Red Hat Enterprise Linux

Deployment Guide
5.2

Deployment_Guide
ISBN: N/A
Publication date: January 2008


Red Hat Enterprise Linux

This Deployment Guide documents relevant information regarding the deployment,
configuration and administration of Red Hat Enterprise Linux 5.2.


Red Hat Enterprise Linux: Deployment Guide
Copyright © 2008 Red Hat, Inc.
Copyright © 2008 Red Hat, Inc. This material may only be distributed subject to the terms and conditions set forth in the
Open Publication License, V1.0 or later with the restrictions noted below (the latest version of the OPL is presently
available at />Distribution of substantively modified versions of this document is prohibited without the explicit permission of the
copyright holder.
Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is
prohibited unless prior permission is obtained from the copyright holder.
Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other
countries.
All other trademarks referenced herein are the property of their respective owners.
The GPG fingerprint of the key is:
CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E

1801 Varsity Drive

Raleigh, NC 27606-2072
USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588
Research Triangle Park, NC 27709
USA


Red Hat Enterprise Linux


Introduction ............................................................................................................ xxv
1. Document Conventions ............................................................................... xxv
2. Send in Your Feedback ...............................................................................xxix
I. File Systems ........................................................................................................... 1
1. File System Structure ..................................................................................... 3
1. Why Share a Common Structure? ........................................................... 3
2. Overview of File System Hierarchy Standard (FHS) ................................. 3
2.1. FHS Organization ........................................................................ 3
3. Special File Locations Under Red Hat Enterprise Linux ............................ 8
2. The ext3 File System ...................................................................................... 9
1. Features of ext3 ..................................................................................... 9
2. Creating an ext3 File System .................................................................. 9
3. Converting to an ext3 File System ..........................................................10
4. Reverting to an ext2 File System ............................................................11
3. The proc File System ....................................................................................13
1. A Virtual File System .............................................................................13
1.1. Viewing Virtual Files ...................................................................13

1.2. Changing Virtual Files ................................................................14
2. Top-level Files within the proc File System .............................................14
2.1. /proc/apm .................................................................................15
2.2. /proc/buddyinfo ......................................................................16
2.3. /proc/cmdline ..........................................................................16
2.4. /proc/cpuinfo ..........................................................................16
2.5. /proc/crypto ...........................................................................17
2.6. /proc/devices ..........................................................................18
2.7. /proc/dma .................................................................................19
2.8. /proc/execdomains ..................................................................19
2.9. /proc/fb ...................................................................................19
2.10. /proc/filesystems .................................................................19
2.11. /proc/interrupts ..................................................................20
2.12. /proc/iomem ...........................................................................21
2.13. /proc/ioports ........................................................................22
2.14. /proc/kcore ...........................................................................22
2.15. /proc/kmsg .............................................................................23
2.16. /proc/loadavg ........................................................................23
2.17. /proc/locks ...........................................................................23
2.18. /proc/mdstat ..........................................................................24
2.19. /proc/meminfo ........................................................................24
2.20. /proc/misc .............................................................................26
2.21. /proc/modules ........................................................................26
2.22. /proc/mounts ..........................................................................27
2.23. /proc/mtrr .............................................................................28
2.24. /proc/partitions ..................................................................28
2.25. /proc/pci ...............................................................................29
2.26. /proc/slabinfo ......................................................................30
2.27. /proc/stat .............................................................................31


v


Red Hat Enterprise Linux

2.28. /proc/swaps ...........................................................................32
2.29. /proc/sysrq-trigger .............................................................32
2.30. /proc/uptime ..........................................................................33
2.31. /proc/version ........................................................................33
3. Directories within /proc/ .......................................................................33
3.1. Process Directories ....................................................................33
3.2. /proc/bus/ ...............................................................................36
3.3. /proc/driver/ ..........................................................................37
3.4. /proc/fs ...................................................................................37
3.5. /proc/ide/ ...............................................................................37
3.6. /proc/irq/ ...............................................................................39
3.7. /proc/net/ ...............................................................................39
3.8. /proc/scsi/ .............................................................................41
3.9. /proc/sys/ ...............................................................................43
3.10. /proc/sysvipc/ ......................................................................55
3.11. /proc/tty/ .............................................................................55
4. Using the sysctl Command ..................................................................56
5. Additional Resources ............................................................................57
5.1. Installed Documentation .............................................................57
5.2. Useful Websites .........................................................................57
4. Redundant Array of Independent Disks (RAID) ...............................................59
1. What is RAID? ......................................................................................59
2. Who Should Use RAID? ........................................................................59
3. Hardware RAID versus Software RAID ...................................................59
3.1. Hardware RAID ..........................................................................59

3.2. Software RAID ...........................................................................60
4. RAID Levels and Linear Support ............................................................60
5. Configuring Software RAID ....................................................................61
5.1. Creating the RAID Partitions .......................................................62
5.2. Creating the RAID Devices and Mount Points ..............................66
5. Swap Space .................................................................................................73
1. What is Swap Space? ...........................................................................73
2. Adding Swap Space ..............................................................................74
2.1. Extending Swap on an LVM2 Logical Volume ..............................74
2.2. Creating an LVM2 Logical Volume for Swap ................................74
2.3. Creating a Swap File ..................................................................75
3. Removing Swap Space .........................................................................76
3.1. Reducing Swap on an LVM2 Logical Volume ...............................76
3.2. Removing an LVM2 Logical Volume for Swap ..............................77
3.3. Removing a Swap File ................................................................77
4. Moving Swap Space .............................................................................78
6. Managing Disk Storage .................................................................................79
1. Standard Partitions using parted ...........................................................79
1.1. Viewing the Partition Table .........................................................80
1.2. Creating a Partition .....................................................................82
1.3. Removing a Partition ..................................................................84
1.4. Resizing a Partition ....................................................................85
vi


