Page 3
This manual is dedicated to Carole Williams, a valuable contributor to the Red Hat documentation team. Carole, we wish you all the best in your future endeavors. We miss your wisdom, superior editing skills, ability to write humor into just about any topic, and jokes that made each day a joy to work with you.
Contents Red Hat Linux 7.2 Introduction .................. . xi Document Conventions..............xi More to Come .
Page 5
What is Rescue Mode? ............65 Chapter 4 Redundant Array of Independent Disks (RAID) . 71 What is RAID? ..............71 Who Should Use RAID? .
Page 6
Chapter 9 OpenSSH ..............101 Why Use OpenSSH?............. 101 Configuring an OpenSSH Server .
Started Guide. If you need more advanced documentation, please refer to the Official Red Hat Linux Reference Guide. HTML and PDF versions of all the Official Red Hat Linux manuals are available online at http://www.redhat.com/support/manuals/. Document Conventions When you read this manual, you will see that certain words are represented in different fonts, type- faces, sizes and weights.
Page 12
Introduction Linux commands (and other operating system commands, when used) are represented this way. This style should indicate to you that you can type in the word or phrase on the command line and press to invoke a command. Sometimes a command contains words that would be [Enter] displayed in a different style on their own (e.g., filenames).
Section 0.1:Document Conventions xiii Select the checkbox if you would like your screensaver to require a password Require Password before stopping. top level of a menu on a GUI screen or window When you see a word in this style, it indicates that the word is the top level of a pulldown menu. If you click on the word on the GUI screen, the rest of the menu should appear.
Page 14
Introduction Text that the user has to type, either on the command line, or into a text box on a GUI screen, is displayed in this style. In the following example, text is displayed in this style: To boot your system into the text based installation program, you will need to type in the text command at the boot: prompt.
Official Red Hat support — Get help with your installation questions from Red Hat, Inc.’s support team. • Red Hat Network — Easily update your packages and receive security notices that are customized for your system. Go to http://rhn.redhat.com for more details.
Page 16
Under the Brim: The Official Red Hat E-Newsletter — Every month, get the latest news and product information directly from Red Hat. To sign up, go to http://www.redhat.com/apps/activate/. You will find your Product ID on a black, red, and white card in your Official Red Hat Linux box.
Section 1.2:How Do You Perform a Kickstart Installation? 1 Kickstart Installations 1.1 What are Kickstart Installations? Many system administrators would prefer to use an automated installation method to install Red Hat Linux on their machines. To answer this need, Red Hat created the kickstart installation method. Using kickstart, a system administrator can create a single file containing the answers to all the questions that would normally be asked during a typical Red Hat Linux installation.
Page 20
Linux: filename "/usr/new-machine/kickstart/" ; next-server blarg.redhat.com; Note that you should replace the value after filename with the name of the kickstart file (or the directory in which the kickstart file resides) and the value after next-server with the NFS server...
Section 1.3:Starting a Kickstart Installation If the filename returned by the BOOTP/DHCP server ends with a slash ("/"), then it is interpreted as a path only. In this case, the client system mounts that path using NFS, and searches for a particular file.
Page 22
Chapter 1:Kickstart Installations The installation program will look for the kickstart file on the HTTP server <server>:, as file <path>. The installation program will use DHCP to configure the Ethernet card. For example, if your HTTP server is server.example.com and the kickstart file is in the HTTP directory /my- dir/ks.cfg, the correct boot command would be ks=http:server.example.com:/my- dir/ks.cfg.
Section 1.4:The Kickstart File system through the eth1 device, use the command ks=nfs: <server:> / <path> ksde- vice=eth1 at the boot: prompt. 1.4 The Kickstart File Now that you have some background information on kickstart installations, let’s take a look at the kickstart file itself.
Chapter 1:Kickstart Installations If any other items are specified for an upgrade, those items will be ignored (note that this includes package selection). 1.5 Kickstart Options The following options can be placed in a kickstart file. If you prefer to use a graphical interface for creating your kickstart file, you can use the Kickstart Configurator application.
Page 25
Section 1.5:Kickstart Options To use this option, you must have the nss_ldap package installed. You must also spec- ify a server and a base DN. --enableldapauth Use LDAP as an authentication method. This enables the pam_ldap module for authen- tication and changing passwords, using an LDAP directory. To use this option, you must have the nss_ldap package installed.
Page 26
Chapter 1:Kickstart Installations Enable Hesiod support for looking up user home directories, UIDs, and shells. More information on setting up and using Hesiod on your network is in which is included in /usr/share/doc/glibc-2.x.x/README.hesiod, the glibc package. Hesiod is an extension of DNS that uses DNS records to store information about users, groups, and various other items.
Page 27
Section 1.5:Kickstart Options --smbservers= The name of the server(s) to use for SMB authentication. To specify more than one server, separate the names with commas (,). --smbworkgroup= The name of the workgroup for the SMB servers. --enablecache Enables the nscd service. The nscd service caches information about users, groups, and various other types of information.
Page 28
Chapter 1:Kickstart Installations If using LILO, use the linear LILO option; this is only for backwards compatibility (and linear is now used by default). --nolinear If using LILO, use the nolinear LILO option; linear is the default. --lba32 If using LILO, force use of lba32 mode instead of autodetecting. 1.5.4 clearpart —...
Page 29
Section 1.5:Kickstart Options <type> should be one of "scsi" or "eth", and <moduleName> is the name of the kernel module which should be installed. --opts Options to pass to the kernel module. Note that multiple options may be passed if they are put in quotes.
Page 30
Chapter 1:Kickstart Installations • --high • --medium • --disabled --trust <device> Listing a device here, such as eth0, allows all traffic coming from that device to go through the firewall. To list more than one device, use --trust eth0 --trust eth1. Do NOT use a comma-separated format such as --trust eth0, eth1.
Page 31
Section 1.5:Kickstart Options • --server <server> Server from which to install (hostname or IP). • --dir <dir> Directory containing the Red Hat installation tree. For example: nfs --server <server> --dir <dir> cdrom Install from the first CD-ROM drive on the system. For example: cdrom harddrive...
Page 32
Chapter 1:Kickstart Installations program with the values from the kickstart file. Either accept the values by clicking Next change the values and click to continue. See also Section 1.5.1, autostep . Next 1.5.12 keyboard keyboard (required) Sets system keyboard type. Here’s the list of available keyboards on i386 and Alpha machines: ANSI-dvorak, azerty, be-latin1, be2-latin1, bg, br-abnt2, cf, croat, cz, cz-lat2, cz-lat2-prog, cz-us-qwertz, de, de-latin1, de-latin1-nodeadkeys, defkeymap, defkeymap_V1.0, dk, dk-latin1,...
Page 33
Section 1.5:Kickstart Options Sets the language(s) to install on the system. The same language codes used with lang can be used with langsupport. --default Sets the default language to use for any language-specific aspect of the installed system. An example to install English and French and use English as the default language: languagesupport --default en_US fr_FR 1.5.15 lilo lilo (replaced by bootloader)
Page 34
Chapter 1:Kickstart Installations 1.5.16 lilocheck lilocheck (optional) If lilocheck is present, the installation program checks for LILO on the MBR of the first hard drive, and reboots the system if it is found — in this case, no installation is performed. This can prevent kickstart from reinstalling an already installed system.
Page 35
Section 1.5:Kickstart Options Configures network information for the system. If the kickstart installation does not require networking (in other words, it is not installed over NFS, HTTP, or FTP), networking is not con- figured for the system. If the installation does require networking and network information is not provided in the kickstart file, the Red Hat Linux installation program assumes that the instal- lation should be done over eth0 via a dynamic IP address (BOOTP/DHCP), and configures the final, installed system to determine its IP address dynamically.
Page 36
Chapter 1:Kickstart Installations The DHCP method uses a DHCP server system to obtain its networking configuration. As you might guess, the BOOTP method is similar, requiring a BOOTP server to supply the networking configuration. The static method requires that you enter all the required networking information in the kickstart file.
Page 37
Section 1.5:Kickstart Options For example, /, /usr, /home swap The partition will be used as swap space. raid.<id> The partition will be used for software RAID (see the Section 1.5.20, raid below). --size <size> The minimum partition size in megabytes. Specify an integer value here such as 500. Do not append the number with MB.
Page 38
Chapter 1:Kickstart Installations <N> represents the number of bytes per inode on the filesystem when it is created. It must be given in decimal format. This option is useful for applications where you want to increase the number of inodes on the filesystem. --type= <X>...
Page 39
Section 1.5:Kickstart Options raid <mntpoint> --level <level> --device <mddevice><partitions*> The <mntpoint> is the location where the RAID filesystem is mounted. If it is /, the RAID level must be 1 unless a boot partition (/boot) is present. If a boot partition is present, the /boot partition must be level 1 and the root (/) partition can be any of the available types.
Page 40
Chapter 1:Kickstart Installations 1.5.21 reboot reboot (optional) Reboot after the installation is complete (no arguments). Normally, kickstart displays a message and waits for the user to press a key before rebooting. 1.5.22 rootpw rootpw (required) rootpw [--iscrypted] <password> Sets the system’s root password to the <password> argument. --iscrypted If this is present, the password argument is assumed to already be encrypted.
Page 41
Section 1.5:Kickstart Options 1.5.26 upgrade upgrade (optional) Tells the system to upgrade an existing system rather than install a fresh system. 1.5.27 xconfig xconfig (optional) Configures the X Window System. If this option is not given, the user will need to configure X manually during the installation, if X was installed;...
Page 42
Packages can be specified by component or by individual package name. The installation program defines several components that group together related packages. See the RedHat/base/comps file on any Red Hat Linux CD-ROM for a list of components. The components are defined by the lines that begin with a number followed by a space and then the component name.
Page 43
Section 1.5:Kickstart Options Lines beginning with ? Lines that begin with a ? are used by the installation program and should not be altered. Lines beginning with --hide If a package name begins with --hide, you only need to type in the package name, without the --hide.
