Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

NOTE: CentOS Enterprise Linux 5 is built from the Red Hat Enterprise Linux source code. Other than logo and name changes CentOS Enterprise Linux 5 is compatible with the equivalent Red Hat version. This document applies equally to both Red Hat and CentOS Enterprise Linux 5.

Red Hat Enterprise Linux 5

Red Hat Enterprise Linux Deployment Guide

Abstract

This Deployment Guide documents relevant information regarding the deployment, configuration and administration of Red Hat Enterprise Linux 5.


Table of Contents

Introduction
1. Document Conventions
2. Send in Your Feedback
I. File Systems
1. File System Structure
1.1. Why Share a Common Structure?
1.2. Overview of File System Hierarchy Standard (FHS)
1.2.1. FHS Organization
1.3. Special File Locations Under Red Hat Enterprise Linux
2. The ext3 File System
2.1. Features of ext3
2.2. Creating an ext3 File System
2.3. Converting to an ext3 File System
2.4. Reverting to an ext2 File System
3. The proc File System
3.1. A Virtual File System
3.1.1. Viewing Virtual Files
3.1.2. Changing Virtual Files
3.2. Top-level Files within the proc File System
3.2.1. /proc/apm
3.2.2. /proc/buddyinfo
3.2.3. /proc/cmdline
3.2.4. /proc/cpuinfo
3.2.5. /proc/crypto
3.2.6. /proc/devices
3.2.7. /proc/dma
3.2.8. /proc/execdomains
3.2.9. /proc/fb
3.2.10. /proc/filesystems
3.2.11. /proc/interrupts
3.2.12. /proc/iomem
3.2.13. /proc/ioports
3.2.14. /proc/kcore
3.2.15. /proc/kmsg
3.2.16. /proc/loadavg
3.2.17. /proc/locks
3.2.18. /proc/mdstat
3.2.19. /proc/meminfo
3.2.20. /proc/misc
3.2.21. /proc/modules
3.2.22. /proc/mounts
3.2.23. /proc/mtrr
3.2.24. /proc/partitions
3.2.25. /proc/pci
3.2.26. /proc/slabinfo
3.2.27. /proc/stat
3.2.28. /proc/swaps
3.2.29. /proc/sysrq-trigger
3.2.30. /proc/uptime
3.2.31. /proc/version
3.3. Directories within /proc/
3.3.1. Process Directories
3.3.2. /proc/bus/
3.3.3. /proc/driver/
3.3.4. /proc/fs
3.3.5. /proc/ide/
3.3.6. /proc/irq/
3.3.7. /proc/net/
3.3.8. /proc/scsi/
3.3.9. /proc/sys/
3.3.10. /proc/sysvipc/
3.3.11. /proc/tty/
3.4. Using the sysctl Command
3.5. Additional Resources
3.5.1. Installed Documentation
3.5.2. Useful Websites
4. Redundant Array of Independent Disks (RAID)
4.1. What is RAID?
4.2. Who Should Use RAID?
4.3. Hardware RAID versus Software RAID
4.3.1. Hardware RAID
4.3.2. Software RAID
4.4. RAID Levels and Linear Support
4.5. Configuring Software RAID
4.5.1. Creating the RAID Partitions
4.5.2. Creating the RAID Devices and Mount Points
5. Swap Space
5.1. What is Swap Space?
5.2. Adding Swap Space
5.2.1. Extending Swap on an LVM2 Logical Volume
5.2.2. Creating an LVM2 Logical Volume for Swap
5.2.3. Creating a Swap File
5.3. Removing Swap Space
5.3.1. Reducing Swap on an LVM2 Logical Volume
5.3.2. Removing an LVM2 Logical Volume for Swap
5.3.3. Removing a Swap File
5.4. Moving Swap Space
6. Managing Disk Storage
6.1. Standard Partitions using parted
6.1.1. Viewing the Partition Table
6.1.2. Creating a Partition
6.1.3. Removing a Partition
6.1.4. Resizing a Partition
6.2. LVM Partition Management
7. Implementing Disk Quotas
7.1. Configuring Disk Quotas
7.1.1. Enabling Quotas
7.1.2. Remounting the File Systems
7.1.3. Creating the Quota Database Files
7.1.4. Assigning Quotas per User
7.1.5. Assigning Quotas per Group
7.1.6. Setting the Grace Period for Soft Limits
7.2. Managing Disk Quotas
7.2.1. Enabling and Disabling