2. LVM Partition Management ...................................................................85
7. Implementing Disk Quotas .............................................................................89
1. Configuring Disk Quotas ........................................................................89
1.1. Enabling Quotas ........................................................................89
1.2. Remounting the File Systems ......................................................90

1.3. Creating the Quota Database Files ..............................................90
1.4. Assigning Quotas per User .........................................................91
1.5. Assigning Quotas per Group .......................................................92
1.6. Setting the Grace Period for Soft Limits .......................................93
2. Managing Disk Quotas ..........................................................................93
2.1. Enabling and Disabling ...............................................................93
2.2. Reporting on Disk Quotas ...........................................................94
2.3. Keeping Quotas Accurate ...........................................................94
3. Additional Resources ............................................................................95
3.1. Installed Documentation .............................................................95
3.2. Related Books ...........................................................................95
8. Access Control Lists ......................................................................................97
1. Mounting File Systems ..........................................................................97
1.1. NFS ..........................................................................................97
2. Setting Access ACLs .............................................................................98
3. Setting Default ACLs .............................................................................99
4. Retrieving ACLs ....................................................................................99
5. Archiving File Systems With ACLs .......................................................100
6. Compatibility with Older Systems .........................................................100
7. Additional Resources ..........................................................................101
7.1. Installed Documentation ...........................................................101
7.2. Useful Websites .......................................................................101
9. LVM (Logical Volume Manager) ...................................................................103
1. What is LVM? .....................................................................................103
1.1. What is LVM2? ........................................................................104
2. LVM Configuration ..............................................................................104
3. Automatic Partitioning .........................................................................105
4. Manual LVM Partitioning ......................................................................107
4.1. Creating the /boot/ Partition ....................................................107
4.2. Creating the LVM Physical Volumes ..........................................109

4.3. Creating the LVM Volume Groups .............................................111
4.4. Creating the LVM Logical Volumes ............................................112
5. Using the LVM utility system-config-lvm ............................................115
5.1. Utilizing uninitialized entities ......................................................118
5.2. Adding Unallocated Volumes to a volume group .........................119
5.3. Migrating extents ......................................................................122
5.4. Adding a new hard disk using LVM ............................................124
5.5. Adding a new volume group ......................................................124
5.6. Extending a volume group ........................................................126
5.7. Editing a Logical Volume ..........................................................127
6. Additional Resources ..........................................................................130
6.1. Installed Documentation ...........................................................130
vii


Red Hat Enterprise Linux

6.2. Useful Websites .......................................................................130
II. Package Management .........................................................................................131
10. Package Management with RPM ...............................................................133
1. RPM Design Goals ..............................................................................133
2. Using RPM .........................................................................................134
2.1. Finding RPM Packages ............................................................134
2.2. Installing ..................................................................................135
2.3. Uninstalling ..............................................................................137
2.4. Upgrading ................................................................................138
2.5. Freshening ..............................................................................139
2.6. Querying ..................................................................................139
2.7. Verifying ..................................................................................140
3. Checking a Package's Signature ..........................................................141

3.1. Importing Keys .........................................................................142
3.2. Verifying Signature of Packages ................................................142
4. Practical and Common Examples of RPM Usage ..................................143
5. Additional Resources ..........................................................................144
5.1. Installed Documentation ...........................................................145
5.2. Useful Websites .......................................................................145
5.3. Related Books .........................................................................145
11. Package Management Tool .....................................................................147
1. Listing and Analyzing Packages ...........................................................148
2. Installing and Removing Packages .......................................................149
12. YUM (Yellowdog Updater Modified) ............................................................155
1. Setting Up a yum Repository ................................................................155
2. yum Commands ...................................................................................155
3. yum Options ........................................................................................156
4. Configuring yum ..................................................................................157
4.1. [main] Options ........................................................................157
4.2. [repository] Options .............................................................158
5. Useful yum Variables ...........................................................................160
13. Red Hat Network .......................................................................................161
III. Network-Related Configuration ...........................................................................165
14. Network Interfaces ....................................................................................167
1. Network Configuration Files .................................................................167
2. Interface Configuration Files ................................................................168
2.1. Ethernet Interfaces ...................................................................168
2.2. IPsec Interfaces .......................................................................171
2.3. Channel Bonding Interfaces ......................................................173
2.4. Alias and Clone Files ................................................................173
2.5. Dialup Interfaces ......................................................................174
2.6. Other Interfaces .......................................................................176
3. Interface Control Scripts ......................................................................177

4. Configuring Static Routes ....................................................................179
5. Network Function Files ........................................................................181
6. Additional Resources ..........................................................................181
6.1. Installed Documentation ...........................................................181
viii


15. Network Configuration ...............................................................................183
1. Overview ............................................................................................184
2. Establishing an Ethernet Connection ....................................................185
3. Establishing an ISDN Connection .........................................................188
4. Establishing a Modem Connection .......................................................190
5. Establishing an xDSL Connection ........................................................192
6. Establishing a Token Ring Connection .................................................198
7. Establishing a Wireless Connection ......................................................201
8. Managing DNS Settings ......................................................................203
9. Managing Hosts ..................................................................................205
10. Working with Profiles .........................................................................206
11. Device Aliases ..................................................................................210
12. Saving and Restoring the Network Configuration .................................212
16. Controlling Access to Services ...................................................................213
1. Runlevels ...........................................................................................214
2. TCP Wrappers ....................................................................................215
2.1. xinetd ....................................................................................215
3. Services Configuration Tool .............................................................215
4. ntsysv ...............................................................................................218
5. chkconfig ..........................................................................................220
6. Additional Resources ..........................................................................221
6.1. Installed Documentation ...........................................................221
6.2. Useful Websites .......................................................................221