Page 44
Chapter 1:Kickstart Installations command. Note that you can access the network in the %pre section; however, name service has not been configured at this point, so only IP addresses will work. Here’s an example %pre section: %pre # add comment to /etc/motd echo "Kickstart-installed Red Hat Linux ‘/bin/date‘"...
Page 45
Section 1.5:Kickstart Options # add another nameserver echo "nameserver 10.10.0.2" >> /etc/resolv.conf Note The post-install script is run in a chroot environment; therefore, performing tasks such as copying scripts or RPMs from the installation media will not work. --nochroot Allows you to specify commands that you would like to run outside of the chroot environment. The following example copies the file /etc/resolv.conf to the filesystem that was just installed.
Section 2.1:Basic Configuration 2 Kickstart Configurator Kickstart Configurator allows you to create a kickstart file using a graphical user interface, so that you do not have to remember the correct syntax of the file. After choosing the kickstart options, click the button, verify the options you have chosen, and save the kickstart file to a desired location.
Page 48
Chapter 2:Kickstart Configurator Choose the language to use during the installation from the menu. Choose the language to Language use after installation from the menu. Select the system keyboard type from the Language Support menu. Keyboard Choose the mouse for the system from the menu.
Section 2.2:Boot Loader Options 2.2 Boot Loader Options Figure 2–2 Boot Loader Options You have the option of installing GRUB or LILO as the boot loader. If you do not want to install a boot loader, uncheck the checkbutton. If you choose not to install a boot loader, Install Boot Loader make sure you create a boot disk or have another way to boot (such as a third-party boot loader) your Red Hat Linux system.
IP address of the NFS server. For the NFS directory, enter the name of the NFS directory that contains the RedHat directory. For example, if your NFS server contains the di- rectory /mirrors/redhat/i386/RedHat, enter /mirrors/redhat/i386 for the NFS...
Page 51
IP address of the FTP server. For the FTP directory, enter the name of the FTP directory that contains the RedHat directory. For example, if your FTP server contains the directory /mir- rors/redhat/i386/RedHat, enter /mirrors/redhat/i386 for the FTP directory.
Chapter 2:Kickstart Configurator 2.4 Partition Information Figure 2–4 Partition Information To clear the Master Boot Record, select beside the option on the top of the page. You can choose to keep the existing partitions, remove all the existing partitions, or remove all the existing Linux partitions by selecting , or , respectively, next to...
Page 53
Section 2.4:Partition Information • Use an existing partition. • Format the partition as the chosen filesystem type. Figure 2–5 Creating Partitions To edit an existing partition, select the partition from the list and click the button. The same Edit window that appears when you add a partition appears, except it contains the Partitions Options values for the selected partition.
Networking is only required if you choose a networking-type installation method (NFS or FTP). If you are unsure which to choose, choose . Networking can always be configured after installation with None Network Configurator (redhat-config-network). If you select , you must provide additional networking information in the table below the Static IP...
Section 2.6:Authentication 2.6 Authentication Figure 2–7 Authentication In the section, select whether to use shadow passwords and md5 encryption for user Authentication passwords. These options are highly recommended and chosen by default. page allows you to configure the following methods of authenti- Authentication Configuration cation: •...
Chapter 2:Kickstart Configurator 2.7 Firewall Configuration Figure 2–8 Firewall Configuration page is identical to the screen in the Red Hat Linux installation program Firewall Configuration and provides the same functionality. Choose between High Medium , and Disabled security levels. Refer to the Official Red Hat Linux Installation Guide for detailed information about these security levels.
Page 57
Section 2.8:X Configuration 2.8.1 General Figure 2–9 X Configuration - General The first step in configuring X is to choose the default color depth and resolution. Select them from their respective pulldown menus. Be sure to specify a color depth and resolution that is compatible with the video card and monitor for the system.
Page 58
Chapter 2:Kickstart Configurator 2.8.2 Video Card Select the video card from the list on the tab as shown in Figure 2–10, X Configuration - Video Card Video Card. Also select the amount of video RAM the selected video card has from the Video Card pulldown menu.
Chapter 2:Kickstart Configurator 2.9 Package Selection Figure 2–12 Package Selection page allows you to choose which package categories to install. Currently, Package Selection Kickstart Configurator does not allow you to select individual packages. To install individual pack- ages, modify the %packages section of the kickstart file after you save it.
Section 2.10:Pre-Installation Script 2.10 Pre-Installation Script Figure 2–13 Pre-Installation Script You can add commands to run on the system immediately after the kickstart file has been parsed and before the installation begins. If you have configured the network in the kickstart file, the network is enabled before this section is processed.
Chapter 2:Kickstart Configurator 2.11 Post-Installation Script Figure 2–14 Post-Installation Script You can also add commands to execute on the system after the installation is completed. If you have properly configured the network in the kickstart file, the network is enabled. If you would like to include a post-installation script, type it in the text area.
Page 63
Section 2.11:Post-Installation Script 2.11.1 Chroot Environment If you want your post-installation script to run outside of the chroot environment, click the checkbut- ton next to this option on the top of the Post-Installation page. This is equivalent to the using the --nochroot option in the %post section.
Chapter 2:Kickstart Configurator /usr/sbin/useradd bob /usr/bin/chfn -f "Bob Smith" bob /usr/sbin/usermod -p ’kjdf$04930FTH/ ’ bob 2.12 Saving the File After you have finished choosing your kickstart options, click the button. A dialog box Save File similar to Figure 2–15, Confirm Options will appear to allow you to review your choices before saving the file.
Section 3.1:What is Rescue Mode? 3 Rescue Mode When things go wrong, there are ways to fix problems. However, these methods require that you understand the system well. This chapter will describe the ways that you can boot into rescue mode and single user mode, where you can use your own knowledge to repair the system.
Page 66
Chapter 3:Rescue Mode 3.1.2 Hardware/Software Problems This category includes a wide variety of different situations. Two examples include failing hard drives and forgetting to run LILO after building a new kernel (if you are using LILO as your boot loader). In both of these situations, you may be unable to boot Red Hat Linux.
Page 67
Section 3.1:What is Rescue Mode? Once you have your system in rescue mode, a prompt appears on VC (virtual console) 1 and VC 2 (use the key combination to access VC 1 and key combination to access [Ctrl] [Alt] [F1] [Ctrl] [Alt] [F2]...
Page 68
Chapter 3:Rescue Mode mformat open umount gnome-pty-helper minfo pico uncpio grep mkdir ping uniq gunzip mke2fs probe zcat 3.1.4 Booting Single-User Mode Directly You may be able to boot single-user mode directly. If your system boots, but does not allow you to log in when it has completed booting, try single-user mode.
Page 69
Section 3.1:What is Rescue Mode? Replace the XX in /dev/hd XX with the appropriate letter and number for your root partition. What does this command do? First, it starts the boot process in single-user mode, with the root par- tition set to your root partition. The empty initrd specification bypasses the installation-related image on the boot disk, which will cause you to enter single-user mode immediately.
Section 4.3:Hardware RAID versus Software RAID 4 Redundant Array of Independent Disks (RAID) 4.1 What is RAID? The basic idea behind RAID is to combine multiple small, inexpensive disk drives into an array to accomplish performance or redundancy goals not attainable with one large and expensive drive. This array of drives will appear to the computer as a single logical storage unit or drive.
Chapter 4:Redundant Array of Independent Disks (RAID) An example of a Hardware RAID device would be one that connects to a SCSI controller and presents the RAID arrays as a single SCSI drive. An external RAID system moves all RAID handling "intelli- gence"...
Page 73
Section 4.4:RAID Levels and Linear Support • Level 0 — RAID level 0, often called "striping," is a performance-oriented striped data mapping technique. This means the data being written to the array is broken down into strips and written across the member disks of the array, allowing high I/O performance at low inherent cost but provides no redundancy.
Page 74
Chapter 4:Redundant Array of Independent Disks (RAID) the capacity of member disks, minus the capacity of one member disk. The storage capacity of Software RAID level 5 is equal to the capacity of the member partitions, minus the size of one of the partitions if they are of equal size.
Software RAID Configuration 5 Software RAID Configuration Read Chapter 4, Redundant Array of Independent Disks (RAID) first to learn about RAID and the differences between Hardware and Software RAID and the differences between RAID 0, 1, and 5. Software RAID can be configured during the graphical installation of Red Hat Linux or during a kickstart installation.
Page 76
Chapter 5:Software RAID Configuration • , select the drive on which RAID will be created. If you have multiple drives, Allowable Drives all drives will be selected here and you must deselect those drives which will not have the RAID array on them.
Page 77
Software RAID Configuration Please Note If you are making a RAID partition of /boot, you must choose RAID level 1 and it must use one of the first two drives (IDE first, SCSI second). If you are not creating a RAID partition of /boot, and you are making a RAID partition of /, it must be RAID level 1 and it must use one of the first two drives (IDE first, SCSI second).
Section 6.1:Adding Network Hardware 6 Network Configuration Red Hat Linux no longer includes the application netcfg to configure your network devices. The Red Hat Network Administration Tool has replaced netcfg and can be used to configure the different types of network devices: Ethernet, Modem, ISDN, xDSL, CIPE, and Wireless. You can also configure a modem, ISDN, or an xDSL connection with internet-druid.
Page 82
Chapter 6:Network Configuration Figure 6–1 Network Hardware Configuration 6.1.1 Ethernet You can configure the type of adapter (manufacturer and model) and kernel device name for an Eth- ernet device. The type of adapter you select determines which kernel module (driver) is loaded for the network interface card.
Section 6.2:Adding a Device 6.1.4 Token Ring For a token ring device, you can select the type of adapter according to the manufacturer and model of the device. The type of adapter determines which kernel modules (driver) is loaded for the device. You can also configure the kernel device name (/dev/tr0, /dev/tr1, and so on) and the device’s system resources such as IRQ.
