Product SiteDocumentation Site

Red Hat Enterprise Linux 5

Deployment Guide

Deployment, configuration and administration of Red Hat Enterprise Linux 5

Edition 8

Logo

Legal Notice

Copyright © 2007–2012 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
All other trademarks are the property of their respective owners.


1801 Varsity Drive
RaleighNC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701

Abstract
The Deployment Guide documents relevant information regarding the deployment, configuration, and administration of Red Hat Enterprise Linux 5.
Introduction
1. Document Conventions
2. Send in Your Feedback
I. File Systems
1. File System Structure
1.1. Why Share a Common Structure?
1.2. Overview of File System Hierarchy Standard (FHS)
1.2.1. FHS Organization
1.3. Special File Locations Under Red Hat Enterprise Linux
2. Using the mount Command
2.1. Listing Currently Mounted File Systems
2.2. Mounting a File System
2.2.1. Specifying the File System Type
2.2.2. Specifying the Mount Options
2.2.3. Sharing Mounts
2.2.4. Moving a Mount Point
2.3. Unmounting a File System
2.4. Additional Resources
2.4.1. Installed Documentation
2.4.2. Useful Websites
3. The ext3 File System
3.1. Features of ext3
3.2. Creating an ext3 File System
3.3. Converting to an ext3 File System
3.4. Reverting to an ext2 File System
4. The proc File System
4.1. A Virtual File System
4.1.1. Viewing Virtual Files
4.1.2. Changing Virtual Files
4.2. Top-level Files within the proc File System
4.2.1. /proc/apm
4.2.2. /proc/buddyinfo
4.2.3. /proc/cmdline
4.2.4. /proc/cpuinfo
4.2.5. /proc/crypto
4.2.6. /proc/devices
4.2.7. /proc/dma
4.2.8. /proc/execdomains
4.2.9. /proc/fb
4.2.10. /proc/filesystems
4.2.11. /proc/interrupts
4.2.12. /proc/iomem
4.2.13. /proc/ioports
4.2.14. /proc/kcore
4.2.15. /proc/kmsg
4.2.16. /proc/loadavg
4.2.17. /proc/locks
4.2.18. /proc/mdstat
4.2.19. /proc/meminfo
4.2.20. /proc/misc
4.2.21. /proc/modules
4.2.22. /proc/mounts
4.2.23. /proc/mtrr
4.2.24. /proc/partitions
4.2.25. /proc/pci
4.2.26. /proc/slabinfo
4.2.27. /proc/stat
4.2.28. /proc/swaps
4.2.29. /proc/sysrq-trigger
4.2.30. /proc/uptime
4.2.31. /proc/version
4.3. Directories within /proc/
4.3.1. Process Directories
4.3.2. /proc/bus/
4.3.3. /proc/driver/
4.3.4. /proc/fs
4.3.5. /proc/ide/
4.3.6. /proc/irq/
4.3.7. /proc/net/
4.3.8. /proc/scsi/
4.3.9. /proc/sys/
4.3.10. /proc/sysvipc/
4.3.11. /proc/tty/
4.3.12. /proc/<PID>/
4.4. Using the sysctl Command
4.5. Additional Resources
4.5.1. Installed Documentation
4.5.2. Useful Websites
5. Redundant Array of Independent Disks (RAID)
5.1. What is RAID?
5.1.1. Who Should Use RAID?
5.1.2. Hardware RAID versus Software RAID
5.1.3. RAID Levels and Linear Support
5.2. Configuring Software RAID
5.2.1. Creating the RAID Partitions
5.2.2. Creating the RAID Devices and Mount Points
5.3. Managing Software RAID
5.3.1. Reviewing RAID Configuration
5.3.2. Creating a New RAID Device
5.3.3. Replacing a Faulty Device
5.3.4. Extending a RAID Device
5.3.5. Removing a RAID Device
5.3.6. Preserving the Configuration
5.4. Additional Resources
5.4.1. Installed Documentation
6. Swap Space
6.1. What is Swap Space?
6.2. Adding Swap Space
6.2.1. Extending Swap on an LVM2 Logical Volume
6.2.2. Creating an LVM2 Logical Volume for Swap
6.2.3. Creating a Swap File
6.3. Removing Swap Space
6.3.1. Reducing Swap on an LVM2 Logical Volume
6.3.2. Removing an LVM2 Logical Volume for Swap
6.3.3. Removing a Swap File
6.4. Moving Swap Space
7. Managing Disk Storage
7.1. Standard Partitions using parted
7.1.1. Viewing the Partition Table
7.1.2. Creating a Partition
7.1.3. Removing a Partition
7.1.4. Resizing a Partition
7.2. LVM Partition Management
8. Implementing Disk Quotas
8.1. Configuring Disk Quotas
8.1.1. Enabling Quotas
8.1.2. Remounting the File Systems
8.1.3. Creating the Quota Database Files
8.1.4. Assigning Quotas per User
8.1.5. Assigning Quotas per Group
8.1.6. Setting the Grace Period for Soft Limits
8.2. Managing Disk Quotas
8.2.1. Enabling and Disabling
8.2.2. Reporting on Disk Quotas
8.2.3. Keeping Quotas Accurate
8.3. Additional Resources
8.3.1. Installed Documentation
