Deployment guide

4,426 views
4,365 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,426
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
13
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Deployment guide

  1. 1. Red Hat Enterprise Linux 5.0.0Red Hat Enterprise Linux Deployment Guide
  2. 2. Red Hat Enterprise Linux 5.0.0: Red Hat Enterprise Linux De-ployment GuideCopyright © 2007 Red Hat, Inc.This Deployment Guide documents relevant information regarding the deployment, configura-tion and administration of Red Hat Enterprise Linux 5.0.0.1801 Varsity DriveRaleigh, NC 27606-2072USAPhone: +1 919 754 3700Phone: 888 733 4281Fax: +1 919 754 3701PO Box 13588Research Triangle Park, NC 27709USADocumentation-DeploymentCopyright © 2007 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth inthe Open Publication License, V1.0 or later (the latest version is presently available at ht-tp://www.opencontent.org/openpub/).Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copy-right holder.Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohib-ited unless prior permission is obtained from the copyright holder.Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and othercountries.All other trademarks referenced herein are the property of their respective owners.The GPG fingerprint of the security@redhat.com key is:CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E
  3. 3. Table of ContentsIntroduction ............................................................................................................ xxii 1. Document Conventions ............................................................................... xxii 2. Send in Your Feedback ............................................................................... xxvI. File Systems ........................................................................................................... 1 1. File System Structure ..................................................................................... 2 1. Why Share a Common Structure? ........................................................... 2 2. Overview of File System Hierarchy Standard (FHS) ................................. 2 2.1. FHS Organization ........................................................................ 2 3. Special File Locations Under Red Hat Enterprise Linux ............................ 6 2. The ext3 File System ...................................................................................... 7 1. Features of ext3 ..................................................................................... 7 2. Creating an ext3 File System .................................................................. 7 3. Converting to an ext3 File System ........................................................... 8 4. Reverting to an ext2 File System ............................................................. 9 3. The proc File System ....................................................................................10 1. A Virtual File System .............................................................................10 1.1. Viewing Virtual Files ...................................................................10 1.2. Changing Virtual Files ................................................................11 2. Top-level Files within the proc File System .............................................11 2.1. /proc/apm ..................................................................................11 2.2. /proc/buddyinfo ..........................................................................12 2.3. /proc/cmdline .............................................................................12 2.4. /proc/cpuinfo ..............................................................................13 2.5. /proc/crypto ................................................................................14 2.6. /proc/devices .............................................................................14 2.7. /proc/dma ..................................................................................15 2.8. /proc/execdomains .....................................................................15 2.9. /proc/fb ......................................................................................15 2.10. /proc/filesystems ......................................................................15 2.11. /proc/interrupts .........................................................................16 2.12. /proc/iomem .............................................................................17 2.13. /proc/ioports .............................................................................17 2.14. /proc/kcore ...............................................................................18 2.15. /proc/kmsg ...............................................................................18 2.16. /proc/loadavg ...........................................................................18 2.17. /proc/locks ...............................................................................18 2.18. /proc/mdstat .............................................................................19 2.19. /proc/meminfo ..........................................................................19 2.20. /proc/misc ................................................................................21 2.21. /proc/modules ..........................................................................21 2.22. /proc/mounts ............................................................................22 2.23. /proc/mtrr .................................................................................23 2.24. /proc/partitions .........................................................................23 2.25. /proc/pci ...................................................................................23 2.26. /proc/slabinfo ...........................................................................24 iv
  4. 4. Red Hat Enterprise Linux 5.0.0 2.27. /proc/stat ..................................................................................25 2.28. /proc/swaps .............................................................................26 2.29. /proc/sysrq-trigger ....................................................................26 2.30. /proc/uptime .............................................................................26 2.31. /proc/version ............................................................................27 3. Directories within /proc/ .........................................................................27 3.1. Process Directories ....................................................................27 3.2. /proc/bus/ ..................................................................................29 3.3. /proc/driver/ ...............................................................................30 3.4. /proc/fs ......................................................................................30 3.5. /proc/ide/ ...................................................................................30 3.6. /proc/irq/ ....................................................................................32 3.7. /proc/net/ ...................................................................................32 3.8. /proc/scsi/ ..................................................................................33 3.9. /proc/sys/ ...................................................................................35 3.10. /proc/sysvipc/ ...........................................................................46 3.11. /proc/tty/ ..................................................................................47 4. Using the sysctl Command ....................................................................47 5. Additional Resources ............................................................................48 5.1. Installed Documentation .............................................................48 5.2. Useful Websites .........................................................................484. Redundant Array of Independent Disks (RAID) ...............................................49 1. What is RAID? ......................................................................................49 2. Who Should Use RAID? ........................................................................49 3. Hardware RAID versus Software RAID ...................................................49 3.1. Hardware RAID ..........................................................................49 3.2. Software RAID ...........................................................................50 4. RAID Levels and Linear Support ............................................................50 5. Configuring Software RAID ....................................................................51 5.1. Creating the RAID Partitions .......................................................52 5.2. Creating the RAID Devices and Mount Points ..............................555. Swap Space .................................................................................................61 1. What is Swap Space? ...........................................................................61 2. Adding Swap Space ..............................................................................61 2.1. Extending Swap on an LVM2 Logical Volume ..............................62 2.2. Creating an LVM2 Logical Volume for Swap ................................62 2.3. Creating a Swap File ..................................................................63 3. Removing Swap Space .........................................................................63 3.1. Reducing Swap on an LVM2 Logical Volume ...............................63 3.2. Removing an LVM2 Logical Volume for Swap ..............................64 3.3. Removing a Swap File ................................................................64 4. Moving Swap Space .............................................................................656. Managing Disk Storage .................................................................................66 1. Standard Partitions using parted ............................................................66 1.1. Viewing the Partition Table .........................................................67 1.2. Creating a Partition .....................................................................68 1.3. Removing a Partition ..................................................................70 1.4. Resizing a Partition ....................................................................71 2. LVM Partition Management ...................................................................727. Implementing Disk Quotas .............................................................................75 v
