Upload
adrian-claudiu-burca
View
173
Download
2
Embed Size (px)
DESCRIPTION
learn.......study....and stufff
Citation preview
RHCSA/RHCE Red Hat
Linux Certifi cation Study
Guide, Sixth Edition
Exams (EX200 & EX300)
Michael Jang
New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto
McGraw-Hill is an independent entity from Red Hat, Inc., and is not affiliated with Red Hat, Inc., in any manner. This publication and CD may be used in assisting students to prepare for a Red Hat Certified Engineer Exam or a Red Hat Certified System Administrator Exam. Neither Red Hat, Inc., nor McGraw-Hill warrant that use of this publication will ensure passing the relevant exam. Red Hat, Red Hat Linux, Red Hat Enterprise Linux, RHCE, RHCT and RHCSA are either registered trademarks or trademarks of Red Hat, Inc., in the United States and/or other countries.
This publication is not intended to be a substitute for the Red Hat RHCSA prep course RH200 or the RHCE prep course RH300. This study/training guide and/or material is not sponsored by, endorsed by, or affiliated with Red Hat, Inc. in any manner.
Copyright 2011 by The McGraw-Hill Companies
Library of Congress Cataloging-in-Publication Data
Jang, Michael H. RHCSA/RHCE Red Hat Linux certification study guide (exams EX200 & EX300) / Michael Jang. -- 6th ed. p.cm. Rev. ed. of: RHCE Red Hat certified engineer Linux study guide : (exam RH302). 5th ed. 2007. ISBN 978-0-07-176565-7 (alk. paper) 1. Electronic data processing personnel--Certification. 2. Operating systems (Computers)-- Examinations--Study guides. 3. Linux. I. Jang, Michael H. RHCE Red Hat certified engineer Linux study guide. II. Title. QA76.3.J3448 2011 005.432--dc23 2011023732
McGraw-Hill books are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative, please e-mail us at [email protected].
RHCSA/RHCE Red Hat Linux Certification Study Guide
(Exams EX200 & EX300), Sixth Edition
Copyright 2011 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publica-tion may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.
All trademarks or copyrights mentioned herein are the possession of their respective owners and McGraw-Hill makes no claim of ownership by the mention of products that contain these marks.
234567890 DOC DOC 10987654321
ISBN: Book p/n 978-0-07-176566-4 and CD p/n 978-0-07-176568-8of set 978-0-07-176565-7
MHID: Book p/n 0-07-176566-2 and CD p/n 0-07-176568-9of set 0-07-176565-4
Information has been obtained by McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill, or others, McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.
Sponsoring Editor
Timothy Green
Editorial Supervisor
Patty Mon
Project Editor
LeeAnn Pickrell
Acquisitions Coordinator
Stephanie Evans
Technical Editor
Elizabeth Zinkann
Copy Editor
Robert Campbell
Proofreader
Susie Elkind
Indexer
Rebecca Plunkett
Production Supervisor
Jim Kussow
Composition
Eurodesign-Peter Hancik
Illustration
Eurodesign-Peter Hancik
Art Director, Cover
Jeff Weeks
Copyright 2011 by The McGraw-Hill Companies
For the young widows and widowers,
may they find the courage to face their fears,
to navigate their way through the pain,
and to find hope for a brighter future.
Copyright 2011 by The McGraw-Hill Companies
Copyright 2011 by The McGraw-Hill Companies
ABOUT THE CONTRIBUTORS
Author
Michael Jang (RHCE, LPIC-2, UCP, LCP, Linux+, MCP) is currently a full-time
writer, specializing in operating systems and networks. His experience with
computers goes back to the days of jumbled punch cards. He has written other books
on Linux certification, including LPIC-1 in Depth, Mike Meyers Linux+ Certification
Passport, and Sair GNU/Linux Installation and Configuration Exam Cram. His other
Linux books include Linux Annoyances for Geeks, Linux Patch Management, and
Mastering Fedora Core Linux 5. He has also written or contributed to books on
Microsoft operating systems, including MCSE Guide to Microsoft Windows 98 and
Mastering Windows XP Professional, Second Edition.
Technical Editor
Elizabeth Zinkann is a logical Linux catalyst, a freelance technical editor, and
an independent computer consultant. She was a contributing editor and review
columnist for Sys Admin Magazine for ten years. As an editor, some of her projects
have included Mastering Fedora Core Linux 5, LPIC-1 in Depth, Linux Patch
Management, and Linux All-in-One Desk Reference for Dummies, Fourth Edition. In
a former life, she also programmed communications features, including ISDN at
AT&T Network Systems.
