Red Hat Enterprise Linux 5.1

Red Hat Enterprise Linux 5.1

Red Hat Enterprise Linux Deployment Guide

Legal Notice
Revision History
Revision 5.1.0-1 Tue Jun 26 2007 Michael Hideo
Smith
Resolves: #245683
Content Update

Abstract

This Deployment Guide documents relevant information regarding the deployment, configuration and administration of Red Hat Enterprise Linux 5.1.


Introduction
1. Document Conventions
2. Send in Your Feedback
I. File Systems
1. File System Structure
1.1. Why Share a Common Structure?
1.2. Overview of File System Hierarchy Standard (FHS)
1.2.1. FHS Organization
1.3. Special File Locations Under Red Hat Enterprise Linux
2. The ext3 File System
2.1. Features of ext3
2.2. Creating an ext3 File System
2.3. Converting to an ext3 File System
2.4. Reverting to an ext2 File System
3. The proc File System
3.1. A Virtual File System
3.1.1. Viewing Virtual Files
3.1.2. Changing Virtual Files
3.2. Top-level Files within the proc File System
3.2.1. /proc/apm
3.2.2. /proc/buddyinfo
3.2.3. /proc/cmdline
3.2.4. /proc/cpuinfo
3.2.5. /proc/crypto
3.2.6. /proc/devices
3.2.7. /proc/dma
3.2.8. /proc/execdomains
3.2.9. /proc/fb
3.2.10. /proc/filesystems
3.2.11. /proc/interrupts
3.2.12. /proc/iomem
3.2.13. /proc/ioports
3.2.14. /proc/kcore
3.2.15. /proc/kmsg
3.2.16. /proc/loadavg
3.2.17. /proc/locks
3.2.18. /proc/mdstat
3.2.19. /proc/meminfo
3.2.20. /proc/misc
3.2.21. /proc/modules
3.2.22. /proc/mounts
3.2.23. /proc/mtrr
3.2.24. /proc/partitions
3.2.25. /proc/pci
3.2.26. /proc/slabinfo
3.2.27. /proc/stat
3.2.28. /proc/swaps
3.2.29. /proc/sysrq-trigger
3.2.30. /proc/uptime
3.2.31. /proc/version
3.3. Directories within /proc/
3.3.1. Process Directories
3.3.2. /proc/bus/
3.3.3. /proc/driver/
3.3.4. /proc/fs
3.3.5. /proc/ide/
3.3.6. /proc/irq/
3.3.7. /proc/net/
3.3.8. /proc/scsi/
3.3.9. /proc/sys/
3.3.10. /proc/sysvipc/
3.3.11. /proc/tty/
3.4. Using the sysctl Command
3.5. Additional Resources
3.5.1. Installed Documentation
3.5.2. Useful Websites
4. Redundant Array of Independent Disks (RAID)
4.1. What is RAID?
4.2. Who Should Use RAID?
4.3. Hardware RAID versus Software RAID
4.3.1. Hardware RAID
4.3.2. Software RAID
4.4. RAID Levels and Linear Support
4.5. Configuring Software RAID
4.5.1. Creating the RAID Partitions
4.5.2. Creating the RAID Devices and Mount Points
5. Swap Space
5.1. What is Swap Space?
5.2. Adding Swap Space
5.2.1. Extending Swap on an LVM2 Logical Volume
5.2.2. Creating an LVM2 Logical Volume for Swap
5.2.3. Creating a Swap File
5.3. Removing Swap Space
5.3.1. Reducing Swap on an LVM2 Logical Volume
5.3.2. Removing an LVM2 Logical Volume for Swap
5.3.3. Removing a Swap File
5.4. Moving Swap Space
6. Managing Disk Storage
6.1. Standard Partitions using parted
6.1.1. Viewing the Partition Table
6.1.2. Creating a Partition
6.1.3. Removing a Partition
6.1.4. Resizing a Partition
6.2. LVM Partition Management
7. Implementing Disk Quotas
7.1. Configuring Disk Quotas
7.1.1. Enabling Quotas
7.1.2. Remounting the File Systems
7.1.3. Creating the Quota Database Files
7.1.4. Assigning Quotas per User
7.1.5. Assigning Quotas per Group
7.1.6. Setting the Grace Period for Soft Limits
7.2. Managing Disk Quotas
7.2.1. Enabling and Disabling
7.2.2. Reporting on Disk Quotas
7.2.3. Keeping Quotas Accurate
7.3. Additional Resources
7.3.1. Installed Documentation
7.3.2. Related Books
8. Access Control Lists
8.1. Mounting File Systems
8.1.1. NFS