7.2.2. Reporting on Disk Quotas
7.2.3. Keeping Quotas Accurate
7.3. Additional Resources
7.3.1. Installed Documentation
7.3.2. Related Books
8. Access Control Lists
8.1. Mounting File Systems
8.1.1. NFS
8.2. Setting Access ACLs
8.3. Setting Default ACLs
8.4. Retrieving ACLs
8.5. Archiving File Systems With ACLs
8.6. Compatibility with Older Systems
8.7. Additional Resources
8.7.1. Installed Documentation
8.7.2. Useful Websites
9. LVM (Logical Volume Manager)
9.1. What is LVM?
9.1.1. What is LVM2?
9.2. LVM Configuration
9.3. Automatic Partitioning
9.4. Manual LVM Partitioning
9.4.1. Creating the /boot/ Partition
9.4.2. Creating the LVM Physical Volumes
9.4.3. Creating the LVM Volume Groups
9.4.4. Creating the LVM Logical Volumes
9.5. Using the LVM utility system-config-lvm
9.5.1. Utilizing uninitialized entities
9.5.2. Adding Unallocated Volumes to a volume group
9.5.3. Migrating extents
9.5.4. Adding a new hard disk using LVM
9.5.5. Adding a new volume group
9.5.6. Extending a volume group
9.5.7. Editing a Logical Volume
9.6. Additional Resources
9.6.1. Installed Documentation
9.6.2. Useful Websites
II. Package Management
10. Package Management with RPM
10.1. RPM Design Goals
10.2. Using RPM
10.2.1. Finding RPM Packages
10.2.2. Installing
10.2.3. Uninstalling
10.2.4. Upgrading
10.2.5. Freshening
10.2.6. Querying
10.2.7. Verifying
10.3. Checking a Package's Signature
10.3.1. Importing Keys
10.3.2. Verifying Signature of Packages
10.4. Practical and Common Examples of RPM Usage
10.5. Additional Resources
10.5.1. Installed Documentation
10.5.2. Useful Websites
10.5.3. Related Books
11. Package Management Tool
11.1. Listing and Analyzing Packages
11.2. Installing and Removing Packages
12. Red Hat Network
III. Network-Related Configuration
13. Network Interfaces
13.1. Network Configuration Files
13.2. Interface Configuration Files
13.2.1. Ethernet Interfaces
13.2.2. IPsec Interfaces
13.2.3. Channel Bonding Interfaces
13.2.4. Alias and Clone Files
13.2.5. Dialup Interfaces
13.2.6. Other Interfaces
13.3. Interface Control Scripts
13.4. Network Function Files
13.5. Additional Resources
13.5.1. Installed Documentation
14. Network Configuration
14.1. Overview
14.2. Establishing an Ethernet Connection
14.3. Establishing an ISDN Connection
14.4. Establishing a Modem Connection
14.5. Establishing an xDSL Connection
14.6. Establishing a Token Ring Connection
14.7. Establishing a Wireless Connection
14.8. Managing DNS Settings
14.9. Managing Hosts
14.10. Working with Profiles
14.11. Device Aliases
14.12. Saving and Restoring the Network Configuration
15. Controlling Access to Services
15.1. Runlevels
15.2. TCP Wrappers
15.2.1. xinetd
15.3. Services Configuration Tool
15.4. ntsysv
15.5. chkconfig
15.6. Additional Resources
15.6.1. Installed Documentation
15.6.2. Useful Websites
16. Berkeley Internet Name Domain (BIND)
16.1. Introduction to DNS
16.1.1. Nameserver Zones
16.1.2. Nameserver Types
16.1.3. BIND as a Nameserver
16.2. /etc/named.conf
16.2.1. Common Statement Types
16.2.2. Other Statement Types
16.2.3. Comment Tags
16.3. Zone Files
16.3.1. Zone File Directives
16.3.2. Zone File Resource Records
16.3.3. Example Zone File
16.3.4. Reverse Name Resolution Zone Files
16.4. Using rndc
16.4.1. Configuring /etc/named.conf
16.4.2. Configuring /etc/rndc.conf
16.4.3. Command Line Options
16.5. Advanced Features of BIND
16.5.1. DNS Protocol Enhancements
16.5.2. Multiple Views
