Red Hat Linux 7.
Red Hat Linux 7.3: The Official Red Hat Linux Customization Guide Copyright © 2002 by Red Hat, Inc. Red Hat, Inc. 1801 Varsity Drive Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park NC 27709 USA rhl-cg(EN)-7.3-HTML-RHI (2002-05-02T12:45-0400) Copyright © 2002 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1.
Table of Contents Introduction ......................................................................................................................................ix 1. Changes to This Manual ..................................................................................................ix 2. Document Conventions .................................................................................................... x 3. More to Come ..........................................................................
7.4. Configuring Services ........................................................................................ 89 7.5. Activating the Firewall..................................................................................... 90 8. Controlling Access to Services ....................................................................................... 91 8.1. Runlevels ............................................................................................................ 91 8.2. TCP Wrappers........
III. System Configuration ............................................................................................................ 157 17. Console Access ............................................................................................................. 159 17.1. Disabling Shutdown Via Ctrl-Alt-Del........................................................ 159 17.2. Disabling Console Program Access............................................................ 160 17.3. Disabling All Console Access.
IV. Package Management ............................................................................................................ 215 25. Package Management with RPM .............................................................................. 217 25.1. RPM Design Goals........................................................................................ 217 25.2. Using RPM..................................................................................................... 218 25.3.
Introduction Welcome to the Official Red Hat Linux Customization Guide. The Official Red Hat Linux Customization Guide contains information on how to customize your Red Hat Linux system to fit your needs. If you are looking for a step-by-step, taskoriented guide for configuring and customizing your system, this is the manual for you.
x Introduction Network Configuration This chapter has been written to discussed the revised Red Hat Network Administration Tool. It is now more task-oriented. Samba This chapter now includes how to use pam_smbpass to sync users’ Samba passwords with their system passwords when the passwd command is used. Squid Configuration This new chapter discusses the Red Hat Squid Configurator, a graphical tool for configuring the Squid Web Proxy Cache server.
Introduction xi command Linux commands (and other operating system commands, when used) are represented this way. This style should indicate to you that you can type the word or phrase on the command line and press [Enter] to invoke a command. Sometimes a command contains words that would be displayed in a different style on their own (such as filenames). In these cases, they are considered to be part of the command, so the entire phrase will be displayed as a command.
xii Introduction top level of a menu on a GUI screen or window When you see a word in this style, it indicates that the word is the top level of a pulldown menu. If you click on the word on the GUI screen, the rest of the menu should appear. For example: Under Settings on a GNOME terminal, you will see the following menu items: Preferences, Reset Terminal, Reset and Clear, and Color selector.
Introduction xiii Additionally, we use several different strategies to draw your attention to certain pieces of information. In order of how critical the information is to your system, these items will be marked as note, tip, important, caution, or a warning. For example: Note Remember that Linux is case sensitive. In other words, a rose is not a ROSE is not a rOsE. Tip The directory /usr/share/doc contains additional documentation for packages installed on your system.
xiv Introduction 3.1. Send in Your Feedback If you spot a typo in the Official Red Hat Linux Customization Guide, or if you have thought of a way to make this manual better, we would love to hear from you! Please submit a report in Bugzilla (http://www.redhat.com/bugzilla) against the component rhl-cg. Be sure to mention the manual’s identifier: rhl-cg(EN)-7.3-HTML-RHI (2002-05-02T12:45-0400) By mentioning this manual’s identifier, we will know exactly which version of the guide you have.
Installation-Related Reference
Chapter 1. Kickstart Installations 1.1. What are Kickstart Installations? Many system administrators would prefer to use an automated installation method to install Red Hat Linux on their machines. To answer this need, Red Hat created the kickstart installation method. Using kickstart, a system administrator can create a single file containing the answers to all the questions that would normally be asked during a typical Red Hat Linux installation.
Chapter 1. Kickstart Installations 1.3. Creating the Kickstart File The kickstart file is a simple text file, containing a list of items, each identified by a keyword. You can create it by editing a copy of the sample.ks file found in the RH-DOCS directory of the Red Hat Linux Documentation CD, using the Kickstart Configurator application, or writing it from scratch. The Red Hat Linux installation program also creates a sample kickstart file based on the options that you selected during installation.
Chapter 1. Kickstart Installations 19 1.4.1. autostep autostep (optional) Similar to interactive except it goes to the next screen for you. It is used mostly for debugging. 1.4.2. auth auth or authconfig (required) Sets up the authentication options for the system. It’s similar to the authconfig command, which can be run after the install. By default, passwords are normally encrypted and are not shadowed. --enablemd5 Use md5 encryption for user passwords. --enablenis Turns on NIS support.
Chapter 1. Kickstart Installations --enableldaptls Use TLS (Transport Layer Security) lookups. This option allows LDAP to send encrypted usernames and passwords to an LDAP server before authentication. --enablekrb5 Use Kerberos 5 for authenticating users. Kerberos itself does not know about home directories, UIDs, or shells.
Chapter 1. Kickstart Installations 21 --enablesmbauth Enables authentication of users against an SMB server (typically a Samba or Windows server). SMB authentication support does not know about home directories, UIDs, or shells. So if you enable it you will need to make users’ accounts known to the workstation by enabling LDAP, NIS, or Hesiod or by using the /usr/sbin/useradd command to make their accounts known to the workstation. To use this option, you must have the pam_smb package installed.
Chapter 1. Kickstart Installations --linear If using LILO, use the linear LILO option; this is only for backwards compatibility (and linear is now used by default). --nolinear If using LILO, use the nolinear LILO option; linear is the default. --lba32 If using LILO, force use of lba32 mode instead of autodetecting. --upgrade 1 Upgrade the existing boot loader configuration. This option is only available for upgrades. 1.4.4.
Chapter 1. Kickstart Installations 23 1.4.5. device device (optional) On most PCI systems, the installation program will autoprobe for Ethernet and SCSI cards properly. On older systems and some PCI systems, however, kickstart needs a hint to find the proper devices. The device command, which tells Anaconda to install extra modules, is in this format: device type moduleName --opts type should be scsi or eth, and ule which should be installed.
Chapter 1. Kickstart Installations firewall [--high | --medium | --disabled] [--trust device ] [--dhcp] [--ssh] [-telnet] [--smtp] [--http] [--ftp] [--port portspec ] Levels of security Choose one of the following levels of security: • --high • --medium • --disabled --trust device Listing a device here, such as eth0, allows all traffic coming from that device to go through the firewall. To list more than one device, use --trust eth0 --trust eth1.
Chapter 1. Kickstart Installations 25 nfs Install from the NFS server specified. • --server server Server from which to install (hostname or IP). • --dir dir Directory containing the Red Hat installation tree. For example: nfs --server server --dir dir cdrom Install from the first CD-ROM drive on the system. For example: cdrom harddrive Install from a Red Hat installation tree on a local drive, which must be either vfat or ext2.
Chapter 1. Kickstart Installations 1.4.11. interactive interactive (optional) Uses the information provided in the kickstart file during the installation, but allow for inspection and modification of the values given. You will be presented with each screen of the installation program with the values from the kickstart file. Either accept the values by clicking Next or change the values and click Next to continue. See also Section 1.4.1. 1.4.12. keyboard keyboard (required) Sets system keyboard type.
Chapter 1. Kickstart Installations 27 1.4.14. langsupport langsupport (required) Sets the language(s) to install on the system. The same language codes used with lang can be used with langsupport. If you just want to install one language, specify it. For example, to install and use the French language fr_FR: langsupport fr_FR --default If you want to install language support for more than one language, you must specify a default.
Chapter 1. Kickstart Installations --location= Specifies where the LILO boot record is written. Valid values are the following: mbr (the default) or partition (installs the boot loader on the first sector of the partition containing the kernel). If no location is specified, LILO is not installed. --lba32 Forces the use of lba32 mode instead of autodetecting. 1.4.16.
Chapter 1. Kickstart Installations 29 1.4.18. network network (optional) Configures network information for the system. If the kickstart installation does not require networking (in other words, it is not installed over NFS, HTTP, or FTP), networking is not configured for the system.
Chapter 1. Kickstart Installations The static method requires that you enter all the required networking information in the kickstart file. As the name implies, this information is static, and will be used during the installation, and after the installation as well.
Chapter 1. Kickstart Installations 31 swap --recommended The minimum size of the automatically-generated swap partition will be no smaller than the amount of RAM in the system and no bigger than twice the amount of RAM in the system. raid. id The partition will be used for software RAID (see the Section 1.4.20 below). --size size The minimum partition size in megabytes. Specify an integer value here such as 500. Do not append the number with MB.
Chapter 1. Kickstart Installations --start Specifies the starting cylinder for the partition. It requires that a drive be specified with --ondisk or ondrive. It also requires that the ending cylinder be specified with --end or the partition size be specified with --size. --end Specifies the ending cylinder for the partition. It requires that the starting cylinder be specified with --start. --badblocks Specifies that the partition should be checked for bad sectors.
Chapter 1. Kickstart Installations 33 --noformat Do not format the RAID array. The following example shows how to create a RAID level 1 partition for /, and a RAID level 5 for /usr, assuming there are three SCSI disks on the system. It also creates three swap partitions, one on each drive. part raid.01 --size 60 --ondisk sda part raid.02 --size 60 --ondisk sdb part raid.
Chapter 1. Kickstart Installations 1.4.24. text text (optional) Perform the kickstart installation in text mode. Kickstart installations are performed in graphical mode by default. 1.4.25. timezone $ timezone (required) timezone [--utc] & timezone Sets the system time zone to by timeconfig. % timezone ' which may be any of the time zones listed --utc If present, the system assumes the hardware clock is set to UTC (Greenwich Mean) time. 1.4.26.
Chapter 1. Kickstart Installations --monitor ( ) mon 35 * + Use monitor mon ; this monitor name should be from the list of monitors in Xconfigurator. This is ignored if --hsync or --vsync is provided. If no monitor information is provided, the installation program tries to probe for it automatically. ( --hsync ) sync Specifies the horizontal sync frequency of the monitor. ( --vsync sync ) Specifies the vertical sync frequency of the monitor.
Chapter 1. Kickstart Installations Use the %packages --resolvedeps1 to install the listed packages and automatically resolve package dependencies. Use the %packages --ignoredeps1 to ignore the unresolved dependencies and install the listed packages without the dependencies. Packages can be specified by component or by individual package name. The installation program defines several components that group together related packages.
Chapter 1. Kickstart Installations @ @ @ @ 37 GNOME KDE Server Everything 1.4.30. %pre — Pre-Installation Configuration Section You can add commands to run on the system immediately after the ks.cfg has been parsed. This section must be at the end of the kickstart file (after the commands) and must start with the %pre command. Note that you can access the network in the %pre section; however, name service has not been configured at this point, so only IP addresses will work.
Chapter 1. Kickstart Installations # add comment to /etc/motd echo "Kickstart-installed Red Hat Linux ‘/bin/date‘" # add another nameserver echo "nameserver 10.10.0.2" -.- - /etc/motd /etc/resolv.conf Note The post-install script is run in a chroot environment; therefore, performing tasks such as copying scripts or RPMs from the installation media will not work. --nochroot Allows you to specify commands that you would like to run outside of the chroot environment.
Chapter 1. Kickstart Installations 39 1.5. Where to Put A Kickstart File A kickstart file must be placed in one of two locations: • On a boot disk • On a network Normally a kickstart file is copied to the boot disk, or made available on the network. The network-based approach is most commonly used, as most kickstart installations tend to be performed on networked computers. Let us take a more in-depth look at where the kickstart file may be placed. 1.5.1.
/ Chapter 1. Kickstart Installations 0 / ip-addr -kickstart 0 The ip-addr section of the filename should be replaced with the client’s IP address in dotted decimal notation. For example, the filename for a computer with an IP address of 10.10.0.1 would be 10.10.0.1-kickstart. Note that if you do not specify a server name, then the client system will attempt to use the server that answered the BOOTP/DHCP request as its NFS server.
Chapter 1. Kickstart Installations 3 4 3 ks=hd: device / file 4 41 55 66 The installation program will mount the filesystem on device (which must be vfat or ext2), and look for the kickstart configuration file as file in that filesystem (for example, ks=hd:sda3/mydir/ks.cfg). 3 ks=file:/ file 4 5 6 The installation program will try to read the file file from the filesystem; no mounts will be done. This is normally used if the kickstart file is already on the initrd image.
Chapter 1.
Chapter 2. Kickstart Configurator Kickstart Configurator allows you to create a kickstart file using a graphical user interface, so that you do not have to remember the correct syntax of the file. After choosing the kickstart options, click the Save File button, verify the options you have chosen, and save the kickstart file to a desired location. To use Kickstart Configurator, you must by running the X Window System.
Chapter 2. Kickstart Configurator If you have a two-button button mouse, you can emulate a three-button mouse by selecting Emulate 3 Buttons. If this option is selected, simultaneously clicking the left and right mouse buttons will be recognized as a middle mouse button click. From the Time Zone menu, choose the time zone to use for the system. Enter the desired root password for the system in the Root Password text entry box.
Chapter 2. Kickstart Configurator 45 If you choose to install a boot loader, you must also choose which boot loader to install (GRUB or LILO) and where to to install the boot loader (the Master Boot Record or the first sector of the /boot partition). Install the boot loader on the MBR if you plan to use it as your boot loader. If you are using a different boot loader, install LILO or GRUB on the first sector of the /boot partition and configure the other boot loader to boot Red Hat Linux.
Chapter 2. Kickstart Configurator the fully-qualified domain name or IP address of the NFS server. For the NFS directory, enter the name of the NFS directory that contains the RedHat directory. For example, if your NFS server contains the directory /mirrors/redhat/i386/RedHat, enter /mirrors/redhat/i386 for the NFS directory. • FTP — Choose this option if you wish to install Red Hat Linux from an FTP server. Two text entry boxes for the FTP server and FTP directory will appear.
Chapter 2. Kickstart Configurator 47 You can initialize the disk label to the default for the architecture of the system (msdos for x86 and gpt for Itanium). Choose Yes if you are installing on a brand new hard drive. 2.4.1. Creating Partitions To create a partition, click the Add button. The Partition Options window shown in Figure 2-5 will appear. Choose mount point, filesystem type, and partition size for the new partition.
Chapter 2. Kickstart Configurator 2.5. Network Configuration Figure 2-6. Network Configuration There are three network configuration options: DHCP, Static IP, and None. If there is not an Ethernet card in the system, choose None. Networking is only required if you choose a networking-type installation method (NFS or FTP). If you are unsure which to choose, choose None. Networking can always be configured after installation with the Red Hat Network Configurator using the command (redhatconfig-network.
Chapter 2. Kickstart Configurator 49 2.6. Authentication Figure 2-7. Authentication In the Authentication section, select whether to use shadow passwords and md5 encryption for user passwords. These options are highly recommended and chosen by default. The Authentication Configuration options allows you to configure the following methods of authentication: • NIS • LDAP • Kerberos 5 • Hesiod • SMB • Name Switch Cache They are not enabled by default.
Chapter 2. Kickstart Configurator 2.7. Firewall Configuration Figure 2-8. Firewall Configuration The Firewall Configuration window is identical to the screen in the Red Hat Linux installation program and provides the same functionality. Choose between High, Medium, and Disabled security levels. Refer to the Official Red Hat Linux Installation Guide for detailed information about these security levels. 2.8.
Chapter 2. Kickstart Configurator 51 2.8.1. General Figure 2-9. X Configuration - General The first step in configuring X is to choose the default color depth and resolution. Select them from their respective pulldown menus. Be sure to specify a color depth and resolution that is compatible with the video card and monitor for the system. If you are installing both the GNOME and KDE desktops, you need to choose which desktop you want to be the default.
Chapter 2. Kickstart Configurator Figure 2-10. X Configuration - Video Card 2.8.3. Monitor After configuring the video card, click on the Monitor tab shown in Figure 2-11. Probe for monitor is selected by default. Accept this default if you want the installation program to probe for the monitor during installation. Probing works for most modern monitors.
Chapter 2. Kickstart Configurator 53 Figure 2-11. X Configuration - Monitor 2.9. Package Selection Figure 2-12. Package Selection The Package Selection window allows you to choose which package categories to install. Currently, Kickstart Configurator does not allow you to select individual packages. To install individual packages, modify the %packages section of the kickstart file after you save it.
Chapter 2. Kickstart Configurator 2.10. Pre-Installation Script Figure 2-13. Pre-Installation Script You can add commands to run on the system immediately after the kickstart file has been parsed and before the installation begins. If you have configured the network in the kickstart file, the network is enabled before this section is processed. If you would like to include a pre-installation script, type it in the text area. Caution Do not include the %pre command. It will be added for you.
Chapter 2. Kickstart Configurator 55 2.11. Post-Installation Script Figure 2-14. Post-Installation Script You can also add commands to execute on the system after the installation is completed. If you have properly configured the network in the kickstart file, the network is enabled. If you would like to include a post-installation script, type it in the text area. Caution Do not include the %post command. It will be added for you.
Chapter 2. Kickstart Configurator echo "Hackers will be punished!" > /mnt/sysimage/etc/motd 2.11.2. Use an Interpreter If you want to specify a scripting language to use to execute your script, click the Use an interpreter button and enter the interpreter in the text box beside the button. For example, /usr/bin/perl can be specified for a Perl script. This option corresponds to using %post --interpreter /usr/bin/perl in your kickstart file. 2.11.3.
Chapter 2. Kickstart Configurator 57 Figure 2-15. Confirm Options If you are happy with your choices, click the Save File button within the dialog box. A save file dialog box will appear and allow you to choose where to save the file. The default file name to save it as is ks.cfg. After saving the file, refer to Section 1.6 for information on how to start the kickstart installation.
Chapter 2.
Chapter 3. Rescue Mode When things go wrong, there are ways to fix problems. However, these methods require that you understand the system well. This chapter describes how to boot into rescue mode and single user mode, where you can use your own knowledge to repair the system. 3.1. What is Rescue Mode? Rescue mode provides the ability to boot a small Linux environment entirely from a diskette, CD-ROM, or using some other method. As the name implies, rescue mode is provided to rescue you from something.
Chapter 3. Rescue Mode In these situations, you may be unable to boot Red Hat Linux. If you can get into rescue mode, you might be able to resolve the problem or at least get copies of your most important files. 3.2.
Chapter 3. Rescue Mode 61 mount -t ext3 /dev/hda5 /foo In the above command, /foo is a directory that you have created and /dev/hda5 is the partition you want to mount. If the partition is of type ext2, replace ext3 with ext2. If you do not know the names of your partitions, use the following command to list them: fdisk -l If your filesystem is mounted and you want to make your system the root partition, use the command chroot /mnt/sysimage.
Chapter 3. Rescue Mode 5. Back at the GRUB screen, type b to boot into single user mode. If you are using LILO, specify one of these options at the LILO boot prompt (if you are using the graphical LILO, you must press [Ctrl]-[x] to exit the graphical screen and go to the boot: prompt): boot: linux single boot: linux emergency In single-user mode, you computer boots to runlevel 1. Your local filesystems will be mounted, but your network will not be activated.
Chapter 4. Redundant Array of Independent Disks (RAID) 4.1. What is RAID? The basic idea behind RAID is to combine multiple small, inexpensive disk drives into an array to accomplish performance or redundancy goals not attainable with one large and expensive drive. This array of drives will appear to the computer as a single logical storage unit or drive.
Chapter 4. Redundant Array of Independent Disks (RAID) add them to the RAID controller’s configuration, and the operating system never knows the difference. 4.3.2. Software RAID Software RAID implements the various RAID levels in the kernel disk (block device) code. It offers the cheapest possible solution, as expensive disk controller cards or hot-swap chassis 1 are not required. Software RAID also works with cheaper IDE disks as well as SCSI disks.
Chapter 4. Redundant Array of Independent Disks (RAID) 65 high cost. 2 The storage capacity of the level 1 array is equal to the capacity of one of the mirrored hard disks in a Hardware RAID or one of the mirrored partitions in a Software RAID. • Level 4 — Level 4 uses parity 3 concentrated on a single disk drive to protect data. It is better suited to transaction I/O rather than large file transfers.
Chapter 4.
Chapter 5. Software RAID Configuration Read Chapter 4 first to learn about RAID, the differences between Hardware and Software RAID, and the differences between RAID 0, 1, and 5. Software RAID can be configured during the graphical installation of Red Hat Linux or during a kickstart installation. You can use fdisk or Disk Druid to create your RAID configuration, but these instructions will focus mainly on using Disk Druid to complete this task.
Chapter 5. Software RAID Configuration • For Allowable Drives, select the drive on which RAID will be created. If you have multiple drives, all drives will be selected here and you must deselect those drives which will not have the RAID array on them. • Enter the size that you want the partition to be. • Select Fill to maximum allowable size if you want the partition to grow to fill all available space on the hard disk.
Chapter 5. Software RAID Configuration 69 • Select which partitions will go into this RAID array and click OK. • A spare partition can be specified for RAID 1 and RAID 5. If a software RAID partition fails, the spare will automatically be used as a replacement. For each spare you want to specify, you must create an additional software RAID partition (in addition to the partitions for the RAID device). In the previous step, select the partitions for the RAID device and the partition(s) for the spare(s).
Chapter 5.
Network-Related References
Chapter 6. Network Configuration To communicate with other computers, computers need a network connection. This is accomplished by having the operating system recognize an interface card (such as Ethernet, ISDN modem, or token ring) and configuring the interface to connect to the network.
Chapter 6. Network Configuration This chapter will discuss each of these steps for each type of network connection. 6.2. Establishing an Ethernet Connection To establish an Ethernet connection, you need a network interface card (NIC), a network cable (usually a CAT5 cable), and a network to connect to. There are different speeds to networks; make sure your NIC is compatible with the network to which you want to connect. To add an Ethernet connection, follow these steps: 1. Click the Devices tab. 2.
Chapter 6. Network Configuration 75 After configuring the Ethernet device, it appears in the device list as shown in Figure 6-2. Figure 6-2. Ethernet Device Be sure to click Apply to save the changes. After adding the Ethernet device, you can edit its configuration by selecting the device from the device list and clicking Edit. For example, when the device is added, it is configured to start at boot time by default. You can edit its configuration to modify this setting.
Chapter 6. Network Configuration Figure 6-3. ISDN Settings 5. If your ISP is in the pre-configured list, select it. Otherwise, enter the required information about your ISP account. If you do not know the values, contact your ISP. Click Next. 6. On the Create Dialup Connection page, click Finish. After configuring the ISDN device, it appears in the device list as an ippp device as shown in Figure 6-4. Figure 6-4. ISDN Device Be sure to click Apply to save the changes.
Chapter 6. Network Configuration 77 6.4. Establishing a Modem Connection A modem can be used to configure an Internet connection over an active phone line. An Internet Service Provider (ISP) account (also called a dial-up account) is required. To add a modem connection, follow these steps: 1. Click the Devices tab. 2. Click the Add button. 3. Select Modem connection from the Device Type list, and click Next. 4.
Chapter 6. Network Configuration Figure 6-6. Modem Device Be sure to click Apply to save the changes. After adding the modem device, you can edit its configuration by selecting the device from the device list and clicking Edit. For example, when the device is added, it is configured not to start at boot time by default. Edit its configuration to modify this setting. Compression, PPP options, login name, password, and more can also be changed.
Chapter 6. Network Configuration 79 Figure 6-7. xDSL Settings 5. If the Select Ethernet Adapter window appears, select the manufacturer and model of the Ethernet card. Select the device name. If this is the system’s first Ethernet card, select eth0 as the device name, if this is the second Ethernet card, select eth1, and so on. The Network Administration Tool also allows you to configure the resources for the NIC. Click Next to continue. 6. Enter the Provider Name, Login Name, and Password. 7. Click Next.
Chapter 6. Network Configuration 6.6. Establishing a Token Ring Connection A token ring network is a network in which all the computers are connected in a circular pattern. A token, or a special network packet, travels around the token ring and allows computers to send information to each other. Tip For more information on using token ring under Linux, refer to the Linux Token Ring Project website available at http://www.linuxtr.net. To add a token ring connection, follow these steps: 1.
Chapter 6. Network Configuration 81 Figure 6-10. Token Ring Device Be sure to click Apply to save the changes. After adding the device, you can edit its configuration by selecting the device from the device list and clicking Edit. For example, you can configure whether the device is started at boot time. When the device is added, it is not activated, as seen by its Inactive status. To activate the device, select it from the device list, and click the Activate button. 6.7.
Chapter 6. Network Configuration 6.8. Establishing a Wireless Connection Wireless Ethernet devices are becoming increasingly popular. The configuration is similar to the Ethernet configuration except that it allows you to configure ESSID, mode, frequency, channel, transmit rate, and key for your wireless device. To add a wireless Ethernet connection, follow these steps: 1. Click the Devices tab. 2. Click the Add button. 3. Select Wireless connection from the Device Type list, and click Next. 4.
Chapter 6. Network Configuration 83 After configuring the wireless device, it appears in the device list as shown in Figure 6-13. Figure 6-13. Wireless Device Be sure to click Apply to save the changes. After adding the wireless device, you can edit its configuration by selecting the device from the device list and clicking Edit. For example, you can configure the device to activate at boot time. When the device is added, it is not activated, as seen by its Inactive status.
Chapter 6. Network Configuration Figure 6-14. Hosts Configuration Tip To change lookup order, edit the /etc/host.conf file. The line order hosts, bind specifies that the /etc/hosts takes precedence over the name servers. Changing the line to order bind, hosts configures your system to resolve hostnames and IP addresses using the name servers first. If the IP address can not be resolved through the name servers, your system looks for the IP address in the /etc/hosts file. 6.10.
Chapter 6. Network Configuration 85 Note The name servers section does not configure the system to be a name server. If the DNS server names are retrieved from DHCP (or retrieved from the ISP of a modem connection) do not add primary, secondary, or tertiary DNS servers.
Chapter 6.
Chapter 7. Basic Firewall Configuration Just as a firewall in a building attempts to prevent a fire from spreading, a computer firewall attempts to prevent computer viruses from spreading to your computer and to prevent unauthorized users from accessing your computer. A firewall exists between your computer and the network. It determines which services on your computer remote users on the network can access. A properly configured firewall can greatly increase the security of your system.
Chapter 7. Basic Firewall Configuration 7.1. Basic Figure 7-1. Basic After starting the program, choose the appropriate security level for your system: • High Security — This option disables almost all network connects except DNS replies and DHCP so that network interfaces can be activated. IRC, ICQ, and other instant messaging services as well as RealAudio™ will not work without a proxy.
Chapter 7. Basic Firewall Configuration 89 Figure 7-2. Local Hosts 7.3. DHCP If you are using DHCP to activate any Ethernet interfaces on the system, you must say Yes to the DHCP question. If you say no, you will not be able to establish a connect using the Ethernet interface. Many cable and DSL Internet providers require you to use DHCP to establish an Internet connection. Figure 7-3. DHCP 7.4. Configuring Services GNOME Lokkit also allows you to turn common services on and off.
Chapter 7. Basic Firewall Configuration • Web Server — Choose this option if you want people to connect to a Web server such as Apache running on your system. You do not need to choose this option if you want to view pages on your own system or on other servers on the network. • Incoming Mail — Choose this option if your system needs to accept incoming mail. You do not need this option if you retrieve email using IMAP, POP3, or fetchmail.
Chapter 8. Controlling Access to Services Maintaining security on your Red Hat Linux system is extremely important. One way to manage security on your system is to carefully manage access to system services. Your system may need to provide open access to particular services (for example, httpd if you are running a Web server). However, if you do not need to provide a service, you should turn it off — this will minimize your exposure to possible bug exploits.
Chapter 8. Controlling Access to Services • 0 — Halt • 1 — Single-user mode • 2 — Not used (user-definable) • 3 — Full multi-user mode • 4 — Not used (user-definable) • 5 — Full multi-user mode (with an X-based login screen) • 6 — Reboot If you configured the X Window System during the Red Hat Linux installation program, you had the option of choosing a graphical or text login screen. If you chose a text login screen, you are operating in runlevel 3.
Chapter 8. Controlling Access to Services 93 will take effect. For a list of network services controlled by xinetd list of the contents of the /etc/xinetd.d directory with the command ls /etc/xinetd.d. 8.3. Serviceconf Serviceconf is a graphical application developed by Red Hat to configure which SysV services in /etc/rc.d/init.d are started at boot time (for runlevels 3, 4, and 5) and which xinetd services are enabled.
Chapter 8. Controlling Access to Services To start, stop, or restart a service immediately, select the service and choose the action from the Actions pulldown menu. You can also select the service and click the start, stop, or restart button on the toolbar. If you select an xinetd service such as telnet, the Start, Stop, and Restart buttons will not be active.
Chapter 8. Controlling Access to Services 95 Warning Changes do not take effect immediately after using ntsysv. You must stop or start the individual service with the command service daemon stop. In the previous example, replace daemon with the name of the service you want to stop; for example, httpd. Replace stop with start or restart to start or restart the service. If you want to start or stop a service which is managed by xinetd, use the command service xinetd restart. 8.5.
Chapter 8. Controlling Access to Services 8.6.1. Installed Documentation • man ntsysv — The ntsysv man page. • man chkconfig — • man xinetd The chkconfig man page. — The xinetd man page. • man xinetd.conf — The man page for the xinetd.conf configuration file. — The man page for the format of host access control files (in section 5 of the man pages). • man 5 hosts_access 8.6.2. Useful Websites • http://www.xinetd.org — The xinetd webpage.
Chapter 9. OpenSSH OpenSSH is a free, open source implementation of the SSH (Secure SHell) protocols. It replaces telnet, ftp, rlogin, rsh, and rcp with secure, encrypted network connectivity tools. OpenSSH supports versions 1.3, 1.5, and 2 of the SSH protocol. Since OpenSSH version 2.9, the default protocol is version 2, which uses RSA keys as the default. 9.1. Why Use OpenSSH? If you use OpenSSH tools, you are enhancing the security of your machine.
Chapter 9. OpenSSH ssh penguin.example.net The first time you ssh to a remote machine, you will see a message similar to the following: The authenticity of host ’penguin.example.net’ can’t be established. DSA key fingerprint is 94:68:3a:3a:bc:f3:9a:9b:01:5d:b3:07:38:e2:11:0c. Are you sure you want to continue connecting (yes/no)? Type yes to continue. This will add the server to your list of known hosts as seen in the following message: Warning: Permanently added ’penguin.example.
Chapter 9. OpenSSH 99 9.3.3. Using the sftp Command The sftp utility can be used to open a secure, interactive FTP session. It is similar to ftp except that it uses a secure, encrypted connection. The general syntax is sftp username@hostname.com. Once authenticated, you can use a set of commands similar to using FTP. Refer to the sftp man page for a list of these commands. To read the man page, execute the command man sftp at a shell prompt. The sftp utility is only available in OpenSSH version 2.5.
Chapter 9. OpenSSH 2. Change the permissions of your .ssh directory using the command chmod 755 ~/.ssh. 3. Copy the contents of ~/.ssh/id_dsa.pub to ~/.ssh/authorized_keys on the machine to which you want to connect. If the file ~/.ssh/authorized_keys does not exist, you can copy the file ~/.ssh/id_dsa.pub to the file ~/.ssh/authorized_keys on the other machine.1 4. If you are running GNOME, skip to Section 9.3.4.4. If you are not running the X Window System, skip to Section 9.3.4.5. 9.3.4.2.
Chapter 9. OpenSSH 101 Accept the default file location (~/.ssh/identity). Enter a passphrase different from your account password. Confirm the passphrase by entering it again. The public key is written to ~/.ssh/identity.pub. The private key is written to ~/.ssh/identity. Do not give anyone the private key. 2. Change the permissions of your .ssh directory and your key with the commands chmod 755 ~/.ssh and chmod 644 ~/.ssh/identity.pub. 3. Copy the contents of ~/.ssh/identity.pub to the file ~/.
Chapter 9. OpenSSH be prompted for both. From this point on, you should not be prompted for a password by ssh, scp, or sftp. 9.3.4.5. Configuring ssh-agent The ssh-agent can be used to store your passphrase so that you do not have to enter it each time you make a ssh or scp connection. If you are not running the X Window System, follow these steps from a shell prompt. If you are running GNOME but you do not want to configure it to prompt you for your passphrase when you log in (see Section 9.3.4.
Chapter 10. Network File System (NFS) Network File System (NFS) is a way to share files between machines on a network as if the files were located on the client’s local hard drive. Red Hat Linux can be both an NFS server and an NFS client, which means that it can export filesystems to other systems and mount filesystems exported from other machines. 10.1. Why Use NFS? NFS is useful for sharing directories of files between multiple users on the same network.
Chapter 10. Network File System (NFS) 10.2.2. Mounting NFS Filesystems using autofs A third option for mounting an NFS share is the use of autofs. Autofs uses the automount daemon to manage your mount points by only mounting them dynamically when they are accessed. Autofs consults the master map configuration file /etc/auto.master to determine which mount points are defined. It then starts an automount process with the appropriate parameters for each mount point.
Chapter 10. Network File System (NFS) 105 10.3. Exporting NFS Filesystems The /etc/exports file controls what filesystems the NFS server exports. Its format is as follows: directory hostname(options) The (options) are not required. For example: /misc/export speedy.redhat.com would allow users from speedy.redhat.com to mount /misc/export with the default readonly permissions, but: /misc/export speedy.redhat.com(rw) would allow users from speedy.redhat.
Chapter 10. Network File System (NFS) /sbin/chkconfig --level 345 nfs on You can also use ntsysv or serviceconf to configure which services start at boot time. Refer to Chapter 8 for details. 10.4. Additional Resources This chapter discusses the basics of using NFS. For more detailed information, refer to the following resources. 10.4.1. Installed Documentation • The man pages for nfsd, mountd, exports, auto.
Chapter 11. Samba Samba uses the SMB protocol to share files and printers across a network connection. Operating systems that support this protocol include Microsoft Windows (through its Network Neighborhood), OS/2, and Linux. 11.1. Why Use Samba? Samba is useful if you have a network of both Windows and Linux machines. Samba will allow files and printers to be shared by all the systems in your network. If you want to share files between Red Hat Linux machines only, refer to Chapter 10.
Chapter 11. Samba 11.2.1. Samba Passwords In Red Hat Linux 7.3 encrypted passwords are enabled by default because it is more secure. If encrypted passwords are not used, plain text passwords are used, which can be intercepted by someone using a network packet sniffer. It is recommended that encrypted passwords be used. The Microsoft SMB Protocol originally used plaintext passwords. However, Windows 2000 and Windows NT 4.0 with Service Pack 3 or higher require encrypted Samba passwords.
Chapter 11. Samba 109 the password he uses to log in to the Red Hat Linux system as well as the password he must provide to connect to a Samba share are changed. To enable this feature, add the following line to /etc/pam.d/system-auth below the pam_cracklib.so invocation: password required /lib/security/pam_smbpass.so nullok use_authtok try_first_pass 11.3. Connecting to a Samba Share To connect to a Linux Samba share from a Microsoft Windows machine, use Network Neighborhood or Windows Explorer.
Chapter 11. Samba If the SMB share you are connecting to requires a user name and password combination, you must specify them in the Location: bar using the following syntax (replace user, password, servername, and sharename with the appropriate values): smb://user:password@servername/sharename/ 11.4. Additional Resources For configuration options not covered here, please refer to the following resources. 11.4.1. Installed Documentation • smb.
Chapter 12. Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is network protocol for automatically assigning TCP/IP information to client machines. Each DHCP client connects to the centrallylocated DHCP server which returns that client’s network configuration including IP address, gateway, and DNS servers. 12.1. Why Use DHCP? DHCP is useful for fast delivery of client network configuration.
Chapter 12. Dynamic Host Configuration Protocol (DHCP) Important If you change the configuration file, the changes will not take effect until you restart the DHCP daemon with the command service dhcpd restart. In Example 12-1, the routers, subnet-mask, domain-name, domain-name-servers, and time-offset options are used for any host statements declared below it. As shown in Example 12-1, you can declare a subnet. You must include a subnet declaration for every subnet in your network.
Chapter 12. Dynamic Host Configuration Protocol (DHCP) 113 Example 12-3. Group Declaration group { option routers option subnet-mask 192.168.1.254; 255.255.255.0; option domain-name option domain-name-servers "example.com"; 192.168.1.1; option time-offset -5; # Eastern Standard Time host apex { option host-name "apex.example.com"; hardware ethernet 00:A0:78:8E:9E:AA; fixed-address 192.168.1.4; } host raleigh { option host-name "raleigh.example.
Chapter 12. Dynamic Host Configuration Protocol (DHCP) Example 12-5. Static IP Address using DHCP host apex { option host-name "apex.example.com"; hardware ethernet 00:A0:78:8E:9E:AA; fixed-address 192.168.1.4; } Tip You can use the sample configuration file in Red Hat Linux 7.3 as a starting point and then add your own custom configuration options to it. Copy it to its proper location with the command @ A @ A cp /usr/share/doc/dhcp- version-number /dhcpd.conf.sample /etc/dhcpd.
Chapter 12. Dynamic Host Configuration Protocol (DHCP) 115 To start the DHCP service, use the command /sbin/service dhcpd start. To stop the DHCP server, use the command /sbin/service dhcpd stop. If you want the daemon to start automatically at boot time, see Chapter 8 for information on how to manage services.
Chapter 12. Dynamic Host Configuration Protocol (DHCP) Table 12-1. DHCP Relay Agent Options Argument Description -i Names of the network interfaces to configure. If no interface is specified, all network interfaces will be configured, eliminating non-broadcast interfaces if it can. -p Port on which dhcrelay should listen. The DHCP Relay Agent transmits requests to the servers on this port and transmits responses to the clients on the port one greater than this port.
Chapter 12. Dynamic Host Configuration Protocol (DHCP) 117 12.4. Additional Resources For configuration options not covered here, please refer to the following resources. 12.4.1. Installed Documentation • dhcpd man page — describes how the DHCP daemon works • dhcpd.conf man page — explains how to configure the DHCP configuration file; includes some examples • dhcpd.
Chapter 12.
Chapter 13. Apache Configuration The Apache Configuration Tool allows you to configure the /etc/httpd/conf/httpd.conf configuration file for your Apache Web server. It does not use the old srm.conf or access.conf configuration files; leave them empty. Through the graphical interface, you can configure Apache directives such as virtual hosts, logging attributes, and maximum number of connections. Only modules that are shipped with Red Hat Linux can be configured with Apache Configuration Tool.
Chapter 13. Apache Configuration Figure 13-1. Basic Settings Enter a fully qualified domain name that you have the right to use in the Server Name text area. This option corresponds to the ServerName directive in httpd.conf. The ServerName directive sets the hostname of the Web server. It is used when creating redirection URLs. If you do not define a server name, Apache attempts to resolve it from the IP address of the system.
Chapter 13. Apache Configuration 121 Figure 13-2. Available Addresses Tip If you set Apache to listen to a port under 1024, you must be root to start it. For port 1024 and above, httpd can be started as a regular user. 13.2. Default Settings After defining the Server Name, Webmaster email address, and Available Addresses, click the Virtual Hosts tab and click the Edit Default Settings button. The window shown in Figure 13-3 will appear. Configure the default settings for your Web server in this window.
Chapter 13. Apache Configuration Figure 13-3. Site Configuration The entries listed in the Directory Page Search List define the DirectoryIndex directive. The DirectoryIndex is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name.
Chapter 13. Apache Configuration 123 ServerAdmin directive. Refer to Section 13.3.1.1 for information about configuring the ServerAdmin directive. • Show footer — Display just the default Apache footer at the bottom of error pages. • No footer — Do not display a footer at the bottom of error pages. 13.2.2. Logging By default, Apache writes the transfer log to the file /var/log/httpd/access_log and the error log to the file /var/log/httpd/error_log. Figure 13-4.
Chapter 13. Apache Configuration Use the Log Level menu to set how verbose the error messages in the error logs will be. It can be set (from least verbose to most verbose) to emerg, alert, crit, error, warn, notice, info or debug. This option corresponds to the LogLevel directive. The value chosen with the Reverse DNS Lookup menu defines the HostnameLookups directive. Choosing No Reverse Lookup sets the value to off. Choosing Reverse Lookup sets the value to on.
Chapter 13. Apache Configuration 125 Figure 13-5. Environment Variables Use the Set for CGI Scripts section to set an environment variable that is passed to CGI scripts and SSI pages. For example, to set the environment variable MAXNUM to 50, click the Add button inside the Set for CGI Script section as shown in Section 13.2.3 and type MAXNUM in the Environment Variable text field and 50 in the Value to set text field. Click OK. The Set for CGI Scripts section configures the SetEnv directive.
Chapter 13. Apache Configuration Figure 13-6. Directories Click the Edit button in the top right-hand corner to configure the Default Directory Options for all directories that are not specified in the Directory list below it. The options that you choose are listed as the Options directive within the Directory directive. You can configure the following options: F G • ExecCGI — Allow execution of CGI scripts. CGI scripts are not executed if this option is not chosen.
Chapter 13. Apache Configuration • Full IP address — Allow access to a specific IP address. • A subnet — Such as 192.168.1.0/255.255.255.0 • A network CIDR specification — such as 10.3.0.0/16 127 Figure 13-7. Directory Settings If you check the Let .htaccess files override directory options, the configuration directives in the .htaccess file take precedence. 13.3. Virtual Hosts Settings You can use the Apache Configuration Tool to configure virtual hosts.
Chapter 13. Apache Configuration Figure 13-8. Virtual Hosts http://www.apache.org/docs/vhosts/ and the Apache documentation on your machine provides more information about virtual hosts. 13.3.1. Adding and Editing a Virtual Host To add a virtual host, click the Virtual Hosts tab and then click the Add button. You can also edit a virtual host by selecting it in the list and clicking the Edit button. 13.3.1.1.
Chapter 13. Apache Configuration 129 Figure 13-9. Default Virtual Hosts 13.3.1.1.2. IP based Virtual Host L M If you choose IP based Virtual Host, Figure 13-10 appears to configure the VirtualHost directive based on the IP address of the server. Specify this IP address in the IP address field. To specify more than one IP address, separate each IP address with spaces. To specify a port, use the syntax IP Address:Port. Use :* to configure all ports for the IP address.
Chapter 13. Apache Configuration Figure 13-10. IP Based Virtual Hosts 13.3.1.1.3. Name based Virtual Host If you choose Name based Virtual Host, Figure 13-11 appears to configure the NameVirtualHost directive based on the host name of the server. Specify the IP address in the IP address field. To specify more than one IP address, separate each IP address with spaces. To specify a port, use the syntax IP Address:Port. Use :* to configure all ports for the IP address.
Chapter 13. Apache Configuration 131 Figure 13-11. Name Based Virtual Hosts 13.3.1.2. SSL Note You can not use name based virtual hosts with SSL, because the SSL handshake (when the browser accepts the secure Web server’s certificate) occurs before the HTTP request which identifies the appropriate name based virtual host. If you want to use name-based virtual hosts, they will only work with your non-secure Web server.
Chapter 13. Apache Configuration Figure 13-12. SSL Support 13.3.1.3. Additional Virtual Host Options The Site Configuration, Environment Variables, and Directories options for the virtual hosts are the same directives that you set when you clicked the Edit Default Settings button, except the options set here are for the individual virtual hosts that you are configuring. Refer to Section 13.2 for details on these options. 13.4.
Chapter 13. Apache Configuration 133 Figure 13-13. Server Configuration The Lock File value corresponds to the LockFile directive. This directive sets the path to the lockfile used when Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. It should be left to the default value unless the logs directory is located on an NFS share.
Chapter 13. Apache Configuration The Group value corresponds to the Group directive. The Group directive is similar to the User directive. Group sets the group under which the server will answer requests. The de- fault group is also apache. 13.5. Performance Tuning Click on the Performance Tuning tab to configure the maximum number of child server processes you want and to configure the Apache options for client connections. The default settings for these options are appropriate for most situations.
Chapter 13. Apache Configuration 135 request has been served, before it closes the connection. Once a request has been received, the Connection Timeout value applies instead. Setting the Persistent Connections to a high value may cause a server to slow down, depending on how many users are trying to connect to it. The higher the number, the more server processes waiting for another connection from the last client that connected to it. 13.6.
Chapter 13. Apache Configuration 13.7. Additional Resources To learn more about Apache, refer to the following resources. 13.7.1. Installed Documentation • Apache documentation — If you have the apache-manual package installed and the Apache Web server daemon (httpd) running, you can view the Apache documentation. Open a Web browser, and go to the URL http://localhost on the server that is running Apache. Then, click the Documentation link. 13.7.2. Useful Websites • http://www.apache.
Chapter 14. Apache Secure Server Configuration 14.1. Introduction This chapter provides basic information on an Apache server with the mod_ssl security module enabled to use the OpenSSL library and toolkit. The combination of these three components, provided with Red Hat Linux, will be referred to in this chapter as the secure Web server or just as the secure server. The mod_ssl module is a security module for the Apache Web server.
Chapter 14. Apache Secure Server Configuration apache-devel The apache-devel package contains the Apache include files, header files and the APXS utility. You will need all of these if you intend to load any extra modules, other than the modules provided with this product. Please see the Official Red Hat Linux Reference Guide for more information on loading modules onto your secure Web server using Apache’s DSO functionality.
Chapter 14. Apache Secure Server Configuration 139 and protocols (such as POP, IMAP and LDAP) without requiring any changes to the daemon’s code. Table 14-1 displays the location of the secure server packages and additional security-related packages within the package groups provided by Red Hat Linux. This table also tells you whether each package is optional or not for the installation of a secure Web server. Table 14-1.
Chapter 14. Apache Secure Server Configuration A secure server uses a certificate to identify itself to Web browsers. You can generate your own certificate (called a "self-signed" certificate) or you can get a certificate from a Certificate Authority or CA. A certificate from a reputable CA guarantees that a website is associated with a particular company or organization. Alternatively, you can create your own self-signed certificate.
Chapter 14. Apache Secure Server Configuration 141 mv /etc/httpd/conf/httpsd.crt /etc/httpd/conf/ssl.crt/server.crt Then start your secure Web server with the command: /sbin/service httpd start For a secure server, you will be prompted to enter your password. After you type it in and press [Enter], the server will start. You should not need to get a new certificate, if you are upgrading from a previous version of the secure Web server. 14.5.
Chapter 14. Apache Secure Server Configuration To see a list of CAs, click on the Security button on your Navigator toolbar or on the padlock icon at the bottom left of the screen, then click on Signers to see a list of certificate signers from whom your browser will accept certificates. You can also search the Web for CAs. Once you have decided upon a CA, you will need to follow the instructions they provide on how to obtain a certificate from them. 4.
Chapter 14. Apache Secure Server Configuration 143 /usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key to create your key. Then use this command: chmod go-rwx /etc/httpd/conf/ssl.key/server.key to make sure that the permissions are set correctly on your key. After you use the above commands to create your key, you will not need to use a password to start your secure Web server. Caution Disabling the password feature for your secure Web server is a security risk.
Chapter 14. Apache Secure Server Configuration Type in the password that you chose when you were generating your key. Your system will display some instructions and then ask for a series of responses from you. Your inputs will be incorporated into the certificate request. The display, with example responses, will look like this: You are about to be asked to enter information that will be incorporated into your certificate request.
Chapter 14. Apache Secure Server Configuration • 145 Do not use either of the extra attributes (A challenge password and An optional company name). To continue without entering these fields, just press [Enter] to accept the blank default for both inputs. When you have finished entering your information, a file named server.csr will be created. This file is your certificate request, ready to send to your CA. After you have decided on a CA, follow the instructions they provide on their website.
Chapter 14. Apache Secure Server Configuration After you provide the correct information, a self-signed certificate will be created and placed in /etc/httpd/conf/ssl.crt/server.crt. You will need to restart your secure server after generating the certificate with following the command: /sbin/service httpd restart 14.9. Testing Your Certificate When the secure server is installed by the Red Hat Linux installation program, a random key and a generic certificate are installed, for testing purposes.
Chapter 14. Apache Secure Server Configuration 147 Figure 14-1. The Default Home Page 14.10. Accessing Your Secure Server To access your secure server, use a URL like this: https://your_domain Note that URLs which are intended to connect to your secure Web server should begin with the https: protocol designator instead of the more common http: protocol designator.
Chapter 14. Apache Secure Server Configuration Note Some of the example URLs used in this manual may need to be changed, depending upon whether you are accessing your secure Web server or your non-secure Web server. Please view all URLs in this manual as general examples and not as explicit instructions that will work under all circumstances. 14.11.
Chapter 15. BIND Configuration This chapter assumes that you have a basic understanding of BIND and DNS; it does not attempt to explain the concepts of BIND and DNS. This chapter does explain how to use the BIND Configuration Tool (bindconf) to configure basic BIND server zones for BIND version 8. The BIND Configuration Tool creates the /etc/named.conf configuration file and the zone configuration files in the /var/named directory each time you apply your changes.
Chapter 15. BIND Configuration Figure 15-1. bindconf The BIND Configuration Tool configures the default zone directory to be /var/named. All zone files specified are relative to this directory. The BIND Configuration Tool also includes basic syntax checking when values are entered. For example, if a valid entry is an IP address, you are only allowed to type numbers and the dot (.) character into the text area.
Chapter 15. BIND Configuration 151 the configuration changes. It can also be incremented manually by clicking the Set button next to the Serial Number value. • Time Settings — The Refresh, Retry, Expire, and Minimum TTL (Time to Live) values that are stored in the DNS database file. • Records — Add, edit, and delete record resources of type Host, Alias, and Name server. Figure 15-2. Adding a Forward Master Zone The configuration shown in Figure 15-2 creates the following entry in /etc/named.
Chapter 15. BIND Configuration /etc/named.conf configuration file, write all the individual zone files in the /var/named directory, and have the daemon reload the configuration files. 15.2. Adding a Reverse Master Zone To add a reverse master zone, click the Add button and select Reverse Master Zone. Enter the first three octets of the IP address range that you want to configure. For example, if you are configuring the IP address range 192.168.10.0/255.255.255.0, enter 192.168.
Chapter 15. BIND Configuration 153 Figure 15-3. Adding a Reverse Master Zone The configuration shown in Figure 15-3 creates the following entry in /etc/named.conf: zone "3.2.1.in-addr.arpa" { type master; file "3.2.1.in-addr.arpa.zone"; }; It also creates the file /var/named/3.2.1.in-addr.arpa.zone with the following information: $TTL 86400 @ IN SOA @ root.localhost ( 2 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttk ) @ IN NS ns.example.com. 1 IN PTR one.example.com. 2 IN PTR two.
Chapter 15. BIND Configuration /etc/named.conf configuration file, write all the individual zone files in the /var/named directory, and have the daemon reload the configuration files. 15.3. Adding a Slave Zone To add a slave zone (also known as a secondary master), click the Add button and select Slave Zone. Enter the domain name for the slave zone in the Domain name text area.
Chapter 16. Mail Transport Agent (MTA) Configuration A Mail Transport Agent (MTA) is essential for sending email from a Red Hat Linux system. The Mail User Agent (MUA) such as Mozilla Mail, Mutt, Pine, and Evolution is used to read and compose email. When a user sends an email from an MUA, the messages is handed off to the MTA, which sends the message to a series of MTAs until it reaches its destination.
Chapter 16. Mail Transport Agent (MTA) Configuration If you selected Postfix, you must make sure the sendmail service is stopped and the postfix service is started: /sbin/service sendmail stop /sbin/service postfix start If you selected Sendmail, you must make sure the postfix service is stopped and the sendmail service is started: /sbin/service postfix stop /sbin/service sendmail start Tip For more information about email protocols and MTAs, refer to the Official Red Hat Linux Reference Guide.
System Configuration
Chapter 17. Console Access When normal (non-root) users log into a computer locally, they are given two types of special permissions: 1. They can run certain programs that they would not otherwise be able to run 2.
Chapter 17. Console Access shutdown of the system will continue; if not, an error message will be written to the system console instead. For more information on shutdown.allow see the shutdown man page. 17.2. Disabling Console Program Access In order to disable access by users to console programs, you should run this command as root: rm -f /etc/security/console.
Chapter 17. Console Access 161 17.5. Making Files Accessible From the Console P In /etc/security/console.perms, there is a section with lines like: P Q floppy =/dev/fd[0-1]* \ /dev/floppy/* sound =/dev/dsp* /dev/audio* /dev/midi* \ /dev/mixer* /dev/sequencer \ /dev/sound/* cdrom =/dev/cdrom* /dev/cdwriter* P Q Q You can add your own lines to this section, if necessary. Make sure that any lines you add refer to the appropriate device.
Chapter 17. Console Access cp /etc/pam.d/halt /etc/pam.d/foo Now, when you run /usr/bin/foo, it will call consolehelper, which will authenticate the user with the help of /usr/sbin/userhelper. To authenticate the user, consolehelper will ask for the user’s password if /etc/pam.d/foo is a copy of /etc/pam.d/halt (otherwise, it will do precisely what is specified in /etc/pam.d/foo) and then run /usr/sbin/foo with root permissions. 17.7.
Chapter 18. Time and Date Configuration Red Hat Linux no longer includes timetool. The dateconfig utility has replaced timetool. The dateconfig application allows the user to change the system date and time, to configure the time zone used by the system, and to setup the Network Time Protocol (NTP) daemon to synchronize the system clock with a time server. To use dateconfig, you must be running the X Window System and have root privileges.
Chapter 18. Time and Date Configuration Figure 18-1. Time and Date Properties To change the date, use the arrows to the left and right of the month to change the month. Use the arrows to the left and right of the year to change the year, and click on the day of the week to change the day of the week. Changes will not take place until you click the Apply button. To change the time, use the up and down arrow buttons beside the Hour, Minute, and Second in the Time section.
Chapter 18. Time and Date Configuration 165 For more information on NTP, read the NTP documentation available in the /usr/share/doc/ntp-version-number directory. Clicking the Apply button will apply any changes that you have made to the date and time, the NTP daemon settings, and the time zone settings. Clicking the Ok button will apply the changes and then exit the program. 18.2. Time Zone Configuration To configure the system time zone, click the Time Zone tab as shown in Figure 18-2.
Chapter 18.
Chapter 19. User and Group Configuration User Manager allows you to view, modify, add, and delete local users and groups. To use User Manager, you must be running the X Window System and have root privileges. To start User Manager, use one of the following methods: • On the GNOME desktop, go to the Main Menu Button (on the Panel) => Programs => System => User Manager. • On the KDE desktop, go to the Main Menu Button (on the Panel) => System => redhatconfig-users.
Chapter 19. User and Group Configuration Tip The longer the user’s password, the more difficult it is for someone else to guess it and log in to the user’s account without permission. It is also recommended that the password not be based on a word and that the password be a combination of letters, numbers, and special characters. Select a login shell. If you are not sure which shell to select, accept the default value of /bin/bash. The default home directory is /home/username.
Chapter 19. User and Group Configuration 169 Figure 19-3. User Properties The User Properties window is divided into tabbed pages: • User Data — Basic user information configured when you added the user. Use this tab to change the user’s full name, password, home directory, or login shell. • Account Info — Select Enable account expiration if you want the account to expire on a certain date. Enter the date in the provided fields.
Chapter 19. User and Group Configuration 19.4. Modifying Group Properties To view the properties of an existing group, select the group from the group list and click Properties from the button menu (or choose Action => Properties from the pull-down menu). A window similar to Figure 19-3 will appear. Figure 19-5. Group Properties The Group Users tab displays which users are members of the group. Select additional users to add them to the group, and unselect users to remove from the group.
Chapter 20. Gathering System Information Before you learn how to configure your system, you should learn how to gather essential system information. For example, you should know how to find the amount of free memory, the amount of available hard drive space, how your hard drive is partitioned, and what processes are running. This chapter discusses how to retrieve this type of information from your Red Hat Linux system using simple commands and a few simple programs. 20.1.
Chapter 20. Gathering System Information Table 20-1. Interactive top commands Command Description [Space] Immediately refresh the display [h] Display a help screen [k] Kill a process. You will be prompted for the process ID and the signal to send to it. [n] Change the number of processes displayed. You will be prompted to enter the number. [u] Sort by user. [M] Sort by memory usage. [P] Sort by CPU usage.
Chapter 20. Gathering System Information 173 20.2. Memory Usage The free command displays the total amount of physical memory and swap space for the system as well as the amount of memory that are used, free, shared, in kernel buffers, and cached. total Mem: 256812 -/+ buffers/cache: Swap: 265032 used 240668 108300 780 free 16144 148512 264252 shared 105176 buffers 50520 cached 81848 The command free -m shows the same information in megabytes, which are easier to read.
Chapter 20. Gathering System Information 20.3. Filesystems The df command reports the system’s disk space usage.
Chapter 20. Gathering System Information 175 the last line in the list. If you do not want to see all the subdirectories, use the command du -hs to see only the grand total for the directory in human-readable format. Use the du --help command to see more options. 20.3.1. Monitoring Filesystems Red Hat Linux provides a utility called diskcheck that monitors the amount of free disk space on the system.
Chapter 20. Gathering System Information network devices, pointing devices, system devices, and video cards. Click on the category name in the left menu, and the information will be displayed. Figure 20-4. Hardware Browser You can also use the lspci command to list all PCI devices. Use the command lspci -v for more verbose information or lspci -vv for very verbose output. For example, lspci can be used to determine the manufacturer, model, and memory size of a system’s video card: 01:00.
Chapter 20. Gathering System Information 177 manual page — Type man df to learn more about the df command and its many options. • df manual page — Type man du to learn more about the du command and its many options. • du — The contents of the /proc directory can also be used to gather more detailed system information. Refer to the Official Red Hat Linux Reference Guide for additional information about the /proc directory.
Chapter 20.
Chapter 21. Printer Configuration The printconf application allows users to configure a printer in Red Hat Linux. It helps maintain the /etc/printcap configuration file, print spool directories, and print filters. Starting with version 7.3, Red Hat Linux ships with two printing systems. The printconf application configures the printing system called LPRng. LPRng is also the default printing system. This chapter focuses on using Printconf to configure LPRng.
Chapter 21. Printer Configuration Figure 21-1. printconf Five types of print queues can be configured with printconf: • Local Printer — a printer attached directly to your computer through a parallel or USB port. In the main printer list as shown in Figure 21-1, the Queue Type for a local printer is set to LOCAL.
Chapter 21. Printer Configuration 181 21.1. Adding a Local Printer To add a local printer such as one attached to the parallel port or USB port of your computer, click the New button in the main printconf window. The window shown in Figure 21-2 will appear. Click Next to proceed. Figure 21-2. Adding a Printer You will then see the screen shown in Figure 21-3. Enter a unique name for the printer in the Queue Name text field. This can be any descriptive name for your printer.
Chapter 21. Printer Configuration device and click OK to add it to the printer device list. A printer device attached to the parallel port is usually referred to as /dev/lp0. A printer device attached to the USB port is usually referred to as /dev/usblp0. After selecting your printer device, click Next. Figure 21-4. Local Printer Device Next, printconf will try to detect which printer is attached to the printer device. Skip to Section 21.6 to continue. 21.2.
Chapter 21. Printer Configuration 183 Figure 21-5. Adding a Remote Printer Text fields for the following options appears as shown in Figure 21-6: • Server — The hostname or IP address of the remote machine to which the printer is attached. • Queue — The remote printer queue. The default printer queue is usually lp. By default, the Strict RFC1179 Compliance option is not chosen. If you are having problems printing to a non-Linux lpd queue, choose this option to disable enhanced LPRng printing features.
Chapter 21. Printer Configuration Important The remote machine must be configured to allow the local machine to print on the desired queue. As root, create the file /etc/hosts.lpd on the remote machine to which the printer is attached. On separate lines in the file, add the IP address or hostname of each machine which should have printing privileges. 21.3. Adding a Samba (SMB) Printer To add printer which is accessed using the SMB protocol, click the New button in the main printconf window.
Chapter 21. Printer Configuration • 185 Workgroup — The name of the workgroup on the machine running Samba. Click the Translate \n => \r\n button to translate the end of line characters to a form that is readable by a Microsoft Windows system. Click Next to continue. Figure 21-8. Choosing the Print Server The next step is to select the type of printer that is connected to the remote SMB system. Skip to Section 21.6 to continue.
Chapter 21. Printer Configuration Figure 21-9. Adding an NCP Printer Text fields for the following options appear below the Queue Type menu as shown in Figure 21-10: • Server — The hostname or IP address of the NCP system to which the printer is attached. • Queue — The remote queue for the printer on the NCP system. • User — The name of the user you must log in as to access the printer. • Password — The password for the user specified in the User field above. Figure 21-10.
Chapter 21. Printer Configuration 187 21.5. Adding a JetDirect Printer To add a JetDirect printer, click the New button in the main printconf window. The window shown in Figure 21-1 will appear. Click Next to proceed. You will see the screen shown in Figure 21-11. Enter a unique name for the printer in the Queue Name text field. The printer name cannot contain spaces and must begin with a letter a through z or A through Z. The valid characters are a through z, A through Z, 0 through 9, -, and _.
Chapter 21. Printer Configuration Figure 21-12. Choosing a Print Server The next step is to select the type of printer that is connected to the JetDirect system. Skip to Section 21.6 to continue. 21.6. Selecting the Print Driver and Finishing After selecting the queue type of the printer, the next step in adding a printer is to select the print driver. You will see a window similar to Figure 21-13. If you are configuring a local printer, select the print driver from the list.
Chapter 21. Printer Configuration 189 Figure 21-13. Selecting a Print Driver As shown in Figure 21-14, the print driver processes the data that you want to print into a format the printer can understand. Since a local printer is attached directly to your computer, you need to select a print driver to process the data that is sent to the printer. Figure 21-14.
Chapter 21. Printer Configuration Click the Apply button in the main window to save your changes to the /etc/printcap configuration file and restart the printer daemon (lpd). After applying the changes, print a test page to ensure the configuration is correct. Refer to Section 21.7 for details. If you need to print characters beyond the basic ASCII set (including those used for languages such as Japanese), you need to go to your driver options and select Prerender Postscript. Refer to Section 21.
Chapter 21. Printer Configuration 191 Figure 21-16. Editing a Printer 21.8.1. Names and Aliases If you want to rename a printer, change the value of Queue Name in the Names and Aliases tab. Click OK to return to the main window. The name of the printer should change in the printer list. Click Apply to save the change and restart the printer daemon. A printer alias is an alternate name for a printer.
Chapter 21. Printer Configuration 21.8.4. Driver Options The Driver Options tab displays advanced printer options. Options vary for each print driver. Common options include: • Send Form-Feed (FF) should be selected if the last page of your print job is not ejected from the printer (for example, the form feed light flashes). If this does not work, try selecting Send End-of-Transmission (EOT) instead.
Chapter 21. Printer Configuration 193 Your configuration is saved to the file settings.xml. If you save this file, you can restore your printer settings. This is useful if your printer configuration is deleted, you reinstall Red Hat Linux and do not have your printer configuration file anymore, or you want to use the same printer configuration on multiple systems. To restore the configuration, type this command as root: /usr/sbin/printconf-tui --Ximport < settings.
Chapter 21. Printer Configuration • Support for IPP (next generation network printing protocol) • Autodetection of network printers • Web interface configuration tool • Support for PPD printer description files • Support for a wide-range of printers 21.11.1.
Chapter 21. Printer Configuration 195 21.11.2. CUPS Configuration Interface After starting the cups daemon, open a Web browser and connect to the URL http://localhost:631 as shown in Figure 21-18. Figure 21-18. CUPS Configuration Tool To add a printer, click Manage Printers, and then click the Add Printer button. For more information, click the Help button. 21.12. Additional Resources To learn more about printing on Red Hat Linux, refer to the following resources. 21.12.1.
Chapter 21. Printer Configuration 21.12.2. Useful Websites • http://www.linuxprinting.org — GNU/Linux Printing contains a large amount information about printing in Linux. • http://www.cups.org/ — Documentation, FAQs, and newsgroups about CUPS.
Chapter 22. Automated Tasks In Linux, tasks can be configured to run automatically within a specified period of time, on a specified date, or when the system load average is below a specified number. Red Hat Linux comes preconfigured to run important system tasks to keep the system updated. For example, the slocate database used by the locate command is updated daily. A system administrator can use automated tasks to perform periodic backups, monitor the system, run custom scripts, and more.
Chapter 22. Automated Tasks • minute • hour • day — any integer from 1 to 31 (must be a valid day if a month is specified) • month on) — any integer from 0 to 59 — any integer from 0 to 23 — any integer from 1 to 12 (or the short name of the month such as jan, feb, and so — any integer from 0 to 7 where 0 or 7 represents Sunday (or the short name of the week such as sun, mon, and so on) • dayofweek • command — the command to execute.
Chapter 22. Automated Tasks 199 22.1.2. Controlling Access to Cron The /etc/cron.allow and /etc/cron.deny files are used to restrict access to cron. The format of both access control files is one username on each line. Whitespace is not permitted in either file. The cron daemon (crond) does not have to be restarted if the access control files are modified. The access control files are read each time a user tries to add or delete a cron task.
