Page 1 Red Hat Linux 7.2 The Official Red Hat Linux Customization Guide...
Page 2 ISBN: N/A Red Hat, Inc. 2600 Meridian Parkway Durham, NC 27713 USA +1 919 547 0012 (Voice) +1 919 547 0024 (FAX) 888 733 4281 (Voice) P.O. Box 13588 Research Triangle Park, NC 27709 USA © 2001 Red Hat, Inc. rhl-cg(EN)-7.2-Print-RHI (2001-08-30T14:29-0400) Copyright ©...
Page 3 This manual is dedicated to Carole Williams, a valuable contributor to the Red Hat documentation team. Carole, we wish you all the best in your future endeavors. We miss your wisdom, superior editing skills, ability to write humor into just about any topic, and jokes that made each day a joy to work with you.
Page 4: Table Of Contents
Contents Red Hat Linux 7.2 Introduction .................. . xi Document Conventions..............xi More to Come .
Page 5 What is Rescue Mode? ............65 Chapter 4 Redundant Array of Independent Disks (RAID) . 71 What is RAID? ..............71 Who Should Use RAID? .
Page 6 Chapter 9 OpenSSH ..............101 Why Use OpenSSH?............. 101 Configuring an OpenSSH Server .
Page 7 14.3 Virtual Hosts Settings ............145 14.4 Server Settings ..............150 14.5 Performance Tuning .
Page 8 17.7 The floppy Group ..............186 Chapter 18 Time and Date Configuration ....... . 187 18.1 Time and Date Properties ..
Page 9 Chapter 22 Automated Tasks ........... . 227 22.1 Cron................227 22.2 Configuring a Cron Task .
Page 10 Chapter 27 Red Hat Network ............ . 279 Part V Appendixes ............... 281 Appendix A Building a Custom Kernel .
Page 11: Red Hat Linux
Started Guide. If you need more advanced documentation, please refer to the Official Red Hat Linux Reference Guide. HTML and PDF versions of all the Official Red Hat Linux manuals are available online at http://www.redhat.com/support/manuals/. Document Conventions When you read this manual, you will see that certain words are represented in different fonts, type- faces, sizes and weights.
Page 12 Introduction Linux commands (and other operating system commands, when used) are represented this way. This style should indicate to you that you can type in the word or phrase on the command line and press to invoke a command. Sometimes a command contains words that would be [Enter] displayed in a different style on their own (e.g., filenames).
Page 13: Document Conventions
Section 0.1:Document Conventions xiii Select the checkbox if you would like your screensaver to require a password Require Password before stopping. top level of a menu on a GUI screen or window When you see a word in this style, it indicates that the word is the top level of a pulldown menu. If you click on the word on the GUI screen, the rest of the menu should appear.
Page 14 Introduction Text that the user has to type, either on the command line, or into a text box on a GUI screen, is displayed in this style. In the following example, text is displayed in this style: To boot your system into the text based installation program, you will need to type in the text command at the boot: prompt.
Page 15: More To Come
Official Red Hat support — Get help with your installation questions from Red Hat, Inc.’s support team. • Red Hat Network — Easily update your packages and receive security notices that are customized for your system. Go to http://rhn.redhat.com for more details.
Page 16 Under the Brim: The Official Red Hat E-Newsletter — Every month, get the latest news and product information directly from Red Hat. To sign up, go to http://www.redhat.com/apps/activate/. You will find your Product ID on a black, red, and white card in your Official Red Hat Linux box.
Page 17: Part I Installation-Related Reference
Part I Installation-Related Reference...
Page 19: Chapter 1 Kickstart Installations
Section 1.2:How Do You Perform a Kickstart Installation? 1 Kickstart Installations 1.1 What are Kickstart Installations? Many system administrators would prefer to use an automated installation method to install Red Hat Linux on their machines. To answer this need, Red Hat created the kickstart installation method. Using kickstart, a system administrator can create a single file containing the answers to all the questions that would normally be asked during a typical Red Hat Linux installation.
Page 20 Linux: filename "/usr/new-machine/kickstart/" ; next-server blarg.redhat.com; Note that you should replace the value after filename with the name of the kickstart file (or the directory in which the kickstart file resides) and the value after next-server with the NFS server...
Page 21: Starting A Kickstart Installation
Section 1.3:Starting a Kickstart Installation If the filename returned by the BOOTP/DHCP server ends with a slash ("/"), then it is interpreted as a path only. In this case, the client system mounts that path using NFS, and searches for a particular file.
Page 22 Chapter 1:Kickstart Installations The installation program will look for the kickstart file on the HTTP server <server>:, as file <path>. The installation program will use DHCP to configure the Ethernet card. For example, if your HTTP server is server.example.com and the kickstart file is in the HTTP directory /my- dir/ks.cfg, the correct boot command would be ks=http:server.example.com:/my- dir/ks.cfg.
Page 23: The Kickstart File
Section 1.4:The Kickstart File system through the eth1 device, use the command ks=nfs: <server:> / <path> ksde- vice=eth1 at the boot: prompt. 1.4 The Kickstart File Now that you have some background information on kickstart installations, let’s take a look at the kickstart file itself.
Page 24: Kickstart Options
Chapter 1:Kickstart Installations If any other items are specified for an upgrade, those items will be ignored (note that this includes package selection). 1.5 Kickstart Options The following options can be placed in a kickstart file. If you prefer to use a graphical interface for creating your kickstart file, you can use the Kickstart Configurator application.
Page 25 Section 1.5:Kickstart Options To use this option, you must have the nss_ldap package installed. You must also spec- ify a server and a base DN. --enableldapauth Use LDAP as an authentication method. This enables the pam_ldap module for authen- tication and changing passwords, using an LDAP directory. To use this option, you must have the nss_ldap package installed.
Page 26 Chapter 1:Kickstart Installations Enable Hesiod support for looking up user home directories, UIDs, and shells. More information on setting up and using Hesiod on your network is in which is included in /usr/share/doc/glibc-2.x.x/README.hesiod, the glibc package. Hesiod is an extension of DNS that uses DNS records to store information about users, groups, and various other items.
Page 27 Section 1.5:Kickstart Options --smbservers= The name of the server(s) to use for SMB authentication. To specify more than one server, separate the names with commas (,). --smbworkgroup= The name of the workgroup for the SMB servers. --enablecache Enables the nscd service. The nscd service caches information about users, groups, and various other types of information.
Page 28 Chapter 1:Kickstart Installations If using LILO, use the linear LILO option; this is only for backwards compatibility (and linear is now used by default). --nolinear If using LILO, use the nolinear LILO option; linear is the default. --lba32 If using LILO, force use of lba32 mode instead of autodetecting. 1.5.4 clearpart —...
Page 29 Section 1.5:Kickstart Options <type> should be one of "scsi" or "eth", and <moduleName> is the name of the kernel module which should be installed. --opts Options to pass to the kernel module. Note that multiple options may be passed if they are put in quotes.
Page 30 Chapter 1:Kickstart Installations • --high • --medium • --disabled --trust <device> Listing a device here, such as eth0, allows all traffic coming from that device to go through the firewall. To list more than one device, use --trust eth0 --trust eth1. Do NOT use a comma-separated format such as --trust eth0, eth1.
Page 31 Section 1.5:Kickstart Options • --server <server> Server from which to install (hostname or IP). • --dir <dir> Directory containing the Red Hat installation tree. For example: nfs --server <server> --dir <dir> cdrom Install from the first CD-ROM drive on the system. For example: cdrom harddrive...
Page 32 Chapter 1:Kickstart Installations program with the values from the kickstart file. Either accept the values by clicking Next change the values and click to continue. See also Section 1.5.1, autostep . Next 1.5.12 keyboard keyboard (required) Sets system keyboard type. Here’s the list of available keyboards on i386 and Alpha machines: ANSI-dvorak, azerty, be-latin1, be2-latin1, bg, br-abnt2, cf, croat, cz, cz-lat2, cz-lat2-prog, cz-us-qwertz, de, de-latin1, de-latin1-nodeadkeys, defkeymap, defkeymap_V1.0, dk, dk-latin1,...
Page 33 Section 1.5:Kickstart Options Sets the language(s) to install on the system. The same language codes used with lang can be used with langsupport. --default Sets the default language to use for any language-specific aspect of the installed system. An example to install English and French and use English as the default language: languagesupport --default en_US fr_FR 1.5.15 lilo lilo (replaced by bootloader)
Page 34 Chapter 1:Kickstart Installations 1.5.16 lilocheck lilocheck (optional) If lilocheck is present, the installation program checks for LILO on the MBR of the first hard drive, and reboots the system if it is found — in this case, no installation is performed. This can prevent kickstart from reinstalling an already installed system.
Page 35 Section 1.5:Kickstart Options Configures network information for the system. If the kickstart installation does not require networking (in other words, it is not installed over NFS, HTTP, or FTP), networking is not con- figured for the system. If the installation does require networking and network information is not provided in the kickstart file, the Red Hat Linux installation program assumes that the instal- lation should be done over eth0 via a dynamic IP address (BOOTP/DHCP), and configures the final, installed system to determine its IP address dynamically.
Page 36 Chapter 1:Kickstart Installations The DHCP method uses a DHCP server system to obtain its networking configuration. As you might guess, the BOOTP method is similar, requiring a BOOTP server to supply the networking configuration. The static method requires that you enter all the required networking information in the kickstart file.
Page 37 Section 1.5:Kickstart Options For example, /, /usr, /home swap The partition will be used as swap space. raid.<id> The partition will be used for software RAID (see the Section 1.5.20, raid below). --size <size> The minimum partition size in megabytes. Specify an integer value here such as 500. Do not append the number with MB.
Page 38 Chapter 1:Kickstart Installations <N> represents the number of bytes per inode on the filesystem when it is created. It must be given in decimal format. This option is useful for applications where you want to increase the number of inodes on the filesystem. --type= <X>...
Page 39 Section 1.5:Kickstart Options raid <mntpoint> --level <level> --device <mddevice><partitions*> The <mntpoint> is the location where the RAID filesystem is mounted. If it is /, the RAID level must be 1 unless a boot partition (/boot) is present. If a boot partition is present, the /boot partition must be level 1 and the root (/) partition can be any of the available types.
Page 40 Chapter 1:Kickstart Installations 1.5.21 reboot reboot (optional) Reboot after the installation is complete (no arguments). Normally, kickstart displays a message and waits for the user to press a key before rebooting. 1.5.22 rootpw rootpw (required) rootpw [--iscrypted] <password> Sets the system’s root password to the <password> argument. --iscrypted If this is present, the password argument is assumed to already be encrypted.
Page 41 Section 1.5:Kickstart Options 1.5.26 upgrade upgrade (optional) Tells the system to upgrade an existing system rather than install a fresh system. 1.5.27 xconfig xconfig (optional) Configures the X Window System. If this option is not given, the user will need to configure X manually during the installation, if X was installed;...
Page 42 Packages can be specified by component or by individual package name. The installation program defines several components that group together related packages. See the RedHat/base/comps file on any Red Hat Linux CD-ROM for a list of components. The components are defined by the lines that begin with a number followed by a space and then the component name.
Page 43 Section 1.5:Kickstart Options Lines beginning with ? Lines that begin with a ? are used by the installation program and should not be altered. Lines beginning with --hide If a package name begins with --hide, you only need to type in the package name, without the --hide.
Page 44 Chapter 1:Kickstart Installations command. Note that you can access the network in the %pre section; however, name service has not been configured at this point, so only IP addresses will work. Here’s an example %pre section: %pre # add comment to /etc/motd echo "Kickstart-installed Red Hat Linux ‘/bin/date‘"...
Page 45 Section 1.5:Kickstart Options # add another nameserver echo "nameserver 10.10.0.2" >> /etc/resolv.conf Note The post-install script is run in a chroot environment; therefore, performing tasks such as copying scripts or RPMs from the installation media will not work. --nochroot Allows you to specify commands that you would like to run outside of the chroot environment. The following example copies the file /etc/resolv.conf to the filesystem that was just installed.
Page 46 Chapter 1:Kickstart Installations...
Page 47: Chapter 2 Kickstart Configurator
Section 2.1:Basic Configuration 2 Kickstart Configurator Kickstart Configurator allows you to create a kickstart file using a graphical user interface, so that you do not have to remember the correct syntax of the file. After choosing the kickstart options, click the button, verify the options you have chosen, and save the kickstart file to a desired location.
