging Options .......................................................................346
5.8. Network Options ......................................................................347
6.2. Useful Websites .......................................................................350
23. Email ........................................................................................................351
1. Email Protocols ...................................................................................351
1.1. Mail Transport Protocols ...........................................................351
1.2. Mail Access Protocols ..............................................................352
2. Email Program Classifications ..............................................................354
2.1. Mail Transport Agent ................................................................354
2.2. Mail Delivery Agent ..................................................................354
2.3. Mail User Agent .......................................................................355
3. Mail Transport Agents .........................................................................355
3.1. Sendmail .................................................................................355
3.2. Postfix .....................................................................................359
3.3. Fetchmail .................................................................................361
4. Mail Transport Agent (MTA) Configuration ............................................365
5. Mail Delivery Agents ...........................................................................366
5.1. Procmail Configuration .............................................................367
5.2. Procmail Recipes .....................................................................368
6. Mail User Agents ................................................................................373
6.1. Securing Communication ..........................................................373
7.2. Useful Websites .......................................................................376
7.3. Related Books .........................................................................376
24. Lightweight Directory Access Protocol (LDAP) ............................................377
1. Why Use LDAP? .................................................................................377
1.1. OpenLDAP Features ................................................................377
2. LDAP Terminology ..............................................................................378
3. OpenLDAP Daemons and Utilities ........................................................379
3.1. NSS, PAM, and LDAP ..............................................................381
3.2. PHP4, LDAP, and the Apache HTTP Server ..............................381
3.3. LDAP Client Applications ..........................................................382

xi


4. OpenLDAP Configuration Files ............................................................382
5. The /etc/openldap/schema/ Directory ...................................................382
6. OpenLDAP Setup Overview .................................................................383
6.1. Editing /etc/openldap/slapd.conf ................................................384
7. Configuring a System to Authenticate Using OpenLDAP ........................385
7.1. PAM and LDAP ........................................................................386
7.2. Migrating Old Authentication Information to LDAP Format ...........386
8. Migrating Directories from Earlier Releases ..........................................387
9.2. Useful Websites .......................................................................389
9.3. Related Books .........................................................................389
25. Authentication Configuration ......................................................................390
1. User Information .................................................................................390
2. Authentication .....................................................................................393
3. Options ..............................................................................................395
4. Command Line Version .......................................................................397
IV. System Configuration .........................................................................................400
26. Console Access ........................................................................................401
1. Disabling Shutdown Via CtrlAltDel ........................................................401
2. Disabling Console Program Access ......................................................402
3. Defining the Console ...........................................................................402
4. Making Files Accessible From the Console ...........................................402
5. Enabling Console Access for Other Applications ...................................403
6. The floppy Group ................................................................................404
27. The sysconfig Directory .............................................................................405
1. Files in the /etc/sysconfig/ Directory .....................................................405
1.1. /etc/sysconfig/amd ...................................................................405
1.2. /etc/sysconfig/apmd ..................................................................405
1.3. /etc/sysconfig/arpwatch ............................................................405
1.4. /etc/sysconfig/authconfig ...........................................................405
1.5. /etc/sysconfig/autofs .................................................................406
1.6. /etc/sysconfig/clock ..................................................................406
1.7. /etc/sysconfig/desktop ..............................................................407
1.8. /etc/sysconfig/dhcpd .................................................................408
1.9. /etc/sysconfig/exim ...................................................................408
1.10. /etc/sysconfig/firstboot ............................................................408
1.11. /etc/sysconfig/gpm ..................................................................408
1.12. /etc/sysconfig/hwconf ..............................................................409
1.13. /etc/sysconfig/i18n ..................................................................409
1.14. /etc/sysconfig/init ....................................................................409
1.15. /etc/sysconfig/ip6tables-config .................................................410
1.16. /etc/sysconfig/iptables-config ...................................................410
1.17. /etc/sysconfig/irda ...................................................................410
1.18. /etc/sysconfig/keyboard ..........................................................411
1.19. /etc/sysconfig/kudzu ...............................................................411
1.20. /etc/sysconfig/named ..............................................................412
1.21. /etc/sysconfig/netdump ...........................................................412
1.22. /etc/sysconfig/network ............................................................412
1.23. /etc/sysconfig/ntpd ..................................................................412

