A hat that is not blue and it teaches you LINUX

RHCSA/RHCE Red Hat

Linux Certifi cation Study

Guide, Sixth Edition

Exams (EX200 & EX300)

Michael Jang

New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto

McGraw-Hill is an independent entity from Red Hat, Inc., and is not affiliated with Red Hat, Inc., in any manner. This publication and CD may be used in assisting students to prepare for a Red Hat Certified Engineer Exam or a Red Hat Certified System Administrator Exam. Neither Red Hat, Inc., nor McGraw-Hill warrant that use of this publication will ensure passing the relevant exam. Red Hat, Red Hat Linux, Red Hat Enterprise Linux, RHCE, RHCT and RHCSA are either registered trademarks or trademarks of Red Hat, Inc., in the United States and/or other countries.

This publication is not intended to be a substitute for the Red Hat RHCSA prep course RH200 or the RHCE prep course RH300. This study/training guide and/or material is not sponsored by, endorsed by, or affiliated with Red Hat, Inc. in any manner.

Copyright 2011 by The McGraw-Hill Companies

Library of Congress Cataloging-in-Publication Data

Jang, Michael H. RHCSA/RHCE Red Hat Linux certification study guide (exams EX200 & EX300) / Michael Jang. -- 6th ed. p.cm. Rev. ed. of: RHCE Red Hat certified engineer Linux study guide : (exam RH302). 5th ed. 2007. ISBN 978-0-07-176565-7 (alk. paper) 1. Electronic data processing personnel--Certification. 2. Operating systems (Computers)-- Examinations--Study guides. 3. Linux. I. Jang, Michael H. RHCE Red Hat certified engineer Linux study guide. II. Title. QA76.3.J3448 2011 005.432--dc23 2011023732

McGraw-Hill books are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative, please e-mail us at [email protected].

RHCSA/RHCE Red Hat Linux Certification Study Guide

(Exams EX200 & EX300), Sixth Edition

Copyright 2011 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publica-tion may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

All trademarks or copyrights mentioned herein are the possession of their respective owners and McGraw-Hill makes no claim of ownership by the mention of products that contain these marks.

234567890 DOC DOC 10987654321

ISBN: Book p/n 978-0-07-176566-4 and CD p/n 978-0-07-176568-8of set 978-0-07-176565-7

MHID: Book p/n 0-07-176566-2 and CD p/n 0-07-176568-9of set 0-07-176565-4

Information has been obtained by McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill, or others, McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.

Sponsoring Editor

Timothy Green

Editorial Supervisor

Patty Mon

Project Editor

LeeAnn Pickrell

Acquisitions Coordinator

Stephanie Evans

Technical Editor

Elizabeth Zinkann

Copy Editor

Robert Campbell

Proofreader

Susie Elkind

Indexer

Rebecca Plunkett

Production Supervisor

Jim Kussow

Composition

Eurodesign-Peter Hancik

Illustration

Eurodesign-Peter Hancik

Art Director, Cover

Jeff Weeks


For the young widows and widowers,

may they find the courage to face their fears,

to navigate their way through the pain,

and to find hope for a brighter future.


ABOUT THE CONTRIBUTORS

Author

Michael Jang (RHCE, LPIC-2, UCP, LCP, Linux+, MCP) is currently a full-time

writer, specializing in operating systems and networks. His experience with

computers goes back to the days of jumbled punch cards. He has written other books

on Linux certification, including LPIC-1 in Depth, Mike Meyers Linux+ Certification

Passport, and Sair GNU/Linux Installation and Configuration Exam Cram. His other

Linux books include Linux Annoyances for Geeks, Linux Patch Management, and

Mastering Fedora Core Linux 5. He has also written or contributed to books on

Microsoft operating systems, including MCSE Guide to Microsoft Windows 98 and

Mastering Windows XP Professional, Second Edition.

Technical Editor

Elizabeth Zinkann is a logical Linux catalyst, a freelance technical editor, and

an independent computer consultant. She was a contributing editor and review

columnist for Sys Admin Magazine for ten years. As an editor, some of her projects

have included Mastering Fedora Core Linux 5, LPIC-1 in Depth, Linux Patch

Management, and Linux All-in-One Desk Reference for Dummies, Fourth Edition. In

a former life, she also programmed communications features, including ISDN at

AT&T Network Systems.


vii

CONTENTS AT A GLANCE

1 Prepare for Red Hat Hands-on Certifications . . . . . . . . . . . . . . . . . . . . 1

2 Virtual Machines and Automated Installations . . . . . . . . . . . . . . . . . . 69

3 Fundamental Command Line Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

4 RHCSA-Level Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

5 The Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

6 Linux Filesystem Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

7 Package Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

8 User Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465

9 RHCSA-Level System Administration Tasks . . . . . . . . . . . . . . . . . . . . 515

10 A Security Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563

11 System Services and SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629

12 RHCE Administrative Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681

13 Electronic Mail Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 727

14 The Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769

15 The Samba File Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 831

16 More File-Sharing Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883

17 Administrative Services: DNS, FTP, and Logging . . . . . . . . . . . . . . . . . 931

A Prepare a System for the Sample Exams . . . . . . . . . . . . . . . . . . . . . . . . 967

B Sample Exam 1: RHCSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 973


viii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

C Sample Exam 2: RHCSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 977

D Sample Exam 3: RHCE Sample Exam 1 . . . . . . . . . . . . . . . . . . . . . . . . 981

E Sample Exam 4: RHCE Sample Exam 2 . . . . . . . . . . . . . . . . . . . . . . . . 985

F About the CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 991

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995


ix

CONTENTS

About the Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xliii

1 Prepare for Red Hat Hands-on Certifications . . . . . . . 1

The RHCSA and RHCE Exams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

The Exam Experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

The RHCSA Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

The RHCE Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

If Youre Studying Just for the RHCSA Exam . . . . . . . . . . . 7

Evolving Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Basic Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

RAM Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Hard Drive Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Virtual Machine Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Get Red Hat Enterprise Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Purchase a Subscription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Get an Evaluation Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Third-Party Rebuilds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Check the Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Installation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