16.5.3. Security
16.5.4. IP version 6
16.6. Common Mistakes to Avoid
16.7. Additional Resources
16.7.1. Installed Documentation
16.7.2. Useful Websites
16.7.3. Related Books
17. OpenSSH
17.1. Features of SSH
17.1.1. Why Use SSH?
17.2. SSH Protocol Versions
17.3. Event Sequence of an SSH Connection
17.3.1. Transport Layer
17.3.2. Authentication
17.3.3. Channels
17.4. Configuring an OpenSSH Server
17.4.1. Requiring SSH for Remote Connections
17.5. OpenSSH Configuration Files
17.6. Configuring an OpenSSH Client
17.6.1. Using the ssh Command
17.6.2. Using the scp Command
17.6.3. Using the sftp Command
17.7. More Than a Secure Shell
17.7.1. X11 Forwarding
17.7.2. Port Forwarding
17.7.3. Generating Key Pairs
17.8. Additional Resources
17.8.1. Installed Documentation
17.8.2. Useful Websites
18. Network File System (NFS)
18.1. How It Works
18.1.1. Required Services
18.2. NFS Client Configuration
18.2.1. Mounting NFS File Systems using /etc/fstab
18.3. autofs
18.3.1. What's new in autofs version 5?
18.3.2. autofs Configuration
18.3.3. autofs Common Tasks
18.4. Common NFS Mount Options
18.5. Starting and Stopping NFS
18.6. NFS Server Configuration
18.6.1. Exporting or Sharing NFS File Systems
18.6.2. Command Line Configuration
18.6.3. Hostname Formats
18.7. The /etc/exports Configuration File
18.7.1. The exportfs Command
18.8. Securing NFS
18.8.1. Host Access
18.8.2. File Permissions
18.9. NFS and portmap
18.9.1. Troubleshooting NFS and portmap
18.10. Using NFS over TCP
18.11. Additional Resources
18.11.1. Installed Documentation
18.11.2. Useful Websites
18.11.3. Related Books
19. Samba
19.1. Introduction to Samba
19.1.1. Samba Features
19.2. Samba Daemons and Related Services
19.2.1. Samba Daemons
19.3. Connecting to a Samba Share
19.3.1. Command Line
19.3.2. Mounting the Share
19.4. Configuring a Samba Server
19.4.1. Graphical Configuration
19.4.2. Command Line Configuration
19.4.3. Encrypted Passwords
19.5. Starting and Stopping Samba
19.6. Samba Server Types and the smb.conf File
19.6.1. Stand-alone Server
19.6.2. Domain Member Server
19.6.3. Domain Controller
19.7. Samba Security Modes
19.7.1. User-Level Security
19.7.2. Share-Level Security
19.8. Samba Account Information Databases
19.9. Samba Network Browsing
19.9.1. Domain Browsing
19.9.2. WINS (Windows Internetworking Name Server)
19.10. Samba with CUPS Printing Support
19.10.1. Simple smb.conf Settings
19.11. Samba Distribution Programs
19.12. Additional Resources
19.12.1. Installed Documentation
19.12.2. Related Books
19.12.3. Useful Websites
20. Dynamic Host Configuration Protocol (DHCP)
20.1. Why Use DHCP?
20.2. Configuring a DHCP Server
20.2.1. Configuration File
20.2.2. Lease Database
20.2.3. Starting and Stopping the Server
20.2.4. DHCP Relay Agent
20.3. Configuring a DHCP Client
20.4. Additional Resources
20.4.1. Installed Documentation
21. Apache HTTP Server
21.1. Apache HTTP Server 2.2
21.1.1. Features of Apache HTTP Server 2.2
21.2. Migrating Apache HTTP Server Configuration Files
21.2.1. Migrating Apache HTTP Server 2.0 Configuration Files
21.2.2. Migrating Apache HTTP Server 1.3 Configuration Files to 2.0
21.3. Starting and Stopping httpd
21.4. Apache HTTP Server Configuration
21.4.1. Basic Settings
21.4.2. Default Settings
21.5. Configuration Directives in httpd.conf
21.5.1. General Configuration Tips
21.5.2. Configuration Directives for SSL
21.5.3. MPM Specific Server-Pool Directives
21.6. Adding Modules
21.7. Virtual Hosts
21.7.1. Setting Up Virtual Hosts
21.8. Apache HTTP Secure Server Configuration
21.8.1. An Overview of Security-Related Packages
21.8.2. An Overview of Certificates and Security
21.8.3. Using Pre-Existing Keys and Certificates
21.8.4. Types of Certificates
21.8.5. Generating a Key
21.8.6. How to configure the server to use the new key
21.9. Additional Resources
21.9.1. Useful Websites
22. FTP
22.1. The File Transport Protocol
22.1.1. Multiple Ports, Multiple Modes
22.2. FTP Servers
22.2.1. vsftpd
22.3. Files Installed with vsftpd
22.4. Starting and Stopping vsftpd
22.4.1. Starting Multiple Copies of vsftpd
22.5. vsftpd Configuration Options
22.5.1. Daemon Options
22.5.2. Log In Options and Access Controls
22.5.3. Anonymous User Options
22.5.4. Local User Options
22.5.5. Directory Options
22.5.6. File Transfer Options
22.5.7. Logging Options
22.5.8. Network Options
22.6. Additional Resources
22.6.1. Installed Documentation
22.6.2. Useful Websites
23. Email
23.1. Email Protocols
23.1.1. Mail Transport Protocols
23.1.2. Mail Access Protocols
23.2. Email Program Classifications
23.2.1. Mail Transport Agent
23.2.2. Mail Delivery Agent
23.2.3. Mail User Agent
23.3. Mail Transport Agents
23.3.1. Sendmail
23.3.2. Postfix
23.3.3. Fetchmail
23.4. Mail Transport Agent (MTA) Configuration
23.5. Mail Delivery Agents
23.5.1. Procmail Configuration
23.5.2. Procmail Recipes
23.6. Mail User Agents
23.6.1. Securing Communication
23.7. Additional Resources
23.7.1. Installed Documentation
23.7.2. Useful Websites
23.7.3. Related Books
24. Lightweight Directory Access Protocol (LDAP)
24.1. Why Use LDAP?
24.1.1. OpenLDAP Features
24.2. LDAP Terminology
24.3. OpenLDAP Daemons and Utilities
24.3.1. NSS, PAM, and LDAP
24.3.2. PHP4, LDAP, and the Apache HTTP Server
24.3.3. LDAP Client Applications
24.4. OpenLDAP Configuration Files
24.5. The /etc/openldap/schema/ Directory
24.6. OpenLDAP Setup Overview
24.6.1. Editing /etc/openldap/slapd.conf
24.7. Configuring a System to Authenticate Using OpenLDAP
24.7.1. PAM and LDAP
24.7.2. Migrating Old Authentication Information to LDAP Format
24.8. Migrating Directories from Earlier Releases
24.9. Additional Resources
24.9.1. Installed Documentation
24.9.2. Useful Websites
24.9.3. Related Books
25. Authentication Configuration
25.1. User Information
25.2. Authentication
25.3. Options
25.4. Command Line Version
IV. System Configuration
26. Console Access
26.1. Disabling Shutdown Via CtrlAltDel
26.2. Disabling Console Program Access
26.3. Defining the Console
26.4. Making Files Accessible From the Console
26.5. Enabling Console Access for Other Applications
26.6. The floppy Group
27. The sysconfig Directory
27.1. Files in the /etc/sysconfig/ Directory
27.1.1. /etc/sysconfig/amd
27.1.2. /etc/sysconfig/apmd
27.1.3. /etc/sysconfig/arpwatch
27.1.4. /etc/sysconfig/authconfig
27.1.5. /etc/sysconfig/autofs
27.1.6. /etc/sysconfig/clock
27.1.7. /etc/sysconfig/desktop
27.1.8. /etc/sysconfig/dhcpd
27.1.9. /etc/sysconfig/exim
27.1.10. /etc/sysconfig/firstboot
27.1.11. /etc/sysconfig/gpm
27.1.12. /etc/sysconfig/hwconf
27.1.13. /etc/sysconfig/i18n
27.1.14. /etc/sysconfig/init
27.1.15. /etc/sysconfig/ip6tables-config
27.1.16. /etc/sysconfig/iptables-config
27.1.17. /etc/sysconfig/irda
27.1.18. /etc/sysconfig/keyboard
27.1.19. /etc/sysconfig/kudzu
27.1.20. /etc/sysconfig/named
27.1.21. /etc/sysconfig/netdump
27.1.22. /etc/sysconfig/network
27.1.23. /etc/sysconfig/ntpd
27.1.24. /etc/sysconfig/radvd
27.1.25. /etc/sysconfig/samba
27.1.26. /etc/sysconfig/selinux
27.1.27. /etc/sysconfig/sendmail
27.1.28. /etc/sysconfig/spamassassin
27.1.29. /etc/sysconfig/squid
27.1.30. /etc/sysconfig/system-config-selinux
27.1.31. /etc/sysconfig/system-config-users
27.1.32. /etc/sysconfig/system-logviewer
27.1.33. /etc/sysconfig/tux
27.1.34. /etc/sysconfig/vncservers
27.1.35. /etc/sysconfig/xinetd
27.2. Directories in the /etc/sysconfig/ Directory
27.3. Additional Resources
27.3.1. Installed Documentation
28. Date and Time Configuration
28.1. Time and Date Properties
28.2. Network Time Protocol (NTP) Properties
28.3. Time Zone Configuration
29. Keyboard Configuration
30. The X Window System
30.1. The X11R7.1 Release
30.2. Desktop Environments and Window Managers
30.2.1. Desktop Environments
30.2.2. Window Managers
30.3. X Server Configuration Files
30.3.1. xorg.conf
30.4. Fonts
30.4.1. Fontconfig
30.4.2. Core X Font System
30.5. Runlevels and X
30.5.1. Runlevel 3
30.5.2. Runlevel 5
30.6. Additional Resources
30.6.1. Installed Documentation
30.6.2. Useful Websites
31. X Window System Configuration
31.1. Display Settings
31.2. Display Hardware Settings
31.3. Dual Head Display Settings
32. Users and Groups
32.1. User and Group Configuration
32.1.1. Adding a New User
32.1.2. Modifying User Properties
32.1.3. Adding a New Group
32.1.4. Modifying Group Properties
32.2. User and Group Management Tools
32.2.1. Command Line Configuration
32.2.2. Adding a User
32.2.3. Adding a Group
32.2.4. Password Aging
32.2.5. Explaining the Process
32.3. Standard Users
32.4. Standard Groups
32.5. User Private Groups
32.5.1. Group Directories
32.6. Shadow Passwords
32.7. Additional Resources
32.7.1. Installed Documentation
33. Printer Configuration
33.1. Adding a Local Printer
33.2. Adding an IPP Printer
33.3. Adding a Samba (SMB) Printer
33.4. Adding a JetDirect Printer
33.5. Selecting the Printer Model and Finishing
33.5.1. Confirming Printer Configuration
33.6. Printing a Test Page
33.7. Modifying Existing Printers
33.7.1. The Settings Tab
33.7.2. The Policies Tab
33.7.3. The Access Control Tab
33.7.4. The Printer and Job OptionsTab
33.8. Managing Print Jobs
33.9. Additional Resources
33.9.1. Installed Documentation
33.9.2. Useful Websites
34. Automated Tasks
34.1. Cron
34.1.1. Configuring Cron Tasks
34.1.2. Controlling Access to Cron
34.1.3. Starting and Stopping the Service
34.2. At and Batch
34.2.1. Configuring At Jobs
34.2.2. Configuring Batch Jobs
34.2.3. Viewing Pending Jobs
34.2.4. Additional Command Line Options
34.2.5. Controlling Access to At and Batch
34.2.6. Starting and Stopping the Service
34.3. Additional Resources
34.3.1. Installed Documentation
35. Log Files
35.1. Locating Log Files
35.2. Viewing Log Files
35.3. Adding a Log File
35.4. Monitoring Log Files
V. System Monitoring
36. SystemTap
36.1. Introduction
36.2. Implementation
36.3. Using SystemTap
36.3.1. Tracing
37. Gathering System Information
37.1. System Processes
37.2. Memory Usage
37.3. File Systems
37.4. Hardware
37.5. Additional Resources
37.5.1. Installed Documentation
38. OProfile
38.1. Overview of Tools
38.2. Configuring OProfile
38.2.1. Specifying the Kernel
38.2.2. Setting Events to Monitor
38.2.3. Separating Kernel and User-space Profiles
38.3. Starting and Stopping OProfile
38.4. Saving Data
38.5. Analyzing the Data
