1063
RHCSA /RHCE ® Red Hat ® Linux Certification Study Guide, Sixth Edition Exams (EX200 & EX300) Michael Jang New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto McGraw-Hill is an independent entity from Red Hat, Inc., and is not affiliated with Red Hat, Inc., in any manner. This publication and CD may be used in assisting students to prepare for a Red Hat Certified Engineer Exam or a Red Hat Certified System Administrator Exam. Neither Red Hat, Inc., nor McGraw-Hill warrant that use of this publication will ensure passing the relevant exam. Red Hat ® , Red Hat ® Linux ® , Red Hat ® Enterprise Linux ® , RHCE ® , RHCT and RHCSA are either registered trademarks or trademarks of Red Hat, Inc., in the United States and/or other countries. This publication is not intended to be a substitute for the Red Hat RHCSA prep course RH200 or the RHCE prep course RH300. This study/training guide and/or material is not sponsored by, endorsed by, or affiliated with Red Hat, Inc. in any manner. Copyright © 2011 by The McGraw-Hill Companies

A hat that is not blue and it teaches you LINUX

Embed Size (px)

DESCRIPTION

learn.......study....and stufff

Citation preview

  • RHCSA/RHCE Red Hat

    Linux Certifi cation Study

    Guide, Sixth Edition

    Exams (EX200 & EX300)

    Michael Jang

    New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto

    McGraw-Hill is an independent entity from Red Hat, Inc., and is not affiliated with Red Hat, Inc., in any manner. This publication and CD may be used in assisting students to prepare for a Red Hat Certified Engineer Exam or a Red Hat Certified System Administrator Exam. Neither Red Hat, Inc., nor McGraw-Hill warrant that use of this publication will ensure passing the relevant exam. Red Hat, Red Hat Linux, Red Hat Enterprise Linux, RHCE, RHCT and RHCSA are either registered trademarks or trademarks of Red Hat, Inc., in the United States and/or other countries.

    This publication is not intended to be a substitute for the Red Hat RHCSA prep course RH200 or the RHCE prep course RH300. This study/training guide and/or material is not sponsored by, endorsed by, or affiliated with Red Hat, Inc. in any manner.

    Copyright 2011 by The McGraw-Hill Companies

  • Library of Congress Cataloging-in-Publication Data

    Jang, Michael H. RHCSA/RHCE Red Hat Linux certification study guide (exams EX200 & EX300) / Michael Jang. -- 6th ed. p.cm. Rev. ed. of: RHCE Red Hat certified engineer Linux study guide : (exam RH302). 5th ed. 2007. ISBN 978-0-07-176565-7 (alk. paper) 1. Electronic data processing personnel--Certification. 2. Operating systems (Computers)-- Examinations--Study guides. 3. Linux. I. Jang, Michael H. RHCE Red Hat certified engineer Linux study guide. II. Title. QA76.3.J3448 2011 005.432--dc23 2011023732

    McGraw-Hill books are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative, please e-mail us at [email protected].

    RHCSA/RHCE Red Hat Linux Certification Study Guide

    (Exams EX200 & EX300), Sixth Edition

    Copyright 2011 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publica-tion may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

    All trademarks or copyrights mentioned herein are the possession of their respective owners and McGraw-Hill makes no claim of ownership by the mention of products that contain these marks.

    234567890 DOC DOC 10987654321

    ISBN: Book p/n 978-0-07-176566-4 and CD p/n 978-0-07-176568-8of set 978-0-07-176565-7

    MHID: Book p/n 0-07-176566-2 and CD p/n 0-07-176568-9of set 0-07-176565-4

    Information has been obtained by McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill, or others, McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.

    Sponsoring Editor

    Timothy Green

    Editorial Supervisor

    Patty Mon

    Project Editor

    LeeAnn Pickrell

    Acquisitions Coordinator

    Stephanie Evans

    Technical Editor

    Elizabeth Zinkann

    Copy Editor

    Robert Campbell

    Proofreader

    Susie Elkind

    Indexer

    Rebecca Plunkett

    Production Supervisor

    Jim Kussow

    Composition

    Eurodesign-Peter Hancik

    Illustration

    Eurodesign-Peter Hancik

    Art Director, Cover

    Jeff Weeks

    Copyright 2011 by The McGraw-Hill Companies

  • For the young widows and widowers,

    may they find the courage to face their fears,

    to navigate their way through the pain,

    and to find hope for a brighter future.

    Copyright 2011 by The McGraw-Hill Companies

  • Copyright 2011 by The McGraw-Hill Companies

  • ABOUT THE CONTRIBUTORS

    Author

    Michael Jang (RHCE, LPIC-2, UCP, LCP, Linux+, MCP) is currently a full-time

    writer, specializing in operating systems and networks. His experience with

    computers goes back to the days of jumbled punch cards. He has written other books

    on Linux certification, including LPIC-1 in Depth, Mike Meyers Linux+ Certification

    Passport, and Sair GNU/Linux Installation and Configuration Exam Cram. His other

    Linux books include Linux Annoyances for Geeks, Linux Patch Management, and

    Mastering Fedora Core Linux 5. He has also written or contributed to books on

    Microsoft operating systems, including MCSE Guide to Microsoft Windows 98 and

    Mastering Windows XP Professional, Second Edition.

    Technical Editor

    Elizabeth Zinkann is a logical Linux catalyst, a freelance technical editor, and

    an independent computer consultant. She was a contributing editor and review

    columnist for Sys Admin Magazine for ten years. As an editor, some of her projects

    have included Mastering Fedora Core Linux 5, LPIC-1 in Depth, Linux Patch

    Management, and Linux All-in-One Desk Reference for Dummies, Fourth Edition. In

    a former life, she also programmed communications features, including ISDN at

    AT&T Network Systems.