Page 48 Chapter 2:Kickstart Configurator Choose the language to use during the installation from the menu. Choose the language to Language use after installation from the menu. Select the system keyboard type from the Language Support menu. Keyboard Choose the mouse for the system from the menu.
Page 49: Boot Loader Options
Section 2.2:Boot Loader Options 2.2 Boot Loader Options Figure 2–2 Boot Loader Options You have the option of installing GRUB or LILO as the boot loader. If you do not want to install a boot loader, uncheck the checkbutton. If you choose not to install a boot loader, Install Boot Loader make sure you create a boot disk or have another way to boot (such as a third-party boot loader) your Red Hat Linux system.
Page 50: Installation Method
IP address of the NFS server. For the NFS directory, enter the name of the NFS directory that contains the RedHat directory. For example, if your NFS server contains the di- rectory /mirrors/redhat/i386/RedHat, enter /mirrors/redhat/i386 for the NFS...
Page 51 IP address of the FTP server. For the FTP directory, enter the name of the FTP directory that contains the RedHat directory. For example, if your FTP server contains the directory /mir- rors/redhat/i386/RedHat, enter /mirrors/redhat/i386 for the FTP directory.
Page 52: Partition Information
Chapter 2:Kickstart Configurator 2.4 Partition Information Figure 2–4 Partition Information To clear the Master Boot Record, select beside the option on the top of the page. You can choose to keep the existing partitions, remove all the existing partitions, or remove all the existing Linux partitions by selecting , or , respectively, next to...
Page 53 Section 2.4:Partition Information • Use an existing partition. • Format the partition as the chosen filesystem type. Figure 2–5 Creating Partitions To edit an existing partition, select the partition from the list and click the button. The same Edit window that appears when you add a partition appears, except it contains the Partitions Options values for the selected partition.
Page 54: Network Configuration
Networking is only required if you choose a networking-type installation method (NFS or FTP). If you are unsure which to choose, choose . Networking can always be configured after installation with None Network Configurator (redhat-config-network). If you select , you must provide additional networking information in the table below the Static IP...
Page 55: Authentication
Section 2.6:Authentication 2.6 Authentication Figure 2–7 Authentication In the section, select whether to use shadow passwords and md5 encryption for user Authentication passwords. These options are highly recommended and chosen by default. page allows you to configure the following methods of authenti- Authentication Configuration cation: •...
Page 56: Firewall Configuration
Chapter 2:Kickstart Configurator 2.7 Firewall Configuration Figure 2–8 Firewall Configuration page is identical to the screen in the Red Hat Linux installation program Firewall Configuration and provides the same functionality. Choose between High Medium , and Disabled security levels. Refer to the Official Red Hat Linux Installation Guide for detailed information about these security levels.
Page 57 Section 2.8:X Configuration 2.8.1 General Figure 2–9 X Configuration - General The first step in configuring X is to choose the default color depth and resolution. Select them from their respective pulldown menus. Be sure to specify a color depth and resolution that is compatible with the video card and monitor for the system.
Page 58 Chapter 2:Kickstart Configurator 2.8.2 Video Card Select the video card from the list on the tab as shown in Figure 2–10, X Configuration - Video Card Video Card. Also select the amount of video RAM the selected video card has from the Video Card pulldown menu.
Page 59 Section 2.8:X Configuration Figure 2–11 X Configuration - Monitor...
Page 60: Package Selection
Chapter 2:Kickstart Configurator 2.9 Package Selection Figure 2–12 Package Selection page allows you to choose which package categories to install. Currently, Package Selection Kickstart Configurator does not allow you to select individual packages. To install individual pack- ages, modify the %packages section of the kickstart file after you save it.
Page 61: Pre-Installation Script
Section 2.10:Pre-Installation Script 2.10 Pre-Installation Script Figure 2–13 Pre-Installation Script You can add commands to run on the system immediately after the kickstart file has been parsed and before the installation begins. If you have configured the network in the kickstart file, the network is enabled before this section is processed.
Page 62: Post-Installation Script
Chapter 2:Kickstart Configurator 2.11 Post-Installation Script Figure 2–14 Post-Installation Script You can also add commands to execute on the system after the installation is completed. If you have properly configured the network in the kickstart file, the network is enabled. If you would like to include a post-installation script, type it in the text area.
Page 63 Section 2.11:Post-Installation Script 2.11.1 Chroot Environment If you want your post-installation script to run outside of the chroot environment, click the checkbut- ton next to this option on the top of the Post-Installation page. This is equivalent to the using the --nochroot option in the %post section.
Page 64: Saving The File
Chapter 2:Kickstart Configurator /usr/sbin/useradd bob /usr/bin/chfn -f "Bob Smith" bob /usr/sbin/usermod -p ’kjdf$04930FTH/ ’ bob 2.12 Saving the File After you have finished choosing your kickstart options, click the button. A dialog box Save File similar to Figure 2–15, Confirm Options will appear to allow you to review your choices before saving the file.
Page 65: Chapter 3 Rescue Mode
Section 3.1:What is Rescue Mode? 3 Rescue Mode When things go wrong, there are ways to fix problems. However, these methods require that you understand the system well. This chapter will describe the ways that you can boot into rescue mode and single user mode, where you can use your own knowledge to repair the system.
Page 66 Chapter 3:Rescue Mode 3.1.2 Hardware/Software Problems This category includes a wide variety of different situations. Two examples include failing hard drives and forgetting to run LILO after building a new kernel (if you are using LILO as your boot loader). In both of these situations, you may be unable to boot Red Hat Linux.
Page 67 Section 3.1:What is Rescue Mode? Once you have your system in rescue mode, a prompt appears on VC (virtual console) 1 and VC 2 (use the key combination to access VC 1 and key combination to access [Ctrl] [Alt] [F1] [Ctrl] [Alt] [F2]...
Page 68 Chapter 3:Rescue Mode mformat open umount gnome-pty-helper minfo pico uncpio grep mkdir ping uniq gunzip mke2fs probe zcat 3.1.4 Booting Single-User Mode Directly You may be able to boot single-user mode directly. If your system boots, but does not allow you to log in when it has completed booting, try single-user mode.
Page 69 Section 3.1:What is Rescue Mode? Replace the XX in /dev/hd XX with the appropriate letter and number for your root partition. What does this command do? First, it starts the boot process in single-user mode, with the root par- tition set to your root partition. The empty initrd specification bypasses the installation-related image on the boot disk, which will cause you to enter single-user mode immediately.
Page 70 Chapter 3:Rescue Mode...
Page 71: Chapter 4 Redundant Array Of Independent Disks (Raid)
Section 4.3:Hardware RAID versus Software RAID 4 Redundant Array of Independent Disks (RAID) 4.1 What is RAID? The basic idea behind RAID is to combine multiple small, inexpensive disk drives into an array to accomplish performance or redundancy goals not attainable with one large and expensive drive. This array of drives will appear to the computer as a single logical storage unit or drive.
Page 72: Raid Levels And Linear Support
Chapter 4:Redundant Array of Independent Disks (RAID) An example of a Hardware RAID device would be one that connects to a SCSI controller and presents the RAID arrays as a single SCSI drive. An external RAID system moves all RAID handling "intelli- gence"...
Page 73 Section 4.4:RAID Levels and Linear Support • Level 0 — RAID level 0, often called "striping," is a performance-oriented striped data mapping technique. This means the data being written to the array is broken down into strips and written across the member disks of the array, allowing high I/O performance at low inherent cost but provides no redundancy.
Page 74 Chapter 4:Redundant Array of Independent Disks (RAID) the capacity of member disks, minus the capacity of one member disk. The storage capacity of Software RAID level 5 is equal to the capacity of the member partitions, minus the size of one of the partitions if they are of equal size.
Page 75: Chapter 5 Software Raid Configuration
Software RAID Configuration 5 Software RAID Configuration Read Chapter 4, Redundant Array of Independent Disks (RAID) first to learn about RAID and the differences between Hardware and Software RAID and the differences between RAID 0, 1, and 5. Software RAID can be configured during the graphical installation of Red Hat Linux or during a kickstart installation.
Page 76 Chapter 5:Software RAID Configuration • , select the drive on which RAID will be created. If you have multiple drives, Allowable Drives all drives will be selected here and you must deselect those drives which will not have the RAID array on them.
Page 77 Software RAID Configuration Please Note If you are making a RAID partition of /boot, you must choose RAID level 1 and it must use one of the first two drives (IDE first, SCSI second). If you are not creating a RAID partition of /boot, and you are making a RAID partition of /, it must be RAID level 1 and it must use one of the first two drives (IDE first, SCSI second).
Page 78 Chapter 5:Software RAID Configuration Figure 5–3 Creating a RAID Array...
Page 79: Part Ii Network-Related References
Part II Network-Related References...
Page 81: Chapter 6 Network Configuration
Section 6.1:Adding Network Hardware 6 Network Configuration Red Hat Linux no longer includes the application netcfg to configure your network devices. The Red Hat Network Administration Tool has replaced netcfg and can be used to configure the different types of network devices: Ethernet, Modem, ISDN, xDSL, CIPE, and Wireless. You can also configure a modem, ISDN, or an xDSL connection with internet-druid.
Page 82 Chapter 6:Network Configuration Figure 6–1 Network Hardware Configuration 6.1.1 Ethernet You can configure the type of adapter (manufacturer and model) and kernel device name for an Eth- ernet device. The type of adapter you select determines which kernel module (driver) is loaded for the network interface card.
Page 83: Adding A Device
Section 6.2:Adding a Device 6.1.4 Token Ring For a token ring device, you can select the type of adapter according to the manufacturer and model of the device. The type of adapter determines which kernel modules (driver) is loaded for the device. You can also configure the kernel device name (/dev/tr0, /dev/tr1, and so on) and the device’s system resources such as IRQ.
Page 84 Chapter 6:Network Configuration Figure 6–2 Adding an Ethernet Device 6.2.2 Modem Click the tab to enter the phone number, login, and password for your dial-up account. Use Provider Compression tab to enable different forms of compression. The Options tab allows you to con- figure PPP options, and the Advanced tab provides pulldown menus to customize the hangup timeout...
Page 85: Managing Dns Settings
Section 6.3:Managing DNS Settings obtain an IP address via DHCP. Consult your Internet provider for details. After configuring the Eth- ernet device, add an xDSL device. From the tab, select the appropriate Ethernet device to Provider use to establish your connection. 6.2.5 CIPE CIPE stands for Crypto IP Encapsulation.
Page 86 Chapter 6:Network Configuration To change lookup order, edit the /etc/host.conf file. The line order hosts, bind specifies that the /etc/hosts takes precedence over the name servers. Changing the line to order bind, hosts configures your system to resolve hostnames and IP addresses using the name servers first.
Page 87: Chapter 7 Basic Firewall Configuration
Basic Firewall Configuration 7 Basic Firewall Configuration During the Red Hat Linux installation, you are given the option to choose high, medium or no security level as well as allow specific devices, incoming services, and ports. These levels are based on the GNOME Lokkit firewall configuration application.
Page 88: Basic
Chapter 7:Basic Firewall Configuration 7.1 Basic Figure 7–1 Basic After starting the program, choose the appropriate security level for your system: • — This option disables almost all network connects except DNS replies and DHCP High Security so that network interfaces can be activated. IRC, ICQ, and other instant messaging services as well as RealAudio™...
Page 89: Local Hosts
Section 7.3:DHCP 7.2 Local Hosts If there are Ethernet devices on the system, the Local Hosts page allows you to configure whether the firewall rules apply to connection requests sent to each device. If the device connects the system to a local area network behind a firewall and does not connect directly to the Internet, select .
Page 90: Configuring Services
Chapter 7:Basic Firewall Configuration Figure 7–3 DHCP 7.4 Configuring Services GNOME Lokkit also allows you to turn common services on and off. If you answer to configuring services, you are prompted about the following services: • — Choose this option if you want people to connect to a Web server such as Apache Web Server running on your system.
Page 91: Activating The Firewall
Section 7.5:Activating the Firewall To disable other services that you do not need, you can use Serviceconf. See Section 8.3, Serviceconf . 7.5 Activating the Firewall Clicking on the page will write the firewall rules to /etc/syscon- Finish Activate the Firewall fig/ipchains and start the firewall by starting the ipchains service.
Page 92 Chapter 7:Basic Firewall Configuration...
Page 93: Chapter 8 Controlling Access To Services
Controlling Access to Services 8 Controlling Access to Services Maintaining security on your Red Hat Linux system is extremely important. One way to manage security on your system is to carefully manage access to system services. Your system may need to provide open access to particular services (for example, httpd if you are running a Web server).