38.5.1. Using opreport
38.5.2. Using opreport on a Single Executable
38.5.3. Getting more detailed output on the modules
38.5.4. Using opannotate
38.6. Understanding /dev/oprofile/
38.7. Example Usage
38.8. Graphical Interface
38.9. Additional Resources
38.9.1. Installed Docs
38.9.2. Useful Websites
VI. Kernel and Driver Configuration
39. Manually Upgrading the Kernel
39.1. Overview of Kernel Packages
39.2. Preparing to Upgrade
39.3. Downloading the Upgraded Kernel
39.4. Performing the Upgrade
39.5. Verifying the Initial RAM Disk Image
39.6. Verifying the Boot Loader
39.6.1. x86 Systems
39.6.2. Itanium Systems
39.6.3. IBM S/390 and IBM System z Systems
39.6.4. IBM eServer iSeries Systems
39.6.5. IBM eServer pSeries Systems
40. General Parameters and Modules
40.1. Kernel Module Utilities
40.2. Persistent Module Loading
40.3. Specifying Module Parameters
40.4. Storage parameters
40.5. Ethernet Parameters
40.5.1. Using Multiple Ethernet Cards
40.5.2. The Channel Bonding Module
40.6. Additional Resources
40.6.1. Installed Documentation
40.6.2. Useful Websites
VII. Security And Authentication
41. Security Overview
41.1. Introduction to Security
41.1.1. What is Computer Security?
41.1.2. Security Controls
41.1.3. Conclusion
41.2. Vulnerability Assessment
41.2.1. Thinking Like the Enemy
41.2.2. Defining Assessment and Testing
41.2.3. Evaluating the Tools
41.3. Attackers and Vulnerabilities
41.3.1. A Quick History of Hackers
41.3.2. Threats to Network Security
41.3.3. Threats to Server Security
41.3.4. Threats to Workstation and Home PC Security
41.4. Common Exploits and Attacks
41.5. Security Updates
41.5.1. Updating Packages
42. Securing Your Network
42.1. Workstation Security
42.1.1. Evaluating Workstation Security
42.1.2. BIOS and Boot Loader Security
42.1.3. Password Security
42.1.4. Administrative Controls
42.1.5. Available Network Services
42.1.6. Personal Firewalls
42.1.7. Security Enhanced Communication Tools
42.2. Server Security
42.2.1. Securing Services With TCP Wrappers and xinetd
42.2.2. Securing Portmap
42.2.3. Securing NIS
42.2.4. Securing NFS
42.2.5. Securing the Apache HTTP Server
42.2.6. Securing FTP
42.2.7. Securing Sendmail
42.2.8. Verifying Which Ports Are Listening
42.3. Single Sign-on (SSO)
42.3.1. Introduction
42.3.2. Getting Started with your new Smart Card
42.3.3. How Smart Card Enrollment Works
42.3.4. How Smart Card Login Works
42.3.5. Configuring Firefox to use Kerberos for SSO
42.4. Pluggable Authentication Modules (PAM)
42.4.1. Advantages of PAM
42.4.2. PAM Configuration Files
42.4.3. PAM Configuration File Format
42.4.4. Sample PAM Configuration Files
42.4.5. Creating PAM Modules
42.4.6. PAM and Administrative Credential Caching
42.4.7. PAM and Device Ownership
42.4.8. Additional Resources
42.5. TCP Wrappers and xinetd
42.5.1. TCP Wrappers
42.5.2. TCP Wrappers Configuration Files
42.5.3. xinetd
42.5.4. xinetd Configuration Files
42.5.5. Additional Resources
42.6. Kerberos
42.6.1. What is Kerberos?
42.6.2. Kerberos Terminology
42.6.3. How Kerberos Works
42.6.4. Kerberos and PAM
42.6.5. Configuring a Kerberos 5 Server
42.6.6. Configuring a Kerberos 5 Client
42.6.7. Domain-to-Realm Mapping
42.6.8. Setting Up Secondary KDCs
42.6.9. Setting Up Cross Realm Authentication
42.6.10. Additional Resources
42.7. Virtual Private Networks (VPNs)
42.7.1. How Does a VPN Work?
42.7.2. VPNs and Red Hat Enterprise Linux
42.7.3. IPsec