    Copyright 2011 by The McGraw-Hill Companies

  • Copyright 2011 by The McGraw-Hill Companies

  • vii

    CONTENTS AT A GLANCE

    1 Prepare for Red Hat Hands-on Certifications . . . . . . . . . . . . . . . . . . . . 1

    2 Virtual Machines and Automated Installations . . . . . . . . . . . . . . . . . . 69

    3 Fundamental Command Line Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

    4 RHCSA-Level Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

    5 The Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

    6 Linux Filesystem Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

    7 Package Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

    8 User Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465

    9 RHCSA-Level System Administration Tasks . . . . . . . . . . . . . . . . . . . . 515

    10 A Security Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563

    11 System Services and SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629

    12 RHCE Administrative Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681

    13 Electronic Mail Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 727

    14 The Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769

    15 The Samba File Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 831

    16 More File-Sharing Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883

    17 Administrative Services: DNS, FTP, and Logging . . . . . . . . . . . . . . . . . 931

    A Prepare a System for the Sample Exams . . . . . . . . . . . . . . . . . . . . . . . . 967

    B Sample Exam 1: RHCSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 973

    Copyright 2011 by The McGraw-Hill Companies

  • viii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    C Sample Exam 2: RHCSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 977

    D Sample Exam 3: RHCE Sample Exam 1 . . . . . . . . . . . . . . . . . . . . . . . . 981

    E Sample Exam 4: RHCE Sample Exam 2 . . . . . . . . . . . . . . . . . . . . . . . . 985

    F About the CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 991

    Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995

    Copyright 2011 by The McGraw-Hill Companies

  • ix

    CONTENTS

    About the Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

    Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix

    Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

    Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xliii

    1 Prepare for Red Hat Hands-on Certifications . . . . . . . 1

    The RHCSA and RHCE Exams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

    The Exam Experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

    The RHCSA Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

    The RHCE Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

    If Youre Studying Just for the RHCSA Exam . . . . . . . . . . . 7

    Evolving Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

    Basic Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

    Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

    Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

    RAM Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

    Hard Drive Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

    Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

    Virtual Machine Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

    Get Red Hat Enterprise Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

    Purchase a Subscription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

    Get an Evaluation Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

    Third-Party Rebuilds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

    Check the Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

    Installation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

    You Wont Start from Scratch . . . . . . . . . . . . . . . . . . . . . . . . . 17

    The Advantages of Network Installation . . . . . . . . . . . . . . . . 17

    Red Hat and Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . 17

    Virtual and Physical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 18

    A Pre-installed Environment for Practice Labs . . . . . . . . . . . . 18

    System Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

    Copyright 2011 by The McGraw-Hill Companies

  • x RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

    Boot Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

    CD/DVD or Boot USB Starts Installation . . . . . . . . . . . . . . . . 22

    Basic Installation Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

    The Installation Perspective on Partitions . . . . . . . . . . . . . . . 31

    Partition Creation Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

    Exercise 1-1: Partitioning During Installation . . . . . . . . . . . 37

    Configure the Bootloader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

    Wow, Look at All That Software! . . . . . . . . . . . . . . . . . . . . . . 40

    Baseline Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

    Package Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

    On Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

    System Setup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

    The First Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

    Default Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

    Special Setup Options for Virtual Machines . . . . . . . . . . . . . . 51

    Configure Default File Sharing Services . . . . . . . . . . . . . . . . . . . . . . . . 51

    Mount and Copy the Installation DVD . . . . . . . . . . . . . . . . . . 52

    Set Up a Default Configuration Apache Server . . . . . . . . . . . 53

    Exercise 1-2: Configure Apache as an Installation Server . . 55

    Share Copied Files via FTP Server . . . . . . . . . . . . . . . . . . . . . . 56

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

    2 Virtual Machines and Automated Installations . . . . . . 69

    Configure KVM for Red Hat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

    Why Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

    If You Have to Install KVM . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

    The Right KVM Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

    Configure the Virtual Machine Manager . . . . . . . . . . . . . . . . . 75

    Exercise 2-1: Create a Second Virtual Network . . . . . . . . . . 78

    Configure a Virtual Machine on KVM . . . . . . . . . . . . . . . . . . . . . . . . . 82

    Configure a Virtual Machine on KVM . . . . . . . . . . . . . . . . . . 83

    Copyright 2011 by The McGraw-Hill Companies

  • Contents xi

    Exercise 2-2: Add Virtual Hard Drives . . . . . . . . . . . . . . . . . 88

    KVM Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

    Control Virtual Machines from the Command Line . . . . . . . . 90

    Automated Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

    Kickstart Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

    Set Up Local Access to Kickstart . . . . . . . . . . . . . . . . . . . . . . . 97

    Set Up Network Access to Kickstart . . . . . . . . . . . . . . . . . . . . 99

    Sample Kickstart File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

    Exercise 2-3: Create and Use a Sample Kickstart File . . . . . 105

    The Kickstart Configurator . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

    Administration with the Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . 112

    Configure an SSH Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

    Command Line Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

    More SSH Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . 114

    Graphical Secure Shell Access . . . . . . . . . . . . . . . . . . . . . . . . . 115

    Consider Adding These Command Line Tools . . . . . . . . . . . . . . . . . . . 116

    Checking Ports with telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

    Checking Ports with nmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

    Configure an E-Mail Client . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

    The Use of Text and Graphical Browsers . . . . . . . . . . . . . . . . 119

    Using lftp to Access URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

    3 Fundamental Command Line Skills . . . . . . . . . . . . . . . 135

    Shells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

    Other Shells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

    Terminal Consoles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

    GUI Shell Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

    Differences Between Regular and Administrative Users . . . . . 141

    Text Streams and Command Redirection . . . . . . . . . . . . . . . . 142

    Standard Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

    File and Directory Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

    File Lists and ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

    Copyright 2011 by The McGraw-Hill Companies

  • xii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    File Creation Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

    Wildcards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

    File Searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

    The Management of Text Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

    Commands to Read Text Streams . . . . . . . . . . . . . . . . . . . . . . 153

    Commands to Process Text Streams . . . . . . . . . . . . . . . . . . . . 155

    Edit Text Files at the Console . . . . . . . . . . . . . . . . . . . . . . . . . 157

    Exercise 3-1: Using vi to Create a New User . . . . . . . . . . . . 159

    If You Dont Like vi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

    Edit Text Files in the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

    Local Online Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

    When You Need Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

    A Variety of man Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

    The info Manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

    Detailed Documentation in /usr/share/doc . . . . . . . . . . . . . . . 167

    A Networking Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

    IP Version 4 Numbers and Address Classes . . . . . . . . . . . . . . . 168

    Basic IP Version 6 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . 169

    How to Define a Network with IP Addresses . . . . . . . . . . . . . 170

    Tools, Commands, and Gateways . . . . . . . . . . . . . . . . . . . . . . . 171

    Network Configuration and Troubleshooting . . . . . . . . . . . . . . . . . . . . 177

    Network Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . 177

    Network Configuration Tools . . . . . . . . . . . . . . . . . . . . . . . . . 181

    Exercise 3-2: Configure a Network Card . . . . . . . . . . . . . . . 183

    Hostname Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . 187

    Hostname Configuration Options . . . . . . . . . . . . . . . . . . . . . . 189

    The Network Manager Applet . . . . . . . . . . . . . . . . . . . . . . . . . 189

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

    Copyright 2011 by The McGraw-Hill Companies

  • Contents xiii

    4 RHCSA-Level Security Options . . . . . . . . . . . . . . . . . . 201

    Basic File Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

    File Permissions and Ownership . . . . . . . . . . . . . . . . . . . . . . . . 204