17. Berkeley Internet Name Domain (BIND) .....................................................223
1. Introduction to DNS .............................................................................223
1.1. Nameserver Zones ...................................................................223
1.2. Nameserver Types ...................................................................224
1.3. BIND as a Nameserver .............................................................225
2. /etc/named.conf ...............................................................................225
2.1. Common Statement Types .......................................................226
2.2. Other Statement Types .............................................................231
2.3. Comment Tags ........................................................................233
3. Zone Files ..........................................................................................233
3.1. Zone File Directives ..................................................................234
3.2. Zone File Resource Records .....................................................234
3.3. Example Zone File ...................................................................238
3.4. Reverse Name Resolution Zone Files ........................................238
4. Using rndc .........................................................................................239
4.1. Configuring /etc/named.conf ..................................................239
4.2. Configuring /etc/rndc.conf ....................................................240
4.3. Command Line Options ............................................................241
5. Advanced Features of BIND ................................................................242
5.1. DNS Protocol Enhancements ....................................................242
5.2. Multiple Views ..........................................................................242
5.3. Security ...................................................................................243
5.4. IP version 6 .............................................................................243
6. Common Mistakes to Avoid .................................................................243
ix


Red Hat Enterprise Linux

7. Additional Resources ..........................................................................244

7.1. Installed Documentation ...........................................................244
7.2. Useful Websites .......................................................................245
7.3. Related Books .........................................................................245
18. OpenSSH .................................................................................................247
1. Features of SSH .................................................................................247
1.1. Why Use SSH? ........................................................................248
2. SSH Protocol Versions ........................................................................248
3. Event Sequence of an SSH Connection ................................................249
3.1. Transport Layer ........................................................................249
3.2. Authentication ..........................................................................250
3.3. Channels .................................................................................250
4. Configuring an OpenSSH Server ..........................................................251
4.1. Requiring SSH for Remote Connections ....................................251
5. OpenSSH Configuration Files ..............................................................252
6. Configuring an OpenSSH Client ...........................................................253
6.1. Using the ssh Command ..........................................................253
6.2. Using the scp Command ..........................................................254
6.3. Using the sftp Command .........................................................255
7. More Than a Secure Shell ...................................................................255
7.1. X11 Forwarding ........................................................................256
7.2. Port Forwarding .......................................................................256
7.3. Generating Key Pairs ...............................................................258
8. Additional Resources ..........................................................................262
8.1. Installed Documentation ...........................................................262
8.2. Useful Websites .......................................................................262
19. Network File System (NFS) ........................................................................263
1. How It Works ......................................................................................263
1.1. Required Services ....................................................................264
2. NFS Client Configuration .....................................................................265
2.1. Mounting NFS File Systems using /etc/fstab ..........................265

3. autofs ...............................................................................................266
3.1. What's new in autofs version 5? ..............................................267
3.2. autofs Configuration ................................................................268
3.3. autofs Common Tasks ............................................................269
4. Common NFS Mount Options ..............................................................274
5. Starting and Stopping NFS ..................................................................275
6. NFS Server Configuration ....................................................................277
6.1. Exporting or Sharing NFS File Systems .....................................278
6.2. Command Line Configuration ....................................................281
6.3. Hostname Formats ...................................................................282
7. The /etc/exports Configuration File ...................................................283
7.1. The exportfs Command ..........................................................285
8. Securing NFS .....................................................................................287
8.1. Host Access .............................................................................287
8.2. File Permissions .......................................................................289
9. NFS and portmap ...............................................................................289
x


9.1. Troubleshooting NFS and portmap ............................................289
10. Using NFS over TCP .........................................................................290
11. Additional Resources .........................................................................291
11.1. Installed Documentation .........................................................291
11.2. Useful Websites .....................................................................292
11.3. Related Books ........................................................................292
20. Samba .....................................................................................................293
1. Introduction to Samba .........................................................................293
1.1. Samba Features ......................................................................293
2. Samba Daemons and Related Services ................................................294
2.1. Samba Daemons .....................................................................294

3. Connecting to a Samba Share .............................................................295
3.1. Command Line ........................................................................296
3.2. Mounting the Share ..................................................................297
4. Configuring a Samba Server ................................................................297
4.1. Graphical Configuration ............................................................297
4.2. Command Line Configuration ....................................................303
4.3. Encrypted Passwords ...............................................................303
5. Starting and Stopping Samba ..............................................................303
6. Samba Server Types and the smb.conf File .........................................305
6.1. Stand-alone Server ..................................................................305
6.2. Domain Member Server ............................................................307
6.3. Domain Controller ....................................................................310
7. Samba Security Modes .......................................................................311
7.1. User-Level Security ..................................................................312
7.2. Share-Level Security ................................................................313
8. Samba Account Information Databases ................................................313
9. Samba Network Browsing ....................................................................315
9.1. Domain Browsing .....................................................................315
9.2. WINS (Windows Internetworking Name Server) .........................315
10. Samba with CUPS Printing Support ....................................................316
10.1. Simple smb.conf Settings .......................................................316
11. Samba Distribution Programs ............................................................317
12. Additional Resources .........................................................................322
12.1. Installed Documentation .........................................................322
12.2. Related Books ........................................................................322
12.3. Useful Websites .....................................................................322
21. Dynamic Host Configuration Protocol (DHCP) .............................................325
1. Why Use DHCP? ................................................................................325
2. Configuring a DHCP Server .................................................................325
2.1. Configuration File .....................................................................325

2.2. Lease Database .......................................................................329
2.3. Starting and Stopping the Server ...............................................330
2.4. DHCP Relay Agent ...................................................................331
3. Configuring a DHCP Client ..................................................................331
4. Additional Resources ..........................................................................333
4.1. Installed Documentation ...........................................................333
xi