Page 84
Chapter 6:Network Configuration Figure 6–2 Adding an Ethernet Device 6.2.2 Modem Click the tab to enter the phone number, login, and password for your dial-up account. Use Provider Compression tab to enable different forms of compression. The Options tab allows you to con- figure PPP options, and the Advanced tab provides pulldown menus to customize the hangup timeout...
Section 6.3:Managing DNS Settings obtain an IP address via DHCP. Consult your Internet provider for details. After configuring the Eth- ernet device, add an xDSL device. From the tab, select the appropriate Ethernet device to Provider use to establish your connection. 6.2.5 CIPE CIPE stands for Crypto IP Encapsulation.
Page 86
Chapter 6:Network Configuration To change lookup order, edit the /etc/host.conf file. The line order hosts, bind specifies that the /etc/hosts takes precedence over the name servers. Changing the line to order bind, hosts configures your system to resolve hostnames and IP addresses using the name servers first.
Basic Firewall Configuration 7 Basic Firewall Configuration During the Red Hat Linux installation, you are given the option to choose high, medium or no security level as well as allow specific devices, incoming services, and ports. These levels are based on the GNOME Lokkit firewall configuration application.
Chapter 7:Basic Firewall Configuration 7.1 Basic Figure 7–1 Basic After starting the program, choose the appropriate security level for your system: • — This option disables almost all network connects except DNS replies and DHCP High Security so that network interfaces can be activated. IRC, ICQ, and other instant messaging services as well as RealAudio™...
Section 7.3:DHCP 7.2 Local Hosts If there are Ethernet devices on the system, the Local Hosts page allows you to configure whether the firewall rules apply to connection requests sent to each device. If the device connects the system to a local area network behind a firewall and does not connect directly to the Internet, select .
Chapter 7:Basic Firewall Configuration Figure 7–3 DHCP 7.4 Configuring Services GNOME Lokkit also allows you to turn common services on and off. If you answer to configuring services, you are prompted about the following services: • — Choose this option if you want people to connect to a Web server such as Apache Web Server running on your system.
Section 7.5:Activating the Firewall To disable other services that you do not need, you can use Serviceconf. See Section 8.3, Serviceconf . 7.5 Activating the Firewall Clicking on the page will write the firewall rules to /etc/syscon- Finish Activate the Firewall fig/ipchains and start the firewall by starting the ipchains service.
Controlling Access to Services 8 Controlling Access to Services Maintaining security on your Red Hat Linux system is extremely important. One way to manage security on your system is to carefully manage access to system services. Your system may need to provide open access to particular services (for example, httpd if you are running a Web server).
Chapter 8:Controlling Access to Services it will then configure a simple firewall for you. Refer to Chapter 7, Basic Firewall Configuration for more information. 8.1 Runlevels Before you can configure access to services, you must understand Linux runlevels. A runlevel is a state, or mode, that is defined by the services listed in the directory /etc/rc.d/rc <x>...
Section 8.3:Serviceconf file takes precedence over the hosts.deny file. Permissions to grant or deny access can be based on individual IP address (or hostnames) or on a pattern of clients. See the Official Red Hat Linux Reference Guide and the hosts_access man page for details. 8.2.1 xinetd To control access to Internet services, use xinetd, which is a secure replacement for inetd.
Page 96
Chapter 8:Controlling Access to Services Figure 8–1 Serviceconf Serviceconf displays the current runlevel as well as which runlevel you are currently editing. To edit a different runlevel, select from the pulldown menu and select runlevel 3, 4, or 5. Refer Edit Runlevel to Section 8.1, Runlevels for a description of runlevels.
Section 8.4:ntsysv WARNING When you save changes to xinetd services, xinetd is restarted. When you save changes to other services, the runlevel is reconfigured, but the changes do not take effect immediately. If you check or uncheck the value for a service in /etc/rc.d/init.d, the Start at Boot Save button will become active.
Chapter 8:Controlling Access to Services WARNING Changes do not take effect immediately after using ntsysv. You must stop or start the individual service with the command service dae- mon stop. In the previous example, replace daemon with the name of the service you want to stop;...
Section 8.6:Additional Resources WARNING Changes do not take effect immediately after using chkconfig. You must stop or start the individual service with the command service daemon stop. In the previous example, replace daemon with the name of the service you want to stop; for example, httpd. Replace stop with start or restart to start or restart the service.
Page 100
Chapter 8:Controlling Access to Services...
Section 9.2:Configuring an OpenSSH Server 9 OpenSSH OpenSSH is a free, open source implementation of the SSH (Secure SHell) protocols. It replaces telnet, ftp, rlogin, rsh, and rcp with secure, encrypted network connectivity tools. OpenSSH supports versions 1.3, 1.5, and 2 of the SSH protocol. Since OpenSSH version 2.9, the default protocol in Red Hat Linux 7.2 is version 2, which uses RSA keys as the default.
Chapter 9:OpenSSH 9.3 Configuring an OpenSSH Client To connect to an OpenSSH server from a client machine, you must have the openssh-clients and openssh packages installed on the client machine. 9.3.1 Using the ssh Command The ssh command is a secure replacement for the rlogin, rsh, and telnet commands. It allows you to log in to and execute commands on a remote machine.
Page 103
Section 9.3:Configuring an OpenSSH Client 9.3.2 Using the scp Command The scp command can be used to transfer files between machines over a secure, encrypted connection. It is similar to rcp. The general syntax to transfer a local file to a remote system is scp localfile username@to- hostname:/newfilename .
Page 104
Chapter 9:OpenSSH Separate Authorization Key Pairs You must have separate authorization key pairs for SSH Protocol 1 (RSA) and SSH Protocol 2 (DSA). WARNING Keys must be generated for each user. To generate keys for a user, follow the following steps as the user who wants to connect to remote machines. If you complete the following steps as root, only root will be able to use the keys.
Page 105
Section 9.3:Configuring an OpenSSH Client If you are running GNOME, skip to Configuring ssh-agent with GNOME in Section 9.3.4. If you are not running the X Window System, skip to Configuring ssh-agent in Section 9.3.4. Generating an RSA Key Pair for Version 2 Use the following steps to generate a RSA key pair for version 2 of the SSH protocol.
Page 106
Chapter 9:OpenSSH Copy the contents of ~/.ssh/identity.pub to the file ~/.ssh/authorized_keys on the machine to which you wish to connect. If the file ~/.ssh/authorized_keys doesn’t ex- ist, you can copy the file ~/.ssh/identity.pub to the file ~/.ssh/authorized_keys on the remote machine. If you are running GNOME, skip to Configuring ssh-agent with GNOME in Section 9.3.4.
Section 9.4:Additional Resources Log out and then log back into GNOME; in other words, restart X. After GNOME is started, a dialog box will appear prompting you for your passphrase(s). Enter the passphrase requested. If you have both DSA and RSA key pairs configured, you will be prompted for both. From this point on, you should not be prompted for a password by ssh, scp, or sftp.
Page 108
Chapter 9:OpenSSH 9.4.2 Useful Websites • http://www.openssh.com — The OpenSSH FAQ page, bug reports, mailing lists, project goals, and a more technical explanation of the security features. • http://www.openssl.org — The OpenSSL FAQ page, mailing lists, and a description of the project goal.
Section 10.2:Mounting NFS Filesystems 10 Network File System (NFS) Network File System (NFS) is a way to share files between machines on a network as if the files were located on your local hard drive. Red Hat Linux can be both an NFS server and an NFS client, which means that it can export filesystems to other systems, and mount filesystems exported from other machines.
Page 110
Chapter 10:Network File System (NFS) server:/usr/local/pub /pub rsize=8192,wsize=8192,timeo=14,intr The mount point /pub must exist on your machine. After adding this line to /etc/fstab, you can type the command mount /pub at a shell prompt, and the mount point /pub will be mounted from the server.
( options ) The ( options ) are not required. For example: /mnt/export speedy.redhat.com would allow users from speedy.redhat.com to mount /mnt/export with the default read- only permissions, but: /mnt/export speedy.redhat.com(rw) would allow users from speedy.redhat.com to mount /mnt/export with read-write priv- iledges.
Chapter 10:Network File System (NFS) Refer to the Official Red Hat Linux Reference Guide for a list of options that can be specified in the /etc/exports file. Each time you change /etc/exports, you must tell the NFS daemons to examine it for new infor- mation, or reload the configuration file: /sbin/service nfs reload 10.3.1 Starting and Stopping the Server...
Page 113
Section 10.4:Additional Resources • Managing NFS and NIS Services by Hal Stern; O’Reilly & Associates, Inc.
Section 11.2:Configuring Samba 11 Samba Samba uses the SMB protocol to share files and printers across a network connection. Operating systems that support this protocol include Microsoft Windows (through its Network Neighborhood), OS/2, and Linux. 11.1 Why Use Samba? Samba is useful if you have a network of both Windows and Linux machines. Samba will allow files and printers to be shared by all the systems in your network.
Chapter 11:Samba printable = no create mask = 0765 The above example allows the users tfox and carole to read and write to the directory /home/share, on the Samba server, from a Samba client. 11.3 Connecting to a Samba Share To connect to a Linux Samba share from a Microsoft Windows machine, use Network Neighborhood or Windows Explorer.
Section 11.4:Using Samba with Windows NT 4.0 and Windows 2000 Figure 11–1 SMB Browser in Nautilus If the SMB share you are connecting to requires a user name and password combination, you must specify them in the bar using the following syntax (replace user, password, servername, Location: and sharename with the appropriate values: smb:// user : password @ servername/sharename/...
Chapter 11:Samba cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba pack- age. Use the command chmod 600 /etc/samba/smbpasswd to change permissions on the Samba password file so that only root has read and write permissions. The script does not copy user passwords to the new file.
Page 119
Section 11.5:Additional Resources • /usr/share/doc/samba- version-number /docs/ — HTML and text help files in- cluded with the samba package 11.5.2 Useful Websites • http://www.samba.org — The Samba Web page contains useful documentation, information about mailing lists, and a list of GUI interfaces.