    Basic User and Group Concepts . . . . . . . . . . . . . . . . . . . . . . . 206

    The umask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

    Commands to Change Permissions and Ownership . . . . . . . . 208

    Special File Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

    Access Control Lists and More . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

    Every File Already Has an ACL . . . . . . . . . . . . . . . . . . . . . . . . 212

    Make a Filesystem ACL Friendly . . . . . . . . . . . . . . . . . . . . . . . 213

    Manage ACLs on a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

    Configure a Directory for ACLs . . . . . . . . . . . . . . . . . . . . . . . . 216

    Special Restrictions with ACLs . . . . . . . . . . . . . . . . . . . . . . . . 217

    ACLs and Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

    Exercise 4-1: Use ACLs to Deny a User . . . . . . . . . . . . . . . . 218

    NFS Shares and ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

    Basic Firewall Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

    Standard Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

    A Focus on iptables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

    Keep That Firewall in Operation . . . . . . . . . . . . . . . . . . . . . . . 225

    The Default RHEL 6 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . 225

    The Firewall Configuration Tools . . . . . . . . . . . . . . . . . . . . . . 228

    Exercise 4-2: Adjust Firewall Settings . . . . . . . . . . . . . . . . . . 234

    A Security-Enhanced Linux Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

    Basic Features of SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

    SELinux Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

    SELinux Configuration at the Command Line . . . . . . . . . . . . 237

    Configure Basic SELinux Settings . . . . . . . . . . . . . . . . . . . . . . 237

    Configure Regular Users for SELinux . . . . . . . . . . . . . . . . . . . 238

    Manage SELinux Boolean Settings . . . . . . . . . . . . . . . . . . . . . 240

    List and Identify SELinux File Contexts . . . . . . . . . . . . . . . . . 241

    Restore SELinux File Contexts . . . . . . . . . . . . . . . . . . . . . . . . 242

    Identify SELinux Process Contexts . . . . . . . . . . . . . . . . . . . . . 242

    Diagnose and Address SELinux Policy Violations . . . . . . . . . . 243

    The GUI SELinux Management Tool . . . . . . . . . . . . . . . . . . . 246

    The SELinux Troubleshoot Browser . . . . . . . . . . . . . . . . . . . . 251

    Exercise 4-3: Test an SELinux User Type . . . . . . . . . . . . . . . 252

    Copyright 2011 by The McGraw-Hill Companies

  • xiv RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

    5 The Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

    The BIOS and the UEFI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

    Basic System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

    Startup Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

    Access to Linux Bootloaders . . . . . . . . . . . . . . . . . . . . . . . . . . 267

    Bootloaders and GRUB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

    GRUB, the GRand Unified Bootloader . . . . . . . . . . . . . . . . . . 269

    Boot into Different Runlevels . . . . . . . . . . . . . . . . . . . . . . . . . 269

    Exercise 5-1: Boot into a Different Runlevel . . . . . . . . . . . . 271

    Modify the System Bootloader . . . . . . . . . . . . . . . . . . . . . . . . . 272

    More Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

    GRUB Security and Password Protection . . . . . . . . . . . . . . . . 276

    How to Update GRUB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

    Effects of GRUB Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

    The GRUB Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

    Exercise 5-2: Using the GRUB Command Line . . . . . . . . . . 279

    Create Your Own GRUB Configuration File . . . . . . . . . . . . . . 280

    An Option to Booting from GRUB: Rescue Mode . . . . . . . . . 281

    Between GRUB and Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

    Kernels and the Initial RAM Disk . . . . . . . . . . . . . . . . . . . . . . 285

    The First Process, Runlevels, and Services . . . . . . . . . . . . . . . 287

    Switch Between Runlevels . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

    Reboot and Shut Down a System Normally . . . . . . . . . . . . . . 288

    Upstart Replaces SysVInit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

    Upstart Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

    Terminals and Login Screens . . . . . . . . . . . . . . . . . . . . . . . . . . 293

    Control by Runlevel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

    Functionality by Runlevel . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

    The Innards of Runlevel Scripts . . . . . . . . . . . . . . . . . . . . . . . 296

    Service Configuration from the Command Line . . . . . . . . . . . 296

    The Text Console Service Configuration Tool . . . . . . . . . . . . 298

    The GUI Service Configuration Tool . . . . . . . . . . . . . . . . . . . 299

    Copyright 2011 by The McGraw-Hill Companies

  • Contents xv

    Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

    Network Configuration Commands . . . . . . . . . . . . . . . . . . . . . 301

    Network Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . 306

    The /etc/sysconfig/network-scripts Files . . . . . . . . . . . . . . . . . . 307

    Red Hat Configuration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . 308

    Exercise 5-3: Modify Network Interfaces with the

    Network Connections Tool . . . . . . . . . . . . . . . . . . . . . . . . . 310

    Configure Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

    Exercise 5-4: Revise Network Interfaces on a

    Cloned System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

    Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

    An NTP Client and Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

    Date/Time Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

    6 Linux Filesystem Administration . . . . . . . . . . . . . . . . . . 331

    Storage Management and Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

    Current System State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

    The fdisk Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

    The parted Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

    Graphical Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348

    Exercise 6-1: Work with fdisk and parted . . . . . . . . . . . . . . . 350

    Filesystem Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

    Standard Formatting Filesystems . . . . . . . . . . . . . . . . . . . . . . . 352

    Journaling Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

    Filesystem Format Commands . . . . . . . . . . . . . . . . . . . . . . . . . 354

    Swap Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

    Filesystem Check Commands . . . . . . . . . . . . . . . . . . . . . . . . . 355

    Filesystem Conversions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

    Exercise 6-2: Format, Check, and Mount Different

    Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357

    Copyright 2011 by The McGraw-Hill Companies

  • xvi RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    Basic Linux Filesystems and Directories . . . . . . . . . . . . . . . . . . . . . . . . 358

    Separate Linux Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

    Directories That Can Be Mounted Separately . . . . . . . . . . . . . 359

    Logical Volume Management (LVM) . . . . . . . . . . . . . . . . . . . . . . . . . . 361

    Definitions in LVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

    Create a Physical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

    Create a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

    Create a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363

    Make Use of a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . 363

    More LVM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363

    Remove a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

    Resize Logical Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

    The GUI Logical Volume Management Tool . . . . . . . . . . . . . 368

    Volume Encryption with the Linux Unified Key Setup . . . . . . . . . . . . 375

    Passwords, Passphrases, and More . . . . . . . . . . . . . . . . . . . . . . 375

    Encryption During Installation . . . . . . . . . . . . . . . . . . . . . . . . 376

    Prepare and Initialize Encryption . . . . . . . . . . . . . . . . . . . . . . . 377

    Prepare the New Filesystem . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