Red Hat Enterprise Linux

22. Apache HTTP Server ................................................................................335
1. Apache HTTP Server 2.2 .....................................................................335
1.1. Features of Apache HTTP Server 2.2 ........................................335
2. Migrating Apache HTTP Server Configuration Files ...............................336
2.1. Migrating Apache HTTP Server 2.0 Configuration Files ...............336
2.2. Migrating Apache HTTP Server 1.3 Configuration Files to 2.0 .....336
3. Starting and Stopping httpd ................................................................348
4. Apache HTTP Server Configuration .....................................................350
4.1. Basic Settings ..........................................................................351
4.2. Default Settings ........................................................................352
5. Configuration Directives in httpd.conf ................................................365
5.1. General Configuration Tips .......................................................365
5.2. Configuration Directives for SSL ................................................380
5.3. MPM Specific Server-Pool Directives .........................................381
6. Adding Modules ..................................................................................382
7. Virtual Hosts .......................................................................................383
7.1. Setting Up Virtual Hosts ............................................................383
8. Apache HTTP Secure Server Configuration ..........................................384
8.1. An Overview of Security-Related Packages ...............................385

8.2. An Overview of Certificates and Security ...................................385
8.3. Using Pre-Existing Keys and Certificates ...................................386
8.4. Types of Certificates .................................................................387
8.5. Generating a Key .....................................................................388
8.6. How to configure the server to use the new key ..........................397
9. Additional Resources ..........................................................................398
9.1. Useful Websites .......................................................................398
23. FTP ..........................................................................................................399
1. The File Transport Protocol .................................................................399
1.1. Multiple Ports, Multiple Modes ...................................................399
2. FTP Servers .......................................................................................400
2.1. vsftpd ....................................................................................400
3. Files Installed with vsftpd ...................................................................401
4. Starting and Stopping vsftpd ..............................................................401
4.1. Starting Multiple Copies of vsftpd ............................................402
5. vsftpd Configuration Options ..............................................................403
5.1. Daemon Options ......................................................................404
5.2. Log In Options and Access Controls ..........................................405
5.3. Anonymous User Options .........................................................406
5.4. Local User Options ...................................................................407
5.5. Directory Options .....................................................................408
5.6. File Transfer Options ................................................................409
5.7. Logging Options .......................................................................410
5.8. Network Options ......................................................................411
6. Additional Resources ..........................................................................414
6.1. Installed Documentation ...........................................................414
6.2. Useful Websites .......................................................................414
24. Email ........................................................................................................415
xii



1. Email Protocols ...................................................................................415
1.1. Mail Transport Protocols ...........................................................415
1.2. Mail Access Protocols ..............................................................416
2. Email Program Classifications ..............................................................418
2.1. Mail Transport Agent ................................................................418
2.2. Mail Delivery Agent ..................................................................419
2.3. Mail User Agent .......................................................................419
3. Mail Transport Agents .........................................................................419
3.1. Sendmail .................................................................................419
3.2. Postfix .....................................................................................425
3.3. Fetchmail .................................................................................426
4. Mail Transport Agent (MTA) Configuration ............................................431
5. Mail Delivery Agents ...........................................................................432
5.1. Procmail Configuration .............................................................433
5.2. Procmail Recipes .....................................................................434
6. Mail User Agents ................................................................................439
6.1. Securing Communication ..........................................................440
7. Additional Resources ..........................................................................441
7.1. Installed Documentation ...........................................................442
7.2. Useful Websites .......................................................................442
7.3. Related Books .........................................................................443
25. Lightweight Directory Access Protocol (LDAP) ............................................445
1. Why Use LDAP? .................................................................................445
1.1. OpenLDAP Features ................................................................446
2. LDAP Terminology ..............................................................................446
3. OpenLDAP Daemons and Utilities ........................................................447
3.1. NSS, PAM, and LDAP ..............................................................449
3.2. PHP4, LDAP, and the Apache HTTP Server ..............................450
3.3. LDAP Client Applications ..........................................................450

4. OpenLDAP Configuration Files ............................................................450
5. The /etc/openldap/schema/ Directory ...............................................451
6. OpenLDAP Setup Overview .................................................................452
6.1. Editing /etc/openldap/slapd.conf .........................................453
7. Configuring a System to Authenticate Using OpenLDAP ........................454
7.1. PAM and LDAP ........................................................................455
7.2. Migrating Old Authentication Information to LDAP Format ...........455
8. Migrating Directories from Earlier Releases ..........................................456
9. Additional Resources ..........................................................................457
9.1. Installed Documentation ...........................................................457
9.2. Useful Websites .......................................................................458
9.3. Related Books .........................................................................458
26. Authentication Configuration ......................................................................459
1. User Information .................................................................................459
2. Authentication .....................................................................................462
3. Options ..............................................................................................465
4. Command Line Version .......................................................................466
IV. System Configuration .........................................................................................471
xiii


Red Hat Enterprise Linux

27. Console Access ........................................................................................473
1. Disabling Shutdown Via Ctrl-Alt-Del ....................................................473
2. Disabling Console Program Access ......................................................474
3. Defining the Console ...........................................................................474
4. Making Files Accessible From the Console ...........................................474
5. Enabling Console Access for Other Applications ...................................476
6. The floppy Group ..............................................................................477

28. The sysconfig Directory ...........................................................................479
1. Files in the /etc/sysconfig/ Directory ................................................479
1.1. /etc/sysconfig/amd ...............................................................479
1.2. /etc/sysconfig/apmd .............................................................479
1.3. /etc/sysconfig/arpwatch ......................................................479
1.4. /etc/sysconfig/authconfig ..................................................480
1.5. /etc/sysconfig/autofs .........................................................480
1.6. /etc/sysconfig/clock ...........................................................480
1.7. /etc/sysconfig/desktop .......................................................481
1.8. /etc/sysconfig/dhcpd ...........................................................482
1.9. /etc/sysconfig/exim .............................................................482
1.10. /etc/sysconfig/firstboot ..................................................482
1.11. /etc/sysconfig/gpm .............................................................483
1.12. /etc/sysconfig/hwconf .......................................................483
1.13. /etc/sysconfig/i18n ...........................................................483
1.14. /etc/sysconfig/init ...........................................................483
1.15. /etc/sysconfig/ip6tables-config .....................................484
1.16. /etc/sysconfig/iptables-config .......................................484
1.17. /etc/sysconfig/irda ...........................................................485
1.18. /etc/sysconfig/keyboard ....................................................485
1.19. /etc/sysconfig/kudzu .........................................................486
1.20. /etc/sysconfig/named .........................................................486
1.21. /etc/sysconfig/network ......................................................486
1.22. /etc/sysconfig/nfs .............................................................487
1.23. /etc/sysconfig/ntpd ...........................................................488
1.24. /etc/sysconfig/radvd .........................................................488
1.25. /etc/sysconfig/samba .........................................................488
1.26. /etc/sysconfig/selinux ......................................................489
1.27. /etc/sysconfig/sendmail ....................................................489
1.28. /etc/sysconfig/spamassassin .............................................489

