Red Hat Enterprise Linux 5 Administration Unleashed

More documents

Recommendations

Info

516CHAPTER 25<strong>Linux</strong> Auditing SystemIf the daemon is already running when you modify its configuration, use the serviceauditd restart command as root to enable the changes. To verify that the rules andwatches have been modified, use the auditctl -l command as root to list all active rulesand watches. For example, Listing 25.6 shows the auditctl -l output for the rules andwatches in Listing 25.2 and 25.4.LISTING 25.6Listing Audit Rules and WatchesLIST_RULES: entry,always syscall=chmodLIST_RULES: exit,always uid=501 (0x1f5) key=tfox syscall=openLIST_RULES: exit,always watch=/var/log/audit perm=rwxa key=LOG_AUDITLIST_RULES: exit,always watch=/etc/sysconfig perm=rwxa key=SYSCONFIGLIST_RULES: exit,always watch=/etc/passwd perm=rwxa key=PASSWDLIST_RULES: exit,always watch=/etc/shadow perm=rwxa key=PASSWDLIST_RULES: exit,always watch=/etc/group perm=rwxa key=PASSWDLIST_RULES: exit,always watch=/etc/audit/audit.rules perm=rwxa key=AUDIT_RULESLIST_RULES: exit,always watch=/etc/audit/auditd.conf perm=rwxa key=AUDIT_CONFLIST_RULES: exit,always watch=/usr/bin/vpnc perm=x key=VPNCAnalyzing the RecordsIf auditd is used, audit messages are written to /var/log/audit/audit.log unless the filenameis changed with the log_file parameter in /etc/audit/auditd.conf. The log file isa text file and can be read with the less utility or a text editor such as Emacs or Vi. Themessages are written in the format received from the kernel in the order they are received.The aureport utility can be used to generate summary reports from the log file. Theausearch utility can be used to search for reports based on criteria such as the audit eventID, a filename, UID or GID, message type, and system call name.Unless the daemon is configured to rotate the log files and remove old ones as previouslydescribed in the “Configuring the Audit Daemon” section, the log files in /var/log/audit/ are never removed. Administrators should check the logs frequently and removeold ones or move them to backup storage. If the logs are not removed periodically, theycan fill up the entire disk. Because of this, it is recommended that /var/log/audit/ be aseparate dedicated partition so it does not affect the writing of other log files or causeother system errors.TIPTo force the log file to be rotated immediately, issue the service auditd rotatecommand as root. The old log files will have the filename audit.log.N, where N is anumber. The larger the number, the older the log file.Generating ReportsTo generate reports of the audit messages, use the aureport. The /var/log/audit/ directoryand all the audit log files in it are only readable by the root user for security. Thus,
Page 2:
Tammy FoxRed Hat ®Enterprise Linux
Page 6:
Contents at a GlanceIntroduction ..
Page 10:
Table of ContentsIntroduction 1Part
Page 14:
ContentsviiConfiguring the Runlevel
Page 18:
ContentsixHow It All Works.........
Page 22:
ContentsxiLogging Samba Connections
Page 26:
ContentsxiiiPart V Monitoring and T
Page 30:
ContentsxvStarting and Stopping the
Page 34:
About the AuthorTammy Fox has been
Page 38:
We Want to Hear from You!As the rea
Page 42:
IntroductionSo you’ve decided to
Page 46:
Introduction 3Part III: System Admi
Page 50:
Introduction 5Feedback and Correcti
Page 54:
PART IInstallation andConfiguration
Page 58:
CHAPTER 1Installing Red HatEnterpri
Page 62:
Creating the Installation Source 11
Page 66:
Creating the Installation Source 13
Page 70:
Starting the Installation 15Startin
Page 74:
Performing the Installation 17If Ha
Page 78:
Performing the Installation 19A boo
Page 82:
Performing the Installation 21As a
Page 86:
Performing the Installation 23NOTEA
Page 90:
Performing the Installation 256. Op
Page 94:
Performing the Installation 274. Cr
Page 98:
Performing the Installation 291FIGU
Page 102:
Installing with Kickstart 31Creatin
Page 106:
Installing with Kickstart 33Basic S
Page 110:
Installing with Kickstart 35--bootp
Page 114:
Installing with Kickstart 37--initl
Page 118:
Installing with Kickstart 39--maxsi
Page 122:
Installing with Kickstart 41. zfcpO
Page 126:
Installing with Kickstart 43. reboo
Page 130:
Installing with Kickstart 45--drive
Page 134:
Installing with Kickstart 47Use a s
Page 138:
Installing with Kickstart 49Use thi
Page 142:
Installing with Kickstart 51. NFS s
Page 146:
Installing with PXE 53Now, you shou
Page 150:
Performing an Upgrade 55Configuring
Page 154:
CHAPTER 2Post-InstallationConfigura
Page 158:
Red Hat Setup Agent 592FIGURE 2.2En
Page 162:
Red Hat Setup Agent 612FIGURE 2.5Se
Page 166:
Red Hat Setup Agent 63After you hav
Page 170:
Network Configuration 652FIGURE 2.1
Page 174:
Network Configuration 67The /etc/ho
Page 178:
Printer Configuration 69CAUTIONIf a
Page 182:
Printer Configuration 712FIGURE 2.1
Page 186:
Printer Configuration 732FIGURE 2.1
Page 190:
Printer Configuration 75If the prin
Page 194:
Adding Boot Parameters 77LISTING 2.
