Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover
Title Page
Copyright Page
Dedication
About the Authors
Contents at a Glance
Contents
Acknowledgments
Preface
Introduction
1 Prepare for Red Hat Hands-on Certifications
The RHCSA and RHCE Exams
The Exam Experience
The RHCSA Exam
The RHCE Exam
If You’re Studying “Just” for the RHCSA Exam
Evolving Requirements
Basic Hardware Requirements
Hardware Compatibility
Architectures
RAM Requirements
Hard Drive Options
Networking
Virtual Machine Options
Get Red Hat Enterprise Linux
Purchase a Subscription
Get an Evaluation Copy
Third-party Rebuilds
Check the Download
Installation Requirements
You Won’t Start from Scratch
The Advantages of Network Installation
Red Hat and Virtual Machines
Virtual and Physical Systems
A Pre-installed Environment for Practice Labs
System Roles
Installation Options
Boot Media
CD/DVD or Boot USB Starts Installation
Basic Installation Steps
The Installation Perspective on Partitions
Partition Creation Exercise
Exercise 1-1: Partitioning During Installation
Wow, Look at All That Software!
Baseline Packages
Package Groups
During the Installation
System Setup Options
Initial Setup and Firstboot
Default Security Settings
Special Setup Options for Virtual Machines
Configure Default File Sharing Services
Mount and Copy the Installation DVD
Set Up a Default Configuration Apache Server
Exercise 1-2: Configure Apache as an Installation Server
Share Copied Files via FTP Server
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
2 Virtual Machines and Automated Installations
Configure KVM for Red Hat
Why Virtual Machines
If You Have to Install KVM
The Right KVM Modules
Configure the Virtual Machine Manager
Configuration by Hypervisor
Virtual Networks on a Hypervisor
Exercise 2-1: Create a Second Virtual Network
Configure a Virtual Machine on KVM
Configure a Virtual Machine on KVM
Exercise 2-2: Add Virtual Hard Drives
KVM Configuration Files
Control Virtual Machines from the Command Line
Automated Installation Options
Kickstart Concepts
Set Up Local Access to Kickstart
Set Up Network Access to Kickstart
Sample Kickstart File
Exercise 2-3: Create and Use a Sample Kickstart File
The Kickstart Configurator
Administration with the Secure Shell and Secure Copy
Configure an SSH Client
Command-Line Access
More SSH Command-Line Tools
Graphical Secure Shell Access
Consider Adding These Command-Line Tools
Checking Ports with telnet
Checking Ports with nmap
Configure an E-mail Client
The Use of Text and Graphical Browsers
Using lftp to Access URLs
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
3 Fundamental Command-Line Skills
Shells
Other Shells
Virtual Terminals
GUI Shell Interfaces
Differences Between Regular and Administrative Users
Text Streams and Command Redirection
Standard Command-Line Tools
File and Directory Concepts
File Lists and ls
File-Creation Commands
Wildcards
File Searches
The Management of Text Files
Commands to Read Text Streams
Commands to Process Text Streams
Edit Text Files at the Console
Exercise 3-1: Using vi to Create a New User
If You Don’t Like vi
Edit Text Files in the GUI
Local Online Documentation
When You Need Help
A Variety of man Pages
The info Manuals
Detailed Documentation in /usr/share/doc
A Networking Primer
IPv4 Networks
Networks and Routing
Tools and Commands
Network Configuration and Troubleshooting
Network Configuration Files
Network Configuration Tools
Exercise 3-2: Configure a Network Card
Configure Name Resolution
Hostname Configuration Files
Hostname Configuration Options
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
4 RHCSA-Level Security Options
Basic File Permissions
File Permissions and Ownership
Commands to Change Permissions and Ownership
Basic User and Group Concepts
Access Control Lists and More
The getfacl Command
Make a Filesystem ACL Friendly
Manage ACLs on a File
Configure a Directory for ACLs
Configure Default ACLs
ACLs and Masks
Exercise 4-1: Use ACLs to Deny a User
NFS Shares and ACLs
Basic Firewall Control
Standard Ports
A Focus on iptables
Keep That Firewall in Operation
The iptables Service
The firewalld Service
Exercise 4-2: Adjust Firewall Settings
Securing SSH with Key-Based Authentication
SSH Configuration Commands
SSH Client Configuration Files
Basic Encrypted Communication
Set Up a Private/Public Pair for Key-Based Authentication
A Security-Enhanced Linux Primer
Basic Features of SELinux
SELinux Status
SELinux Configuration at the Command Line
Configure Basic SELinux Settings
Configure Regular Users for SELinux
Manage SELinux Boolean Settings
List and Identify SELinux File Contexts
Restore SELinux File Contexts
Identify SELinux Process Contexts
Diagnose and Address SELinux Policy Violations
The GUI SELinux Administration Tool
The SELinux Troubleshoot Browser
Exercise 4-3: Test a SELinux User Type
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
5 The Boot Process
The BIOS and the UEFI
Basic System Configuration
Startup Menus
Access to Linux Bootloaders
Bootloaders and GRUB 2
GRUB, the GRand Unified Bootloader
Exercise 5-1: Boot into a Different Target
Exercise 5-2: Recover the Root Password
Modify the System Bootloader