    Create the New Filesystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

    Filesystem Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381

    The /etc/fstab File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382

    Universally Unique Identifiers in /etc/fstab . . . . . . . . . . . . . . . 384

    The mount Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

    More Filesystem Mount Options . . . . . . . . . . . . . . . . . . . . . . . 386

    Virtual Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

    Add Your Own Filesystems to /etc/fstab . . . . . . . . . . . . . . . . . . 387

    Removable Media and /etc/fstab . . . . . . . . . . . . . . . . . . . . . . . 388

    Networked Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

    The Automounter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

    Mounting via the Automounter . . . . . . . . . . . . . . . . . . . . . . . . 390

    Exercise 6-3: Configure the Automounter . . . . . . . . . . . . . . 396

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405

    Copyright 2011 by The McGraw-Hill Companies

  • Contents xvii

    7 Package Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

    The Red Hat Package Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

    What Is a Package? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

    What Is a Red Hat Package? . . . . . . . . . . . . . . . . . . . . . . . . . . 412

    What Is a Repository? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

    Install an RPM Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

    Uninstall an RPM Package . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

    Install RPMs from Remote Systems . . . . . . . . . . . . . . . . . . . . . 415

    RPM Installation Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

    Special RPM Procedures with the Kernel . . . . . . . . . . . . . . . . 418

    More RPM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420

    Package Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

    Package Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

    File Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422

    Different Databases of Installed Packages . . . . . . . . . . . . . . . . 424

    Dependencies and the yum Command . . . . . . . . . . . . . . . . . . . . . . . . . 424

    An Example of Dependency Hell . . . . . . . . . . . . . . . . . . . . . . 424

    Relief from Dependency Hell . . . . . . . . . . . . . . . . . . . . . . . . . . 426

    Basic yum Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427

    The Basic yum Configuration File: yum.conf . . . . . . . . . . . . . 428

    Configuration Files in the /etc/yum/pluginconf.d Directory . . 430

    Configuration Files in the /etc/yum.repos.d Directory . . . . . . . 431

    Create Your Own /etc/yum.repos.d Configuration File . . . . . . 434

    Exercise 7-1: Create a yum Repository from the

    RHEL 6 DVD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437

    Third-Party Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438

    Basic yum Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

    Installation Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

    Security and yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

    Updates and Security Fixes . . . . . . . . . . . . . . . . . . . . . . . . . . . 442

    Package Groups and yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442

    More yum Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444

    More Package Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

    The GNOME Software Update Tool . . . . . . . . . . . . . . . . . . . . 448

    Automated Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448

    GNOME Add/Remove Software Tool . . . . . . . . . . . . . . . . . . . 450

    Copyright 2011 by The McGraw-Hill Companies

  • xviii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    Exercise 7-2: Installing More with yum and the Add/Remove

    Software Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

    The Red Hat Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461

    8 User Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465

    User Account Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

    Different Kinds of Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

    The Shadow Password Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . 468

    Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

    Exercise 8-1: Add a User with the Red Hat User Manager . . 476

    Exercise 8-2: Real and Fake Shells . . . . . . . . . . . . . . . . . . . . 478

    Delete a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478

    Modify an Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

    More User and Group Management Commands . . . . . . . . . . . 480

    Administrative Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

    The Ability to Log In as root . . . . . . . . . . . . . . . . . . . . . . . . . . 483

    Exercise 8-3: Limit root Logins . . . . . . . . . . . . . . . . . . . . . . . 483

    The Ability to Log In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484

    The Proper Use of the su Command . . . . . . . . . . . . . . . . . . . . 485

    Limit Access to su . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

    The Proper Use of the sg Command . . . . . . . . . . . . . . . . . . . . 486

    Custom Administrators with the sudo Command . . . . . . . . . . 486

    Other Administrative Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

    User and Shell Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

    Home Directories and /etc/skel . . . . . . . . . . . . . . . . . . . . . . . . 489

    /etc/bashrc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490

    /etc/profile and /etc/profile.d . . . . . . . . . . . . . . . . . . . . . . . . . . 490

    /etc/profile.d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

    Exercise 8-4: Another Way to Secure a System . . . . . . . . . . 491

    Shell Configuration Files in User Home Directories . . . . . . . . 492

    Login, Logout, and User Switching . . . . . . . . . . . . . . . . . . . . . 492

    Copyright 2011 by The McGraw-Hill Companies

  • Contents xix

    Users and Network Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493

    LDAP Client Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 494

    The Name Service Switch File . . . . . . . . . . . . . . . . . . . . . . . . 496

    Red Hat Network Authentication Tools . . . . . . . . . . . . . . . . . 497

    Special Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500

    Standard and Red Hat Groups . . . . . . . . . . . . . . . . . . . . . . . . . 501

    Shared Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501

    Exercise 8-5: Control Group Ownership with the SGID Bit . . 502

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511

    9 RHCSA-Level System Administration Tasks . . . . . . . . 515

    Configure Access with VNC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517

    Install and Configure a TigerVNC Server . . . . . . . . . . . . . . . . 518

    The GNOME-Based vino Server . . . . . . . . . . . . . . . . . . . . . . . 519

    Install and Configure a VNC Client . . . . . . . . . . . . . . . . . . . . 521

    Firewall Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523

    Confirm Access to a VNC Server . . . . . . . . . . . . . . . . . . . . . . 524

    Route Through a Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . 525

    More VNC Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526

    A User VNC Configuration File . . . . . . . . . . . . . . . . . . . . . . . 526

    Elementary System Administration Commands . . . . . . . . . . . . . . . . . . 527

    System Resource Management Commands . . . . . . . . . . . . . . . 527

    Archives and Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . 536

    Control Services Through Daemons . . . . . . . . . . . . . . . . . . . . 538

    Automate System Administration: cron and at . . . . . . . . . . . . . . . . . . 539

    The System crontab and Components . . . . . . . . . . . . . . . . . . . 539

    Hourly cron Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542

    Regular Anacron Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543

    Setting Up cron for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544

    Exercise 9-1: Create a cron Job . . . . . . . . . . . . . . . . . . . . . . . 545

    Running a Job with the at System . . . . . . . . . . . . . . . . . . . . . . 545

    Secure cron and at . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546

    Local Log File Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548

    System Log Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . 548

    Copyright 2011 by The McGraw-Hill Companies

  • xx RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    Log File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550

    A Variety of Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551

    Service Specific Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552

    Exercise 9-2: Learn the Log Files . . . . . . . . . . . . . . . . . . . . . . 552

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560

    10 A Security Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563

    The Layers of Linux Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564

    Bastion Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565

    Best Defenses with Security Updates . . . . . . . . . . . . . . . . . . . . 566

    Service-Specific Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567

    Host-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569

    User-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569

    Console Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570

    Recommendations from the U.S. National Security Agency . . 570

    The PolicyKit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571

    Firewalls and Network Address Translation . . . . . . . . . . . . . . . . . . . . . 573

    Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573

    The Structure of the iptables Command . . . . . . . . . . . . . . . . . 574

    The Default Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577

    Recommendations from the NSA . . . . . . . . . . . . . . . . . . . . . . 577

    Make Sure the Firewall Is Running . . . . . . . . . . . . . . . . . . . . . 580

    IP Masquerading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580

    IP Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582

    The Red Hat Firewall Configuration Tool . . . . . . . . . . . . . . . . 583

    The Extended Internet Super-Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 591

    Generic xinetd Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 592

    Service-Specific xinetd Configuration . . . . . . . . . . . . . . . . . . . 593

    Exercise 10-1: Configure xinetd . . . . . . . . . . . . . . . . . . . . . . 595

    TCP Wrappers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596

    Is a Service Protected by TCP Wrappers? . . . . . . . . . . . . . . . . 596

    TCP Wrappers Configuration Files . . . . . . . . . . . . . . . . . . . . . 597

    Exercise 10-2: Configure TCP Wrappers . . . . . . . . . . . . . . . 599

    Copyright 2011 by The McGraw-Hill Companies

  • Contents xxi

    Pluggable Authentication Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 600

    Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601

    Control Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602

    The Format of a PAM File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604

    Exercise 10-3: Configure PAM . . . . . . . . . . . . . . . . . . . . . . . 608

    PAM and User-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . 608

    Exercise 10-4: Use PAM to Limit User Access . . . . . . . . . . . 610

    Secure Files and More with GPG2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611

    GPG2 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612

    Current GPG2 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 612

    GPG2 Encryption Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613

    Generate a GPG2 Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613

    Use a GPG2 Key to Secure a File . . . . . . . . . . . . . . . . . . . . . . . 616

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624

    11 System Services and SELinux . . . . . . . . . . . . . . . . . . . . 629

    Red Hat System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631

    Service Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631

    System Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632

    Bigger Picture Configuration Process . . . . . . . . . . . . . . . . . . . . 635

    Available Configuration Tools . . . . . . . . . . . . . . . . . . . . . . . . . 635

    Security-Enhanced Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637

    Options in the SELinux Booleans Directory . . . . . . . . . . . . . . 637

    Service Categories of SELinux Booleans . . . . . . . . . . . . . . . . . 639

    Boolean Configuration with the SELinux Management Tool . . 639

    Boolean Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640

    SELinux File Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645

    Exercise 11-1: Configure a New Directory with Appropriate

    SELinux Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647

    The Secure Shell Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648

    SSH Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . 648

    SSH Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649

    Basic Encrypted Communication . . . . . . . . . . . . . . . . . . . . . . . 650

    Copyright 2011 by The McGraw-Hill Companies

  • xxii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    Set Up a Private/Public Pair for Key-Based Authentication . . 652

    Configure an SSH Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 654

    User-Based Security for SSH . . . . . . . . . . . . . . . . . . . . . . . . . . 662

    Host-Based Security for SSH . . . . . . . . . . . . . . . . . . . . . . . . . . 662

    A Security and Configuration Checklist . . . . . . . . . . . . . . . . . . . . . . . . 663

    Installation of Server Services . . . . . . . . . . . . . . . . . . . . . . . . . 663

    Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667

    Make Sure the Service Survives a Reboot . . . . . . . . . . . . . . . . 667

    Review Access Through Layers of Security . . . . . . . . . . . . . . . 668

    Exercise 11-2: Review the Different Effects of iptables and

    TCP Wrappers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 674 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679

    12 RHCE Administrative Tasks . . . . . . . . . . . . . . . . . . . . . . 681

    Automate System Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683

    Standard Administrative Scripts . . . . . . . . . . . . . . . . . . . . . . . 683

    Script Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685

    Create Your Own Administrative Scripts . . . . . . . . . . . . . . . . 687

    Exercise 12-1: Create a Script . . . . . . . . . . . . . . . . . . . . . . . . 688

    Kernel Run-Time Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689

    How sysctl Works with /etc/sysctl.conf . . . . . . . . . . . . . . . . . . 689

    Settings in the /etc/sysctl.conf File . . . . . . . . . . . . . . . . . . . . . . 690

    Exercise 12-2: Disable Responses to the ping Command . . . 691

    Create an RPM Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 692

    Source RPMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693

    The Directory Structure of an RPM Source . . . . . . . . . . . . . . 694

    Create Custom Source Code . . . . . . . . . . . . . . . . . . . . . . . . . . 696

    One More Prep Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 697

    Create Your Own spec File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698

    Build Your Own RPM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702

    The Built RPMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703

    Special Network Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 704

    Configure Special IP Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . 704

    Copyright 2011 by The McGraw-Hill Companies

  • Contents xxiii

    Set Up a Kerberos Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 708

    Connect to Remote iSCSI Storage . . . . . . . . . . . . . . . . . . . . . 712

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 720

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 722

    13 Electronic Mail Servers . . . . . . . . . . . . . . . . . . . . . . . . . 727

    A Variety of E-Mail Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729

    Definitions and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729

    Relevant Mail Server Packages . . . . . . . . . . . . . . . . . . . . . . . . 730

    Use alternatives to Select an E-Mail System . . . . . . . . . . . . . . 731

    General User Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732

    Mail Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733

    Common Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734

    Testing an E-Mail Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735

    Exercise 13-1: Create Users Just for E-Mail . . . . . . . . . . . . . 735

    The Configuration of Postfix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736

    Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736

    The main.cf Configuration File . . . . . . . . . . . . . . . . . . . . . . . . 740

    The /etc/aliases Configuration File . . . . . . . . . . . . . . . . . . . . . 743

    The master.cf Configuration File . . . . . . . . . . . . . . . . . . . . . . . 744

    Test the Current Postfix Configuration . . . . . . . . . . . . . . . . . . 744

    Configure Postfix Authentication . . . . . . . . . . . . . . . . . . . . . . 745

    Configure Incoming E-Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . 746

    Configure a Relay Through a Smart Host . . . . . . . . . . . . . . . . 746

    Exercise 13-2: Switch Services . . . . . . . . . . . . . . . . . . . . . . . 747

    The Other SMTP Service: sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . 747

    The Basics of sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 748

    Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 749

    The sendmail.mc Macro File . . . . . . . . . . . . . . . . . . . . . . . . . . 750

    The submit.mc Macro File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755

    Configure sendmail to Accept E-Mail from Other Systems . . 756

    Configure sendmail to Relay E-Mail to a Smart Host . . . . . . . 757

    Configure User- and Host-Based sendmail Security . . . . . . . . 757

    Test the Current sendmail Configuration . . . . . . . . . . . . . . . . 757

    Copyright 2011 by The McGraw-Hill Companies

  • xxiv RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 760 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764