8.2. Setting Access ACLs
8.3. Setting Default ACLs
8.4. Retrieving ACLs
8.5. Archiving File Systems With ACLs
8.6. Compatibility with Older Systems
8.7. Additional Resources
8.7.1. Installed Documentation
8.7.2. Useful Websites
9. LVM (Logical Volume Manager)
9.1. What is LVM?
9.1.1. What is LVM2?
9.2. LVM Configuration
9.3. Automatic Partitioning
9.4. Manual LVM Partitioning
9.4.1. Creating the /boot/ Partition
9.4.2. Creating the LVM Physical Volumes
9.4.3. Creating the LVM Volume Groups
9.4.4. Creating the LVM Logical Volumes
9.5. Using the LVM utility system-config-lvm
9.5.1. Utilizing uninitialized entities
9.5.2. Adding Unallocated Volumes to a volume group
9.5.3. Migrating extents
9.5.4. Adding a new hard disk using LVM
9.5.5. Adding a new volume group
9.5.6. Extending a volume group
9.5.7. Editing a Logical Volume
9.6. Additional Resources
9.6.1. Installed Documentation
9.6.2. Useful Websites
II. Package Management
10. Package Management with RPM
10.1. RPM Design Goals
10.2. Using RPM
10.2.1. Finding RPM Packages
10.2.2. Installing
10.2.3. Uninstalling
10.2.4. Upgrading
10.2.5. Freshening
10.2.6. Querying
10.2.7. Verifying
10.3. Checking a Package's Signature
10.3.1. Importing Keys
10.3.2. Verifying Signature of Packages
10.4. Practical and Common Examples of RPM Usage
10.5. Additional Resources
10.5.1. Installed Documentation
10.5.2. Useful Websites
10.5.3. Related Books
11. Package Management Tool
11.1. Listing and Analyzing Packages
11.2. Installing and Removing Packages
12. YUM (Yellowdog Updater Modified)
12.1. Setting Up a yum Repository
12.2. yum Commands
12.3. yum Options
12.4. Configuring yum
12.4.1. [main] Options
12.4.2. [repository] Options
12.5. Useful yum Variables
13. Red Hat Network
III. Network-Related Configuration
14. Network Interfaces
14.1. Network Configuration Files
14.2. Interface Configuration Files
14.2.1. Ethernet Interfaces
14.2.2. IPsec Interfaces
14.2.3. Channel Bonding Interfaces
14.2.4. Alias and Clone Files
14.2.5. Dialup Interfaces
14.2.6. Other Interfaces
14.3. Interface Control Scripts
14.4. Configuring Static Routes
14.5. Network Function Files
14.6. Additional Resources
14.6.1. Installed Documentation
15. Network Configuration
15.1. Overview
15.2. Establishing an Ethernet Connection
15.3. Establishing an ISDN Connection
15.4. Establishing a Modem Connection
15.5. Establishing an xDSL Connection
15.6. Establishing a Token Ring Connection
15.7. Establishing a Wireless Connection
15.8. Managing DNS Settings
15.9. Managing Hosts
15.10. Working with Profiles
15.11. Device Aliases
15.12. Saving and Restoring the Network Configuration
16. Controlling Access to Services
16.1. Runlevels
16.2. TCP Wrappers
16.2.1. xinetd
16.3. Services Configuration Tool
16.4. ntsysv
16.5. chkconfig
16.6. Additional Resources
16.6.1. Installed Documentation
16.6.2. Useful Websites
17. Berkeley Internet Name Domain (BIND)
17.1. Introduction to DNS
17.1.1. Nameserver Zones
17.1.2. Nameserver Types
17.1.3. BIND as a Nameserver
17.2. /etc/named.conf
17.2.1. Common Statement Types
17.2.2. Other Statement Types
17.2.3. Comment Tags
17.3. Zone Files
17.3.1. Zone File Directives
17.3.2. Zone File Resource Records
17.3.3. Example Zone File
17.3.4. Reverse Name Resolution Zone Files
17.4. Using rndc
17.4.1. Configuring /etc/named.conf
17.4.2. Configuring /etc/rndc.conf
17.4.3. Command Line Options
17.5. Advanced Features of BIND
17.5.1. DNS Protocol Enhancements
