This section describes information related to the philosophy of
system administration that is specific to Red Hat Enterprise Linux.
Automation of frequently-performed tasks under Red Hat Enterprise Linux requires
knowledge of several different types of technologies. First are the
commands that control the timing of command or script execution. The
cron and at commands are most
commonly used in these roles.
Incorporating an easy-to-understand yet powerfully flexible time
specification system, cron can schedule the
execution of commands or scripts for recurring intervals ranging in
length from minutes to months. The crontab command
is used to manipulate the files controlling the
cron daemon that actually schedules each
cron job for execution.
The at command (and the closely-related command
batch) are more appropriate for scheduling the
execution of one-time scripts or commands. These commands implement a
rudimentary batch subsystem consisting of multiple queues with varying
scheduling priorities. The priorities are known as
niceness levels (due to the name of the command
— nice). Both at and
batch are perfect for tasks that must start at a
given time but are not time-critical in terms of finishing.
Next are the various scripting languages. These are the
"programming languages" that the average system administrator uses to
automate manual operations. There are many scripting languages (and
each system administrator tends to have a personal favorite), but the
following are currently the most common:
Over and above the obvious differences between these languages,
the biggest difference is in the way in which these languages interact
with other utility programs on a Red Hat Enterprise Linux system. Scripts written with
the bash shell tend to make more extensive use of
the many small utility programs (for example, to perform character
string manipulation), while perl scripts perform
more of these types of operations using features built into the
language itself. A script written using python can
fully exploit the language's object-oriented capabilities, making
complex scripts more easily extensible.
This means that, in order to truly master shell scripting, you
must be familiar with the many utility programs (such as
grep and sed) that are part of
Red Hat Enterprise Linux. Learning perl (and
python), on the other hand, tends to be a more
"self-contained" process. However, many perl
language constructs are based on the syntax of various traditional
UNIX utility programs, and as such are familiar to those Red Hat Enterprise Linux system
administrators with shell scripting experience.
In the areas of documentation and communication, there is little
that is specific to Red Hat Enterprise Linux. Since documentation and communication can
consist of anything from adding comments to a text-based configuration
file to updating a webpage or sending an email, a system administrator
using Red Hat Enterprise Linux must have access to text editors, HTML editors, and mail
Here is a small sample of the many text editors available under
Red Hat Enterprise Linux:
The gedit text editor
The Emacs text editor
The Vim text editor
The gedit text editor is a strictly
graphical application (in other words, it requires an active X Window
System environment), while vim and
Emacs are primarily text-based in
The subject of the best text editor has sparked debate for nearly
as long as computers have existed and will continue to do so.
Therefore, the best approach is to try each editor for yourself, and
use what works best for you.
For HTML editors, system administrators can use the Composer
function of the Mozilla Web browser. Of
course, some system administrators prefer to hand-code their HTML,
making a regular text editor a perfectly acceptable tool as
As far as email is concerned, Red Hat Enterprise Linux includes the
Evolution graphical email client, the
Mozilla email client (which is also
graphical), and mutt, which is text-based.
As with text editors, the choice of an email client tends to be a
personal one; therefore, the best approach is to try each client for
yourself, and use what works best for you.
As stated earlier in this chapter, security cannot be an
afterthought, and security under Red Hat Enterprise Linux is more than skin-deep.
Authentication and access controls are deeply-integrated into the
operating system and are based on designs gleaned from long experience
in the UNIX community.
For authentication, Red Hat Enterprise Linux uses PAM — Pluggable
Authentication Modules. PAM makes it possible to fine-tune user
authentication via the configuration of shared libraries that all
PAM-aware applications use, all without requiring any changes to the
Access control under Red Hat Enterprise Linux uses traditional UNIX-style permissions
(read, write, execute) against user, group, and "everyone else"
classifications. Like UNIX, Red Hat Enterprise Linux also makes use of
setuid and setgid bits
to temporarily confer expanded access rights to processes running a
particular program, based on the ownership of the program file. Of
course, this makes it critical that any program to be run with setuid
or setgid privileges must be carefully audited to ensure that no
exploitable vulnerabilities exist.
Red Hat Enterprise Linux also includes support for access control
lists. An access control list (ACL) is a construct that
allows extremely fine-grained control over what users or groups may
access a file or directory. For example, a file's permissions may
restrict all access by anyone other than the file's owner, yet the
file's ACL can be configured to allow only user
bob to write and group
finance to read the file.
Another aspect of security is being able to keep track of system
activity. Red Hat Enterprise Linux makes extensive use of logging, both at a kernel and
an application level. Logging is controlled by the system logging
daemon syslogd, which can log system information
locally (normally to files in the /var/log/
directory) or to a remote system (which acts as a dedicated log server
for multiple computers.)
Intrusion detection sytems (IDS) are powerful tools for any Red Hat Enterprise Linux
system administrator. An IDS makes it possible for system
administrators to determine whether unauthorized changes were made to
one or more systems. The overall design of the operating system
itself includes IDS-like functionality.
Because Red Hat Enterprise Linux is installed using the RPM Package Manager (RPM),
it is possible to use RPM to verify whether any changes have been made
to the packages comprising the operating system. However, because RPM
is primarily a package management tool, its abilities as an IDS are
somewhat limited. Even so, it can be a good first step toward
monitoring a Red Hat Enterprise Linux system for unauthorized modifications.