Page 94: Runlevels
Chapter 8:Controlling Access to Services it will then configure a simple firewall for you. Refer to Chapter 7, Basic Firewall Configuration for more information. 8.1 Runlevels Before you can configure access to services, you must understand Linux runlevels. A runlevel is a state, or mode, that is defined by the services listed in the directory /etc/rc.d/rc <x>...
Page 95: Serviceconf
Section 8.3:Serviceconf file takes precedence over the hosts.deny file. Permissions to grant or deny access can be based on individual IP address (or hostnames) or on a pattern of clients. See the Official Red Hat Linux Reference Guide and the hosts_access man page for details. 8.2.1 xinetd To control access to Internet services, use xinetd, which is a secure replacement for inetd.
Page 96 Chapter 8:Controlling Access to Services Figure 8–1 Serviceconf Serviceconf displays the current runlevel as well as which runlevel you are currently editing. To edit a different runlevel, select from the pulldown menu and select runlevel 3, 4, or 5. Refer Edit Runlevel to Section 8.1, Runlevels for a description of runlevels.
Page 97: Ntsysv
Section 8.4:ntsysv WARNING When you save changes to xinetd services, xinetd is restarted. When you save changes to other services, the runlevel is reconfigured, but the changes do not take effect immediately. If you check or uncheck the value for a service in /etc/rc.d/init.d, the Start at Boot Save button will become active.
Page 98: Chkconfig
Chapter 8:Controlling Access to Services WARNING Changes do not take effect immediately after using ntsysv. You must stop or start the individual service with the command service dae- mon stop. In the previous example, replace daemon with the name of the service you want to stop;...
Page 99: Additional Resources
Section 8.6:Additional Resources WARNING Changes do not take effect immediately after using chkconfig. You must stop or start the individual service with the command service daemon stop. In the previous example, replace daemon with the name of the service you want to stop; for example, httpd. Replace stop with start or restart to start or restart the service.
Page 100 Chapter 8:Controlling Access to Services...
Page 101: Chapter 9 Openssh
Section 9.2:Configuring an OpenSSH Server 9 OpenSSH OpenSSH is a free, open source implementation of the SSH (Secure SHell) protocols. It replaces telnet, ftp, rlogin, rsh, and rcp with secure, encrypted network connectivity tools. OpenSSH supports versions 1.3, 1.5, and 2 of the SSH protocol. Since OpenSSH version 2.9, the default protocol in Red Hat Linux 7.2 is version 2, which uses RSA keys as the default.
Page 102: Configuring An Openssh Client
Chapter 9:OpenSSH 9.3 Configuring an OpenSSH Client To connect to an OpenSSH server from a client machine, you must have the openssh-clients and openssh packages installed on the client machine. 9.3.1 Using the ssh Command The ssh command is a secure replacement for the rlogin, rsh, and telnet commands. It allows you to log in to and execute commands on a remote machine.
Page 103 Section 9.3:Configuring an OpenSSH Client 9.3.2 Using the scp Command The scp command can be used to transfer files between machines over a secure, encrypted connection. It is similar to rcp. The general syntax to transfer a local file to a remote system is scp localfile username@to- hostname:/newfilename .
Page 104 Chapter 9:OpenSSH Separate Authorization Key Pairs You must have separate authorization key pairs for SSH Protocol 1 (RSA) and SSH Protocol 2 (DSA). WARNING Keys must be generated for each user. To generate keys for a user, follow the following steps as the user who wants to connect to remote machines. If you complete the following steps as root, only root will be able to use the keys.
Page 105 Section 9.3:Configuring an OpenSSH Client If you are running GNOME, skip to Configuring ssh-agent with GNOME in Section 9.3.4. If you are not running the X Window System, skip to Configuring ssh-agent in Section 9.3.4. Generating an RSA Key Pair for Version 2 Use the following steps to generate a RSA key pair for version 2 of the SSH protocol.
Page 106 Chapter 9:OpenSSH Copy the contents of ~/.ssh/identity.pub to the file ~/.ssh/authorized_keys on the machine to which you wish to connect. If the file ~/.ssh/authorized_keys doesn’t ex- ist, you can copy the file ~/.ssh/identity.pub to the file ~/.ssh/authorized_keys on the remote machine. If you are running GNOME, skip to Configuring ssh-agent with GNOME in Section 9.3.4.
Page 107: Additional Resources
Section 9.4:Additional Resources Log out and then log back into GNOME; in other words, restart X. After GNOME is started, a dialog box will appear prompting you for your passphrase(s). Enter the passphrase requested. If you have both DSA and RSA key pairs configured, you will be prompted for both. From this point on, you should not be prompted for a password by ssh, scp, or sftp.
Page 108 Chapter 9:OpenSSH 9.4.2 Useful Websites • http://www.openssh.com — The OpenSSH FAQ page, bug reports, mailing lists, project goals, and a more technical explanation of the security features. • http://www.openssl.org — The OpenSSL FAQ page, mailing lists, and a description of the project goal.
Page 109: Chapter 10 Network File System (Nfs)
Section 10.2:Mounting NFS Filesystems 10 Network File System (NFS) Network File System (NFS) is a way to share files between machines on a network as if the files were located on your local hard drive. Red Hat Linux can be both an NFS server and an NFS client, which means that it can export filesystems to other systems, and mount filesystems exported from other machines.
Page 110 Chapter 10:Network File System (NFS) server:/usr/local/pub /pub rsize=8192,wsize=8192,timeo=14,intr The mount point /pub must exist on your machine. After adding this line to /etc/fstab, you can type the command mount /pub at a shell prompt, and the mount point /pub will be mounted from the server.
Page 111: Exporting Nfs Filesystems
( options ) The ( options ) are not required. For example: /mnt/export speedy.redhat.com would allow users from speedy.redhat.com to mount /mnt/export with the default read- only permissions, but: /mnt/export speedy.redhat.com(rw) would allow users from speedy.redhat.com to mount /mnt/export with read-write priv- iledges.
Page 112: Additional Resources
Chapter 10:Network File System (NFS) Refer to the Official Red Hat Linux Reference Guide for a list of options that can be specified in the /etc/exports file. Each time you change /etc/exports, you must tell the NFS daemons to examine it for new infor- mation, or reload the configuration file: /sbin/service nfs reload 10.3.1 Starting and Stopping the Server...
Page 113 Section 10.4:Additional Resources • Managing NFS and NIS Services by Hal Stern; O’Reilly & Associates, Inc.
Page 114 Chapter 10:Network File System (NFS)
Page 115: Chapter 11 Samba
Section 11.2:Configuring Samba 11 Samba Samba uses the SMB protocol to share files and printers across a network connection. Operating systems that support this protocol include Microsoft Windows (through its Network Neighborhood), OS/2, and Linux. 11.1 Why Use Samba? Samba is useful if you have a network of both Windows and Linux machines. Samba will allow files and printers to be shared by all the systems in your network.
Page 116: Connecting To A Samba Share
Chapter 11:Samba printable = no create mask = 0765 The above example allows the users tfox and carole to read and write to the directory /home/share, on the Samba server, from a Samba client. 11.3 Connecting to a Samba Share To connect to a Linux Samba share from a Microsoft Windows machine, use Network Neighborhood or Windows Explorer.
Page 117: Using Samba With Windows Nt 4.0 And Windows 2000
Section 11.4:Using Samba with Windows NT 4.0 and Windows 2000 Figure 11–1 SMB Browser in Nautilus If the SMB share you are connecting to requires a user name and password combination, you must specify them in the bar using the following syntax (replace user, password, servername, Location: and sharename with the appropriate values: smb:// user : password @ servername/sharename/...
Page 118: Additional Resources
Chapter 11:Samba cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba pack- age. Use the command chmod 600 /etc/samba/smbpasswd to change permissions on the Samba password file so that only root has read and write permissions. The script does not copy user passwords to the new file.
Page 119 Section 11.5:Additional Resources • /usr/share/doc/samba- version-number /docs/ — HTML and text help files in- cluded with the samba package 11.5.2 Useful Websites • http://www.samba.org — The Samba Web page contains useful documentation, information about mailing lists, and a list of GUI interfaces.
Page 120 Chapter 11:Samba...
Page 121: Chapter 12 Dynamic Host Configuration Protocol (Dhcp)
Section 12.2:Configuring a DHCP Server 12 Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is network protocol for automatically assigning TCP/IP information to client machines. Each DHCP client connect to the centrally-located DHCP server that returns the client’s network configuration including IP address, gateway, and DNS servers. 12.1 Why Use DHCP? DHCP is useful for fast delivery of client network configuration.
Page 122 Chapter 12:Dynamic Host Configuration Protocol (DHCP) • Parameters — state how to perform a task, whether to perform a task, or what network configu- ration options to sent to the client. • Declarations — describe the topology of the network, describe the clients, provide addresses for the clients, or apply a group of parameters to a group of declarations.
Page 123 Figure 12–2 Example of a shared-network declaration shared-network name { option domain-name "test.redhat.com"; option domain-name-servers ns1.redhat.com, ns2.redhat.com; option routers 192.168.1.254; more parameters for EXAMPLE shared-network subnet 192.168.1.0 netmask 255.255.255.0 { parameters for subnet range 192.168.1.1 192.168.1.31;...
Page 124 Chapter 12:Dynamic Host Configuration Protocol (DHCP) hardware ethernet 00:A1:DD:74:C3:F2; fixed-address 192.168.1.6; To configure a DHCP server that leases dynamic IP address to system within a subnet, modify Figure 12–4, Example of the range parameter with your values. It declares a default lease time, maximum lease time, and network configuration values for the clients.
Page 125 Section 12.2:Configuring a DHCP Server You can use the sample configuration file in Red Hat Linux 7.2 as a starting point and then add your own custom configuration options to it. Copy it to its proper location with the command /usr/share/doc/dhcp- <version-number>...
Page 126 Chapter 12:Dynamic Host Configuration Protocol (DHCP) 12.2.3 Starting and Stopping the Server Important Before you start the DHCP server for the first time, it will fail unless there is an existing dhcpd.leases file. Use the command touch /var/lib/dhcp/dhcpd.leases to create the file before starting the service for the first time (and the first time only).
Page 127: Configuring A Dhcp Client
Be sure to check the Red Hat Linux Hardware Compatibility List available at http://hardware.redhat.com. If the network card is not configured by the installation program or Kudzu and you know which kernel module to load for it, refer to Chapter 24, Kernel Modules for details on loading kernel modules.
Page 128: Additional Resources
Chapter 12:Dynamic Host Configuration Protocol (DHCP) The /etc/sysconfig/network-scripts/ifcfg-eth0 file should contain the following lines: DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes You need a configuration file for each device that you want to configure to use DHCP. If you prefer a graphical interface for configuring a DHCP client, refer to Chapter 6, Network Config- uration for details on using Network Configurator to configure a network interface to use DHCP.
Page 129: Chapter 13 Kerberos
Section 13.1:Configuring a Kerberos 5 Server 13 Kerberos Kerberos is a network authentication protocol created by MIT. It uses key cryptography instead of plain-text passwords. Kerberos offers a layer of system security and makes it harder for an unautho- rized user to intercept users’ passwords. For more information on how Kerberos works, refer to the Official Red Hat Linux Reference Guide.
Page 130 Chapter 13:Kerberos /usr/kerberos/sbin/kdb5_util create -s The create command creates the database that will be used to store keys for your Kerberos realm. The -s switch forces creation of a stash file in which the master server key is stored. If no stash file is present from which to read the key, the Kerberos server (krb5kdc) will prompt the user for the master server password (which can be used to regenerate the key) every time it is started.
Page 131: Configuring A Kerberos 5 Client
Section 13.2:Configuring a Kerberos 5 Client Add principals for your users using the addprinc command with kadmin or using the Prin- => menu option in gkadmin. kadmin (and kadmin.local on the master KDC) cipal is a command line interface to the Kerberos administration system. As such, many commands are available after launching the kadmin program.
Page 132: Additional Resources
Chapter 13:Kerberos again, and you probably don’t want to bother with coming up with a good password, you can use the -randkey option to kadmin’s addprinc command to create the principal and assign it a random key: addprinc -randkey host/ blah.example.com Now that you have created the principal, you can extract the keys for the workstation by running kadmin on the workstation itself, and using the ktadd command within kadmin: ktadd -k /etc/krb5.keytab host/ blah.example.com...
Page 133 Section 13.3:Additional Resources 13.3.2 Useful Websites • http://web.mit.edu/kerberos/www — Kerberos: The Network Authentication Protocol webpage from MIT. • http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html — The Kerberos Frequently Asked Questions (FAQ). • ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS — The PostScript version of Kerberos: An Authentication Service for Open Network Systems by Jennifer G. Steiner, Clifford Neuman, and Jeffrey I.