1.29. /etc/sysconfig/squid .........................................................489
1.30. /etc/sysconfig/system-config-securitylevel ..................489
1.31. /etc/sysconfig/system-config-selinux ............................490
1.32. /etc/sysconfig/system-config-users ................................490
1.33. /etc/sysconfig/system-logviewer .....................................490
1.34. /etc/sysconfig/tux .............................................................490
1.35. /etc/sysconfig/vncservers ................................................490
1.36. /etc/sysconfig/xinetd .......................................................491
2. Directories in the /etc/sysconfig/ Directory .......................................491
3. Additional Resources ..........................................................................492
xiv


3.1. Installed Documentation ...........................................................492
29. Date and Time Configuration .....................................................................493
1. Time and Date Properties ....................................................................493
2. Network Time Protocol (NTP) Properties ..............................................495
3. Time Zone Configuration .....................................................................496
30. Keyboard Configuration .............................................................................499
31. The X Window System ..............................................................................501
1. The X11R7.1 Release .........................................................................501
2. Desktop Environments and Window Managers .....................................502
2.1. Desktop Environments ..............................................................502
2.2. Window Managers ...................................................................503
3. X Server Configuration Files ................................................................504
3.1. xorg.conf ...............................................................................504
4. Fonts ..................................................................................................512
4.1. Fontconfig ................................................................................512
4.2. Core X Font System .................................................................514
5. Runlevels and X ..................................................................................515

5.1. Runlevel 3 ...............................................................................516
5.2. Runlevel 5 ...............................................................................516
6. Additional Resources ..........................................................................517
6.1. Installed Documentation ...........................................................517
6.2. Useful Websites .......................................................................518
32. X Window System Configuration ................................................................519
1. Display Settings ..................................................................................519
2. Display Hardware Settings ...................................................................520
3. Dual Head Display Settings .................................................................521
33. Users and Groups .....................................................................................523
1. User and Group Configuration .............................................................523
1.1. Adding a New User ..................................................................524
1.2. Modifying User Properties .........................................................526
1.3. Adding a New Group ................................................................528
1.4. Modifying Group Properties .......................................................528
2. User and Group Management Tools .....................................................529
2.1. Command Line Configuration ....................................................530
2.2. Adding a User ..........................................................................530
2.3. Adding a Group ........................................................................531
2.4. Password Aging .......................................................................531
2.5. Explaining the Process .............................................................534
3. Standard Users ...................................................................................535
4. Standard Groups ................................................................................537
5. User Private Groups ............................................................................539
5.1. Group Directories .....................................................................539
6. Shadow Passwords .............................................................................540
7. Additional Resources ..........................................................................541
7.1. Installed Documentation ...........................................................541
34. Printer Configuration .................................................................................543
1. Adding a Local Printer .........................................................................544

xv


Red Hat Enterprise Linux

2. Adding an IPP Printer ..........................................................................546
3. Adding a Samba (SMB) Printer ............................................................547
4. Adding a JetDirect Printer ....................................................................549
5. Selecting the Printer Model and Finishing .............................................550
5.1. Confirming Printer Configuration ...............................................551
6. Printing a Test Page ............................................................................551
7. Modifying Existing Printers ...................................................................552
7.1. The Settings Tab .....................................................................552
7.2. The Policies Tab .....................................................................553
7.3. The Access Control Tab .........................................................553
7.4. The Printer and Job OptionsTab .............................................554
8. Managing Print Jobs ...........................................................................555
9. Additional Resources ..........................................................................557
9.1. Installed Documentation ...........................................................557
9.2. Useful Websites .......................................................................557
35. Automated Tasks ......................................................................................559
1. Cron ...................................................................................................559
1.1. Configuring Cron Tasks ............................................................559
1.2. Controlling Access to Cron ........................................................561
1.3. Starting and Stopping the Service .............................................561
2. At and Batch .......................................................................................561
2.1. Configuring At Jobs ..................................................................562
2.2. Configuring Batch Jobs .............................................................563
2.3. Viewing Pending Jobs ..............................................................563
2.4. Additional Command Line Options .............................................563

2.5. Controlling Access to At and Batch ............................................563
2.6. Starting and Stopping the Service .............................................564
3. Additional Resources ..........................................................................564
3.1. Installed Documentation ...........................................................564
36. Log Files ..................................................................................................565
1. Locating Log Files ...............................................................................565
2. Viewing Log Files ................................................................................565
3. Adding a Log File ................................................................................568
4. Monitoring Log Files ............................................................................569
V. System Monitoring ..............................................................................................573
37. SystemTap ...............................................................................................575
1. Introduction ........................................................................................575
2. Implementation ...................................................................................575
3. Using SystemTap ................................................................................576
3.1. Tracing ....................................................................................576
38. Gathering System Information ....................................................................579
1. System Processes ..............................................................................579
2. Memory Usage ...................................................................................582
3. File Systems .......................................................................................583
4. Hardware ...........................................................................................585
5. Additional Resources ..........................................................................588
5.1. Installed Documentation ...........................................................588
xvi


39. OProfile ....................................................................................................589
1. Overview of Tools ...............................................................................590
2. Configuring OProfile ............................................................................590
2.1. Specifying the Kernel ................................................................590
2.2. Setting Events to Monitor ..........................................................591