xii


1.24. /etc/sysconfig/radvd ................................................................413
1.25. /etc/sysconfig/samba ..............................................................413
1.26. /etc/sysconfig/selinux ..............................................................413
1.27. /etc/sysconfig/sendmail ...........................................................413
1.28. /etc/sysconfig/spamassassin ...................................................414
1.29. /etc/sysconfig/squid ................................................................414
1.30. /etc/sysconfig/system-config-selinux ........................................414
1.31. /etc/sysconfig/system-config-users ..........................................414
1.32. /etc/sysconfig/system-logviewer ..............................................414
1.33. /etc/sysconfig/tux ....................................................................414
1.34. /etc/sysconfig/vncservers ........................................................415
1.35. /etc/sysconfig/xinetd ...............................................................415
2. Directories in the /etc/sysconfig/ Directory .............................................415
28. Date and Time Configuration .....................................................................417
1. Time and Date Properties ....................................................................417
2. Network Time Protocol (NTP) Properties ..............................................418
3. Time Zone Configuration .....................................................................420
29. Keyboard Configuration .............................................................................422
30. The X Window System ..............................................................................423
1. The X11R7.1 Release .........................................................................423
2. Desktop Environments and Window Managers .....................................424
2.1. Desktop Environments ..............................................................424
2.2. Window Managers ...................................................................425
3. X Server Configuration Files ................................................................426
3.1. xorg.conf .................................................................................426
4. Fonts ..................................................................................................432
4.1. Fontconfig ................................................................................433
4.2. Core X Font System .................................................................434
5. Runlevels and X ..................................................................................436
5.1. Runlevel 3 ...............................................................................436
5.2. Runlevel 5 ...............................................................................437
6.2. Useful Websites .......................................................................438
31. X Window System Configuration ................................................................439
1. Display Settings ..................................................................................439
2. Display Hardware Settings ...................................................................440
3. Dual Head Display Settings .................................................................441
32. Users and Groups .....................................................................................443
1. User and Group Configuration .............................................................443
1.1. Adding a New User ..................................................................444
1.2. Modifying User Properties .........................................................446
1.3. Adding a New Group ................................................................447
1.4. Modifying Group Properties .......................................................448
2. User and Group Management Tools .....................................................449
2.2. Adding a User ..........................................................................449
2.3. Adding a Group ........................................................................450

xiii


2.4. Password Aging .......................................................................451
2.5. Explaining the Process .............................................................453
3. Standard Users ...................................................................................455
4. Standard Groups ................................................................................456
5. User Private Groups ............................................................................459
5.1. Group Directories .....................................................................459
6. Shadow Passwords .............................................................................460
33. Printer Configuration .................................................................................462
1. Adding a Local Printer .........................................................................463
2. Adding an IPP Printer ..........................................................................464
3. Adding a Samba (SMB) Printer ............................................................465
4. Adding a JetDirect Printer ....................................................................467
5. Selecting the Printer Model and Finishing .............................................468
5.1. Confirming Printer Configuration ...............................................469
6. Printing a Test Page ............................................................................469
7. Modifying Existing Printers ...................................................................469
7.1. The Settings Tab ......................................................................469
7.2. The Policies Tab ......................................................................470
7.3. The Access Control Tab ...........................................................471
7.4. The Printer and Job OptionsTab ................................................472
8. Managing Print Jobs ...........................................................................473
9.2. Useful Websites .......................................................................475
34. Automated Tasks ......................................................................................476
1. Cron ...................................................................................................476
1.1. Configuring Cron Tasks ............................................................476
1.2. Controlling Access to Cron ........................................................478
1.3. Starting and Stopping the Service .............................................478
2. At and Batch .......................................................................................478
2.1. Configuring At Jobs ..................................................................478
2.2. Configuring Batch Jobs .............................................................479
2.3. Viewing Pending Jobs ..............................................................480
2.4. Additional Command Line Options .............................................480
2.5. Controlling Access to At and Batch ............................................480
2.6. Starting and Stopping the Service .............................................480
35. Log Files ..................................................................................................482
1. Locating Log Files ...............................................................................482
2. Viewing Log Files ................................................................................482
3. Adding a Log File ................................................................................484
4. Monitoring Log Files ............................................................................485
V. System Monitoring ..............................................................................................489
36. SystemTap ...............................................................................................490
1. Introduction ........................................................................................490
2. Implementation ...................................................................................490
3. Using SystemTap ................................................................................491

