Red Hat Enterprise Linux 5 Administration Unleashed

More documents

Recommendations

Info

Enabling LDAP 275LISTING 12.8Default Indexing Settings# Indices to maintain for this databaseindex objectClassindex ou,cn,mail,surname,givennameindex uidNumber,gidNumber,loginShellindex uid,memberUidindex nisMapName,nisMapEntryeq,preseq,pres,subeq,preseq,pres,subeq,pres,sub12Each time indexing options are modified, the indexes have to be regenerated as the rootuser on the server with the slapindex utility, and the daemon has to be stopped with theservice slapd stop command before running slapindex.Enabling TLS Encryption for LDAPBy default, all data sent between the OpenLDAP server and its clients are sent unencryptedin plain text that can be read by anyone who intercepts the packets on thenetwork. If the server is internal only, this might not be a concern for you. A TLS, orTransport Layer Security, certificate can be used to enable authentication using SASL (SimpleAuthentication and Security Layer) EXTERNAL.First, create an SSL certificate for the server. It can be one from a certificate authority (CA)such as VeriSign or it can be a self-signing certificate created with a program such asOpenSSL. Refer to openssl.org for details on the latter.The cn attribute of the server must be the FQDN of the server, and the DN of the servercertificate must be exactly the same as the cn attribute of the OpenLDAP server. Aliasnames and wildcards can be specified using the subjectAltName certificate extension. Theclients can also have a certificate to authenticate with SASL EXTERNAL.TIPA dummy certificate, /etc/pki/tls/certs/slapd.pem, is included with theopenldap-servers package and can be used for testing purposes.To enable TLS encryption so data, including the password used to administer the directoryfrom a remote system, is encrypted between the server and the client, uncommentthe following lines in /etc/openldap/slapd.conf:TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crtTLSCertificateFile /etc/pki/tls/certs/slapd.pemTLSCertificateKeyFile /etc/pki/tls/certs/slapd.pemIf unchanged, after restarting the service with service ldap restart, the dummy certificateinstalled for testing is used. Otherwise, copy your certificates to the /etc/pki/tls/certs/ directory and change the values of the options to appropriate filenames.The client must be configured to trust the server certificate. Refer to “Connecting to theLDAP Server” for details.
Page 2:
Tammy FoxRed Hat ®Enterprise Linux
Page 6:
Contents at a GlanceIntroduction ..
Page 10:
Table of ContentsIntroduction 1Part
Page 14:
ContentsviiConfiguring the Runlevel
Page 18:
ContentsixHow It All Works.........
Page 22:
ContentsxiLogging Samba Connections
Page 26:
ContentsxiiiPart V Monitoring and T
Page 30:
ContentsxvStarting and Stopping the
Page 34:
About the AuthorTammy Fox has been
Page 38:
We Want to Hear from You!As the rea
Page 42:
IntroductionSo you’ve decided to
Page 46:
Introduction 3Part III: System Admi
Page 50:
Introduction 5Feedback and Correcti
Page 54:
PART IInstallation andConfiguration
Page 58:
CHAPTER 1Installing Red HatEnterpri
Page 62:
Creating the Installation Source 11
Page 66:
Creating the Installation Source 13
Page 70:
Starting the Installation 15Startin
Page 74:
Performing the Installation 17If Ha
Page 78:
Performing the Installation 19A boo
Page 82:
Performing the Installation 21As a
Page 86:
Performing the Installation 23NOTEA
Page 90:
Performing the Installation 256. Op
Page 94:
Performing the Installation 274. Cr
Page 98:
Performing the Installation 291FIGU
Page 102:
Installing with Kickstart 31Creatin
Page 106:
Installing with Kickstart 33Basic S
Page 110:
Installing with Kickstart 35--bootp
Page 114:
Installing with Kickstart 37--initl
Page 118:
Installing with Kickstart 39--maxsi
Page 122:
Installing with Kickstart 41. zfcpO
Page 126:
Installing with Kickstart 43. reboo
Page 130:
Installing with Kickstart 45--drive
Page 134:
Installing with Kickstart 47Use a s
Page 138:
Installing with Kickstart 49Use thi
Page 142:
Installing with Kickstart 51. NFS s
Page 146:
Installing with PXE 53Now, you shou
Page 150:
Performing an Upgrade 55Configuring
Page 154:
CHAPTER 2Post-InstallationConfigura
Page 158:
Red Hat Setup Agent 592FIGURE 2.2En
Page 162:
Red Hat Setup Agent 612FIGURE 2.5Se
Page 166:
Red Hat Setup Agent 63After you hav
Page 170:
Network Configuration 652FIGURE 2.1
Page 174:
Network Configuration 67The /etc/ho
Page 178:
Printer Configuration 69CAUTIONIf a
Page 182:
Printer Configuration 712FIGURE 2.1
Page 186:
Printer Configuration 732FIGURE 2.1
Page 190:
Printer Configuration 75If the prin
Page 194:
Adding Boot Parameters 77LISTING 2.
Page 198:
CHAPTER 3Operating SystemUpdatesThi
Page 202:
Assigning Users for the RHN Website
Page 206:
Using System Groups on the RHN Webs
Page 210:
Retrieving Software from RHN with Y
Page 214:
Page 218:
Page 222:
Page 226:
Page 230:
Summary 95CAUTIONAlthough the -y op
Page 234:
PART IIOperating System CoreConcept
Page 238:
CHAPTER 4Understanding LinuxConcept
Page 242:
Learning the Desktop 1014FIGURE 4.1
Page 246:
Shell Basics 103TABLE 4.1Continued/
Page 250:
Shell Basics 105To remove a directo
Page 254:
Shell Basics 107every command you h
Page 258:
Shell Basics 109Reading Text FilesS
Page 262:
Manual Pages 111Manual PagesOne gre
Page 266:
Editing Text Files 113Vi EditorThe
Page 270:
Editing Text Files 115A text versio
Page 274:
File Permissions 117As you can prob
Page 278:
Initialization Scripts 1194FIGURE 4
Page 282:
Runlevels 121The default runlevel i
Page 286:
Summary 123FIGURE 4.12ntsysv4Summar
Page 290:
CHAPTER 5Working with RPMSoftwareA
Page 294:
Installing Software 127Finding the
Page 298:
Installing Software 129After verify
Page 302:
Updating Software 131perform as wel
Page 306:
Verifying Software Files 133package
Page 310:
Building RPM Packages 135example, i
Page 314:
Building RPM Packages 137such as yo
Page 318:
Building RPM Packages139LISTING 5.9
Page 322:
Building RPM Packages 141%filesThe
Page 326:
Building RPM Packages 143Creating t
Page 330:
Building RPM Packages 145LISTING 5.
Page 334:
Building RPM Packages 147You are pr
Page 338:
Summary 149When installing the exam
Page 342:
CHAPTER 6Analyzing HardwareSimilar
Page 346:
Listing Devices 153LISTING 6.1Conti
Page 350:
Listing Devices 155LISTING 6.5Verbo
Page 354:
Detecting Hardware157LISTING 6.7Con
Page 358:
Gathering Information from the BIOS
Page 362:
Gathering Information from the BIOS
Page 366:
Listing and Configuring Kernel Modu
Page 370:
HAL 165HALIf the kernel knows about
Page 374:
CHAPTER 7Managing StorageManaging s
Page 378:
Understanding Partitioning 169Creat
Page 382:
Understanding LVM 171such as:mount
Page 386:
Understanding LVM 173To increase th
Page 390:
Understanding LVM 175Use the lvcrea
Page 394:
Understanding LVM 177the final numb
Page 398:
Understanding RAID 179If a snapshot
Page 402:
Understanding RAID 181LISTING 7.7Cr
Page 406:
Understanding RAID 183Device Size :
Page 410:
Using Access Control Lists 185Under
Page 414:
Using Access Control Lists 187. For
Page 418:
Using Disk Quotas 189Removing ACLsT
Page 422:
Using Disk Quotas 191If it is unabl
Page 426:
Summary 193This grace period is use
Page 430:
CHAPTER 864-Bit, Multi-Core, andHyp
Page 434:
Multi-Core Processors 197Duplicate
Page 438:
Multi-Core Processors 199LISTING 8.