  5. 5. Red Hat Enterprise Linux 5.0.0 1. Configuring Disk Quotas ........................................................................75 1.1. Enabling Quotas ........................................................................75 1.2. Remounting the File Systems ......................................................76 1.3. Creating the Quota Database Files ..............................................76 1.4. Assigning Quotas per User .........................................................77 1.5. Assigning Quotas per Group .......................................................78 1.6. Setting the Grace Period for Soft Limits .......................................78 2. Managing Disk Quotas ..........................................................................78 2.1. Enabling and Disabling ...............................................................78 2.2. Reporting on Disk Quotas ...........................................................79 2.3. Keeping Quotas Accurate ...........................................................79 3. Additional Resources ............................................................................80 3.1. Installed Documentation .............................................................80 3.2. Related Books ...........................................................................80 8. Access Control Lists ......................................................................................81 1. Mounting File Systems ..........................................................................81 1.1. NFS ..........................................................................................81 2. Setting Access ACLs .............................................................................81 3. Setting Default ACLs .............................................................................83 4. Retrieving ACLs ....................................................................................83 5. Archiving File Systems With ACLs .........................................................83 6. Compatibility with Older Systems ...........................................................84 7. Additional Resources ............................................................................84 7.1. Installed Documentation .............................................................84 7.2. Useful Websites .........................................................................85 9. LVM (Logical Volume Manager) .....................................................................86 1. What is LVM? .......................................................................................86 1.1. What is LVM2? ..........................................................................87 2. LVM Configuration ................................................................................87 3. Automatic Partitioning ...........................................................................88 4. Manual LVM Partitioning ........................................................................89 4.1. Creating the /boot/ Partition .........................................................89 4.2. Creating the LVM Physical Volumes ............................................92 4.3. Creating the LVM Volume Groups ...............................................94 4.4. Creating the LVM Logical Volumes ..............................................95 5. Using the LVM utility system-config-lvm ..................................................98 5.1. Utilizing uninitialized entities ......................................................101 5.2. Adding Unallocated Volumes to a volume group .........................102 5.3. Migrating extents ......................................................................104 5.4. Adding a new hard disk using LVM ............................................106 5.5. Adding a new volume group ......................................................107 5.6. Extending a volume group ........................................................109 5.7. Editing a Logical Volume ..........................................................110 6. Additional Resources ..........................................................................113 6.1. Installed Documentation ...........................................................113 6.2. Useful Websites .......................................................................113II. Package Management .........................................................................................114 10. Package Management with RPM ...............................................................115 1. RPM Design Goals ..............................................................................115 2. Using RPM .........................................................................................116 vi
  6. 6. Red Hat Enterprise Linux 5.0.0 2.1. Finding RPM Packages ............................................................116 2.2. Installing ..................................................................................117 2.3. Uninstalling ..............................................................................118 2.4. Upgrading ................................................................................119 2.5. Freshening ..............................................................................120 2.6. Querying ..................................................................................120 2.7. Verifying ..................................................................................121 3. Checking a Packages Signature ..........................................................122 3.1. Importing Keys .........................................................................122 3.2. Verifying Signature of Packages ................................................123 4. Practical and Common Examples of RPM Usage ..................................123 5. Additional Resources ..........................................................................124 5.1. Installed Documentation ...........................................................124 5.2. Useful Websites .......................................................................124 5.3. Related Books .........................................................................125 11. Package Management Tool .......................................................................126 1. Listing and Analyzing Packages ...........................................................127 2. Installing and Removing Packages .......................................................128 12. Red Hat Network .......................................................................................133III. Network-Related Configuration ...........................................................................137 13. Network Interfaces ....................................................................................138 1. Network Configuration Files .................................................................138 2. Interface Configuration Files ................................................................139 2.1. Ethernet Interfaces ...................................................................139 2.2. IPsec Interfaces .......................................................................142 2.3. Channel Bonding Interfaces ......................................................143 2.4. Alias and Clone Files ................................................................144 2.5. Dialup Interfaces ......................................................................145 2.6. Other Interfaces .......................................................................146 3. Interface Control Scripts ......................................................................147 4. Network Function Files ........................................................................149 5. Additional Resources ..........................................................................149 5.1. Installed Documentation ...........................................................149 14. Network Configuration ...............................................................................150 1. Overview ............................................................................................151 2. Establishing an Ethernet Connection ....................................................152 3. Establishing an ISDN Connection .........................................................155 4. Establishing a Modem Connection .......................................................156 5. Establishing an xDSL Connection ........................................................158 6. Establishing a Token Ring Connection .................................................161 7. Establishing a Wireless Connection ......................................................164 8. Managing DNS Settings ......................................................................166 9. Managing Hosts ..................................................................................168 10. Working with Profiles .........................................................................169 11. Device Aliases ..................................................................................173 12. Saving and Restoring the Network Configuration .................................174 15. Controlling Access to Services ...................................................................176 1. Runlevels ...........................................................................................177 2. TCP Wrappers ....................................................................................177 2.1. xinetd ......................................................................................178 vii