Page 198:
CHAPTER 3Operating SystemUpdatesThi
Page 202:
Assigning Users for the RHN Website
Page 206:
Using System Groups on the RHN Webs
Page 210:
Retrieving Software from RHN with Y
Page 214:
Page 218:
Page 222:
Page 226:
Page 230:
Summary 95CAUTIONAlthough the -y op
Page 234:
PART IIOperating System CoreConcept
Page 238:
CHAPTER 4Understanding LinuxConcept
Page 242:
Learning the Desktop 1014FIGURE 4.1
Page 246:
Shell Basics 103TABLE 4.1Continued/
Page 250:
Shell Basics 105To remove a directo
Page 254:
Shell Basics 107every command you h
Page 258:
Shell Basics 109Reading Text FilesS
Page 262:
Manual Pages 111Manual PagesOne gre
Page 266:
Editing Text Files 113Vi EditorThe
Page 270:
Editing Text Files 115A text versio
Page 274:
File Permissions 117As you can prob
Page 278:
Initialization Scripts 1194FIGURE 4
Page 282:
Runlevels 121The default runlevel i
Page 286:
Summary 123FIGURE 4.12ntsysv4Summar
Page 290:
CHAPTER 5Working with RPMSoftwareA
Page 294:
Installing Software 127Finding the
Page 298:
Installing Software 129After verify
Page 302:
Updating Software 131perform as wel
Page 306:
Verifying Software Files 133package
Page 310:
Building RPM Packages 135example, i
Page 314:
Building RPM Packages 137such as yo
Page 318:
Building RPM Packages139LISTING 5.9
Page 322:
Building RPM Packages 141%filesThe
Page 326:
Building RPM Packages 143Creating t
Page 330:
Building RPM Packages 145LISTING 5.
Page 334:
Building RPM Packages 147You are pr
Page 338:
Summary 149When installing the exam
Page 342:
CHAPTER 6Analyzing HardwareSimilar
Page 346:
Listing Devices 153LISTING 6.1Conti
Page 350:
Listing Devices 155LISTING 6.5Verbo
Page 354:
Detecting Hardware157LISTING 6.7Con
Page 358:
Gathering Information from the BIOS
Page 362:
Gathering Information from the BIOS
Page 366:
Listing and Configuring Kernel Modu
Page 370:
HAL 165HALIf the kernel knows about
Page 374:
CHAPTER 7Managing StorageManaging s
Page 378:
Understanding Partitioning 169Creat
Page 382:
Understanding LVM 171such as:mount
Page 386:
Understanding LVM 173To increase th
Page 390:
Understanding LVM 175Use the lvcrea
Page 394:
Understanding LVM 177the final numb
Page 398:
Understanding RAID 179If a snapshot
Page 402:
Understanding RAID 181LISTING 7.7Cr
Page 406:
Understanding RAID 183Device Size :
Page 410:
Using Access Control Lists 185Under
Page 414:
Using Access Control Lists 187. For
Page 418:
Using Disk Quotas 189Removing ACLsT
Page 422:
Using Disk Quotas 191If it is unabl
Page 426:
Summary 193This grace period is use
Page 430:
CHAPTER 864-Bit, Multi-Core, andHyp
Page 434:
Multi-Core Processors 197Duplicate
Page 438:
Multi-Core Processors 199LISTING 8.