Section 12.2:Configuring a DHCP Server 12 Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is network protocol for automatically assigning TCP/IP information to client machines. Each DHCP client connect to the centrally-located DHCP server that returns the client’s network configuration including IP address, gateway, and DNS servers. 12.1 Why Use DHCP? DHCP is useful for fast delivery of client network configuration.
Page 122
Chapter 12:Dynamic Host Configuration Protocol (DHCP) • Parameters — state how to perform a task, whether to perform a task, or what network configu- ration options to sent to the client. • Declarations — describe the topology of the network, describe the clients, provide addresses for the clients, or apply a group of parameters to a group of declarations.
Page 123
Figure 12–2 Example of a shared-network declaration shared-network name { option domain-name "test.redhat.com"; option domain-name-servers ns1.redhat.com, ns2.redhat.com; option routers 192.168.1.254; more parameters for EXAMPLE shared-network subnet 192.168.1.0 netmask 255.255.255.0 { parameters for subnet range 192.168.1.1 192.168.1.31;...
Page 124
Chapter 12:Dynamic Host Configuration Protocol (DHCP) hardware ethernet 00:A1:DD:74:C3:F2; fixed-address 192.168.1.6; To configure a DHCP server that leases dynamic IP address to system within a subnet, modify Figure 12–4, Example of the range parameter with your values. It declares a default lease time, maximum lease time, and network configuration values for the clients.
Page 125
Section 12.2:Configuring a DHCP Server You can use the sample configuration file in Red Hat Linux 7.2 as a starting point and then add your own custom configuration options to it. Copy it to its proper location with the command /usr/share/doc/dhcp- <version-number>...
Page 126
Chapter 12:Dynamic Host Configuration Protocol (DHCP) 12.2.3 Starting and Stopping the Server Important Before you start the DHCP server for the first time, it will fail unless there is an existing dhcpd.leases file. Use the command touch /var/lib/dhcp/dhcpd.leases to create the file before starting the service for the first time (and the first time only).
Be sure to check the Red Hat Linux Hardware Compatibility List available at http://hardware.redhat.com. If the network card is not configured by the installation program or Kudzu and you know which kernel module to load for it, refer to Chapter 24, Kernel Modules for details on loading kernel modules.
Chapter 12:Dynamic Host Configuration Protocol (DHCP) The /etc/sysconfig/network-scripts/ifcfg-eth0 file should contain the following lines: DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes You need a configuration file for each device that you want to configure to use DHCP. If you prefer a graphical interface for configuring a DHCP client, refer to Chapter 6, Network Config- uration for details on using Network Configurator to configure a network interface to use DHCP.
Section 13.1:Configuring a Kerberos 5 Server 13 Kerberos Kerberos is a network authentication protocol created by MIT. It uses key cryptography instead of plain-text passwords. Kerberos offers a layer of system security and makes it harder for an unautho- rized user to intercept users’ passwords. For more information on how Kerberos works, refer to the Official Red Hat Linux Reference Guide.
Page 130
Chapter 13:Kerberos /usr/kerberos/sbin/kdb5_util create -s The create command creates the database that will be used to store keys for your Kerberos realm. The -s switch forces creation of a stash file in which the master server key is stored. If no stash file is present from which to read the key, the Kerberos server (krb5kdc) will prompt the user for the master server password (which can be used to regenerate the key) every time it is started.
Section 13.2:Configuring a Kerberos 5 Client Add principals for your users using the addprinc command with kadmin or using the Prin- => menu option in gkadmin. kadmin (and kadmin.local on the master KDC) cipal is a command line interface to the Kerberos administration system. As such, many commands are available after launching the kadmin program.
Chapter 13:Kerberos again, and you probably don’t want to bother with coming up with a good password, you can use the -randkey option to kadmin’s addprinc command to create the principal and assign it a random key: addprinc -randkey host/ blah.example.com Now that you have created the principal, you can extract the keys for the workstation by running kadmin on the workstation itself, and using the ktadd command within kadmin: ktadd -k /etc/krb5.keytab host/ blah.example.com...
Page 133
Section 13.3:Additional Resources 13.3.2 Useful Websites • http://web.mit.edu/kerberos/www — Kerberos: The Network Authentication Protocol webpage from MIT. • http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html — The Kerberos Frequently Asked Questions (FAQ). • ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS — The PostScript version of Kerberos: An Authentication Service for Open Network Systems by Jennifer G. Steiner, Clifford Neuman, and Jeffrey I.
Apache Configuration 14 Apache Configuration Apache Configuration Tool requires the X Window System and root access. To start Apache Con- figuration Tool, use one of the following methods: • On the GNOME desktop, go to the (on the Panel) => =>...
Chapter 14:Apache Configuration Copy all necessary files to the DocumentRoot and cgi-bin directories, and save your settings in the Apache Configuration Tool. 14.1 Basic Settings Use the tab to configure the basic server settings. Main Figure 14–1 Basic Settings Enter a fully qualified domain name that you have the right to use in the text area.
Section 14.2:Default Settings Use the area to define the ports on which Apache will accept incoming re- Available Addresses quests. This option corresponds to the Listen directive in httpd.conf. By default, Red Hat con- figures Apache to listen to ports 80 and 8080 for non-secure Web communications. Click the button to define additional ports on which to accept requests.
Page 138
Chapter 14:Apache Configuration 14.2.1 Site Configuration The default values for the will work for most servers. Directory Page Search List Error Pages If you are unsure of these settings, do not modify them. Figure 14–3 Site Configuration The entries listed in the define the DirectoryIndex directive.
Page 139
Section 14.2:Default Settings in the field. Choose to redirect the client to an internal URL and enter a file under Location File the Document Root for the Web server. The location must begin the a slash (/) and be relative to the Document Root.
Page 140
Chapter 14:Apache Configuration Figure 14–4 Logging The transfer log contains a list of all attempts to access the Web server. It records the IP address of the client that is attempting to connect, the date and time of the attempt, and the file on the Web server that it is trying to retrieve.
Page 141
Section 14.2:Default Settings The value chosen with the menu defines the HostnameLookups directive. Reverse DNS Lookup Choosing sets the value to off. Choosing sets the value to on. No Reverse Lookup Reverse Lookup Choosing sets the value to double. Double Reverse Lookup If you choose , your server will automatically resolve the IP address for each con- Reverse Lookup...
Page 142
Chapter 14:Apache Configuration Figure 14–5 Environment Variables Use the section to set an environment variable that is passed to CGI scripts and Set for CGI Scripts SSI pages. For example, to set the environment variable MAXNUM to 50, click the button inside section as shown in Section 14.2.3, Environment Variables and type MAXNUM Set for CGI Script...
Page 143
Section 14.2:Default Settings Figure 14–6 Directories Click the button in the top right-hand corner to configure the for all Edit Default Directory Options directories that are not specified in the Directory list below it. The options that you choose are listed as the Options directive within the <Directory>...
Page 144
Chapter 14:Apache Configuration To specify options for specific directories, click the button beside the list box. The Directory window shown in Figure 14–7, Directory Settings appears. Enter the directory to configure in the text field at the bottom of the window. Select the options in the right-hand list, and configure Directory the Order directive with the left-hand side options.
Section 14.3:Virtual Hosts Settings 14.3 Virtual Hosts Settings You can use Apache Configuration Tool to configure virtual hosts. Virtual hosts allow you to run dif- ferent servers for different IP addresses, different host names, or different ports on the same machine. For example, you can run the website for http://www.your_domain.com and http://www.your_sec- ond_domain.com on the same Apache server using virtual hosts.
Page 146
Chapter 14:Apache Configuration 14.3.1 Adding and Editing a Virtual Host To add a virtual host, click the tab and then click the button. The window as shown Virtual Hosts in Figure 14–9, Virtual Hosts Configuration appears. You can also edit a virtual host by selecting it in the list and clicking the Edit button.
Page 147
Section 14.3:Virtual Hosts Settings In the section, choose , or Host Information Default Virtual Host IP based Virtual Host Name based Virtual Host Default Virtual Host If you choose , Figure 14–10, Default Virtual Hosts appears. You should only Default Virtual Host configure one default virtual host.
Page 148
Chapter 14:Apache Configuration Figure 14–11 IP Based Virtual Hosts Name based Virtual Host If you choose Name based Virtual Host , Figure 14–12, Name Based Virtual Hosts appears to con- figure the NameVirtualHost Directive based on the host name of the server. Specify the IP address in IP address field.
Page 149
Section 14.3:Virtual Hosts Settings Figure 14–12 Name Based Virtual Hosts Note You can not use name based virtual hosts with SSL, because the SSL hand- shake (when the browser accepts the secure Web server’s certificate) occurs before the HTTP request which identifies the appropriate name based virtual host.
Chapter 14:Apache Configuration tab, click the button, choose from the left-hand menu, and check the Virtual Hosts Edit Enable option as shown in Figure 14–13, SSL Support. The section is SSL Support SSL Configuration pre-configured with the dummy digital certificate. The digital certificate provides authentication for your secure Web server and identifies the secure server to client Web browsers.
Page 151
Section 14.4:Server Settings Figure 14–14 Server Configuration Lock File value corresponds to the LockFile directive. This directive sets the path to the lockfile used when Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. IT should be left to the default value unless the logs directory is located on an NFS share.
Chapter 14:Apache Configuration The User should only have privileges so that it can access files which are supposed to be visible to the outside world. The User is also the owner of any CGI processes spawned by the server. The User should not be allowed to execute any code which is not intended to be in response to HTTP requests.
Page 153
Section 14.5:Performance Tuning Figure 14–15 Performance Tuning Max Number of Connections to the maximum number of simultaneous client requests that the server will handle. For each connection, a child httpd process is created. After this maximum num- ber of process is reached, no one else will be able to connect to the Web server until a child server process is freed.
Chapter 14:Apache Configuration If you uncheck the option, the KeepAlive directive is set to false. If Allow Persistent Connections you check it, the KeepAlive directive is set to true, and the KeepAliveTimeout directive is set to the number that is selected as the value.