  7. 7. Red Hat Enterprise Linux 5.0.0 3. Services Configuration Tool .................................................................178 4. ntsysv ................................................................................................180 5. chkconfig ............................................................................................182 6. Additional Resources ..........................................................................182 6.1. Installed Documentation ...........................................................183 6.2. Useful Websites .......................................................................18316. Berkeley Internet Name Domain (BIND) .....................................................184 1. Introduction to DNS .............................................................................184 1.1. Nameserver Zones ...................................................................184 1.2. Nameserver Types ...................................................................185 1.3. BIND as a Nameserver .............................................................185 2. /etc/named.conf ..................................................................................186 2.1. Common Statement Types .......................................................186 2.2. Other Statement Types .............................................................191 2.3. Comment Tags ........................................................................193 3. Zone Files ..........................................................................................193 3.1. Zone File Directives ..................................................................193 3.2. Zone File Resource Records .....................................................194 3.3. Example Zone File ...................................................................197 3.4. Reverse Name Resolution Zone Files ........................................197 4. Using rndc ..........................................................................................198 4.1. Configuring /etc/named.conf .....................................................198 4.2. Configuring /etc/rndc.conf .........................................................199 4.3. Command Line Options ............................................................199 5. Advanced Features of BIND ................................................................200 5.1. DNS Protocol Enhancements ....................................................201 5.2. Multiple Views ..........................................................................201 5.3. Security ...................................................................................201 5.4. IP version 6 .............................................................................202 6. Common Mistakes to Avoid .................................................................202 7. Additional Resources ..........................................................................202 7.1. Installed Documentation ...........................................................202 7.2. Useful Websites .......................................................................203 7.3. Related Books .........................................................................20417. OpenSSH .................................................................................................205 1. Features of SSH .................................................................................205 1.1. Why Use SSH? ........................................................................205 2. SSH Protocol Versions ........................................................................206 3. Event Sequence of an SSH Connection ................................................206 3.1. Transport Layer ........................................................................207 3.2. Authentication ..........................................................................208 3.3. Channels .................................................................................208 4. Configuring an OpenSSH Server ..........................................................208 4.1. Requiring SSH for Remote Connections ....................................209 5. OpenSSH Configuration Files ..............................................................209 6. Configuring an OpenSSH Client ...........................................................211 6.1. Using the ssh Command ...........................................................211 6.2. Using the scp Command ...........................................................212 6.3. Using the sftp Command ..........................................................212 7. More Than a Secure Shell ...................................................................213 viii
  8. 8. Red Hat Enterprise Linux 5.0.0 7.1. X11 Forwarding ........................................................................213 7.2. Port Forwarding .......................................................................213 7.3. Generating Key Pairs ...............................................................214 8. Additional Resources ..........................................................................218 8.1. Installed Documentation ...........................................................218 8.2. Useful Websites .......................................................................21818. Network File System (NFS) ........................................................................219 1. How It Works ......................................................................................219 1.1. Required Services ....................................................................220 2. NFS Client Configuration .....................................................................221 2.1. Mounting NFS File Systems using /etc/fstab ..............................221 3. autofs .................................................................................................222 3.1. Whats new in autofs version 5? ................................................222 3.2. autofs Configuration .................................................................223 3.3. autofs Common Tasks ..............................................................225 4. Common NFS Mount Options ..............................................................228 5. Starting and Stopping NFS ..................................................................230 6. NFS Server Configuration ....................................................................231 6.1. Exporting or Sharing NFS File Systems .....................................232 6.2. Command Line Configuration ....................................................235 6.3. Hostname Formats ...................................................................236 7. The /etc/exports Configuration File .......................................................236 7.1. The exportfs Command ............................................................238 8. Securing NFS .....................................................................................240 8.1. Host Access .............................................................................240 8.2. File Permissions .......................................................................242 9. NFS and portmap ................................................................................242 9.1. Troubleshooting NFS and portmap ............................................242 10. Using NFS over TCP .........................................................................243 11. Additional Resources .........................................................................244 11.1. Installed Documentation .........................................................244 11.2. Useful Websites .....................................................................244 11.3. Related Books ........................................................................24519. Samba .....................................................................................................246 1. Introduction to Samba .........................................................................246 1.1. Samba Features ......................................................................246 2. Samba Daemons and Related Services ................................................247 2.1. Samba Daemons .....................................................................247 3. Connecting to a Samba Share .............................................................247 3.1. Command Line ........................................................................249 3.2. Mounting the Share ..................................................................250 4. Configuring a Samba Server ................................................................250 4.1. Graphical Configuration ............................................................250 4.2. Command Line Configuration ....................................................255 4.3. Encrypted Passwords ...............................................................256 5. Starting and Stopping Samba ..............................................................256 6. Samba Server Types and the smb.conf File ..........................................257 6.1. Stand-alone Server ..................................................................257 6.2. Domain Member Server ............................................................259 6.3. Domain Controller ....................................................................261 ix
  9. 9. Red Hat Enterprise Linux 5.0.0 7. Samba Security Modes .......................................................................263 7.1. User-Level Security ..................................................................263 7.2. Share-Level Security ................................................................264 8. Samba Account Information Databases ................................................265 9. Samba Network Browsing ....................................................................266 9.1. Domain Browsing .....................................................................266 9.2. WINS (Windows Internetworking Name Server) .........................266 10. Samba with CUPS Printing Support ....................................................267 10.1. Simple smb.conf Settings ........................................................267 11. Samba Distribution Programs ............................................................268 12. Additional Resources .........................................................................271 12.1. Installed Documentation .........................................................271 12.2. Related Books ........................................................................272 12.3. Useful Websites .....................................................................27220. Dynamic Host Configuration Protocol (DHCP) .............................................273 1. Why Use DHCP? ................................................................................273 2. Configuring a DHCP Server .................................................................273 2.1. Configuration File .....................................................................273 2.2. Lease Database .......................................................................277 2.3. Starting and Stopping the Server ...............................................277 2.4. DHCP Relay Agent ...................................................................278 3. Configuring a DHCP Client ..................................................................279 4. Additional Resources ..........................................................................280 4.1. Installed Documentation ...........................................................28021. Apache HTTP Server ................................................................................281 1. Apache HTTP Server 2.2 .....................................................................281 1.1. Features of Apache