8.3.2. Related Books
9. Access Control Lists
9.1. Mounting File Systems
9.1.1. NFS
9.2. Setting Access ACLs
9.3. Setting Default ACLs
9.4. Retrieving ACLs
9.5. Archiving File Systems With ACLs
9.6. Compatibility with Older Systems
9.7. Additional Resources
9.7.1. Installed Documentation
9.7.2. Useful Websites
10. LVM (Logical Volume Manager)
10.1. What is LVM?
10.1.1. What is LVM2?
10.2. LVM Configuration
10.3. Automatic Partitioning
10.4. Manual LVM Partitioning
10.4.1. Creating the /boot Partition
10.4.2. Creating the LVM Physical Volumes
10.4.3. Creating the LVM Volume Groups
10.4.4. Creating the LVM Logical Volumes
10.5. Using the LVM utility system-config-lvm
10.5.1. Utilizing uninitialized entities
10.5.2. Adding Unallocated Volumes to a volume group
10.5.3. Migrating extents
10.5.4. Adding a new hard disk using LVM
10.5.5. Adding a new volume group
10.5.6. Extending a volume group
10.5.7. Editing a Logical Volume
10.6. Additional Resources
10.6.1. Installed Documentation
10.6.2. Useful Websites
II. Package Management
11. Package Management with RPM
11.1. RPM Design Goals
11.2. Using RPM
11.2.1. Finding RPM Packages
11.2.2. Installing
11.2.3. Uninstalling
11.2.4. Upgrading
11.2.5. Freshening
11.2.6. Querying
11.2.7. Verifying
11.3. Checking a Package's Signature
11.3.1. Importing Keys
11.3.2. Verifying Signature of Packages
11.4. Practical and Common Examples of RPM Usage
11.5. Additional Resources
11.5.1. Installed Documentation
11.5.2. Useful Websites
11.5.3. Related Books
12. Package Management Tool
12.1. Listing and Analyzing Packages
12.2. Installing and Removing Packages
13. YUM (Yellowdog Updater Modified)
13.1. Setting Up a Yum Repository
13.2. yum Commands
13.3. yum Options
13.4. Configuring yum
13.4.1. [main] Options
13.4.2. [repository] Options
13.5. Useful yum Variables
14. Product Subscriptions and Entitlements
14.1. An Overview of Managing Subscriptions and Content
14.1.1. The Purpose of Subscription Management
14.1.2. Defining Subscriptions, Entitlements, and Products
14.1.3. Subscription Management Tools
14.1.4. Subscription and Content Architecture
14.1.5. Advanced Content Management: Extended Update Support
14.1.6. Certificate-based Red Hat Network versus RHN Classic
14.2. Using Red Hat Subscription Manager Tools
14.2.1. Launching Red Hat Subscription Manager
14.2.2. About subscription-manager
14.2.3. Looking at RHN Subscription Management
14.2.4. Looking at Subscription Asset Manager
14.3. Managing Special Deployment Scenarios
14.3.1. Local Subscription Services, Local Content Providers, and Multi-Tenant Organizations
14.3.2. Virtual Guests and Hosts
14.3.3. Domains
14.4. Registering, Unregistering, and Reregistering a System
14.4.1. Registering Consumers in the Hosted Environment
14.4.2. Registering Consumers to a Local Distributor (Organization)
14.4.3. Registering an Offline Consumer
14.4.4. Registering from the Command Line
14.4.5. Unregistering
14.4.6. Restoring a Registration
14.5. Migrating Systems from RHN Classic to Certificate-based Red Hat Network
14.5.1. Installing the Migration Tools
14.5.2. Migrating from RHN Classic to Certificate-based Red Hat Network
14.5.3. Unregistering from RHN Classic Only
14.5.4. Migrating a Disconnected System
14.5.5. Looking at Channel and Certificate Mappings
14.6. Handling Subscriptions
14.6.1. Subscribing and Unsubscribing through the GUI
14.6.2. Handling Subscriptions through the Command Line
14.6.3. Stacking Subscriptions
14.6.4. Manually Adding a New Subscription
14.7. Redeeming Subscriptions on a Machine
14.7.1. Redeeming Subscriptions through the GUI
14.7.2. Redeeming Subscriptions on a Machine through the Command Line
14.8. Viewing Available and Used Subscriptions
14.8.1. Viewing Subscriptions in the GUI
14.8.2. Listing Subscriptions with the Command Line
14.8.3. Viewing Subscriptions Used in Both RHN Classic and Certificate-based Red Hat Network
14.9. Working with Subscription yum Repos
14.10. Responding to Subscription Notifications
14.11. Changing the Healing Check Frequency
14.12. Working with Subscription Asset Manager
14.12.1. Configuring Subscription Manager to Work with Subscription Asset Manager