Page 134 Chapter 13:Kerberos...
Page 135: Chapter 14 Apache Configuration
Apache Configuration 14 Apache Configuration Apache Configuration Tool requires the X Window System and root access. To start Apache Con- figuration Tool, use one of the following methods: • On the GNOME desktop, go to the (on the Panel) => =>...
Page 136: Basic Settings
Chapter 14:Apache Configuration Copy all necessary files to the DocumentRoot and cgi-bin directories, and save your settings in the Apache Configuration Tool. 14.1 Basic Settings Use the tab to configure the basic server settings. Main Figure 14–1 Basic Settings Enter a fully qualified domain name that you have the right to use in the text area.
Page 137: Default Settings
Section 14.2:Default Settings Use the area to define the ports on which Apache will accept incoming re- Available Addresses quests. This option corresponds to the Listen directive in httpd.conf. By default, Red Hat con- figures Apache to listen to ports 80 and 8080 for non-secure Web communications. Click the button to define additional ports on which to accept requests.
Page 138 Chapter 14:Apache Configuration 14.2.1 Site Configuration The default values for the will work for most servers. Directory Page Search List Error Pages If you are unsure of these settings, do not modify them. Figure 14–3 Site Configuration The entries listed in the define the DirectoryIndex directive.
Page 139 Section 14.2:Default Settings in the field. Choose to redirect the client to an internal URL and enter a file under Location File the Document Root for the Web server. The location must begin the a slash (/) and be relative to the Document Root.
Page 140 Chapter 14:Apache Configuration Figure 14–4 Logging The transfer log contains a list of all attempts to access the Web server. It records the IP address of the client that is attempting to connect, the date and time of the attempt, and the file on the Web server that it is trying to retrieve.
Page 141 Section 14.2:Default Settings The value chosen with the menu defines the HostnameLookups directive. Reverse DNS Lookup Choosing sets the value to off. Choosing sets the value to on. No Reverse Lookup Reverse Lookup Choosing sets the value to double. Double Reverse Lookup If you choose , your server will automatically resolve the IP address for each con- Reverse Lookup...
Page 142 Chapter 14:Apache Configuration Figure 14–5 Environment Variables Use the section to set an environment variable that is passed to CGI scripts and Set for CGI Scripts SSI pages. For example, to set the environment variable MAXNUM to 50, click the button inside section as shown in Section 14.2.3, Environment Variables and type MAXNUM Set for CGI Script...
Page 143 Section 14.2:Default Settings Figure 14–6 Directories Click the button in the top right-hand corner to configure the for all Edit Default Directory Options directories that are not specified in the Directory list below it. The options that you choose are listed as the Options directive within the <Directory>...
Page 144 Chapter 14:Apache Configuration To specify options for specific directories, click the button beside the list box. The Directory window shown in Figure 14–7, Directory Settings appears. Enter the directory to configure in the text field at the bottom of the window. Select the options in the right-hand list, and configure Directory the Order directive with the left-hand side options.
Page 145: Virtual Hosts Settings
Section 14.3:Virtual Hosts Settings 14.3 Virtual Hosts Settings You can use Apache Configuration Tool to configure virtual hosts. Virtual hosts allow you to run dif- ferent servers for different IP addresses, different host names, or different ports on the same machine. For example, you can run the website for http://www.your_domain.com and http://www.your_sec- ond_domain.com on the same Apache server using virtual hosts.
Page 146 Chapter 14:Apache Configuration 14.3.1 Adding and Editing a Virtual Host To add a virtual host, click the tab and then click the button. The window as shown Virtual Hosts in Figure 14–9, Virtual Hosts Configuration appears. You can also edit a virtual host by selecting it in the list and clicking the Edit button.
Page 147 Section 14.3:Virtual Hosts Settings In the section, choose , or Host Information Default Virtual Host IP based Virtual Host Name based Virtual Host Default Virtual Host If you choose , Figure 14–10, Default Virtual Hosts appears. You should only Default Virtual Host configure one default virtual host.
Page 148 Chapter 14:Apache Configuration Figure 14–11 IP Based Virtual Hosts Name based Virtual Host If you choose Name based Virtual Host , Figure 14–12, Name Based Virtual Hosts appears to con- figure the NameVirtualHost Directive based on the host name of the server. Specify the IP address in IP address field.
Page 149 Section 14.3:Virtual Hosts Settings Figure 14–12 Name Based Virtual Hosts Note You can not use name based virtual hosts with SSL, because the SSL hand- shake (when the browser accepts the secure Web server’s certificate) occurs before the HTTP request which identifies the appropriate name based virtual host.
Page 150: Server Settings
Chapter 14:Apache Configuration tab, click the button, choose from the left-hand menu, and check the Virtual Hosts Edit Enable option as shown in Figure 14–13, SSL Support. The section is SSL Support SSL Configuration pre-configured with the dummy digital certificate. The digital certificate provides authentication for your secure Web server and identifies the secure server to client Web browsers.
Page 151 Section 14.4:Server Settings Figure 14–14 Server Configuration Lock File value corresponds to the LockFile directive. This directive sets the path to the lockfile used when Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. IT should be left to the default value unless the logs directory is located on an NFS share.
Page 152: Performance Tuning
Chapter 14:Apache Configuration The User should only have privileges so that it can access files which are supposed to be visible to the outside world. The User is also the owner of any CGI processes spawned by the server. The User should not be allowed to execute any code which is not intended to be in response to HTTP requests.
Page 153 Section 14.5:Performance Tuning Figure 14–15 Performance Tuning Max Number of Connections to the maximum number of simultaneous client requests that the server will handle. For each connection, a child httpd process is created. After this maximum num- ber of process is reached, no one else will be able to connect to the Web server until a child server process is freed.
Page 154: Saving Your Settings
Chapter 14:Apache Configuration If you uncheck the option, the KeepAlive directive is set to false. If Allow Persistent Connections you check it, the KeepAlive directive is set to true, and the KeepAliveTimeout directive is set to the number that is selected as the value.
Page 155: Additional Resources
— After starting the Apache server on your local system, you can view the Apache HTTP Server Version 1.3 User’s Guide using this URL. • http://www.redhat.com/support/docs/apache.html — Red Hat Support maintains a list of useful Apace Web Server links.
Page 156 Chapter 14:Apache Configuration • http://www.redhat.com/support/docs/faqs/RH-apache-FAQ/book1.html — The Red Hat Linux Apache Centralized Knowledgebase compiled by Red Hat. 14.7.3 Related Books • Apache: The Definitive Guide by Ben Laurie and Peter Laurie; O’Reilly & Associates, Inc.
Page 157: Chapter 15 Apache Secure Server Configuration
Section 15.2:An Overview of Security-Related Packages 15 Apache Secure Server Configuration 15.1 Introduction This chapter provides basic information on an Apache server with the mod_ssl security module enabled to use the OpenSSL library and toolkit. The combination of these three components, provided with Red Hat Linux, will be referred to in this chapter as the secure Web server or just as the secure server.
Page 158 Chapter 15:Apache Secure Server Configuration The mm package contains the MM library, which allows multiple instances of the httpd dae- mon to share state information. Additionally, other software packages included with Red Hat Linux can provide certain security func- tionalities (but are not required by the secure server to function): apache-devel The apache-devel package contains the Apache include files, header files and the APXS utility.
Page 159 Section 15.2:An Overview of Security-Related Packages For more information about OpenSSH, see Chapter 9, OpenSSH and the OpenSSH website at http://www.openssh.com. openssl-devel The openssl-devel package contains the static libraries and the include file needed to com- pile applications with support for various cryptographic algorithms and protocols. You need to install this package only if you are developing applications which include SSL support —...
Page 160: An Overview Of Certificates And Security
Chapter 15:Apache Secure Server Configuration Package Name Located in Group Optional? openssl-devel Development/Libraries stunnel Applications/Internet 15.3 An Overview of Certificates and Security Your secure Web server provides security using a combination of the Secure Sockets Layer (SSL) protocol and (in most cases) a digital certificate from a Certificate Authority (CA). SSL handles the encrypted communications and the mutual authentication between browsers and your secure Web server.
Page 161: Using Pre-Existing Keys And Certificates
Section 15.4:Using Pre-Existing Keys and Certificates 15.4 Using Pre-Existing Keys and Certificates If you already have an existing key and certificate (for example, if you are installing the secure Web server to replace another company’s secure Web server product), you will probably be able to use your existing key and certificate with the secure Web server.
Page 162: Types Of Certificates
Chapter 15:Apache Secure Server Configuration /sbin/service httpd start For a secure server, you will be prompted to enter your password. After you type it in and press [Enter] the server will start. You should not need to get a new certificate, if you are upgrading from a previous version of the secure Web server.
Page 163: Generating A Key
Section 15.6:Generating a Key Create a certificate request based on the public key. The certificate request contains information about your server and the company hosting it. Send the certificate request, along with documents proving your identity, to a CA. We cannot tell you which certificate authority to choose.
Page 164 Chapter 15:Apache Secure Server Configuration Note You will need to remember and enter this password every time you start your secure Web server, so do not forget it. You will be asked to re-type the password, to verify that it is correct. Once you have typed it in correctly, a file called server.key, containing your key, will be created.
Page 165: Generating A Certificate Request To Send To A Ca
Section 15.7:Generating a Certificate Request to Send to a CA The server.key file should be owned by the root user on your system and should not be accessible to any other user. Make a backup copy of this file and keep the backup copy in a safe, secure place. You need the backup copy because if you ever lose the server.key file after using it to create your certificate request, your certificate will no longer work and the CA will not be able to help you.
Page 166 Chapter 15:Apache Secure Server Configuration Common Name (your name or server’s hostname) []:test.example.com Email Address []:admin@example.com Please enter the following ’extra’ attributes to be sent with your certificate request A challenge password []: An optional company name []: The default answers appear in brackets [] immediately after each request for input. For example, the first information required is the name of the country where the certificate will be used, shown like the following: Country Name (2 letter code) [AU]:...
Page 167: Creating A Self-Signed Certificate
Section 15.8:Creating a Self-Signed Certificate After you have decided on a CA, follow the instructions they provide on their website. Their instruc- tions will tell you how to send your certificate request, any other documentation that they require, and your payment to them. After you have fulfilled the CA’s requirements, they will send a certificate to you (usually by email).
Page 168: Testing Your Certificate
Chapter 15:Apache Secure Server Configuration Common Name (your name or server’s hostname) []:myhost.example.com Email Address []:myemail@example.com After you provide the correct information, a self-signed certificate will be created and placed in /etc/httpd/conf/ssl.crt/server.crt. You will need to restart your secure server after generating the certificate with the command /sbin/service httpd restart 15.9 Testing Your Certificate...
Page 169: Accessing Your Secure Server
Section 15.10:Accessing Your Secure Server signed by a CA. If you are not using a certificate from a CA, follow the instructions provided by your browser to accept the certificate. You can just accept the defaults by clicking until the dialogs Next are finished.
Page 170: Additional Resources
Be sure to visit the Red Hat Support website at http://www.redhat.com/support to register for support. You may want to subscribe to the redhat-secure-server mailing list. You can subscribe to this mailing list at http://www.redhat.com/mailing-lists. You can also subscribe to the redhat-secure-server mailing list by emailing redhat-se- cure-server-request@redhat.com and include the word "subscribe"...
Page 171 Section 15.11:Additional Resources 15.11.2 Useful Websites • http://www.modssl.org — The mod_ssl website is the definitive source for information about mod_ssl. The website includes a wealth of documentation, including a User Manual at http://www.modssl.org/docs. 15.11.3 Related Books Apache: The Definitive Guide, 2nd edition, by Ben Laurie and Peter Laurie, O’Reilly & Associates, Inc.
Page 172 Chapter 15:Apache Secure Server Configuration...
Page 173: Chapter 16 Bind Configuration
BIND Configuration 16 BIND Configuration This chapter assumes that you have a basic understanding of BIND and DNS; it does not attempt to explain the concepts of BIND and DNS. This chapter does explain how to use BIND Configuration Tool (bindconf) to configure basic BIND server zones for BIND version 8. BIND Configura- tion Tool creates the /etc/named.conf configuration file and the zone configuration files in the /var/named directory each time you apply your changes.