Page 442:
Processors with Hyper-Threading Tec
Page 446:
PART IIISystem AdministrationIN THI
Page 450:
CHAPTER 9Managing Users andGroupsIN
Page 454:
Managing Users 207FIGURE 9.1List of
Page 458:
Managing Users 209TABLE 9.1Options
Page 462:
Managing Groups 211TABLE 9.3 Contin
Page 466:
Managing Groups 213Deleting GroupsT
Page 470:
How It All Works 215If shadow passw
Page 474:
Best Practices 217Managing Username
Page 478:
Summary 219If your company is quite
Page 482:
CHAPTER 10Techniques for Backupand
Page 486:
Using Amanda for Backups 223. Do mu
Page 490:
Using Amanda for Backups 225Table 1
Page 494:
Using Amanda for Backups 227Setting
Page 498:
Using Amanda for Backups229TABLE 10
Page 502:
Using Amanda for Backups 231As you
Page 506:
Other Linux Backup Utilities 233com
Page 510:
Recovery and Repair 235Rescue ModeR
Page 514:
Recovery and Repair 237Once in sing
Page 518:
CHAPTER 11Automating Taskswith Scri
Page 522:
Writing Scripts with Bash 241TIPThe
Page 526:
Writing Scripts with Bash 243TABLE
Page 530:
Writing Scripts with Bash 245TABLE
Page 534:
Additional Scripting Languages 247T
Page 538:
Scheduling Tasks with Cron 249LISTI
Page 542:
Scheduling Tasks with Cron 251The f
Page 546:
PART IVNetwork ServicesIN THIS PART
Page 550:
CHAPTER 12Identity ManagementManagi
Page 554:
Enabling NIS 257. optional: Results
Page 558:
Enabling NIS 259TIPLog messages for
Page 562:
Enabling NIS 261/var/yp/nicknames f
Page 566:
Enabling NIS 263To accept requests
Page 570:
Enabling NIS 265Because the lines t
Page 574:
Enabling LDAP 267Level and Firewall
Page 578:
Enabling LDAP 269LISTING 12.3Contin
Page 582:
Enabling LDAP 271LISTING 12.6Contin
Page 586:
Enabling LDAP 273LISTING 12.7Modify
Page 590:
Enabling LDAP 275LISTING 12.8Defaul
Page 594:
Enabling LDAP 277Many applications
Page 598:
Enabling Kerberos 279Configuring th
Page 602:
Enabling Kerberos 281Principals mus
Page 606:
Enabling Kerberos 283In the ACL fil
Page 610:
Enabling SMB or Winbind Authenticat
Page 614:
Enabling with Authentication Tool 2
Page 618:
Page 622:
Page 626:
CHAPTER 13Network File SharingIN TH
Page 630:
Network File System 295The SELinux
Page 634:
Network File System 297On the Basic
Page 638:
Network File System 299Editing and
Page 642:
Network File System 301FIGURE 13.4A
Page 646:
Network File System 303update the c
Page 650:
Samba File Sharing 305To verify tha
Page 654:
Samba File Sharing 307FIGURE 13.6Sa
Page 658:
Samba File Sharing 309Clicking OK s
Page 662:
Samba File Sharing 311If users will
Page 666:
Samba File Sharing 313LISTING 13.6C
Page 670:
Samba File Sharing 315If you know t
Page 674:
Samba File Sharing 317TABLE 13.2Con
Page 678:
CHAPTER 14Granting NetworkConnectiv
Page 682:
Configuring the Server 321Chapter 3
Page 686:
Configuring the Server 323LISTING 1
Page 690:
Summary 325This argument is useful
Page 694:
CHAPTER 15Creating a Web Serverwith
Page 698:
Configuring the Server 329FIGURE 15
Page 702:
Configuring the Server 331ListenSec
Page 706:
Configuring the Server 333where is
Page 710:
Configuring the Server 335virtual h
Page 714:
Summary 337Starting and Stopping th
Page 718:
CHAPTER 16Hostname Resolutionwith B
Page 722:
Configuring BIND 341Install the bin
Page 726:
Configuring BIND 343. masters: List
Page 730:
Configuring BIND 345Configuring Vie
Page 734:
Configuring BIND 347The default-por
Page 738:
Configuring BIND Graphically 349Sta
Page 742:
Logging Connections 351FIGURE 16.2I
Page 746:
Logging Connections 353Only the fil
Page 750:
CHAPTER 17Securing Remote Loginswit
Page 754:
Configuring the Server 357key. If a
Page 758:
Connecting from the Client 359If th
Page 762:
Connecting from the Client 361It is
Page 766:
Connecting from the Client 363Remem
Page 770:
Connecting from the Client 365After
Page 774:
CHAPTER 18Setting Up an EmailServer
Page 778:
Understanding Email Concepts 369Sen
Page 782:
Configuring Sendmail 371. local-hos
Page 786:
Configuring Sendmail 373LISTING 18.
