red_hat_enterprise_linux-7-system_administrators_guide-en-us.pdf

Red Hat Enterprise Linux 7
System Administrator’s Guide
Deployment, configuration, and administration of RHEL 7
Last Updated: 2022-07-14

Red Hat Enterprise Linux 7 System Administrator’s Guide
Deployment, configuration, and administration of RHEL 7

Legal Notice
Copyright © 2022 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons
Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is
available at
http://creativecommons.org/licenses/by-sa/3.0/
. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must
provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,
Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift,
Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States
and other countries.
Linux ® is the registered trademark of Linus Torvalds in the United States and other countries.
Java ® is a registered trademark of Oracle and/or its affiliates.
XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States
and/or other countries.
MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and
other countries.
Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the
official Joyent Node.js open source or commercial project.
The OpenStack ® Word Mark and OpenStack logo are either registered trademarks/service marks
or trademarks/service marks of the OpenStack Foundation, in the United States and other
countries and are used with the OpenStack Foundation's permission. We are not affiliated with,
endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Abstract
The System Administrator's Guide documents relevant information regarding the deployment,
configuration, and administration of Red Hat Enterprise Linux 7. It is oriented towards system
administrators with a basic understanding of the system. To expand your expertise, you might also
be interested in the Red Hat System Administration I (RH124), Red Hat System Administration II
(RH134), Red Hat System Administration III (RH254), or RHCSA Rapid Track (RH199) training
courses. If you want to use Red Hat Enterprise Linux 7 with the Linux Containers functionality, see
Product Documentation for Red Hat Enterprise Linux Atomic Host. For an overview of general Linux
Containers concept and their current capabilities implemented in Red Hat Enterprise Linux 7, see

Overview of Containers in Red Hat Systems. The topics related to containers management and
administration are described in the Red Hat Enterprise Linux Atomic Host 7 Managing Containers
guide.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents
PART I. BASIC SYSTEM CONFIGURATION
CHAPTER 1. GETTING STARTED
What web console Is and Which Tasks It Can Be Used For
1.1. BASIC CONFIGURATION OF THE ENVIRONMENT
1.1.1. Introduction to Configuring the Date and Time
Displaying the Current Date and Time
1.1.2. Introduction to Configuring the System Locale
1.1.3. Introduction to Configuring the Keyboard Layout
1.2. CONFIGURING AND INSPECTING NETWORK ACCESS
1.2.1. Configuring Network Access During the Installation Process
1.2.2. Managing Network Connections After the Installation Process Using nmcli
1.2.3. Managing Network Connections After the Installation Process Using nmtui
1.2.4. Managing Networking in web console
1.3. THE BASICS OF REGISTERING THE SYSTEM AND MANAGING SUBSCRIPTIONS
1.3.1. What Red Hat Subscriptions Are and Which Tasks They Can Be Used For
1.3.2. Registering the System During the Installation
1.3.3. Registering the System after the Installation
1.3.4. Registering a System to EUS Content
1.3.5. Registering a System to E4S Content
1.4. INSTALLING SOFTWARE
1.4.1. Prerequisites for Software Installation
1.4.2. Introduction to the System of Software Packaging and Software Repositories
1.4.3. Managing Basic Software Installation Tasks with Subscription Manager and Yum
1.5. MAKING SYSTEMD SERVICES START AT BOOT TIME
1.5.1. Enabling or Disabling the Services
1.5.2. Managing Services in web console
1.5.3. Additional Resources on systemd Services
1.6. ENHANCING SYSTEM SECURITY WITH A FIREWALL, SELINUX AND SSH LOGINGS
1.6.1. Ensuring the Firewall Is Enabled and Running
1.6.1.1. What a Firewall Is and How It Enhances System Security
1.6.1.2. Re-enabling the firewalld Service
1.6.2. Ensuring the Appropriate State of SELinux
1.6.2.1. What SELinux Is and How It Enhances System Security
SELinux States
SELinux Modes
1.6.2.2. Ensuring the Required State of SELinux
1.6.2.3. Managing SELinux in web console
1.6.3. Using SSH-based Authentication
1.6.3.1. What SSH-based Authentication Is and How It Enhances System Security
1.6.3.2. Establishing an SSH Connection
1.6.3.3. Disabling SSH Root Login
1.7. THE BASICS OF MANAGING USER ACCOUNTS
Normal and System Accounts
What Groups Are and Which Purposes They Can Be Used For
1.7.1. The Most Basic Command-Line Tools to Manage User Accounts and Groups
1.7.2. Managing User Accounts in web console
1.8. DUMPING THE CRASHED KERNEL USING THE KDUMP MECHANISM
1.8.1. What kdump Is and Which Tasks It Can Be Used For
1.8.2. Enabling and Activating kdump During the Installation Process
1.8.3. Ensuring That kdump Is Installed and Enabled after the Installation Process
21
22
22
23
23
23
24
24
24
25
25
26
26
26
26
27
27
28
29
30
30
31
31
32
32
33
33
33
33
34
34
34
34
34
34
35
36
36
36
36
37
37
37
38
38
39
39
39
40
40
Table of Contents
1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.8.4. Configuring kdump in web console
1.8.5. Additional Resources on kdump
1.9. PERFORMING SYSTEM RESCUE AND CREATING SYSTEM BACKUP WITH REAR
1.9.1. What ReaR Is and Which Tasks It Can Be Used For
1.9.2. Quickstart to Installation and Configuration of ReaR
1.9.3. Quickstart to Creation of the Rescue System with ReaR
1.9.4. Quickstart to Configuration of ReaR with the Backup Software
1.10. USING THE LOG FILES TO TROUBLESHOOT PROBLEMS
1.10.1. Services Handling the syslog Messages
1.10.2. Subdirectories Storing the syslog Messages
1.11. ACCESSING RED HAT SUPPORT
1.11.1. Obtaining Red Hat Support Through Red Hat Customer Portal
1.11.1.1. What the Red Hat Support Tool Is and Which Tasks It Can Be Used For
1.11.2. Using the SOS Report to Troubleshoot Problems
CHAPTER 2. SYSTEM LOCALE AND KEYBOARD CONFIGURATION
2.1. SETTING THE SYSTEM LOCALE
2.1.1. Displaying the Current Status
2.1.2. Listing Available Locales
2.1.3. Setting the Locale
2.1.4. Making System Locale Settings Permanent when Installing with Kickstart
2.2. CHANGING THE KEYBOARD LAYOUT
2.2.1. Displaying the Current Settings
2.2.2. Listing Available Keymaps
2.2.3. Setting the Keymap
2.3. ADDITIONAL RESOURCES
Installed Documentation
See Also
CHAPTER 3. CONFIGURING THE DATE AND TIME
3.1. USING THE TIMEDATECTL COMMAND
3.1.1. Displaying the Current Date and Time
3.1.2. Changing the Current Time
3.1.3. Changing the Current Date
3.1.4. Changing the Time Zone
3.1.5. Synchronizing the System Clock with a Remote Server
3.2. USING THE DATE COMMAND
3.2.2. Changing the Current Time
3.2.3. Changing the Current Date
3.3. USING THE HWCLOCK COMMAND
3.3.2. Setting the Date and Time
3.3.3. Synchronizing the Date and Time
See Also
CHAPTER 4. MANAGING USERS AND GROUPS
4.1. INTRODUCTION TO USERS AND GROUPS
Reserved User and Group IDs
4.1.1. User Private Groups
4.1.2. Shadow Passwords
4.2. MANAGING USERS IN A GRAPHICAL ENVIRONMENT
40
41
41
41
41
42
42
42
42
43
43
43
43
44
45
45
45
46
46
47
48
48
48
48
49
49
49
51
51
51
52
52
53
53
54
54
55
56
56
57
57
57
58
58
58
60
60
60
60
61
61
2

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2.1. Using the Users Settings Tool
4.3. USING COMMAND-LINE TOOLS
4.3.1. Adding a New User
4.3.2. Adding a New Group
4.3.3. Adding an Existing User to an Existing Group
4.3.4. Creating Group Directories
4.3.5. Setting Default Permissions for New Files Using umask
What umask consists of
How umask works
4.3.5.1. Managing umask in Shells
Displaying the current mask
Setting mask in shell using umask
Working with the default shell umask
Working with the default shell umask of a specific user
Setting default permissions for newly created home directories
Online Documentation
See Also
CHAPTER 5. ACCESS CONTROL LISTS
5.1. MOUNTING FILE SYSTEMS
5.1.1. NFS
5.2. SETTING ACCESS ACLS
5.3. SETTING DEFAULT ACLS
5.4. RETRIEVING ACLS
5.5. ARCHIVING FILE SYSTEMS WITH ACLS
5.6. COMPATIBILITY WITH OLDER SYSTEMS
5.7. ACL REFERENCES
CHAPTER 6. GAINING PRIVILEGES
6.1. CONFIGURING ADMINISTRATIVE ACCESS USING THE SU UTILITY
6.2. CONFIGURING ADMINISTRATIVE ACCESS USING THE SUDO UTILITY
See Also
PART II. SUBSCRIPTION AND SUPPORT
CHAPTER 7. REGISTERING THE SYSTEM AND MANAGING SUBSCRIPTIONS
7.1. REGISTERING THE SYSTEM AND ATTACHING SUBSCRIPTIONS
7.2. MANAGING SOFTWARE REPOSITORIES
7.3. REMOVING SUBSCRIPTIONS
Related Books
See Also
CHAPTER 8. ACCESSING SUPPORT USING THE RED HAT SUPPORT TOOL
8.1. INSTALLING THE RED HAT SUPPORT TOOL
8.2. REGISTERING THE RED HAT SUPPORT TOOL USING THE COMMAND LINE
8.3. USING THE RED HAT SUPPORT TOOL IN INTERACTIVE SHELL MODE
8.4. CONFIGURING THE RED HAT SUPPORT TOOL
61
63
64
67
68
68
69
69
69
70
70
71
71
72
72
72
72
73
73
74
74
74
74
76
76
76
77
78
79
79
80
82
82
82
82
83
84
84
84
85
86
86
86
86
87
87
87
87
87
Table of Contents
3