— After starting the Apache server on your local system, you can view the Apache HTTP Server Version 1.3 User’s Guide using this URL. • http://www.redhat.com/support/docs/apache.html — Red Hat Support maintains a list of useful Apace Web Server links.
Page 156
Chapter 14:Apache Configuration • http://www.redhat.com/support/docs/faqs/RH-apache-FAQ/book1.html — The Red Hat Linux Apache Centralized Knowledgebase compiled by Red Hat. 14.7.3 Related Books • Apache: The Definitive Guide by Ben Laurie and Peter Laurie; O’Reilly & Associates, Inc.
Section 15.2:An Overview of Security-Related Packages 15 Apache Secure Server Configuration 15.1 Introduction This chapter provides basic information on an Apache server with the mod_ssl security module enabled to use the OpenSSL library and toolkit. The combination of these three components, provided with Red Hat Linux, will be referred to in this chapter as the secure Web server or just as the secure server.
Page 158
Chapter 15:Apache Secure Server Configuration The mm package contains the MM library, which allows multiple instances of the httpd dae- mon to share state information. Additionally, other software packages included with Red Hat Linux can provide certain security func- tionalities (but are not required by the secure server to function): apache-devel The apache-devel package contains the Apache include files, header files and the APXS utility.
Page 159
Section 15.2:An Overview of Security-Related Packages For more information about OpenSSH, see Chapter 9, OpenSSH and the OpenSSH website at http://www.openssh.com. openssl-devel The openssl-devel package contains the static libraries and the include file needed to com- pile applications with support for various cryptographic algorithms and protocols. You need to install this package only if you are developing applications which include SSL support —...
Chapter 15:Apache Secure Server Configuration Package Name Located in Group Optional? openssl-devel Development/Libraries stunnel Applications/Internet 15.3 An Overview of Certificates and Security Your secure Web server provides security using a combination of the Secure Sockets Layer (SSL) protocol and (in most cases) a digital certificate from a Certificate Authority (CA). SSL handles the encrypted communications and the mutual authentication between browsers and your secure Web server.
Section 15.4:Using Pre-Existing Keys and Certificates 15.4 Using Pre-Existing Keys and Certificates If you already have an existing key and certificate (for example, if you are installing the secure Web server to replace another company’s secure Web server product), you will probably be able to use your existing key and certificate with the secure Web server.
Chapter 15:Apache Secure Server Configuration /sbin/service httpd start For a secure server, you will be prompted to enter your password. After you type it in and press [Enter] the server will start. You should not need to get a new certificate, if you are upgrading from a previous version of the secure Web server.
Section 15.6:Generating a Key Create a certificate request based on the public key. The certificate request contains information about your server and the company hosting it. Send the certificate request, along with documents proving your identity, to a CA. We cannot tell you which certificate authority to choose.
Page 164
Chapter 15:Apache Secure Server Configuration Note You will need to remember and enter this password every time you start your secure Web server, so do not forget it. You will be asked to re-type the password, to verify that it is correct. Once you have typed it in correctly, a file called server.key, containing your key, will be created.
Section 15.7:Generating a Certificate Request to Send to a CA The server.key file should be owned by the root user on your system and should not be accessible to any other user. Make a backup copy of this file and keep the backup copy in a safe, secure place. You need the backup copy because if you ever lose the server.key file after using it to create your certificate request, your certificate will no longer work and the CA will not be able to help you.
Page 166
Chapter 15:Apache Secure Server Configuration Common Name (your name or server’s hostname) []:test.example.com Email Address []:admin@example.com Please enter the following ’extra’ attributes to be sent with your certificate request A challenge password []: An optional company name []: The default answers appear in brackets [] immediately after each request for input. For example, the first information required is the name of the country where the certificate will be used, shown like the following: Country Name (2 letter code) [AU]:...
Section 15.8:Creating a Self-Signed Certificate After you have decided on a CA, follow the instructions they provide on their website. Their instruc- tions will tell you how to send your certificate request, any other documentation that they require, and your payment to them. After you have fulfilled the CA’s requirements, they will send a certificate to you (usually by email).
Chapter 15:Apache Secure Server Configuration Common Name (your name or server’s hostname) []:myhost.example.com Email Address []:myemail@example.com After you provide the correct information, a self-signed certificate will be created and placed in /etc/httpd/conf/ssl.crt/server.crt. You will need to restart your secure server after generating the certificate with the command /sbin/service httpd restart 15.9 Testing Your Certificate...
Section 15.10:Accessing Your Secure Server signed by a CA. If you are not using a certificate from a CA, follow the instructions provided by your browser to accept the certificate. You can just accept the defaults by clicking until the dialogs Next are finished.
Be sure to visit the Red Hat Support website at http://www.redhat.com/support to register for support. You may want to subscribe to the redhat-secure-server mailing list. You can subscribe to this mailing list at http://www.redhat.com/mailing-lists. You can also subscribe to the redhat-secure-server mailing list by emailing redhat-se- cure-server-request@redhat.com and include the word "subscribe"...
Page 171
Section 15.11:Additional Resources 15.11.2 Useful Websites • http://www.modssl.org — The mod_ssl website is the definitive source for information about mod_ssl. The website includes a wealth of documentation, including a User Manual at http://www.modssl.org/docs. 15.11.3 Related Books Apache: The Definitive Guide, 2nd edition, by Ben Laurie and Peter Laurie, O’Reilly & Associates, Inc.
Page 172
Chapter 15:Apache Secure Server Configuration...
BIND Configuration 16 BIND Configuration This chapter assumes that you have a basic understanding of BIND and DNS; it does not attempt to explain the concepts of BIND and DNS. This chapter does explain how to use BIND Configuration Tool (bindconf) to configure basic BIND server zones for BIND version 8. BIND Configura- tion Tool creates the /etc/named.conf configuration file and the zone configuration files in the /var/named directory each time you apply your changes.
Chapter 16:BIND Configuration Figure 16–1 bindconf BIND Configuration Tool configures the default zone directory to be /var/named. All zone files specified are relative to this directory. BIND Configuration Tool also includes basic syntax checking when values are entered. For example, if a valid entry is an IP address, you are only allowed to type numbers and the dot (.) character into the text area.
Page 175
Section 16.1:Adding a Forward Master Zone A new window as shown in Figure 16–2, Adding a Forward Master Zone will appear with the follow- ing options: • — Domain name that was just entered in the previous window. Name • —...
Chapter 16:BIND Configuration The configuration shown in Figure 16–2, Adding a Forward Master Zone creates the following entry in /etc/named.conf: zone "forward.example.com" { type master; file "forward.example.com.zone"; It also creates the file /var/named/forward.example.com.zone with the following infor- mation: $TTL 86400 @ IN SOA @ root.localhost ( 1 ;...
Page 177
Section 16.2:Adding a Reverse Master Zone — Add, edit, and delete name servers for for the reverse master zone. At least Name Servers one name server is required. — List of IP addresses within the reverse master zone and their host- Reverse Address Table names.
Chapter 16:BIND Configuration 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttk @ IN NS ns.example.com. 1 IN PTR one.example.com. 2 IN PTR two.example.com. After configuring the Reverse Master Zone, click to return to the main window, as shown in Figure 16–1, bindconf .
Page 179
Section 16.3:Adding a Slave Zone zone "slave.example.com" { type slave; file "slave.example.com.zone"; masters { 1.2.3.4; The configuration file /var/named/slave.example.com.zone is created by the named ser- vice when it downloads the zone data from the master server(s). After configuring the slave zone, click to return to the main window as shown in Figure 16–1, bindconf .
Section 17.1:Disabling Shutdown Via Ctrl-Alt-Del 17 Console Access When normal (non-root) users log into a computer locally, they are given two types of special permis- sions: They can run certain programs that they would not otherwise be able to run They can access certain files (normally special device files used to access diskettes, CD-ROMs, and so on) that they would not otherwise be able to access Since there are multiple consoles on a single computer and multiple users can be logged into the com-...
Chapter 17:Console Access jack sophie According to this example shutdown.allow file, stephen, jack, and sophie are allowed to shut- down the system from the console using . When that key combination is used, the [Ctrl]-[Alt]-[Del] shutdown -a in /etc/inittab checks to see if any of the users in /etc/shutdown.allow (or root) are logged in on a virtual console.
Section 17.6:Enabling Console Access for Other Applications <console>=tty[0-9][0-9]* :[0-9]\.[0-9] :[0-9] When users log in, they are attached to some sort of named terminal, either an X server with a name like :0 or mymachine.example.com:1.0 or a device like /dev/ttyS0 or /dev/pts/2. The default is to define that local virtual consoles and local X servers are considered local, but if you want to consider the serial terminal next to you on port /dev/ttyS1 to also be local, you can change that line to read:...
Chapter 17:Console Access First of all, console access only works for applications which reside in /sbin or /usr/sbin, so the application that you wish to run must be there. After verifying that, do the following steps: Create a link from the name of your application, such as our sample foo program, to the /usr/bin/consolehelper application: cd /usr/bin ln -s consolehelper foo...
Section 18.1:Time and Date Properties 18 Time and Date Configuration Red Hat Linux no longer includes timetool. The dateconfig utility has replaced timetool. The date- config allows the user to change the system date and time, to configure the time zone used by the system, and to setup the Network Time Protocol (NTP) daemon to synchronize the system clock with a time server.
Page 188
Chapter 18:Time and Date Configuration Figure 18–1 Time and Date Properties To change the date, use the arrows to the left and right of the month to change the month. Use the arrows to the left and right of the year to change the year, and click on the day of the week to change the day of the week.
Section 18.2:Time Zone Configuration NTP daemon (ntpd) will be started (or restarted if it is already running). If you want this daemon to start automatically at boot time, you need to execute the command /sbin/chkconfig --level 345 ntpd on to enable ntpd for runlevels 3, 4, and 5. more information NTP,...
Page 190
Chapter 18:Time and Date Configuration Figure 18–2 Time and Date Properties...