2.3. Separating Kernel and User-space Profiles ................................594
3. Starting and Stopping OProfile .............................................................595
4. Saving Data ........................................................................................595
5. Analyzing the Data ..............................................................................596
5.1. Using opreport .......................................................................597
5.2. Using opreport on a Single Executable ....................................597
5.3. Getting more detailed output on the modules .............................598
5.4. Using opannotate ....................................................................600
6. Understanding /dev/oprofile/ ..........................................................600
7. Example Usage ..................................................................................601
8. Graphical Interface ..............................................................................601
9. Additional Resources ..........................................................................603
9.1. Installed Docs ..........................................................................603
9.2. Useful Websites .......................................................................604
VI. Kernel and Driver Configuration ..........................................................................605
40. Manually Upgrading the Kernel ..................................................................607
1. Overview of Kernel Packages ..............................................................607
2. Preparing to Upgrade ..........................................................................608
3. Downloading the Upgraded Kernel .......................................................609
4. Performing the Upgrade ......................................................................610
5. Verifying the Initial RAM Disk Image .....................................................610
6. Verifying the Boot Loader ....................................................................611
6.1. x86 Systems ............................................................................611
6.2. Itanium Systems ......................................................................612
6.3. IBM S/390 and IBM System z Systems ......................................612
6.4. IBM eServer iSeries Systems ....................................................613
6.5. IBM eServer pSeries Systems ...................................................613
41. General Parameters and Modules ..............................................................615
1. Kernel Module Utilities .........................................................................615
2. Persistent Module Loading ..................................................................618

3. Specifying Module Parameters ............................................................618
4. Storage parameters ............................................................................619
5. Ethernet Parameters ...........................................................................625
5.1. Using Multiple Ethernet Cards ...................................................632
5.2. The Channel Bonding Module ...................................................632
6. Additional Resources ..........................................................................637
6.1. Installed Documentation ...........................................................637
6.2. Useful Websites .......................................................................637
VII. Security And Authentication ...............................................................................639
42. Security Overview .....................................................................................641
1. Introduction to Security ........................................................................641
1.1. What is Computer Security? ......................................................641
xvii


Red Hat Enterprise Linux

1.2. Security Controls ......................................................................643
1.3. Conclusion ...............................................................................644
2. Vulnerability Assessment .....................................................................644
2.1. Thinking Like the Enemy ...........................................................645
2.2. Defining Assessment and Testing .............................................646
2.3. Evaluating the Tools .................................................................647
3. Attackers and Vulnerabilities ................................................................650
3.1. A Quick History of Hackers .......................................................650
3.2. Threats to Network Security ......................................................651
3.3. Threats to Server Security ........................................................652
3.4. Threats to Workstation and Home PC Security ...........................654
4. Common Exploits and Attacks .............................................................655
5. Security Updates ................................................................................658

5.1. Updating Packages ..................................................................658
43. Securing Your Network ..............................................................................665
1. Workstation Security ...........................................................................665
1.1. Evaluating Workstation Security ................................................665
1.2. BIOS and Boot Loader Security .................................................665
1.3. Password Security ...................................................................668
1.4. Administrative Controls .............................................................674
1.5. Available Network Services .......................................................681
1.6. Personal Firewalls ....................................................................686
1.7. Security Enhanced Communication Tools ..................................686
2. Server Security ...................................................................................687
2.1. Securing Services With TCP Wrappers and xinetd .....................687
2.2. Securing Portmap ....................................................................691
2.3. Securing NIS ...........................................................................692
2.4. Securing NFS ..........................................................................695
2.5. Securing the Apache HTTP Server ............................................696
2.6. Securing FTP ...........................................................................697
2.7. Securing Sendmail ...................................................................700
2.8. Verifying Which Ports Are Listening ...........................................702
3. Single Sign-on (SSO) ..........................................................................704
3.1. Introduction ..............................................................................704
3.2. Getting Started with your new Smart Card .................................705
3.3. How Smart Card Enrollment Works ...........................................707
3.4. How Smart Card Login Works ...................................................708
3.5. Configuring Firefox to use Kerberos for SSO ..............................709
4. Pluggable Authentication Modules (PAM) .............................................712
4.1. Advantages of PAM ..................................................................712
4.2. PAM Configuration Files ...........................................................713
4.3. PAM Configuration File Format .................................................713
4.4. Sample PAM Configuration Files ...............................................716

4.5. Creating PAM Modules .............................................................718
4.6. PAM and Administrative Credential Caching ..............................718
4.7. PAM and Device Ownership .....................................................720
4.8. Additional Resources ................................................................721
xviii


5. TCP Wrappers and xinetd ....................................................................723
5.1. TCP Wrappers .........................................................................724
5.2. TCP Wrappers Configuration Files ............................................726
5.3. xinetd ......................................................................................734
5.4. xinetd Configuration Files .........................................................735
5.5. Additional Resources ................................................................741
6. Kerberos ............................................................................................743
6.1. What is Kerberos? ....................................................................743
6.2. Kerberos Terminology ..............................................................744
6.3. How Kerberos Works ................................................................746
6.4. Kerberos and PAM ...................................................................747
6.5. Configuring a Kerberos 5 Server ...............................................748
6.6. Configuring a Kerberos 5 Client .................................................750
6.7. Domain-to-Realm Mapping .......................................................752
6.8. Setting Up Secondary KDCs .....................................................753
6.9. Setting Up Cross Realm Authentication .....................................755
6.10. Additional Resources ..............................................................759
7. Virtual Private Networks (VPNs) ...........................................................761
7.1. How Does a VPN Work? ...........................................................761
7.2. VPNs and Red Hat Enterprise Linux ..........................................762
7.3. IPsec .......................................................................................762
7.4. Creating an IPsec Connection ...................................................762
7.5. IPsec Installation ......................................................................762