Page 790:
Using POP and IMAP 375By default, t
Page 794:
Allowing Email Connections 377LISTI
Page 798:
CHAPTER 19Explaining OtherCommon Ne
Page 802:
The xinetd Super Server 381LISTING
Page 806:
The xinetd Super Server 383LISTING
Page 810:
The xinetd Super Server 385. A patt
Page 814:
Transferring Files with FTP 387. pe
Page 818:
Transferring Files with FTP 389TABL
Page 822:
Transferring Files with FTP 391TABL
Page 826:
Transferring Files with FTP 393To d
Page 830:
Keeping Accurate Time with NTP 395K
Page 834:
Keeping Accurate Time with NTP 397A
Page 838:
Creating a Network Printer with CUP
Page 842:
PART VMonitoring and TuningIN THIS
Page 846:
CHAPTER 20Monitoring SystemResource
Page 850:
Reporting Filesystem Usage 405To vi
Page 854:
Reporting Disk Performance 407TIPNa
Page 858:
Reporting Disk Performance 409/usr/
Page 862:
Reporting System Processes 411TABLE
Page 866:
Reporting Memory Usage 413Reporting
Page 870:
Reporting on the Network Subsystem
Page 874:
Generating a System Report 417FIGUR
Page 878:
Viewing Log Files with Logwatch 419
Page 882:
Viewing Log Files with Logwatch 421
Page 886:
CHAPTER 21Monitoring and Tuningthe
Page 890:
Using the /proc Directory 425. /pro
Page 894:
Optimizing Virtual Memory 427TABLE
Page 898:
Optimizing Virtual Memory 429. vm.d
Page 902:
Managing Memory with NUMA 431If it
Page 906:
Saving Kernel Dumps for Analysis 43
Page 910:
Page 914:
Page 918:
Page 922:
Page 926:
Setting SMP IRQ Affinity 443Setting
Page 930:
Enabling NMI Watchdog for Locked Sy
Page 934:
Enabling NMI Watchdog for Locked Sy
Page 938:
CHAPTER 22Monitoring and TuningAppl
Page 942:
OProfile 451The performance monitor
Page 946:
OProfile 453TABLE 22.1Continuedppc6
Page 950:
OProfile 455To further customize th
Page 954:
OProfile 4573. Set up which process
Page 958:
Valgrind 459determine what processe
Page 962:
PART VISecurityIN THIS PARTCHAPTER
Page 966:
CHAPTER 23Protecting AgainstIntrude
Page 970:
Selecting an SELinux Mode 465CAUTIO
Page 974:
Selecting and Customizing the SELin
Page 978:
Working with Security Contexts 4692
Page 982:
Working with Security Contexts 471L
Page 986:
Working with Security Contexts 473L
Page 990:
Working with Security Contexts 475I
Page 994:
CHAPTER 24Configuring a FirewallAs
Page 998:
Selecting a Table and Command for I
Page 1002:
Using IPTables Match Extensions 481
Page 1006:
Page 1010:
Page 1014:
Page 1018:
Page 1022: Using IPTables Match Extensions 491
Page 1026: Using IPTables Match Extensions 493
Page 1030: Using IPTables Target Extensions 49
Page 1042: IPTables Examples 501. condrestart:
Page 1046: Enabling the Default Firewall 503As
Page 1050: CHAPTER 25Linux Auditing SystemThe
Page 1054: Configuring the Audit Daemon 507log
Page 1058: Writing Audit Rules and Watches 509
Page 1070: Starting and Stopping the Daemon 51
Page 1076: 518CHAPTER 25Linux Auditing SystemT
Page 1080: 520CHAPTER 25Linux Auditing SystemT
Page 1084: 522CHAPTER 25Linux Auditing SystemS
Page 1088: This page intentionally left blank
Page 1092: 526APPENDIX AInstalling Proprietary
Page 1096: 528APPENDIX AInstalling Proprietary
Page 1100: 530APPENDIX BCreating Virtual Machi
Page 1124:
542APPENDIX BCreating Virtual Machi
Page 1128:
Page 1132:
Page 1136:
548APPENDIX CPreventing Security Br
Page 1140:
550APPENDIX CPreventing Security Br
Page 1144:
552APPENDIX DTroubleshootingQ. I di
Page 1148:
554APPENDIX DTroubleshootingQ. When
Page 1152:
556APPENDIX DTroubleshootingQ. I ne
Page 1156:
558APPENDIX DTroubleshootingSecurit
Page 1160:
560addingaddingdisk space to LVM, 1
Page 1164:
562autofsautofsconnecting NFS share
Page 1168:
564Configuration Administrator role
Page 1172:
566directivesdirectives/etc/httpd/c
Page 1176:
568Encrypt Passwords option (Samba
Page 1180:
570filesystemsfinding files in dire
Page 1184:
572helper match extension (IPTables
Page 1188:
574IPTablesconfiguring, 477examples
Page 1192:
576LDAP (Lightweight Directory Acce
Page 1196:
578loginssecure file transfers, 359
Page 1200:
580modulesmoduleskernel modulesinst
Page 1204:
582NFS (Network File System)server
Page 1208:
584passphrasespassphrasescreating v
Page 1212:
586Red Hat Network Provisioning, Li
Page 1216:
588scriptsscriptsAwk, 249Bash, 239c
Page 1220:
590sharesSambaadding to, 309adding
Page 1224:
592storageLVM schemes, 168-169remov
Page 1228:
594umount command, removing logical
Page 1232:
596vmstat command, reporting memory
show all

Red Hat Enterprise Linux 5 Administration Unleashed

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?