Page 174: Adding A Forward Master Zone
Chapter 16:BIND Configuration Figure 16–1 bindconf BIND Configuration Tool configures the default zone directory to be /var/named. All zone files specified are relative to this directory. BIND Configuration Tool also includes basic syntax checking when values are entered. For example, if a valid entry is an IP address, you are only allowed to type numbers and the dot (.) character into the text area.
Page 175 Section 16.1:Adding a Forward Master Zone A new window as shown in Figure 16–2, Adding a Forward Master Zone will appear with the follow- ing options: • — Domain name that was just entered in the previous window. Name • —...
Page 176: Adding A Reverse Master Zone
Chapter 16:BIND Configuration The configuration shown in Figure 16–2, Adding a Forward Master Zone creates the following entry in /etc/named.conf: zone "forward.example.com" { type master; file "forward.example.com.zone"; It also creates the file /var/named/forward.example.com.zone with the following infor- mation: $TTL 86400 @ IN SOA @ root.localhost ( 1 ;...
Page 177 Section 16.2:Adding a Reverse Master Zone — Add, edit, and delete name servers for for the reverse master zone. At least Name Servers one name server is required. — List of IP addresses within the reverse master zone and their host- Reverse Address Table names.
Page 178: Adding A Slave Zone
Chapter 16:BIND Configuration 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttk @ IN NS ns.example.com. 1 IN PTR one.example.com. 2 IN PTR two.example.com. After configuring the Reverse Master Zone, click to return to the main window, as shown in Figure 16–1, bindconf .
Page 179 Section 16.3:Adding a Slave Zone zone "slave.example.com" { type slave; file "slave.example.com.zone"; masters { 1.2.3.4; The configuration file /var/named/slave.example.com.zone is created by the named ser- vice when it downloads the zone data from the master server(s). After configuring the slave zone, click to return to the main window as shown in Figure 16–1, bindconf .
Page 180 Chapter 16:BIND Configuration...
Page 181: Part Iii System Configuration
Part III System Configuration...
Page 183: Chapter 17 Console Access
Section 17.1:Disabling Shutdown Via Ctrl-Alt-Del 17 Console Access When normal (non-root) users log into a computer locally, they are given two types of special permis- sions: They can run certain programs that they would not otherwise be able to run They can access certain files (normally special device files used to access diskettes, CD-ROMs, and so on) that they would not otherwise be able to access Since there are multiple consoles on a single computer and multiple users can be logged into the com-...
Page 184: Disabling Console Program Access
Chapter 17:Console Access jack sophie According to this example shutdown.allow file, stephen, jack, and sophie are allowed to shut- down the system from the console using . When that key combination is used, the [Ctrl]-[Alt]-[Del] shutdown -a in /etc/inittab checks to see if any of the users in /etc/shutdown.allow (or root) are logged in on a virtual console.
Page 185: Making Files Accessible From The Console
Section 17.6:Enabling Console Access for Other Applications <console>=tty[0-9][0-9]* :[0-9]\.[0-9] :[0-9] When users log in, they are attached to some sort of named terminal, either an X server with a name like :0 or mymachine.example.com:1.0 or a device like /dev/ttyS0 or /dev/pts/2. The default is to define that local virtual consoles and local X servers are considered local, but if you want to consider the serial terminal next to you on port /dev/ttyS1 to also be local, you can change that line to read:...
Page 186: The Floppy Group
Chapter 17:Console Access First of all, console access only works for applications which reside in /sbin or /usr/sbin, so the application that you wish to run must be there. After verifying that, do the following steps: Create a link from the name of your application, such as our sample foo program, to the /usr/bin/consolehelper application: cd /usr/bin ln -s consolehelper foo...
Page 187: Chapter 18 Time And Date Configuration
Section 18.1:Time and Date Properties 18 Time and Date Configuration Red Hat Linux no longer includes timetool. The dateconfig utility has replaced timetool. The date- config allows the user to change the system date and time, to configure the time zone used by the system, and to setup the Network Time Protocol (NTP) daemon to synchronize the system clock with a time server.
Page 188 Chapter 18:Time and Date Configuration Figure 18–1 Time and Date Properties To change the date, use the arrows to the left and right of the month to change the month. Use the arrows to the left and right of the year to change the year, and click on the day of the week to change the day of the week.
Page 189: Time Zone Configuration
Section 18.2:Time Zone Configuration NTP daemon (ntpd) will be started (or restarted if it is already running). If you want this daemon to start automatically at boot time, you need to execute the command /sbin/chkconfig --level 345 ntpd on to enable ntpd for runlevels 3, 4, and 5. more information NTP,...
Page 190 Chapter 18:Time and Date Configuration Figure 18–2 Time and Date Properties...
Page 191: Chapter 19 User And Group Configuration
System User Manager • Type the command redhat-config-users at a shell prompt (for example, in an XTerm or a GNOME terminal). Figure 19–1 User Manager User Manager allows you to view, modify, add, and delete local users and groups. To view a list of...
Page 192: Adding A New User
Chapter 19:User and Group Configuration For more information on users and groups, refer to the Official Red Hat Linux Reference Guide. 19.1 Adding a New User To add a new user, click the New User button. A window as shown in Figure 19–2, New User will appear.
Page 193: Modifying User Properties
Section 19.2:Modifying User Properties Figure 19–2 New User To configure more advanced user properties such as password expiration, modify the user’s properties after adding the user. Refer to Section 19.2, Modifying User Properties for more information. To add the user to more user groups, click on the tab, select the user, and click .
Page 194: Adding A New Group
Chapter 19:User and Group Configuration Figure 19–3 User Properties window is divided into tabbed pages: User Properties • User Data — Basic user information configured when you added the user. Use this tab to change the user’s full name, password, home directory, or login shell. •...
Page 195: Modifying Group Properties
Section 19.4:Modifying Group Properties Figure 19–4 New Group To add users to the group, refer to Section 19.4, Modifying Group Properties. 19.4 Modifying Group Properties To view the properties of an existing group, select the group from the group list and click Properties from the button menu (or choose =>...
Page 196 Chapter 19:User and Group Configuration tab displays which users are members of the group. Select additional users to add Group Users them to the group, and unselect users to remove from the group. Click to modify the Apply users in the group.
Page 197: Chapter 20 Gathering System Information
Section 20.1:System Processes 20 Gathering System Information Before you learn how to configure your system, you should learn how to gather essential system in- formation. For example, you should know how to find the amount of free memory, how your hard drive is partitioned, and what processes are running.
Page 198 Chapter 20:Gathering System Information 389 root 0 SW 0:00 rpciod 414 root 372 S 0:00 apmd 476 root 496 S 0:00 automount To exit top, press the key. Useful interactive commands that you can use with top include the following: Table 20–1 Interactive top commands Command Description...
Page 199: Memory Usage
Section 20.2:Memory Usage Figure 20–1 GNOME System Monitor 20.2 Memory Usage The free command displays the total amount of physical memory and swap space for the system as well as the amount of memory that are used, free, shared, in kernel buffers, and cached. total used free...
Page 200: Filesystems
Chapter 20:Gathering System Information Figure 20–2 GNOME System Monitor 20.3 Filesystems The df command reports the system’s disk space usage. If you type the command df at a shell prompt, the output looks similar to the following: Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda2 10325716 2902060...
Page 201: Hardware
Section 20.4:Hardware To view the system’s disk space usage in a graphical format, use the tab in the GNOME Filesystems System Monitor. To start it, go to the Button => => => GNOME Main Menu Programs System or type gtop at a shell prompt. Then choose the tab.
Page 202: Sysreport
Chapter 20:Gathering System Information Figure 20–4 Hardware Browser You can also use the lspci command to list all PCI devices. Use the command lspci -v for more verbose information or lspci --v for very verbose output. 20.5 Sysreport Sysreport is a system utility created to collect important system data, in order to assist the Red Hat Technical Support and Development Teams in solving customer problems.
Page 203: Additional Resources
Section 20.6:Additional Resources Please wait while we collect information about your system. This process may take awhile to complete..No changes will be made to your system during this process. NOTE: You can safely ignore a failed message.This only means a file we were checking for did not exist.
Page 204 Chapter 20:Gathering System Information 20.6.2 Useful Websites • http://www.ibiblio.org/shadow/sysreport/ — The Sysreport Web page provides the latest version and instructions.
Page 205: Chapter 21 Printer Configuration
Printer Configuration 21 Printer Configuration Red Hat Linux no longer includes printtool. The printconf utility has replaced printtool. The print- conf utility maintains the /etc/printcap configuration file, print spool directories, and print fil- ters. To use printconf, you must be running the X Window System and have root privileges. To start print- conf, use one of the following methods: •...
Page 206 Chapter 21:Printer Configuration Figure 21–1 printconf Five types of print queues can be configured with printconf: • — a printer attached directly to your computer through a parallel or USB port. In Local Printer the main printer list as shown in Figure 21–1, printconf , the for a local printer is set Queue Type LOCAL...
Page 207: Adding A Local Printer
Section 21.1:Adding a Local Printer Important If you add a new print queue or modify an existing one, you need to restart the printer daemon (lpd) for the changes to take effect. Clicking the button saves any changes that you have made and restarts the printer daemon. The Apply changes are not written to the /etc/printcap configuration file until the printer daemon (lpd) is restarted.
Page 208 Chapter 21:Printer Configuration Figure 21–2 Adding a Printer You will then see the screen shown in Figure 21–3, Adding a Local Printer. Enter a unique name for the printer in the Queue Name text field. This can be any descriptive name for your printer. The printer name cannot contain spaces and must begin with a letter a through z or A through Z.
Page 209 Section 21.1:Adding a Local Printer Figure 21–3 Adding a Local Printer printconf attempts to detect your printer device and display it as shown in Figure 21–4, Choosing a Printer Device. If your printer device is not shown, click . Type the name of your Custom Device printer device and click to add it to the printer device list.
Page 210: Adding A Remote Unix Printer
Chapter 21:Printer Configuration Figure 21–4 Choosing a Printer Device Next, printconf will try to detect which printer is attached to the printer device. Skip to Section 21.6, Selecting the Print Driver and Finishing to continue. 21.2 Adding a Remote UNIX Printer To add a remote UNIX printer, such as one attached to a different Linux system on the same network, button in the main printconf window.
Page 211 Section 21.2:Adding a Remote UNIX Printer Figure 21–5 Adding a Remote Printer Text fields for the following options appears as shown in Figure 21–6, Choosing the Printer Server: • Server — The hostname or IP address of the remote machine to which the printer is attached. •...
Page 212: Adding A Samba (Smb) Printer
Chapter 21:Printer Configuration Figure 21–6 Choosing the Printer Server The next step is to select the type of printer that is connected to the remote system. Skip to Section 21.6, Selecting the Print Driver and Finishing to continue. Important The remote machine must be configured to allow the local machine to print on the desired queue.
Page 213 Section 21.3:Adding a Samba (SMB) Printer letter a through z or A through Z. The valid characters are a through z, A through Z, 0 through 9, -, and _. Select from the menu, and click . If the printer is attached to a Windows Printer Queue Type Next...
Page 214 Chapter 21:Printer Configuration Click the button to translate the end of line characters to a form that is readable Translate \n => \r\n by a Microsoft Windows system. Click to continue. Next Figure 21–8 Choosing the Print Server The next step is to select the type of printer that is connected to the remote SMB system. Skip to Section 21.6, Selecting the Print Driver and Finishing to continue.
Page 215: Adding A Novell Netware (Ncp) Printer
Section 21.4:Adding a Novell NetWare (NCP) Printer 21.4 Adding a Novell NetWare (NCP) Printer button in the main printconf window. The To add a Novell NetWare (NCP) printer, click the window shown in Figure 21–1, printconf will appear. Click to proceed. Next You will see the screen shown in Figure 21–9, Adding an NCP Printer.
Page 216: Adding A Jetdirect Printer
Chapter 21:Printer Configuration Figure 21–10 Choosing the Print Server The next step is to select the type of printer that is connected to the remote NCP system. Skip to Section 21.6, Selecting the Print Driver and Finishing to continue. 21.5 Adding a JetDirect Printer button in the main printconf window.