    14 The Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . 769

    The Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771

    Apache 2.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771

    The LAMP Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772

    Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772

    Exercise 14-1: Install the Apache Server . . . . . . . . . . . . . . . 773

    The Apache Configuration Files . . . . . . . . . . . . . . . . . . . . . . . 775

    Analyze the Default Apache Configuration . . . . . . . . . . . . . . 775

    The Main Apache Configuration File . . . . . . . . . . . . . . . . . . . 776

    Basic Apache Configuration for a Simple Web Server . . . . . . 779

    Apache Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 780

    Standard Apache Security Configuration . . . . . . . . . . . . . . . . . . . . . . . 782

    Ports and Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 782

    Apache and SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 782

    Module Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785

    Security Within Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 787

    Exercise 14-2: The Apache Welcome and the

    noindex.html Story . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 790

    Exercise 14-3: Create a List of Files . . . . . . . . . . . . . . . . . . . 791

    Host-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 792

    User-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793

    Specialized Apache Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 794

    Control Through the .htaccess File . . . . . . . . . . . . . . . . . . . . . 795

    Password-Protected Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 795

    Home Directory Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 796

    Group-Managed Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . 798

    Exercise 14-4: Password Protection for a Web Directory . . . 800

    Regular and Secure Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801

    The Standard Virtual Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802

    Secure Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805

    Create a New SSL Certificate . . . . . . . . . . . . . . . . . . . . . . . . . 808

    Copyright 2011 by The McGraw-Hill Companies

  • Contents xxv

    Test Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811

    Syntax Checkers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 812

    Apache Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 813

    Exercise 14-5: Set Up a Virtual Web Server . . . . . . . . . . . . . 814

    Deploy a Basic CGI Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 815

    Apache Configuration Changes for CGI Files . . . . . . . . . . . . . 816

    Set Up a Simple CGI Script . . . . . . . . . . . . . . . . . . . . . . . . . . . 817

    Connections to a Web Site . . . . . . . . . . . . . . . . . . . . . . . . . . . 818

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 821 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 823

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 824

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 825

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 826

    15 The Samba File Server . . . . . . . . . . . . . . . . . . . . . . . . . . 831

    Samba Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833

    Install Samba Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 834

    Some Samba Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 834

    Ports, Firewalls, and Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . 835

    Configure SELinux Booleans for Samba . . . . . . . . . . . . . . . . . 836

    Configure SELinux File Types for Samba . . . . . . . . . . . . . . . . . 837

    Samba Daemons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 838

    Samba Server Global Configuration . . . . . . . . . . . . . . . . . . . . 838

    Shared Samba Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847

    Let Samba Join a Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . 851

    The Samba User Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . 852

    Create a Public Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 853

    Exercise 15-1: Configure a Samba Home Directory Share . . 854

    The Samba Web Administration Tool . . . . . . . . . . . . . . . . . . . 856

    Test Changes to /etc/samba/smb.conf . . . . . . . . . . . . . . . . . . . 862

    Review User- and Host-Based Samba Security . . . . . . . . . . . . 863

    Review Basic Samba Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . 865

    Exercise 15-2: Configuring Samba with Shares . . . . . . . . . . 865

    Samba as a Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 867

    Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 867

    Mount Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 868

    Automated Samba Mounts . . . . . . . . . . . . . . . . . . . . . . . . . . . 868

    Copyright 2011 by The McGraw-Hill Companies

  • xxvi RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    Samba Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 869

    Samba Problem Identification . . . . . . . . . . . . . . . . . . . . . . . . . 869

    Local Log File Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 870

    Enable Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 873 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 874

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877

    16 More File-Sharing Services . . . . . . . . . . . . . . . . . . . . . . 883

    The Network File System (NFS) Server . . . . . . . . . . . . . . . . . . . . . . . . 885

    NFS Options for RHEL 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885

    Basic NFS Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 886

    Basic NFS Server Configuration . . . . . . . . . . . . . . . . . . . . . . . 887

    Configure NFS for Basic Operation . . . . . . . . . . . . . . . . . . . . . 890

    Special Requirements for /home Directories . . . . . . . . . . . . . . 892

    Fixed Ports in /etc/sysconfig/nfs . . . . . . . . . . . . . . . . . . . . . . . . 893

    Make NFS Work with SELinux . . . . . . . . . . . . . . . . . . . . . . . . 896

    Quirks and Limitations of NFS . . . . . . . . . . . . . . . . . . . . . . . . 898

    Performance Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 900

    NFS Security Directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 901

    Options for Host-Based Security . . . . . . . . . . . . . . . . . . . . . . . 903

    Options for User-Based Security . . . . . . . . . . . . . . . . . . . . . . . 903

    Exercise 16-1: NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 903

    Test an NFS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905

    NFS Mount Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905

    Configure NFS in /etc/fstab . . . . . . . . . . . . . . . . . . . . . . . . . . . 906

    Diskless Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907

    Soft Mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907

    Current NFS Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 908

    The Very Secure FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 908

    Basic vsFTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 909

    The Main vsFTP Configuration File . . . . . . . . . . . . . . . . . . . . 909

    Other vsFTP Configuration Files . . . . . . . . . . . . . . . . . . . . . . . 914

    Configure SELinux Support for vsFTP . . . . . . . . . . . . . . . . . . 915

    Ports, Firewalls, and vsFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916

    Copyright 2011 by The McGraw-Hill Companies

  • Contents xxvii

    Exercise 16-2: Configure a Basic vsFTP Server . . . . . . . . . . 917

    Anonymous-Only Download Configuration . . . . . . . . . . . . . . 918

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 924

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 926

    17 Administrative Services: DNS, FTP, and Logging . . . . . 931

    Basic Domain Service Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . 933

    Basic Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 934

    DNS Package Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 934

    Different Types of DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . 935

    Minimal DNS Server Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 935

    BIND Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 935

    A Caching-Only Name Server . . . . . . . . . . . . . . . . . . . . . . . . . 937

    Starting named . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 939

    A Forwarding Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 940

    Forwarding from a Caching-Only Name Server . . . . . . . . . . . 941

    BIND Troubleshooting Commands . . . . . . . . . . . . . . . . . . . . . 942

    Exercise 17-1: Set Up Your Own DNS Server . . . . . . . . . . . 943

    Set Up System Utilization Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 944

    System Utilization Commands . . . . . . . . . . . . . . . . . . . . . . . . . 944

    The System Status Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 945

    Collect System Status into Logs . . . . . . . . . . . . . . . . . . . . . . . . 946

    Prepare a System Status Report . . . . . . . . . . . . . . . . . . . . . . . . 947

    Configure a System Logging Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 949