System User Manager • Type the command redhat-config-users at a shell prompt (for example, in an XTerm or a GNOME terminal). Figure 19–1 User Manager User Manager allows you to view, modify, add, and delete local users and groups. To view a list of...
Chapter 19:User and Group Configuration For more information on users and groups, refer to the Official Red Hat Linux Reference Guide. 19.1 Adding a New User To add a new user, click the New User button. A window as shown in Figure 19–2, New User will appear.
Section 19.2:Modifying User Properties Figure 19–2 New User To configure more advanced user properties such as password expiration, modify the user’s properties after adding the user. Refer to Section 19.2, Modifying User Properties for more information. To add the user to more user groups, click on the tab, select the user, and click .
Chapter 19:User and Group Configuration Figure 19–3 User Properties window is divided into tabbed pages: User Properties • User Data — Basic user information configured when you added the user. Use this tab to change the user’s full name, password, home directory, or login shell. •...
Section 19.4:Modifying Group Properties Figure 19–4 New Group To add users to the group, refer to Section 19.4, Modifying Group Properties. 19.4 Modifying Group Properties To view the properties of an existing group, select the group from the group list and click Properties from the button menu (or choose =>...
Page 196
Chapter 19:User and Group Configuration tab displays which users are members of the group. Select additional users to add Group Users them to the group, and unselect users to remove from the group. Click to modify the Apply users in the group.
Section 20.1:System Processes 20 Gathering System Information Before you learn how to configure your system, you should learn how to gather essential system in- formation. For example, you should know how to find the amount of free memory, how your hard drive is partitioned, and what processes are running.
Page 198
Chapter 20:Gathering System Information 389 root 0 SW 0:00 rpciod 414 root 372 S 0:00 apmd 476 root 496 S 0:00 automount To exit top, press the key. Useful interactive commands that you can use with top include the following: Table 20–1 Interactive top commands Command Description...
Section 20.2:Memory Usage Figure 20–1 GNOME System Monitor 20.2 Memory Usage The free command displays the total amount of physical memory and swap space for the system as well as the amount of memory that are used, free, shared, in kernel buffers, and cached. total used free...
Chapter 20:Gathering System Information Figure 20–2 GNOME System Monitor 20.3 Filesystems The df command reports the system’s disk space usage. If you type the command df at a shell prompt, the output looks similar to the following: Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda2 10325716 2902060...
Section 20.4:Hardware To view the system’s disk space usage in a graphical format, use the tab in the GNOME Filesystems System Monitor. To start it, go to the Button => => => GNOME Main Menu Programs System or type gtop at a shell prompt. Then choose the tab.
Chapter 20:Gathering System Information Figure 20–4 Hardware Browser You can also use the lspci command to list all PCI devices. Use the command lspci -v for more verbose information or lspci --v for very verbose output. 20.5 Sysreport Sysreport is a system utility created to collect important system data, in order to assist the Red Hat Technical Support and Development Teams in solving customer problems.
Section 20.6:Additional Resources Please wait while we collect information about your system. This process may take awhile to complete..No changes will be made to your system during this process. NOTE: You can safely ignore a failed message.This only means a file we were checking for did not exist.
Page 204
Chapter 20:Gathering System Information 20.6.2 Useful Websites • http://www.ibiblio.org/shadow/sysreport/ — The Sysreport Web page provides the latest version and instructions.
Printer Configuration 21 Printer Configuration Red Hat Linux no longer includes printtool. The printconf utility has replaced printtool. The print- conf utility maintains the /etc/printcap configuration file, print spool directories, and print fil- ters. To use printconf, you must be running the X Window System and have root privileges. To start print- conf, use one of the following methods: •...
Page 206
Chapter 21:Printer Configuration Figure 21–1 printconf Five types of print queues can be configured with printconf: • — a printer attached directly to your computer through a parallel or USB port. In Local Printer the main printer list as shown in Figure 21–1, printconf , the for a local printer is set Queue Type LOCAL...
Section 21.1:Adding a Local Printer Important If you add a new print queue or modify an existing one, you need to restart the printer daemon (lpd) for the changes to take effect. Clicking the button saves any changes that you have made and restarts the printer daemon. The Apply changes are not written to the /etc/printcap configuration file until the printer daemon (lpd) is restarted.
Page 208
Chapter 21:Printer Configuration Figure 21–2 Adding a Printer You will then see the screen shown in Figure 21–3, Adding a Local Printer. Enter a unique name for the printer in the Queue Name text field. This can be any descriptive name for your printer. The printer name cannot contain spaces and must begin with a letter a through z or A through Z.
Page 209
Section 21.1:Adding a Local Printer Figure 21–3 Adding a Local Printer printconf attempts to detect your printer device and display it as shown in Figure 21–4, Choosing a Printer Device. If your printer device is not shown, click . Type the name of your Custom Device printer device and click to add it to the printer device list.
Chapter 21:Printer Configuration Figure 21–4 Choosing a Printer Device Next, printconf will try to detect which printer is attached to the printer device. Skip to Section 21.6, Selecting the Print Driver and Finishing to continue. 21.2 Adding a Remote UNIX Printer To add a remote UNIX printer, such as one attached to a different Linux system on the same network, button in the main printconf window.
Page 211
Section 21.2:Adding a Remote UNIX Printer Figure 21–5 Adding a Remote Printer Text fields for the following options appears as shown in Figure 21–6, Choosing the Printer Server: • Server — The hostname or IP address of the remote machine to which the printer is attached. •...
Chapter 21:Printer Configuration Figure 21–6 Choosing the Printer Server The next step is to select the type of printer that is connected to the remote system. Skip to Section 21.6, Selecting the Print Driver and Finishing to continue. Important The remote machine must be configured to allow the local machine to print on the desired queue.
Page 213
Section 21.3:Adding a Samba (SMB) Printer letter a through z or A through Z. The valid characters are a through z, A through Z, 0 through 9, -, and _. Select from the menu, and click . If the printer is attached to a Windows Printer Queue Type Next...
Page 214
Chapter 21:Printer Configuration Click the button to translate the end of line characters to a form that is readable Translate \n => \r\n by a Microsoft Windows system. Click to continue. Next Figure 21–8 Choosing the Print Server The next step is to select the type of printer that is connected to the remote SMB system. Skip to Section 21.6, Selecting the Print Driver and Finishing to continue.
Section 21.4:Adding a Novell NetWare (NCP) Printer 21.4 Adding a Novell NetWare (NCP) Printer button in the main printconf window. The To add a Novell NetWare (NCP) printer, click the window shown in Figure 21–1, printconf will appear. Click to proceed. Next You will see the screen shown in Figure 21–9, Adding an NCP Printer.
Chapter 21:Printer Configuration Figure 21–10 Choosing the Print Server The next step is to select the type of printer that is connected to the remote NCP system. Skip to Section 21.6, Selecting the Print Driver and Finishing to continue. 21.5 Adding a JetDirect Printer button in the main printconf window.
Page 217
Section 21.5:Adding a JetDirect Printer Figure 21–11 Adding a JetDirect Printer Text fields for the following options appear below the Queue Type menu as shown in Figure 21–12, Choosing a Print Server: • — The hostname or IP address of the JetDirect printer. Printer IP •...
Chapter 21:Printer Configuration Figure 21–12 Choosing a Print Server The next step is to select the type of printer that is connected to the JetDirect system. Skip to Section 21.6, Selecting the Print Driver and Finishing to continue. 21.6 Selecting the Print Driver and Finishing After selecting the queue type of the printer, the next step in adding a printer is to select the print driver.
Page 219
Section 21.6:Selecting the Print Driver and Finishing Figure 21–13 Selecting a Print Driver As shown in Figure 21–14, Correct Print Driver Configuration, the print driver processes the data that you want to print into a format the printer can understand. Since a local printer is attached directly to your computer, you need to select a print driver to process the data that is sent to the printer.
Chapter 21:Printer Configuration Try selecting a print driver according to the manufacturer and model of the remote printer, applying the changes, and printing a test page. Figure 21–15 Incorrect Print Driver Configuration 21.6.1 Confirming Printer Configuration The last step is to confirm your printer configuration. Click if this is the printer that you want Finish to add.
Page 221
Section 21.8:Modifying Existing Printers If you want to modify an imported printer’s settings, you cannot modify its settings directly. You must override the printer. You can only override an imported printer that has been imported using the alchemist libraries. Imported printers have the symbol beside them in the first column of the printer list.
Page 222
Chapter 21:Printer Configuration A printer alias is an alternate name for a printer. To add an alias for an existing printer, click the button in the tab, enter the name of the alias, and click . Click again to Name and Aliases return to the main window.
Section 21.9:Saving the Configuration File Extra time is required to perform this action. Do not choose it unless you are having problems printing the correct fonts. • is selected by default. If your printer can print plain text, try unse- Convert Text to Postscript lecting this when printing plain text documents to decrease the time it takes to print.
Chapter 21:Printer Configuration Your printer list will then consist of the printers you configured on the system as well as the printers you imported from the saved configuration file. If the imported configuration file has a print queue with the same name as an existing print queue on the system, the print queue from the imported file will override the existing printer.
Page 225
Section 21.11:Additional Resources • man lprm — The manual page on the command line utility to remove print jobs from the printer spool queue. 21.11.2 Useful Websites • http://www.linuxprinting.org — GNU/Linux Printing contains a large amount information about printing in Linux.
Section 22.2:Configuring a Cron Task 22 Automated Tasks In Linux, tasks can be configured to run automatically within a given period of time and on given dates. Red Hat Linux comes preconfigured to run certain system tasks to keep your system updated. For example, the slocate database is updated daily.
Page 228
Chapter 22:Automated Tasks • minute — any integer from 0 to 59 • hour — any integer from 0 to 23 • day — any integer from 1 to 31 (must be a valid day if a month is specified) •...
Section 22.3:Anacron The cron daemon checks the etc/crontab file, the etc/cron.d/ directory, and the /var/spool/cron directory every minute for any changes. If any changes are found, they are loaded into memory. Thus, the daemon does not need to be restarted if a crontab file is changed. Users other than root can configure cron tasks by using the crontab utility.