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.4.1. Saving Settings to the Configuration Files
8.5. OPENING AND UPDATING SUPPORT CASES USING INTERACTIVE MODE
8.6. VIEWING SUPPORT CASES ON THE COMMAND LINE
PART III. INSTALLING AND MANAGING SOFTWARE
CHAPTER 9. YUM
9.1. CHECKING FOR AND UPDATING PACKAGES
9.1.1. Checking For Updates
9.1.2. Updating Packages
Updating a Single Package
9.1.3. Upgrading the System Off-line with ISO and Yum
9.2. WORKING WITH PACKAGES
9.2.1. Searching Packages
9.2.2. Listing Packages
9.2.3. Displaying Package Information
9.2.4. Installing Packages
9.2.5. Downloading Packages
9.2.6. Removing Packages
9.3. WORKING WITH PACKAGE GROUPS
9.3.1. Listing Package Groups
9.3.2. Installing a Package Group
9.3.3. Removing a Package Group
9.4. WORKING WITH TRANSACTION HISTORY
9.4.1. Listing Transactions
9.4.2. Examining Transactions
9.4.3. Reverting and Repeating Transactions
9.4.4. Starting New Transaction History
9.5. CONFIGURING YUM AND YUM REPOSITORIES
9.5.1. Setting [main] Options
9.5.2. Setting [repository] Options
9.5.3. Using Yum Variables
9.5.4. Viewing the Current Configuration
9.5.5. Adding, Enabling, and Disabling a Yum Repository
9.5.6. Creating a Yum Repository
9.5.6.1. Adding packages to an already created yum repository
9.5.7. Adding the Optional and Supplementary Repositories
9.6. YUM PLUG-INS
9.6.1. Enabling, Configuring, and Disabling Yum Plug-ins
9.6.2. Installing Additional Yum Plug-ins
9.6.3. Working with Yum Plug-ins
9.7. AUTOMATICALLY REFRESHING PACKAGE DATABASE AND DOWNLOADING UPDATES WITH YUM-
CRON
9.7.1. Enabling Automatic Installation of Updates
9.7.2. Setting up Optional Email Notifications
9.7.3. Enabling or Disabling Specific Repositories
9.7.4. Testing Yum-cron Settings
9.7.5. Disabling Yum-cron messages
9.7.6. Automatically Cleaning Packages
Online Resources
88
89
91
91
92
93
93
93
94
94
96
98
98
99
101
102
105
106
106
107
108
109
110
110
114
115
116
116
117
120
122
123
124
126
127
127
127
128
128
129
131
131
131
132
132
132
133
133
133
133
4

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
See Also
PART IV. INFRASTRUCTURE SERVICES
CHAPTER 10. MANAGING SERVICES WITH SYSTEMD
10.1. INTRODUCTION TO SYSTEMD
Overriding the Default systemd Configuration Using system.conf
10.1.1. Main Features
10.1.2. Compatibility Changes
10.2. MANAGING SYSTEM SERVICES
Specifying Service Units
Behavior of systemctl in a chroot Environment
10.2.1. Listing Services
10.2.2. Displaying Service Status
10.2.3. Starting a Service
10.2.4. Stopping a Service
10.2.5. Restarting a Service
10.2.6. Enabling a Service
10.2.7. Disabling a Service
10.2.8. Starting a Conflicting Service
10.3. WORKING WITH SYSTEMD TARGETS
10.3.1. Viewing the Default Target
10.3.2. Viewing the Current Target
10.3.3. Changing the Default Target
10.3.4. Changing the Current Target
10.3.5. Changing to Rescue Mode
10.3.6. Changing to Emergency Mode
10.4. SHUTTING DOWN, SUSPENDING, AND HIBERNATING THE SYSTEM
10.4.1. Shutting Down the System
Using systemctl Commands
Using the shutdown Command
10.4.2. Restarting the System
10.4.3. Suspending the System
10.4.4. Hibernating the System
10.5. CONTROLLING SYSTEMD ON A REMOTE MACHINE
10.6. CREATING AND MODIFYING SYSTEMD UNIT FILES
10.6.1. Understanding the Unit File Structure
10.6.2. Creating Custom Unit Files
10.6.3. Converting SysV Init Scripts to Unit Files
Finding the Service Description
Finding Service Dependencies
Finding Default Targets of the Service
Finding Files Used by the Service
10.6.4. Modifying Existing Unit Files
Extending the Default Unit Configuration
Overriding the Default Unit Configuration
Monitoring Overriden Units
10.6.5. Working with Instantiated Units
10.7. ADDITIONAL CONSIDERATIONS WHILE MANAGING SERVICES
See Also
133
134
135
135
136
136
137
138
139
140
140
141
143
143
144
144
145
146
146
147
147
148
149
149
150
150
151
151
151
152
152
152
153
153
154
158
162
163
163
163
164
165
166
167
168
169
171
173
173
173
174
Table of Contents
5

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CHAPTER 11. CONFIGURING A SYSTEM FOR ACCESSIBILITY
11.1. CONFIGURING THE BRLTTY SERVICE
Enable the brltty Service
Authorize Users to Use the Braille Display
Set the Braille Driver
Set the Braille Device
Set Specific Parameters for Particular Braille Displays
Set the Text Table
Set the Contraction Table
11.2. SWITCH ON ALWAYS SHOW UNIVERSAL ACCESS MENU
11.3. ENABLING THE FESTIVAL SPEECH SYNTHESIS SYSTEM
Choose a Voice for Festival
CHAPTER 12. OPENSSH
12.1. THE SSH PROTOCOL
12.1.1. Why Use SSH?
12.1.3. Protocol Versions
12.1.4. Event Sequence of an SSH Connection
12.1.4.1. Transport Layer
12.1.4.2. Authentication
12.1.4.3. Channels
12.2. CONFIGURING OPENSSH
12.2.1. Configuration Files
12.2.2. Starting an OpenSSH Server
12.2.3. Requiring SSH for Remote Connections
12.2.4. Using Key-based Authentication
12.2.4.1. Generating Key Pairs
12.2.4.2. Configuring ssh-agent
12.3. OPENSSH CLIENTS
12.3.1. Using the ssh Utility
12.3.2. Using the scp Utility
12.3.3. Using the sftp Utility
12.4. MORE THAN A SECURE SHELL
12.4.1. X11 Forwarding
12.4.2. Port Forwarding
See Also
CHAPTER 13. TIGERVNC
13.1. VNC SERVER
13.1.1. Installing VNC Server
13.1.2. Configuring VNC Server
13.1.2.1. Configuring VNC Server for Two Users
13.1.3. Starting VNC Server
13.1.3.1. Configuring VNC Server for Two Users and Two Different Displays
13.1.4. VNC setup based on xinetd with XDMCP for GDM
13.1.5. Terminating a VNC Session
13.2. SHARING AN EXISTING DESKTOP
13.3. VNC VIEWER
13.3.1. Installing VNC Viewer
175
175
175
175
176
177
177
178
178
178
179
180
182
182
182
182
183
183
183
184
185
185
185
187
188
188
189
191
193
194
195
196
197
197
197
198
199
199
199
200
200
200
200
201
201
202
202
204
204
204
205
6

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13.3.2. Connecting to VNC Server
13.3.2.1. Configuring the Firewall for VNC
13.3.3. Connecting to VNC Server Using SSH
Restricting VNC Access
PART V. SERVERS
CHAPTER 14. WEB SERVERS
14.1. THE APACHE HTTP SERVER
14.1.1. Notable Changes
14.1.2. Updating the Configuration
14.1.3. Running the httpd Service
14.1.3.1. Starting the Service
14.1.3.2. Stopping the Service
14.1.3.3. Restarting the Service
14.1.3.4. Verifying the Service Status
14.1.4. Editing the Configuration Files
14.1.5. Working with Modules
14.1.5.1. Loading a Module
14.1.5.2. Writing a Module
14.1.6. Setting Up Virtual Hosts
14.1.7. Setting Up an SSL Server
14.1.7.1. An Overview of Certificates and Security
14.1.8. Enabling the mod_ssl Module
14.1.8.1. Enabling and Disabling SSL and TLS in mod_ssl
14.1.9. Enabling the mod_nss Module
14.1.9.1. Enabling and Disabling SSL and TLS in mod_nss
14.1.10. Using an Existing Key and Certificate
14.1.11. Generating a New Key and Certificate
14.1.12. Configure the Firewall for HTTP and HTTPS Using the Command Line
14.1.12.1. Checking Network Access for Incoming HTTPS and HTTPS Using the Command Line
14.1.13. Additional Resources
Installable Documentation
CHAPTER 15. MAIL SERVERS
15.1. EMAIL PROTOCOLS
15.1.1. Mail Transport Protocols
15.1.1.1. SMTP
15.1.2. Mail Access Protocols
15.1.2.1. POP
15.1.2.2. IMAP
15.1.2.3. Dovecot
15.2. EMAIL PROGRAM CLASSIFICATIONS
15.2.1. Mail Transport Agent
15.2.2. Mail Delivery Agent
15.2.3. Mail User Agent
15.3. MAIL TRANSPORT AGENTS
15.3.1. Postfix
15.3.1.1. The Default Postfix Installation
15.3.1.2. Upgrading From a Previous Release
205
205
207
207
207
207
209
210
210
210
213
213
213
214
214
214
215
215
215
215
216
216
217
218
218
220
224
226
227
231
232
232
232
232
232
233
233
233
233
233
233
234
235
236
236
237
237
237
237
238
238
Table of Contents
7

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15.3.1.3. Basic Postfix Configuration
15.3.1.4. Using Postfix with LDAP
15.3.1.4.1. The /etc/aliases lookup example
15.3.2. Sendmail
15.3.2.1. Purpose and Limitations
15.3.2.2. The Default Sendmail Installation
15.3.2.3. Common Sendmail Configuration Changes
15.3.2.4. Masquerading
15.3.2.5. Stopping Spam
15.3.2.6. Using Sendmail with LDAP
15.3.3. Fetchmail
15.3.3.1. Fetchmail Configuration Options
15.3.3.2. Global Options
15.3.3.3. Server Options
15.3.3.4. User Options
15.3.3.5. Fetchmail Command Options
15.3.3.6. Informational or Debugging Options
15.3.3.7. Special Options
15.3.4. Mail Transport Agent (MTA) Configuration
15.4. MAIL DELIVERY AGENTS
15.4.1. Procmail Configuration
15.4.2. Procmail Recipes
15.4.2.1. Delivering vs. Non-Delivering Recipes
15.4.2.2. Flags
15.4.2.3. Specifying a Local Lockfile
15.4.2.4. Special Conditions and Actions
15.4.2.5. Recipe Examples
15.4.2.6. Spam Filters
15.5. MAIL USER AGENTS
15.5.1. Securing Communication
15.5.1.1. Secure Email Clients
15.5.1.2. Securing Email Client Communications
15.6. CONFIGURING MAIL SERVER WITH ANTISPAM AND ANTIVIRUS
15.6.1. Configuring Spam Filtering for Mail Transport Agent or Mail Delivery Agent
15.6.1.1. Configuring Spam Filtering in a Mail Transport Agent
15.6.1.2. Configuring Spam Filtering in a Mail Delivery Agent
15.6.2. Configuring Antivirus Protection
15.6.3. Using the EPEL Repository to install Antispam and Antivirus Software
15.7.1. Installed Documentation
15.7.2. Online Documentation
15.7.3. Related Books
CHAPTER 16. FILE AND PRINT SERVERS
16.1. SAMBA
16.1.1. The Samba Services
16.1.2. Verifying the smb.conf File by Using the testparm Utility
16.1.3. Understanding the Samba Security Modes
16.1.4. Setting up Samba as a Standalone Server
16.1.4.1. Setting up the Server Configuration for the Standalone Server
16.1.4.2. Creating and Enabling Local User Accounts
16.1.5. Setting up Samba as a Domain Member
16.1.5.1. Joining a Domain
239
239
239
240
240
240
241
242
243
243
244
245
246
246
246
247
247
248
248
248
249
250
250
251
251
252
252
253
255
255
255
255
256
256
256
257
257
258
258
258
259
259
261
261
261
262
263
263
263
264
265
265
8

16.1.5.2. Verifying That Samba Was Correctly Joined As a Domain Member
Verifying That the Operating System Can Retrieve Domain User Accounts and Groups
Verifying If AD Domain Users Can Obtain a Kerberos Ticket
Listing the Available Domains
16.1.5.3. Understanding ID Mapping
16.1.5.3.1. Planning ID Ranges
16.1.5.3.2. The * Default Domain
16.1.5.4. The Different ID Mapping Back Ends
16.1.5.4.1. Using the tdb ID Mapping Back End
16.1.5.4.2. Using the ad ID Mapping Back End
16.1.5.4.3. Using the rid ID Mapping Back End
16.1.5.4.4. Using the autorid ID Mapping Back End
16.1.6. Configuring File Shares on a Samba Server
16.1.6.1. Setting up a Share That Uses POSIX ACLs
16.1.6.1.1. Adding a Share That Uses POSIX ACLs
16.1.6.1.2. Setting ACLs
16.1.6.1.3. Setting Permissions on a Share
16.1.6.2. Setting up a Share That Uses Windows ACLs
16.1.6.2.1. Granting the SeDiskOperatorPrivilege Privilege
16.1.6.2.2. Enabling Windows ACL Support
16.1.6.2.3. Adding a Share That Uses Windows ACLs
16.1.6.2.4. Managing Share Permissions and File System ACLs of a Share That Uses Windows ACLs
16.1.6.3. Managing ACLs on an SMB Share Using smbcacls
16.1.6.3.1. Understanding Access Control Entries
16.1.6.3.2. Displaying ACLs Using smbcacls
16.1.6.3.3. Calculating an ACE Mask
16.1.6.3.4. Adding, Updating, And Removing an ACL Using smbcacls
16.1.6.4. Enabling Users to Share Directories on a Samba Server
16.1.6.4.1. Enabling the User Shares Feature
16.1.6.4.2. Adding a User Share
16.1.6.4.3. Updating Settings of a User Share
16.1.6.4.4. Displaying Information About Existing User Shares
16.1.6.4.5. Listing User Shares
16.1.6.4.6. Deleting a User Share
16.1.6.5. Enabling Guest Access to a Share
16.1.7. Setting up a Samba Print Server
16.1.7.1. The Samba spoolssd Service
16.1.7.2. Enabling Print Server Support in Samba
16.1.7.3. Manually Sharing Specific Printers
16.1.7.4. Setting up Automatic Printer Driver Downloads for Windows Clients
16.1.7.4.1. Basic Information about Printer Drivers
16.1.7.4.2. Enabling Users to Upload and Preconfigure Drivers
16.1.7.4.3. Setting up the print$ Share
16.1.7.4.4. Creating a GPO to Enable Clients to Trust the Samba Print Server
16.1.7.4.5. Uploading Drivers and Preconfiguring Printers
16.1.8. Tuning the Performance of a Samba Server
16.1.8.1. Setting the SMB Protocol Version
16.1.8.2. Tuning Shares with Directories That Contain a Large Number of Files
16.1.8.3. Settings That Can Have a Negative Performance Impact
16.1.9. Frequently Used Samba Command-line Utilities
16.1.9.1. Using the net Utility
16.1.9.1.1. Using the net ads join and net rpc join Commands
16.1.9.1.2. Using the net rpc rights Command
267
267
267
268
268
268
269
270
270
271
273
275
277
277
277
278
281
282
282
283
283
284
284
285
287
288
289
289
289
290
291
291
291
292
292
293
294
295
296
297
297
298
298
300
303
303
303
303
304
304
304
304
306
Table of Contents
9

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16.1.9.1.3. Using the net rpc share Command
16.1.9.1.4. Using the net user Command
16.1.9.1.5. Using the net usershare Command
16.1.9.2. Using the rpcclient Utility
16.1.9.3. Using the samba-regedit Application
16.1.9.4. Using the smbcacls Utility
16.1.9.5. Using the smbclient Utility
16.1.9.5.1. Using smbclient in Interactive Mode
16.1.9.5.2. Using smbclient in Scripting Mode
16.1.9.6. Using the smbcontrol Utility
16.1.9.7. Using the smbpasswd Utility
16.1.9.8. Using the smbstatus Utility
16.1.9.9. Using the smbtar Utility
16.1.9.10. Using the testparm Utility
16.1.9.11. Using the wbinfo Utility
16.2. FTP
16.2.1. The File Transfer Protocol
16.2.2. The vsftpd Server
16.2.2.1. Starting and Stopping vsftpd
16.2.2.2. Starting Multiple Copies of vsftpd
16.2.2.3. Encrypting vsftpd Connections Using TLS
16.2.2.4. SELinux Policy for vsftpd
16.2.3.1. Installed Documentation
16.2.3.2. Online Documentation
16.3. PRINT SETTINGS
16.3.1. Starting the Print Settings Configuration Tool
16.3.2. Starting Printer Setup
16.3.3. Adding a Local Printer
16.3.4. Adding an AppSocket/HP JetDirect printer
16.3.5. Adding an IPP Printer
16.3.6. Adding an LPD/LPR Host or Printer
16.3.7. Adding a Samba (SMB) printer
16.3.8. Selecting the Printer Model and Finishing
16.3.9. Printing a Test Page
16.3.10. Modifying Existing Printers
16.3.10.1. The Settings Page
16.3.10.2. The Policies Page
16.3.10.2.1. Sharing Printers
16.3.10.2.2. The Access Control Page
16.3.10.2.3. The Printer Options Page
16.3.10.2.4. Job Options Page
16.3.10.2.5. Ink/Toner Levels Page
16.3.10.3. Managing Print Jobs
CHAPTER 17. DATABASE SERVERS
17.1. MARIADB
17.1.1. Installing the MariaDB server
17.1.1.1. Improving MariaDB installation security
307
308
309
309
310
311
311
311
312
312
313
313
314
314
314
315
316
316
316
317
318
319
320
320
320
321
322
323
323
324
325
326
327
328
330
333
333
333
334
334
336
336
337
338
339
340
340
340
341
341
341
341
10

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17.1.2. Configuring the MariaDB server for networking
17.1.3. Backing up MariaDB data
17.1.3.1. Logical back up
17.1.3.2. Physical back up
CHAPTER 18. CONFIGURING NTP USING THE CHRONY SUITE
18.1. INTRODUCTION TO THE CHRONY SUITE
18.1.1. Differences Between ntpd and chronyd
18.1.2. Choosing Between NTP Daemons
18.2. UNDERSTANDING CHRONY AND ITS CONFIGURATION
18.2.1. Understanding chronyd and chronyc
18.2.2. Understanding the chrony Configuration Commands
18.2.3. Security with chronyc
18.3. USING CHRONY
18.3.1. Installing chrony
18.3.2. Checking the Status of chronyd
18.3.3. Starting chronyd
18.3.4. Stopping chronyd
18.3.5. Checking if chrony is Synchronized
18.3.5.1. Checking chrony Tracking
18.3.5.2. Checking chrony Sources
18.3.5.3. Checking chrony Source Statistics
18.3.6. Manually Adjusting the System Clock
18.4. SETTING UP CHRONY FOR DIFFERENT ENVIRONMENTS
18.4.1. Setting Up chrony for a System in an Isolated Network
18.5. USING CHRONYC
18.5.1. Using chronyc to Control chronyd
18.6. CHRONY WITH HW TIMESTAMPING
18.6.1. Understanding Hardware Timestamping
18.6.2. Verifying Support for Hardware Timestamping
18.6.3. Enabling Hardware Timestamping
18.6.4. Configuring Client Polling Interval
18.6.5. Enabling Interleaved Mode
18.6.6. Configuring Server for Large Number of Clients
18.6.7. Verifying Hardware Timestamping
18.6.8. Configuring PTP-NTP bridge
18.7.2. Online Documentation
CHAPTER 19. CONFIGURING NTP USING NTPD
19.1. INTRODUCTION TO NTP
19.2. NTP STRATA
19.3. UNDERSTANDING NTP
19.4. UNDERSTANDING THE DRIFT FILE
19.5. UTC, TIMEZONES, AND DST
19.6. AUTHENTICATION OPTIONS FOR NTP
19.7. MANAGING THE TIME ON VIRTUAL MACHINES
19.8. UNDERSTANDING LEAP SECONDS
19.9. UNDERSTANDING THE NTPD CONFIGURATION FILE
19.10. UNDERSTANDING THE NTPD SYSCONFIG FILE
19.11. DISABLING CHRONY
19.12. CHECKING IF THE NTP DAEMON IS INSTALLED
342
342
342
342
344
344
344
345
346
346
346
350
351
351
352
352
352
352
352
354
355
356
356
356
357
357
358
358
358
359
359
359
359
360
361
361
361
361
363
363
363
364
365
365
365
366
366
366
368
368
369
Table of Contents
11

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
19.13. INSTALLING THE NTP DAEMON (NTPD)
19.14. CHECKING THE STATUS OF NTP
19.15. CONFIGURE THE FIREWALL TO ALLOW INCOMING NTP PACKETS
19.15.1. Change the Firewall Settings
19.15.2. Open Ports in the Firewall for NTP Packets
19.16. CONFIGURE NTPDATE SERVERS
19.17. CONFIGURE NTP
19.17.1. Configure Access Control to an NTP Service
19.17.2. Configure Rate Limiting Access to an NTP Service
19.17.3. Adding a Peer Address
19.17.4. Adding a Server Address
19.17.5. Adding a Broadcast or Multicast Server Address
19.17.6. Adding a Manycast Client Address
19.17.7. Adding a Broadcast Client Address
19.17.8. Adding a Manycast Server Address
19.17.9. Adding a Multicast Client Address
19.17.10. Configuring the Burst Option
19.17.11. Configuring the iburst Option
19.17.12. Configuring Symmetric Authentication Using a Key
19.17.13. Configuring the Poll Interval
19.17.14. Configuring Server Preference
19.17.15. Configuring the Time-to-Live for NTP Packets
19.17.16. Configuring the NTP Version to Use
19.18. CONFIGURING THE HARDWARE CLOCK UPDATE
19.19. CONFIGURING CLOCK SOURCES
19.20.2. Useful Websites
CHAPTER 20. CONFIGURING PTP USING PTP4L
20.1. INTRODUCTION TO PTP
20.1.1. Understanding PTP
20.1.2. Advantages of PTP
20.2. USING PTP
20.2.1. Checking for Driver and Hardware Support
20.2.2. Installing PTP
20.2.3. Starting ptp4l
Starting ptp4l as a Service
Using ptp4l From The Command Line
Logging Messages From ptp4l
20.2.3.1. Selecting a Delay Measurement Mechanism
20.3. USING PTP WITH MULTIPLE INTERFACES
20.4. SPECIFYING A CONFIGURATION FILE
20.5. USING THE PTP MANAGEMENT CLIENT
20.6. SYNCHRONIZING THE CLOCKS
20.7. VERIFYING TIME SYNCHRONIZATION
20.8. SERVING PTP TIME WITH NTP
20.9. SERVING NTP TIME WITH PTP
20.10. SYNCHRONIZE TO PTP OR NTP TIME USING TIMEMASTER
20.10.1. Starting timemaster as a Service
20.10.2. Understanding the timemaster Configuration File
20.10.3. Configuring timemaster Options
20.11. IMPROVING ACCURACY
369
369
369
370
370
370
371
371
372
372
373
373
373
374
374
374
374
375
375
375
376
376
376
376
378
379
379
379
381
381
381
382
383
383
383
384
384
384
385
385
385
387
387
388
389
391
392
392
392
393
395
396
12

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
20.12.2. Useful Websites
PART VI. MONITORING AND AUTOMATION
CHAPTER 21. SYSTEM MONITORING TOOLS
21.1. VIEWING SYSTEM PROCESSES
21.1.1. Using the ps Command
21.1.2. Using the top Command
21.1.3. Using the System Monitor Tool
21.2. VIEWING MEMORY USAGE
21.2.1. Using the free Command
21.3. VIEWING CPU USAGE
21.4. VIEWING BLOCK DEVICES AND FILE SYSTEMS
21.4.1. Using the lsblk Command
21.4.2. Using the blkid Command
21.4.3. Using the findmnt Command
21.4.4. Using the df Command
21.4.5. Using the du Command
21.5. VIEWING HARDWARE INFORMATION
21.5.1. Using the lspci Command
21.5.2. Using the lsusb Command
21.5.3. Using the lscpu Command
21.6. CHECKING FOR HARDWARE ERRORS
21.7. MONITORING PERFORMANCE WITH NET-SNMP
21.7.1. Installing Net-SNMP
21.7.2. Running the Net-SNMP Daemon
21.7.2.1. Starting the Service
21.7.2.2. Stopping the Service
21.7.2.3. Restarting the Service
21.7.3. Configuring Net-SNMP
21.7.3.1. Setting System Information
21.7.3.2. Configuring Authentication
Configuring SNMP Version 2c Community
Configuring SNMP Version 3 User
21.7.4. Retrieving Performance Data over SNMP
21.7.4.1. Hardware Configuration
21.7.4.2. CPU and Memory Information
21.7.4.3. File System and Disk Information
21.7.4.4. Network Information
21.7.5. Extending Net-SNMP
21.7.5.1. Extending Net-SNMP with Shell Scripts
21.7.5.2. Extending Net-SNMP with Perl
CHAPTER 22. OPENLMI
22.1. ABOUT OPENLMI
22.1.2. Management Capabilities
396
396
396
398
399
399
399
400
401
402
402
403
404
404
404
404
405
406
407
408
409
409
409
410
411
412
413
413
414
414
414
415
415
415
416
416
417
418
418
419
420
421
421
422
424
426
427
428
428
428
428
Table of Contents
13

22.2. INSTALLING OPENLMI
22.2.1. Installing OpenLMI on a Managed System
22.2.2. Installing OpenLMI on a Client System
22.3. CONFIGURING SSL CERTIFICATES FOR OPENPEGASUS
22.3.1. Managing Self-signed Certificates
22.3.2. Managing Authority-signed Certificates with Identity Management (Recommended)
22.3.3. Managing Authority-signed Certificates Manually
22.4. USING LMISHELL
22.4.1. Starting, Using, and Exiting LMIShell
Starting LMIShell in Interactive Mode
Using Tab Completion
Browsing History
Handling Exceptions
Configuring a Temporary Cache
Exiting LMIShell
Running an LMIShell Script
22.4.2. Connecting to a CIMOM
Connecting to a Remote CIMOM
Connecting to a Local CIMOM
Verifying a Connection to a CIMOM
22.4.3. Working with Namespaces
Listing Available Namespaces
Accessing Namespace Objects
22.4.4. Working with Classes
Listing Available Classes
Accessing Class Objects
Examining Class Objects
Listing Available Methods
Listing Available Properties
Listing and Viewing ValueMap Properties
Fetching a CIMClass Object
22.4.5. Working with Instances
Accessing Instances
Examining Instances
Creating New Instances
Deleting Individual Instances
Listing and Accessing Available Properties
Listing and Using Available Methods
Listing and Viewing ValueMap Parameters
Refreshing Instance Objects
Displaying MOF Representation
22.4.6. Working with Instance Names
Accessing Instance Names
Examining Instance Names
Creating New Instance Names
Listing and Accessing Key Properties
Converting Instance Names to Instances
22.4.7. Working with Associated Objects
Accessing Associated Instances
Accessing Associated Instance Names
22.4.8. Working with Association Objects
Accessing Association Instances
Accessing Association Instance Names
429
429
430
431
432
433
434
435
435
435
436
436
436
437
437
437
437
437
438
438
439
439
440
440
440
441
441
442
442
443
445
445
445
446
447
448
448
449
451
453
454
454
454
455
455
456
457
457
457
459
460
460
461
14

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22.4.9. Working with Indications
Subscribing to Indications
Listing Subscribed Indications
Unsubscribing from Indications
Implementing an Indication Handler
22.4.10. Example Usage
Using the OpenLMI Service Provider
Using the OpenLMI Networking Provider
Using the OpenLMI Storage Provider
Using the OpenLMI Hardware Provider
22.5. USING OPENLMI SCRIPTS
See Also
CHAPTER 23. VIEWING AND MANAGING LOG FILES
23.1. LOCATING LOG FILES
23.2. BASIC CONFIGURATION OF RSYSLOG
23.2.1. Filters
23.2.2. Actions
Specifying Multiple Actions
23.2.3. Templates
Generating Dynamic File Names
Properties
Template Examples
23.2.4. Global Directives
23.2.5. Log Rotation
23.2.6. Increasing the Limit of Open Files
23.3. USING THE NEW CONFIGURATION FORMAT
23.3.1. Rulesets
23.3.2. Compatibility with sysklogd
23.4. WORKING WITH QUEUES IN RSYSLOG
23.4.1. Defining Queues
Direct Queues
Disk Queues
In-memory Queues
Disk-Assisted In-memory Queues
23.4.2. Creating a New Directory for rsyslog Log Files
23.4.3. Managing Queues
Limiting Queue Size
Discarding Messages
Using Timeframes
Configuring Worker Threads
Batch Dequeuing
Terminating Queues
23.4.4. Using the New Syntax for rsyslog queues
23.5. CONFIGURING RSYSLOG ON A LOGGING SERVER
23.5.1. Using The New Template Syntax on a Logging Server
23.6. USING RSYSLOG MODULES
23.6.1. Importing Text Files
23.6.2. Exporting Messages to a Database
23.6.3. Enabling Encrypted Transport
462
462
463
463
464
465
465
466
468
470
471
472
472
472
472
474
474
474
475
478
482
483
484
484
485
488
488
490
490
491
492
492
494
494
494
495
495
497
498
498
498
499
499
499
500
500
501
504
505
506
507
507
Table of Contents
15

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Encrypted Message Transfer with TLS
Configuring Encrypted Message Transfer with GSSAPI
23.6.4. Using RELP
Configuring RELP
Configuring RELP with TLS
23.7. INTERACTION OF RSYSLOG AND JOURNAL
23.8. STRUCTURED LOGGING WITH RSYSLOG
23.8.1. Importing Data from Journal
23.8.2. Filtering Structured Messages
23.8.3. Parsing JSON
23.8.4. Storing Messages in the MongoDB
23.9. DEBUGGING RSYSLOG
23.10. USING THE JOURNAL
23.10.1. Viewing Log Files
23.10.2. Access Control
23.10.3. Using The Live View
23.10.4. Filtering Messages
Filtering by Priority
Filtering by Time
Advanced Filtering
23.10.5. Enabling Persistent Storage
23.11. MANAGING LOG FILES IN A GRAPHICAL ENVIRONMENT
23.11.1. Viewing Log Files
23.11.2. Adding a Log File
23.11.3. Monitoring Log Files
Installable Documentation
See Also
CHAPTER 24. AUTOMATING SYSTEM TASKS
24.1. SCHEDULING A RECURRING JOB USING CRON
24.1.1. Prerequisites for Cron Jobs
24.1.2. Scheduling a Cron Job
Scheduling a Job as root User
Scheduling a Job as Non-root User
Scheduling Hourly, Daily, Weekly, and Monthly Jobs
24.2. SCHEDULING A RECURRING ASYNCHRONOUS JOB USING ANACRON
24.2.1. Prerequisites for Anacrob Jobs
24.2.2. Scheduling an Anacron Job
Scheduling an anacron Job as root User
Scheduling Hourly, Daily, Weekly, and Monthly Jobs
24.3. SCHEDULING A JOB TO RUN AT A SPECIFIC TIME USING AT
24.3.1. Prerequisites for At Jobs
24.3.2. Scheduling an At Job
Viewing Pending Jobs
Deleting a Scheduled Job
24.3.2.1. Controlling Access to At and Batch
24.4. SCHEDULING A JOB TO RUN ON SYSTEM LOAD DROP USING BATCH
24.4.1. Prerequisites for Batch Jobs
24.4.2. Scheduling a Batch Job
Changing the Default System Load Average Limit
508
509
510
510
511
512
513
514
515
515
515
516
516
516
518
518
519
519
519
519
521
521
521
524
525
526
526
526
527
527
528
528
528
529
529
530
530
531
531
532
532
533
533
533
533
534
534
535
535
535
535
536
16

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing Pending Jobs
Deleting a Scheduled Job
Controlling Access to Batch
24.5. SCHEDULING A JOB TO RUN ON NEXT BOOT USING A SYSTEMD UNIT FILE
CHAPTER 25. AUTOMATIC BUG REPORTING TOOL (ABRT)
25.1. INTRODUCTION TO ABRT
25.2. INSTALLING ABRT AND STARTING ITS SERVICES
25.2.1. Installing the ABRT GUI
25.2.2. Installing ABRT for the Command Line
25.2.3. Installing Supplementary ABRT Tools
25.2.4. Starting the ABRT Services
25.2.5. Testing ABRT Crash Detection
25.3. CONFIGURING ABRT
25.3.1. Configuring Events
25.3.2. Creating Custom Events
25.3.3. Setting Up Automatic Reporting
25.4. DETECTING SOFTWARE PROBLEMS
25.4.1. Detecting C and C++ Crashes
25.4.2. Detecting Python Exceptions
25.4.3. Detecting Ruby Exceptions
25.4.4. Detecting Java Exceptions
25.4.5. Detecting X.Org Crashes
25.4.6. Detecting Kernel Oopses and Panics
25.5. HANDLING DETECTED PROBLEMS
25.5.1. Using the Command Line Tool
25.5.2. Using the GUI
See Also
PART VII. KERNEL CUSTOMIZATION WITH BOOTLOADER
CHAPTER 26. WORKING WITH GRUB 2
26.1. INTRODUCTION TO GRUB 2
Menu Entries in grub.cfg
26.2. CONFIGURING GRUB 2
26.3. MAKING TEMPORARY CHANGES TO A GRUB 2 MENU
26.4. MAKING PERSISTENT CHANGES TO A GRUB 2 MENU USING THE GRUBBY TOOL
Listing the Default Kernel
Changing the Default Boot Entry
Viewing the GRUB 2 Menu Entry for a Kernel
Adding and Removing Arguments from a GRUB 2 Menu Entry
Updating All Kernel Menus with the Same Arguments
Changing a Kernel Argument
26.5. CUSTOMIZING THE GRUB 2 CONFIGURATION FILE
26.5.1. Changing the Default Boot Entry
26.5.2. Editing a Menu Entry
26.5.3. Adding a new Entry
26.5.4. Creating a Custom Menu
26.6. PROTECTING GRUB 2 WITH A PASSWORD
536
536
536
536
538
538
539
539
539
540
540
540
541
541
542
542
545
547
548
549
549
550
550
550
550
551
551
552
553
553
553
553
555
556
556
556
557
557
558
558
558
558
559
559
559
560
561
562
562
563
564
Table of Contents
17

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring GRUB 2 to Require a Password only for Modifying Entries
Configuring GRUB 2 to Require a Password for Modifying and Booting Entries
Passwords Set Before Updating to Red Hat Enterprise Linux 7.2
Additional GRUB 2 Users
26.7. REINSTALLING GRUB 2
26.7.1. Reinstalling GRUB 2 on BIOS-Based Machines
26.7.2. Reinstalling GRUB 2 on UEFI-Based Machines
26.7.3. Resetting and Reinstalling GRUB 2
26.8. UPGRADING FROM GRUB LEGACY TO GRUB 2
Upgrading from GRUB Legacy to GRUB 2 after the in-place upgrade of the operating system
Generating the GRUB 2 configuration files
Testing GRUB 2 with GRUB Legacy bootloader still installed
Replacing GRUB Legacy bootloader on systems that use BIOS
Removing GRUB Legacy on systems that use EFI
26.9. GRUB 2 OVER A SERIAL CONSOLE
26.9.1. Configuring GRUB 2 for a single boot
26.9.2. Configuring GRUB 2 for a persistent change
26.9.3. Configuring a new GRUB 2 file
26.9.4. Using screen to Connect to the Serial Console
26.10. TERMINAL MENU EDITING DURING BOOT
26.10.1. Booting to Rescue Mode
26.10.2. Booting to Emergency Mode
26.10.3. Booting to the Debug Shell
26.10.4. Changing and Resetting the Root Password
26.11. UNIFIED EXTENSIBLE FIRMWARE INTERFACE (UEFI) SECURE BOOT
26.11.1. UEFI Secure Boot Support in Red Hat Enterprise Linux 7
Restrictions Imposed by UEFI Secure Boot
Installable and External Documentation
PART VIII. SYSTEM BACKUP AND RECOVERY
CHAPTER 27. RELAX-AND-RECOVER (REAR)
27.1. BASIC REAR USAGE
27.1.1. Installing ReaR
27.1.2. Configuring ReaR
ISO-specific Configuration
27.1.3. Creating a Rescue System
27.1.4. Scheduling ReaR
27.1.5. Performing a System Rescue
27.2. INTEGRATING REAR WITH BACKUP SOFTWARE
27.2.1. The Built-in Backup Method
27.2.1.1. Configuring the Internal Backup Method
27.2.1.2. Creating a Backup Using the Internal Backup Method
27.2.2. Supported Backup Methods
27.2.3. Unsupported Backup Methods
27.2.4. Creating Multiple Backups
CHAPTER 28. CHOOSING SUITABLE RED HAT PRODUCT
CHAPTER 29. RED HAT CUSTOMER PORTAL LABS RELEVANT TO SYSTEM ADMINISTRATION
iSCSI Helper
NTP Configuration
565
565
566
566
566
566
566
567
567
567
568
569
570
570
571
571
572
572
572
573
573
573
574
575
578
578
579
579
579
579
580
581
581
581
581
582
582
583
583
587
587
587
589
590
590
590
592
593
593
593
18

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Samba Configuration Helper
VNC Configurator
Bridge Configuration
Network Bonding Helper
LVM RAID Calculator
NFS Helper
Load Balancer Configuration Tool
Yum Repository Configuration Helper
File System Layout Calculator
RHEL Backup and Restore Assistant
DNS Helper
AD Integration Helper (Samba FS - winbind)
Red Hat Enterprise Linux Upgrade Helper
Registration Assistant
Rescue Mode Assistant
Kernel Oops Analyzer
Kdump Helper
SCSI decoder
Red Hat Memory Analyzer
Multipath Helper
Multipath Configuration Visualizer
Red Hat I/O Usage Visualizer
Storage / LVM configuration viewer
CHAPTER 30. REVISION HISTORY
30.1. ACKNOWLEDGMENTS
593
593
593
593
593
594
594
594
594
594
595
595
595
595
595
595
595
595
596
596
596
596
596
597
598
Table of Contents
19

20

This part covers basic post-installation tasks and basic system administration tasks such as keyboard
configuration, date and time configuration, managing users and groups, and gaining privileges.
21

This chapter covers the basic tasks that you might need to perform just after you have installed Red Hat
Enterprise Linux 7.
Note that these items may include tasks that are usually done already during the installation process,
but they do not have to be done necessarily, such as the registration of the system. The subchapters
dealing with such tasks provide a brief summary of how this can be achieved during the installation and
links to related documentation in a special section.
For detailed information on Red Hat Enterprise Linux 7 installation, consult Red Hat Enterprise Linux 7
Installation Guide.
NOTE
This chapter mentions some commands to be performed. The commands that need to be
entered by the root user have # in the prompt, while the commands that can be
performed by a regular user, have $ in their prompt.
For further information on common post-installation tasks, you can see also Red Hat Enterprise Linux 7
Installation Guide.
Although all post-installation tasks can be achieved through the command line, you can also use the web
console tool to perform some of them.
What web console Is and Which Tasks It Can Be Used For
web console is a system administration tool that provides a user interface for monitoring and
administering servers through a web browser.
web console enables to perform these tasks:
Monitoring basic system features, such as hardware, internet connection, or performance
characteristics
Analyzing the content of the system log files
Configuring basic networking features, such as interfaces, network logs, packet sizes
Managing user accounts
Monitoring and configuring system services
Creating diagnostic reports
Setting kernel dump configuration
Configuring SELinux
Managing system subscriptions
Accessing the terminal
For more information on installing and using web console, see Managing systems using the RHEL 7 web
console.
22

1.1. BASIC CONFIGURATION OF THE ENVIRONMENT
Basic configuration of the environment includes:
Date and Time
System Locales
Keyboard Layout
Setting of these items is normally a part of the installation process.
For more information, see the appropriate source according to the installation method:
When installing with the Anaconda installer, see:
Date&Time, Language Support and Keyboard Configuration in Red Hat Enterprise Linux 7
Installation Guide
When installing with the Kickstart file, consult:
Kickstart Commands and Options in Red Hat Enterprise Linux 7 Installation Guide.
If you need to reconfigure the basic characteristics of the environment after the installation, follow the
instructions in this section.
1.1.1. Introduction to Configuring the Date and Time
Accurate time keeping is important for a number of reasons. In Red Hat Enterprise Linux 7, time keeping
is ensured by the NTP protocol, which is implemented by a daemon running in user space. The user
space daemon updates the system clock running in the kernel. The system clock can keep time by using
various clock sources.
Red Hat Enterprise Linux 7 uses the following daemons to implement NTP:
chronyd
The chronyd daemon is used by default. It is available from the chrony package. For more
information on configuring and using NTP with chronyd, see Chapter 18, Configuring NTP Using
the chrony Suite.
ntpd
The ntpd daemon is available from the ntp package. For more information on configuring and
using NTP with ntpd, see Chapter 19, Configuring NTP Using ntpd .
If you want to use ntpd instead of default chronyd, you need to disable chronyd, install, enable and
configure ntpd as shown in Chapter 19, Configuring NTP Using ntpd .
Displaying the Current Date and Time
To display the current date and time, use one of the following commands:
~]$ date
~]$ timedatectl
Note that the timedatectl command provides more verbose output, including universal time, currently
used time zone, the status of the Network Time Protocol (NTP) configuration, and some additional
information.
23

For more information on configuring the date and time, see Chapter 3, Configuring the Date and Time .
1.1.2. Introduction to Configuring the System Locale
System-wide locale settings are stored in the /etc/locale.conf file, which is read at early boot by the
systemd daemon. The locale settings configured in /etc/locale.conf are inherited by every service or
user, unless individual programs or individual users override them.
Basic tasks to handle the system locales:
Listing available system locale settings:
~]$ localectl list-locales
Displaying current status of the system locales settings:
~]$ localectl status
Setting or changing the default system locale settings:
~]# localectl set-locale LANG=locale
For more information on configuring the system locale, see Chapter 2, System Locale and Keyboard
Configuration.
1.1.3. Introduction to Configuring the Keyboard Layout
The keyboard layout settings control the layout used on the text console and graphical user interfaces.
Basic tasks to handle the keyboard layout include:
Listing available keymaps:
~]$ localectl list-keymaps
Displaying current status of keymap settings:
Setting or changing the default system keymap:
~]# localectl set-keymap
For more information on configuring the keyboard layout, see Chapter 2, System Locale and Keyboard
Configuration.
1.2. CONFIGURING AND INSPECTING NETWORK ACCESS
The network access is usually configured during the installation process. However, the installation
process does not prompt you to configure network interfaces on some common installation paths.
Consequently, it is possible that the network access is not configured after the installation. If this
happens, you can configure network access after installation.
24

For a quickstart to configuring network access during the installation, see Section 1.2.1, “Configuring
Network Access During the Installation Process”. To configure network access after the installation, you
can use either the nmcli command-line utility, described in Red Hat Enterprise Linux 7 Networking
Guide or the nmtui text user interface utility, described in Red Hat Enterprise Linux 7 Networking
Guide.
The nmcli and nmtui utilities also enable you to add one or more new network connections, as well as
modify and inspect the existing connections. If you want to create and manage network connections with
nmcli, see Section 1.2.2, “Managing Network Connections After the Installation Process Using nmcli” . If
you want to create and manage network connections with nmtui, see Section 1.2.3, “Managing Network
Connections After the Installation Process Using nmtui”.
1.2.1. Configuring Network Access During the Installation Process
Ways to configure network access during the installation proces:
The Network & Hostname menu at the Installation Summary screen in the graphical user
interface of the Anaconda installation program
The Network settings option in the text mode of the Anaconda installation program
The Kickstart file
When the system boots for the first time after the installation has finished, any network interfaces which
you configured during the installation are automatically activated.
For detailed information on configuration of network access during installation process, see Red Hat
Enterprise Linux 7 Installation Guide.
1.2.2. Managing Network Connections After the Installation Process Using nmcli
Run the following commands as the root user to manage network connections using the nmcli utility.
To create a new connection:
~]# nmcli con add type type of the connection "con-name" connection name ifname ifname interface-
name the name of the interface ipv4 address ipv4 address gw4 address gateway address
To modify the existing connection:
~]# nmcli con mod "con-name"
To display all connections:
~]# nmcli con show
To display the active connection:
~]# nmcli con show --active
To display all configuration settings of a particular connection:
~]# nmcli con show "con-name"
25

For more information on the nmcli command-line utility, see Red Hat Enterprise Linux 7 Networking
Guide.
1.2.3. Managing Network Connections After the Installation Process Using nmtui
The NetworkManager text user interface (TUI) utility, nmtui, provides a text interface to configure
networking by controlling NetworkManager.
For more information about installing and using the nmtui text interface tool, see Red Hat Enterprise
Linux 7 Networking Guide.
1.2.4. Managing Networking in web console
In web console, the Networking menu enables you:
To display currently received and sent packets
To display the most important characteristics of available network interfaces
To display content of the networking logs.
To add various types of network interfaces (bond, team, bridge, VLAN)
Figure 1.1. Managing Networking in web console
1.3. THE BASICS OF REGISTERING THE SYSTEM AND MANAGING
SUBSCRIPTIONS
1.3.1. What Red Hat Subscriptions Are and Which Tasks They Can Be Used For
The products installed on Red Hat Enterprise Linux 7, including the operating system itself, are covered
by subscriptions.
26

A subscription to Red Hat Content Delivery Network is used to track:
Registered systems
Products installed on those system
Subscriptions attached to those product
1.3.2. Registering the System During the Installation
This section provides a brief summary of registering Red Hat Enterprise Linux 7 during the installation
process. If your operating system is not registered after the installation, you can find what might have
been missed during the installation by reading through this section. For detailed information, consult
Red Hat Enterprise Linux 7 Installation Guide .
Basically, there are two ways to register the system during the installation:
Normally, registration is a part of the Initial Setup configuration process. For more information,
see Red Hat Enterprise Linux 7 Installation Guide .
Another option is to run Subscription manager as a post-installation script
, which performs
the automatic registration at the moment when the installation is complete and before the
system is rebooted for the first time. To ensure this, modify the %post section of the Kickstart
file. For more detailed information on running Subscription manager as a post-installation script,
see Red Hat Enterprise Linux 7 Installation Guide .
1.3.3. Registering the System after the Installation
If you have not registered your system during installation process, you can do it afterwards by applying
the following procedure. Note that all commands in this procedure need to be performed as the root
user.
Registering and Subscribing Your System
1. Register your system:
~]# subscription-manager register
The command will prompt you to enter your Red Hat Customer Portal user name and password.
2. Determine the pool ID of a subscription that you require:
~]# subscription-manager list --available
This command displays all available subscriptions for your Red Hat account. For every
subscription, various characteristics are displayed, including the pool ID.
3. Attach the appropriate subscription to your system by replacing pool_id with the pool ID
determined in the previous step:
~]# subscription-manager attach --pool=pool_id
For more information on registration of your system and attachment of the Red Hat Content Delivery
Network subscriptions, see Chapter 7, Registering the System and Managing Subscriptions .
27

1.3.4. Registering a System to EUS Content
To access the Extended Update Support (EUS) content, register your system as follows:
1. Verify that EUS entitlements are available:
~]# subscription-manager list --available --matches="*Extended Update Support"
+-------------------------------------------+
Available Subscriptions
+-------------------------------------------+
Subscription Name: Extended Update Support
Provides: Red Hat Enterprise Linux High Availability for x86_64 - Extended Update
Support
Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update
Support
Red Hat Enterprise Linux for x86_64 - Extended Update Support
Red Hat EUCJP Support (for RHEL Server) - Extended Update Support
RHEL for SAP - Extended Update Support
Red Hat Enterprise Linux Load Balancer (for RHEL Server) - Extended
Update Support
Red Hat Enterprise Linux Scalable File System (for RHEL Server) - Extended
Update Support
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support
RHEL for SAP HANA - Extended Update Support
Red Hat Enterprise Linux High Performance Networking (for RHEL Server) -
Extended Update Support
Oracle Java (for RHEL Server) - Extended Update Support
Red Hat S-JIS Support (for RHEL Server) - Extended Update Support
SKU: RH00030
Contract: 12069074
Pool ID: 8a99f9ac7238188b01723d9c8a8a06a9
Provides Management: No
Available: 8
Suggested: 0
Service Level: Layered
Service Type: L1-L3
Subscription Type: Instance Based
Starts: 05/22/2020
Ends: 05/21/2021
System Type: Physical
2. Attach the applicable subscription using the Pool identifier:
~]# subscription-manager attach --pool 8a99f9ac7238188b01723d9c8a8a06a9
3. Replace the default repositories enabled for the system with the EUS variants:
~]# subscription-manager repos --disable *
4. Enable the repositories which represent the EUS content set for the RHEL revision in use:
~]# subscription-manager repos --enable rhel-7-server-eus-rpms
28

5. Select the required and supported release for the end system:
~]# subscription-manager release --set 7.6
For currently supported EUS releases, see Extended Update Support Add-on.
1.3.5. Registering a System to E4S Content
The following procedure describes how to register a system and utilize the E4S content.
1. Register your system using the following command:
~]# subscription-manager register
2. Verify that E4S entitlements are available:
~]# subscription-manager list --available --matches="*Update Services for SAP Solutions*"
+-------------------------------------------+
Available Subscriptions
+-------------------------------------------+
Subscription Name: Red Hat Enterprise Linux for SAP Solutions, Standard (Physical or
Virtual Nodes)
Provides: dotNET on RHEL Beta (for RHEL Server)
Red Hat CodeReady Linux Builder for x86_64
Red Hat Enterprise Linux for SAP HANA for x86_64
Red Hat Ansible Engine
RHEL for SAP HANA - Update Services for SAP Solutions
Red Hat Enterprise Linux Scalable File System (for RHEL Server) - Extended
Update Support
RHEL for SAP HANA - Extended Update Support
Red Hat Enterprise Linux Atomic Host Beta
Red Hat Beta
Red Hat EUCJP Support (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux High Availability for x86_64
Red Hat Enterprise Linux Load Balancer (for RHEL Server) - Extended Update
Support
dotNET on RHEL (for RHEL Server)
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support
Red Hat Enterprise Linux High Availability - Update Services for SAP Solutions
Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update
Support
Red Hat Enterprise Linux High Availability for x86_64 - Extended Update
Support
Oracle Java (for RHEL Server)
Red Hat Enterprise Linux Server - Update Services for SAP Solutions
Red Hat Software Collections (for RHEL Server)
Red Hat Enterprise Linux Scalable File System (for RHEL Server)
Red Hat Enterprise Linux High Performance Networking (for RHEL Server) -
Extended Update Support
RHEL for SAP - Update Services for SAP Solutions
Oracle Java (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Atomic Host
Red Hat Developer Tools (for RHEL Server)
29

Red Hat Software Collections Beta (for RHEL Server)
Red Hat Enterprise Linux Server
Red Hat Enterprise Linux for SAP Applications for x86_64
Red Hat Developer Tools Beta (for RHEL Server)
Red Hat Enterprise Linux for x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support
RHEL for SAP - Extended Update Support
Red Hat Developer Toolset (for RHEL Server)
Red Hat S-JIS Support (for RHEL Server) - Extended Update Support
SKU: RH00764
Contract: 11977725
Pool ID: 8a85f99c6c4825eb016c4a30d3493064
Provides Management: Yes
Available: 18
Suggested: 0
Service Level: Standard
Service Type: L1-L3
Subscription Type: Instance Based
Starts: 03/29/2020
Ends: 12/31/2021
System Type: Physical
3. Attach the applicable subscription using the Pool identifier:
~]# subscription-manager attach --pool=#################
4. Replace the default repositories enabled for the system with the EUS variants:
~]# subscription-manager repos --disable="*"
5. Enable the repositories which represent the E4S content set for the RHEL revision in use:
~]# subscription-manager --enable=rhel-7-server-e4s-rpms
6. Clear the repository cache and release lock the system to a valid release for E4S which supports
your SAP application:
~]# yum clean all && subscription-manager release --set=7.7
1.4. INSTALLING SOFTWARE
This section provides information to guide you through the basics of software installation on a Red Hat
Enterprise Linux 7 system. It mentions the prerequisites that you need to fulfil to be able to install
software in Section 1.4.1, “Prerequisites for Software Installation” , provides the basic information on
software packaging and software repositories in Section 1.4.2, “Introduction to the System of Software
Packaging and Software Repositories”, and references the ways to perform basic tasks related to
software installation in Section 1.4.3, “Managing Basic Software Installation Tasks with Subscription
Manager and Yum”.
1.4.1. Prerequisites for Software Installation
The Red Hat Content Delivery Network subscription service provides a mechanism to handle Red Hat
software inventory and enables you to install additional software or update already installed packages.
30

You can start installing software once you have registered your system and attached a subscription, as
described in Section 1.3, “The Basics of Registering the System and Managing Subscriptions” .
1.4.2. Introduction to the System of Software Packaging and Software Repositories
All software on a Red Hat Enterprise Linux system is divided into RPM packages, which are stored in
particular repositories. When a system is subscribed to the Red Hat Content Delivery Network, a
repository file is created in the /etc/yum.repos.d/ directory.
Use the yum utility to manage package operations:
Searching information about packages
Installing packages
Updating packages
Removing packages
Checking the list of currently available repositories
Adding or removing a repository
Enabling or disabling a repository
For information on basic tasks related to the installation of software, see Section 1.4.3, “Managing Basic
Software Installation Tasks with Subscription Manager and Yum”. For further information on managing
software repositories, see Section 7.2, “Managing Software Repositories” . For detailed information on
using the yum utility, see Chapter 9, Yum.
1.4.3. Managing Basic Software Installation Tasks with Subscription Manager and
Yum
The most basic software-installation tasks that you might need after the operating system has been
installed include:
Listing all available repositories:
~]# subscription-manager repos --list
Listing all currently enabled repositories:
~]$ yum repolist
Enabling or disabling a repository:
~]# subscription-manager repos --enable repository
~]# subscription-manager repos --disable repository
Searching for packages matching a specific string:
~]$ yum search string
31

Installing a package:
~]# yum install package_name
Updating all packages and their dependencies:
~]# yum update
Updating a package:
~]# yum update package_name
Uninstalling a package and any packages that depend on it:
~]# yum remove package_name
Listing information on all installed and available packages:
~]$ yum list all
Listing information on all installed packages:
~]$ yum list installed
1.5. MAKING SYSTEMD SERVICES START AT BOOT TIME
Systemd is a system and service manager for Linux operating systems that introduces the concept of
systemd units. For more information on systemd, see Section 10.1, “Introduction to systemd” .
This section provides the information on how to ensure that a service is enabled or disabled at boot
time. It also explains how to manage the services through web console.
1.5.1. Enabling or Disabling the Services
You can determine services that are enabled or disabled at boot time already during the installation
process, or you can enable or disable a service on an installed operating system.
To create the list of services enabled or disabled at boot time during the installation process, use the
services option in the Kickstart file:
services [--disabled=list] [--enabled=list]
NOTE
The list of disabled services is processed before the list of enabled services. Therefore, if
a service appears on both lists, it will be enabled. The list of the services should be given
in the comma separated format. Do not include spaces in the list of services. For detailed
information, refer to Red Hat Enterprise Linux 7 Installation Guide.
To enable or disable a service on an already installed operating system:
32

~]# systemctl enableservice_name
~]# systemctl disableservice_name
For further details, see Section 10.2, “Managing System Services” .
1.5.2. Managing Services in web console
In web console, select Services to manage systemd targets, services, sockets, timers and paths. There
you can check their status, start or stop them, enable or disable them.
Figure 1.2. Managing Services in web console
1.5.3. Additional Resources on systemd Services
For more information on systemd, see Chapter 10, Managing Services with systemd .
1.6. ENHANCING SYSTEM SECURITY WITH A FIREWALL, SELINUX AND
SSH LOGINGS
Computer security is the protection of computer systems from the theft or damage to their hardware,
software, or information, as well as from disruption or misdirection of the services they provide. Ensuring
computer security is therefore an essential task not only in the enterprises processing sensitive data or
handling some business transactions.
Computer security includes a wide variety of features and tools. This section covers only the basic
security features that you need to configure after you have installed the operating system. For detailed
information on securing Red Hat Enterprise Linux 7, see Red Hat Enterprise Linux 7 Security Guide .
1.6.1. Ensuring the Firewall Is Enabled and Running
33

1.6.1.1. What a Firewall Is and How It Enhances System Security
A firewall is a network security system that monitors and controls the incoming and outgoing network
traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted,
secure internal network and another outside network.
On Red Hat Enterprise Linux 7, the firewall is provided by the firewalld service, which is automatically
enabled during the installation of Red Hat Enterprise Linux. However, if you explicitly disabled the
service, for example in the kickstart configuration, you can re-enable it, as described in Section 1.6.1.2,
“Re-enabling the firewalld Service”. For overview of firewall setting options in the Kickstart file, see Red
Hat Enterprise Linux 7 Installation Guide.
1.6.1.2. Re-enabling the firewalld Service
In case that the firewalld service is disabled after the installation, Red Hat recommends to consider re-
enabling it.
You can display the current status of firewalld even as a regular user:
~]$ systemctl status firewalld
If firewalld is not enabled and running, switch to the root user, and change its status:
~]# systemctl start firewalld
~]# systemctl enable firewalld
For further information on post-installation procedures related to firewalld, see Red Hat Enterprise
Linux 7 Security Guide. For detailed information on configuring and using firewall, see Red Hat
Enterprise Linux 7 Security Guide
1.6.2. Ensuring the Appropriate State of SELinux
1.6.2.1. What SELinux Is and How It Enhances System Security
Security Enhanced Linux (SELinux)is an additional layer of system security that determines which
process can access which files, directories, and ports.
SELinux States
SELinux has two possible states:
Enabled
Disabled
When SELinux is disabled, only Discretionary Access Control (DAC) rules are used.
SELinux Modes
When SELinux is enabled, it can run in one of the following modes:
Enforcing
Permissive
Enforcing mode means that SELinux policies is enforced. SELinux denies access based on SELinux
34

Enforcing mode means that SELinux policies is enforced. SELinux denies access based on SELinux
policy rules, and enables only the interactions that are particularly allowed. Enforcing mode is the default
mode after the installation and it is also the safest SELinux mode.
Permissive mode means that SELinux policies is not enforced. SELinux does not deny access, but
denials are logged for actions that would have been denied if running in enforcing mode. Permissive
mode is the default mode during the installation. Operating in permissive mode is also useful in some
specific cases, for example if you require access to the Access Vector Cache (AVC) denials when
troubleshooting problems.
For further information on SELinux in Red Hat Enterprise Linux 7, see Red Hat Enterprise Linux 7
SELinux User’s and Administrator’s Guide.
1.6.2.2. Ensuring the Required State of SELinux
By default, SELinux operates in permissive mode during the installation and in enforcing mode when
the installation has finished.
However, in some specific situations, SELinux might be explicitly set to permissive mode or it might
even be disabled on the installed operating system. This can be set for example in the kickstart
configuration. For overview of SELinux setting options in the Kickstart file, see Red Hat Enterprise Linux
7 Installation Guide.
IMPORTANT
Red Hat recommends to keep your system in enforcing mode.
To display the current SELinux mode, and to set the mode as needed:
Ensuring the Required State of SELinux
1. Display the current SELinux mode in effect:
~]$ getenforce
2. If needed, switch between the SELinux modes.
The switch can be either temporary or permanent. A temporary switch is not persistent across
reboots, while permanent switch is.
To temporary switch to either enforcing or permissive mode:
~]# setenforce Enforcing
~]# setenforce Permissive
To permanently set the SELinux mode, modify the SELINUX variable in the
/etc/selinux/config configuration file.
For example, to switch SELinux to enforcing mode:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
35

# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
1.6.2.3. Managing SELinux in web console
In web console, use the SELinux option to turn SELinux enforcing policy on or off.
By default, SELinux enforcing policy in web console is on, and SELinux operates in enforcing mode. By
turning it off, you can switch SELinux into permissive mode. Note that such deviation from the default
configuration in the /etc/sysconfig/selinux file is automatically reverted on the next boot.
Figure 1.3. Managing SELinux in web console
1.6.3. Using SSH-based Authentication
1.6.3.1. What SSH-based Authentication Is and How It Enhances System Security
If you want to secure your communication with another computer, you can use SSH-based
authentication.
Secure Shell (SSH) is a protocol which facilitates client-server communication and allows users to log in
to any host system running SSH remotely. SSH encrypts the connection. The client transmits its
authentication information to the server using encryption, and all data sent and received during a
session are transferred under the encryption.
SSH enables its users to authenticate without a password. To do so, SSH uses a private-public key
scheme.
For further information about SSH safeguards, see Section 12.1.2, “Main Features”.
1.6.3.2. Establishing an SSH Connection
To be able to use SSH connection, create a pair of two keys consisting of a public and a private key.
Creating the Key Files and Copying Them to the Server
36

1. Generate a public and a private key:
~]$ ssh-keygen
Both keys are stored in the ~/.ssh/ directory:
~/.ssh/id_rsa.pub - public key
~/.ssh/id_rsa - private key
The public key does not need to be secret. It is used to verify the private key. The private
key is secret. You can choose to protect the private key with the passphrase that you
specify during the key generation process. With the passphrase, authentication is even more
secure, but is no longer password-less. You can avoid this using the ssh-agent command. In
this case, you will enter the passphrase only once - at the beginning of a session. For more
information on ssh-agent configuration, see Section 12.2.4, “Using Key-based
Authentication”.
2. Copy the most recently modified public key to a remote machine you want to log into:
~]# ssh-copy-id USER@hostname
As a result, you are now able to enter the system in a secure way, but without entering a
password.
1.6.3.3. Disabling SSH Root Login
To increase system security, you can disable SSH access for the root user, which is enabled by default.
For more information on this topic, see Red Hat Enterprise Linux 7 Security Guide .
Disabling SSH Root Login
1. Access the /etc/ssh/sshd_config file:
~]# vi /etc/ssh/sshd_config
2. Change the line that reads #PermitRootLogin yes to:
PermitRootLogin no
3. Restart the sshd service:
~]# systemctl restart sshd
1.7. THE BASICS OF MANAGING USER ACCOUNTS
Red Hat Enterprise Linux 7 is a multi-user operating system, which enables multiple users on different
computers to access a single system installed on one machine. Every user operates under its own
account, and managing user accounts thus represents a core element of Red Hat Enterprise Linux
system administration.
Normal and System Accounts
Normal accounts are created for users of a particular system. Such accounts can be added, removed,
37

Normal accounts are created for users of a particular system. Such accounts can be added, removed,
and modified during normal system administration.
System accounts represent a particular applications identifier on a system. Such accounts are generally
added or manipulated only at software installation time, and they are not modified later.
WARNING
System accounts are presumed to be available locally on a system. If these accounts
are configured and provided remotely, such as in the instance of an LDAP
configuration, system breakage and service start failures can occur.
For system accounts, user IDs below 1000 are reserved. For normal accounts, you can use IDs starting
at 1000. However, the recommended practice is to assign IDs starting at 5000. See Section 4.1,
“Introduction to Users and Groups” for more information. The guidelines for assigning IDs can be found
in the /etc/login.defs file.
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000
# System accounts
SYS_UID_MIN 201
SYS_UID_MAX 999
What Groups Are and Which Purposes They Can Be Used For
A group is an entity which ties together multiple user accounts for a common purpose, such as granting
access to particular files.
1.7.1. The Most Basic Command-Line Tools to Manage User Accounts and Groups
The most basic tasks to manage user accounts and groups, and the appropriate command-line tools,
include:
Displaying user and group IDs:
~]$ id
Creating a new user account:
~]# useradd [options] user_name
Assigning a new password to a user account belonging to username:
~]# passwd user_name
Adding a user to a group:
~]# usermod -a -G group_name user_name

38

For detailed information on managing users and groups, see Chapter 4, Managing Users and Groups.
If you want to use graphical user interface to manage users and groups, see Section 4.2, “Managing
Users in a Graphical Environment”.
1.7.2. Managing User Accounts in web console
To manage accounts in web console, select the Accounts menu.
Figure 1.4. Managing User Accounts in web console
1.8. DUMPING THE CRASHED KERNEL USING THE KDUMP
MECHANISM
This section provides an introduction to the Kernel crash dump mechanism, also called kdump, and
briefly explains what kdump is used for in Section 1.8.1, “What kdump Is and Which Tasks It Can Be Used
For”.
Activation of the kdump service is a part of the installation process, and by default, kdump was enabled
during the installation. This section summarizes how to activate kdump during the installation in
Section 1.8.2, “Enabling and Activating kdump During the Installation Process” , and how to manually
enable the kdump service if it is disabled after the installation in Section 1.8.3, “Ensuring That kdump Is
Installed and Enabled after the Installation Process”.
You can also use web console to configure kdump. See Section 1.8.4, “Configuring kdump in web
console” for more information.
1.8.1. What kdump Is and Which Tasks It Can Be Used For
In case of a system crash, you can use the Kernel crash dump mechanism called kdump that enables you
to save the content of the system’s memory for later analysis. The kdump mechanism relies on the
kexec system call, which can be used to boot a Linux kernel from the context of another kernel, bypass
BIOS, and preserve the contents of the first kernel’s memory that would otherwise be lost.
When kernel crash occurs, kdump uses kexec to boot into a second kernel (a capture kernel), which
resides in a reserved part of the system memory that is inaccessible to the first kernel. The second
kernel captures the contents of the crashed kernel’s memory (a crash dump) and saves it.
39

1.8.2. Enabling and Activating kdump During the Installation Process
During the installation, enablement and activation of kdump can be done either in the Anaconda
installer or using the %addon com_redhat_kdump command in the Kickstart file.
For more information, see the appropriate source according to the installation method:
When installing with the Anaconda installer, see:
Installing Using Anaconda in Red Hat Enterprise Linux 7 Installation Guide.
When installing with the Kickstart file, see:
Kickstart Commands and Options in Red Hat Enterprise Linux 7 Installation Guide.
1.8.3. Ensuring That kdump Is Installed and Enabled after the Installation Process
To ensure that kdump is installed and to configure it:
Checking Whether kdump Is Installed and Configuring kdump
1. To check whether kdump is installed on your system:
~]$ rpm -q kexec-tools
2. If not installed, to install kdump, enter as the root user:
~]# yum install kexec-tools
3. To configure kdump:
Use either the command line or graphical user interface.
Both options are described in detail in Red Hat Enterprise Linux 7 Kernel Crash Dump Guide.
If you need to install the graphical configuration tool:
~]# yum install system-config-kdump
1.8.4. Configuring kdump in web console
In web console, select Kernel dump to verify:
the kdump status
the amount of memory reserved for kdump
the location of the crash dump files
Figure 1.5. Configuring kdump in web console
40