Copyright 2011 by The McGraw-Hill Companies
Copyright 2011 by The McGraw-Hill Companies
vii
CONTENTS AT A GLANCE
1 Prepare for Red Hat Hands-on Certifications . . . . . . . . . . . . . . . . . . . . 1
2 Virtual Machines and Automated Installations . . . . . . . . . . . . . . . . . . 69
3 Fundamental Command Line Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
4 RHCSA-Level Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
5 The Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
6 Linux Filesystem Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
7 Package Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
8 User Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
9 RHCSA-Level System Administration Tasks . . . . . . . . . . . . . . . . . . . . 515
10 A Security Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
11 System Services and SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629
12 RHCE Administrative Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681
13 Electronic Mail Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 727
14 The Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769
15 The Samba File Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 831
16 More File-Sharing Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883
17 Administrative Services: DNS, FTP, and Logging . . . . . . . . . . . . . . . . . 931
A Prepare a System for the Sample Exams . . . . . . . . . . . . . . . . . . . . . . . . 967
B Sample Exam 1: RHCSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 973
Copyright 2011 by The McGraw-Hill Companies
viii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
C Sample Exam 2: RHCSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 977
D Sample Exam 3: RHCE Sample Exam 1 . . . . . . . . . . . . . . . . . . . . . . . . 981
E Sample Exam 4: RHCE Sample Exam 2 . . . . . . . . . . . . . . . . . . . . . . . . 985
F About the CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 991
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995
Copyright 2011 by The McGraw-Hill Companies
ix
CONTENTS
About the Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xliii
1 Prepare for Red Hat Hands-on Certifications . . . . . . . 1
The RHCSA and RHCE Exams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
The Exam Experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
The RHCSA Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
The RHCE Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
If Youre Studying Just for the RHCSA Exam . . . . . . . . . . . 7
Evolving Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Basic Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
RAM Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Hard Drive Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Virtual Machine Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Get Red Hat Enterprise Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Purchase a Subscription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Get an Evaluation Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Third-Party Rebuilds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Check the Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Installation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
You Wont Start from Scratch . . . . . . . . . . . . . . . . . . . . . . . . . 17
The Advantages of Network Installation . . . . . . . . . . . . . . . . 17
Red Hat and Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . 17
Virtual and Physical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 18
A Pre-installed Environment for Practice Labs . . . . . . . . . . . . 18
System Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Copyright 2011 by The McGraw-Hill Companies
x RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Boot Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
CD/DVD or Boot USB Starts Installation . . . . . . . . . . . . . . . . 22
Basic Installation Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
The Installation Perspective on Partitions . . . . . . . . . . . . . . . 31
Partition Creation Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Exercise 1-1: Partitioning During Installation . . . . . . . . . . . 37
Configure the Bootloader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Wow, Look at All That Software! . . . . . . . . . . . . . . . . . . . . . . 40
Baseline Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Package Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
On Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
System Setup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
The First Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Default Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Special Setup Options for Virtual Machines . . . . . . . . . . . . . . 51
Configure Default File Sharing Services . . . . . . . . . . . . . . . . . . . . . . . . 51
Mount and Copy the Installation DVD . . . . . . . . . . . . . . . . . . 52
Set Up a Default Configuration Apache Server . . . . . . . . . . . 53
Exercise 1-2: Configure Apache as an Installation Server . . 55
Share Copied Files via FTP Server . . . . . . . . . . . . . . . . . . . . . . 56
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
2 Virtual Machines and Automated Installations . . . . . . 69
Configure KVM for Red Hat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Why Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
If You Have to Install KVM . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
The Right KVM Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configure the Virtual Machine Manager . . . . . . . . . . . . . . . . . 75
Exercise 2-1: Create a Second Virtual Network . . . . . . . . . . 78
Configure a Virtual Machine on KVM . . . . . . . . . . . . . . . . . . . . . . . . . 82
Configure a Virtual Machine on KVM . . . . . . . . . . . . . . . . . . 83
Copyright 2011 by The McGraw-Hill Companies
Contents xi
Exercise 2-2: Add Virtual Hard Drives . . . . . . . . . . . . . . . . . 88
KVM Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Control Virtual Machines from the Command Line . . . . . . . . 90
Automated Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Kickstart Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Set Up Local Access to Kickstart . . . . . . . . . . . . . . . . . . . . . . . 97
Set Up Network Access to Kickstart . . . . . . . . . . . . . . . . . . . . 99
Sample Kickstart File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Exercise 2-3: Create and Use a Sample Kickstart File . . . . . 105
The Kickstart Configurator . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Administration with the Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Configure an SSH Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Command Line Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
More SSH Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . 114
Graphical Secure Shell Access . . . . . . . . . . . . . . . . . . . . . . . . . 115
Consider Adding These Command Line Tools . . . . . . . . . . . . . . . . . . . 116
Checking Ports with telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Checking Ports with nmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Configure an E-Mail Client . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
The Use of Text and Graphical Browsers . . . . . . . . . . . . . . . . 119
Using lftp to Access URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
3 Fundamental Command Line Skills . . . . . . . . . . . . . . . 135
Shells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Other Shells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Terminal Consoles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
GUI Shell Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Differences Between Regular and Administrative Users . . . . . 141
Text Streams and Command Redirection . . . . . . . . . . . . . . . . 142
Standard Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
File and Directory Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
File Lists and ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Copyright 2011 by The McGraw-Hill Companies
xii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
File Creation Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Wildcards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
File Searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
The Management of Text Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Commands to Read Text Streams . . . . . . . . . . . . . . . . . . . . . . 153
Commands to Process Text Streams . . . . . . . . . . . . . . . . . . . . 155
Edit Text Files at the Console . . . . . . . . . . . . . . . . . . . . . . . . . 157
Exercise 3-1: Using vi to Create a New User . . . . . . . . . . . . 159
If You Dont Like vi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Edit Text Files in the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Local Online Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
When You Need Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
A Variety of man Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
The info Manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Detailed Documentation in /usr/share/doc . . . . . . . . . . . . . . . 167
A Networking Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
IP Version 4 Numbers and Address Classes . . . . . . . . . . . . . . . 168
Basic IP Version 6 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . 169
How to Define a Network with IP Addresses . . . . . . . . . . . . . 170