14.12.2. Viewing Organization Information
14.13. Updating Entitlements Certificates
14.13.1. Updating Entitlement Certificates
14.13.2. Updating Subscription Information
14.14. Configuring the Subscription Service
14.14.1. Red Hat Subscription Manager Configuration Files
14.14.2. Using the config Command
14.14.3. Using an HTTP Proxy
14.14.4. Changing the Subscription Server
14.14.5. Configuring Red Hat Subscription Manager to Use a Local Content Provider
14.14.6. Managing Secure Connections to the Subscription Server
14.14.7. Starting and Stopping the Subscription Service
14.14.8. Checking Logs
14.14.9. Checking and Adding System Facts
14.14.10. Regenerating Identity Certificates
14.14.11. Getting the System UUID
14.14.12. Viewing Package Profiles
14.14.13. Retrieving the Consumer ID, Registration Tokens, and Other Information
14.15. About Certificates and Managing Entitlements
14.15.1. The Structure of Identity Certificates
14.15.2. The Structure of Entitlement Certificates
14.15.3. The Structure of Product Certificates
14.15.4. Anatomy of Satellite Certificates
III. Network-Related Configuration
15. Network Interfaces
15.1. Network Configuration Files
15.2. Interface Configuration Files
15.2.1. Ethernet Interfaces
15.2.2. IPsec Interfaces
15.2.3. Channel Bonding Interfaces
15.2.4. Alias and Clone Files
15.2.5. Dialup Interfaces
15.2.6. Other Interfaces
15.3. Interface Control Scripts
15.4. Configuring Static Routes
15.5. Network Function Files
15.6. Additional Resources
15.6.1. Installed Documentation
16. Network Configuration
16.1. Overview
16.2. Establishing an Ethernet Connection
16.3. Establishing an ISDN Connection
16.4. Establishing a Modem Connection
16.5. Establishing an xDSL Connection
16.6. Establishing a Token Ring Connection
16.7. Establishing a Wireless Connection
16.8. Managing DNS Settings
16.9. Managing Hosts
16.10. Working with Profiles
16.11. Device Aliases
16.12. Saving and Restoring the Network Configuration
17. Controlling Access to Services
17.1. Runlevels
17.2. TCP Wrappers
17.2.1. xinetd
17.3. Services Configuration Tool
17.4. ntsysv
17.5. chkconfig
17.6. Additional Resources
17.6.1. Installed Documentation
17.6.2. Useful Websites
18. Berkeley Internet Name Domain (BIND)
18.1. Introduction to DNS
18.1.1. Nameserver Zones
18.1.2. Nameserver Types
18.1.3. BIND as a Nameserver
18.2. /etc/named.conf
18.2.1. Common Statement Types
18.2.2. Other Statement Types
18.2.3. Comment Tags
18.3. Zone Files
18.3.1. Zone File Directives
18.3.2. Zone File Resource Records
18.3.3. Example Zone File
18.3.4. Reverse Name Resolution Zone Files
18.4. Using rndc
18.4.1. Configuring /etc/named.conf
18.4.2. Configuring /etc/rndc.conf
18.4.3. Command Line Options
18.5. Advanced Features of BIND
18.5.1. DNS Protocol Enhancements
18.5.2. Multiple Views
18.5.3. Security
18.5.4. IP version 6
18.6. Common Mistakes to Avoid
18.7. Additional Resources
18.7.1. Installed Documentation
18.7.2. Useful Websites
18.7.3. Related Books
19. OpenSSH
19.1. Features of SSH
19.1.1. Why Use SSH?
19.2. SSH Protocol Versions
19.3. Event Sequence of an SSH Connection
19.3.1. Transport Layer
19.3.2. Authentication
19.3.3. Channels
19.4. Configuring an OpenSSH Server
19.4.1. Requiring SSH for Remote Connections
19.5. OpenSSH Configuration Files
19.6. Configuring an OpenSSH Client
19.6.1. Using the ssh Command
19.6.2. Using the scp Command
19.6.3. Using the sftp Command
19.7. More Than a Secure Shell
19.7.1. X11 Forwarding
19.7.2. Port Forwarding
19.7.3. Generating Key Pairs
19.8. Additional Resources
19.8.1. Installed Documentation
19.8.2. Useful Websites
20. Network File System (NFS)
20.1. How It Works
20.1.1. Required Services
20.2. NFS Client Configuration
20.2.1. Mounting NFS File Systems using /etc/fstab
20.3. autofs
20.3.1. What's new in autofs version 5?
20.3.2. autofs Configuration
20.3.3. autofs Common Tasks
20.4. Common NFS Mount Options
20.5. Starting and Stopping NFS
20.6. NFS Server Configuration
20.6.1. Exporting or Sharing NFS File Systems
20.6.2. Command Line Configuration
20.6.3. Running NFS Behind a Firewall
20.6.4. Hostname Formats
20.7. The /etc/exports Configuration File
20.7.1. The exportfs Command
20.8. Securing NFS
20.8.1. Host Access
20.8.2. File Permissions
20.9. NFS and portmap
20.9.1. Troubleshooting NFS and portmap
20.10. Using NFS over TCP
20.11. Additional Resources
20.11.1. Installed Documentation
20.11.2. Useful Websites
20.11.3. Related Books
21. Samba
21.1. Introduction to Samba
21.1.1. Samba Features
21.2. Samba Daemons and Related Services
21.2.1. Samba Daemons
21.3. Connecting to a Samba Share
21.3.1. Command Line
21.3.2. Mounting the Share
21.4. Configuring a Samba Server
21.4.1. Graphical Configuration
21.4.2. Command Line Configuration
21.4.3. Encrypted Passwords
21.5. Starting and Stopping Samba
21.6. Samba Server Types and the smb.conf File
21.6.1. Stand-alone Server
21.6.2. Domain Member Server
21.6.3. Domain Controller
21.7. Samba Security Modes
21.7.1. User-Level Security
21.7.2. Share-Level Security
21.8. Samba Account Information Databases
21.9. Samba Network Browsing
21.9.1. Domain Browsing
21.9.2. WINS (Windows Internetworking Name Server)
21.10. Samba with CUPS Printing Support
21.10.1. Simple smb.conf Settings
21.11. Samba Distribution Programs
21.12. Additional Resources
21.12.1. Installed Documentation
21.12.2. Related Books
21.12.3. Useful Websites
22. Dynamic Host Configuration Protocol (DHCP)
22.1. Why Use DHCP?
22.2. Configuring a DHCP Server
22.2.1. Configuration File
22.2.2. Lease Database
22.2.3. Starting and Stopping the Server
22.2.4. DHCP Relay Agent
22.3. Configuring a DHCP Client
22.4. Configuring a Multihomed DHCP Server
22.4.1. Host Configuration
22.5. Additional Resources
22.5.1. Installed Documentation
23. Apache HTTP Server
23.1. Apache HTTP Server 2.2
23.1.1. Features of Apache HTTP Server 2.2
23.2. Migrating Apache HTTP Server Configuration Files
23.2.1. Migrating Apache HTTP Server 2.0 Configuration Files
23.2.2. Migrating Apache HTTP Server 1.3 Configuration Files to 2.0
23.3. Starting and Stopping httpd
23.4. Apache HTTP Server Configuration
23.4.1. Basic Settings
23.4.2. Default Settings
23.5. Configuration Directives in httpd.conf
23.5.1. General Configuration Tips
23.5.2. Configuration Directives for SSL
23.5.3. MPM Specific Server-Pool Directives
23.6. Adding Modules
23.7. Virtual Hosts
23.7.1. Setting Up Virtual Hosts
23.8. Apache HTTP Secure Server Configuration
23.8.1. An Overview of Security-Related Packages
23.8.2. An Overview of Certificates and Security
23.8.3. Using Pre-Existing Keys and Certificates
23.8.4. Types of Certificates
23.8.5. Generating a Key
23.8.6. How to configure the server to use the new key
23.9. Additional Resources
23.9.1. Useful Websites
24. FTP
24.1. The File Transfer Protocol
24.1.1. Multiple Ports, Multiple Modes
24.2. FTP Servers
24.2.1. vsftpd
24.3. Files Installed with vsftpd
24.4. Starting and Stopping vsftpd
24.4.1. Starting Multiple Copies of vsftpd
24.5. vsftpd Configuration Options
24.5.1. Daemon Options
24.5.2. Log In Options and Access Controls
24.5.3. Anonymous User Options
24.5.4. Local User Options
24.5.5. Directory Options
24.5.6. File Transfer Options
24.5.7. Logging Options
24.5.8. Network Options
24.6. Additional Resources
24.6.1. Installed Documentation
24.6.2. Useful Websites
25. Email
25.1. Email Protocols
25.1.1. Mail Transport Protocols
25.1.2. Mail Access Protocols
25.2. Email Program Classifications
25.2.1. Mail Transport Agent
25.2.2. Mail Delivery Agent
25.2.3. Mail User Agent
25.3. Mail Transport Agents
25.3.1. Sendmail
25.3.2. Postfix
25.3.3. Fetchmail
25.4. Mail Transport Agent (MTA) Configuration
25.5. Mail Delivery Agents
25.5.1. Procmail Configuration
25.5.2. Procmail Recipes
25.6. Mail User Agents
25.6.1. Securing Communication
25.7. Additional Resources
25.7.1. Installed Documentation
25.7.2. Useful Websites
25.7.3. Related Books
26. Lightweight Directory Access Protocol (LDAP)
26.1. Why Use LDAP?
26.1.1. OpenLDAP Features
26.2. LDAP Terminology
26.3. OpenLDAP Daemons and Utilities
26.3.1. NSS, PAM, and LDAP
26.3.2. PHP4, LDAP, and the Apache HTTP Server
26.3.3. LDAP Client Applications
26.4. OpenLDAP Configuration Files
26.5. The /etc/openldap/schema/ Directory
26.6. OpenLDAP Setup Overview
26.6.1. Editing /etc/openldap/slapd.conf
26.7. Configuring a System to Authenticate Using OpenLDAP
26.7.1. PAM and LDAP
26.7.2. Migrating Old Authentication Information to LDAP Format
26.8. Migrating Directories from Earlier Releases
26.9. Additional Resources
26.9.1. Installed Documentation
26.9.2. Useful Websites
26.9.3. Related Books
27. Authentication Configuration
27.1. User Information
27.2. Authentication
27.3. Options
27.4. Command Line Version
28. Using and Caching Credentials with SSSD
28.1. About the sssd.conf File
28.2. Starting and Stopping SSSD
28.3. Configuring Services
28.3.1. Configuring the NSS Service
28.3.2. Configuring the PAM Service
28.4. Creating Domains
28.4.1. General Rules and Options for Configuring a Domain
28.4.2. Configuring an LDAP Domain
28.4.3. Configuring Kerberos Authentication with a Domain
28.4.4. Configuring a Proxy Domain
28.5. Configuring Access Control for SSSD Domains
28.5.1. Using the Simple Access Provider
28.5.2. Using the LDAP Access Filter
28.6. Configuring Domain Failover
28.6.1. Configuring Failover
28.6.2. Using SRV Records with Failover
28.7. Deleting Domain Cache Files
28.8. Using NSCD with SSSD
28.9. Troubleshooting SSSD
28.9.1. Using SSSD Log Files
28.9.2. Problems with SSSD Configuration
IV. System Configuration
29. Console Access
29.1. Disabling Shutdown Via Ctrl+Alt+Del
29.2. Disabling Console Program Access
29.3. Defining the Console
29.4. Making Files Accessible From the Console
29.5. Enabling Console Access for Other Applications
29.6. The floppy Group
30. The sysconfig Directory
30.1. Files in the /etc/sysconfig/ Directory
30.1.1. /etc/sysconfig/amd
30.1.2. /etc/sysconfig/apmd
30.1.3. /etc/sysconfig/arpwatch
30.1.4. /etc/sysconfig/authconfig
30.1.5. /etc/sysconfig/autofs
30.1.6. /etc/sysconfig/clock
30.1.7. /etc/sysconfig/desktop
30.1.8. /etc/sysconfig/dhcpd
30.1.9. /etc/sysconfig/exim
30.1.10. /etc/sysconfig/firstboot
30.1.11. /etc/sysconfig/gpm
30.1.12. /etc/sysconfig/hwconf
30.1.13. /etc/sysconfig/i18n
30.1.14. /etc/sysconfig/init
30.1.15. /etc/sysconfig/ip6tables-config
30.1.16. /etc/sysconfig/iptables-config
30.1.17. /etc/sysconfig/irda
30.1.18. /etc/sysconfig/keyboard
30.1.19. /etc/sysconfig/kudzu
30.1.20. /etc/sysconfig/named
30.1.21. /etc/sysconfig/network
30.1.22. /etc/sysconfig/nfs
30.1.23. /etc/sysconfig/ntpd
30.1.24. /etc/sysconfig/radvd
30.1.25. /etc/sysconfig/samba
30.1.26. /etc/sysconfig/selinux
30.1.27. /etc/sysconfig/sendmail
30.1.28. /etc/sysconfig/spamassassin
30.1.29. /etc/sysconfig/squid
30.1.30. /etc/sysconfig/system-config-securitylevel
30.1.31. /etc/sysconfig/system-config-selinux
30.1.32. /etc/sysconfig/system-config-users
30.1.33. /etc/sysconfig/system-logviewer
30.1.34. /etc/sysconfig/tux
30.1.35. /etc/sysconfig/vncservers
30.1.36. /etc/sysconfig/xinetd
30.2. Directories in the /etc/sysconfig/ Directory
30.3. Additional Resources
30.3.1. Installed Documentation
31. Date and Time Configuration
31.1. Time and Date Properties
31.2. Network Time Protocol (NTP) Properties
31.3. Time Zone Configuration
32. Keyboard Configuration
33. The X Window System
33.1. The X11R7.1 Release
33.2. Desktop Environments and Window Managers
33.2.1. Desktop Environments
33.2.2. Window Managers
33.3. X Server Configuration Files
33.3.1. xorg.conf
33.4. Fonts
33.4.1. Fontconfig
33.4.2. Core X Font System
33.5. Runlevels and X
33.5.1. Runlevel 3
33.5.2. Runlevel 5
33.6. Additional Resources
33.6.1. Installed Documentation
33.6.2. Useful Websites
34. X Window System Configuration
34.1. Display Settings
34.2. Display Hardware Settings
34.3. Dual Head Display Settings
35. Users and Groups
35.1. User and Group Configuration
35.1.1. Adding a New User
35.1.2. Modifying User Properties
35.1.3. Adding a New Group
35.1.4. Modifying Group Properties
35.2. User and Group Management Tools
35.2.1. Command Line Configuration
35.2.2. Adding a User
35.2.3. Adding a Group
35.2.4. Password Aging
35.2.5. Explaining the Process
35.3. Standard Users
35.4. Standard Groups
35.5. User Private Groups
35.5.1. Group Directories
35.6. Shadow Passwords
35.7. Additional Resources
35.7.1. Installed Documentation
36. Printer Configuration
36.1. Adding a Local Printer
36.2. Adding an IPP Printer
36.3. Adding a Samba (SMB) Printer
36.4. Adding a JetDirect Printer
36.5. Selecting the Printer Model and Finishing
36.5.1. Confirming Printer Configuration
36.6. Printing a Test Page
36.7. Modifying Existing Printers
36.7.1. The Settings Tab
36.7.2. The Policies Tab
36.7.3. The Access Control Tab
36.7.4. The Printer and Job OptionsTab
36.8. Managing Print Jobs
36.9. Additional Resources
36.9.1. Installed Documentation
36.9.2. Useful Websites
37. Automated Tasks
37.1. Cron
37.1.1. Configuring Cron Tasks
37.1.2. Controlling Access to Cron
37.1.3. Starting and Stopping the Service
37.2. At and Batch
37.2.1. Configuring At Jobs
37.2.2. Configuring Batch Jobs
37.2.3. Viewing Pending Jobs
37.2.4. Additional Command Line Options
37.2.5. Controlling Access to At and Batch
37.2.6. Starting and Stopping the Service
37.3. Additional Resources
37.3.1. Installed Documentation
38. Log Files
38.1. Locating Log Files
38.2. Viewing Log Files
38.3. Adding a Log File
38.4. Monitoring Log Files
V. System Monitoring
39. SystemTap
39.1. Introduction
39.2. Implementation
39.3. Using SystemTap
39.3.1. Tracing
40. Gathering System Information
40.1. System Processes
40.2. Memory Usage
40.3. File Systems
40.4. Hardware
40.5. Additional Resources
40.5.1. Installed Documentation
41. OProfile
41.1. Overview of Tools
41.2. Configuring OProfile
41.2.1. Specifying the Kernel
41.2.2. Setting Events to Monitor
41.2.3. Separating Kernel and User-space Profiles
41.3. Starting and Stopping OProfile
41.4. Saving Data
41.5. Analyzing the Data
41.5.1. Using opreport
41.5.2. Using opreport on a Single Executable
41.5.3. Getting more detailed output on the modules
41.5.4. Using opannotate
41.6. Understanding /dev/oprofile/
41.7. Example Usage
41.8. Graphical Interface
41.9. Additional Resources
41.9.1. Installed Docs
41.9.2. Useful Websites
VI. Kernel and Driver Configuration
42. Manually Upgrading the Kernel
42.1. Overview of Kernel Packages
42.2. Preparing to Upgrade
42.3. Downloading the Upgraded Kernel
42.4. Performing the Upgrade
42.5. Verifying the Initial RAM Disk Image
42.6. Verifying the Boot Loader
42.6.1. x86 Systems
42.6.2. Itanium Systems
42.6.3. IBM S/390 and IBM System z Systems
42.6.4. IBM eServer iSeries Systems
42.6.5. IBM eServer pSeries Systems
43. General Parameters and Modules
43.1. Kernel Module Utilities
43.2. Persistent Module Loading
43.3. Specifying Module Parameters
43.4. Storage parameters
43.5. Ethernet Parameters
43.5.1. Using Multiple Ethernet Cards
43.5.2. The Channel Bonding Module
43.6. Additional Resources
43.6.1. Installed Documentation
43.6.2. Useful Websites
44. The kdump Crash Recovery Service
44.1. Configuring the kdump Service
44.1.1. Configuring the kdump at First Boot
44.1.2. Using the Kernel Dump Configuration Utility
44.1.3. Configuring kdump on the Command Line
44.1.4. Testing the Configuration
44.2. Analyzing the Core Dump
44.2.1. Displaying the Message Buffer
44.2.2. Displaying a Backtrace
44.2.3. Displaying a Process Status
44.2.4. Displaying Virtual Memory Information
44.2.5. Displaying Open Files
44.3. Additional Resources
44.3.1. Installed Documentation
44.3.2. Useful Websites
VII. Security And Authentication
45. Security Overview
45.1. Introduction to Security
45.1.1. What is Computer Security?
45.1.2. Security Controls
45.1.3. Conclusion
45.2. Vulnerability Assessment
45.2.1. Thinking Like the Enemy
45.2.2. Defining Assessment and Testing
45.2.3. Evaluating the Tools
45.3. Attackers and Vulnerabilities
45.3.1. A Quick History of Hackers
45.3.2. Threats to Network Security
45.3.3. Threats to Server Security
45.3.4. Threats to Workstation and Home PC Security
45.4. Common Exploits and Attacks
45.5. Security Updates
45.5.1. Updating Packages
46. Securing Your Network
46.1. Workstation Security
46.1.1. Evaluating Workstation Security
46.1.2. BIOS and Boot Loader Security
46.1.3. Password Security
46.1.4. Administrative Controls
46.1.5. Available Network Services
46.1.6. Personal Firewalls
46.1.7. Security Enhanced Communication Tools
46.2. Server Security
46.2.1. Securing Services With TCP Wrappers and xinetd
46.2.2. Securing Portmap
46.2.3. Securing NIS
46.2.4. Securing NFS
46.2.5. Securing the Apache HTTP Server
46.2.6. Securing FTP
46.2.7. Securing Sendmail
46.2.8. Verifying Which Ports Are Listening
46.3. Single Sign-on (SSO)
46.3.1. Introduction
46.3.2. Getting Started with your new Smart Card
46.3.3. How Smart Card Enrollment Works
46.3.4. How Smart Card Login Works
46.3.5. Configuring Firefox to use Kerberos for SSO
46.4. Pluggable Authentication Modules (PAM)
46.4.1. Advantages of PAM
46.4.2. PAM Configuration Files
46.4.3. PAM Configuration File Format
46.4.4. Sample PAM Configuration Files
46.4.5. Creating PAM Modules
46.4.6. PAM and Administrative Credential Caching
46.4.7. PAM and Device Ownership
46.4.8. Additional Resources
46.5. TCP Wrappers and xinetd
46.5.1. TCP Wrappers
46.5.2. TCP Wrappers Configuration Files
46.5.3. xinetd
46.5.4. xinetd Configuration Files
46.5.5. Additional Resources
46.6. Kerberos
46.6.1. What is Kerberos?
46.6.2. Kerberos Terminology
46.6.3. How Kerberos Works
46.6.4. Kerberos and PAM
46.6.5. Configuring a Kerberos 5 Server
46.6.6. Configuring a Kerberos 5 Client
46.6.7. Domain-to-Realm Mapping
46.6.8. Setting Up Secondary KDCs
46.6.9. Setting Up Cross Realm Authentication
46.6.10. Additional Resources
46.7. Virtual Private Networks (VPNs)
46.7.1. How Does a VPN Work?
46.7.2. VPNs and Red Hat Enterprise Linux
46.7.3. IPsec
46.7.4. Creating an IPsec Connection
46.7.5. IPsec Installation
46.7.6. IPsec Host-to-Host Configuration
46.7.7. IPsec Network-to-Network Configuration
46.7.8. Starting and Stopping an IPsec Connection
46.8. Firewalls
46.8.1. Netfilter and IPTables
46.8.2. Basic Firewall Configuration
46.8.3. Using IPTables
46.8.4. Common IPTables Filtering
46.8.5. FORWARD and NAT Rules
46.8.6. Malicious Software and Spoofed IP Addresses
46.8.7. IPTables and Connection Tracking
46.8.8. IPv6
46.8.9. Additional Resources
46.9. IPTables
46.9.1. Packet Filtering
46.9.2. Differences Between IPTables and IPChains
46.9.3. Command Options for IPTables
46.9.4. Saving IPTables Rules
46.9.5. IPTables Control Scripts
46.9.6. IPTables and IPv6
46.9.7. Additional Resources
47. Security and SELinux
47.1. Access Control Mechanisms (ACMs)
47.1.1. Discretionary Access Control (DAC)
47.1.2. Access Control Lists (ACLs)
47.1.3. Mandatory Access Control (MAC)
47.1.4. Role-based Access Control (RBAC)
47.1.5. Multi-Level Security (MLS)
47.1.6. Multi-Category Security (MCS)
47.2. Introduction to SELinux
47.2.1. SELinux Overview
47.2.2. Files Related to SELinux
47.2.3. Additional Resources
47.3. Brief Background and History of SELinux
47.4. Multi-Category Security (MCS)
47.4.1. Introduction
47.4.2. Applications for Multi-Category Security
47.4.3. SELinux Security Contexts
47.5. Getting Started with Multi-Category Security (MCS)
47.5.1. Introduction
47.5.2. Comparing SELinux and Standard Linux User Identities
47.5.3. Configuring Categories
47.5.4. Assigning Categories to Users
47.5.5. Assigning Categories to Files
47.6. Multi-Level Security (MLS)
47.6.1. Why Multi-Level?
47.6.2. Security Levels, Objects and Subjects
47.6.3. MLS Policy
47.6.4. LSPP Certification
47.7. SELinux Policy Overview
47.7.1. What is the SELinux Policy?
47.7.2. Where is the Policy?
47.7.3. The Role of Policy in the Boot Process
47.7.4. Object Classes and Permissions
47.8. Targeted Policy Overview
47.8.1. What is the Targeted Policy?
47.8.2. Files and Directories of the Targeted Policy
47.8.3. Understanding the Users and Roles in the Targeted Policy
48. Working With SELinux
48.1. End User Control of SELinux
48.1.1. Moving and Copying Files
48.1.2. Checking the Security Context of a Process, User, or File Object
48.1.3. Relabeling a File or Directory
48.1.4. Creating Archives That Retain Security Contexts
48.2. Administrator Control of SELinux
48.2.1. Viewing the Status of SELinux
48.2.2. Relabeling a File System
48.2.3. Managing NFS Home Directories
48.2.4. Granting Access to a Directory or a Tree
48.2.5. Backing Up and Restoring the System
48.2.6. Enabling or Disabling Enforcement
48.2.7. Enable or Disable SELinux
48.2.8. Changing the Policy
48.2.9. Specifying the Security Context of Entire File Systems
48.2.10. Changing the Security Category of a File or User
48.2.11. Running a Command in a Specific Security Context
48.2.12. Useful Commands for Scripts
48.2.13. Changing to a Different Role
48.2.14. When to Reboot
48.3. Analyst Control of SELinux
48.3.1. Enabling Kernel Auditing
48.3.2. Dumping and Viewing Logs
49. Customizing SELinux Policy
49.1. Introduction
49.1.1. Modular Policy
49.2. Building a Local Policy Module
49.2.1. Using audit2allow to Build a Local Policy Module
49.2.2. Analyzing the Type Enforcement (TE) File
49.2.3. Loading the Policy Package
50. References
VIII. Red Hat Training And Certification
51. Red Hat Training and Certification
51.1. Three Ways to Train
51.2. Microsoft Certified Professional Resource Center
52. Certification Tracks
52.1. Free Pre-assessment tests
53. RH033: Red Hat Linux Essentials
53.1. Course Description
53.1.1. Prerequisites
53.1.2. Goal
53.1.3. Audience
53.1.4. Course Objectives
53.1.5. Follow-on Courses
54. RH035: Red Hat Linux Essentials for Windows Professionals
54.1. Course Description
54.1.1. Prerequisites
54.1.2. Goal
54.1.3. Audience
54.1.4. Course Objectives
54.1.5. Follow-on Courses
55. RH133: Red Hat Linux System Administration and Red Hat Certified Technician (RHCT) Certification
55.1. Course Description
55.1.1. Prerequisites
55.1.2. Goal
55.1.3. Audience
55.1.4. Course Objectives
55.1.5. Follow-on Courses
56. RH202 RHCT EXAM - The fastest growing credential in all of Linux.
56.1. Course Description
56.1.1. Prerequisites
57. RH253 Red Hat Linux Networking and Security Administration
57.1. Course Description
57.1.1. Prerequisites
57.1.2. Goal
57.1.3. Audience
57.1.4. Course Objectives
57.1.5. Follow-on Courses
58. RH300: RHCE Rapid track course (and RHCE exam)
58.1. Course Description
58.1.1. Prerequisites
58.1.2. Goal
58.1.3. Audience
58.1.4. Course Objectives
58.1.5. Follow-on Courses
59. RH302 RHCE EXAM
59.1. Course Description
59.1.1. Prerequisites
59.1.2. Content
60. RHS333: RED HAT enterprise security: network services
60.1. Course Description
60.1.1. Prerequisites
60.1.2. Goal
60.1.3. Audience
60.1.4. Course Objectives
60.1.5. Follow-on Courses
61. RH401: Red Hat Enterprise Deployment and systems management
61.1. Course Description
61.1.1. Prerequisites
61.1.2. Goal
61.1.3. Audience
61.1.4. Course Objectives
61.1.5. Follow-on Courses
62. RH423: Red Hat Enterprise Directory services and authentication
62.1. Course Description
62.1.1. Prerequisites
62.1.2. Goal
62.1.3. Audience
62.1.4. Course Objectives
62.1.5. Follow-on Courses
63. SELinux Courses
63.1. RHS427: Introduction to SELinux and Red Hat Targeted Policy
63.1.1. Audience
63.1.2. Course Summary
63.2. RHS429: Red Hat Enterprise SELinux Policy Administration
64. RH436: Red Hat Enterprise storage management
64.1. Course Description
64.1.1. Prerequisites
64.1.2. Goal
64.1.3. Audience
64.1.4. Course Objectives
64.1.5. Follow-on Courses
65. RH442: Red Hat Enterprise system monitoring and performance tuning
65.1. Course Description
65.1.1. Prerequisites
65.1.2. Goal
65.1.3. Audience
65.1.4. Course Objectives
65.1.5. Follow-on Courses
66. Red Hat Enterprise Linux Developer Courses
66.1. RHD143: Red Hat Linux Programming Essentials
66.2. RHD221 Red Hat Linux Device Drivers
66.3. RHD236 Red Hat Linux Kernel Internals
66.4. RHD256 Red Hat Linux Application Development and Porting
67. JBoss Courses
67.1. RHD161 JBoss and EJB3 for Java
67.1.1. Prerequisites
67.2. RHD163 JBoss for Web Developers
67.2.1. Prerequisites
67.3. RHD167: JBOSS - HIBERNATE ESSENTIALS
67.3.1. Prerequisites
67.3.2. Course Summary
67.4. RHD267: JBOSS - ADVANCED HIBERNATE
67.4.1. Prerequisites
67.5. RHD261:JBOSS for advanced J2EE developers
67.5.1. Prerequisites
67.6. RH336: JBOSS for Administrators
67.6.1. Prerequisites
67.6.2. Course Summary
67.7. RHD439: JBoss Clustering
67.7.1. Prerequisites
67.8. RHD449: JBoss jBPM
67.8.1. Description
67.8.2. Prerequisites
67.9. RHD451 JBoss Rules
67.9.1. Prerequisites
A. Revision History
B. Colophon