17.5.2. Multiple Views
17.5.3. Security
17.5.4. IP version 6
17.6. Common Mistakes to Avoid
17.7. Additional Resources
17.7.1. Installed Documentation
17.7.2. Useful Websites
17.7.3. Related Books
18. OpenSSH
18.1. Features of SSH
18.1.1. Why Use SSH?
18.2. SSH Protocol Versions
18.3. Event Sequence of an SSH Connection
18.3.1. Transport Layer
18.3.2. Authentication
18.3.3. Channels
18.4. Configuring an OpenSSH Server
18.4.1. Requiring SSH for Remote Connections
18.5. OpenSSH Configuration Files
18.6. Configuring an OpenSSH Client
18.6.1. Using the ssh Command
18.6.2. Using the scp Command
18.6.3. Using the sftp Command
18.7. More Than a Secure Shell
18.7.1. X11 Forwarding
18.7.2. Port Forwarding
18.7.3. Generating Key Pairs
18.8. Additional Resources
18.8.1. Installed Documentation
18.8.2. Useful Websites
19. Network File System (NFS)
19.1. How It Works
19.1.1. Required Services
19.2. NFS Client Configuration
19.2.1. Mounting NFS File Systems using /etc/fstab
19.3. autofs
19.3.1. What's new in autofs version 5?
19.3.2. autofs Configuration
19.3.3. autofs Common Tasks
19.4. Common NFS Mount Options
19.5. Starting and Stopping NFS
19.6. NFS Server Configuration
19.6.1. Exporting or Sharing NFS File Systems
19.6.2. Command Line Configuration
19.6.3. Hostname Formats
19.7. The /etc/exports Configuration File
19.7.1. The exportfs Command
19.8. Securing NFS
19.8.1. Host Access
19.8.2. File Permissions
19.9. NFS and portmap
19.9.1. Troubleshooting NFS and portmap
19.10. Using NFS over TCP
19.11. Additional Resources
19.11.1. Installed Documentation
19.11.2. Useful Websites
19.11.3. Related Books
20. Samba
20.1. Introduction to Samba
20.1.1. Samba Features
20.2. Samba Daemons and Related Services
20.2.1. Samba Daemons
20.3. Connecting to a Samba Share
20.3.1. Command Line
20.3.2. Mounting the Share
20.4. Configuring a Samba Server
20.4.1. Graphical Configuration
20.4.2. Command Line Configuration
20.4.3. Encrypted Passwords
20.5. Starting and Stopping Samba
20.6. Samba Server Types and the smb.conf File
20.6.1. Stand-alone Server
20.6.2. Domain Member Server
20.6.3. Domain Controller
20.7. Samba Security Modes
20.7.1. User-Level Security
20.7.2. Share-Level Security
20.8. Samba Account Information Databases
20.9. Samba Network Browsing
20.9.1. Domain Browsing
20.9.2. WINS (Windows Internetworking Name Server)
20.10. Samba with CUPS Printing Support
20.10.1. Simple smb.conf Settings
20.11. Samba Distribution Programs
20.12. Additional Resources
20.12.1. Installed Documentation
20.12.2. Related Books
20.12.3. Useful Websites
21. Dynamic Host Configuration Protocol (DHCP)
21.1. Why Use DHCP?
21.2. Configuring a DHCP Server
21.2.1. Configuration File
21.2.2. Lease Database
21.2.3. Starting and Stopping the Server
21.2.4. DHCP Relay Agent
21.3. Configuring a DHCP Client
21.4. Additional Resources
21.4.1. Installed Documentation
22. Apache HTTP Server
22.1. Apache HTTP Server 2.2
22.1.1. Features of Apache HTTP Server 2.2
22.2. Migrating Apache HTTP Server Configuration Files
22.2.1. Migrating Apache HTTP Server 2.0 Configuration Files
22.2.2. Migrating Apache HTTP Server 1.3 Configuration Files to 2.0
22.3. Starting and Stopping httpd
22.4. Apache HTTP Server Configuration
22.4.1. Basic Settings
22.4.2. Default Settings
22.5. Configuration Directives in httpd.conf
22.5.1. General Configuration Tips
22.5.2. Configuration Directives for SSL