    System Logging Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 949

    Enable Logging Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950

    Configure Logging Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950

    Configure Logging Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . 951

    Limit Access to Specified Systems . . . . . . . . . . . . . . . . . . . . . . 952

    The Network Time Server Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953

    The NTP Server Configuration File . . . . . . . . . . . . . . . . . . . . 953

    Security Limits on NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 955

    Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 958 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 960

    Copyright 2011 by The McGraw-Hill Companies

  • xxviii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 961

    Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 962

    Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 963

    A Prepare a System for the Sample Exams . . . . . . . . . . . 967

    Basic Sample Exam System Requirements . . . . . . . . . . . . . . . . . . . . . . 968

    Additional Sample Exam System Requirements for the RHCE . . . . . . 971

    B Sample Exam 1: RHCSA . . . . . . . . . . . . . . . . . . . . . . . . 973

    RHCSA Sample Exam 1 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . 975

    C Sample Exam 2: RHCSA . . . . . . . . . . . . . . . . . . . . . . . . 977

    RHCSA Sample Exam 2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . 979

    D Sample Exam 3: RHCE Sample Exam 1 . . . . . . . . . . . . 981

    RHCE Sample Exam 1 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 983

    E Sample Exam 4: RHCE Sample Exam 2 . . . . . . . . . . . . 985

    RHCE Sample Exam 2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 987

    F About the CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 991

    System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 992

    Electronic Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 992

    Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 993

    Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995

    Copyright 2011 by The McGraw-Hill Companies

  • xxix

    ACKNOWLEDGMENTS

    I personally would like to thank the following people: Nancy E. Cropley, R.N. (d. 2002): Its now been nearly ten years since

    youve left this world, but I continue to hold your spirit in my heart, and I

    hope you can still see the joy of the world through my eyes. You are my hero,

    even today. I hope you can see how happy I am with Donna, but I will always

    miss you.

    As a political activist, you fought for what you believed in: social justice,

    peace, and universal health care. You were never afraid to go to jail to support

    your beliefs. Your example is helping me find a backbone for life.

    As a nurse for the homeless, you helped so many who are less fortunate. You

    worked tirelessly in the clinics, in the shelters, and on the streets. Your efforts

    eased the pain of so many people. And you saved lives.

    As an Internet entrepreneur, you showed me how to be happy pursuing a life

    working from home. You made it possible for me to have the freedom to be,

    instead of getting stuck in the corporate world.

    Nancy, you were my partner, my lover, my soul mate. You helped me find joy

    in this world. I take your lessons with me. I thank you for everything youve

    done.

    My wife Donna: With hope and love, you make my life worth living. With your love and support, my life is now better than ever.

    All the incredibly hard-working folks at McGraw-Hill: Stephanie Evans, Tim Green, LeeAnn Pickrell, Robert Campbell, Susie Elkind, and Rebecca

    Plunkett for their help in launching a great series and being solid team

    players.

    Copyright 2011 by The McGraw-Hill Companies

  • Copyright 2011 by The McGraw-Hill Companies

  • xxxi

    PREFACE

    Linux is thriving. Red Hat is at the forefront of the Linux revolution. And Red Hat Certified System Administrators (RHCSA) and Engineers (RHCE) are making it happen.Even in the current economic recovery, business, education, and governments are

    cost conscious. They want control of their operating systems. Linuxeven Red Hat

    Enterprise Linuxsaves money. The open-source nature of Linux allows users to

    control and customize their operating systems. While there is a price associated with

    Red Hat Enterprise Linux (RHEL), the cost includes updates and support. Now with

    KVM, its possible to set up a cluster of virtual, independent installations of RHEL

    (and other operating systems) on a single physical computer. Many companies are

    already converting rooms full of physical systems into closets of just a few systems,

    each configured with banks of virtual machines. As an RHCSA and an RHCE, you

    can join in that revolution.

    While theres a cost associated with a supported version of RHEL, you dont need

    to pay for such support. As I describe shortly, there are trial and student subscriptions

    that you can use, along with freely available rebuilds of RHEL that are built on the

    same source code.

    A rebuild is software that is built by a third party from the same source code

    as the original build. On the other hand, a clone is built from different

    source code.

    Security is another reason to move toward Linux. The U.S. National Security

    Agency has developed its own version of the Linux kernel to provide context-based

    security in a system known as Security-Enhanced Linux (SELinux). RHEL has made

    SELinux a key part of a layered security strategy.

    The RHCSA and RHCE exams are difficult. Available historical data suggests

    that less than 50 percent of first-time candidates pass the RHCE exam. But do not

    be intimidated. While there are no guarantees, this book can help you prepare for

    and pass the RHCSA and RHCE exams. And these same skills can help you in your

    career as a Linux administrator. Just remember, this book is not intended to be a

    substitute for the Red Hat prep courses that I describe shortly.

    Copyright 2011 by The McGraw-Hill Companies

  • xxxii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    To study for this exam, you should have a network of at least three Linux

    computers. Since the RHCSA focuses on virtual machines, youre encouraged to use

    KVM-based systems for two of the computers. After configuring a service, especially

    a network service, it can be helpful to check your work from another computer.

    Getting Red Hat Enterprise Linux

    The Red Hat exams are based on your knowledge of Red Hat Enterprise Linux.

    But heres a significant change. The RHCSA objectives specify a number of points

    associated with virtual machines. The default RHEL 6 solution uses the Kernel-

    based Virtual Machine (KVM). Red Hat supports KVM as a host only on physical

    systems with 64-bit CPUs. Therefore, to study for the KVM-related objectives for

    the RHCSA, youll need physical hardware that can handle a 64-bit version of

    RHEL 6. (However, 64-bit systems may not be absolutely required; 32-bit versions

    of KVM are available on Fedora. However, there is no version of Fedora thats

    completely compatible with RHEL 6.)

    And you should expect to install two or more virtual machines on that 64-bit

    physical system. Virtual hosts work better on systems with multiple CPUs or systems

    with multicore CPUs. So to avoid hardware that slows your studies, youll want a

    64-bit physical system with at least 2GB and preferably 4GB of RAM. (I prepared

    this book on a 64-bit system with 8GB of RAM.) If youre using a laptop system,

    read the information from https://bugzilla.redhat.com/show_bug.cgi?id=667485. If

    the listed bug has not been resolved by the time you read this, the useful lifetime of

    your hard drive may depend on it. As Red Hat Network updates are not explicitly

    listed as a requirement in the Red Hat Exam Prep guide, a trial subscription or a

    rebuild distribution is sufficient for these purposes. If you want a full subscription,

    which can help you test features associated with the Red Hat Network, the price

    depends on the hardware and the desired level of technical support. Ive emphasized

    Red Hat solely to focus on distributions that use Red Hat source code, including the

    rebuilds described in this section (and more).