42.7.4. Creating an IPsec Connection
42.7.5. IPsec Installation
42.7.6. IPsec Host-to-Host Configuration
42.7.7. IPsec Network-to-Network Configuration
42.7.8. Starting and Stopping an IPsec Connection
42.8. Firewalls
42.8.1. Netfilter and IPTables
42.8.2. Basic Firewall Configuration
42.8.3. Using IPTables
42.8.4. Common IPTables Filtering
42.8.5. FORWARD and NAT Rules
42.8.6. Malicious Software and Spoofed IP Addresses
42.8.7. IPTables and Connection Tracking
42.8.8. IPv6
42.8.9. Additional Resources
42.9. IPTables
42.9.1. Packet Filtering
42.9.2. Differences Between IPTables and IPChains
42.9.3. Command Options for IPTables
42.9.4. Saving IPTables Rules
42.9.5. IPTables Control Scripts
42.9.6. IPTables and IPv6
42.9.7. Additional Resources
43. Security and SELinux
43.1. Access Control Mechanisms (ACMs)
43.1.1. Discretionary Access Control (DAC)
43.1.2. Access Control Lists (ACLs)
43.1.3. Mandatory Access Control (MAC)
43.1.4. Role-based Access Control (RBAC)
43.1.5. Multi-Level Security (MLS)
43.1.6. Multi-Category Security (MCS)
43.2. Introduction to SELinux
43.2.1. SELinux Overview
43.2.2. Files Related to SELinux
43.2.3. Additional Resources
43.3. Brief Background and History of SELinux
43.4. Multi-Category Security (MCS)
43.4.1. Introduction
43.4.2. Applications for Multi-Category Security
43.4.3. SELinux Security Contexts
43.5. Getting Started with Multi-Category Security (MCS)
43.5.1. Introduction
43.5.2. Comparing SELinux and Standard Linux User Identities
43.5.3. Configuring Categories
43.5.4. Assigning Categories to Users
43.5.5. Assigning Categories to Files
43.6. Multi-Level Security (MLS)
43.6.1. Why Multi-Level?
43.6.2. Security Levels, Objects and Subjects
43.6.3. MLS Policy
43.6.4. LSPP Certification
43.7. SELinux Policy Overview
43.7.1. What is the SELinux Policy?
43.7.2. Where is the Policy?
43.7.3. The Role of Policy in the Boot Process
43.7.4. Object Classes and Permissions
43.8. Targeted Policy Overview
43.8.1. What is the Targeted Policy?
43.8.2. Files and Directories of the Targeted Policy
43.8.3. Understanding the Users and Roles in the Targeted Policy
44. Working With SELinux
44.1. End User Control of SELinux
44.1.1. Moving and Copying Files
44.1.2. Checking the Security Context of a Process, User, or File Object
44.1.3. Relabeling a File or Directory
44.1.4. Creating Archives That Retain Security Contexts
44.2. Administrator Control of SELinux
44.2.1. Viewing the Status of SELinux
44.2.2. Relabeling a File System
44.2.3. Managing NFS Home Directories
44.2.4. Granting Access to a Directory or a Tree
44.2.5. Backing Up and Restoring the System
44.2.6. Enabling or Disabling Enforcement
44.2.7. Enable or Disable SELinux
44.2.8. Changing the Policy
44.2.9. Specifying the Security Context of Entire File Systems
44.2.10. Changing the Security Category of a File or User
44.2.11. Running a Command in a Specific Security Context
44.2.12. Useful Commands for Scripts
44.2.13. Changing to a Different Role
44.2.14. When to Reboot
44.3. Analyst Control of SELinux
44.3.1. Enabling Kernel Auditing
44.3.2. Dumping and Viewing Logs
45. Customizing SELinux Policy
45.1. Introduction
45.1.1. Modular Policy
45.2. Building a Local Policy Module
45.2.1. Using audit2allow to Build a Local Policy Module
45.2.2. Analyzing the Type Enforcement (TE) File
45.2.3. Loading the Policy Package
46. References
VIII. Red Hat Training And Certification