22.5.3. MPM Specific Server-Pool Directives
22.6. Adding Modules
22.7. Virtual Hosts
22.7.1. Setting Up Virtual Hosts
22.8. Apache HTTP Secure Server Configuration
22.8.1. An Overview of Security-Related Packages
22.8.2. An Overview of Certificates and Security
22.8.3. Using Pre-Existing Keys and Certificates
22.8.4. Types of Certificates
22.8.5. Generating a Key
22.8.6. How to configure the server to use the new key
22.9. Additional Resources
22.9.1. Useful Websites
23. FTP
23.1. The File Transport Protocol
23.1.1. Multiple Ports, Multiple Modes
23.2. FTP Servers
23.2.1. vsftpd
23.3. Files Installed with vsftpd
23.4. Starting and Stopping vsftpd
23.4.1. Starting Multiple Copies of vsftpd
23.5. vsftpd Configuration Options
23.5.1. Daemon Options
23.5.2. Log In Options and Access Controls
23.5.3. Anonymous User Options
23.5.4. Local User Options
23.5.5. Directory Options
23.5.6. File Transfer Options
23.5.7. Logging Options
23.5.8. Network Options
23.6. Additional Resources
23.6.1. Installed Documentation
23.6.2. Useful Websites
24. Email
24.1. Email Protocols
24.1.1. Mail Transport Protocols
24.1.2. Mail Access Protocols
24.2. Email Program Classifications
24.2.1. Mail Transport Agent
24.2.2. Mail Delivery Agent
24.2.3. Mail User Agent
24.3. Mail Transport Agents
24.3.1. Sendmail
24.3.2. Postfix
24.3.3. Fetchmail
24.4. Mail Transport Agent (MTA) Configuration
24.5. Mail Delivery Agents
24.5.1. Procmail Configuration
24.5.2. Procmail Recipes
24.6. Mail User Agents
24.6.1. Securing Communication
24.7. Additional Resources
24.7.1. Installed Documentation
24.7.2. Useful Websites
24.7.3. Related Books
25. Lightweight Directory Access Protocol (LDAP)
25.1. Why Use LDAP?
25.1.1. OpenLDAP Features
25.2. LDAP Terminology
25.3. OpenLDAP Daemons and Utilities
25.3.1. NSS, PAM, and LDAP
25.3.2. PHP4, LDAP, and the Apache HTTP Server
25.3.3. LDAP Client Applications
25.4. OpenLDAP Configuration Files
25.5. The /etc/openldap/schema/ Directory
25.6. OpenLDAP Setup Overview
25.6.1. Editing /etc/openldap/slapd.conf
25.7. Configuring a System to Authenticate Using OpenLDAP
25.7.1. PAM and LDAP
25.7.2. Migrating Old Authentication Information to LDAP Format
25.8. Migrating Directories from Earlier Releases
25.9. Additional Resources
25.9.1. Installed Documentation
25.9.2. Useful Websites
25.9.3. Related Books
26. Authentication Configuration
26.1. User Information
26.2. Authentication
26.3. Options
26.4. Command Line Version
IV. System Configuration
27. Console Access
27.1. Disabling Shutdown Via Ctrl-Alt-Del
27.2. Disabling Console Program Access
27.3. Defining the Console
27.4. Making Files Accessible From the Console
27.5. Enabling Console Access for Other Applications
27.6. The floppy Group
28. The sysconfig Directory
28.1. Files in the /etc/sysconfig/ Directory
28.1.1. /etc/sysconfig/amd
28.1.2. /etc/sysconfig/apmd
28.1.3. /etc/sysconfig/arpwatch
28.1.4. /etc/sysconfig/authconfig
28.1.5. /etc/sysconfig/autofs
28.1.6. /etc/sysconfig/clock
28.1.7. /etc/sysconfig/desktop
28.1.8. /etc/sysconfig/dhcpd
28.1.9. /etc/sysconfig/exim
28.1.10. /etc/sysconfig/firstboot
28.1.11. /etc/sysconfig/gpm
28.1.12. /etc/sysconfig/hwconf
28.1.13. /etc/sysconfig/i18n
28.1.14. /etc/sysconfig/init
28.1.15. /etc/sysconfig/ip6tables-config
28.1.16. /etc/sysconfig/iptables-config
28.1.17. /etc/sysconfig/irda
28.1.18. /etc/sysconfig/keyboard
28.1.19. /etc/sysconfig/kudzu
28.1.20. /etc/sysconfig/named
28.1.21. /etc/sysconfig/netdump
28.1.22. /etc/sysconfig/network
28.1.23. /etc/sysconfig/ntpd
28.1.24. /etc/sysconfig/radvd
28.1.25. /etc/sysconfig/samba
28.1.26. /etc/sysconfig/selinux
28.1.27. /etc/sysconfig/sendmail
28.1.28. /etc/sysconfig/spamassassin
28.1.29. /etc/sysconfig/squid
28.1.30. /etc/sysconfig/system-config-selinux
28.1.31. /etc/sysconfig/system-config-users
28.1.32. /etc/sysconfig/system-logviewer
28.1.33. /etc/sysconfig/tux
28.1.34. /etc/sysconfig/vncservers
28.1.35. /etc/sysconfig/xinetd
28.2. Directories in the /etc/sysconfig/ Directory
28.3. Additional Resources
28.3.1. Installed Documentation
29. Date and Time Configuration
29.1. Time and Date Properties
29.2. Network Time Protocol (NTP) Properties
29.3. Time Zone Configuration
30. Keyboard Configuration
31. The X Window System
31.1. The X11R7.1 Release
31.2. Desktop Environments and Window Managers
31.2.1. Desktop Environments
31.2.2. Window Managers
31.3. X Server Configuration Files
31.3.1. xorg.conf
31.4. Fonts
31.4.1. Fontconfig
31.4.2. Core X Font System
31.5. Runlevels and X
31.5.1. Runlevel 3
31.5.2. Runlevel 5
31.6. Additional Resources
31.6.1. Installed Documentation
31.6.2. Useful Websites
32. X Window System Configuration
32.1. Display Settings
32.2. Display Hardware Settings
32.3. Dual Head Display Settings
33. Users and Groups
33.1. User and Group Configuration
33.1.1. Adding a New User
33.1.2. Modifying User Properties
33.1.3. Adding a New Group
33.1.4. Modifying Group Properties
33.2. User and Group Management Tools
33.2.1. Command Line Configuration
33.2.2. Adding a User
33.2.3. Adding a Group
33.2.4. Password Aging
33.2.5. Explaining the Process
33.3. Standard Users
33.4. Standard Groups
33.5. User Private Groups
33.5.1. Group Directories
33.6. Shadow Passwords
33.7. Additional Resources
33.7.1. Installed Documentation
34. Printer Configuration
34.1. Adding a Local Printer
34.2. Adding an IPP Printer
34.3. Adding a Samba (SMB) Printer
34.4. Adding a JetDirect Printer
34.5. Selecting the Printer Model and Finishing
34.5.1. Confirming Printer Configuration
34.6. Printing a Test Page
34.7. Modifying Existing Printers
34.7.1. The Settings Tab
34.7.2. The Policies Tab
34.7.3. The Access Control Tab
34.7.4. The Printer and Job OptionsTab
34.8. Managing Print Jobs
34.9. Additional Resources
34.9.1. Installed Documentation
34.9.2. Useful Websites
35. Automated Tasks
35.1. Cron
35.1.1. Configuring Cron Tasks
35.1.2. Controlling Access to Cron
35.1.3. Starting and Stopping the Service
35.2. At and Batch
35.2.1. Configuring At Jobs
35.2.2. Configuring Batch Jobs
35.2.3. Viewing Pending Jobs
35.2.4. Additional Command Line Options
35.2.5. Controlling Access to At and Batch
35.2.6. Starting and Stopping the Service
35.3. Additional Resources
35.3.1. Installed Documentation
36. Log Files
36.1. Locating Log Files
36.2. Viewing Log Files
36.3. Adding a Log File
36.4. Monitoring Log Files
V. System Monitoring
37. SystemTap
37.1. Introduction
37.2. Implementation
37.3. Using SystemTap
37.3.1. Tracing
38. Gathering System Information
38.1. System Processes
38.2. Memory Usage
38.3. File Systems
38.4. Hardware
38.5. Additional Resources
38.5.1. Installed Documentation
39. OProfile
39.1. Overview of Tools
39.2. Configuring OProfile
39.2.1. Specifying the Kernel
39.2.2. Setting Events to Monitor
39.2.3. Separating Kernel and User-space Profiles
39.3. Starting and Stopping OProfile