Page 217 Section 21.5:Adding a JetDirect Printer Figure 21–11 Adding a JetDirect Printer Text fields for the following options appear below the Queue Type menu as shown in Figure 21–12, Choosing a Print Server: • — The hostname or IP address of the JetDirect printer. Printer IP •...
Page 218: Selecting The Print Driver And Finishing
Chapter 21:Printer Configuration Figure 21–12 Choosing a Print Server The next step is to select the type of printer that is connected to the JetDirect system. Skip to Section 21.6, Selecting the Print Driver and Finishing to continue. 21.6 Selecting the Print Driver and Finishing After selecting the queue type of the printer, the next step in adding a printer is to select the print driver.
Page 219 Section 21.6:Selecting the Print Driver and Finishing Figure 21–13 Selecting a Print Driver As shown in Figure 21–14, Correct Print Driver Configuration, the print driver processes the data that you want to print into a format the printer can understand. Since a local printer is attached directly to your computer, you need to select a print driver to process the data that is sent to the printer.
Page 220: Printing A Test Page
Chapter 21:Printer Configuration Try selecting a print driver according to the manufacturer and model of the remote printer, applying the changes, and printing a test page. Figure 21–15 Incorrect Print Driver Configuration 21.6.1 Confirming Printer Configuration The last step is to confirm your printer configuration. Click if this is the printer that you want Finish to add.
Page 221 Section 21.8:Modifying Existing Printers If you want to modify an imported printer’s settings, you cannot modify its settings directly. You must override the printer. You can only override an imported printer that has been imported using the alchemist libraries. Imported printers have the symbol beside them in the first column of the printer list.
Page 222 Chapter 21:Printer Configuration A printer alias is an alternate name for a printer. To add an alias for an existing printer, click the button in the tab, enter the name of the alias, and click . Click again to Name and Aliases return to the main window.
Page 223: Saving The Configuration File
Section 21.9:Saving the Configuration File Extra time is required to perform this action. Do not choose it unless you are having problems printing the correct fonts. • is selected by default. If your printer can print plain text, try unse- Convert Text to Postscript lecting this when printing plain text documents to decrease the time it takes to print.
Page 224: Managing Your Print Jobs
Chapter 21:Printer Configuration Your printer list will then consist of the printers you configured on the system as well as the printers you imported from the saved configuration file. If the imported configuration file has a print queue with the same name as an existing print queue on the system, the print queue from the imported file will override the existing printer.
Page 225 Section 21.11:Additional Resources • man lprm — The manual page on the command line utility to remove print jobs from the printer spool queue. 21.11.2 Useful Websites • http://www.linuxprinting.org — GNU/Linux Printing contains a large amount information about printing in Linux.
Page 226 Chapter 21:Printer Configuration...
Page 227: Chapter 22 Automated Tasks
Section 22.2:Configuring a Cron Task 22 Automated Tasks In Linux, tasks can be configured to run automatically within a given period of time and on given dates. Red Hat Linux comes preconfigured to run certain system tasks to keep your system updated. For example, the slocate database is updated daily.
Page 228 Chapter 22:Automated Tasks • minute — any integer from 0 to 59 • hour — any integer from 0 to 23 • day — any integer from 1 to 31 (must be a valid day if a month is specified) •...
Page 229: Anacron
Section 22.3:Anacron The cron daemon checks the etc/crontab file, the etc/cron.d/ directory, and the /var/spool/cron directory every minute for any changes. If any changes are found, they are loaded into memory. Thus, the daemon does not need to be restarted if a crontab file is changed. Users other than root can configure cron tasks by using the crontab utility.
Page 230: Additional Resources
Chapter 22:Automated Tasks After the task is completed, Anacron records the date in a timestamp file in the /var/spool/anacron directory. Only the date is used (not the time), and the value of the job-identifier is used as the filename for the timestamp file. Environment variables such as SHELL and PATH can be defined at the top of /etc/anacron as with the cron configuration file.
Page 231 Section 22.4:Additional Resources • anacron man page — description of anacron and its command line options. • anacrontab man page — brief overview of the anacron configuration file. • Anacron README file — Anacron README file located /usr/share/doc/anacron-< version >/README describes Anacron.
Page 232 Chapter 22:Automated Tasks...
Page 233: Chapter 23 Ugrading The Kernel
Section 23.1:The 2.4 Kernel 23 Ugrading the Kernel The kernel that comes with Red Hat Linux is custom built by the Red Hat kernel team to ensure its integrity and compatibility with supported hardware. Before Red Hat releases a kernel, it must pass a rigorous set of quality assurance tests.
Page 234: Preparing To Upgrade
Chapter 23:Ugrading the Kernel 23.2 Preparing to Upgrade Before you upgrade your kernel, you need to take a few precautionary steps. The first step is to make sure you have a working boot diskette for your system in case a problem occurs. If the boot loader is not configured properly to boot the new kernel, you will not be able to boot your system unless you have a boot diskette.
Page 235: Downloading The Upgraded Kernel
There are several ways to determine if there is an updated kernel available for your system. • Go to http://www.redhat.com/support/errata/, choose the version of Red Hat Linux you are using, and view the errata for it. Kernel errata are usually under the section.
Page 236: Configuring The Boot Loader
Chapter 23:Ugrading the Kernel If you plan to upgrade the kernel-headers, kernel-source, and kernel-docs packages, you probably do not need to keep the older versions. Use the following commands to upgrade these packages (the versions might vary): rpm -Uvh kernel-header-2.4.7-3.i386.rpm rpm -Uvh kernel-source-2.4.7-3.i386.rpm rpm -Uvh kernel-docs-2.4.7-3.i386.rpm If you are using PCMCIA (for example, a laptop), you also need to install the kernel-pcmcia-cs...
Page 237 Section 23.5:Configuring the Boot Loader timeout=30 splashimage=(hd0,0)/grub/splash.xpm.gz title Red Hat Linux (2.4.7-3) root (hd0,0) kernel /vmlinuz-2.4.7-3 ro root=/dev/hda3 initrd /initrd-2.4.7-3.img If you created a separate /boot partition, the paths to the kernel and initrd image are relative to the /boot partition. To add your new kernel to GRUB, copy the existing section to a new one and modify it to boot your new kernel image (and initrd image if you have any SCSI devices and created an initrd image).
Page 238 Chapter 23:Ugrading the Kernel 23.5.2 LILO To configure LILO to boot the new kernel, you need to update the /etc/lilo.conf file and run the command /sbin/lilo. The default /etc/lilo.conf file looks similar to the following: boot=/dev/hda map=/boot/map install=/boot/boot.b prompt timeout=50 message=/boot/message linear default=linux...
Page 239: Additional Resources
23.6.2 Useful Websites • http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html — Upgrading the Linux Kernel on Red Hat Linux Systems by the Red Hat Support Team • http://www.redhat.com/mirrors/LDP/HOWTO/Kernel-HOWTO.html — The Linux Kernel HOWTO from the Linux Documentation Project • http://www.gnu.org/software/grub/grub.html — GNU GRUB webpage...
Page 240 Chapter 23:Ugrading the Kernel...
Page 241: Chapter 24 Kernel Modules
Section 24.1:Kernel Module Utilities 24 Kernel Modules The Linux kernel has a modular design. At boot time, only a minimal resident kernel is loaded into memory. Thereafter, whenever a user requests a feature that is not present in the resident kernel, a kernel module is dynamically loaded into memory.
Page 242 Chapter 24:Kernel Modules Example 24–1 Example lsmod output Module Size Used by sr_mod 15264 0 (autoclean) 95984 agpgart 23392 79008 1 (autoclean) lockd 52464 1 (autoclean) [nfs] sunrpc 61328 1 (autoclean) [nfs lockd] autofs 11264 4 (autoclean) 3c59x 25344 1 (autoclean) ipchains 38976 0 (unused)
Page 243: Additional Resources
Section 24.2:Additional Resources /sbin/modinfo [options] <module> Options include -d that displays a brief description of the module and -p that lists the parameters the module supports. For a complete list of options, refer to the modinfo man page (man modinfo). 24.2 Additional Resources For more information on kernel modules and their utilities, refer to the following resources.
Page 244 Chapter 24:Kernel Modules...
Page 245: Part Iv Package Management
Part IV Package Management...
Page 247: Chapter 25 Package Management With Rpm
Section 25.1:RPM Design Goals 25 Package Management with RPM The Red Hat Package Manager (RPM) is an open packaging system, available for anyone to use, which runs on Red Hat Linux as well as other Linux and UNIX systems. Red Hat, Inc. encourages other vendors to use RPM for their own products.
Page 248: Using Rpm
The official Red Hat Linux CD-ROMs • The Red Hat Errata Page available at http://www.redhat.com/support/errata • A Red Hat FTP Mirror Site available at http://www.redhat.com/mirrors.html • Red Hat Network — See Chapter 27, Red Hat Network for more details on Red Hat Network...
Page 249 Section 25.2:Using RPM 25.2.2 Installing RPM packages typically have file names like foo-1.0-1.i386.rpm. The file name includes the package name (foo), version (1.0), release (1), and architecture (i386). Installing a package is as simple as typing the following command at a shell prompt: # rpm -ivh foo-1.0-1.i386.rpm #################################### As you can see, RPM prints out the name of the package and then prints a succession of hash marks...
Page 250 Chapter 25:Package Management with RPM # rpm -ivh foo-1.0-1.i386.rpm /usr/bin/foo conflicts with file from bar-1.0-1 To make RPM ignore this error, use the --replacefiles option: # rpm -ivh --replacefiles foo-1.0-1.i386.rpm #################################### Unresolved Dependency RPM packages can "depend" on other packages, which means that they require other packages to be installed in order to run properly.
Page 251 Section 25.2:Using RPM To cause RPM to ignore this error and uninstall the package anyway (which is also a bad idea since the package that depends on it will probably fail to work properly), use the --nodeps option. 25.2.4 Upgrading Upgrading a package is similar to installing one.
Page 252 Chapter 25:Package Management with RPM RPM’s freshen option checks the versions of the packages specified on the command line against the versions of packages that have already been installed on your system. When a newer version of an already-installed package is processed by RPM’s freshen option, it will be upgraded to the newer version.
Page 253 Section 25.2:Using RPM • -i displays package information including name, description, release, size, build date, install date, vendor, and other miscellaneous information. • -l displays the list of files that the package contains. • -s displays the state of all the files in the package. •...
Page 254: Checking A Package's Signature
Chapter 25:Package Management with RPM of the file to the value of that attribute recorded in the RPM database. A single . (a period) means the test passed. The following characters denote failure of certain tests: • 5 — MD5 checksum •...
Page 255 That way, any time you want to validate a package from Red Hat, you will be able to check it against the key you retrieved. You can find Red Hat’s key at http://www.redhat.com/about/contact.html. Using your browser, down- load the key by pressing the...
Page 256: Impressing Your Friends With Rpm
Chapter 25:Package Management with RPM 25.3.3 More about GnuPG For more information about GnuPG, see Appendix B, Getting Started with Gnu Privacy Guard . 25.4 Impressing Your Friends with RPM RPM is a useful tool for both managing your system and diagnosing and fixing problems. The best way to make sense of all of its options is to look at some examples.
Page 257 Source RPM: sndconfig-0.48-1.src.rpm Size : 461734 License: GPL Packager : Red Hat <http://bugzilla.redhat.com/bugzilla> Summary : The Red Hat Linux sound configuration tool. Description : Sndconfig is a text based tool which sets up the configuration files you’ll need to use a sound card with a Red Hat Linux system.
Page 258: Additional Resources
Chapter 25:Package Management with RPM • Perhaps you now want to see what files the sndconfig RPM installs. You would enter the following: rpm -qlp sndconfig-0.48-1.i386.rpm The output will look like the following: /usr/sbin/pnpprobe /usr/sbin/sndconfig /usr/share/locale/cs/LC_MESSAGES/sndconfig.mo /usr/share/locale/da/LC_MESSAGES/sndconfig.mo /usr/share/locale/de/LC_MESSAGES/sndconfig.mo /usr/share/locale/es/LC_MESSAGES/sndconfig.mo /usr/share/locale/fr/LC_MESSAGES/sndconfig.mo /usr/share/locale/hu/LC_MESSAGES/sndconfig.mo /usr/share/locale/id/LC_MESSAGES/sndconfig.mo /usr/share/locale/is/LC_MESSAGES/sndconfig.mo...
Page 259 — The RPM man page will give you more detail about RPM parameters than the rpm • --help command. 25.5.2 Useful Websites • http://www.rpm.org/ http://www.redhat.com/support/mailing-lists/ — The RPM mailing list is archived here. To sub- • scribe, send mail to rpm-list-request@redhat.com with the word subscribe in the subject line. 25.5.3 Related Books •...
Page 260 Chapter 25:Package Management with RPM...
Page 261: Chapter 26 Gnome-Rpm
Gnome-RPM 26 Gnome-RPM If you do not want to use the command-line version of RPM, you can use Gnome-RPM, a graphical interface for Red Hat Package Manager (RPM). To learn more about RPM technology, turn to Chapter 25, Package Management with RPM . Gnome-RPM (which is also referred to as gnorpm) allows users to easily work with RPM technology and features a friendly interface.
Page 262: Starting Gnome-Rpm
If you want to maintain official Red Hat Linux packages, it is recommended that you use Red Hat Net- work or the Red Hat Linux errata page available at http://www.redhat.com/support/errata/. Packages from Red Hat have been verified for integrity and are GPG signed by Red Hat so that you can make sure they are the official packages.