Chapter 22. Automated Tasks After the task is completed, Anacron records the date in a timestamp file in the /var/spool/anacron directory. Only the date is used (not the time), and the value of the job-identifier is used as the filename for the timestamp file. Environment variables such as SHELL and PATH can be defined at the top of /etc/anacrontab as with the cron configuration file.
Chapter 22. Automated Tasks 201 • teatime — Specifies 4:00PM. • month-name day year format — For example, January 15 2002 specifies the 15th day of January in the year 2002. The year is optional. • MMDDYY, MM/DD/YY, or MM.DD.YY formats — For example, 011502 for the 15th day of January in the year 2002. • now + time — time is in minutes, hours, days, or weeks. For example, now + 5 days specifies that the command should be executed at the same time in five days.
Chapter 22. Automated Tasks 22.3.4. Additional Command Line Options Additional command line options for at and batch include: Table 22-1. at and batch Command Line Options Option Description -f Read the commands or shell script from a file instead of specifying them at the prompt. -m Send email to the user when the job has been completed. -v Display the time that the job will be executed. 22.3.5. Controlling Access to At and Batch The /etc/at.allow and /etc/at.
Chapter 22. Automated Tasks • anacrontab X 203 Y man page — brief overview of the anacron configuration file. • /usr/share/doc/anacron- version /README describes • at Anacron and why it is useful. man page — description of at and batch and their command line options.
Chapter 22.
Chapter 23. Upgrading the Kernel The Red Hat Linux kernel is custom built by the Red Hat kernel team to ensure its integrity and compatibility with supported hardware. Before Red Hat releases a kernel, it must pass a rigorous set of quality assurance tests. Official Red Hat Linux kernels are packaged in RPM format so that they are easy to upgrade and verify.
Chapter 23. Upgrading the Kernel /sbin/mkbootdisk kernelversion Tip Refer to the man page for mkbootdisk for more options. Reboot your machine with the boot diskette and verify that it works before continuing. Hopefully, you will not have to use the diskette, but you should store it in a safe place just in case.
Chapter 23. Upgrading the Kernel 207 23.3. Downloading the Upgraded Kernel There are several ways to determine if there is an updated kernel available for your system. • Go to http://www.redhat.com/apps/support/errata/, choose the version of Red Hat Linux you are using, and view the errata for it. Kernel errata are usually under the Security Advisories section. From the list of errata, click the kernel errata to view the detailed errata report for it.
Chapter 23. Upgrading the Kernel If you plan to upgrade the kernel-source, kernel-docs, or kernel-utils packages, you probably do not need to keep the older versions. Use the following commands to upgrade these packages (the versions might vary): rpm -Uvh kernel-source-2.4.18-0.12.i386.rpm rpm -Uvh kernel-docs-2.4.18-0.12.i386.rpm rpm -Uvh kernel-utils-2.4.18-0.12.i386.rpm If you are using PCMCIA (for example, a laptop), you also need to install the kernelpcmcia-cs and keep the old version.
Chapter 23. Upgrading the Kernel 209 To configure GRUB to boot the new kernel by default, change the value of the default variable to the title section number for the title section that contains the new kernel. The count starts with 0. For example, if the new kernel is the second title section, set default to 1. You can begin testing your new kernel by rebooting your computer and watching the messages to ensure your hardware is detected properly. 23.5.2.
Chapter 23.
Chapter 24. Kernel Modules The Linux kernel has a modular design. At boot time, only a minimal resident kernel is loaded into memory. Thereafter, whenever a user requests a feature that is not present in the resident kernel, a kernel module is dynamically loaded into memory. After a specified period of inactivity, the module may be removed from memory. The mechanism that supports dynamic loading of modules is a kernel thread called kmod. Modules are not loaded unless they are needed.
Chapter 24. Kernel Modules sunrpc autofs 3c59x ipchains ide-scsi scsi_mod ide-cd cdrom usb-uhci usbcore 61328 11264 25344 38976 8352 95104 26848 27232 20720 49664 1 4 1 0 0 2 0 0 0 1 (autoclean) [nfs lockd] (autoclean) (autoclean) (unused) [sr_mod ide-scsi] [sr_mod ide-cd] (unused) [usb-uhci] As you can see in Example 24-1, lsmod displays the size, use count, and referring modules for each module currently loaded.
Chapter 24. Kernel Modules • modprobe • rmmod 213 man page — description and list of command line options. man page — description and list of command line options. • modinfo man page — description and list of command line options. • /usr/src/linux-2.4/Documentation/kmod.txt placed kerneld. — description of kmod and why it re- • /usr/src/linux-2.4/Documentation/modules.txt modules.
Chapter 24.
Package Management
Chapter 25. Package Management with RPM The Red Hat Package Manager (RPM) is an open packaging system, available for anyone to use, which runs on Red Hat Linux as well as other Linux and UNIX systems. Red Hat, Inc. encourages other vendors to use RPM for their own products. RPM is distributable under the terms of the GPL. For the end user, RPM makes system updates easy. Installing, uninstalling, and upgrading RPM packages can be accomplished with short commands.
Chapter 25. Package Management with RPM System Verification Another powerful feature is the ability to verify packages. If you are worried that you deleted an important file for some package, simply verify the package. You will be notified of any anomalies. At that point, you can reinstall the package if necessary. Any configuration files that you modified are preserved during reinstallation.
Chapter 25. Package Management with RPM 219 As you can see, RPM prints out the name of the package and then prints a succession of hash marks as the package is installed as a progress meter. Note Although a command like rpm -ivh foo-1.0-1.i386.rpm is commonly used to install an RPM package, you may want to consider using rpm -Uvh foo-1.0-1.i386.rpm instead. The -U option is commonly used for upgrading a package, but it will also install new packages. See Section 25.2.
Chapter 25. Package Management with RPM failed dependencies: bar is needed by foo-1.0-1 # To handle this error you should install the requested packages. If you want to force the installation anyway (a bad idea since the package probably will not run correctly), use the --nodeps option. 25.2.3. Uninstalling Uninstalling a package is just as simple as installing one.
Chapter 25. Package Management with RPM 221 This message means that your changes to the configuration file may not be "forward compatible" with the new configuration file in the package, so RPM saved your original file, and installed a new one. You should investigate the differences between the two configuration files and resolve them as soon as possible, to ensure that your system continues to function properly.
Chapter 25. Package Management with RPM # Note Notice that we used the package name foo. To query a package, you will need to replace foo with the actual package name. Instead of specifying the package name, you can use the following options with -q to specify the package(s) you want to query. These are called Package Specification Options. • -a \ ] queries all currently installed packages. ^ _ file will query the package which owns file .
Chapter 25. Package Management with RPM • 223 To verify an installed package against an RPM package file: rpm -Vp foo-1.0-1.i386.rpm This command can be useful if you suspect that your RPM databases are corrupt. If everything verified properly, there will be no output. If there are any discrepancies they will be displayed. The format of the output is a string of eight characters (a c denotes a configuration file) and then the file name.
Chapter 25. Package Management with RPM 25.3.1. Importing Keys When you import a public key, you add that key to your keyring (a file in which public and secret keys are kept). Then, when you download a document or file from that entity, you can check the validity of that document against the key you added to your keyring. To import a key, use the --import option. To demonstrate, download and import Red Hat’s public key.
Chapter 25. Package Management with RPM 225 25.4. Impressing Your Friends with RPM RPM is a useful tool for both managing your system and diagnosing and fixing problems. The best way to make sense of all of its options is to look at some examples. • Perhaps you have deleted some files by accident, but you are not sure what you deleted.
Chapter 25. Package Management with RPM /usr/man/man1/tac.1.gz /usr/man/man1/tail.1.gz /usr/man/man1/tr.1.gz /usr/man/man1/tsort.1.gz /usr/man/man1/unexpand.1.gz /usr/man/man1/uniq.1.gz /usr/man/man1/wc.1.gz • You may find a new RPM, but you do not know what it does. To find information about it, use the following command: rpm -qip sndconfig-0.48-1.i386.rpm The output would look like the following: Name : sndconfig Relocations: (not relocateable) Version : 0.
Chapter 25. Package Management with RPM 227 /usr/share/man/man8/pnpprobe.8.gz /usr/share/man/man8/sndconfig.8.gz /usr/share/sndconfig/sample.au /usr/share/sndconfig/sample.midi These are just a few examples. As you use it, you will find many more uses for RPM. 25.5. Additional Resources RPM is an extremely complex utility with many options and methods for querying, installing, upgrading, and removing packages. Refer to the following resources to learn more about RPM. 25.5.1.
Chapter 25.
Chapter 26. Gnome-RPM If you do not want to use the command-line version of RPM, you can use Gnome-RPM, a graphical interface for Red Hat Package Manager (RPM). To learn more about RPM technology, turn to Chapter 25. Gnome-RPM (which is also referred to as gnorpm) allows users to easily work with RPM technology and features a friendly interface. It is "GNOME-compliant," meaning that it seamlessly integrates into GNOME, a graphical X Window System desktop environment provided with Red Hat Linux.
Chapter 26. Gnome-RPM may make these operations easier to perform. Gnome-RPM can display packages in a variety of different ways. Refer to Section 26.3 for more information on using filters to identify packages. You can install, upgrade, or uninstall several packages with a few button clicks. Similarly, you can query and verify more than one package at a time.
Chapter 26. Gnome-RPM 231 Figure 26-1. Main Gnome-RPM Window 26.2. The Package Display Each folder icon in the tree view at left represents a group of packages. Each group can contain subgroups. For example, the folder Applications contains the folder Editors that contains text editors such as Emacs, ed, vim, and GXedit. The tree view can be expanded and collapsed, so you can easily navigate through the packages.
Chapter 26. Gnome-RPM Figure 26-2. Selecting Packages in Gnome-RPM You can select and unselect multiple packages, in more than one folder in the tree panel. To select more than one package, hold down the [Ctrl] key and left-click on packages; each selected package will be highlighted. To select a group of packages within a folder, left-click on one package. Hold down the [Shift] key and left-click on the final package you wish to select.
Chapter 26. Gnome-RPM 233 Figure 26-3. The Install Window Click on the Add button. By default, if your CD-ROM is mounted with a Red Hat Linux CDROM, Gnome-RPM will search in /mnt/cdrom/RedHat/RPMS for new packages. (You can change the default path in the Install Window tab of the Operations => Preferences dialog. See Section 26.4 for more information.) If no packages are available in the default path, you will see an Add Packages window.
Chapter 26. Gnome-RPM 26.4. Configuration Gnome-RPM offers a wide selection of choices for installing and uninstalling packages, documentation and other features. You can customize Gnome-RPM using the Preferences dialog, which you can access from Operations => Preferences on the menu. To make selections in the Preferences dialog, select the boxes next to the options. Under the Behaviour tab, you will find a number of options for configuring the way GnomeRPM installs, uninstalls and upgrades packages.