Page 442:
Processors with Hyper-Threading Tec
Page 446:
PART IIISystem AdministrationIN THI
Page 450:
CHAPTER 9Managing Users andGroupsIN
Page 454:
Managing Users 207FIGURE 9.1List of
Page 458:
Managing Users 209TABLE 9.1Options
Page 462:
Managing Groups 211TABLE 9.3 Contin
Page 466:
Managing Groups 213Deleting GroupsT
Page 470:
How It All Works 215If shadow passw
Page 474:
Best Practices 217Managing Username
Page 478:
Summary 219If your company is quite
Page 482:
CHAPTER 10Techniques for Backupand
Page 486:
Using Amanda for Backups 223. Do mu
Page 490:
Using Amanda for Backups 225Table 1
Page 494:
Using Amanda for Backups 227Setting
Page 498:
Using Amanda for Backups229TABLE 10
Page 502:
Using Amanda for Backups 231As you
Page 506:
Other Linux Backup Utilities 233com
Page 510:
Recovery and Repair 235Rescue ModeR
Page 514:
Recovery and Repair 237Once in sing
Page 518:
CHAPTER 11Automating Taskswith Scri
Page 522:
Writing Scripts with Bash 241TIPThe
Page 526:
Writing Scripts with Bash 243TABLE
Page 530:
Writing Scripts with Bash 245TABLE
Page 534:
Additional Scripting Languages 247T
Page 538: Scheduling Tasks with Cron 249LISTI
Page 542: Scheduling Tasks with Cron 251The f
Page 546: PART IVNetwork ServicesIN THIS PART
Page 550: CHAPTER 12Identity ManagementManagi
Page 554: Enabling NIS 257. optional: Results
Page 558: Enabling NIS 259TIPLog messages for
Page 562: Enabling NIS 261/var/yp/nicknames f
Page 566: Enabling NIS 263To accept requests
Page 570: Enabling NIS 265Because the lines t
Page 574: Enabling LDAP 267Level and Firewall
Page 578: Enabling LDAP 269LISTING 12.3Contin
Page 582: Enabling LDAP 271LISTING 12.6Contin
Page 586: Enabling LDAP 273LISTING 12.7Modify
Page 592: 276CHAPTER 12Identity ManagementSta
Page 596: 278CHAPTER 12Identity ManagementEna
Page 600: 280CHAPTER 12Identity ManagementCre
Page 604: 282CHAPTER 12Identity ManagementTAB
Page 608: 284CHAPTER 12Identity Managementchk
Page 612: 286CHAPTER 12Identity ManagementThe
Page 616: 288CHAPTER 12Identity ManagementCAU
Page 620: 290CHAPTER 12Identity Managementaut
Page 624: 292CHAPTER 12Identity ManagementTAB
Page 628: 294CHAPTER 13Network File SharingFo
Page 632: 296CHAPTER 13Network File SharingFI
Page 636: 298CHAPTER 13Network File Sharingre
Page 640:
300CHAPTER 13Network File SharingTo
Page 644:
302CHAPTER 13Network File Sharing10
Page 648:
Page 652:
306CHAPTER 13Network File Sharingex
Page 656:
308CHAPTER 13Network File Sharing.