How to Update GRUB
The GRUB 2 Command Line
Exercise 5-3: Using the GRUB 2 Command Line
Reinstall GRUB 2
An Option for Booting from GRUB 2: Rescue Mode
Between GRUB 2 and Login
Kernels and the Initial RAM Disk
The First Process, Targets, and Units
Switch Between Targets
Reboot and Shut Down a System Normally
systemd Replaces Upstart and SysVinit
systemd Units
Virtual Terminals and Login Screens
Control by Target
Functionality by Target
The Innards of systemd Units
Service Configuration
Time Synchronization
Time Zone Configuration
Sync the Time with chronyd
Sync the Time with ntpd
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
6 Linux Filesystem Administration
Storage Management and Partitions
Current System State
The fdisk Utility
The gdisk Utility
The parted Utility
Using parted: Starting, Getting Help, and Quitting
Graphical Options
Exercise 6-1: Work with fdisk and parted
Filesystem Formats
Standard Formatting Filesystems
Journaling Filesystems
Filesystem Format Commands
Swap Volumes
Filesystem Check Commands
Exercise 6-2: Format, Check, and Mount Different Filesystems
Basic Linux Filesystems and Directories
Separate Linux Filesystems
Directories That Can Be Mounted Separately
Logical Volume Management (LVM)
Definitions in LVM
Create a Physical Volume
Create a Volume Group
Create a Logical Volume
Make Use of a Logical Volume
More LVM Commands
Remove a Logical Volume
Resize Logical Volumes
Filesystem Management
The /etc/fstab File
Universally Unique Identifiers in /etc/fstab
The mount Command
More Filesystem Mount Options
Virtual Filesystems
Add Your Own Filesystems to /etc/fstab
Removable Media and /etc/fstab
Networked Filesystems
The Automounter
Mounting via the Automounter
Exercise 6-3: Configure the Automounter
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
7 Package Management
The Red Hat Package Manager
What Is a Package?
What Is the RPM Database?
What Is a Repository?
Install an RPM Package
Uninstall an RPM Package
Install RPMs from Remote Systems
RPM Installation Security
Special RPM Procedures with the Kernel
More RPM Commands
Package Queries
Package Signatures
File Verification
Dependencies and the yum Command
An Example of Dependency Hell
Relief from Dependency Hell
Basic yum Configuration
The Basic yum Configuration File: yum.conf
Configuration Files in the /etc/yum/pluginconf.d Directory
Configuration Files in the /etc/yum.repos.d Directory
Create Your Own /etc/yum.repos.d Configuration File
Exercise 7-1: Create a yum Repository from the RHEL 7 DVD
Third-party Repositories
Basic yum Commands
Installation Mode
Security and yum
Updates and Security Fixes
Package Groups and yum
More yum Commands
More Package Management Tools
The GNOME Software Update Tool
Automated Updates
GNOME Software Tool
Exercise 7-2: Installing More with yum and the GNOME Software Tool
Red Hat Subscription Manager
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
8 User Administration
User Account Management
Different Kinds of Users
The Shadow Password Suite
Command-Line Tools
Exercise 8-1: Add a User with the Red Hat User Manager
Exercise 8-2: Real and Fake Shells
Modify an Account
More User and Group Management Commands
Administrative Control
The Ability to Log In as root
Exercise 8-3: Limit root Logins
The Ability to Log In
The Proper Use of the su Command
Limit Access to su
The Proper Use of the sg Command
Custom Administrators with the sudo Command
Other Administrative Users
User and Shell Configuration
Home Directories and /etc/skel
Exercise 8-4: Another Way to Secure a System
Shell Configuration Files in User Home Directories
Login, Logout, and User Switching
Users and Network Authentication
LDAP Client Configuration
The Name Service Switch File
The System Security Service Daemon
Red Hat Network Authentication Tools
Special Groups
Standard and Red Hat Groups
Shared Directories
Exercise 8-5: Control Group Ownership with the SGID Bit
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
9 RHCSA-Level System Administration Tasks
Elementary System Administration Commands
System Resource Management Commands
Archives and Compression
Automate System Administration: cron and at
The System crontab and Components
Hourly cron Jobs
Regular Anacron Jobs
Setting Up cron for Users
Exercise 9-1: Create a cron Job
Running a Job with the at System
Secure cron and at
Local Log File Analysis
System Log Configuration File
Log File Management
A Variety of Log Files
Service-Specific Logs
Exercise 9-2: Learn the Log Files
View systemd Journal Log Entries
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
10 A Security Primer
The Layers of Linux Security
Bastion Systems
Best Defenses with Security Updates
Service-Specific Security
Host-Based Security
User-Based Security
Console Security
Recommendations from the U.S. National Security Agency
The PolicyKit
Firewalls and Network Address Translation
Definitions
The Structure of firewalld
Exercise 10-1: Configure Rich Rules
Further Recommendations from the NSA
Make Sure That firewalld Is Running
IP Masquerading
IP Forwarding
The Red Hat Firewall Configuration Tool
TCP Wrappers
Is a Service Protected by TCP Wrappers?
TCP Wrappers Configuration Files
Exercise 10-2: Configure TCP Wrappers
Pluggable Authentication Modules
Configuration Files
Control Flags
The Format of a PAM File
Exercise 10-3: Configure PAM to Limit root Access
PAM and User-Based Security
Exercise 10-4: Use PAM to Limit User Access
Secure Files and More with GPG2
GPG2 Commands
Current GPG2 Configuration
GPG2 Encryption Options
Generate a GPG2 Key
Use a GPG2 Key to Encrypt a File
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
11 System Services and SELinux
Red Hat System Configuration
Service Management
System Services
Bigger Picture Configuration Process
Available Configuration Tools
Security-Enhanced Linux
Options in the SELinux Booleans Directory
Service Categories of SELinux Booleans
Boolean Configuration with the SELinux Management Tool
Boolean Settings
SELinux File Contexts
SELinux Port Labeling
Exercise 11-1: Configure a New Directory with Appropriate SELinux Contexts
The Secure Shell Server
SSH Server Configuration Files
Configure an SSH Server
Exercise 11-2: Run an SSH Server on a Nonstandard Port
User-Based Security for SSH
Host-Based Security for SSH
A Security and Configuration Checklist
Installation of Server Services
Basic Configuration
Make Sure the Service Survives a Reboot
Review Access Through Layers of Security
Exercise 11-3: Practice Troubleshooting Network Connectivity Issues
Exercise 11-4: Review the Different Effects of firewalld and TCP Wrappers
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
12 RHCE Administrative Tasks
Automate System Maintenance
Standard Administrative Scripts
Bash Variables
Bash Commands
Exercise 12-1: Create a Script
Set Up System Utilization Reports
System Utilization Commands
The System Activity Report Tool
Collect System Status into Logs
Prepare a System Status Report
Kernel Run-time Parameters
How sysctl Works with /etc/sysctl.conf
Settings in the /etc/sysctl.conf File
Exercise 12-2: Disable Responses to the ping Command
IP Routes
Configure a Default Route
Configure a Static Route
Exercise 12-3: Practice with Static Routes
An Introduction to IPv6
Basic IPv6 Addressing
Troubleshooting Tools
Configure IPv6 Addresses
Network Interface Bonding and Teaming
Configure Interface Bonding
Exercise 12-4: Test Bonding Failover
Configure Interface Teaming
Authentication with Kerberos
A Kerberos Primer
Prerequisites for Kerberos Servers and Clients
Exercise 12-5: Install a Kerberos KDC
Set Up a Kerberos Client
Exercise 12-6: Configure Kerberos Authentication
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
13 Network Services: DNS, SMTP, iSCSI, and NTP
An Introduction to Domain Name Services
The BIND Name Server
Different Types of DNS Servers
Minimal DNS Server Configurations
BIND Configuration Files
A BIND Caching-Only Name Server
Unbound as a Caching-Only Name Server
DNS Client Troubleshooting
Exercise 13-1: Set Up Your Own BIND DNS Server
Exercise 13-2: Set Up Your Own Unbound DNS Server
A Variety of E-Mail Agents
Definitions and Protocols
Relevant Mail Server Packages
Use the alternatives Command to Select an E-Mail System
General User Security
Mail Logging
Common Security Issues
Testing an E-Mail Server
Exercise 13-3: Create Users Just for E-Mail
The Configuration of Postfix
Configuration Files
The main.cf Configuration File
The /etc/aliases Configuration File
Test the Current Postfix Configuration
Configure Postfix Authentication
Configure Postfix as an SMTP Server for a Domain
Configure Postfix as a Null Client
iSCSI Targets and Initiators
Set Up an iSCSI Target
Connect to Remote iSCSI Storage
The Network Time Service
The NTP Server Configuration File
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
14 The Apache Web Server
The Apache Web Server
Apache 2.4
The LAMP Stack
Installation
Exercise 14-1: Install the Apache Server