xiv


3.1. Tracing ....................................................................................491
37. Gathering System Information ....................................................................493
1. System Processes ..............................................................................493
2. Memory Usage ...................................................................................495
3. File Systems .......................................................................................496
4. Hardware ...........................................................................................497
38. OProfile ....................................................................................................501
1. Overview of Tools ...............................................................................501
2. Configuring OProfile ............................................................................502
2.1. Specifying the Kernel ................................................................502
2.2. Setting Events to Monitor ..........................................................503
2.3. Separating Kernel and User-space Profiles ................................505
3. Starting and Stopping OProfile .............................................................506
4. Saving Data ........................................................................................507
5. Analyzing the Data ..............................................................................507
5.1. Using opreport .........................................................................508
5.2. Using opreport on a Single Executable ......................................508
5.3. Getting more detailed output on the modules .............................509
5.4. Using opannotate .....................................................................510
6. Understanding /dev/oprofile/ ................................................................510
7. Example Usage ..................................................................................511
8. Graphical Interface ..............................................................................511
9.1. Installed Docs ..........................................................................513
9.2. Useful Websites .......................................................................514
VI. Kernel and Driver Configuration ..........................................................................515
39. Manually Upgrading the Kernel ..................................................................516
1. Overview of Kernel Packages ..............................................................516
2. Preparing to Upgrade ..........................................................................517
3. Downloading the Upgraded Kernel .......................................................518
4. Performing the Upgrade ......................................................................519
5. Verifying the Initial RAM Disk Image .....................................................519
6. Verifying the Boot Loader ....................................................................520
6.1. x86 Systems ............................................................................520
6.2. Itanium Systems ......................................................................520
6.3. IBM S/390 and IBM System z Systems ......................................521
6.4. IBM eServer iSeries Systems ....................................................521
6.5. IBM eServer pSeries Systems ...................................................522
40. General Parameters and Modules ..............................................................523
1. Kernel Module Utilities .........................................................................523
2. Persistent Module Loading ..................................................................525
3. Specifying Module Parameters ............................................................526
4. Storage parameters ............................................................................526
5. Ethernet Parameters ...........................................................................532
5.1. Using Multiple Ethernet Cards ...................................................539
5.2. The Channel Bonding Module ...................................................539

xv


6.2. Useful Websites .......................................................................542
VII. Security And Authentication ...............................................................................544
41. Security Overview .....................................................................................545
1. Introduction to Security ........................................................................545
1.1. What is Computer Security? ......................................................545
1.2. Security Controls ......................................................................547
1.3. Conclusion ...............................................................................548
2. Vulnerability Assessment .....................................................................548
2.1. Thinking Like the Enemy ...........................................................549
2.2. Defining Assessment and Testing .............................................549
2.3. Evaluating the Tools .................................................................551
3. Attackers and Vulnerabilities ................................................................553
3.1. A Quick History of Hackers .......................................................553
3.2. Threats to Network Security ......................................................554
3.3. Threats to Server Security ........................................................555
3.4. Threats to Workstation and Home PC Security ...........................557
4. Common Exploits and Attacks .............................................................558
5. Security Updates ................................................................................561
5.1. Updating Packages ..................................................................561
42. Securing Your Network ..............................................................................567
1. Workstation Security ...........................................................................567
1.1. Evaluating Workstation Security ................................................567
1.2. BIOS and Boot Loader Security .................................................567
1.3. Password Security ...................................................................569
1.4. Administrative Controls .............................................................575
1.5. Available Network Services .......................................................582
1.6. Personal Firewalls ....................................................................586
1.7. Security Enhanced Communication Tools ..................................586
2. Server Security ...................................................................................587
2.1. Securing Services With TCP Wrappers and xinetd .....................587
2.2. Securing Portmap ....................................................................591
2.3. Securing NIS ...........................................................................592
2.4. Securing NFS ..........................................................................594
2.5. Securing the Apache HTTP Server ............................................595
2.6. Securing FTP ...........................................................................596
2.7. Securing Sendmail ...................................................................599
2.8. Verifying Which Ports Are Listening ...........................................600
3. Single Sign-on (SSO) ..........................................................................601
3.1. Introduction ..............................................................................601
3.2. Getting Started with your new Smart Card .................................603
3.3. How Smart Card Enrollment Works ...........................................604
3.4. How Smart Card Login Works ...................................................605
3.5. Configuring Firefox to use Kerberos for SSO ..............................606
4. Pluggable Authentication Modules (PAM) .............................................609
4.1. Advantages of PAM ..................................................................609
4.2. PAM Configuration Files ...........................................................609
4.3. PAM Configuration File Format .................................................609
4.4. Sample PAM Configuration Files ...............................................612
4.5. Creating PAM Modules .............................................................614
4.6. PAM and Administrative Credential Caching ..............................614

xvi


4.7. PAM and Device Ownership .....................................................616
4.8. Additional Resources ................................................................617
5. TCP Wrappers and xinetd ....................................................................618
5.1. TCP Wrappers .........................................................................619
5.2. TCP Wrappers Configuration Files ............................................621
5.3. xinetd ......................................................................................628
5.4. xinetd Configuration Files .........................................................628
6. Kerberos ............................................................................................635
6.1. What is Kerberos? ....................................................................635
6.2. Kerberos Terminology ..............................................................637
6.3. How Kerberos Works ................................................................638
6.4. Kerberos and PAM ...................................................................640
6.5. Configuring a Kerberos 5 Server ...............................................640
6.6. Configuring a Kerberos 5 Client .................................................642
6.7. Domain-to-Realm Mapping .......................................................644
6.8. Setting Up Secondary KDCs .....................................................644
6.9. Setting Up Cross Realm Authentication .....................................645
6.10. Additional Resources ..............................................................649
7. Virtual Private Networks (VPNs) ...........................................................650
7.1. How Does a VPN Work? ...........................................................651
7.2. VPNs and Red Hat Enterprise Linux ..........................................651
7.3. IPsec .......................................................................................651
7.4. Creating an IPsec Connection ...................................................652
7.5. IPsec Installation ......................................................................652
7.6. IPsec Host-to-Host Configuration ..............................................653
7.7. IPsec Network-to-Network Configuration ....................................659
7.8. Starting and Stopping an IPsec Connection ...............................666
8. Firewalls .............................................................................................666
8.1. Netfilter and IPTables ...............................................................668
8.2. Basic Firewall Configuration ......................................................668
8.3. Using IPTables ........................................................................672
8.4. Common IPTables Filtering .......................................................674
8.5. FORWARD and NAT Rules ......................................................675
8.6. Malicious Software and Spoofed IP Addresses ...........................677
8.7. IPTables and Connection Tracking ............................................678
8.8. IPv6 ........................................................................................679
9. IPTables .............................................................................................680
9.1. Packet Filtering ........................................................................680
9.2. Differences Between IPTables and IPChains .............................682
9.3. Command Options for IPTables ................................................683
9.4. Saving IPTables Rules .............................................................692
9.5. IPTables Control Scripts ...........................................................693
9.6. IPTables and IPv6 ....................................................................695
43. Security and SELinux ................................................................................697
1. Access Control Mechanisms (ACMs) ....................................................697
1.1. Discretionary Access Control (DAC) ..........................................697
1.2. Access Control Lists (ACLs) ......................................................697

xvii


1.3. Mandatory Access Control (MAC) .............................................697
1.4. Role-based Access Control (RBAC) ..........................................697
1.5. Multi-Level Security (MLS) ........................................................698
1.6. Multi-Category Security (MCS) ..................................................698
2. Introduction to SELinux .......................................................................698
2.1. SELinux Overview ....................................................................698
2.2. Files Related to SELinux ...........................................................699
3. Brief Background and History of SELinux .............................................704
4. Multi-Category Security (MCS) .............................................................704
4.1. Introduction ..............................................................................704
4.2. Applications for Multi-Category Security .....................................705
4.3. SELinux Security Contexts ........................................................705
5. Getting Started with Multi-Category Security (MCS) ..............................706
5.1. Introduction ..............................................................................706
5.2. Comparing SELinux and Standard Linux User Identities .............706
5.3. Configuring Categories .............................................................707
5.4. Assigning Categories to Users ..................................................708
5.5. Assigning Categories to Files ....................................................709
6. Multi-Level Security (MLS) ...................................................................711
6.1. Why Multi-Level? ......................................................................711
6.2. Security Levels, Objects and Subjects .......................................713
6.3. MLS Policy ..............................................................................714
6.4. LSPP Certification ....................................................................715
7. SELinux Policy Overview .....................................................................715
7.1. What is the SELinux Policy? .....................................................715
7.2. Where is the Policy? .................................................................716
7.3. The Role of Policy in the Boot Process ......................................718
7.4. Object Classes and Permissions ...............................................719
8. Targeted Policy Overview ....................................................................720
8.1. What is the Targeted Policy? ....................................................720
8.2. Files and Directories of the Targeted Policy ...............................720
8.3. Understanding the Users and Roles in the Targeted Policy .........721
44. Working With SELinux ...............................................................................723
1. End User Control of SELinux ...............................................................723
1.1. Moving and Copying Files .........................................................723
1.2. Checking the Security Context of a Process, User, or File Object 724
1.3. Relabeling a File or Directory ....................................................725
1.4. Creating Archives That Retain Security Contexts ........................728
2. Administrator Control of SELinux ..........................................................729
2.1. Viewing the Status of SELinux ..................................................729
2.2. Relabeling a File System ..........................................................730
2.3. Managing NFS Home Directories ..............................................731
2.4. Granting Access to a Directory or a Tree ...................................732
2.5. Backing Up and Restoring the System .......................................732
2.6. Enabling or Disabling Enforcement ............................................732
2.7. Enable or Disable SELinux .......................................................735
2.8. Changing the Policy .................................................................736
2.9. Specifying the Security Context of Entire File Systems ...............738
2.10. Changing the Security Category of a File or User .....................739

xviii


2.11. Running a Command in a Specific Security Context .................739
2.12. Useful Commands for Scripts ..................................................739
2.13. Changing to a Different Role ...................................................740
2.14. When to Reboot .....................................................................740
3. Analyst Control of SELinux ..................................................................740
3.1. Enabling Kernel Auditing ...........................................................740
3.2. Dumping and Viewing Logs .......................................................741
45. Customizing SELinux Policy .......................................................................742
1. Introduction ........................................................................................742
1.1. Modular Policy .........................................................................742
2. Building a Local Policy Module .............................................................743
2.1. Using audit2allow to Build a Local Policy Module ........................743
2.2. Analyzing the Type Enforcement (TE) File .................................743
2.3. Loading the Policy Package ......................................................744
46. References ...............................................................................................745
VIII. Red Hat Training And Certification ....................................................................747
47. Red Hat Training and Certification ..............................................................748
1. Three Ways to Train ............................................................................748
2. Microsoft Certified Professional Resource Center ..................................748
48. Certification Tracks ...................................................................................749
1. Free Pre-assessment tests ..................................................................749
49. RH033: Red Hat Linux Essentials ...............................................................750
1. Course Description ..............................................................................750
1.1. Prerequisites ............................................................................750
1.2. Goal ........................................................................................750
1.3. Audience .................................................................................750
1.4. Course Objectives ....................................................................750
1.5. Follow-on Courses ...................................................................751
50. RH035: Red Hat Linux Essentials for Windows Professionals ......................752
1.1. Prerequisites ............................................................................752
1.2. Goal ........................................................................................752
1.3. Audience .................................................................................752
51. RH133: Red Hat Linux System Administration and Red Hat Certified Technician
(RHCT) Certification ........................................................................................754
1.1. Prerequisites ............................................................................754
1.2. Goal ........................................................................................754
1.3. Audience .................................................................................754
52. RH202 RHCT EXAM - The fastest growing credential in all of Linux. ............756
1.1. Prerequisites ............................................................................756
53. RH253 Red Hat Linux Networking and Security Administration .....................757
1.1. Prerequisites ............................................................................757
1.2. Goal ........................................................................................757

xix


1.3. Audience .................................................................................757
54. RH300: RHCE Rapid track course (and RHCE exam) .................................759
1.1. Prerequisites ............................................................................759
1.2. Goal ........................................................................................759
1.3. Audience .................................................................................759
55. RH302 RHCE EXAM .................................................................................761
1.1. Prerequisites ............................................................................761
1.2. Content ...................................................................................761
56. RHS333: RED HAT enterprise security: network services ............................762
1.1. Prerequisites ............................................................................762
1.2. Goal ........................................................................................762
1.3. Audience .................................................................................762
57. RH401: Red Hat Enterprise Deployment and systems management .............764
1.1. Prerequisites ............................................................................764
1.2. Goal ........................................................................................764
1.3. Audience .................................................................................764
58. RH423: Red Hat Enterprise Directory services and authentication ................766
1.1. Prerequisites ............................................................................766
1.2. Goal ........................................................................................766
1.3. Audience .................................................................................766
59. SE Linux Courses .....................................................................................768
1. RHS427: Introduction to SELinux and Red Hat Targeted Policy .............768
1.1. Audience .................................................................................768
1.2. Course Summary .....................................................................768
2. RHS429: Red Hat Enterprise SE Linux Policy Administration .................768
60. RH436: Red Hat Enterprise storage management .......................................769
1.1. Prerequisites ............................................................................769
1.2. Goal ........................................................................................769
1.3. Audience .................................................................................769
61. RH442: Red Hat Enterprise system monitoring and performance tuning .......771
1.1. Prerequisites ............................................................................771

xx


1.2. Goal ........................................................................................771
1.3. Audience .................................................................................771
62. Red Hat Enterprise Linux Developer Courses .............................................773
1. RHD143: Red Hat Linux Programming Essentials .................................773
2. RHD221 Red Hat Linux Device Drivers ................................................773
3. RHD236 Red Hat Linux Kernel Internals ...............................................773
4. RHD256 Red Hat Linux Application Development and Porting ...............773
63. JBoss Courses ..........................................................................................774
1. RHD161 JBoss and EJB3 for Java .......................................................774
1.1. Prerequisites ............................................................................774
2. RHD163 JBoss for Web Developers .....................................................774
2.1. Prerequisites ............................................................................774
3. RHD167: JBOSS - HIBERNATE ESSENTIALS .....................................775
3.1. Prerequisites ............................................................................775
3.2. Course Summary .....................................................................775
4. RHD267: JBOSS - ADVANCED HIBERNATE .......................................775
4.1. Prerequisites ............................................................................776
5. RHD261:JBOSS for advanced J2EE developers ...................................776
5.1. Prerequisites ............................................................................776
6. RH336: JBOSS for Administrators ........................................................777
6.1. Prerequisites ............................................................................777
6.2. Course Summary .....................................................................777
7. RHD439: JBoss Clustering ..................................................................778
7.1. Prerequisites ............................................................................778
8. RHD449: JBoss jBPM .........................................................................778
8.1. Description ..............................................................................779
8.2. Prerequisites ............................................................................779
9. RHD451 JBoss Rules ..........................................................................779
9.1. Prerequisites ............................................................................779

xxi

Introduction

Welcome to the Red Hat Enterprise Linux Deployment Guide.

The Red Hat Enterprise Linux Deployment Guide contains information on how to customize
your Red Hat Enterprise Linux system to fit your needs. If you are looking for a comprehensive,
task-oriented guide for configuring and customizing your system, this is the manual for you.

This manual discusses many intermediate topics such as the following:

• Setting up a network interface card (NIC)

• Configuring a Virtual Private Network (VPN)

• Configuring Samba shares

• Managing your software with RPM

• Determining information about your system

• Upgrading your kernel

This manual is divided into the following main categories:

• File systems

• Package management

• Network-related configuration

• System configuration

• System monitoring

• Kernel and Driver Configuration

• Security and Authentication

• Red Hat Training and Certification

This guide assumes you have a basic understanding of your Red Hat Enterprise Linux system.
If you need help installing Red Hat Enterprise Linux, refer to the Red Hat Enterprise Linux In-
stallation Guide.

1. Document Conventions
In this manual, certain words are represented in different fonts, typefaces, sizes, and weights.
This highlighting is systematic; different words are represented in the same style to indicate their
inclusion in a specific category. The types of words that are represented this way include the fol-
lowing:

command

xxii

Deployment guide

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (18)

En vedette

En vedette (6)

Similaire à Deployment guide

Similaire à Deployment guide (20)

Deployment guide