Chapter 22:Automated Tasks After the task is completed, Anacron records the date in a timestamp file in the /var/spool/anacron directory. Only the date is used (not the time), and the value of the job-identifier is used as the filename for the timestamp file. Environment variables such as SHELL and PATH can be defined at the top of /etc/anacron as with the cron configuration file.
Page 231
Section 22.4:Additional Resources • anacron man page — description of anacron and its command line options. • anacrontab man page — brief overview of the anacron configuration file. • Anacron README file — Anacron README file located /usr/share/doc/anacron-< version >/README describes Anacron.
Section 23.1:The 2.4 Kernel 23 Ugrading the Kernel The kernel that comes with Red Hat Linux is custom built by the Red Hat kernel team to ensure its integrity and compatibility with supported hardware. Before Red Hat releases a kernel, it must pass a rigorous set of quality assurance tests.
Chapter 23:Ugrading the Kernel 23.2 Preparing to Upgrade Before you upgrade your kernel, you need to take a few precautionary steps. The first step is to make sure you have a working boot diskette for your system in case a problem occurs. If the boot loader is not configured properly to boot the new kernel, you will not be able to boot your system unless you have a boot diskette.
There are several ways to determine if there is an updated kernel available for your system. • Go to http://www.redhat.com/support/errata/, choose the version of Red Hat Linux you are using, and view the errata for it. Kernel errata are usually under the section.
Chapter 23:Ugrading the Kernel If you plan to upgrade the kernel-headers, kernel-source, and kernel-docs packages, you probably do not need to keep the older versions. Use the following commands to upgrade these packages (the versions might vary): rpm -Uvh kernel-header-2.4.7-3.i386.rpm rpm -Uvh kernel-source-2.4.7-3.i386.rpm rpm -Uvh kernel-docs-2.4.7-3.i386.rpm If you are using PCMCIA (for example, a laptop), you also need to install the kernel-pcmcia-cs...
Page 237
Section 23.5:Configuring the Boot Loader timeout=30 splashimage=(hd0,0)/grub/splash.xpm.gz title Red Hat Linux (2.4.7-3) root (hd0,0) kernel /vmlinuz-2.4.7-3 ro root=/dev/hda3 initrd /initrd-2.4.7-3.img If you created a separate /boot partition, the paths to the kernel and initrd image are relative to the /boot partition. To add your new kernel to GRUB, copy the existing section to a new one and modify it to boot your new kernel image (and initrd image if you have any SCSI devices and created an initrd image).
Page 238
Chapter 23:Ugrading the Kernel 23.5.2 LILO To configure LILO to boot the new kernel, you need to update the /etc/lilo.conf file and run the command /sbin/lilo. The default /etc/lilo.conf file looks similar to the following: boot=/dev/hda map=/boot/map install=/boot/boot.b prompt timeout=50 message=/boot/message linear default=linux...
23.6.2 Useful Websites • http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html — Upgrading the Linux Kernel on Red Hat Linux Systems by the Red Hat Support Team • http://www.redhat.com/mirrors/LDP/HOWTO/Kernel-HOWTO.html — The Linux Kernel HOWTO from the Linux Documentation Project • http://www.gnu.org/software/grub/grub.html — GNU GRUB webpage...
Section 24.1:Kernel Module Utilities 24 Kernel Modules The Linux kernel has a modular design. At boot time, only a minimal resident kernel is loaded into memory. Thereafter, whenever a user requests a feature that is not present in the resident kernel, a kernel module is dynamically loaded into memory.
Section 24.2:Additional Resources /sbin/modinfo [options] <module> Options include -d that displays a brief description of the module and -p that lists the parameters the module supports. For a complete list of options, refer to the modinfo man page (man modinfo). 24.2 Additional Resources For more information on kernel modules and their utilities, refer to the following resources.
Section 25.1:RPM Design Goals 25 Package Management with RPM The Red Hat Package Manager (RPM) is an open packaging system, available for anyone to use, which runs on Red Hat Linux as well as other Linux and UNIX systems. Red Hat, Inc. encourages other vendors to use RPM for their own products.
The official Red Hat Linux CD-ROMs • The Red Hat Errata Page available at http://www.redhat.com/support/errata • A Red Hat FTP Mirror Site available at http://www.redhat.com/mirrors.html • Red Hat Network — See Chapter 27, Red Hat Network for more details on Red Hat Network...
Page 249
Section 25.2:Using RPM 25.2.2 Installing RPM packages typically have file names like foo-1.0-1.i386.rpm. The file name includes the package name (foo), version (1.0), release (1), and architecture (i386). Installing a package is as simple as typing the following command at a shell prompt: # rpm -ivh foo-1.0-1.i386.rpm #################################### As you can see, RPM prints out the name of the package and then prints a succession of hash marks...
Page 250
Chapter 25:Package Management with RPM # rpm -ivh foo-1.0-1.i386.rpm /usr/bin/foo conflicts with file from bar-1.0-1 To make RPM ignore this error, use the --replacefiles option: # rpm -ivh --replacefiles foo-1.0-1.i386.rpm #################################### Unresolved Dependency RPM packages can "depend" on other packages, which means that they require other packages to be installed in order to run properly.
Page 251
Section 25.2:Using RPM To cause RPM to ignore this error and uninstall the package anyway (which is also a bad idea since the package that depends on it will probably fail to work properly), use the --nodeps option. 25.2.4 Upgrading Upgrading a package is similar to installing one.
Page 252
Chapter 25:Package Management with RPM RPM’s freshen option checks the versions of the packages specified on the command line against the versions of packages that have already been installed on your system. When a newer version of an already-installed package is processed by RPM’s freshen option, it will be upgraded to the newer version.
Page 253
Section 25.2:Using RPM • -i displays package information including name, description, release, size, build date, install date, vendor, and other miscellaneous information. • -l displays the list of files that the package contains. • -s displays the state of all the files in the package. •...
Chapter 25:Package Management with RPM of the file to the value of that attribute recorded in the RPM database. A single . (a period) means the test passed. The following characters denote failure of certain tests: • 5 — MD5 checksum •...
Page 255
That way, any time you want to validate a package from Red Hat, you will be able to check it against the key you retrieved. You can find Red Hat’s key at http://www.redhat.com/about/contact.html. Using your browser, down- load the key by pressing the...
Chapter 25:Package Management with RPM 25.3.3 More about GnuPG For more information about GnuPG, see Appendix B, Getting Started with Gnu Privacy Guard . 25.4 Impressing Your Friends with RPM RPM is a useful tool for both managing your system and diagnosing and fixing problems. The best way to make sense of all of its options is to look at some examples.
Page 257
Source RPM: sndconfig-0.48-1.src.rpm Size : 461734 License: GPL Packager : Red Hat <http://bugzilla.redhat.com/bugzilla> Summary : The Red Hat Linux sound configuration tool. Description : Sndconfig is a text based tool which sets up the configuration files you’ll need to use a sound card with a Red Hat Linux system.
Chapter 25:Package Management with RPM • Perhaps you now want to see what files the sndconfig RPM installs. You would enter the following: rpm -qlp sndconfig-0.48-1.i386.rpm The output will look like the following: /usr/sbin/pnpprobe /usr/sbin/sndconfig /usr/share/locale/cs/LC_MESSAGES/sndconfig.mo /usr/share/locale/da/LC_MESSAGES/sndconfig.mo /usr/share/locale/de/LC_MESSAGES/sndconfig.mo /usr/share/locale/es/LC_MESSAGES/sndconfig.mo /usr/share/locale/fr/LC_MESSAGES/sndconfig.mo /usr/share/locale/hu/LC_MESSAGES/sndconfig.mo /usr/share/locale/id/LC_MESSAGES/sndconfig.mo /usr/share/locale/is/LC_MESSAGES/sndconfig.mo...
Page 259
— The RPM man page will give you more detail about RPM parameters than the rpm • --help command. 25.5.2 Useful Websites • http://www.rpm.org/ http://www.redhat.com/support/mailing-lists/ — The RPM mailing list is archived here. To sub- • scribe, send mail to rpm-list-request@redhat.com with the word subscribe in the subject line. 25.5.3 Related Books •...
Page 260
Chapter 25:Package Management with RPM...
Gnome-RPM 26 Gnome-RPM If you do not want to use the command-line version of RPM, you can use Gnome-RPM, a graphical interface for Red Hat Package Manager (RPM). To learn more about RPM technology, turn to Chapter 25, Package Management with RPM . Gnome-RPM (which is also referred to as gnorpm) allows users to easily work with RPM technology and features a friendly interface.
If you want to maintain official Red Hat Linux packages, it is recommended that you use Red Hat Net- work or the Red Hat Linux errata page available at http://www.redhat.com/support/errata/. Packages from Red Hat have been verified for integrity and are GPG signed by Red Hat so that you can make sure they are the official packages.
Page 263
Section 26.1:Starting Gnome-RPM Note If you would like to install, upgrade or uninstall packages, you must be root. The easiest way to become root is to type the su command and at a [Enter] shell prompt. Then type the root password. However, you do not have to be root to query and verify packages.
Chapter 26:Gnome-RPM 26.2 The Package Display Each folder icon in the tree view at left represents a group of packages. Each group can contain sub- groups. For example, the folder contains the folder that contains text editors Applications Editors such as Emacs, ed, vim, and GXedit. The tree view can be expanded and collapsed, so you can easily navigate through the packages.
Section 26.3:Installing New Packages Figure 26–2 Selecting Packages in Gnome-RPM You can select and unselect multiple packages, in more than one folder in the tree panel. To select more than one package, hold down the [Ctrl] key and left-click on packages; each selected package will be highlighted.
Page 266
Figure 26–3 The Install Window Click on the button. By default, if your CD-ROM is mounted with a Red Hat Linux CD-ROM, Gnome-RPM will search in /mnt/cdrom/RedHat/RPMS for new packages. (You can change the default path in the tab of the =>...