39.4. Saving Data
39.5. Analyzing the Data
39.5.1. Using opreport
39.5.2. Using opreport on a Single Executable
39.5.3. Getting more detailed output on the modules
39.5.4. Using opannotate
39.6. Understanding /dev/oprofile/
39.7. Example Usage
39.8. Graphical Interface
39.9. Additional Resources
39.9.1. Installed Docs
39.9.2. Useful Websites
VI. Kernel and Driver Configuration
40. Manually Upgrading the Kernel
40.1. Overview of Kernel Packages
40.2. Preparing to Upgrade
40.3. Downloading the Upgraded Kernel
40.4. Performing the Upgrade
40.5. Verifying the Initial RAM Disk Image
40.6. Verifying the Boot Loader
40.6.1. x86 Systems
40.6.2. Itanium Systems
40.6.3. IBM S/390 and IBM System z Systems
40.6.4. IBM eServer iSeries Systems
40.6.5. IBM eServer pSeries Systems
41. General Parameters and Modules
41.1. Kernel Module Utilities
41.2. Persistent Module Loading
41.3. Specifying Module Parameters
41.4. Storage parameters
41.5. Ethernet Parameters
41.5.1. Using Multiple Ethernet Cards
41.5.2. The Channel Bonding Module
41.6. Additional Resources
41.6.1. Installed Documentation
41.6.2. Useful Websites
VII. Security And Authentication
42. Security Overview
42.1. Introduction to Security
42.1.1. What is Computer Security?
42.1.2. Security Controls
42.1.3. Conclusion
42.2. Vulnerability Assessment
42.2.1. Thinking Like the Enemy
42.2.2. Defining Assessment and Testing
42.2.3. Evaluating the Tools
42.3. Attackers and Vulnerabilities
42.3.1. A Quick History of Hackers
42.3.2. Threats to Network Security
42.3.3. Threats to Server Security
42.3.4. Threats to Workstation and Home PC Security
42.4. Common Exploits and Attacks
42.5. Security Updates
42.5.1. Updating Packages
43. Securing Your Network
43.1. Workstation Security
43.1.1. Evaluating Workstation Security
43.1.2. BIOS and Boot Loader Security
43.1.3. Password Security
43.1.4. Administrative Controls
43.1.5. Available Network Services
43.1.6. Personal Firewalls
43.1.7. Security Enhanced Communication Tools
43.2. Server Security
43.2.1. Securing Services With TCP Wrappers and xinetd
43.2.2. Securing Portmap
43.2.3. Securing NIS
43.2.4. Securing NFS
43.2.5. Securing the Apache HTTP Server
43.2.6. Securing FTP
43.2.7. Securing Sendmail
43.2.8. Verifying Which Ports Are Listening
43.3. Single Sign-on (SSO)
43.3.1. Introduction
43.3.2. Getting Started with your new Smart Card
43.3.3. How Smart Card Enrollment Works
43.3.4. How Smart Card Login Works
43.3.5. Configuring Firefox to use Kerberos for SSO
43.4. Pluggable Authentication Modules (PAM)
43.4.1. Advantages of PAM
43.4.2. PAM Configuration Files
43.4.3. PAM Configuration File Format
43.4.4. Sample PAM Configuration Files
43.4.5. Creating PAM Modules
43.4.6. PAM and Administrative Credential Caching
43.4.7. PAM and Device Ownership
43.4.8. Additional Resources
43.5. TCP Wrappers and xinetd
43.5.1. TCP Wrappers
43.5.2. TCP Wrappers Configuration Files
43.5.3. xinetd
43.5.4. xinetd Configuration Files
43.5.5. Additional Resources
43.6. Kerberos
43.6.1. What is Kerberos?
43.6.2. Kerberos Terminology
43.6.3. How Kerberos Works
43.6.4. Kerberos and PAM
43.6.5. Configuring a Kerberos 5 Server
43.6.6. Configuring a Kerberos 5 Client
43.6.7. Domain-to-Realm Mapping
43.6.8. Setting Up Secondary KDCs
43.6.9. Setting Up Cross Realm Authentication
43.6.10. Additional Resources
43.7. Virtual Private Networks (VPNs)
43.7.1. How Does a VPN Work?
43.7.2. VPNs and Red Hat Enterprise Linux
43.7.3. IPsec
43.7.4. Creating an IPsec Connection
43.7.5. IPsec Installation
43.7.6. IPsec Host-to-Host Configuration
43.7.7. IPsec Network-to-Network Configuration
43.7.8. Starting and Stopping an IPsec Connection
43.8. Firewalls
43.8.1. Netfilter and IPTables
43.8.2. Basic Firewall Configuration
43.8.3. Using IPTables
43.8.4. Common IPTables Filtering
43.8.5. FORWARD and NAT Rules
43.8.6. Malicious Software and Spoofed IP Addresses
43.8.7. IPTables and Connection Tracking
43.8.8. IPv6
43.8.9. Additional Resources
43.9. IPTables
43.9.1. Packet Filtering
43.9.2. Differences Between IPTables and IPChains
43.9.3. Command Options for IPTables
43.9.4. Saving IPTables Rules
43.9.5. IPTables Control Scripts
43.9.6. IPTables and IPv6
43.9.7. Additional Resources
44. Security and SELinux
44.1. Access Control Mechanisms (ACMs)
44.1.1. Discretionary Access Control (DAC)
44.1.2. Access Control Lists (ACLs)
44.1.3. Mandatory Access Control (MAC)
44.1.4. Role-based Access Control (RBAC)
44.1.5. Multi-Level Security (MLS)
44.1.6. Multi-Category Security (MCS)
44.2. Introduction to SELinux
44.2.1. SELinux Overview
44.2.2. Files Related to SELinux
44.2.3. Additional Resources
44.3. Brief Background and History of SELinux
44.4. Multi-Category Security (MCS)
44.4.1. Introduction
44.4.2. Applications for Multi-Category Security
44.4.3. SELinux Security Contexts
44.5. Getting Started with Multi-Category Security (MCS)
44.5.1. Introduction
44.5.2. Comparing SELinux and Standard Linux User Identities
44.5.3. Configuring Categories
44.5.4. Assigning Categories to Users
44.5.5. Assigning Categories to Files
44.6. Multi-Level Security (MLS)
44.6.1. Why Multi-Level?
44.6.2. Security Levels, Objects and Subjects
44.6.3. MLS Policy
44.6.4. LSPP Certification
44.7. SELinux Policy Overview
44.7.1. What is the SELinux Policy?
44.7.2. Where is the Policy?
44.7.3. The Role of Policy in the Boot Process
44.7.4. Object Classes and Permissions
44.8. Targeted Policy Overview
44.8.1. What is the Targeted Policy?
44.8.2. Files and Directories of the Targeted Policy
44.8.3. Understanding the Users and Roles in the Targeted Policy
45. Working With SELinux
45.1. End User Control of SELinux
45.1.1. Moving and Copying Files
45.1.2. Checking the Security Context of a Process, User, or File Object
45.1.3. Relabeling a File or Directory
45.1.4. Creating Archives That Retain Security Contexts
45.2. Administrator Control of SELinux
45.2.1. Viewing the Status of SELinux
45.2.2. Relabeling a File System
45.2.3. Managing NFS Home Directories
45.2.4. Granting Access to a Directory or a Tree
45.2.5. Backing Up and Restoring the System
45.2.6. Enabling or Disabling Enforcement
45.2.7. Enable or Disable SELinux
45.2.8. Changing the Policy
45.2.9. Specifying the Security Context of Entire File Systems
45.2.10. Changing the Security Category of a File or User
45.2.11. Running a Command in a Specific Security Context
45.2.12. Useful Commands for Scripts
45.2.13. Changing to a Different Role
45.2.14. When to Reboot
45.3. Analyst Control of SELinux
45.3.1. Enabling Kernel Auditing
45.3.2. Dumping and Viewing Logs
46. Customizing SELinux Policy
46.1. Introduction
46.1.1. Modular Policy
46.2. Building a Local Policy Module
46.2.1. Using audit2allow to Build a Local Policy Module
46.2.2. Analyzing the Type Enforcement (TE) File
46.2.3. Loading the Policy Package
47. References
VIII. Red Hat Training And Certification
48. Red Hat Training and Certification
48.1. Three Ways to Train
48.2. Microsoft Certified Professional Resource Center
49. Certification Tracks
49.1. Free Pre-assessment tests
50. RH033: Red Hat Linux Essentials
50.1. Course Description
50.1.1. Prerequisites
50.1.2. Goal
50.1.3. Audience
50.1.4. Course Objectives
50.1.5. Follow-on Courses
51. RH035: Red Hat Linux Essentials for Windows Professionals
51.1. Course Description
51.1.1. Prerequisites
51.1.2. Goal
51.1.3. Audience
51.1.4. Course Objectives
51.1.5. Follow-on Courses
52. RH133: Red Hat Linux System Administration and Red Hat Certified Technician (RHCT) Certification
52.1. Course Description
52.1.1. Prerequisites
52.1.2. Goal
52.1.3. Audience
52.1.4. Course Objectives
52.1.5. Follow-on Courses
53. RH202 RHCT EXAM - The fastest growing credential in all of Linux.
53.1. Course Description
53.1.1. Prerequisites
54. RH253 Red Hat Linux Networking and Security Administration
54.1. Course Description
54.1.1. Prerequisites
54.1.2. Goal
54.1.3. Audience
54.1.4. Course Objectives
54.1.5. Follow-on Courses
55. RH300: RHCE Rapid track course (and RHCE exam)
55.1. Course Description
55.1.1. Prerequisites
55.1.2. Goal
55.1.3. Audience
55.1.4. Course Objectives
55.1.5. Follow-on Courses
56. RH302 RHCE EXAM
56.1. Course Description
56.1.1. Prerequisites
56.1.2. Content
57. RHS333: RED HAT enterprise security: network services
57.1. Course Description
57.1.1. Prerequisites
57.1.2. Goal
57.1.3. Audience
57.1.4. Course Objectives
57.1.5. Follow-on Courses
58. RH401: Red Hat Enterprise Deployment and systems management
58.1. Course Description
58.1.1. Prerequisites
58.1.2. Goal
58.1.3. Audience
58.1.4. Course Objectives
58.1.5. Follow-on Courses
59. RH423: Red Hat Enterprise Directory services and authentication
59.1. Course Description
59.1.1. Prerequisites
59.1.2. Goal
59.1.3. Audience
59.1.4. Course Objectives
59.1.5. Follow-on Courses
60. SE Linux Courses
60.1. RHS427: Introduction to SELinux and Red Hat Targeted Policy
60.1.1. Audience
60.1.2. Course Summary
60.2. RHS429: Red Hat Enterprise SE Linux Policy Administration
61. RH436: Red Hat Enterprise storage management
61.1. Course Description
61.1.1. Prerequisites
61.1.2. Goal
61.1.3. Audience
61.1.4. Course Objectives
61.1.5. Follow-on Courses
62. RH442: Red Hat Enterprise system monitoring and performance tuning
62.1. Course Description
62.1.1. Prerequisites
62.1.2. Goal
62.1.3. Audience
62.1.4. Course Objectives
62.1.5. Follow-on Courses
63. Red Hat Enterprise Linux Developer Courses
63.1. RHD143: Red Hat Linux Programming Essentials
63.2. RHD221 Red Hat Linux Device Drivers
63.3. RHD236 Red Hat Linux Kernel Internals
63.4. RHD256 Red Hat Linux Application Development and Porting
64. JBoss Courses
64.1. RHD161 JBoss and EJB3 for Java
64.1.1. Prerequisites
64.2. RHD163 JBoss for Web Developers
64.2.1. Prerequisites
64.3. RHD167: JBOSS - HIBERNATE ESSENTIALS
64.3.1. Prerequisites
64.3.2. Course Summary
64.4. RHD267: JBOSS - ADVANCED HIBERNATE
64.4.1. Prerequisites
64.5. RHD261:JBOSS for advanced J2EE developers
64.5.1. Prerequisites
64.6. RH336: JBOSS for Administrators
64.6.1. Prerequisites
64.6.2. Course Summary
64.7. RHD439: JBoss Clustering
64.7.1. Prerequisites
64.8. RHD449: JBoss jBPM
64.8.1. Description
64.8.2. Prerequisites
64.9. RHD451 JBoss Rules
64.9.1. Prerequisites

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.