Page 660:
310CHAPTER 13Network File SharingCo
Page 664:
312CHAPTER 13Network File SharingLI
Page 668:
Page 672:
316CHAPTER 13Network File SharingBe
Page 676:
318CHAPTER 13Network File SharingTh
Page 680:
320CHAPTER 14Granting Network Conne
Page 684:
Page 688:
Page 692:
This page intentionally left blank
Page 696:
328CHAPTER 15Creating a Web Server
Page 700:
Page 704:
Page 708:
Page 712:
Page 716:
Page 720:
340CHAPTER 16Hostname Resolution wi
Page 724:
Page 728:
Page 732:
Page 736:
Page 740:
Page 744:
Page 748:
Page 752:
356CHAPTER 17Securing Remote Logins
Page 756:
Page 760:
Page 764:
Page 768:
Page 772:
Page 776:
368CHAPTER 18Setting Up an Email Se
Page 780:
Page 784:
Page 788:
Page 792:
Page 796:
Page 800:
380CHAPTER 19Explaining Other Commo
Page 804:
Page 808:
Page 812:
Page 816:
Page 820:
Page 824:
Page 828:
Page 832:
Page 836:
Page 840:
Page 844:
Page 848:
404CHAPTER 20Monitoring System Reso
Page 852:
Page 856:
Page 860:
Page 864:
Page 868:
Page 872:
Page 876:
Page 880:
Page 884:
Page 888:
424CHAPTER 21Monitoring and Tuning
Page 892:
Page 896:
Page 900:
Page 904:
Page 908:
Page 912:
Page 916:
Page 920:
Page 924:
Page 928:
Page 932:
Page 936:
Page 940:
Page 944:
Page 948:
Page 952:
Page 956:
Page 960:
Page 964:
Page 968:
464CHAPTER 23Protecting Against Int
Page 972:
Page 976:
Page 980:
Page 984:
Page 988:
Page 992:
Page 996:
478CHAPTER 24Configuring a Firewall
Page 1000:
Page 1004:
Page 1008:
Page 1012:
Page 1016:
Page 1020:
Page 1024:
Page 1028:
Page 1032:
Page 1036:
Page 1040:
Page 1044:
Page 1048:
Page 1052:
506CHAPTER 25Linux Auditing System.
Page 1056:
508CHAPTER 25Linux Auditing Systemm
Page 1060:
510CHAPTER 25Linux Auditing SystemW
Page 1064:
512CHAPTER 25Linux Auditing Systemm
Page 1068:
514CHAPTER 25Linux Auditing SystemL
Page 1072:
516CHAPTER 25Linux Auditing SystemI
Page 1076:
518CHAPTER 25Linux Auditing SystemT
Page 1080:
520CHAPTER 25Linux Auditing SystemT
Page 1084:
522CHAPTER 25Linux Auditing SystemS
Page 1088:
Page 1092:
526APPENDIX AInstalling Proprietary
Page 1096:
528APPENDIX AInstalling Proprietary
Page 1100:
530APPENDIX BCreating Virtual Machi
Page 1104:
Page 1108:
Page 1112:
Page 1116:
Page 1120:
Page 1124:
Page 1128:
Page 1132:
Page 1136:
548APPENDIX CPreventing Security Br
Page 1140:
550APPENDIX CPreventing Security Br
Page 1144:
552APPENDIX DTroubleshootingQ. I di
Page 1148:
554APPENDIX DTroubleshootingQ. When
Page 1152:
556APPENDIX DTroubleshootingQ. I ne
Page 1156:
558APPENDIX DTroubleshootingSecurit
Page 1160:
560addingaddingdisk space to LVM, 1
Page 1164:
562autofsautofsconnecting NFS share
Page 1168:
564Configuration Administrator role
Page 1172:
566directivesdirectives/etc/httpd/c
Page 1176:
568Encrypt Passwords option (Samba
Page 1180:
570filesystemsfinding files in dire
Page 1184:
572helper match extension (IPTables
Page 1188:
574IPTablesconfiguring, 477examples
Page 1192:
576LDAP (Lightweight Directory Acce
Page 1196:
578loginssecure file transfers, 359
Page 1200:
580modulesmoduleskernel modulesinst
Page 1204:
582NFS (Network File System)server
Page 1208:
584passphrasespassphrasescreating v
Page 1212:
586Red Hat Network Provisioning, Li
Page 1216:
588scriptsscriptsAwk, 249Bash, 239c
Page 1220:
590sharesSambaadding to, 309adding
Page 1224:
592storageLVM schemes, 168-169remov
Page 1228:
594umount command, removing logical
Page 1232:
596vmstat command, reporting memory
show all

Red Hat Enterprise Linux 5 Administration Unleashed

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?