    With Red Hat Enterprise Linux 6, Red Hat has modified its offerings into three

    categories:

    RHEL Server includes varying levels of support, which themselves fall into three basic categories:

    Regular 32- and 64-bit systems based on AMD and Intel CPUs; the cost varies with the number of CPU sockets and supported virtual guests.

    Copyright 2011 by The McGraw-Hill Companies

  • Preface xxxiii

    IBM POWER Systems; the cost varies with the number of CPU sockets. IBM System z.

    RHEL Desktop includes varying levels of support suitable for workstations. RHEL Add-Ons are available in areas such as High Availability, Resilient

    Storage, Load Balancing, and more.

    I prepared this book with the help of RHEL 6 server. It appears that RHEL 6

    workstation also has the server packages required for the RHCSA and/or the RHCE

    exams. While RHEL is released under open-source licenses, that applies just to the

    source code. Access to the binary packages requires the purchase of a subscription.

    And that can be expensive.

    One of the advantages of an enterprise-level operating system is stability. When

    an enterprise upgrades to RHEL 6, it counts on the ability to revise its configuration

    just once. Security updates and bug fixes should then be automatic. To that end,

    Red Hat takes every possible measure to avoid forcing enterprises to revamp their

    systems just for a point release such as RHEL 6.1. If an enterprise had to revise its

    configuration files for any major service for any point release, the costs associated

    with Red Hats enterprise-level operating systems would also rise.

    For the same reasons, point releases do not affect the Red Hat exam objectives.

    While RHEL 6.1 improves the performance of the operating system, incorporates

    bug fixes, and collects security updates, it has not changed any of the defaults of any

    of the configuration files described in the book.

    When RHEL 6.2, RHEL 6.3, and so on, are released in future months, I expect

    a similar result. Otherwise, Red Hat would likely lose customers, as enterprises

    would encounter unplanned costs to update their systems. Ive monitored RHEL

    releases closely for nearly a decade. Ive seen no evidence of a change to the

    exam objectives based just on a point release. If in doubt, monitor the content of

    the exam objectives listed at www.redhat.com/certification/rhcsa/objectives/ and

    www.redhat.com/certification/rhce/objectives/.

    If youre just studying for the exams, trial subscriptions are available from the

    appropriate product page; for example, a link to Free Evaluation Software is

    available at www.redhat.com/rhel/server. An account on the Red Hat Network

    (RHN) is required. Personal e-mail addresses (such as those associated with certain

    search engines) are not accepted for RHN accounts. While trial subscriptions only

    support updates for 30 days, updates can also be tested using the mirror repositories

    associated with rebuild distributions. And you can download the same operating

    system (for the trial period) from the same sources as paying Red Hat users.

    Copyright 2011 by The McGraw-Hill Companies

  • xxxiv RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

    If youre a student or a member of an educational institution with a .edu e-mail

    address, academic subscriptions are available. As of this writing, the cost of an

    academic subscription to RHEL Server ($60) is a significant discount over the least

    expensive standard RHEL Server subscription ($349).

    But if you dont have an .edu or business e-mail address, you dont have to pay for a

    full or a trial subscription to prepare for the RHCE exam. There are several projects

    dedicated to rebuilds of Red Hat Enterprise Linux. The source code for almost all

    RHEL RPM packages is released under the Linux General Public License (GPL) or

    related open-source licenses. This gives anyone the right to build Red Hat Enterprise

    Linux from the Red Hat released source code.

    The source code is released in Source RPM package format, which means the

    RPM packages can be built using the rpmbuild commands described in Chapter 12.

    The developers behind rebuild distributions have all revised the source code to

    remove Red Hat trademarks. Some, like Scientific Linux 6, are freely available;

    others, like Oracle Linux, require registration and compliance with certain criteria

    such as U.S. export control laws.

    You can select and download the rebuild that most closely meets your needs. I

    have tried several of the rebuilds, including those developed by Scientific Linux and

    Community Enterprise Linux (CentOS). As this book is going to print, Microsoft

    has announced support on its virtual machine software for CentOS.

    The rebuilds of RHEL are freely available; however, you should have a high-speed

    Internet connection. While these rebuilds do make slight modifications to RHEL

    source code (primarily to remove or replace Red Hat trademarks), I have not seen

    any difference that would impair your ability to study for the Red Hat exams.

    Scientific Linux Formerly known as Fermi Linux, it includes a lot of intellectual firepower associated with the Fermi National Accelerator Lab

    as well as CERN, the lab associated with Tim Berners-Lee, the person most

    commonly credited with the invention of the World Wide Web.

    Community Enterprise Linux The Community Enterprise Operating System (CentOS) rebuild developed by the group at www.centos.org appears

    solid to me. This group probably has the largest community among the

    rebuilds. Some messages from CentOS developers suggest that CentOS-6

    should be released by the time this book is available in print.

    For the exams based on Red Hat Enterprise Linux 6, avoid Fedora Linux. Even

    though RHEL 6 is based loosely on Fedora 12, Fedora 13, and even Fedora 14, there

    are sufficient differences in the look and feel of all three releases that may prove

    Copyright 2011 by The McGraw-Hill Companies

  • Preface xxxv

    confusing for the purpose of an exam. And I definitely recommend that you not use

    other distributions, as the Red Hat exams are based on Red Hat Enterprise Linux. In

    many cases, the changes that would be standard on a different Linux release would

    lead to trouble on RHEL 6.

    For Instructors and More

    I encourage everyone to read this guide for instructors. This book is organized to

    help you prepare coursework for, or study for, one exam at a time.

    Perhaps the biggest change in this book is designed to help the instructor. Since

    the RHCSA and RHCE are two entirely separate exams, Ive reorganized this book

    to reflect those changes. If youre studying just for the RHCSA, read Chapters 1

    through 9. If youre studying just for the RHCE, read Chapter 1 and Chapters 10

    through 17. The same changes will help you as a certification candidate as well, so

    you know what skills to gain for each exam.

    Many, perhaps most, candidates have trouble finishing the tasks associated with

    the RHCSA and RHCE exams in the time allotted. One way to save time during

    these exams is to keep things simple. While its important to read over the questions

    carefully, its also important not to overdo things. For example, theres no need to

    configure virtual servers for the RHCSA exam. As suggested by one RHCE-related

    objective, its normally sufficient to configure the service for basic operation.

    Every chapter includes at least 12 fill-in-the-blank questions. While there are

    no multiple-choice or file-in-the-blank questions on Red Hat exams, such questions

    can still help measure student mastery of chapter material. And the fill-in-the-blank

    format puts a premium on the practical experience required on the exam.

    In the same fash