The Apache Configuration Files
Analyze the Default Apache Configuration
The Main Apache Configuration File
Basic Apache Configuration for a Simple Web Server
Apache Log Files
Standard Apache Security Configuration
Ports and Firewalls
Apache and SELinux
Module Management
Security Within Apache
Exercise 14-2: The Apache Welcome and the noindex.html Story
Exercise 14-3: Create a List of Files
Host-Based Security
User-Based Security
Specialized Apache Directories
Control Through the .htaccess File
Password-Protected Access
Home Directory Access
Group-Managed Directories
Exercise 14-4: Password Protection for a Web Directory
Regular and Secure Virtual Hosts
The Standard Virtual Host
Secure Virtual Hosts
Create a New TLS Certificate
Test Pages
Syntax Checkers
Apache Troubleshooting
Exercise 14-5: Set Up a Virtual Web Server
Deploy a Basic CGI Application
Apache Configuration Changes for CGI Files
Set Up a Simple CGI Script in Perl
Connections to a Website
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
15 The Samba File Server
Samba Services
Install Samba Services
Some Samba Background
Ports, Firewalls, and Samba
Configure SELinux Booleans for Samba
Configure SELinux File Contexts for Samba
Samba Daemons
Samba Server Global Configuration
Shared Samba Directories
Let Samba Join a Domain
The Samba User Database
Create a Public Share
Test Changes to /etc/samba/smb.conf
Exercise 15-1: Configure a Samba Home Directory Share
Samba as a Client
Command-Line Tools
Mount Options
Automated Samba Mounts
Exercise 15-2: Configuring a Samba Share for Group Collaboration
Multiuser Samba Mounts
Samba Troubleshooting
Samba Problem Identification
Local Log File Checks
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
16 NFS Secured with Kerberos
The Network File System (NFS) Server
NFS Options for RHEL 7
Basic NFS Installation
Basic NFS Server Configuration
Configure NFS for Basic Operation
Fixed Ports in /etc/sysconfig/nfs
Make NFS Work with SELinux
Quirks and Limitations of NFS
Performance Tips
NFS Security Directives
Options for Host-Based Security
Options for User-Based Security
Exercise 16-1: NFS
Test an NFS Client
NFS Mount Options
Configure NFS in /etc/fstab
Diskless Clients
Current NFS Status
NFS with Kerberos
Kerberos-Enabled NFS Services
Configure NFS Exports with Kerberos
Configure NFS Clients with Kerberos
Exercise 16-2: Prepare a System for NFS Secured with Kerberos
Exercise 16-3: Configure a Kerberos-Enabled NFS Share
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
17 The MariaDB Server
Introduction to MariaDB
MariaDB Installation
Initial Configuration
Exercise 17-1: Install and Secure MariaDB
Run MariaDB on a Nonstandard TCP Port
Exercise 17-2: Run MariaDB on a Nonstandard TCP Port
Database Management
Database Concepts
Working with Databases
Working with Tables
Exercise 17-3: Create a Table
Simple SQL Queries
The INSERT SQL Command
The SELECT SQL Command
The DELETE SQL Command
The UPDATE SQL Command
Exercise 17-4: Practice with Simple SQL Queries
Secure MariaDB
Host-Based Security
User-Based Security
Exercise 17-5: Practice MariaDB User’s Permissions
Database Backup and Recovery
Back Up and Restore with mysqldump
Back Up with a Dump of the Data to a Text File
Certification Summary
Two-Minute Drill
Q&A Self Test
Lab Questions
Self Test Answers
Lab Answers
A Prepare a System for the Sample Exams
Basic Sample Exam System Requirements
Additional Sample Exam System Requirements for the RHCE
B Sample Exam 1: RHCSA
RHCSA Sample Exam 1 Discussion
C Sample Exam 2: RHCSA
RHCSA Sample Exam 2 Discussion
D Sample Exam 3: RHCE Sample Exam 1
RHCE Sample Exam 1 Discussion
E Sample Exam 4: RHCE Sample Exam 2
RHCE Sample Exam 2 Discussion
F About the DVD
System Requirements
Electronic Book
Technical Support
Glossary
Index
← Prev
Back
Next →
← Prev
Back
Next →