Chapter 26. Gnome-RPM 235 option can be useful when two packages include files that are named the same but contain different contents. • Allow upgrade to old version — Like the shell prompt RPM command equivalent -oldpackage, this option allows you to "upgrade" to an earlier package. It can be useful if the latest version of a package does not function correctly on your system. • Keep packages made obsolete — Prevents packages listed in an Obsoletes header from being removed.
Chapter 26. Gnome-RPM To change this path, type the full path to the RPMs you would like to work with. Choosing the Apply or OK buttons will save this path, making it the default path for future sessions. You can also determine the default path by selecting the Browse. . . button, and visually navigating through the RPMPath window. After changing the install path and closing the dialog box, you can use the Install button to view the packages available in the new location.
Chapter 26. Gnome-RPM 237 Caution Packages not produced by Red Hat are not supported by Red Hat because Red Hat can not verify the integrity of these packages and how they interact with official Red Hat packages. Use caution when installing packages downloaded using Rpmfind. Figure 26-7. The Rpmfind Window The Metadata server sets the server to be used for searches. The Download dir: entry allows you to specify where you want the files to be placed.
Chapter 26. Gnome-RPM Figure 26-8. Distribution Settings in Preferences In Distribution Settings, you can set the options for choosing the most appropriate package out of the selections Rpmfind returns, as well as which mirror you would like to use. The higher the rating you indicate for your selection (as shown in Figure 26-8), the higher the priority it will receive; a lower rating (such as "-1") will specify that packages not be recommended. 26.5. Package Manipulation 26.5.1.
Chapter 26. Gnome-RPM 239 Figure 26-9. Query Window The name of the package is centered at the top of the box. Below, the box is divided into two columns of listed information; below this information, you will see a display area showing package files. In the left column in the information list, you will find the size of the file, the machine on which the file is found, the name of the package distribution and its group.
Chapter 26. Gnome-RPM Figure 26-10. Verify Window As the package is being checked, you will see the progress in the Verify window. If there are any problems discovered during the verify process, they will be described in the main display area. 26.5.3. Uninstalling Packages Uninstalling a package removes the application and associated files from your machine. When a package is uninstalled, any files it uses that are not needed by other packages on your system are also removed.
Chapter 26. Gnome-RPM 241 Once you have begun to uninstall packages, Gnome-RPM asks for confirmation, showing a window like the one in Figure 26-11. All of the packages that are about to be uninstalled are listed. You should carefully check the list to make sure that you are not about to remove something you want to keep. Clicking the Yes button will start the uninstallation process. After it is completed, the packages and groups that have been removed will disappear from any open windows. 26.5.3.1.
Chapter 26.
Chapter 27. Red Hat Network Red Hat Network is an Internet solution for managing a Red Hat Linux system or a network of Red Hat Linux systems. All Security Alerts, Bug Fix Alerts, and Enhancement Alerts (collective known as Errata Alerts) can be downloaded directly from Red Hat using the Red Hat Update Agent standalone application or through the RHN Web interface available at http://rhn.redhat.com/. Red Hat Network saves Red Hat Linux users time because they receive email when updated packages are released.
Chapter 27.
Appendixes
Appendix A. Building a Custom Kernel Many people new to Linux often ask, "Why should I build my own kernel?" Given the advances that have been made in the use of kernel modules, the most accurate response to that question is, "Unless you already know why you need to build your own kernel, you probably do not need to." In the past, you had to recompile the kernel if you added new hardware on your system. In other words, the kernel was static. Improvements in the Linux 2.0.
Appendix A. Building a Custom Kernel will remove any configuration files along with the remains of any previous builds that may be scattered around the source tree. If you already have an existing configuration file that works (/usr/src/linux-2.4/.config) that you want to use, back it up to a different directory before running this command and copy it back afterward. If you use an existing configuration file, skip the next step. 5.
Appendix A. Building a Custom Kernel 249 look similar to EXTRAVERSION = -0.1.21-jul2001). This will allow you to have the old working kernel and the new kernel, version 2.4.18-0.12-jul2001, on your system at the same time. 9. Build the kernel with make bzImage. 10. Build any modules you configured with make modules. 11. Use the command make modules_install to install the kernel modules (even if you did not build any). Make sure that you type the underscore (_).
Appendix A. Building a Custom Kernel A.3.1. GRUB If you selected GRUB as your boot loader, modify /boot/grub/grub.conf. The default GRUB configuration file looks similar to the following: # NOTICE: You have a /boot partition. This means that # all kernel paths are relative to /boot/ default=0 timeout=30 splashimage=(hd0,0)/grub/splash.xpm.gz title Red Hat Linux (2.4.18-0.12) root (hd0,0) kernel /vmlinuz-2.4.18-0.12 ro root=/dev/hda3 initrd /initrd-2.4.18-0.12.
Appendix A. Building a Custom Kernel 251 A.3.2. LILO To configure LILO to boot the new kernel, you need to update the /etc/lilo.conf file and run the command /sbin/lilo -v. The default /etc/lilo.conf file looks similar to the following: boot=/dev/hda map=/boot/map install=/boot/boot.b prompt timeout=50 message=/boot/message linear default=linux image=/boot/vmlinuz-2.4.18-0.12 label=linux initrd=initrd-2.4.18-0.12.
Appendix A. Building a Custom Kernel Boot image: /boot/vmlinuz-2.4.18-0.12-jul2001 Added linux-old Writing boot sector. Be sure the messages contains Writing boot sector. The * after linux means that the section labeled linux is the default kernel that LILO will boot. From now on, when the system boots you will see linux and linux-old as LILO boot options. To boot the new kernel (linux) simply press [Enter], or wait for LILO to time out.
Appendix B. Getting Started with Gnu Privacy Guard B.1. An Introduction to GnuPG Have you ever wondered if your email can be read during its transmission from you to other people, or from other people to you? Unfortunately, complete strangers could conceivably intercept or even tamper with your email. In traditional (also known as "snail") mail, letters are usually sealed within envelopes, stamped and delivered from post office branch to branch until they reach their destination.
Appendix B. Getting Started with Gnu Privacy Guard B.2. Generating a Keypair To begin using GnuPG, you must first generate a new keypair: a public key and a private key. To generate a keypair, at a shell prompt, type the following command: gpg --gen-key Since you work with your user account most frequently, you should perform this action while logged in to your user account (and not as root).
Appendix B. Getting Started with Gnu Privacy Guard 255 disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++.+++++.++++++++....++++++++++..+++++.+++++.+++++++.+++++++ +++.++++++++++++++++++++++++++++++++++++++..........................++++ When the activity on the screen ceases, your new keys will be made and placed in the directory .gnupg in your home directory.
Appendix B. Getting Started with Gnu Privacy Guard 1024-bit DSA key, ID 823D25A9, created 2000-04-26 ASCII armored output forced. Revocation certificate created. Once your revocation certificate has been created (revoke.asc), it will be located in your login directory. You should copy the certificate to a floppy diskette and store it in a secure place. (If you don’t know how to copy a file to a diskette in Red Hat Linux, see the Official Red Hat Linux Getting Started Guide.) B.4.
Appendix B. Getting Started with Gnu Privacy Guard 257 B.4.1. Exporting to a Keyserver If you are only writing to a few correspondents, you can export your public key and send it to them personally. If you correspond with many people, however, distribution of your key can be time consuming. Instead, you can use a keyserver. Figure B-1. The Home Page of Keyserver.Net A keyserver is a repository on the Internet which can store and distribute your public key to anyone who requests it.
• Appendix B. Getting Started with Gnu Privacy Guard From your browser, go to Keyserver.Net (http://www.keyserver.net) and select the option to add your own PGP public key. Your next task is to copy and paste your public key into the appropriate area on the Web page. If you need instructions on how to do that, use the following: • Open your exported public key file (such as mykey.asc, which was created in Section B.4) with a pager — for example, use the less mykey.asc command.
Appendix B. Getting Started with Gnu Privacy Guard 259 B.5. Importing a Public Key The other end of key exchange — importing other people’s public keys to your keyring — is just as simple as exporting keys. When you import someone’s public key, you can decrypt their mail and check their digital signature against their public key on your keyring. One of the easiest ways to import a key is to download the key or save it from a website. To learn how to import Red Hat’s key, refer to Section 25.3.1.
Appendix B. Getting Started with Gnu Privacy Guard B.7.1. Installed Documentation • man gpg and info gpg — Quick Reference of GnuPG commands and options. B.7.2. Useful Websites • http://www.gnupg.org — The GnuPG website with links to the latest GnuPG releases, a comprehensive user’s guide, and other cryptography resources. • http://hotwired.lycos.com/webmonkey/backend/security/tutorials/tutorial1.
Index Automated Tasks, 197 Symbols B /etc/auto.master, 104 /etc/fstab, 103 /etc/hosts.lpd, ?? /etc/httpd/conf/httpd.conf, 119 /etc/printcap, 179 /etc/printcap.
configuration file, 197 example crontabs, 198 user-defined tasks, 198 crontab, 197 CtrlAltDel shutdown, disabling, 159 F feedback, xiv filesystem NFS (See NFS) filesystems, 174 firewall (See GNOME Lokkit) D date configuration, 163 decryption with GnuPG, 253 devel package, 138 df, 174 DHCP, 111 additional resources, 117 client configuration, 116 command line options, 115 connecting to, 116 dhcpd.conf, 111 dhcpd.
H hardware viewing, 175 Hardware Browser, 175 Hardware RAID (See RAID) hwbrowser, 175 I information about your system, 171 initrd, 249 insmod, 212 installation kickstart (See kickstart installations) secure server, 137 Internet connection (See network configuration) introduction, ix ISDN connection (See network configuration) K kernel building, 247, 252 custom, 247, 252 downloading, 207 initrd image for, 249 large memory support, 206 modular, 247 module loader (kmod), 211 modules, 211 monolith
M ntsysv, 94 Mail Transport Agent (See MTA) Maximum RPM, 227 memory usage, 173 modem connection (See network configuration) modprobe, 212 modules.conf, 211 monitoring filesystems, 175 mounting NFS filesystems, 103 MTA Red Hat Mail Transport Agent Switcher, 155 setting default, 155 mtools and the floppy group, 162 N named.
command line options, 192 creating an alias, 191 CUPS printing system, 193 configuration interface, 195 default printer, 190 delete existing printer, 190 driver options, 192 Assume Unknown Data is Text, 192 Convert Text to Postscript, 192 Effective Filter Locale, 192 Page Size, 192 Prerender Postscript, 192 Send End-of-Transmission (EOT), 192 Send Form-Feed (FF), 192 edit driver, 191 edit existing printer, 190 exporting settings, 192 importing settings, 192 local printer, 181 LPRng, 179 managing print
S T Samba, 107 additional resources, 110 configuration, 107 smb.conf, 107 encrypted passwords, 108 pam_smbpass, 108 reasons for using, 107 share connecting to, 109 connecting to with Nautilus, 109 syncing passwords with passwd, 108 with Windows 2000, 108 with Windows NT 4.
X xDSL connection (See network configuration) xinetd, 92