You Wont Start from Scratch . . . . . . . . . . . . . . . . . . . . . . . . . 17

The Advantages of Network Installation . . . . . . . . . . . . . . . . 17

Red Hat and Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . 17

Virtual and Physical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 18

A Pre-installed Environment for Practice Labs . . . . . . . . . . . . 18

System Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19


x RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Boot Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

CD/DVD or Boot USB Starts Installation . . . . . . . . . . . . . . . . 22

Basic Installation Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

The Installation Perspective on Partitions . . . . . . . . . . . . . . . 31

Partition Creation Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Exercise 1-1: Partitioning During Installation . . . . . . . . . . . 37

Configure the Bootloader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Wow, Look at All That Software! . . . . . . . . . . . . . . . . . . . . . . 40

Baseline Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Package Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

On Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

System Setup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

The First Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Default Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Special Setup Options for Virtual Machines . . . . . . . . . . . . . . 51

Configure Default File Sharing Services . . . . . . . . . . . . . . . . . . . . . . . . 51

Mount and Copy the Installation DVD . . . . . . . . . . . . . . . . . . 52

Set Up a Default Configuration Apache Server . . . . . . . . . . . 53

Exercise 1-2: Configure Apache as an Installation Server . . 55

Share Copied Files via FTP Server . . . . . . . . . . . . . . . . . . . . . . 56

Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

2 Virtual Machines and Automated Installations . . . . . . 69

Configure KVM for Red Hat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Why Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

If You Have to Install KVM . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

The Right KVM Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Configure the Virtual Machine Manager . . . . . . . . . . . . . . . . . 75

Exercise 2-1: Create a Second Virtual Network . . . . . . . . . . 78

Configure a Virtual Machine on KVM . . . . . . . . . . . . . . . . . . . . . . . . . 82

Configure a Virtual Machine on KVM . . . . . . . . . . . . . . . . . . 83


Contents xi

Exercise 2-2: Add Virtual Hard Drives . . . . . . . . . . . . . . . . . 88

KVM Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Control Virtual Machines from the Command Line . . . . . . . . 90

Automated Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Kickstart Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Set Up Local Access to Kickstart . . . . . . . . . . . . . . . . . . . . . . . 97

Set Up Network Access to Kickstart . . . . . . . . . . . . . . . . . . . . 99

Sample Kickstart File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Exercise 2-3: Create and Use a Sample Kickstart File . . . . . 105

The Kickstart Configurator . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Administration with the Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Configure an SSH Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Command Line Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

More SSH Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . 114

Graphical Secure Shell Access . . . . . . . . . . . . . . . . . . . . . . . . . 115

Consider Adding These Command Line Tools . . . . . . . . . . . . . . . . . . . 116

Checking Ports with telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Checking Ports with nmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Configure an E-Mail Client . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

The Use of Text and Graphical Browsers . . . . . . . . . . . . . . . . 119

Using lftp to Access URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

3 Fundamental Command Line Skills . . . . . . . . . . . . . . . 135

Shells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Other Shells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Terminal Consoles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

GUI Shell Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Differences Between Regular and Administrative Users . . . . . 141

Text Streams and Command Redirection . . . . . . . . . . . . . . . . 142

Standard Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

File and Directory Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

File Lists and ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146


xii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

File Creation Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Wildcards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

File Searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

The Management of Text Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Commands to Read Text Streams . . . . . . . . . . . . . . . . . . . . . . 153

Commands to Process Text Streams . . . . . . . . . . . . . . . . . . . . 155

Edit Text Files at the Console . . . . . . . . . . . . . . . . . . . . . . . . . 157

Exercise 3-1: Using vi to Create a New User . . . . . . . . . . . . 159

If You Dont Like vi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

Edit Text Files in the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Local Online Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

When You Need Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

A Variety of man Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

The info Manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Detailed Documentation in /usr/share/doc . . . . . . . . . . . . . . . 167

A Networking Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

IP Version 4 Numbers and Address Classes . . . . . . . . . . . . . . . 168

Basic IP Version 6 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . 169

How to Define a Network with IP Addresses . . . . . . . . . . . . . 170

Tools, Commands, and Gateways . . . . . . . . . . . . . . . . . . . . . . . 171

Network Configuration and Troubleshooting . . . . . . . . . . . . . . . . . . . . 177

Network Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Network Configuration Tools . . . . . . . . . . . . . . . . . . . . . . . . . 181

Exercise 3-2: Configure a Network Card . . . . . . . . . . . . . . . 183

Hostname Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . 187

Hostname Configuration Options . . . . . . . . . . . . . . . . . . . . . . 189

The Network Manager Applet . . . . . . . . . . . . . . . . . . . . . . . . . 189


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198


Contents xiii

4 RHCSA-Level Security Options . . . . . . . . . . . . . . . . . . 201

Basic File Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

File Permissions and Ownership . . . . . . . . . . . . . . . . . . . . . . . . 204

Basic User and Group Concepts . . . . . . . . . . . . . . . . . . . . . . . 206

The umask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Commands to Change Permissions and Ownership . . . . . . . . 208

Special File Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Access Control Lists and More . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Every File Already Has an ACL . . . . . . . . . . . . . . . . . . . . . . . . 212

Make a Filesystem ACL Friendly . . . . . . . . . . . . . . . . . . . . . . . 213

Manage ACLs on a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Configure a Directory for ACLs . . . . . . . . . . . . . . . . . . . . . . . . 216

Special Restrictions with ACLs . . . . . . . . . . . . . . . . . . . . . . . . 217

ACLs and Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Exercise 4-1: Use ACLs to Deny a User . . . . . . . . . . . . . . . . 218

NFS Shares and ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Basic Firewall Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Standard Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

A Focus on iptables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Keep That Firewall in Operation . . . . . . . . . . . . . . . . . . . . . . . 225

The Default RHEL 6 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . 225

The Firewall Configuration Tools . . . . . . . . . . . . . . . . . . . . . . 228

Exercise 4-2: Adjust Firewall Settings . . . . . . . . . . . . . . . . . . 234

A Security-Enhanced Linux Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Basic Features of SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