7.6. IPsec Host-to-Host Configuration ..............................................763
7.7. IPsec Network-to-Network Configuration ....................................771
7.8. Starting and Stopping an IPsec Connection ...............................778
8. Firewalls .............................................................................................779
8.1. Netfilter and IPTables ...............................................................780
8.2. Basic Firewall Configuration ......................................................781
8.3. Using IPTables ........................................................................785
8.4. Common IPTables Filtering .......................................................787
8.5. FORWARD and NAT Rules ...........................................................788
8.6. Malicious Software and Spoofed IP Addresses ...........................791
8.7. IPTables and Connection Tracking ............................................792
8.8. IPv6 ........................................................................................793
8.9. Additional Resources ................................................................793
9. IPTables .............................................................................................794
9.1. Packet Filtering ........................................................................795
9.2. Differences Between IPTables and IPChains .............................796
9.3. Command Options for IPTables ................................................797
9.4. Saving IPTables Rules .............................................................807
9.5. IPTables Control Scripts ...........................................................808
9.6. IPTables and IPv6 ....................................................................811
9.7. Additional Resources ................................................................811
44. Security and SELinux ................................................................................813
1. Access Control Mechanisms (ACMs) ....................................................813
1.1. Discretionary Access Control (DAC) ..........................................813
xix


Red Hat Enterprise Linux

1.2. Access Control Lists (ACLs) ......................................................813

1.3. Mandatory Access Control (MAC) .............................................813
1.4. Role-based Access Control (RBAC) ..........................................813
1.5. Multi-Level Security (MLS) ........................................................814
1.6. Multi-Category Security (MCS) ..................................................814
2. Introduction to SELinux .......................................................................814
2.1. SELinux Overview ....................................................................814
2.2. Files Related to SELinux ...........................................................815
2.3. Additional Resources ................................................................820
3. Brief Background and History of SELinux .............................................820
4. Multi-Category Security (MCS) .............................................................821
4.1. Introduction ..............................................................................821
4.2. Applications for Multi-Category Security .....................................821
4.3. SELinux Security Contexts ........................................................822
5. Getting Started with Multi-Category Security (MCS) ..............................822
5.1. Introduction ..............................................................................823
5.2. Comparing SELinux and Standard Linux User Identities .............823
5.3. Configuring Categories .............................................................824
5.4. Assigning Categories to Users ..................................................826
5.5. Assigning Categories to Files ....................................................827
6. Multi-Level Security (MLS) ...................................................................828
6.1. Why Multi-Level? ......................................................................829
6.2. Security Levels, Objects and Subjects .......................................830
6.3. MLS Policy ..............................................................................831
6.4. LSPP Certification ....................................................................832
7. SELinux Policy Overview .....................................................................832
7.1. What is the SELinux Policy? .....................................................832
7.2. Where is the Policy? .................................................................834
7.3. The Role of Policy in the Boot Process ......................................835
7.4. Object Classes and Permissions ...............................................837
8. Targeted Policy Overview ....................................................................837

8.1. What is the Targeted Policy? ....................................................837
8.2. Files and Directories of the Targeted Policy ...............................838
8.3. Understanding the Users and Roles in the Targeted Policy .........838
45. Working With SELinux ...............................................................................841
1. End User Control of SELinux ...............................................................841
1.1. Moving and Copying Files .........................................................841
1.2. Checking the Security Context of a Process, User, or File Object 842
1.3. Relabeling a File or Directory ....................................................844
1.4. Creating Archives That Retain Security Contexts ........................847
2. Administrator Control of SELinux ..........................................................849
2.1. Viewing the Status of SELinux ..................................................849
2.2. Relabeling a File System ..........................................................850
2.3. Managing NFS Home Directories ..............................................851
2.4. Granting Access to a Directory or a Tree ...................................852
2.5. Backing Up and Restoring the System .......................................852
2.6. Enabling or Disabling Enforcement ............................................853
xx


2.7. Enable or Disable SELinux .......................................................856
2.8. Changing the Policy .................................................................857
2.9. Specifying the Security Context of Entire File Systems ...............858
2.10. Changing the Security Category of a File or User .....................859
2.11. Running a Command in a Specific Security Context .................859
2.12. Useful Commands for Scripts ..................................................859
2.13. Changing to a Different Role ...................................................860
2.14. When to Reboot .....................................................................861
3. Analyst Control of SELinux ..................................................................861
3.1. Enabling Kernel Auditing ...........................................................861
3.2. Dumping and Viewing Logs .......................................................862

46. Customizing SELinux Policy .......................................................................863
1. Introduction ........................................................................................863
1.1. Modular Policy .........................................................................863
2. Building a Local Policy Module .............................................................864
2.1. Using audit2allow to Build a Local Policy Module ........................864
2.2. Analyzing the Type Enforcement (TE) File .................................864
2.3. Loading the Policy Package ......................................................865
47. References ...............................................................................................867
VIII. Red Hat Training And Certification ....................................................................869
48. Red Hat Training and Certification ..............................................................871
1. Three Ways to Train ............................................................................871
2. Microsoft Certified Professional Resource Center ..................................871
49. Certification Tracks ...................................................................................873
1. Free Pre-assessment tests ..................................................................873
50. RH033: Red Hat Linux Essentials ...............................................................875
1. Course Description ..............................................................................875
1.1. Prerequisites ............................................................................875
1.2. Goal ........................................................................................875
1.3. Audience .................................................................................875
1.4. Course Objectives ....................................................................875
1.5. Follow-on Courses ...................................................................876
51. RH035: Red Hat Linux Essentials for Windows Professionals ......................877
1. Course Description ..............................................................................877
1.1. Prerequisites ............................................................................877
1.2. Goal ........................................................................................877
1.3. Audience .................................................................................877
1.4. Course Objectives ....................................................................877
1.5. Follow-on Courses ...................................................................878
52. RH133: Red Hat Linux System Administration and Red Hat Certified Technician
(RHCT) Certification ........................................................................................879