HTTP Server 2.2 ........................................281 2. Migrating Apache HTTP Server Configuration Files ...............................282 2.1. Migrating Apache HTTP Server 2.0 Configuration Files ...............282 2.2. Migrating Apache HTTP Server 1.3 Configuration Files to 2.0 .....282 3. Starting and Stopping httpd .................................................................293 4. Apache HTTP Server Configuration .....................................................294 4.1. Basic Settings ..........................................................................295 4.2. Default Settings ........................................................................296 5. Configuration Directives in httpd.conf ...................................................308 5.1. General Configuration Tips .......................................................308 5.2. Configuration Directives for SSL ................................................319 5.3. MPM Specific Server-Pool Directives .........................................320 6. Adding Modules ..................................................................................321 7. Virtual Hosts .......................................................................................322 7.1. Setting Up Virtual Hosts ............................................................322 8. Apache HTTP Secure Server Configuration ..........................................323 8.1. An Overview of Security-Related Packages ...............................323 8.2. An Overview of Certificates and Security ...................................324 8.3. Using Pre-Existing Keys and Certificates ...................................324 8.4. Types of Certificates .................................................................325 8.5. Generating a Key .....................................................................326 8.6. How to configure the server to use the new key ..........................334 9. Additional Resources ..........................................................................334 9.1. Useful Websites .......................................................................334 x
  10. 10. Red Hat Enterprise Linux 5.0.022. FTP ..........................................................................................................336 1. The File Transport Protocol .................................................................336 1.1. Multiple Ports, Multiple Modes ...................................................336 2. FTP Servers .......................................................................................337 2.1. vsftpd ......................................................................................337 3. Files Installed with vsftpd .....................................................................338 4. Starting and Stopping vsftpd ................................................................338 4.1. Starting Multiple Copies of vsftpd ..............................................339 5. vsftpd Configuration Options ................................................................340 5.1. Daemon Options ......................................................................341 5.2. Log In Options and Access Controls ..........................................341 5.3. Anonymous User Options .........................................................342 5.4. Local User Options ...................................................................343 5.5. Directory Options .....................................................................344 5.6. File Transfer Options ................................................................345 5.7. Logging Options .......................................................................346 5.8. Network Options ......................................................................347 6. Additional Resources ..........................................................................349 6.1. Installed Documentation ...........................................................349 6.2. Useful Websites .......................................................................35023. Email ........................................................................................................351 1. Email Protocols ...................................................................................351 1.1. Mail Transport Protocols ...........................................................351 1.2. Mail Access Protocols ..............................................................352 2. Email Program Classifications ..............................................................354 2.1. Mail Transport Agent ................................................................354 2.2. Mail Delivery Agent ..................................................................354 2.3. Mail User Agent .......................................................................355 3. Mail Transport Agents .........................................................................355 3.1. Sendmail .................................................................................355 3.2. Postfix .....................................................................................359 3.3. Fetchmail .................................................................................361 4. Mail Transport Agent (MTA) Configuration ............................................365 5. Mail Delivery Agents ...........................................................................366 5.1. Procmail Configuration .............................................................367 5.2. Procmail Recipes .....................................................................368 6. Mail User Agents ................................................................................373 6.1. Securing Communication ..........................................................373 7. Additional Resources ..........................................................................375 7.1. Installed Documentation ...........................................................375 7.2. Useful Websites .......................................................................376 7.3. Related Books .........................................................................37624. Lightweight Directory Access Protocol (LDAP) ............................................377 1. Why Use LDAP? .................................................................................377 1.1. OpenLDAP Features ................................................................377 2. LDAP Terminology ..............................................................................378 3. OpenLDAP Daemons and Utilities ........................................................379 3.1. NSS, PAM, and LDAP ..............................................................381 3.2. PHP4, LDAP, and the Apache HTTP Server ..............................381 3.3. LDAP Client Applications ..........................................................382 xi
  11. 11. Red Hat Enterprise Linux 5.0.0 4. OpenLDAP Configuration Files ............................................................382 5. The /etc/openldap/schema/ Directory ...................................................382 6. OpenLDAP Setup Overview .................................................................383 6.1. Editing /etc/openldap/slapd.conf ................................................384 7. Configuring a System to Authenticate Using OpenLDAP ........................385 7.1. PAM and LDAP ........................................................................386 7.2. Migrating Old Authentication Information to LDAP Format ...........386 8. Migrating Directories from Earlier Releases ..........................................387 9. Additional Resources ..........................................................................387 9.1. Installed Documentation ...........................................................387 9.2. Useful Websites .......................................................................389 9.3. Related Books .........................................................................389 25. Authentication Configuration ......................................................................390 1. User Information .................................................................................390 2. Authentication .....................................................................................393 3. Options ..............................................................................................395 4. Command Line Version .......................................................................397IV. System Configuration .........................................................................................400 26. Console Access ........................................................................................401 1. Disabling Shutdown Via CtrlAltDel ........................................................401 2. Disabling Console Program Access ......................................................402 3. Defining the Console ...........................................................................402 4. Making Files Accessible From the Console ...........................................402 5. Enabling Console Access for Other Applications ...................................403 6. The floppy Group ................................................................................404 27. The sysconfig Directory .............................................................................405 1. Files in the /etc/sysconfig/ Directory .....................................................405 1.1. /etc/sysconfig/amd ...................................................................405 1.2. /etc/sysconfig/apmd ..................................................................405 1.3. /etc/sysconfig/arpwatch ............................................................405 1.4. /etc/sysconfig/authconfig ...........................................................405 1.5. /etc/sysconfig/autofs .................................................................406 1.6. /etc/sysconfig/clock ..................................................................406 1.7. /etc/sysconfig/desktop ..............................................................407 1.8. /etc/sysconfig/dhcpd .................................................................408 1.9. /etc/sysconfig/exim ...................................................................408 1.10. /etc/sysconfig/firstboot ............................................................408 1.11. /etc/sysconfig/gpm ..................................................................408 1.12. /etc/sysconfig/hwconf ..............................................................409 1.13. /etc/sysconfig/i18n ..................................................................409 1.14. /etc/sysconfig/init ....................................................................409 1.15. /etc/sysconfig/ip6tables-config .................................................410 1.16. /etc/sysconfig/iptables-config ...................................................410 1.17. /etc/sysconfig/irda ...................................................................410 1.18. /etc/sysconfig/keyboard ..........................................................411 1.19. /etc/sysconfig/kudzu ...............................................................411 1.20. /etc/sysconfig/named ..............................................................412 1.21. /etc/sysconfig/netdump ...........................................................412 1.22. /etc/sysconfig/network ............................................................412 1.23. /etc/sysconfig/ntpd ..................................................................412 xii