Page 263 Section 26.1:Starting Gnome-RPM Note If you would like to install, upgrade or uninstall packages, you must be root. The easiest way to become root is to type the su command and at a [Enter] shell prompt. Then type the root password. However, you do not have to be root to query and verify packages.
Page 264: The Package Display
Chapter 26:Gnome-RPM 26.2 The Package Display Each folder icon in the tree view at left represents a group of packages. Each group can contain sub- groups. For example, the folder contains the folder that contains text editors Applications Editors such as Emacs, ed, vim, and GXedit. The tree view can be expanded and collapsed, so you can easily navigate through the packages.
Page 265: Installing New Packages
Section 26.3:Installing New Packages Figure 26–2 Selecting Packages in Gnome-RPM You can select and unselect multiple packages, in more than one folder in the tree panel. To select more than one package, hold down the [Ctrl] key and left-click on packages; each selected package will be highlighted.
Page 266 Figure 26–3 The Install Window Click on the button. By default, if your CD-ROM is mounted with a Red Hat Linux CD-ROM, Gnome-RPM will search in /mnt/cdrom/RedHat/RPMS for new packages. (You can change the default path in the tab of the =>...
Page 267: Configuration
Section 26.4:Configuration In addition to installing the packages from within the window, you can install a package after Install performing a query on the selected package. Click on , which will open the Query Package Info window. Here, you can find a variety of details about the package you’ve selected to install, including the origination of the package, the date it was built, its size and more.
Page 268 Chapter 26:Gnome-RPM Figure 26–4 Behaviour Tab in Preferences Under Install Options , you have the following choices: • — When selected, this will install or upgrade a package without checking No dependency checks for other files that the program may depend on in order to work. Unless you know what you’re doing, we strongly suggest that you not use this option as some packages may depend on other packages in order to function correctly.
Page 269 Refer to Figure 26–5, Install Window for an example of this dialog. If you’re using your Red Hat Linux CD-ROM, this path will probably be /mnt/cdrom/RedHat/RPMS If you download new RPMs from the Internet or want to install RPMs via a NFS-mounted CD-ROM...
Page 270 Gnome-RPM will search for RPM Directories packages when the window is first opened. For example, /mnt/cdrom/RedHat/RPMS is Install listed by default. If you have the Red Hat Linux CD mounted in this location, Gnome-RPM will search it for RPM packages when you open the window.
Page 271 Section 26.4:Configuration In the tab, you have the ability to specify proxies for use with HTTP and FTP transfers, Network as well as user and password names (see Figure 26–6, Network Settings). Note, however, that the password will not be stored securely. field, you can set the length of time before data from the rpmfind database is In the Cache expire...
Page 272 Chapter 26:Gnome-RPM CAUTION Packages not produced by Red Hat are not supported by Red Hat because Red Hat can not verify the integrity of these packages and how they interact with official Red Hat packages. Use caution when installing packages down- loaded using Rpmfind Figure 26–7 The Rpmfind Window...
Page 273: Package Manipulation
Section 26.5:Package Manipulation Figure 26–8 Distribution Settings in Preferences Distribution Settings , you can set the options for choosing the most appropriate package out of the selections Rpmfind returns, as well as which mirror you would like to use. The higher the rating you indicate for your selection (as shown in Figure 26–8, Distribution Settings in Preferences), the higher the priority it will receive;...
Page 274 Chapter 26:Gnome-RPM Figure 26–9 Query Window The name of the package is centered at the top of the box. Below, the box is divided into two columns of listed information; below this information, you’ll see a display area showing package files. In the left column in the information list, you’ll find the size of the file, the machine on which the file is found, the name of the package distribution and its group.
Page 275 Section 26.5:Package Manipulation To close the query window without performing any action, left-click on the at the top right of the window bar. 26.5.2 Verifying Packages Verifying a package checks all of the files in the package to ensure they match the ones present on your system.
Page 276 Chapter 26:Gnome-RPM If uninstalling a package would break "dependencies" (which could interfere with the operation of applications that require one or more of the removed files in the package), a dialog will pop up, asking you to confirm the deletion. You can uninstall a selected package in a variety of ways: from the menu, under ;...
Page 277 Section 26.5:Package Manipulation If you run out of disk space during an installation, the install will fail. However, the package which was being installed when the error occurred may leave some files around. To clean up after this error, reinstall the package after you’ve made more disk space available.
Page 278 Chapter 26:Gnome-RPM...
Page 279: Chapter 27 Red Hat Network
Create a System Profile by running the Red Hat Network Registration Client (rhn_regis- ter) on the system that you want to register. Log in to RHN at http://rhn.redhat.com/ and entitle the system to Software Manager. Everyone receives a free Red Hat Network Software Manager subscription for one system. Additional sub- scriptions are $19.95/month for each system.
Page 280 Chapter 27:Red Hat Network Figure 27–1 System List...
Page 281: Part V
Part V Appendixes...
Page 283: Appendix A Building A Custom Kernel
-q kernel-headers and rpm -q kernel-source to determine their versions, if they are installed. If they are not installed, install them from the Red Hat Linux CD 1 or the Red Hat FTP site available at ftp://ftp.redhat.com (a list of mirrors is available at...
Page 284 Appendix A:Building a Custom Kernel http://www.redhat.com/mirrors.html). Refer to Chapter 25, Package Management with RPM for information on installing RPM packages. Open a shell prompt and change to the directory /usr/src/linux-2.4. All commands from this point forward must be issued from this directory.
Page 285 The method described here is the easiest to re- cover from in the event of a mishap. If you are interested in other possibilities, details can be found at http://www.redhat.com/mirrors/LDP/HOWTO/Kernel-HOWTO.html or in the Makefile in /usr/src/linux-2.4 on your Linux system.
Page 286: Making An Initrd Image
Appendix A:Building a Custom Kernel A.2 Making an initrd Image An initrd image is needed for loading your SCSI module at boot time. If you do not need an initrd image, do not make one and do not edit lilo.conf or grub.conf to include this image. The /sbin/mkinitrd shell script can build a proper initrd image for your machine if the fol- lowing conditions are met: •...
Page 287 Section A.3:Configuring the Boot Loader title Red Hat Linux (2.4.7-3) root (hd0,0) kernel /vmlinuz-2.4.7-3 ro root=/dev/hda3 initrd /initrd-2.4.7-3.img If you created a separate /boot partition, the paths to the kernel and initrd image are relative to the /boot partition. To add your new kernel to GRUB, copy the existing title section to a new one and modify it to boot your new kernel image (and initrd image if you have any SCSI devices and have created an initrd image).
Page 288 Appendix A:Building a Custom Kernel A.3.2 LILO To configure LILO to boot the new kernel, you need to update the /etc/lilo.conf file and run the command /sbin/lilo -v. The default /etc/lilo.conf file looks similar to the following: boot=/dev/hda map=/boot/map install=/boot/boot.b prompt timeout=50 message=/boot/message...
Page 289: Building A Monolithic Kernel
Section A.4:Building a Monolithic Kernel root=/dev/hda5 To activate your changes, run the command /sbin/lilo -v. If all goes well, you will see output similar to the following: LILO version 21.4-4, Copyright (C) 1992-1998 Werner Almesberger ’lba32’ extensions Copyright (C) 1999,2000 John Coffman Reading boot sector from /dev/hda Merging with /boot/boot.b Mapping message file /boot/message...
Page 290 Appendix A:Building a Custom Kernel...
Page 291: Appendix B Getting Started With Gnu Privacy Guard
Section B.1:An Introduction to GnuPG B Getting Started with Gnu Privacy Guard B.1 An Introduction to GnuPG Have you ever wondered if your email can be read during its transmission from you to other people, or from other people to you? Unfortunately, complete strangers could conceivably intercept or even tamper with your email.
Page 292: Generating A Keypair
Appendix B:Getting Started with Gnu Privacy Guard Do Not Reveal Your Private Key Remember that your public key can be given to anyone with whom you want to communicate securely, but you must never give away your private key. For the most part, cryptography is beyond the scope of this publication; volumes have been written about the subject.
Page 293 Section B.2:Generating a Keypair In fact, most of the screens which require you to choose an option will list the default option, within parentheses. You can accept the default options simply by pressing [Enter] In the first screen, you should accept the default option: (1) DSA and ElGamal. This option will allow you to create a digital signature and encrypt (and decrypt) with two types of technologies.
Page 294: Generating A Revocation Certificate
Appendix B:Getting Started with Gnu Privacy Guard 1024g/E12AF9C4 2000-04-18 B.3 Generating a Revocation Certificate Once you have created your keypair, you should create a revocation certificate for your public key. If you forget your passphrase, or if it has been compromised, you can publish this certificate to inform users that your public key should no longer be used.
Page 295: Exporting Your Public Key
Section B.4:Exporting your Public Key Once your revocation certificate has been created (revoke.asc), it will be located in your login directory. You should copy the certificate to a floppy diskette and store it in a secure place. (If you don’t know how to copy a file to a diskette in Red Hat Linux, see the Official Red Hat Linux Getting Started Guide.) B.4 Exporting your Public Key Before you can use public key cryptography, other people must have a copy of your public key.
Page 296 Appendix B:Getting Started with Gnu Privacy Guard =BMEc -----END PGP PUBLIC KEY BLOCK----- B.4.1 Exporting to a Keyserver If you are only writing to a few correspondents, you can export your public key and send it to them personally. If you correspond with many people, however, distribution of your key can be time con- suming.
Page 297 Section B.4:Exporting your Public Key public key from a from a keyserver, import that key to their keyring, and they are ready for secure correspondence with you. Which Keyserver Should You Use? Because most keyservers are synchronized, sending your public key to one keyserver is usually as good as sending it to them all.
Page 298: Importing A Public Key
Appendix B:Getting Started with Gnu Privacy Guard Figure B–2 Copying Your Public Key Note that if you are submitting your key to another Web-based keyserver, the above transaction will be essentially the same. That is all you need to do. Regardless of whether you use the shell prompt or the Web, you will see a message that your key was successfully submitted —...
Page 299: What Are Digital Signatures
Section B.7:Additional Resources One of the easiest ways to import a key is to download the key or save it from a website. To learn how to import Red Hat’s key, refer to Section 25.3.1, Importing Keys. After downloading a key, use the command gpg --import key.asc to add it to your keyring. Another way to save a key is to use a browser’s Save As feature.
Page 300 Appendix B:Getting Started with Gnu Privacy Guard B.7.1 Useful Websites • http://www.gnupg.org — The GnuPG website with links to the latest GnuPG releases, a com- prehensive user’s guide, and other cryptography resources. • http://hotwired.lycos.com/webmonkey/backend/security/tutorials/tutorial1.html — Visit the En- cryption Tutorial from Webmonkey to learn more about encryption and how to apply encryption techniques.
Page 301 Index Index BIND configuration ......173 adding a forward master zone... 174 anacron adding a reverse master zone.... 176 additional resources...... 230 adding a slave zone ...... 178 Apache ........135 applying changes..
Page 302 Index console access dhcpd.leases ......... 126 configuring ....... 183 dhcrelay........126 defining ........184 DSA keys ........104 disabling ........184 DSOs disabling all....... 184 loading ....
Page 303 ........241 ( See Gnu Privacy Guard ) monolithic ........ 289 group configuration upgrading ......... 233 ( See redhat-config-users ) kernel modules groups listing ........241 ( See redhat-config-users ) loading ....
Page 304 Index authconfig......24 network-based ......20 autostep ........ 24 starting ........21 bootloader......27 kmod ......... 241 clearpart ......28 ksconfig ( See Kickstart Configurator ) device ....
Page 305 Index configuration ......109 querying with Gnome-RPM ... 273 /etc/fstab......109 removing........250 exporting........111 secure server mounting........109 choosing for installation ....157 starting the server ......112 selecting with Gnome-RPM ....
Page 306 ..... 251 redhat-config-network GnuPG ........254 ( See printer configuration ) installing ........249 redhat-config-users ....191 md5sum ........254 groups preserving configuration files ... 251 adding ........194 querying .....
Page 307 ........93 packages with Gnome-RPM ... 276 explanation of ......160 URLs serviceconf......95 for your secure server....169 Serviceconf ......... 95 user configuration services ( See redhat-config-users )
Page 308 Index User Manager ( See redhat-config-users ) users ( See redhat-config-users ) /var/spool/cron...... 229 VeriSign using existing certificate....161 Windows file and print sharing ..... 115 Windows 2000 connecting to shares using Samba ..117 Windows NT 4.0...