47. Red Hat Training and Certification
47.1. Three Ways to Train
47.2. Microsoft Certified Professional Resource Center
48. Certification Tracks
48.1. Free Pre-assessment tests
49. RH033: Red Hat Linux Essentials
49.1. Course Description
49.1.1. Prerequisites
49.1.2. Goal
49.1.3. Audience
49.1.4. Course Objectives
49.1.5. Follow-on Courses
50. RH035: Red Hat Linux Essentials for Windows Professionals
50.1. Course Description
50.1.1. Prerequisites
50.1.2. Goal
50.1.3. Audience
50.1.4. Course Objectives
50.1.5. Follow-on Courses
51. RH133: Red Hat Linux System Administration and Red Hat Certified Technician (RHCT) Certification
51.1. Course Description
51.1.1. Prerequisites
51.1.2. Goal
51.1.3. Audience
51.1.4. Course Objectives
51.1.5. Follow-on Courses
52. RH202 RHCT EXAM - The fastest growing credential in all of Linux.
52.1. Course Description
52.1.1. Prerequisites
53. RH253 Red Hat Linux Networking and Security Administration
53.1. Course Description
53.1.1. Prerequisites
53.1.2. Goal
53.1.3. Audience
53.1.4. Course Objectives
53.1.5. Follow-on Courses
54. RH300: RHCE Rapid track course (and RHCE exam)
54.1. Course Description
54.1.1. Prerequisites
54.1.2. Goal
54.1.3. Audience
54.1.4. Course Objectives
54.1.5. Follow-on Courses
55. RH302 RHCE EXAM
55.1. Course Description
55.1.1. Prerequisites
55.1.2. Content
56. RHS333: RED HAT enterprise security: network services
56.1. Course Description
56.1.1. Prerequisites
56.1.2. Goal
56.1.3. Audience
56.1.4. Course Objectives
56.1.5. Follow-on Courses
57. RH401: Red Hat Enterprise Deployment and systems management
57.1. Course Description
57.1.1. Prerequisites
57.1.2. Goal
57.1.3. Audience
57.1.4. Course Objectives
57.1.5. Follow-on Courses
58. RH423: Red Hat Enterprise Directory services and authentication
58.1. Course Description
58.1.1. Prerequisites
58.1.2. Goal
58.1.3. Audience
58.1.4. Course Objectives
58.1.5. Follow-on Courses
59. SE Linux Courses
59.1. RHS427: Introduction to SELinux and Red Hat Targeted Policy
59.1.1. Audience
59.1.2. Course Summary
59.2. RHS429: Red Hat Enterprise SE Linux Policy Administration
60. RH436: Red Hat Enterprise storage management
60.1. Course Description
60.1.1. Prerequisites
60.1.2. Goal
60.1.3. Audience
60.1.4. Course Objectives
60.1.5. Follow-on Courses
61. RH442: Red Hat Enterprise system monitoring and performance tuning
61.1. Course Description
61.1.1. Prerequisites
61.1.2. Goal
61.1.3. Audience
61.1.4. Course Objectives
61.1.5. Follow-on Courses
62. Red Hat Enterprise Linux Developer Courses
62.1. RHD143: Red Hat Linux Programming Essentials
62.2. RHD221 Red Hat Linux Device Drivers
62.3. RHD236 Red Hat Linux Kernel Internals
62.4. RHD256 Red Hat Linux Application Development and Porting
63. JBoss Courses
63.1. RHD161 JBoss and EJB3 for Java
63.1.1. Prerequisites
63.2. RHD163 JBoss for Web Developers
63.2.1. Prerequisites
63.3. RHD167: JBOSS - HIBERNATE ESSENTIALS
63.3.1. Prerequisites
63.3.2. Course Summary
63.4. RHD267: JBOSS - ADVANCED HIBERNATE
63.4.1. Prerequisites
63.5. RHD261:JBOSS for advanced J2EE developers
63.5.1. Prerequisites
63.6. RH336: JBOSS for Administrators
63.6.1. Prerequisites
63.6.2. Course Summary
63.7. RHD439: JBoss Clustering
63.7.1. Prerequisites
63.8. RHD449: JBoss jBPM
63.8.1. Description
63.8.2. Prerequisites
63.9. RHD451 JBoss Rules
63.9.1. Prerequisites

 
 
  Published under the terms of the GNU General Public License Design by Interspire