Tools, Commands, and Gateways . . . . . . . . . . . . . . . . . . . . . . . 171
Network Configuration and Troubleshooting . . . . . . . . . . . . . . . . . . . . 177
Network Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Network Configuration Tools . . . . . . . . . . . . . . . . . . . . . . . . . 181
Exercise 3-2: Configure a Network Card . . . . . . . . . . . . . . . 183
Hostname Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . 187
Hostname Configuration Options . . . . . . . . . . . . . . . . . . . . . . 189
The Network Manager Applet . . . . . . . . . . . . . . . . . . . . . . . . . 189
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Copyright 2011 by The McGraw-Hill Companies
Contents xiii
4 RHCSA-Level Security Options . . . . . . . . . . . . . . . . . . 201
Basic File Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
File Permissions and Ownership . . . . . . . . . . . . . . . . . . . . . . . . 204
Basic User and Group Concepts . . . . . . . . . . . . . . . . . . . . . . . 206
The umask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Commands to Change Permissions and Ownership . . . . . . . . 208
Special File Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Access Control Lists and More . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Every File Already Has an ACL . . . . . . . . . . . . . . . . . . . . . . . . 212
Make a Filesystem ACL Friendly . . . . . . . . . . . . . . . . . . . . . . . 213
Manage ACLs on a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Configure a Directory for ACLs . . . . . . . . . . . . . . . . . . . . . . . . 216
Special Restrictions with ACLs . . . . . . . . . . . . . . . . . . . . . . . . 217
ACLs and Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Exercise 4-1: Use ACLs to Deny a User . . . . . . . . . . . . . . . . 218
NFS Shares and ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Basic Firewall Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Standard Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
A Focus on iptables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Keep That Firewall in Operation . . . . . . . . . . . . . . . . . . . . . . . 225
The Default RHEL 6 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . 225
The Firewall Configuration Tools . . . . . . . . . . . . . . . . . . . . . . 228
Exercise 4-2: Adjust Firewall Settings . . . . . . . . . . . . . . . . . . 234
A Security-Enhanced Linux Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Basic Features of SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
SELinux Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
SELinux Configuration at the Command Line . . . . . . . . . . . . 237
Configure Basic SELinux Settings . . . . . . . . . . . . . . . . . . . . . . 237
Configure Regular Users for SELinux . . . . . . . . . . . . . . . . . . . 238
Manage SELinux Boolean Settings . . . . . . . . . . . . . . . . . . . . . 240
List and Identify SELinux File Contexts . . . . . . . . . . . . . . . . . 241
Restore SELinux File Contexts . . . . . . . . . . . . . . . . . . . . . . . . 242
Identify SELinux Process Contexts . . . . . . . . . . . . . . . . . . . . . 242
Diagnose and Address SELinux Policy Violations . . . . . . . . . . 243
The GUI SELinux Management Tool . . . . . . . . . . . . . . . . . . . 246
The SELinux Troubleshoot Browser . . . . . . . . . . . . . . . . . . . . 251
Exercise 4-3: Test an SELinux User Type . . . . . . . . . . . . . . . 252
Copyright 2011 by The McGraw-Hill Companies
xiv RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
5 The Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
The BIOS and the UEFI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Basic System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Startup Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Access to Linux Bootloaders . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Bootloaders and GRUB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
GRUB, the GRand Unified Bootloader . . . . . . . . . . . . . . . . . . 269
Boot into Different Runlevels . . . . . . . . . . . . . . . . . . . . . . . . . 269
Exercise 5-1: Boot into a Different Runlevel . . . . . . . . . . . . 271
Modify the System Bootloader . . . . . . . . . . . . . . . . . . . . . . . . . 272
More Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
GRUB Security and Password Protection . . . . . . . . . . . . . . . . 276
How to Update GRUB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Effects of GRUB Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
The GRUB Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Exercise 5-2: Using the GRUB Command Line . . . . . . . . . . 279
Create Your Own GRUB Configuration File . . . . . . . . . . . . . . 280
An Option to Booting from GRUB: Rescue Mode . . . . . . . . . 281
Between GRUB and Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Kernels and the Initial RAM Disk . . . . . . . . . . . . . . . . . . . . . . 285
The First Process, Runlevels, and Services . . . . . . . . . . . . . . . 287
Switch Between Runlevels . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Reboot and Shut Down a System Normally . . . . . . . . . . . . . . 288
Upstart Replaces SysVInit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Upstart Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Terminals and Login Screens . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Control by Runlevel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Functionality by Runlevel . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
The Innards of Runlevel Scripts . . . . . . . . . . . . . . . . . . . . . . . 296
Service Configuration from the Command Line . . . . . . . . . . . 296
The Text Console Service Configuration Tool . . . . . . . . . . . . 298
The GUI Service Configuration Tool . . . . . . . . . . . . . . . . . . . 299
Copyright 2011 by The McGraw-Hill Companies
Contents xv
Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Network Configuration Commands . . . . . . . . . . . . . . . . . . . . . 301
Network Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . 306
The /etc/sysconfig/network-scripts Files . . . . . . . . . . . . . . . . . . 307
Red Hat Configuration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Exercise 5-3: Modify Network Interfaces with the
Network Connections Tool . . . . . . . . . . . . . . . . . . . . . . . . . 310
Configure Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Exercise 5-4: Revise Network Interfaces on a
Cloned System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
An NTP Client and Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Date/Time Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
6 Linux Filesystem Administration . . . . . . . . . . . . . . . . . . 331
Storage Management and Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Current System State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
The fdisk Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
The parted Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Graphical Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Exercise 6-1: Work with fdisk and parted . . . . . . . . . . . . . . . 350
Filesystem Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Standard Formatting Filesystems . . . . . . . . . . . . . . . . . . . . . . . 352
Journaling Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Filesystem Format Commands . . . . . . . . . . . . . . . . . . . . . . . . . 354
Swap Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Filesystem Check Commands . . . . . . . . . . . . . . . . . . . . . . . . . 355
Filesystem Conversions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Exercise 6-2: Format, Check, and Mount Different
Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
Copyright 2011 by The McGraw-Hill Companies
xvi RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
Basic Linux Filesystems and Directories . . . . . . . . . . . . . . . . . . . . . . . . 358
Separate Linux Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Directories That Can Be Mounted Separately . . . . . . . . . . . . . 359
Logical Volume Management (LVM) . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Definitions in LVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Create a Physical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Create a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Create a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Make Use of a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . 363
More LVM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Remove a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Resize Logical Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
The GUI Logical Volume Management Tool . . . . . . . . . . . . . 368
Volume Encryption with the Linux Unified Key Setup . . . . . . . . . . . . 375
Passwords, Passphrases, and More . . . . . . . . . . . . . . . . . . . . . . 375
Encryption During Installation . . . . . . . . . . . . . . . . . . . . . . . . 376
Prepare and Initialize Encryption . . . . . . . . . . . . . . . . . . . . . . . 377
Prepare the New Filesystem . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Create the New Filesystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Filesystem Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
The /etc/fstab File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Universally Unique Identifiers in /etc/fstab . . . . . . . . . . . . . . . 384
The mount Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
More Filesystem Mount Options . . . . . . . . . . . . . . . . . . . . . . . 386
Virtual Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Add Your Own Filesystems to /etc/fstab . . . . . . . . . . . . . . . . . . 387
Removable Media and /etc/fstab . . . . . . . . . . . . . . . . . . . . . . . 388
Networked Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
The Automounter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Mounting via the Automounter . . . . . . . . . . . . . . . . . . . . . . . . 390
Exercise 6-3: Configure the Automounter . . . . . . . . . . . . . . 396
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Copyright 2011 by The McGraw-Hill Companies
Contents xvii
7 Package Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
The Red Hat Package Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
What Is a Package? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
What Is a Red Hat Package? . . . . . . . . . . . . . . . . . . . . . . . . . . 412
What Is a Repository? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Install an RPM Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Uninstall an RPM Package . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
Install RPMs from Remote Systems . . . . . . . . . . . . . . . . . . . . . 415
RPM Installation Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Special RPM Procedures with the Kernel . . . . . . . . . . . . . . . . 418
More RPM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Package Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Package Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
File Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Different Databases of Installed Packages . . . . . . . . . . . . . . . . 424
Dependencies and the yum Command . . . . . . . . . . . . . . . . . . . . . . . . . 424
An Example of Dependency Hell . . . . . . . . . . . . . . . . . . . . . . 424
Relief from Dependency Hell . . . . . . . . . . . . . . . . . . . . . . . . . . 426
Basic yum Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
The Basic yum Configuration File: yum.conf . . . . . . . . . . . . . 428
Configuration Files in the /etc/yum/pluginconf.d Directory . . 430
Configuration Files in the /etc/yum.repos.d Directory . . . . . . . 431
Create Your Own /etc/yum.repos.d Configuration File . . . . . . 434
Exercise 7-1: Create a yum Repository from the
RHEL 6 DVD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
Third-Party Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Basic yum Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Installation Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Security and yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Updates and Security Fixes . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Package Groups and yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
More yum Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
More Package Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
The GNOME Software Update Tool . . . . . . . . . . . . . . . . . . . . 448
Automated Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
GNOME Add/Remove Software Tool . . . . . . . . . . . . . . . . . . . 450
Copyright 2011 by The McGraw-Hill Companies
xviii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
Exercise 7-2: Installing More with yum and the Add/Remove
Software Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
The Red Hat Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
8 User Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
User Account Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Different Kinds of Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
The Shadow Password Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Exercise 8-1: Add a User with the Red Hat User Manager . . 476
Exercise 8-2: Real and Fake Shells . . . . . . . . . . . . . . . . . . . . 478
Delete a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Modify an Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
More User and Group Management Commands . . . . . . . . . . . 480
Administrative Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
The Ability to Log In as root . . . . . . . . . . . . . . . . . . . . . . . . . . 483
Exercise 8-3: Limit root Logins . . . . . . . . . . . . . . . . . . . . . . . 483
The Ability to Log In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
The Proper Use of the su Command . . . . . . . . . . . . . . . . . . . . 485
Limit Access to su . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
The Proper Use of the sg Command . . . . . . . . . . . . . . . . . . . . 486
Custom Administrators with the sudo Command . . . . . . . . . . 486
Other Administrative Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
User and Shell Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
Home Directories and /etc/skel . . . . . . . . . . . . . . . . . . . . . . . . 489
/etc/bashrc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490
/etc/profile and /etc/profile.d . . . . . . . . . . . . . . . . . . . . . . . . . . 490
/etc/profile.d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
Exercise 8-4: Another Way to Secure a System . . . . . . . . . . 491
Shell Configuration Files in User Home Directories . . . . . . . . 492
Login, Logout, and User Switching . . . . . . . . . . . . . . . . . . . . . 492
Copyright 2011 by The McGraw-Hill Companies
Contents xix
Users and Network Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
LDAP Client Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 494
The Name Service Switch File . . . . . . . . . . . . . . . . . . . . . . . . 496
Red Hat Network Authentication Tools . . . . . . . . . . . . . . . . . 497
Special Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Standard and Red Hat Groups . . . . . . . . . . . . . . . . . . . . . . . . . 501
Shared Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Exercise 8-5: Control Group Ownership with the SGID Bit . . 502
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
9 RHCSA-Level System Administration Tasks . . . . . . . . 515
Configure Access with VNC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
Install and Configure a TigerVNC Server . . . . . . . . . . . . . . . . 518
The GNOME-Based vino Server . . . . . . . . . . . . . . . . . . . . . . . 519
Install and Configure a VNC Client . . . . . . . . . . . . . . . . . . . . 521
Firewall Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
Confirm Access to a VNC Server . . . . . . . . . . . . . . . . . . . . . . 524
Route Through a Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . 525
More VNC Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526
A User VNC Configuration File . . . . . . . . . . . . . . . . . . . . . . . 526
Elementary System Administration Commands . . . . . . . . . . . . . . . . . . 527
System Resource Management Commands . . . . . . . . . . . . . . . 527
Archives and Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Control Services Through Daemons . . . . . . . . . . . . . . . . . . . . 538
Automate System Administration: cron and at . . . . . . . . . . . . . . . . . . 539
The System crontab and Components . . . . . . . . . . . . . . . . . . . 539
Hourly cron Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
Regular Anacron Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543
Setting Up cron for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544
Exercise 9-1: Create a cron Job . . . . . . . . . . . . . . . . . . . . . . . 545
Running a Job with the at System . . . . . . . . . . . . . . . . . . . . . . 545
Secure cron and at . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
Local Log File Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548
System Log Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . 548
Copyright 2011 by The McGraw-Hill Companies
xx RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
Log File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550
A Variety of Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551
Service Specific Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
Exercise 9-2: Learn the Log Files . . . . . . . . . . . . . . . . . . . . . . 552
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560
10 A Security Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
The Layers of Linux Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564
Bastion Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565
Best Defenses with Security Updates . . . . . . . . . . . . . . . . . . . . 566
Service-Specific Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
Host-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
User-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
Console Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
Recommendations from the U.S. National Security Agency . . 570
The PolicyKit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Firewalls and Network Address Translation . . . . . . . . . . . . . . . . . . . . . 573
Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573
The Structure of the iptables Command . . . . . . . . . . . . . . . . . 574
The Default Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577
Recommendations from the NSA . . . . . . . . . . . . . . . . . . . . . . 577
Make Sure the Firewall Is Running . . . . . . . . . . . . . . . . . . . . . 580
IP Masquerading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580
IP Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582
The Red Hat Firewall Configuration Tool . . . . . . . . . . . . . . . . 583
The Extended Internet Super-Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 591
Generic xinetd Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 592
Service-Specific xinetd Configuration . . . . . . . . . . . . . . . . . . . 593
Exercise 10-1: Configure xinetd . . . . . . . . . . . . . . . . . . . . . . 595
TCP Wrappers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596
Is a Service Protected by TCP Wrappers? . . . . . . . . . . . . . . . . 596
TCP Wrappers Configuration Files . . . . . . . . . . . . . . . . . . . . . 597
Exercise 10-2: Configure TCP Wrappers . . . . . . . . . . . . . . . 599
Copyright 2011 by The McGraw-Hill Companies
Contents xxi
Pluggable Authentication Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 600
Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601
Control Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
The Format of a PAM File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
Exercise 10-3: Configure PAM . . . . . . . . . . . . . . . . . . . . . . . 608
PAM and User-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . 608
Exercise 10-4: Use PAM to Limit User Access . . . . . . . . . . . 610
Secure Files and More with GPG2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611
GPG2 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612
Current GPG2 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 612
GPG2 Encryption Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613
Generate a GPG2 Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613
Use a GPG2 Key to Secure a File . . . . . . . . . . . . . . . . . . . . . . . 616
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624
11 System Services and SELinux . . . . . . . . . . . . . . . . . . . . 629
Red Hat System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
Service Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
System Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632
Bigger Picture Configuration Process . . . . . . . . . . . . . . . . . . . . 635
Available Configuration Tools . . . . . . . . . . . . . . . . . . . . . . . . . 635
Security-Enhanced Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637
Options in the SELinux Booleans Directory . . . . . . . . . . . . . . 637
Service Categories of SELinux Booleans . . . . . . . . . . . . . . . . . 639
Boolean Configuration with the SELinux Management Tool . . 639
Boolean Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640
SELinux File Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
Exercise 11-1: Configure a New Directory with Appropriate
SELinux Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
The Secure Shell Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
SSH Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . 648
SSH Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649
Basic Encrypted Communication . . . . . . . . . . . . . . . . . . . . . . . 650
Copyright 2011 by The McGraw-Hill Companies
xxii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
Set Up a Private/Public Pair for Key-Based Authentication . . 652
Configure an SSH Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 654
User-Based Security for SSH . . . . . . . . . . . . . . . . . . . . . . . . . . 662
Host-Based Security for SSH . . . . . . . . . . . . . . . . . . . . . . . . . . 662
A Security and Configuration Checklist . . . . . . . . . . . . . . . . . . . . . . . . 663
Installation of Server Services . . . . . . . . . . . . . . . . . . . . . . . . . 663
Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667
Make Sure the Service Survives a Reboot . . . . . . . . . . . . . . . . 667
Review Access Through Layers of Security . . . . . . . . . . . . . . . 668
Exercise 11-2: Review the Different Effects of iptables and
TCP Wrappers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 674 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679
12 RHCE Administrative Tasks . . . . . . . . . . . . . . . . . . . . . . 681
Automate System Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683
Standard Administrative Scripts . . . . . . . . . . . . . . . . . . . . . . . 683
Script Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685
Create Your Own Administrative Scripts . . . . . . . . . . . . . . . . 687
Exercise 12-1: Create a Script . . . . . . . . . . . . . . . . . . . . . . . . 688
Kernel Run-Time Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689
How sysctl Works with /etc/sysctl.conf . . . . . . . . . . . . . . . . . . 689
Settings in the /etc/sysctl.conf File . . . . . . . . . . . . . . . . . . . . . . 690
Exercise 12-2: Disable Responses to the ping Command . . . 691
Create an RPM Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 692
Source RPMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693
The Directory Structure of an RPM Source . . . . . . . . . . . . . . 694
Create Custom Source Code . . . . . . . . . . . . . . . . . . . . . . . . . . 696
One More Prep Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 697
Create Your Own spec File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698
Build Your Own RPM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702
The Built RPMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703
Special Network Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 704
Configure Special IP Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . 704
Copyright 2011 by The McGraw-Hill Companies
Contents xxiii
Set Up a Kerberos Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 708
Connect to Remote iSCSI Storage . . . . . . . . . . . . . . . . . . . . . 712
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 720
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 722
13 Electronic Mail Servers . . . . . . . . . . . . . . . . . . . . . . . . . 727
A Variety of E-Mail Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729
Definitions and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729
Relevant Mail Server Packages . . . . . . . . . . . . . . . . . . . . . . . . 730
Use alternatives to Select an E-Mail System . . . . . . . . . . . . . . 731
General User Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732
Mail Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733
Common Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734
Testing an E-Mail Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735
Exercise 13-1: Create Users Just for E-Mail . . . . . . . . . . . . . 735
The Configuration of Postfix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736
Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736
The main.cf Configuration File . . . . . . . . . . . . . . . . . . . . . . . . 740
The /etc/aliases Configuration File . . . . . . . . . . . . . . . . . . . . . 743
The master.cf Configuration File . . . . . . . . . . . . . . . . . . . . . . . 744
Test the Current Postfix Configuration . . . . . . . . . . . . . . . . . . 744
Configure Postfix Authentication . . . . . . . . . . . . . . . . . . . . . . 745
Configure Incoming E-Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . 746
Configure a Relay Through a Smart Host . . . . . . . . . . . . . . . . 746
Exercise 13-2: Switch Services . . . . . . . . . . . . . . . . . . . . . . . 747
The Other SMTP Service: sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . 747
The Basics of sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 748
Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 749
The sendmail.mc Macro File . . . . . . . . . . . . . . . . . . . . . . . . . . 750
The submit.mc Macro File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755
Configure sendmail to Accept E-Mail from Other Systems . . 756
Configure sendmail to Relay E-Mail to a Smart Host . . . . . . . 757
Configure User- and Host-Based sendmail Security . . . . . . . . 757
Test the Current sendmail Configuration . . . . . . . . . . . . . . . . 757
Copyright 2011 by The McGraw-Hill Companies
xxiv RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 760 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764
14 The Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . 769
The Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771
Apache 2.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771
The LAMP Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772
Exercise 14-1: Install the Apache Server . . . . . . . . . . . . . . . 773
The Apache Configuration Files . . . . . . . . . . . . . . . . . . . . . . . 775
Analyze the Default Apache Configuration . . . . . . . . . . . . . . 775
The Main Apache Configuration File . . . . . . . . . . . . . . . . . . . 776
Basic Apache Configuration for a Simple Web Server . . . . . . 779
Apache Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 780
Standard Apache Security Configuration . . . . . . . . . . . . . . . . . . . . . . . 782
Ports and Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 782
Apache and SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 782
Module Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785
Security Within Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 787
Exercise 14-2: The Apache Welcome and the
noindex.html Story . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 790
Exercise 14-3: Create a List of Files . . . . . . . . . . . . . . . . . . . 791
Host-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 792
User-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793
Specialized Apache Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 794
Control Through the .htaccess File . . . . . . . . . . . . . . . . . . . . . 795
Password-Protected Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 795
Home Directory Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 796
Group-Managed Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . 798
Exercise 14-4: Password Protection for a Web Directory . . . 800
Regular and Secure Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801
The Standard Virtual Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802
Secure Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805
Create a New SSL Certificate . . . . . . . . . . . . . . . . . . . . . . . . . 808
Copyright 2011 by The McGraw-Hill Companies
Contents xxv
Test Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811
Syntax Checkers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 812
Apache Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 813
Exercise 14-5: Set Up a Virtual Web Server . . . . . . . . . . . . . 814
Deploy a Basic CGI Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 815
Apache Configuration Changes for CGI Files . . . . . . . . . . . . . 816
Set Up a Simple CGI Script . . . . . . . . . . . . . . . . . . . . . . . . . . . 817
Connections to a Web Site . . . . . . . . . . . . . . . . . . . . . . . . . . . 818
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 821 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 823
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 824
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 825
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 826
15 The Samba File Server . . . . . . . . . . . . . . . . . . . . . . . . . . 831
Samba Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833
Install Samba Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 834
Some Samba Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 834
Ports, Firewalls, and Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . 835
Configure SELinux Booleans for Samba . . . . . . . . . . . . . . . . . 836
Configure SELinux File Types for Samba . . . . . . . . . . . . . . . . . 837
Samba Daemons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 838
Samba Server Global Configuration . . . . . . . . . . . . . . . . . . . . 838
Shared Samba Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847
Let Samba Join a Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . 851
The Samba User Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . 852
Create a Public Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 853
Exercise 15-1: Configure a Samba Home Directory Share . . 854
The Samba Web Administration Tool . . . . . . . . . . . . . . . . . . . 856
Test Changes to /etc/samba/smb.conf . . . . . . . . . . . . . . . . . . . 862
Review User- and Host-Based Samba Security . . . . . . . . . . . . 863
Review Basic Samba Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . 865
Exercise 15-2: Configuring Samba with Shares . . . . . . . . . . 865
Samba as a Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 867
Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 867
Mount Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 868
Automated Samba Mounts . . . . . . . . . . . . . . . . . . . . . . . . . . . 868
Copyright 2011 by The McGraw-Hill Companies
xxvi RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
Samba Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 869
Samba Problem Identification . . . . . . . . . . . . . . . . . . . . . . . . . 869
Local Log File Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 870
Enable Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 873 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 874
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877
16 More File-Sharing Services . . . . . . . . . . . . . . . . . . . . . . 883
The Network File System (NFS) Server . . . . . . . . . . . . . . . . . . . . . . . . 885
NFS Options for RHEL 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885
Basic NFS Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 886
Basic NFS Server Configuration . . . . . . . . . . . . . . . . . . . . . . . 887
Configure NFS for Basic Operation . . . . . . . . . . . . . . . . . . . . . 890
Special Requirements for /home Directories . . . . . . . . . . . . . . 892
Fixed Ports in /etc/sysconfig/nfs . . . . . . . . . . . . . . . . . . . . . . . . 893
Make NFS Work with SELinux . . . . . . . . . . . . . . . . . . . . . . . . 896
Quirks and Limitations of NFS . . . . . . . . . . . . . . . . . . . . . . . . 898
Performance Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 900
NFS Security Directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 901
Options for Host-Based Security . . . . . . . . . . . . . . . . . . . . . . . 903
Options for User-Based Security . . . . . . . . . . . . . . . . . . . . . . . 903
Exercise 16-1: NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 903
Test an NFS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905
NFS Mount Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905
Configure NFS in /etc/fstab . . . . . . . . . . . . . . . . . . . . . . . . . . . 906
Diskless Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907
Soft Mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907
Current NFS Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 908
The Very Secure FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 908
Basic vsFTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 909
The Main vsFTP Configuration File . . . . . . . . . . . . . . . . . . . . 909
Other vsFTP Configuration Files . . . . . . . . . . . . . . . . . . . . . . . 914
Configure SELinux Support for vsFTP . . . . . . . . . . . . . . . . . . 915
Ports, Firewalls, and vsFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916
Copyright 2011 by The McGraw-Hill Companies
Contents xxvii
Exercise 16-2: Configure a Basic vsFTP Server . . . . . . . . . . 917
Anonymous-Only Download Configuration . . . . . . . . . . . . . . 918
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 924
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 926
17 Administrative Services: DNS, FTP, and Logging . . . . . 931
Basic Domain Service Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . 933
Basic Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 934
DNS Package Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 934
Different Types of DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . 935
Minimal DNS Server Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 935
BIND Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 935
A Caching-Only Name Server . . . . . . . . . . . . . . . . . . . . . . . . . 937
Starting named . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 939
A Forwarding Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 940
Forwarding from a Caching-Only Name Server . . . . . . . . . . . 941
BIND Troubleshooting Commands . . . . . . . . . . . . . . . . . . . . . 942
Exercise 17-1: Set Up Your Own DNS Server . . . . . . . . . . . 943
Set Up System Utilization Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 944
System Utilization Commands . . . . . . . . . . . . . . . . . . . . . . . . . 944
The System Status Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 945
Collect System Status into Logs . . . . . . . . . . . . . . . . . . . . . . . . 946
Prepare a System Status Report . . . . . . . . . . . . . . . . . . . . . . . . 947
Configure a System Logging Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 949
System Logging Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 949
Enable Logging Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950
Configure Logging Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950
Configure Logging Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . 951
Limit Access to Specified Systems . . . . . . . . . . . . . . . . . . . . . . 952
The Network Time Server Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953
The NTP Server Configuration File . . . . . . . . . . . . . . . . . . . . 953
Security Limits on NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 955
Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 958 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 960
Copyright 2011 by The McGraw-Hill Companies
xxviii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 961
Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 962
Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 963
A Prepare a System for the Sample Exams . . . . . . . . . . . 967
Basic Sample Exam System Requirements . . . . . . . . . . . . . . . . . . . . . . 968
Additional Sample Exam System Requirements for the RHCE . . . . . . 971
B Sample Exam 1: RHCSA . . . . . . . . . . . . . . . . . . . . . . . . 973
RHCSA Sample Exam 1 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . 975
C Sample Exam 2: RHCSA . . . . . . . . . . . . . . . . . . . . . . . . 977
RHCSA Sample Exam 2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . 979
D Sample Exam 3: RHCE Sample Exam 1 . . . . . . . . . . . . 981
RHCE Sample Exam 1 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 983
E Sample Exam 4: RHCE Sample Exam 2 . . . . . . . . . . . . 985
RHCE Sample Exam 2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 987
F About the CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 991
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 992
Electronic Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 992
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 993
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995
Copyright 2011 by The McGraw-Hill Companies
xxix
ACKNOWLEDGMENTS
I personally would like to thank the following people: Nancy E. Cropley, R.N. (d. 2002): Its now been nearly ten years since
youve left this world, but I continue to hold your spirit in my heart, and I
hope you can still see the joy of the world through my eyes. You are my hero,
even today. I hope you can see how happy I am with Donna, but I will always
miss you.
As a political activist, you fought for what you believed in: social justice,
peace, and universal health care. You were never afraid to go to jail to support
your beliefs. Your example is helping me find a backbone for life.
As a nurse for the homeless, you helped so many who are less fortunate. You
worked tirelessly in the clinics, in the shelters, and on the streets. Your efforts
eased the pain of so many people. And you saved lives.
As an Internet entrepreneur, you showed me how to be happy pursuing a life
working from home. You made it possible for me to have the freedom to be,
instead of getting stuck in the corporate world.
Nancy, you were my partner, my lover, my soul mate. You helped me find joy
in this world. I take your lessons with me. I thank you for everything youve
done.
My wife Donna: With hope and love, you make my life worth living. With your love and support, my life is now better than ever.
All the incredibly hard-working folks at McGraw-Hill: Stephanie Evans, Tim Green, LeeAnn Pickrell, Robert Campbell, Susie Elkind, and Rebecca
Plunkett for their help in launching a great series and being solid team
players.
Copyright 2011 by The McGraw-Hill Companies
Copyright 2011 by The McGraw-Hill Companies
xxxi
PREFACE
Linux is thriving. Red Hat is at the forefront of the Linux revolution. And Red Hat Certified System Administrators (RHCSA) and Engineers (RHCE) are making it happen.Even in the current economic recovery, business, education, and governments are
cost conscious. They want control of their operating systems. Linuxeven Red Hat
Enterprise Linuxsaves money. The open-source nature of Linux allows users to
control and customize their operating systems. While there is a price associated with
Red Hat Enterprise Linux (RHEL), the cost includes updates and support. Now with
KVM, its possible to set up a cluster of virtual, independent installations of RHEL
(and other operating systems) on a single physical computer. Many companies are
already converting rooms full of physical systems into closets of just a few systems,
each configured with banks of virtual machines. As an RHCSA and an RHCE, you
can join in that revolution.
While theres a cost associated with a supported version of RHEL, you dont need
to pay for such support. As I describe shortly, there are trial and student subscriptions
that you can use, along with freely available rebuilds of RHEL that are built on the
same source code.
A rebuild is software that is built by a third party from the same source code
as the original build. On the other hand, a clone is built from different
source code.
Security is another reason to move toward Linux. The U.S. National Security
Agency has developed its own version of the Linux kernel to provide context-based
security in a system known as Security-Enhanced Linux (SELinux). RHEL has made
SELinux a key part of a layered security strategy.
The RHCSA and RHCE exams are difficult. Available historical data suggests
that less than 50 percent of first-time candidates pass the RHCE exam. But do not
be intimidated. While there are no guarantees, this book can help you prepare for
and pass the RHCSA and RHCE exams. And these same skills can help you in your
career as a Linux administrator. Just remember, this book is not intended to be a
substitute for the Red Hat prep courses that I describe shortly.
Copyright 2011 by The McGraw-Hill Companies
xxxii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
To study for this exam, you should have a network of at least three Linux
computers. Since the RHCSA focuses on virtual machines, youre encouraged to use
KVM-based systems for two of the computers. After configuring a service, especially
a network service, it can be helpful to check your work from another computer.
Getting Red Hat Enterprise Linux
The Red Hat exams are based on your knowledge of Red Hat Enterprise Linux.
But heres a significant change. The RHCSA objectives specify a number of points
associated with virtual machines. The default RHEL 6 solution uses the Kernel-
based Virtual Machine (KVM). Red Hat supports KVM as a host only on physical
systems with 64-bit CPUs. Therefore, to study for the KVM-related objectives for
the RHCSA, youll need physical hardware that can handle a 64-bit version of
RHEL 6. (However, 64-bit systems may not be absolutely required; 32-bit versions
of KVM are available on Fedora. However, there is no version of Fedora thats
completely compatible with RHEL 6.)
And you should expect to install two or more virtual machines on that 64-bit
physical system. Virtual hosts work better on systems with multiple CPUs or systems
with multicore CPUs. So to avoid hardware that slows your studies, youll want a
64-bit physical system with at least 2GB and preferably 4GB of RAM. (I prepared
this book on a 64-bit system with 8GB of RAM.) If youre using a laptop system,
read the information from https://bugzilla.redhat.com/show_bug.cgi?id=667485. If
the listed bug has not been resolved by the time you read this, the useful lifetime of
your hard drive may depend on it. As Red Hat Network updates are not explicitly
listed as a requirement in the Red Hat Exam Prep guide, a trial subscription or a
rebuild distribution is sufficient for these purposes. If you want a full subscription,
which can help you test features associated with the Red Hat Network, the price
depends on the hardware and the desired level of technical support. Ive emphasized
Red Hat solely to focus on distributions that use Red Hat source code, including the
rebuilds described in this section (and more).
With Red Hat Enterprise Linux 6, Red Hat has modified its offerings into three
categories:
RHEL Server includes varying levels of support, which themselves fall into three basic categories:
Regular 32- and 64-bit systems based on AMD and Intel CPUs; the cost varies with the number of CPU sockets and supported virtual guests.
Copyright 2011 by The McGraw-Hill Companies
Preface xxxiii
IBM POWER Systems; the cost varies with the number of CPU sockets. IBM System z.
RHEL Desktop includes varying levels of support suitable for workstations. RHEL Add-Ons are available in areas such as High Availability, Resilient
Storage, Load Balancing, and more.
I prepared this book with the help of RHEL 6 server. It appears that RHEL 6
workstation also has the server packages required for the RHCSA and/or the RHCE
exams. While RHEL is released under open-source licenses, that applies just to the
source code. Access to the binary packages requires the purchase of a subscription.
And that can be expensive.
One of the advantages of an enterprise-level operating system is stability. When
an enterprise upgrades to RHEL 6, it counts on the ability to revise its configuration
just once. Security updates and bug fixes should then be automatic. To that end,
Red Hat takes every possible measure to avoid forcing enterprises to revamp their
systems just for a point release such as RHEL 6.1. If an enterprise had to revise its
configuration files for any major service for any point release, the costs associated
with Red Hats enterprise-level operating systems would also rise.
For the same reasons, point releases do not affect the Red Hat exam objectives.
While RHEL 6.1 improves the performance of the operating system, incorporates
bug fixes, and collects security updates, it has not changed any of the defaults of any
of the configuration files described in the book.
When RHEL 6.2, RHEL 6.3, and so on, are released in future months, I expect
a similar result. Otherwise, Red Hat would likely lose customers, as enterprises
would encounter unplanned costs to update their systems. Ive monitored RHEL
releases closely for nearly a decade. Ive seen no evidence of a change to the
exam objectives based just on a point release. If in doubt, monitor the content of
the exam objectives listed at www.redhat.com/certification/rhcsa/objectives/ and
www.redhat.com/certification/rhce/objectives/.
If youre just studying for the exams, trial subscriptions are available from the
appropriate product page; for example, a link to Free Evaluation Software is
available at www.redhat.com/rhel/server. An account on the Red Hat Network
(RHN) is required. Personal e-mail addresses (such as those associated with certain
search engines) are not accepted for RHN accounts. While trial subscriptions only
support updates for 30 days, updates can also be tested using the mirror repositories
associated with rebuild distributions. And you can download the same operating
system (for the trial period) from the same sources as paying Red Hat users.
Copyright 2011 by The McGraw-Hill Companies
xxxiv RHCSA/RHCE Red Hat Linux Certifi cation Study Guide
If youre a student or a member of an educational institution with a .edu e-mail
address, academic subscriptions are available. As of this writing, the cost of an
academic subscription to RHEL Server ($60) is a significant discount over the least
expensive standard RHEL Server subscription ($349).
But if you dont have an .edu or business e-mail address, you dont have to pay for a
full or a trial subscription to prepare for the RHCE exam. There are several projects
dedicated to rebuilds of Red Hat Enterprise Linux. The source code for almost all
RHEL RPM packages is released under the Linux General Public License (GPL) or
related open-source licenses. This gives anyone the right to build Red Hat Enterprise
Linux from the Red Hat released source code.
The source code is released in Source RPM package format, which means the
RPM packages can be built using the rpmbuild commands described in Chapter 12.
The developers behind rebuild distributions have all revised the source code to
remove Red Hat trademarks. Some, like Scientific Linux 6, are freely available;
others, like Oracle Linux, require registration and compliance with certain criteria
such as U.S. export control laws.
You can select and download the rebuild that most closely meets your needs. I
have tried several of the rebuilds, including those developed by Scientific Linux and
Community Enterprise Linux (CentOS). As this book is going to print, Microsoft
has announced support on its virtual machine software for CentOS.
The rebuilds of RHEL are freely available; however, you should have a high-speed
Internet connection. While these rebuilds do make slight modifications to RHEL
source code (primarily to remove or replace Red Hat trademarks), I have not seen
any difference that would impair your ability to study for the Red Hat exams.
Scientific Linux Formerly known as Fermi Linux, it includes a lot of intellectual firepower associated with the Fermi National Accelerator Lab
as well as CERN, the lab associated with Tim Berners-Lee, the person most
commonly credited with the invention of the World Wide Web.
Community Enterprise Linux The Community Enterprise Operating System (CentOS) rebuild developed by the group at www.centos.org appears
solid to me. This group probably has the largest community among the
rebuilds. Some messages from CentOS developers suggest that CentOS-6
should be released by the time this book is available in print.
For the exams based on Red Hat Enterprise Linux 6, avoid Fedora Linux. Even
though RHEL 6 is based loosely on Fedora 12, Fedora 13, and even Fedora 14, there
are sufficient differences in the look and feel of all three releases that may prove
Copyright 2011 by The McGraw-Hill Companies
Preface xxxv
confusing for the purpose of an exam. And I definitely recommend that you not use
other distributions, as the Red Hat exams are based on Red Hat Enterprise Linux. In
many cases, the changes that would be standard on a different Linux release would
lead to trouble on RHEL 6.
For Instructors and More
I encourage everyone to read this guide for instructors. This book is organized to
help you prepare coursework for, or study for, one exam at a time.
Perhaps the biggest change in this book is designed to help the instructor. Since
the RHCSA and RHCE are two entirely separate exams, Ive reorganized this book
to reflect those changes. If youre studying just for the RHCSA, read Chapters 1
through 9. If youre studying just for the RHCE, read Chapter 1 and Chapters 10
through 17. The same changes will help you as a certification candidate as well, so
you know what skills to gain for each exam.
Many, perhaps most, candidates have trouble finishing the tasks associated with
the RHCSA and RHCE exams in the time allotted. One way to save time during
these exams is to keep things simple. While its important to read over the questions
carefully, its also important not to overdo things. For example, theres no need to
configure virtual servers for the RHCSA exam. As suggested by one RHCE-related
objective, its normally sufficient to configure the service for basic operation.
Every chapter includes at least 12 fill-in-the-blank questions. While there are
no multiple-choice or file-in-the-blank questions on Red Hat exams, such questions
can still help measure student mastery of chapter material. And the fill-in-the-blank
format puts a premium on the practical experience required on the exam.
In the same fash