Figure 1.5. Configuring kdump in web console
1.8.5. Additional Resources on kdump
For more information on kdump, see Red Hat Enterprise Linux 7 Kernel Crash Dump Guide.
1.9. PERFORMING SYSTEM RESCUE AND CREATING SYSTEM BACKUP
WITH REAR
When a software or hardware failure breaks the operating system, you need a mechanism to rescue the
system. It is also useful to have the system backup saved. Red Hat recommends using the Relax-and-
Recover (ReaR) tool to fulfil both these needs.
1.9.1. What ReaR Is and Which Tasks It Can Be Used For
ReaR is a disaster recovery and system migration utility which enables you to create the complete rescue
system. By default, this rescue system restores only the storage layout and the boot loader, but not the
actual user and system files.
Additionally, certain backup software enables you to integrate ReaR for disaster recovery.
ReaR enables to perform the following tasks:
Booting a rescue system on the new hardware
Replicating the original storage layout
Restoring user and system files
1.9.2. Quickstart to Installation and Configuration of ReaR
To install ReaR, enter as the root user:
~]# yum install rear
Use the settings in the /etc/rear/local.conf file to configure ReaR.
For further information see, Section 27.1, “Basic ReaR Usage”.
41

1.9.3. Quickstart to Creation of the Rescue System with ReaR
To create the rescue system, perform the following command as the
root user
~]# rear mkrescue
For further information on creating the rescue system with ReaR, see Section 27.1.3, “Creating a Rescue
System”.
1.9.4. Quickstart to Configuration of ReaR with the Backup Software
ReaR contains a fully-integrated built-in, or internal, backup method called NETFS.
To make ReaR use its internal backup method, add these lines to the /etc/rear/local.conf file:
BACKUP=NETFS
BACKUP_URL=backup location
You can also configure ReaR to keep the previous backup archives when the new ones are created by
adding the following line to /etc/rear/local.conf:
NETFS_KEEP_OLD_BACKUP_COPY=y
To make the backups incremental, meaning that only the changed files are backed up on each run, add
this line to /etc/rear/local.conf:
BACKUP_TYPE=incremental
For detailed information about using the ReaR NETFS internal backup method, see Section 27.2.1, “The
Built-in Backup Method”.
For information on supported external backup methods and unsupported backup methods, see
Section 27.2.2, “Supported Backup Methods” and Section 27.2.3, “Unsupported Backup Methods” .
1.10. USING THE LOG FILES TO TROUBLESHOOT PROBLEMS
When troubleshooting a problem, you may appreciate the log files that contain different information and
messages about the operating system. The logging system in Red Hat Enterprise Linux 7 is based on the
built-in syslog protocol. Particular programs use this system to record events and organize them into
log files, which are useful when auditing the operating system and troubleshooting various problems.
For more information on log files, see Chapter 23, Viewing and Managing Log Files .
1.10.1. Services Handling the syslog Messages
The syslog messages are handled by two services:
the systemd-journald daemon - Collects messages from the kernel, the early stages of the
boot process, standard output and error of daemons as they start up and run, and syslog, and
forwards the messages to the rsyslog service for further processing.
the rsyslog service - Sorts the syslog messages by type and priority, and writes them to the
files in the /var/log directory, where the logs are persistently stored.
42

1.10.2. Subdirectories Storing the syslog Messages
The syslog messages are stored in various subdirectories under the /var/log directory according to what
kind of messages and logs they contain:
var/log/messages - all syslog messages except those mentioned below
var/log/secure - security and authentication-related messages and errors
var/log/maillog - mail server-related messages and errors
var/log/cron - log files related to periodically executed tasks
var/log/boot.log - log files related to system startup
1.11. ACCESSING RED HAT SUPPORT
To obtain support from Red Hat, use the Red Hat Customer Portal , which provides access to everything
available with your subscription.
This section describes:
Obtaining Red Hat support, see Section 1.11.1, “Obtaining Red Hat Support Through Red Hat
Customer Portal”
Using the SOS report to troubleshoot problems, see Section 1.11.2, “Using the SOS Report to
Troubleshoot Problems”
1.11.1. Obtaining Red Hat Support Through Red Hat Customer Portal
By using the Red Hat Customer Portal you can:
Open a new support case
Initiate a live chat with a Red Hat expert
Contact a Red Hat expert by making a call or sending an email
To access the Red Hat Customer Portal, go to https://access.redhat.com..
To work with Red Hat Customer Portal services related to Red Hat support, you can use:
Web browser
Red Hat Support Tool
1.11.1.1. What the Red Hat Support Tool Is and Which Tasks It Can Be Used For
The Red Hat Support Toolis a command-line based tool which provides a text console interface to the
subscription-based Red Hat access services. This tool is contained in the redhat-support-tool
package.
The Red Hat Support Toolenables you to perform support-related tasks, such as:
Opening or updating support cases
43

Searching in the Red Hat knowledge base solutions
Analyzing Python and Java errors
To start the tool in interactive mode:
~]$ redhat-support-tool
Welcome to the Red Hat Support Tool.
Command (? for help):
In interactive mode, enter ? to display the available commands:
Command (? for help): ?
For more information about the installation and use of the Red Hat Support Tool, see Chapter 8,
Accessing Support Using the Red Hat Support Tool , and the Red Hat Knowledgebase article Red Hat
Access: Red Hat Support Tool.
1.11.2. Using the SOS Report to Troubleshoot Problems
The SOS report collects configuration details, system information and diagnostic information from a
Red Hat Enterprise Linux system. Attach the report when you open a support case.
Note that the SOS report is provided in the sos package, which is not installed with the default minimal
installation of Red Hat Enterprise Linux 7.
To install the sos package:
~]# yum install sos
To generate an SOS report:
~]# sosreport
To attach the sos report to your support case, see the Red Hat Knowledgebase article How can I attach
a file to a Red Hat support case?. Note that you will be prompted to enter the number of the support
case, when attaching the sos report.
For more information on SOS report, see the Red Hat Knowledgebase article What is a sosreport and
how to create one in Red Hat Enterprise Linux 4.6 and later?.
44

CHAPTER 2. SYSTEM LOCALE AND KEYBOARD
CONFIGURATION
The system locale specifies the language settings of system services and user interfaces. The keyboard
layout settings control the layout used on the text console and graphical user interfaces.
These settings can be made by modifying the /etc/locale.conf configuration file or by using the localectl
utility. Also, you can use the graphical user interface to perform the task; for a description of this
method, see Red Hat Enterprise Linux 7 Installation Guide .
2.1. SETTING THE SYSTEM LOCALE
System-wide locale settings are stored in the /etc/locale.conf file, which is read at early boot by the
systemd daemon. The locale settings configured in /etc/locale.conf are inherited by every service or
user, unless individual programs or individual users override them.
The basic file format of /etc/locale.conf is a newline-separated list of variable assignments. For
example, German locale with English messages in /etc/locale.conf looks as follows:
LANG=de_DE.UTF-8
LC_MESSAGES=C
Here, the LC_MESSAGES option determines the locale used for diagnostic messages written to the
standard error output. To further specify locale settings in /etc/locale.conf, you can use several other
options, the most relevant are summarized in Table 2.1, “Options configurable in /etc/locale.conf” . See
the locale(7) manual page for detailed information on these options. Note that the LC_ALL option,
which represents all possible options, should not be configured in /etc/locale.conf.
Table 2.1. Options configurable in /etc/locale.conf
Option Description
LANG Provides a default value for the system locale.
LC_COLLATE Changes the behavior of functions which compare
strings in the local alphabet.
LC_CTYPE Changes the behavior of the character handling and
classification functions and the multibyte character
functions.
LC_NUMERIC Describes the way numbers are usually printed, with
details such as decimal point versus decimal comma.
LC_TIME Changes the display of the current time, 24-hour
versus 12-hour clock.
LC_MESSAGES Determines the locale used for diagnostic messages
written to the standard error output.
2.1.1. Displaying the Current Status
45

The localectl command can be used to query and change the system locale and keyboard layout
settings. To show the current settings, use the status option:
localectl status
Example 2.1. Displaying the Current Status
The output of the previous command lists the currently set locale, keyboard layout configured for
the console and for the X11 window system.
System Locale: LANG=en_US.UTF-8
VC Keymap: us
X11 Layout: n/a
2.1.2. Listing Available Locales
To list all locales available for your system, type:
localectl list-locales
Example 2.2. Listing Locales
Imagine you want to select a specific English locale, but you are not sure if it is available on the
system. You can check that by listing all English locales with the following command:
~]$ localectl list-locales | grep en_
en_AG
en_AG.utf8
en_AU
en_AU.iso88591
en_AU.utf8
en_BW
en_BW.iso88591
en_BW.utf8
output truncated
2.1.3. Setting the Locale
To set the default system locale, use the following command as root:
localectl set-locale LANG=locale
Replace locale with the locale name, found with the localectl list-locales command. The above syntax
can also be used to configure parameters from Table 2.1, “Options configurable in /etc/locale.conf” .
Example 2.3. Changing the Default Locale
For example, if you want to set British English as your default locale, first find the name of this locale
46

For example, if you want to set British English as your default locale, first find the name of this locale
by using list-locales. Then, as root, type the command in the following form:
~]# localectl set-locale LANG=en_GB.utf8
2.1.4. Making System Locale Settings Permanent when Installing with Kickstart
When Red Hat Enterprise Linux is installed with the Red Hat Kickstart installation method, setting of the
system locales might not be persistent after an upgrade of the operating system.
When the %packages section of the Kickstart file includes the --instLang option, the _install_langs
RPM macro is set to the particular value for this installation, and the set of installed locales is adjusted
accordingly. However, this adjustment affects only this installation, not subsequent upgrades. If an
upgrade reinstalls the glibc package, the entire set of locales is upgraded instead of only the locales you
requested during the installation.
To avoid this, make the choice of locales permanent. You have these options:
If you have not started the Kickstart installation, modify the Kickstart file to include instructions
for setting RPM macros globally by applying this procedure: Setting RPM macros during the
Kickstart installation
If you have already installed the system, set RPM macros globally on the system by applying this
procedure: Setting RPM macros globally
Setting RPM macros during the Kickstart installation
1. Modify the %post section of the Kickstart file:
LANG=en_US
echo "%_install_langs $LANG" > /etc/rpm/macros.language-conf
yum-config-manager --setopt=override_install_langs=$LANG --save
2. Modify the %packages section of the Kickstart file:
%packages
yum-utils*
%end
Setting RPM macros globally
1. Create the RPM configuration file at /etc/rpm/macros.language-conf with the following
contents:
%_install_langs LANG
LANG is the value of the instLang option.
2. Update the /etc/yum.conf file with:
override_install_langs=LANG
47

red_hat_enterprise_linux-7-system_administrators_guide-en-us.pdf

red_hat_enterprise_linux-7-system_administrators_guide-en-us.pdf

Recommended

Recommended

More Related Content

Similar to red_hat_enterprise_linux-7-system_administrators_guide-en-us.pdf

Similar to red_hat_enterprise_linux-7-system_administrators_guide-en-us.pdf (20)

Recently uploaded

Recently uploaded (20)

red_hat_enterprise_linux-7-system_administrators_guide-en-us.pdf