Section 26.4:Configuration In addition to installing the packages from within the window, you can install a package after Install performing a query on the selected package. Click on , which will open the Query Package Info window. Here, you can find a variety of details about the package you’ve selected to install, including the origination of the package, the date it was built, its size and more.
Page 268
Chapter 26:Gnome-RPM Figure 26–4 Behaviour Tab in Preferences Under Install Options , you have the following choices: • — When selected, this will install or upgrade a package without checking No dependency checks for other files that the program may depend on in order to work. Unless you know what you’re doing, we strongly suggest that you not use this option as some packages may depend on other packages in order to function correctly.
Page 269
Refer to Figure 26–5, Install Window for an example of this dialog. If you’re using your Red Hat Linux CD-ROM, this path will probably be /mnt/cdrom/RedHat/RPMS If you download new RPMs from the Internet or want to install RPMs via a NFS-mounted CD-ROM...
Page 270
Gnome-RPM will search for RPM Directories packages when the window is first opened. For example, /mnt/cdrom/RedHat/RPMS is Install listed by default. If you have the Red Hat Linux CD mounted in this location, Gnome-RPM will search it for RPM packages when you open the window.
Page 271
Section 26.4:Configuration In the tab, you have the ability to specify proxies for use with HTTP and FTP transfers, Network as well as user and password names (see Figure 26–6, Network Settings). Note, however, that the password will not be stored securely. field, you can set the length of time before data from the rpmfind database is In the Cache expire...
Page 272
Chapter 26:Gnome-RPM CAUTION Packages not produced by Red Hat are not supported by Red Hat because Red Hat can not verify the integrity of these packages and how they interact with official Red Hat packages. Use caution when installing packages down- loaded using Rpmfind Figure 26–7 The Rpmfind Window...
Section 26.5:Package Manipulation Figure 26–8 Distribution Settings in Preferences Distribution Settings , you can set the options for choosing the most appropriate package out of the selections Rpmfind returns, as well as which mirror you would like to use. The higher the rating you indicate for your selection (as shown in Figure 26–8, Distribution Settings in Preferences), the higher the priority it will receive;...
Page 274
Chapter 26:Gnome-RPM Figure 26–9 Query Window The name of the package is centered at the top of the box. Below, the box is divided into two columns of listed information; below this information, you’ll see a display area showing package files. In the left column in the information list, you’ll find the size of the file, the machine on which the file is found, the name of the package distribution and its group.
Page 275
Section 26.5:Package Manipulation To close the query window without performing any action, left-click on the at the top right of the window bar. 26.5.2 Verifying Packages Verifying a package checks all of the files in the package to ensure they match the ones present on your system.
Page 276
Chapter 26:Gnome-RPM If uninstalling a package would break "dependencies" (which could interfere with the operation of applications that require one or more of the removed files in the package), a dialog will pop up, asking you to confirm the deletion. You can uninstall a selected package in a variety of ways: from the menu, under ;...
Page 277
Section 26.5:Package Manipulation If you run out of disk space during an installation, the install will fail. However, the package which was being installed when the error occurred may leave some files around. To clean up after this error, reinstall the package after you’ve made more disk space available.
Create a System Profile by running the Red Hat Network Registration Client (rhn_regis- ter) on the system that you want to register. Log in to RHN at http://rhn.redhat.com/ and entitle the system to Software Manager. Everyone receives a free Red Hat Network Software Manager subscription for one system. Additional sub- scriptions are $19.95/month for each system.
Page 280
Chapter 27:Red Hat Network Figure 27–1 System List...
-q kernel-headers and rpm -q kernel-source to determine their versions, if they are installed. If they are not installed, install them from the Red Hat Linux CD 1 or the Red Hat FTP site available at ftp://ftp.redhat.com (a list of mirrors is available at...
Page 284
Appendix A:Building a Custom Kernel http://www.redhat.com/mirrors.html). Refer to Chapter 25, Package Management with RPM for information on installing RPM packages. Open a shell prompt and change to the directory /usr/src/linux-2.4. All commands from this point forward must be issued from this directory.
Page 285
The method described here is the easiest to re- cover from in the event of a mishap. If you are interested in other possibilities, details can be found at http://www.redhat.com/mirrors/LDP/HOWTO/Kernel-HOWTO.html or in the Makefile in /usr/src/linux-2.4 on your Linux system.
Appendix A:Building a Custom Kernel A.2 Making an initrd Image An initrd image is needed for loading your SCSI module at boot time. If you do not need an initrd image, do not make one and do not edit lilo.conf or grub.conf to include this image. The /sbin/mkinitrd shell script can build a proper initrd image for your machine if the fol- lowing conditions are met: •...
Page 287
Section A.3:Configuring the Boot Loader title Red Hat Linux (2.4.7-3) root (hd0,0) kernel /vmlinuz-2.4.7-3 ro root=/dev/hda3 initrd /initrd-2.4.7-3.img If you created a separate /boot partition, the paths to the kernel and initrd image are relative to the /boot partition. To add your new kernel to GRUB, copy the existing title section to a new one and modify it to boot your new kernel image (and initrd image if you have any SCSI devices and have created an initrd image).
Page 288
Appendix A:Building a Custom Kernel A.3.2 LILO To configure LILO to boot the new kernel, you need to update the /etc/lilo.conf file and run the command /sbin/lilo -v. The default /etc/lilo.conf file looks similar to the following: boot=/dev/hda map=/boot/map install=/boot/boot.b prompt timeout=50 message=/boot/message...
Section A.4:Building a Monolithic Kernel root=/dev/hda5 To activate your changes, run the command /sbin/lilo -v. If all goes well, you will see output similar to the following: LILO version 21.4-4, Copyright (C) 1992-1998 Werner Almesberger ’lba32’ extensions Copyright (C) 1999,2000 John Coffman Reading boot sector from /dev/hda Merging with /boot/boot.b Mapping message file /boot/message...
Section B.1:An Introduction to GnuPG B Getting Started with Gnu Privacy Guard B.1 An Introduction to GnuPG Have you ever wondered if your email can be read during its transmission from you to other people, or from other people to you? Unfortunately, complete strangers could conceivably intercept or even tamper with your email.
Appendix B:Getting Started with Gnu Privacy Guard Do Not Reveal Your Private Key Remember that your public key can be given to anyone with whom you want to communicate securely, but you must never give away your private key. For the most part, cryptography is beyond the scope of this publication; volumes have been written about the subject.
Page 293
Section B.2:Generating a Keypair In fact, most of the screens which require you to choose an option will list the default option, within parentheses. You can accept the default options simply by pressing [Enter] In the first screen, you should accept the default option: (1) DSA and ElGamal. This option will allow you to create a digital signature and encrypt (and decrypt) with two types of technologies.
Appendix B:Getting Started with Gnu Privacy Guard 1024g/E12AF9C4 2000-04-18 B.3 Generating a Revocation Certificate Once you have created your keypair, you should create a revocation certificate for your public key. If you forget your passphrase, or if it has been compromised, you can publish this certificate to inform users that your public key should no longer be used.
Section B.4:Exporting your Public Key Once your revocation certificate has been created (revoke.asc), it will be located in your login directory. You should copy the certificate to a floppy diskette and store it in a secure place. (If you don’t know how to copy a file to a diskette in Red Hat Linux, see the Official Red Hat Linux Getting Started Guide.) B.4 Exporting your Public Key Before you can use public key cryptography, other people must have a copy of your public key.
Page 296
Appendix B:Getting Started with Gnu Privacy Guard =BMEc -----END PGP PUBLIC KEY BLOCK----- B.4.1 Exporting to a Keyserver If you are only writing to a few correspondents, you can export your public key and send it to them personally. If you correspond with many people, however, distribution of your key can be time con- suming.
Page 297
Section B.4:Exporting your Public Key public key from a from a keyserver, import that key to their keyring, and they are ready for secure correspondence with you. Which Keyserver Should You Use? Because most keyservers are synchronized, sending your public key to one keyserver is usually as good as sending it to them all.
Appendix B:Getting Started with Gnu Privacy Guard Figure B–2 Copying Your Public Key Note that if you are submitting your key to another Web-based keyserver, the above transaction will be essentially the same. That is all you need to do. Regardless of whether you use the shell prompt or the Web, you will see a message that your key was successfully submitted —...
Section B.7:Additional Resources One of the easiest ways to import a key is to download the key or save it from a website. To learn how to import Red Hat’s key, refer to Section 25.3.1, Importing Keys. After downloading a key, use the command gpg --import key.asc to add it to your keyring. Another way to save a key is to use a browser’s Save As feature.
Page 300
Appendix B:Getting Started with Gnu Privacy Guard B.7.1 Useful Websites • http://www.gnupg.org — The GnuPG website with links to the latest GnuPG releases, a com- prehensive user’s guide, and other cryptography resources. • http://hotwired.lycos.com/webmonkey/backend/security/tutorials/tutorial1.html — Visit the En- cryption Tutorial from Webmonkey to learn more about encryption and how to apply encryption techniques.
Page 301
Index Index BIND configuration ......173 adding a forward master zone... 174 anacron adding a reverse master zone.... 176 additional resources...... 230 adding a slave zone ...... 178 Apache ........135 applying changes..
Page 305
Index configuration ......109 querying with Gnome-RPM ... 273 /etc/fstab......109 removing........250 exporting........111 secure server mounting........109 choosing for installation ....157 starting the server ......112 selecting with Gnome-RPM ....
Page 307
........93 packages with Gnome-RPM ... 276 explanation of ......160 URLs serviceconf......95 for your secure server....169 Serviceconf ......... 95 user configuration services ( See redhat-config-users )
Page 308
Index User Manager ( See redhat-config-users ) users ( See redhat-config-users ) /var/spool/cron...... 229 VeriSign using existing certificate....161 Windows file and print sharing ..... 115 Windows 2000 connecting to shares using Samba ..117 Windows NT 4.0...