  12. 12. Red Hat Enterprise Linux 5.0.0 1.24. /etc/sysconfig/radvd ................................................................413 1.25. /etc/sysconfig/samba ..............................................................413 1.26. /etc/sysconfig/selinux ..............................................................413 1.27. /etc/sysconfig/sendmail ...........................................................413 1.28. /etc/sysconfig/spamassassin ...................................................414 1.29. /etc/sysconfig/squid ................................................................414 1.30. /etc/sysconfig/system-config-selinux ........................................414 1.31. /etc/sysconfig/system-config-users ..........................................414 1.32. /etc/sysconfig/system-logviewer ..............................................414 1.33. /etc/sysconfig/tux ....................................................................414 1.34. /etc/sysconfig/vncservers ........................................................415 1.35. /etc/sysconfig/xinetd ...............................................................415 2. Directories in the /etc/sysconfig/ Directory .............................................415 3. Additional Resources ..........................................................................416 3.1. Installed Documentation ...........................................................41628. Date and Time Configuration .....................................................................417 1. Time and Date Properties ....................................................................417 2. Network Time Protocol (NTP) Properties ..............................................418 3. Time Zone Configuration .....................................................................42029. Keyboard Configuration .............................................................................42230. The X Window System ..............................................................................423 1. The X11R7.1 Release .........................................................................423 2. Desktop Environments and Window Managers .....................................424 2.1. Desktop Environments ..............................................................424 2.2. Window Managers ...................................................................425 3. X Server Configuration Files ................................................................426 3.1. xorg.conf .................................................................................426 4. Fonts ..................................................................................................432 4.1. Fontconfig ................................................................................433 4.2. Core X Font System .................................................................434 5. Runlevels and X ..................................................................................436 5.1. Runlevel 3 ...............................................................................436 5.2. Runlevel 5 ...............................................................................437 6. Additional Resources ..........................................................................438 6.1. Installed Documentation ...........................................................438 6.2. Useful Websites .......................................................................43831. X Window System Configuration ................................................................439 1. Display Settings ..................................................................................439 2. Display Hardware Settings ...................................................................440 3. Dual Head Display Settings .................................................................44132. Users and Groups .....................................................................................443 1. User and Group Configuration .............................................................443 1.1. Adding a New User ..................................................................444 1.2. Modifying User Properties .........................................................446 1.3. Adding a New Group ................................................................447 1.4. Modifying Group Properties .......................................................448 2. User and Group Management Tools .....................................................449 2.1. Command Line Configuration ....................................................449 2.2. Adding a User ..........................................................................449 2.3. Adding a Group ........................................................................450 xiii
  13. 13. Red Hat Enterprise Linux 5.0.0 2.4. Password Aging .......................................................................451 2.5. Explaining the Process .............................................................453 3. Standard Users ...................................................................................455 4. Standard Groups ................................................................................456 5. User Private Groups ............................................................................459 5.1. Group Directories .....................................................................459 6. Shadow Passwords .............................................................................460 7. Additional Resources ..........................................................................460 7.1. Installed Documentation ...........................................................460 33. Printer Configuration .................................................................................462 1. Adding a Local Printer .........................................................................463 2. Adding an IPP Printer ..........................................................................464 3. Adding a Samba (SMB) Printer ............................................................465 4. Adding a JetDirect Printer ....................................................................467 5. Selecting the Printer Model and Finishing .............................................468 5.1. Confirming Printer Configuration ...............................................469 6. Printing a Test Page ............................................................................469 7. Modifying Existing Printers ...................................................................469 7.1. The Settings Tab ......................................................................469 7.2. The Policies Tab ......................................................................470 7.3. The Access Control Tab ...........................................................471 7.4. The Printer and Job OptionsTab ................................................472 8. Managing Print Jobs ...........................................................................473 9. Additional Resources ..........................................................................474 9.1. Installed Documentation ...........................................................475 9.2. Useful Websites .......................................................................475 34. Automated Tasks ......................................................................................476 1. Cron ...................................................................................................476 1.1. Configuring Cron Tasks ............................................................476 1.2. Controlling Access to Cron ........................................................478 1.3. Starting and Stopping the Service .............................................478 2. At and Batch .......................................................................................478 2.1. Configuring At Jobs ..................................................................478 2.2. Configuring Batch Jobs .............................................................479 2.3. Viewing Pending Jobs ..............................................................480 2.4. Additional Command Line Options .............................................480 2.5. Controlling Access to At and Batch ............................................480 2.6. Starting and Stopping the Service .............................................480 3. Additional Resources ..........................................................................480 3.1. Installed Documentation ...........................................................480 35. Log Files ..................................................................................................482 1. Locating Log Files ...............................................................................482 2. Viewing Log Files ................................................................................482 3. Adding a Log File ................................................................................484 4. Monitoring Log Files ............................................................................485V. System Monitoring ..............................................................................................489 36. SystemTap ...............................................................................................490 1. Introduction ........................................................................................490 2. Implementation ...................................................................................490 3. Using SystemTap ................................................................................491 xiv
  14. 14. Red Hat Enterprise Linux 5.0.0 3.1. Tracing ....................................................................................491 37. Gathering System Information ....................................................................493 1. System Processes ..............................................................................493 2. Memory Usage ...................................................................................495 3. File Systems .......................................................................................496 4. Hardware ...........................................................................................497 5. Additional Resources ..........................................................................500 5.1. Installed Documentation ...........................................................500 38. OProfile ....................................................................................................501 1. Overview of Tools ...............................................................................501 2. Configuring OProfile ............................................................................502 2.1. Specifying the Kernel ................................................................502 2.2. Setting Events to Monitor ..........................................................503 2.3. Separating Kernel and User-space Profiles ................................505 3. Starting and Stopping OProfile .............................................................506 4. Saving Data ........................................................................................507 5. Analyzing the Data ..............................................................................507 5.1. Using opreport .........................................................................508 5.2. Using opreport on a Single Executable ......................................508 5.3. Getting more detailed output on the modules .............................509 5.4. Using opannotate .....................................................................510 6. Understanding /dev/oprofile/ ................................................................510 7. Example Usage ..................................................................................511 8. Graphical Interface ..............................................................................511 9. Additional Resources ..........................................................................513 9.1. Installed Docs ..........................................................................513 9.2. Useful Websites .......................................................................514VI. Kernel and Driver Configuration ..........................................................................515 39. Manually Upgrading the Kernel ..................................................................516 1. Overview of Kernel Packages ..............................................................516 2. Preparing to Upgrade ..........................................................................517 3. Downloading the Upgraded Kernel .......................................................518 4. Performing the Upgrade ......................................................................519 5. Verifying the Initial RAM Disk Image .....................................................519 6. Verifying the Boot Loader ....................................................................520 6.1. x86 Systems ............................................................................520 6.2. Itanium Systems ......................................................................520 6.3. IBM S/390 and IBM System z Systems ......................................521 6.4. IBM eServer iSeries Systems ....................................................521 6.5. IBM eServer pSeries Systems ...................................................522 40. General Parameters and Modules ..............................................................523 1. Kernel Module Utilities .........................................................................523 2. Persistent Module Loading ..................................................................525 3. Specifying Module Parameters ............................................................526 4. Storage parameters ............................................................................526 5. Ethernet Parameters ...........................................................................532 5.1. Using Multiple Ethernet Cards ...................................................539 5.2. The Channel Bonding Module ...................................................539 6. Additional Resources ..........................................................................542 6.1. Installed Documentation ...........................................................542 xv
  15. 15. Red Hat Enterprise Linux 5.0.0 6.2. Useful Websites .......................................................................542VII. Security And Authentication ...............................................................................544 41. Security Overview .....................................................................................545 1. Introduction to Security ........................................................................545 1.1. What is Computer Security? ......................................................545 1.2. Security Controls ......................................................................547 1.3. Conclusion ...............................................................................548 2. Vulnerability Assessment .....................................................................548 2.1. Thinking Like the Enemy ...........................................................549 2.2. Defining Assessment and Testing .............................................549 2.3. Evaluating the Tools .................................................................551 3. Attackers and Vulnerabilities ................................................................553 3.1. A Quick History of Hackers .......................................................553 3.2. Threats to Network Security ......................................................554 3.3. Threats to Server Security ........................................................555 3.4. Threats to Workstation and Home PC Security ...........................557 4. Common Exploits and Attacks .............................................................558 5. Security Updates ................................................................................561 5.1. Updating Packages ..................................................................561 42. Securing Your Network ..............................................................................567 1. Workstation Security ...........................................................................567 1.1. Evaluating Workstation Security ................................................567 1.2. BIOS and Boot Loader Security .................................................567 1.3. Password Security ...................................................................569 1.4. Administrative Controls .............................................................575 1.5. Available Network Services .......................................................582 1.6. Personal Firewalls ....................................................................586 1.7. Security Enhanced Communication Tools ..................................586 2. Server Security ...................................................................................587 2.1. Securing Services With TCP Wrappers and xinetd .....................587 2.2. Securing Portmap ....................................................................591 2.3. Securing NIS ...........................................................................592 2.4. Securing NFS ..........................................................................594 2.5. Securing the Apache HTTP Server ............................................595 2.6. Securing FTP ...........................................................................596 2.7. Securing Sendmail ...................................................................599 2.8. Verifying Which Ports Are Listening ...........................................600 3. Single Sign-on (SSO) ..........................................................................601 3.1. Introduction ..............................................................................601 3.2. Getting Started with your new Smart Card .................................603 3.3. How Smart Card Enrollment Works ...........................................604 3.4. How Smart Card Login Works ...................................................605 3.5. Configuring Firefox to use Kerberos for SSO ..............................606 4. Pluggable Authentication Modules (PAM) .............................................609 4.1. Advantages of PAM ..................................................................609 4.2. PAM Configuration Files ...........................................................609 4.3. PAM Configuration File Format .................................................609 4.4. Sample PAM Configuration Files ...............................................612 4.5. Creating PAM Modules .............................................................614 4.6. PAM and Administrative Credential Caching ..............................614 xvi
  16. 16. Red Hat Enterprise Linux 5.0.0 4.7. PAM and Device Ownership .....................................................616 4.8. Additional Resources ................................................................617 5. TCP Wrappers and xinetd ....................................................................618 5.1. TCP Wrappers .........................................................................619 5.2. TCP Wrappers Configuration Files ............................................621 5.3. xinetd ......................................................................................628 5.4. xinetd Configuration Files .........................................................628 5.5. Additional Resources ................................................................634 6. Kerberos ............................................................................................635 6.1. What is Kerberos? ....................................................................635 6.2. Kerberos Terminology ..............................................................637 6.3. How Kerberos Works ................................................................638 6.4. Kerberos and PAM ...................................................................640 6.5. Configuring a Kerberos 5 Server ...............................................640 6.6. Configuring a Kerberos 5 Client .................................................642 6.7. Domain-to-Realm Mapping .......................................................644 6.8. Setting Up Secondary KDCs .....................................................644 6.9. Setting Up Cross Realm Authentication .....................................645 6.10. Additional Resources ..............................................................649 7. Virtual Private Networks (VPNs) ...........................................................650 7.1. How Does a VPN Work? ...........................................................651 7.2. VPNs and Red Hat Enterprise Linux ..........................................651 7.3. IPsec .......................................................................................651 7.4. Creating an IPsec Connection ...................................................652 7.5. IPsec Installation ......................................................................652 7.6. IPsec Host-to-Host Configuration ..............................................653 7.7. IPsec Network-to-Network Configuration ....................................659 7.8. Starting and Stopping an IPsec Connection ...............................666 8. Firewalls .............................................................................................666 8.1. Netfilter and IPTables ...............................................................668 8.2. Basic Firewall Configuration ......................................................668 8.3. Using IPTables ........................................................................672 8.4. Common IPTables Filtering .......................................................674 8.5. FORWARD and NAT Rules ......................................................675 8.6. Malicious Software and Spoofed IP Addresses ...........................677 8.7. IPTables and Connection Tracking ............................................678 8.8. IPv6 ........................................................................................679 8.9. Additional Resources ................................................................679 9. IPTables .............................................................................................680 9.1. Packet Filtering ........................................................................680 9.2. Differences Between IPTables and IPChains .............................682 9.3. Command Options for IPTables ................................................683 9.4. Saving IPTables Rules .............................................................692 9.5. IPTables Control Scripts ...........................................................693 9.6. IPTables and IPv6 ....................................................................695 9.7. Additional Resources ................................................................69543. Security and SELinux ................................................................................697 1. Access Control Mechanisms (ACMs) ....................................................697 1.1. Discretionary Access Control (DAC) ..........................................697 1.2. Access Control Lists (ACLs) ......................................................697 xvii
  17. 17. Red Hat Enterprise Linux 5.0.0 1.3. Mandatory Access Control (MAC) .............................................697 1.4. Role-based Access Control (RBAC) ..........................................697 1.5. Multi-Level Security (MLS) ........................................................698 1.6. Multi-Category Security (MCS) ..................................................698 2. Introduction to SELinux .......................................................................698 2.1. SELinux Overview ....................................................................698 2.2. Files Related to SELinux ...........................................................699 2.3. Additional Resources ................................................................703 3. Brief Background and History of SELinux .............................................704 4. Multi-Category Security (MCS) .............................................................704 4.1. Introduction ..............................................................................704 4.2. Applications for Multi-Category Security .....................................705 4.3. SELinux Security Contexts ........................................................705 5. Getting Started with Multi-Category Security (MCS) ..............................706 5.1. Introduction ..............................................................................706 5.2. Comparing SELinux and Standard Linux User Identities .............706 5.3. Configuring Categories .............................................................707 5.4. Assigning Categories to Users ..................................................708 5.5. Assigning Categories to Files ....................................................709 6. Multi-Level Security (MLS) ...................................................................711 6.1. Why Multi-Level? ......................................................................711 6.2. Security Levels, Objects and Subjects .......................................713 6.3. MLS Policy ..............................................................................714 6.4. LSPP Certification ....................................................................715 7. SELinux Policy Overview .....................................................................715 7.1. What is the SELinux Policy? .....................................................715 7.2. Where is the Policy? .................................................................716 7.3. The Role of Policy in the Boot Process ......................................718 7.4. Object Classes and Permissions ...............................................719 8. Targeted Policy Overview ....................................................................720 8.1. What is the Targeted Policy? ....................................................720 8.2. Files and Directories of the Targeted Policy ...............................720 8.3. Understanding the Users and Roles in the Targeted Policy .........72144. Working With SELinux ...............................................................................723 1. End User Control of SELinux ...............................................................723 1.1. Moving and Copying Files .........................................................723 1.2. Checking the Security Context of a Process, User, or File Object 724 1.3. Relabeling a File or Directory ....................................................725 1.4. Creating Archives That Retain Security Contexts ........................728 2. Administrator Control of SELinux ..........................................................729 2.1. Viewing the Status of SELinux ..................................................729 2.2. Relabeling a File System ..........................................................730 2.3. Managing NFS Home Directories ..............................................731 2.4. Granting Access to a Directory or a Tree ...................................732 2.5. Backing Up and Restoring the System .......................................732 2.6. Enabling or Disabling Enforcement ............................................732 2.7. Enable or Disable SELinux .......................................................735 2.8. Changing the Policy .................................................................736 2.9. Specifying the Security Context of Entire File Systems ...............738 2.10. Changing the Security Category of a File or User .....................739 xviii
  18. 18. Red Hat Enterprise Linux 5.0.0 2.11. Running a Command in a Specific Security Context .................739 2.12. Useful Commands for Scripts ..................................................739 2.13. Changing to a Different Role ...................................................740 2.14. When to Reboot .....................................................................740 3. Analyst Control of SELinux ..................................................................740 3.1. Enabling Kernel Auditing ...........................................................740 3.2. Dumping and Viewing Logs .......................................................741 45. Customizing SELinux Policy .......................................................................742 1. Introduction ........................................................................................742 1.1. Modular Policy .........................................................................742 2. Building a Local Policy Module .............................................................743 2.1. Using audit2allow to Build a Local Policy Module ........................743 2.2. Analyzing the Type Enforcement (TE) File .................................743 2.3. Loading the Policy Package ......................................................744 46. References ...............................................................................................745VIII. Red Hat Training And Certification ....................................................................747 47. Red Hat Training and Certification ..............................................................748 1. Three Ways to Train ............................................................................748 2. Microsoft Certified Professional Resource Center ..................................748 48. Certification Tracks ...................................................................................749 1. Free Pre-assessment tests ..................................................................749 49. RH033: Red Hat Linux Essentials ...............................................................750 1. Course Description ..............................................................................750 1.1. Prerequisites ............................................................................750 1.2. Goal ........................................................................................750 1.3. Audience .................................................................................750 1.4. Course Objectives ....................................................................750 1.5. Follow-on Courses ...................................................................751 50. RH035: Red Hat Linux Essentials for Windows Professionals ......................752 1. Course Description ..............................................................................752 1.1. Prerequisites ............................................................................752 1.2. Goal ........................................................................................752 1.3. Audience .................................................................................752 1.4. Course Objectives ....................................................................752 1.5. Follow-on Courses ...................................................................753 51. RH133: Red Hat Linux System Administration and Red Hat Certified Technician (RHCT) Certification ........................................................................................754 1. Course Description ..............................................................................754 1.1. Prerequisites ............................................................................754 1.2. Goal ........................................................................................754 1.3. Audience .................................................................................754 1.4. Course Objectives ....................................................................754 1.5. Follow-on Courses ...................................................................755 52. RH202 RHCT EXAM - The fastest growing credential in all of Linux. ............756 1. Course Description ..............................................................................756 1.1. Prerequisites ............................................................................756 53. RH253 Red Hat Linux Networking and Security Administration .....................757 1. Course Description ..............................................................................757 1.1. Prerequisites ............................................................................757 1.2. Goal ........................................................................................757 xix
  19. 19. Red Hat Enterprise Linux 5.0.0 1.3. Audience .................................................................................757 1.4. Course Objectives ....................................................................757 1.5. Follow-on Courses ...................................................................75854. RH300: RHCE Rapid track course (and RHCE exam) .................................759 1. Course Description ..............................................................................759 1.1. Prerequisites ............................................................................759 1.2. Goal ........................................................................................759 1.3. Audience .................................................................................759 1.4. Course Objectives ....................................................................759 1.5. Follow-on Courses ...................................................................75955. RH302 RHCE EXAM .................................................................................761 1. Course Description ..............................................................................761 1.1. Prerequisites ............................................................................761 1.2. Content ...................................................................................76156. RHS333: RED HAT enterprise security: network services ............................762 1. Course Description ..............................................................................762 1.1. Prerequisites ............................................................................762 1.2. Goal ........................................................................................762 1.3. Audience .................................................................................762 1.4. Course Objectives ....................................................................762 1.5. Follow-on Courses ...................................................................76357. RH401: Red Hat Enterprise Deployment and systems management .............764 1. Course Description ..............................................................................764 1.1. Prerequisites ............................................................................764 1.2. Goal ........................................................................................764 1.3. Audience .................................................................................764 1.4. Course Objectives ....................................................................764 1.5. Follow-on Courses ...................................................................76558. RH423: Red Hat Enterprise Directory services and authentication ................766 1. Course Description ..............................................................................766 1.1. Prerequisites ............................................................................766 1.2. Goal ........................................................................................766 1.3. Audience .................................................................................766 1.4. Course Objectives ....................................................................766 1.5. Follow-on Courses ...................................................................76759. SE Linux Courses .....................................................................................768 1. RHS427: Introduction to SELinux and Red Hat Targeted Policy .............768 1.1. Audience .................................................................................768 1.2. Course Summary .....................................................................768 2. RHS429: Red Hat Enterprise SE Linux Policy Administration .................76860. RH436: Red Hat Enterprise storage management .......................................769 1. Course Description ..............................................................................769 1.1. Prerequisites ............................................................................769 1.2. Goal ........................................................................................769 1.3. Audience .................................................................................769 1.4. Course Objectives ....................................................................769 1.5. Follow-on Courses ...................................................................77061. RH442: Red Hat Enterprise system monitoring and performance tuning .......771 1. Course Description ..............................................................................771 1.1. Prerequisites ............................................................................771 xx
  20. 20. Red Hat Enterprise Linux 5.0.0 1.2. Goal ........................................................................................771 1.3. Audience .................................................................................771 1.4. Course Objectives ....................................................................771 1.5. Follow-on Courses ...................................................................77262. Red Hat Enterprise Linux Developer Courses .............................................773 1. RHD143: Red Hat Linux Programming Essentials .................................773 2. RHD221 Red Hat Linux Device Drivers ................................................773 3. RHD236 Red Hat Linux Kernel Internals ...............................................773 4. RHD256 Red Hat Linux Application Development and Porting ...............77363. JBoss Courses ..........................................................................................774 1. RHD161 JBoss and EJB3 for Java .......................................................774 1.1. Prerequisites ............................................................................774 2. RHD163 JBoss for Web Developers .....................................................774 2.1. Prerequisites ............................................................................774 3. RHD167: JBOSS - HIBERNATE ESSENTIALS .....................................775 3.1. Prerequisites ............................................................................775 3.2. Course Summary .....................................................................775 4. RHD267: JBOSS - ADVANCED HIBERNATE .......................................775 4.1. Prerequisites ............................................................................776 5. RHD261:JBOSS for advanced J2EE developers ...................................776 5.1. Prerequisites ............................................................................776 6. RH336: JBOSS for Administrators ........................................................777 6.1. Prerequisites ............................................................................777 6.2. Course Summary .....................................................................777 7. RHD439: JBoss Clustering ..................................................................778 7.1. Prerequisites ............................................................................778 8. RHD449: JBoss jBPM .........................................................................778 8.1. Description ..............................................................................779 8.2. Prerequisites ............................................................................779 9. RHD451 JBoss Rules ..........................................................................779 9.1. Prerequisites ............................................................................779 xxi
  21. 21. IntroductionWelcome to the Red Hat Enterprise Linux Deployment Guide.The Red Hat Enterprise Linux Deployment Guide contains information on how to customizeyour Red Hat Enterprise Linux system to fit your needs. If you are looking for a comprehensive,task-oriented guide for configuring and customizing your system, this is the manual for you.This manual discusses many intermediate topics such as the following:• Setting up a network interface card (NIC)• Configuring a Virtual Private Network (VPN)• Configuring Samba shares• Managing your software with RPM• Determining information about your system• Upgrading your kernelThis manual is divided into the following main categories:• File systems• Package management• Network-related configuration• System configuration• System monitoring• Kernel and Driver Configuration• Security and Authentication• Red Hat Training and CertificationThis guide assumes you have a basic understanding of your Red Hat Enterprise Linux system.If you need help installing Red Hat Enterprise Linux, refer to the Red Hat Enterprise Linux In-stallation Guide.1. Document ConventionsIn this manual, certain words are represented in different fonts, typefaces, sizes, and weights.This highlighting is systematic; different words are represented in the same style to indicate theirinclusion in a specific category. The types of words that are represented this way include the fol-lowing:command xxii

×