SELinux Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

SELinux Configuration at the Command Line . . . . . . . . . . . . 237

Configure Basic SELinux Settings . . . . . . . . . . . . . . . . . . . . . . 237

Configure Regular Users for SELinux . . . . . . . . . . . . . . . . . . . 238

Manage SELinux Boolean Settings . . . . . . . . . . . . . . . . . . . . . 240

List and Identify SELinux File Contexts . . . . . . . . . . . . . . . . . 241

Restore SELinux File Contexts . . . . . . . . . . . . . . . . . . . . . . . . 242

Identify SELinux Process Contexts . . . . . . . . . . . . . . . . . . . . . 242

Diagnose and Address SELinux Policy Violations . . . . . . . . . . 243

The GUI SELinux Management Tool . . . . . . . . . . . . . . . . . . . 246

The SELinux Troubleshoot Browser . . . . . . . . . . . . . . . . . . . . 251

Exercise 4-3: Test an SELinux User Type . . . . . . . . . . . . . . . 252


xiv RHCSA/RHCE Red Hat Linux Certifi cation Study Guide


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

5 The Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

The BIOS and the UEFI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Basic System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Startup Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Access to Linux Bootloaders . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Bootloaders and GRUB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

GRUB, the GRand Unified Bootloader . . . . . . . . . . . . . . . . . . 269

Boot into Different Runlevels . . . . . . . . . . . . . . . . . . . . . . . . . 269

Exercise 5-1: Boot into a Different Runlevel . . . . . . . . . . . . 271

Modify the System Bootloader . . . . . . . . . . . . . . . . . . . . . . . . . 272

More Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

GRUB Security and Password Protection . . . . . . . . . . . . . . . . 276

How to Update GRUB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Effects of GRUB Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

The GRUB Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Exercise 5-2: Using the GRUB Command Line . . . . . . . . . . 279

Create Your Own GRUB Configuration File . . . . . . . . . . . . . . 280

An Option to Booting from GRUB: Rescue Mode . . . . . . . . . 281

Between GRUB and Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

Kernels and the Initial RAM Disk . . . . . . . . . . . . . . . . . . . . . . 285

The First Process, Runlevels, and Services . . . . . . . . . . . . . . . 287

Switch Between Runlevels . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Reboot and Shut Down a System Normally . . . . . . . . . . . . . . 288

Upstart Replaces SysVInit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Upstart Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Terminals and Login Screens . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Control by Runlevel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Functionality by Runlevel . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

The Innards of Runlevel Scripts . . . . . . . . . . . . . . . . . . . . . . . 296

Service Configuration from the Command Line . . . . . . . . . . . 296

The Text Console Service Configuration Tool . . . . . . . . . . . . 298

The GUI Service Configuration Tool . . . . . . . . . . . . . . . . . . . 299


Contents xv

Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Network Configuration Commands . . . . . . . . . . . . . . . . . . . . . 301

Network Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . 306

The /etc/sysconfig/network-scripts Files . . . . . . . . . . . . . . . . . . 307

Red Hat Configuration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . 308

Exercise 5-3: Modify Network Interfaces with the

Network Connections Tool . . . . . . . . . . . . . . . . . . . . . . . . . 310

Configure Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Exercise 5-4: Revise Network Interfaces on a

Cloned System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

An NTP Client and Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

Date/Time Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

6 Linux Filesystem Administration . . . . . . . . . . . . . . . . . . 331

Storage Management and Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Current System State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

The fdisk Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

The parted Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

Graphical Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348

Exercise 6-1: Work with fdisk and parted . . . . . . . . . . . . . . . 350

Filesystem Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

Standard Formatting Filesystems . . . . . . . . . . . . . . . . . . . . . . . 352

Journaling Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

Filesystem Format Commands . . . . . . . . . . . . . . . . . . . . . . . . . 354

Swap Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

Filesystem Check Commands . . . . . . . . . . . . . . . . . . . . . . . . . 355

Filesystem Conversions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Exercise 6-2: Format, Check, and Mount Different

Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357


xvi RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

Basic Linux Filesystems and Directories . . . . . . . . . . . . . . . . . . . . . . . . 358

Separate Linux Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Directories That Can Be Mounted Separately . . . . . . . . . . . . . 359

Logical Volume Management (LVM) . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Definitions in LVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Create a Physical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Create a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Create a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363

Make Use of a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . 363

More LVM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363

Remove a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Resize Logical Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

The GUI Logical Volume Management Tool . . . . . . . . . . . . . 368

Volume Encryption with the Linux Unified Key Setup . . . . . . . . . . . . 375

Passwords, Passphrases, and More . . . . . . . . . . . . . . . . . . . . . . 375

Encryption During Installation . . . . . . . . . . . . . . . . . . . . . . . . 376

Prepare and Initialize Encryption . . . . . . . . . . . . . . . . . . . . . . . 377

Prepare the New Filesystem . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

Create the New Filesystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

Filesystem Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381

The /etc/fstab File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382

Universally Unique Identifiers in /etc/fstab . . . . . . . . . . . . . . . 384

The mount Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

More Filesystem Mount Options . . . . . . . . . . . . . . . . . . . . . . . 386

Virtual Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Add Your Own Filesystems to /etc/fstab . . . . . . . . . . . . . . . . . . 387

Removable Media and /etc/fstab . . . . . . . . . . . . . . . . . . . . . . . 388

Networked Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

The Automounter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

Mounting via the Automounter . . . . . . . . . . . . . . . . . . . . . . . . 390

Exercise 6-3: Configure the Automounter . . . . . . . . . . . . . . 396


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405


Contents xvii

7 Package Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

The Red Hat Package Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

What Is a Package? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

What Is a Red Hat Package? . . . . . . . . . . . . . . . . . . . . . . . . . . 412

What Is a Repository? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

Install an RPM Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

Uninstall an RPM Package . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

Install RPMs from Remote Systems . . . . . . . . . . . . . . . . . . . . . 415

RPM Installation Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

Special RPM Procedures with the Kernel . . . . . . . . . . . . . . . . 418

More RPM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420

Package Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

Package Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

File Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422

Different Databases of Installed Packages . . . . . . . . . . . . . . . . 424

Dependencies and the yum Command . . . . . . . . . . . . . . . . . . . . . . . . . 424

An Example of Dependency Hell . . . . . . . . . . . . . . . . . . . . . . 424

Relief from Dependency Hell . . . . . . . . . . . . . . . . . . . . . . . . . . 426

Basic yum Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427

The Basic yum Configuration File: yum.conf . . . . . . . . . . . . . 428

Configuration Files in the /etc/yum/pluginconf.d Directory . . 430

Configuration Files in the /etc/yum.repos.d Directory . . . . . . . 431

Create Your Own /etc/yum.repos.d Configuration File . . . . . . 434

Exercise 7-1: Create a yum Repository from the

RHEL 6 DVD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437

Third-Party Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438

Basic yum Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

Installation Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

Security and yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

Updates and Security Fixes . . . . . . . . . . . . . . . . . . . . . . . . . . . 442

Package Groups and yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442

More yum Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444

More Package Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

The GNOME Software Update Tool . . . . . . . . . . . . . . . . . . . . 448

Automated Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448

GNOME Add/Remove Software Tool . . . . . . . . . . . . . . . . . . . 450


xviii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

Exercise 7-2: Installing More with yum and the Add/Remove

Software Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

The Red Hat Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461

8 User Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465

User Account Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Different Kinds of Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

The Shadow Password Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . 468

Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

Exercise 8-1: Add a User with the Red Hat User Manager . . 476

Exercise 8-2: Real and Fake Shells . . . . . . . . . . . . . . . . . . . . 478

Delete a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478

Modify an Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

More User and Group Management Commands . . . . . . . . . . . 480

Administrative Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

The Ability to Log In as root . . . . . . . . . . . . . . . . . . . . . . . . . . 483

Exercise 8-3: Limit root Logins . . . . . . . . . . . . . . . . . . . . . . . 483

The Ability to Log In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484

The Proper Use of the su Command . . . . . . . . . . . . . . . . . . . . 485

Limit Access to su . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

The Proper Use of the sg Command . . . . . . . . . . . . . . . . . . . . 486

Custom Administrators with the sudo Command . . . . . . . . . . 486

Other Administrative Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

User and Shell Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

Home Directories and /etc/skel . . . . . . . . . . . . . . . . . . . . . . . . 489

/etc/bashrc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490

/etc/profile and /etc/profile.d . . . . . . . . . . . . . . . . . . . . . . . . . . 490

/etc/profile.d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

Exercise 8-4: Another Way to Secure a System . . . . . . . . . . 491

Shell Configuration Files in User Home Directories . . . . . . . . 492

Login, Logout, and User Switching . . . . . . . . . . . . . . . . . . . . . 492


Contents xix

Users and Network Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493

LDAP Client Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 494

The Name Service Switch File . . . . . . . . . . . . . . . . . . . . . . . . 496

Red Hat Network Authentication Tools . . . . . . . . . . . . . . . . . 497

Special Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500

Standard and Red Hat Groups . . . . . . . . . . . . . . . . . . . . . . . . . 501

Shared Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501

Exercise 8-5: Control Group Ownership with the SGID Bit . . 502


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511

9 RHCSA-Level System Administration Tasks . . . . . . . . 515

Configure Access with VNC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517

Install and Configure a TigerVNC Server . . . . . . . . . . . . . . . . 518

The GNOME-Based vino Server . . . . . . . . . . . . . . . . . . . . . . . 519

Install and Configure a VNC Client . . . . . . . . . . . . . . . . . . . . 521

Firewall Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523

Confirm Access to a VNC Server . . . . . . . . . . . . . . . . . . . . . . 524

Route Through a Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . 525

More VNC Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526

A User VNC Configuration File . . . . . . . . . . . . . . . . . . . . . . . 526

Elementary System Administration Commands . . . . . . . . . . . . . . . . . . 527

System Resource Management Commands . . . . . . . . . . . . . . . 527

Archives and Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . 536

Control Services Through Daemons . . . . . . . . . . . . . . . . . . . . 538

Automate System Administration: cron and at . . . . . . . . . . . . . . . . . . 539

The System crontab and Components . . . . . . . . . . . . . . . . . . . 539

Hourly cron Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542

Regular Anacron Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543

Setting Up cron for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544

Exercise 9-1: Create a cron Job . . . . . . . . . . . . . . . . . . . . . . . 545

Running a Job with the at System . . . . . . . . . . . . . . . . . . . . . . 545

Secure cron and at . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546

Local Log File Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548

System Log Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . 548


xx RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

Log File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550

A Variety of Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551

Service Specific Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552

Exercise 9-2: Learn the Log Files . . . . . . . . . . . . . . . . . . . . . . 552


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560

10 A Security Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563

The Layers of Linux Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564

Bastion Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565

Best Defenses with Security Updates . . . . . . . . . . . . . . . . . . . . 566

Service-Specific Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567

Host-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569

User-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569

Console Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570

Recommendations from the U.S. National Security Agency . . 570

The PolicyKit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571

Firewalls and Network Address Translation . . . . . . . . . . . . . . . . . . . . . 573

Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573

The Structure of the iptables Command . . . . . . . . . . . . . . . . . 574

The Default Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577

Recommendations from the NSA . . . . . . . . . . . . . . . . . . . . . . 577

Make Sure the Firewall Is Running . . . . . . . . . . . . . . . . . . . . . 580

IP Masquerading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580

IP Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582

The Red Hat Firewall Configuration Tool . . . . . . . . . . . . . . . . 583

The Extended Internet Super-Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 591

Generic xinetd Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 592

Service-Specific xinetd Configuration . . . . . . . . . . . . . . . . . . . 593

Exercise 10-1: Configure xinetd . . . . . . . . . . . . . . . . . . . . . . 595

TCP Wrappers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596

Is a Service Protected by TCP Wrappers? . . . . . . . . . . . . . . . . 596

TCP Wrappers Configuration Files . . . . . . . . . . . . . . . . . . . . . 597

Exercise 10-2: Configure TCP Wrappers . . . . . . . . . . . . . . . 599


Contents xxi

Pluggable Authentication Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 600

Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601

Control Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602

The Format of a PAM File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604

Exercise 10-3: Configure PAM . . . . . . . . . . . . . . . . . . . . . . . 608

PAM and User-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . 608

Exercise 10-4: Use PAM to Limit User Access . . . . . . . . . . . 610

Secure Files and More with GPG2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611

GPG2 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612

Current GPG2 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 612

GPG2 Encryption Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613

Generate a GPG2 Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613

Use a GPG2 Key to Secure a File . . . . . . . . . . . . . . . . . . . . . . . 616


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624

11 System Services and SELinux . . . . . . . . . . . . . . . . . . . . 629

Red Hat System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631

Service Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631

System Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632

Bigger Picture Configuration Process . . . . . . . . . . . . . . . . . . . . 635

Available Configuration Tools . . . . . . . . . . . . . . . . . . . . . . . . . 635

Security-Enhanced Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637

Options in the SELinux Booleans Directory . . . . . . . . . . . . . . 637

Service Categories of SELinux Booleans . . . . . . . . . . . . . . . . . 639

Boolean Configuration with the SELinux Management Tool . . 639

Boolean Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640

SELinux File Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645

Exercise 11-1: Configure a New Directory with Appropriate

SELinux Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647

The Secure Shell Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648

SSH Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . 648

SSH Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649

Basic Encrypted Communication . . . . . . . . . . . . . . . . . . . . . . . 650


xxii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

Set Up a Private/Public Pair for Key-Based Authentication . . 652

Configure an SSH Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 654

User-Based Security for SSH . . . . . . . . . . . . . . . . . . . . . . . . . . 662

Host-Based Security for SSH . . . . . . . . . . . . . . . . . . . . . . . . . . 662

A Security and Configuration Checklist . . . . . . . . . . . . . . . . . . . . . . . . 663

Installation of Server Services . . . . . . . . . . . . . . . . . . . . . . . . . 663

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667

Make Sure the Service Survives a Reboot . . . . . . . . . . . . . . . . 667

Review Access Through Layers of Security . . . . . . . . . . . . . . . 668

Exercise 11-2: Review the Different Effects of iptables and

TCP Wrappers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679

12 RHCE Administrative Tasks . . . . . . . . . . . . . . . . . . . . . . 681

Automate System Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683

Standard Administrative Scripts . . . . . . . . . . . . . . . . . . . . . . . 683

Script Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685

Create Your Own Administrative Scripts . . . . . . . . . . . . . . . . 687

Exercise 12-1: Create a Script . . . . . . . . . . . . . . . . . . . . . . . . 688

Kernel Run-Time Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689

How sysctl Works with /etc/sysctl.conf . . . . . . . . . . . . . . . . . . 689

Settings in the /etc/sysctl.conf File . . . . . . . . . . . . . . . . . . . . . . 690

Exercise 12-2: Disable Responses to the ping Command . . . 691

Create an RPM Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 692

Source RPMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693

The Directory Structure of an RPM Source . . . . . . . . . . . . . . 694

Create Custom Source Code . . . . . . . . . . . . . . . . . . . . . . . . . . 696

One More Prep Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 697

Create Your Own spec File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698

Build Your Own RPM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702

The Built RPMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703

Special Network Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 704

Configure Special IP Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . 704


Contents xxiii

Set Up a Kerberos Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 708

Connect to Remote iSCSI Storage . . . . . . . . . . . . . . . . . . . . . 712


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 720


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 722

13 Electronic Mail Servers . . . . . . . . . . . . . . . . . . . . . . . . . 727

A Variety of E-Mail Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729

Definitions and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729

Relevant Mail Server Packages . . . . . . . . . . . . . . . . . . . . . . . . 730

Use alternatives to Select an E-Mail System . . . . . . . . . . . . . . 731

General User Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732

Mail Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733

Common Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734

Testing an E-Mail Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735

Exercise 13-1: Create Users Just for E-Mail . . . . . . . . . . . . . 735

The Configuration of Postfix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736


The main.cf Configuration File . . . . . . . . . . . . . . . . . . . . . . . . 740

The /etc/aliases Configuration File . . . . . . . . . . . . . . . . . . . . . 743

The master.cf Configuration File . . . . . . . . . . . . . . . . . . . . . . . 744

Test the Current Postfix Configuration . . . . . . . . . . . . . . . . . . 744

Configure Postfix Authentication . . . . . . . . . . . . . . . . . . . . . . 745

Configure Incoming E-Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . 746

Configure a Relay Through a Smart Host . . . . . . . . . . . . . . . . 746

Exercise 13-2: Switch Services . . . . . . . . . . . . . . . . . . . . . . . 747

The Other SMTP Service: sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . 747

The Basics of sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 748


The sendmail.mc Macro File . . . . . . . . . . . . . . . . . . . . . . . . . . 750

The submit.mc Macro File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755

Configure sendmail to Accept E-Mail from Other Systems . . 756

Configure sendmail to Relay E-Mail to a Smart Host . . . . . . . 757

Configure User- and Host-Based sendmail Security . . . . . . . . 757

Test the Current sendmail Configuration . . . . . . . . . . . . . . . . 757


xxiv RHCSA/RHCE Red Hat Linux Certifi cation Study Guide


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764

14 The Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . 769

The Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771

Apache 2.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771

The LAMP Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772

Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772

Exercise 14-1: Install the Apache Server . . . . . . . . . . . . . . . 773

The Apache Configuration Files . . . . . . . . . . . . . . . . . . . . . . . 775

Analyze the Default Apache Configuration . . . . . . . . . . . . . . 775

The Main Apache Configuration File . . . . . . . . . . . . . . . . . . . 776

Basic Apache Configuration for a Simple Web Server . . . . . . 779

Apache Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 780

Standard Apache Security Configuration . . . . . . . . . . . . . . . . . . . . . . . 782

Ports and Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 782

Apache and SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 782

Module Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785

Security Within Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 787

Exercise 14-2: The Apache Welcome and the

noindex.html Story . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 790

Exercise 14-3: Create a List of Files . . . . . . . . . . . . . . . . . . . 791

Host-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 792

User-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793

Specialized Apache Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 794

Control Through the .htaccess File . . . . . . . . . . . . . . . . . . . . . 795

Password-Protected Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 795

Home Directory Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 796

Group-Managed Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . 798

Exercise 14-4: Password Protection for a Web Directory . . . 800

Regular and Secure Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801

The Standard Virtual Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802

Secure Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805

Create a New SSL Certificate . . . . . . . . . . . . . . . . . . . . . . . . . 808


Contents xxv

Test Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811

Syntax Checkers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 812

Apache Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 813

Exercise 14-5: Set Up a Virtual Web Server . . . . . . . . . . . . . 814

Deploy a Basic CGI Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 815

Apache Configuration Changes for CGI Files . . . . . . . . . . . . . 816

Set Up a Simple CGI Script . . . . . . . . . . . . . . . . . . . . . . . . . . . 817

Connections to a Web Site . . . . . . . . . . . . . . . . . . . . . . . . . . . 818


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 824


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 826

15 The Samba File Server . . . . . . . . . . . . . . . . . . . . . . . . . . 831

Samba Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833

Install Samba Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 834

Some Samba Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 834

Ports, Firewalls, and Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . 835

Configure SELinux Booleans for Samba . . . . . . . . . . . . . . . . . 836

Configure SELinux File Types for Samba . . . . . . . . . . . . . . . . . 837

Samba Daemons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 838

Samba Server Global Configuration . . . . . . . . . . . . . . . . . . . . 838

Shared Samba Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847

Let Samba Join a Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . 851

The Samba User Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . 852

Create a Public Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 853

Exercise 15-1: Configure a Samba Home Directory Share . . 854

The Samba Web Administration Tool . . . . . . . . . . . . . . . . . . . 856

Test Changes to /etc/samba/smb.conf . . . . . . . . . . . . . . . . . . . 862

Review User- and Host-Based Samba Security . . . . . . . . . . . . 863

Review Basic Samba Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . 865

Exercise 15-2: Configuring Samba with Shares . . . . . . . . . . 865

Samba as a Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 867

Command Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 867

Mount Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 868

Automated Samba Mounts . . . . . . . . . . . . . . . . . . . . . . . . . . . 868


xxvi RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

Samba Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 869

Samba Problem Identification . . . . . . . . . . . . . . . . . . . . . . . . . 869

Local Log File Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 870

Enable Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877

16 More File-Sharing Services . . . . . . . . . . . . . . . . . . . . . . 883

The Network File System (NFS) Server . . . . . . . . . . . . . . . . . . . . . . . . 885

NFS Options for RHEL 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885

Basic NFS Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 886

Basic NFS Server Configuration . . . . . . . . . . . . . . . . . . . . . . . 887

Configure NFS for Basic Operation . . . . . . . . . . . . . . . . . . . . . 890

Special Requirements for /home Directories . . . . . . . . . . . . . . 892

Fixed Ports in /etc/sysconfig/nfs . . . . . . . . . . . . . . . . . . . . . . . . 893

Make NFS Work with SELinux . . . . . . . . . . . . . . . . . . . . . . . . 896

Quirks and Limitations of NFS . . . . . . . . . . . . . . . . . . . . . . . . 898

Performance Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 900

NFS Security Directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 901

Options for Host-Based Security . . . . . . . . . . . . . . . . . . . . . . . 903

Options for User-Based Security . . . . . . . . . . . . . . . . . . . . . . . 903

Exercise 16-1: NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 903

Test an NFS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905

NFS Mount Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905

Configure NFS in /etc/fstab . . . . . . . . . . . . . . . . . . . . . . . . . . . 906

Diskless Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907

Soft Mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907

Current NFS Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 908

The Very Secure FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 908

Basic vsFTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 909

The Main vsFTP Configuration File . . . . . . . . . . . . . . . . . . . . 909

Other vsFTP Configuration Files . . . . . . . . . . . . . . . . . . . . . . . 914

Configure SELinux Support for vsFTP . . . . . . . . . . . . . . . . . . 915

Ports, Firewalls, and vsFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916


Contents xxvii

Exercise 16-2: Configure a Basic vsFTP Server . . . . . . . . . . 917

Anonymous-Only Download Configuration . . . . . . . . . . . . . . 918


Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 924


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 926

17 Administrative Services: DNS, FTP, and Logging . . . . . 931

Basic Domain Service Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . 933

Basic Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 934

DNS Package Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 934

Different Types of DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . 935

Minimal DNS Server Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 935

BIND Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 935

A Caching-Only Name Server . . . . . . . . . . . . . . . . . . . . . . . . . 937

Starting named . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 939

A Forwarding Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 940

Forwarding from a Caching-Only Name Server . . . . . . . . . . . 941

BIND Troubleshooting Commands . . . . . . . . . . . . . . . . . . . . . 942

Exercise 17-1: Set Up Your Own DNS Server . . . . . . . . . . . 943

Set Up System Utilization Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 944

System Utilization Commands . . . . . . . . . . . . . . . . . . . . . . . . . 944

The System Status Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 945

Collect System Status into Logs . . . . . . . . . . . . . . . . . . . . . . . . 946

Prepare a System Status Report . . . . . . . . . . . . . . . . . . . . . . . . 947

Configure a System Logging Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 949

System Logging Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 949

Enable Logging Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950

Configure Logging Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950

Configure Logging Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . 951

Limit Access to Specified Systems . . . . . . . . . . . . . . . . . . . . . . 952

The Network Time Server Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953

The NTP Server Configuration File . . . . . . . . . . . . . . . . . . . . 953

Security Limits on NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 955



xxviii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

Lab Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 961


Lab Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 963

A Prepare a System for the Sample Exams . . . . . . . . . . . 967

Basic Sample Exam System Requirements . . . . . . . . . . . . . . . . . . . . . . 968

Additional Sample Exam System Requirements for the RHCE . . . . . . 971

B Sample Exam 1: RHCSA . . . . . . . . . . . . . . . . . . . . . . . . 973

RHCSA Sample Exam 1 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . 975

C Sample Exam 2: RHCSA . . . . . . . . . . . . . . . . . . . . . . . . 977

RHCSA Sample Exam 2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . 979

D Sample Exam 3: RHCE Sample Exam 1 . . . . . . . . . . . . 981

RHCE Sample Exam 1 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 983

E Sample Exam 4: RHCE Sample Exam 2 . . . . . . . . . . . . 985

RHCE Sample Exam 2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 987

F About the CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 991

System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 992

Electronic Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 992

Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 993

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995


xxix

ACKNOWLEDGMENTS

I personally would like to thank the following people: Nancy E. Cropley, R.N. (d. 2002): Its now been nearly ten years since

youve left this world, but I continue to hold your spirit in my heart, and I

hope you can still see the joy of the world through my eyes. You are my hero,

even today. I hope you can see how happy I am with Donna, but I will always

miss you.

As a political activist, you fought for what you believed in: social justice,

peace, and universal health care. You were never afraid to go to jail to support

your beliefs. Your example is helping me find a backbone for life.

As a nurse for the homeless, you helped so many who are less fortunate. You

worked tirelessly in the clinics, in the shelters, and on the streets. Your efforts

eased the pain of so many people. And you saved lives.

As an Internet entrepreneur, you showed me how to be happy pursuing a life

working from home. You made it possible for me to have the freedom to be,

instead of getting stuck in the corporate world.

Nancy, you were my partner, my lover, my soul mate. You helped me find joy

in this world. I take your lessons with me. I thank you for everything youve

done.

My wife Donna: With hope and love, you make my life worth living. With your love and support, my life is now better than ever.

All the incredibly hard-working folks at McGraw-Hill: Stephanie Evans, Tim Green, LeeAnn Pickrell, Robert Campbell, Susie Elkind, and Rebecca

Plunkett for their help in launching a great series and being solid team

players.


xxxi

PREFACE

Linux is thriving. Red Hat is at the forefront of the Linux revolution. And Red Hat Certified System Administrators (RHCSA) and Engineers (RHCE) are making it happen.Even in the current economic recovery, business, education, and governments are

cost conscious. They want control of their operating systems. Linuxeven Red Hat

Enterprise Linuxsaves money. The open-source nature of Linux allows users to

control and customize their operating systems. While there is a price associated with

Red Hat Enterprise Linux (RHEL), the cost includes updates and support. Now with

KVM, its possible to set up a cluster of virtual, independent installations of RHEL

(and other operating systems) on a single physical computer. Many companies are

already converting rooms full of physical systems into closets of just a few systems,

each configured with banks of virtual machines. As an RHCSA and an RHCE, you

can join in that revolution.

While theres a cost associated with a supported version of RHEL, you dont need

to pay for such support. As I describe shortly, there are trial and student subscriptions

that you can use, along with freely available rebuilds of RHEL that are built on the

same source code.

A rebuild is software that is built by a third party from the same source code

as the original build. On the other hand, a clone is built from different

source code.

Security is another reason to move toward Linux. The U.S. National Security

Agency has developed its own version of the Linux kernel to provide context-based

security in a system known as Security-Enhanced Linux (SELinux). RHEL has made

SELinux a key part of a layered security strategy.

The RHCSA and RHCE exams are difficult. Available historical data suggests

that less than 50 percent of first-time candidates pass the RHCE exam. But do not

be intimidated. While there are no guarantees, this book can help you prepare for

and pass the RHCSA and RHCE exams. And these same skills can help you in your

career as a Linux administrator. Just remember, this book is not intended to be a

substitute for the Red Hat prep courses that I describe shortly.


xxxii RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

To study for this exam, you should have a network of at least three Linux

computers. Since the RHCSA focuses on virtual machines, youre encouraged to use

KVM-based systems for two of the computers. After configuring a service, especially

a network service, it can be helpful to check your work from another computer.

Getting Red Hat Enterprise Linux

The Red Hat exams are based on your knowledge of Red Hat Enterprise Linux.

But heres a significant change. The RHCSA objectives specify a number of points

associated with virtual machines. The default RHEL 6 solution uses the Kernel-

based Virtual Machine (KVM). Red Hat supports KVM as a host only on physical

systems with 64-bit CPUs. Therefore, to study for the KVM-related objectives for

the RHCSA, youll need physical hardware that can handle a 64-bit version of

RHEL 6. (However, 64-bit systems may not be absolutely required; 32-bit versions

of KVM are available on Fedora. However, there is no version of Fedora thats

completely compatible with RHEL 6.)

And you should expect to install two or more virtual machines on that 64-bit

physical system. Virtual hosts work better on systems with multiple CPUs or systems

with multicore CPUs. So to avoid hardware that slows your studies, youll want a

64-bit physical system with at least 2GB and preferably 4GB of RAM. (I prepared

this book on a 64-bit system with 8GB of RAM.) If youre using a laptop system,

read the information from https://bugzilla.redhat.com/show_bug.cgi?id=667485. If

the listed bug has not been resolved by the time you read this, the useful lifetime of

your hard drive may depend on it. As Red Hat Network updates are not explicitly

listed as a requirement in the Red Hat Exam Prep guide, a trial subscription or a

rebuild distribution is sufficient for these purposes. If you want a full subscription,

which can help you test features associated with the Red Hat Network, the price

depends on the hardware and the desired level of technical support. Ive emphasized

Red Hat solely to focus on distributions that use Red Hat source code, including the

rebuilds described in this section (and more).

With Red Hat Enterprise Linux 6, Red Hat has modified its offerings into three

categories:

RHEL Server includes varying levels of support, which themselves fall into three basic categories:

Regular 32- and 64-bit systems based on AMD and Intel CPUs; the cost varies with the number of CPU sockets and supported virtual guests.


Preface xxxiii

IBM POWER Systems; the cost varies with the number of CPU sockets. IBM System z.

RHEL Desktop includes varying levels of support suitable for workstations. RHEL Add-Ons are available in areas such as High Availability, Resilient

Storage, Load Balancing, and more.

I prepared this book with the help of RHEL 6 server. It appears that RHEL 6

workstation also has the server packages required for the RHCSA and/or the RHCE

exams. While RHEL is released under open-source licenses, that applies just to the

source code. Access to the binary packages requires the purchase of a subscription.

And that can be expensive.

One of the advantages of an enterprise-level operating system is stability. When

an enterprise upgrades to RHEL 6, it counts on the ability to revise its configuration

just once. Security updates and bug fixes should then be automatic. To that end,

Red Hat takes every possible measure to avoid forcing enterprises to revamp their

systems just for a point release such as RHEL 6.1. If an enterprise had to revise its

configuration files for any major service for any point release, the costs associated

with Red Hats enterprise-level operating systems would also rise.

For the same reasons, point releases do not affect the Red Hat exam objectives.

While RHEL 6.1 improves the performance of the operating system, incorporates

bug fixes, and collects security updates, it has not changed any of the defaults of any

of the configuration files described in the book.

When RHEL 6.2, RHEL 6.3, and so on, are released in future months, I expect

a similar result. Otherwise, Red Hat would likely lose customers, as enterprises

would encounter unplanned costs to update their systems. Ive monitored RHEL

releases closely for nearly a decade. Ive seen no evidence of a change to the

exam objectives based just on a point release. If in doubt, monitor the content of

the exam objectives listed at www.redhat.com/certification/rhcsa/objectives/ and

www.redhat.com/certification/rhce/objectives/.

If youre just studying for the exams, trial subscriptions are available from the

appropriate product page; for example, a link to Free Evaluation Software is

available at www.redhat.com/rhel/server. An account on the Red Hat Network

(RHN) is required. Personal e-mail addresses (such as those associated with certain

search engines) are not accepted for RHN accounts. While trial subscriptions only

support updates for 30 days, updates can also be tested using the mirror repositories

associated with rebuild distributions. And you can download the same operating

system (for the trial period) from the same sources as paying Red Hat users.


xxxiv RHCSA/RHCE Red Hat Linux Certifi cation Study Guide

If youre a student or a member of an educational institution with a .edu e-mail

address, academic subscriptions are available. As of this writing, the cost of an

academic subscription to RHEL Server ($60) is a significant discount over the least

expensive standard RHEL Server subscription ($349).

But if you dont have an .edu or business e-mail address, you dont have to pay for a

full or a trial subscription to prepare for the RHCE exam. There are several projects

dedicated to rebuilds of Red Hat Enterprise Linux. The source code for almost all

RHEL RPM packages is released under the Linux General Public License (GPL) or

related open-source licenses. This gives anyone the right to build Red Hat Enterprise

Linux from the Red Hat released source code.

The source code is released in Source RPM package format, which means the

RPM packages can be built using the rpmbuild commands described in Chapter 12.

The developers behind rebuild distributions have all revised the source code to

remove Red Hat trademarks. Some, like Scientific Linux 6, are freely available;

others, like Oracle Linux, require registration and compliance with certain criteria

such as U.S. export control laws.

You can select and download the rebuild that most closely meets your needs. I

have tried several of the rebuilds, including those developed by Scientific Linux and

Community Enterprise Linux (CentOS). As this book is going to print, Microsoft

has announced support on its virtual machine software for CentOS.

The rebuilds of RHEL are freely available; however, you should have a high-speed

Internet connection. While these rebuilds do make slight modifications to RHEL

source code (primarily to remove or replace Red Hat trademarks), I have not seen

any difference that would impair your ability to study for the Red Hat exams.

Scientific Linux Formerly known as Fermi Linux, it includes a lot of intellectual firepower associated with the Fermi National Accelerator Lab

as well as CERN, the lab associated with Tim Berners-Lee, the person most

commonly credited with the invention of the World Wide Web.

Community Enterprise Linux The Community Enterprise Operating System (CentOS) rebuild developed by the group at www.centos.org appears

solid to me. This group probably has the largest community among the

rebuilds. Some messages from CentOS developers suggest that CentOS-6

should be released by the time this book is available in print.

For the exams based on Red Hat Enterprise Linux 6, avoid Fedora Linux. Even

though RHEL 6 is based loosely on Fedora 12, Fedora 13, and even Fedora 14, there

are sufficient differences in the look and feel of all three releases that may prove


Preface xxxv

confusing for the purpose of an exam. And I definitely recommend that you not use

other distributions, as the Red Hat exams are based on Red Hat Enterprise Linux. In

many cases, the changes that would be standard on a different Linux release would

lead to trouble on RHEL 6.

For Instructors and More

I encourage everyone to read this guide for instructors. This book is organized to

help you prepare coursework for, or study for, one exam at a time.

Perhaps the biggest change in this book is designed to help the instructor. Since

the RHCSA and RHCE are two entirely separate exams, Ive reorganized this book

to reflect those changes. If youre studying just for the RHCSA, read Chapters 1

through 9. If youre studying just for the RHCE, read Chapter 1 and Chapters 10

through 17. The same changes will help you as a certification candidate as well, so

you know what skills to gain for each exam.

Many, perhaps most, candidates have trouble finishing the tasks associated with

the RHCSA and RHCE exams in the time allotted. One way to save time during

these exams is to keep things simple. While its important to read over the questions

carefully, its also important not to overdo things. For example, theres no need to

configure virtual servers for the RHCSA exam. As suggested by one RHCE-related

objective, its normally sufficient to configure the service for basic operation.

Every chapter includes at least 12 fill-in-the-blank questions. While there are

no multiple-choice or file-in-the-blank questions on Red Hat exams, such questions

can still help measure student mastery of chapter material. And the fill-in-the-blank

format puts a premium on the practical experience required on the exam.

In the same fash

Documents

A hat that is not blue and it teaches you LINUX