1. Course Description ..............................................................................879
1.1. Prerequisites ............................................................................879
1.2. Goal ........................................................................................879
1.3. Audience .................................................................................879
1.4. Course Objectives ....................................................................879
1.5. Follow-on Courses ...................................................................880
xxi


Red Hat Enterprise Linux

53. RH202 RHCT EXAM - The fastest growing credential in all of Linux. ............881
1. Course Description ..............................................................................881
1.1. Prerequisites ............................................................................881
54. RH253 Red Hat Linux Networking and Security Administration .....................883
1. Course Description ..............................................................................883
1.1. Prerequisites ............................................................................883
1.2. Goal ........................................................................................883
1.3. Audience .................................................................................883
1.4. Course Objectives ....................................................................883
1.5. Follow-on Courses ...................................................................884
55. RH300: RHCE Rapid track course (and RHCE exam) .................................885
1. Course Description ..............................................................................885
1.1. Prerequisites ............................................................................885
1.2. Goal ........................................................................................885
1.3. Audience .................................................................................885
1.4. Course Objectives ....................................................................885
1.5. Follow-on Courses ...................................................................886
56. RH302 RHCE EXAM .................................................................................887
1. Course Description ..............................................................................887

1.1. Prerequisites ............................................................................887
1.2. Content ...................................................................................887
57. RHS333: RED HAT enterprise security: network services ............................889
1. Course Description ..............................................................................889
1.1. Prerequisites ............................................................................889
1.2. Goal ........................................................................................889
1.3. Audience .................................................................................889
1.4. Course Objectives ....................................................................889
1.5. Follow-on Courses ...................................................................890
58. RH401: Red Hat Enterprise Deployment and systems management .............891
1. Course Description ..............................................................................891
1.1. Prerequisites ............................................................................891
1.2. Goal ........................................................................................891
1.3. Audience .................................................................................891
1.4. Course Objectives ....................................................................891
1.5. Follow-on Courses ...................................................................892
59. RH423: Red Hat Enterprise Directory services and authentication ................893
1. Course Description ..............................................................................893
1.1. Prerequisites ............................................................................893
1.2. Goal ........................................................................................893
1.3. Audience .................................................................................893
1.4. Course Objectives ....................................................................893
1.5. Follow-on Courses ...................................................................894
60. SE Linux Courses .....................................................................................895
1. RHS427: Introduction to SELinux and Red Hat Targeted Policy .............895
1.1. Audience .................................................................................895
1.2. Course Summary .....................................................................895
2. RHS429: Red Hat Enterprise SE Linux Policy Administration .................895
xxii



61. RH436: Red Hat Enterprise storage management .......................................897
1. Course Description ..............................................................................897
1.1. Prerequisites ............................................................................897
1.2. Goal ........................................................................................897
1.3. Audience .................................................................................897
1.4. Course Objectives ....................................................................897
1.5. Follow-on Courses ...................................................................898
62. RH442: Red Hat Enterprise system monitoring and performance tuning .......899
1. Course Description ..............................................................................899
1.1. Prerequisites ............................................................................899
1.2. Goal ........................................................................................899
1.3. Audience .................................................................................899
1.4. Course Objectives ....................................................................899
1.5. Follow-on Courses ...................................................................900
63. Red Hat Enterprise Linux Developer Courses .............................................901
1. RHD143: Red Hat Linux Programming Essentials .................................901
2. RHD221 Red Hat Linux Device Drivers ................................................901
3. RHD236 Red Hat Linux Kernel Internals ...............................................901
4. RHD256 Red Hat Linux Application Development and Porting ...............901
64. JBoss Courses ..........................................................................................903
1. RHD161 JBoss and EJB3 for Java .......................................................903
1.1. Prerequisites ............................................................................903
2. RHD163 JBoss for Web Developers .....................................................903
2.1. Prerequisites ............................................................................903
3. RHD167: JBOSS - HIBERNATE ESSENTIALS .....................................904
3.1. Prerequisites ............................................................................904
3.2. Course Summary .....................................................................904
4. RHD267: JBOSS - ADVANCED HIBERNATE .......................................905
4.1. Prerequisites ............................................................................905

5. RHD261:JBOSS for advanced J2EE developers ...................................905
5.1. Prerequisites ............................................................................906
6. RH336: JBOSS for Administrators ........................................................906
6.1. Prerequisites ............................................................................906
6.2. Course Summary .....................................................................907
7. RHD439: JBoss Clustering ..................................................................907
7.1. Prerequisites ............................................................................907
8. RHD449: JBoss jBPM .........................................................................908
8.1. Description ..............................................................................908
8.2. Prerequisites ............................................................................908
9. RHD451 JBoss Rules ..........................................................................908
9.1. Prerequisites ............................................................................908

xxiii


xxiv


Introduction
Welcome to the Red Hat Enterprise Linux Deployment Guide.
The Red Hat Enterprise Linux Deployment Guide contains information on how to customize
your Red Hat Enterprise Linux system to fit your needs. If you are looking for a comprehensive,
task-oriented guide for configuring and customizing your system, this is the manual for you.
This manual discusses many intermediate topics such as the following:

• Setting up a network interface card (NIC)
• Configuring a Virtual Private Network (VPN)
• Configuring Samba shares
• Managing your software with RPM

• Determining information about your system
• Upgrading your kernel
This manual is divided into the following main categories:
• File systems
• Package management
• Network-related configuration
• System configuration
• System monitoring
• Kernel and Driver Configuration
• Security and Authentication
• Red Hat Training and Certification
This guide assumes you have a basic understanding of your Red Hat Enterprise Linux system.
If you need help installing Red Hat Enterprise Linux, refer to the Red Hat Enterprise Linux
Installation Guide.

1. Document Conventions
In this manual, certain words are represented in different fonts, typefaces, sizes, and weights.
This highlighting is systematic; different words are represented in the same style to indicate their
inclusion in a specific category. The types of words that are represented this way include the

xxv