This manual is also suitable for:

Linux 7.2

Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE Manual

Introduction

Part I Installation-Related Reference

Chapter 1 Kickstart Installations

Chapter 2 Kickstart Configurator

Chapter 3 Rescue Mode

Chapter 4 Redundant Array of Independent Disks (RAID)

Chapter 5 Software RAID Configuration

Part II Network-Related References

Chapter 6 Network Configuration

Chapter 7 Basic Firewall Configuration

Chapter 8 Controlling Access to Services

Chapter 9 Openssh

Chapter 10 Network File System (NFS)

Chapter 11 Samba

Chapter 12 Dynamic Host Configuration Protocol (DHCP)

Chapter 13 Kerberos

Chapter 14 Apache Configuration

Chapter 15 Apache Secure Server Configuration

Chapter 16 BIND Configuration

Part III System Configuration

Chapter 17 Console Access

Chapter 18 Time and Date Configuration

Chapter 19 User and Group Configuration

Chapter 20 Gathering System Information

Chapter 21 Printer Configuration

Chapter 22 Automated Tasks

Chapter 23 Ugrading the Kernel

Chapter 24 Kernel Modules

Part IV Package Management

Chapter 25 Package Management with RPM

Chapter 26 Gnome-RPM

Chapter 27 Red hat Network

Part V

Appendix A Building a Custom Kernel

Appendix B Getting Started with Gnu Privacy Guard

Quick Links

Related Manuals for Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE

Summary of Contents for Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE