Prepared By Vinodh Kombissan

Date Feb 1, 2010 Page 1

Redhat Enterprise Linux 5
Advanced Sys Admin
Vinodh Kombissan (RHCE)
Lead Consultant Sys Mgmt
February 01, 2010
redhat
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 2
Schedule
Day 1
Welcome
Pre-Quiz
Linux Basics - Summary
Package Management (RPM/YUM)
LAB - Activity
Day 2
Boot Sequence
GRUB Kernel/Initrd
Advanced File Permission
Disk Quota / ACL
LAB - Activity
Day 3
RAID
LVM
DHCP Master/Client
LAB - Activity
Day 4
NFS Master/Client
NIS Master/Client
HTTP Server
Mail Server (POP3/IMAPS)
Squid Proxy
LAB - Activity
Day 5
Kickstart Server
LAB Activity
Post Quiz
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 3
Introduction
Name
Short ID
Role
Responsibility
Experience
Area of interest
Any previous experience in any UNIX flavors
Current rating on Linux knowledge (1-10)
Expectations from the program?
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 4
Ground Rules
In order to ensure the productivity of our training, we will need to be.
Pagers and mobile phones off
Full participation
Be Interactive but only one speaker at a time
Respect the views of others
Silence indicates agreement
Punctual
Keep to the break times agreed
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 5
Pre Quiz
Write your Name and Employee ID without fail.
20 questions, multiple choices in 30 minutes
Use the pre-quiz columns for writing your answers
Do not discuss
A question can have more than one correct answer, but choose the
best one.
Please encircle your guessed answers to find how good you are at
guessing
Chocolates will be distributed for:
1. Pre-quiz highest scorer
2. Post-quiz highest scorer
3. One with maximum difference
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 6
Course Objective
Minimize time and resources spent managing systems.
Maximize productivity, reliability, and performance.
Provide remote system management solutions.
Trainees ready for RHCE certification
Pre-requisite: RHEL Basics training or equivalent (RH-033) or (RH-133)
VI editor knowledge
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 7
Role of Administrator
Pre-installation planning of:
User accounts/groups
Storage allocation/paging space
Subsystem (printing, networks...)
Standard naming conventions
Determine system policies
Install and configure hardware
Configure the software
Configure the network
System backup
Create/manage user accounts
Define and manage subsystems
Manage system resources (for example, disk space)
Performance monitoring
Capacity planning
Managing licenses for products
Document system configuration and keep it current
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 8
Package Management (RPM)
The RPM Package Manager (RPM) is an open packaging system, which
runs on Red Hat Enterprise Linux as well as other Linux and UNIX systems.
RPM has five basic modes of operation
installing,
uninstalling,
upgrading,
querying
Verifying
RPM database is maintained in /var/lib/rpm
RPM Packages are available at
The Red Hat Enterprise Linux CD-ROMs
Red Hat Network
RPM package naming convention packagename-version-release.arch.rpm
xinetd-2.3.14-10.el5.rpm
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 9
Single letter Fullword
-q --query
-i --install
-V --verify
-U --upgrade
-e --erase
-v --verbose
-h --hash
-l --list
-f --find
-K --checksig
--import
--force
--replacepkgs
-R --requires
Description
Query rpm database for installed rpm
install a rpm package
Verify Installed rpm packages consistency
Upgrade a rpm version
remove a rpm package
verbose output
Shows progress % in hashes
lists files created by package
find the package name of missing file
Verify package genuinity
Import rpm checksum keys
force re-install
force re-install
Shows dependency
RPM command options
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 10
RPM - Verification
Installed package file verification
# rpm V package
# rpm Vp rpmfile
# rpm Va
Signature verification BEFORE package
install
# rpm import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
# rpm K package.rpm
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 11
YUM Yellowdog Updater Modified
repofile
(Path to repo directory)
repo directory
(RPM package repository )
2 1
repo file is to be created in local machine under /etc/yum.repos.d with
.repo extension
repo directory could be on local machine or on a remote server
Sample repo file
# cat /etc/yum.repos.d/myrepo.repo
[myrepo]
name=Server1 repository
baseurl=ftp://server1/pub/server
enabled=1
gpgcheck=0
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 12
YUM command options
# yum clean all clean yum cache
# yum list <packagename> list package information from repo
# yum install <packagename> install package with dependency
# yum provides <packagename> list files created by package
# yum whatprovides <filename> find the package name of given file
# yum remove <packagename> uninstall package
# yum update <packagename> updates an installed package
Creating a yum repo directory
Create a repo directory # mkdir /myrepo
Copy the rpm packages # cp *.rpm /myrepo
Install createrepo package # rpm ivh createrepo*.rpm
Run createrepo command # createrepo v /myrepo
Create a repo file # vi /etc/yum.repos.d/myrepo.repo
Clean yum cache # yum clean all
Create new yum cache # yum list <packagename>
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 13
Boot Sequence Overview
BIOS Initialization
Boot Loader
Kernel initialization
init starts and enters desired run level by executing:
/etc/rc.d/rc.sysinit
/etc/rc.d/rc and /etc/rc.d/rc?.d/
/etc/rc.d/rc.local
X Display Manager if appropriate
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 14
BIOS
POST
Select boot device
Master Boot Record (512 bytes)
GRUB (446 bytes) Partition Table (66 bytes)
kernel initrd
Detect hardware and install driver modules
Mount root filesystem as Read-Only
Start init process (PID 1) read /etc/inittab
Goto initdefault runlevel
Run rc.sysinit script
Run rc?.d/* script
Run rc.local script
Start Virtual consoles
Start X11
Create device files (udev)
Enable SELinux
Enable SWAP and set hostname, IP address
Mount root as Read-Write read /etc/fstab
Start RAID or LVM & mount other filesystem
Enable quota
Set Kernel parameters (/etc/sysctl.conf)
Boot Sequence
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 15
Boot Loader Components
Boot Loader
1st Stage - small, resides in MBR or boot sector
2nd Stage - loaded from boot partition
Minimum specifications for Linux:
Label, kernel location, OS root filesystem and location of the
initial ramdisk (initrd)
GRUB the GRand Unified Bootloader
Command-line interface available at boot prompt
Boot from ext2/ext3, ReiserFS, JFS, FAT, minix, or FFS file systems
Configurtion file is /boot/grub/grub.conf
Changes to grub.conf take effect immediately
If MBR on /dev/hda is corrupted, reinstall the first stage bootloader
with:
# /sbin/grub-install </dev/hda>
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 16
Boot Loader (GRUB)
Sample /etc/grub/grub.conf
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/hda2
# initrd /initrd-version.img
#boot=/dev/hda
default=1
timeout=10
splashimage=(hd0,0)/grub/splash.xpm.gz
title Red Hat Enterprise Linux (2.6.9-5.EL)
root (hd0,0)
kernel /vmlinuz-2.6.9-5.EL ro root=LABEL=/
initrd /initrd-2.6.9-5.EL.img
title Red Hat Enterprise Linux (2.6.9-1.906_EL)
root (hd0,0)
kernel /vmlinuz-2.6.9-1.906_EL ro root=LABEL=/
initrd /initrd-2.6.9-1.906_EL.img
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 17
Initial RAM Disk Image
The initial RAM disk allows a modular kernel to have access to
modules that it might need to boot from before the kernel has
access to the device where the modules normally reside.
The initial RAM disk image is placed under /boot filesystem as
initrd-<version>.img
To Create a new initrd image with an updated SCSI driver
# cp p /boot/initrd-<version>.img /boot/initrd-<version>.img.old
# mkinitrd <new_initrd_name> <Kernel-Version> --with=<modulename>
Eg:
# mkinitrd initrd_new.img $(uname r) with=SCSI
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 18
RHEL Kernel
Manage major activity in linux environment
Detects hardware
Loads respective modules
Process scheduling
Memory management
Security and permission management
Modify system performance by changing kernel parameters
(/etc/sysctl.conf)
To know the kernel Version
# uname r
To list all kernel modules
# lsmod
To add or remove hernel modules
# modprobe
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 19
RHEL Kernel
Red Hat Enterprise Linux contains the following kernel packages
kernel Contains the kernel for multi-processor systems. For x86 system,
only the first 4GB of RAM is used. As such, x86 systems with over 4GB of
RAM should use the kernel-PAE.
kernel-PAE (only for i686 systems) This package offers the following key
configuration options
Support for over 4GB of RAM (up to 16GB for the x86)
PAE (Physical Address Extension) or 3-level paging on x86 processors that support PAE
4GB/4GB split: 4GB of virtual address space for the kernel and almost 4GB for each user
process on x86 systems
kernel-xen Includes a version of the Linux kernel which is needed to run
Virtualization.
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 20
Boot Process
Kernel boot time functions
Device detection
Device driver initialization
Mounts root file system read only
Loads initial process (init)
init reads its configuration file /etc/inittab and start other processes as configured.
Run Levels
init defines run levels 0-6, S, emergency
The run level is selected by either
the default in /etc/inittab at boot
passing an argument from the boot loader
using the command init <new run level>
To check current and previous run levels
runlevel
Default run level is specifies in /etc/inittab
id:3:initdefault
Run level defines which services to start
Each run level has a corresponding directory:
/etc/rc.d/rcX.d
The System V init scripts reside in:
/etc/rc.d/init.d
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 21
System Startup and Shutdown
Run Levels
Before performing maintenance on the operating system or changing the system
run level, you might need to examine the various run levels. A run level is a
software configuration that allows only a selected group of processes to exist.
Identifying the current run level
# who r
run-level 3 2009-08-04 06:45 last=S
# runlevel
N 3
Change Run level
# init <run_level>
Run Level
0 Halt
1 Single-user mode
2 Not used (user-definable)
3 Full multi-user mode
4 Not used (user-definable)
5 Full multi-user mode (with an X-based login screen)
6 Reboot
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 22
System Startup and Shutdown
inittab
The inittab file describes which processes are started at bootup and during normal
operation. An entry in the inittab file has the following format:
id:runlevels:action:process
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 23
File Characteristics
File
Type
Permissions
Links
Owner
Group
Size
Timestamp
Name
$ ls -l
-rw-r--r-- 1 user3 class 37 Jul 24 11:06 f1
-rwxr-xr-x 1 user3 class 52 Jul 24 11:08 f2
drwxr-xr-x 2 user3 class 1024 Jul 24 12:03 memo
Advance File Permission
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 24
Who Has Access to a File/Directory?
The UNIX system incorporates a three-tier structure to define who has access
to each file and directory:
user The owner of the file
group A group that may have access to the file
other Everyone else
The ls -l command displays the owner and group who has access to the file.
$ ls -l
-rw-r--r-- 1 user3 class 37 Jul 24 11:06 f1
-rwxr-xr-x 1 user3 class 37 Jul 24 11:08 f2
drwxr-xr-x 2 user3 class 1024 Jul 24 12:03 memo
| |
owner group
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 25
File permissions
Types of users
Owner, Group, Others
Types of file permissions
(-) no permission
(r) read permission - ( 4 )
(w) write permission - (2)
(x) execute permission - (1)
First character shows file types
(-) ordinary file
(d) directory
( l) symbolic/soft link
( c ) character device file
( b ) block device file
( p ) named pipe
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 26
Permissions
Permissions are displayed with ls -l:
$ ls -l
- rw- r-- r-- 1 user3 class 37 Jul 24 11:06 f1
- rwx r-x r-x 1 user3 class 37 Jul 24 11:08 f2
d rwx r-x r-x 2 user3 class 1024 Jul 24 12:03 memo
user (owner)access
group access
other access
file owner
file group
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 27
Security & User Administration
Security Concepts
User Accounts
Each user has a unique name, numeric ID and password
File ownership is determined by a numeric ID
The owner is usually the user who created the file, but ownership can be transferred
by root
Default users:
root Super user
adm,sys,bin, IDs that own system files but cannot be used for login
Groups
A group is a set of users, all of whom need access to a given set of files
Every user is a member of atleast one group and can be a member of several groups
The user has access to files in their groupset. To list the groupset use groups
The users primary group is used for file ownership on creation. To change the
primary group use the newgrp
Default groups:
System administrators
Staff ordinary users
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 28
Security & User Administration
Reading Permissions
Changing Permissions
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 29
ACL Access Control List
To set ACL permissions the filesystem has to be mounted with ACL settings
# mount o remount,acl <mountpoint>
To get ACL information of file
# getfacl <filename>
# file: filename
# owner: john
# group: john
user::rw-
group::r
other::r
To Set ACL permission for a file for user student
# setfacl m u:student:rw <absolute_path_filename>
To remove ACL permission
# setfacl x u:student <absolute_path_filename>
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 30
Disk Quota
Restrictions
By size in bytes
By number of files
Disk quota is used to limit the users from
over using the given space and burden the
filesystem
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 31
Disk Quota
Step 1: To Set quota the filesystem should be mounted with usrquota option
# mount o remount,usrquota <filesystem>
Step 2: Create quota database
# quotacheck c <filesystem>
Step 3: enable quota
# quotaon <filesystem>
Step 4: Setquota for users
# setquota u <user> 600 900 0 0 <filesystem>
Step 5: Check quota using quota or repquota command
# repquota a (or)
# quota <username>
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 32
RAID
Redundant Array of Independent Disks
Different RAID Levels
RAID 0
RAID 1
RAID 3
RAID 5
RAID 10
RAID 01
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 33
RAID 0
A RAID 0 (also known as a stripe set or striped
volume) splits data evenly across two or more
disks (striped) with no parity information for
redundancy.
+ More data storage space
+ Good write performance
- Low read performance
- No redundancy
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 34
RAID 1
A RAID 1 creates an exact copy (or mirror) of a
set of data on two or more disks. This is useful
when read performance or reliability are more
important than data storage capacity.
- Less data storage space
- Low write performance
+ High read performance
+ High redundancy
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 35
RAID 3
A RAID 3 uses byte-level striping with a
dedicated parity disk.
+ ~ increased data storage space
+ ~ increased write performance
+ ~ increased read performance
+ ~ increased redundancy
- One disk is heavily loaded with
Parity
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 36
RAID 5
A RAID 5 uses byte-level striping with a
rotating parity .
+ ~ increased data storage space
+ ~ increased write performance
+ ~ increased read performance
+ ~ increased redundancy
+ All disks is loaded with Parity
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 37
RAID commands
Create Partitions using fdisk utility
Change the partition type to fd Automated RAID Array
Create RAID devices
# mdadm C /dev/md0 -level 1 n 2 /dev/had{5,6}
Check RAID detail
# mdadm --detail /dev/md0
To verify by failing a drive
# mdadm fail /dev/hda6
To remove a RAID device
# mdadm remove /dev/hda6
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 38
LVM useful facts:
A disk must be first initialized into a physical volume
One or more Physical Volume pools to form a Volume group
One PV can be part of One VG only
A volume group may contain one to 255 physical volumes
Disk space from the Volume group is allocated into logical volumes, A volume group
can contain 255 logical volumes.
A logical volume can exists on one disk or can reside on portions of many disks.
The disk space within a logical volume can be used for swap, dump, raw data, or can
create a filesystem on it.
LVM divides physical disk into addressable units called physical extents. Default PE
size is 4 MB, can be varied from 1MB to 256MB
The basic allocation unit for logical volume is called logical extents, the size of logical
extent will be the same as physical extent size.
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 39
LVM Disk Partitioning
logical volume 1
logical
volume 3
logical volume 2
logical volume 2
logical
volume 1
logical
volume 3
Physical
Volume 2
Physical
Volume 1
Physical
Volume 3
Volume
Group 01
Volume
Group 00
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 40
LVM Device Files
/dev
hda
hdb
vg01
lvol1
lvol2
block
pv
device
files
block lv
device files
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 41
LVM Extents
LEs for lvol1
LE0
LE1
LE2
LE3
LEs for lvol2
LE0
LE1
LE2
LE3
PEs for c0tld0
PE0
PE1
PE2
PE3
PE4
PE5
PE6
PE7
PE8
PE9
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 42
LVM Data structure:
LVM Data Structure contains:
PVRA (Physical Volume Reserve Area)
Created by pvcreate command and contains physical volume information
VGRA (Volume Group Reserve Area)
Created by the vgcreate command and contains the volume group status area (VGSA) and
volume group descriptor area (VGDA), which contains device driver information used for the vg.
BBRA (Bad Block Relocation Area )
An area at the end of the disk used by LVM whenever a physical defect is seen on the phys
volume. This area is created by the pvcreate command
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 43
Creating Physical Volumes
PVRA/VGRA
BBRA
PVRA/VGRA
BBRA
/dev/hda
/dev/hdb
pvcreate /dev/hda
pvcreate /dev/hdb
A disk managed by LVM is known as a physical volume. Several special data
structures must be created on a disk before it can be used by LVM. Once
these data structures have been created, the disk is considered to be a
physical volume, and may be added to a volume group.
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 44
Creating Volume Groups
PVRA/VGRA PVRA/VGRA
/dev/hda /dev/hdb
Create: # vgcreate vg01 /dev/hda /dev/hdb
vg01
A volume group is a group of one or more physical volumes. The physical
volumes in a volume group form a pool of disk space which may be allocated
to one or more logical volumes
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 45
Creating Logical Volumes
c0t3d0
/dev/hdc
vg01
myswap
myfs1
myfs2
Create: lvcreate -L 16 -n myswap vg01
lvcreate -L 16 -n myfs1 vg01
lvcreate -L 16 -n myfs2 vg01
Disk space from a volume group may be allocated to one or more logical
volumes. A logical volume is analogous to a partition, and may contain a le
system, swap area, or raw partition
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 46
Logical Volume Manager
Why have a Filesystem?
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 47
Logical Volume Manager
Objectives
Monitor filesystem growth and control growing files
Manage filesystem disk space usage
Implement basic filesystem integrity checks
Space Management
Filesystems expand upon notice, NOT automatically
To keep from running into problems:
Monitor filesystem growth
Determine causes
Control growing files
Manage filesystem space usage
Control user disk usage
Defragment filesystem
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 48
NFS Master
Step 1: Edit /etc/exports file
# vi /etc/exports
/export_dir *(rw,sync)
Step 2: Start portmap and nfs service
# service portmap start
# service nfs start
# chkconfig portmap on
# chkconfig nfs on
Step 3: Run exportfs command
# exportfs -va
Step 4: Verify exports using showmount command
# showmount -e
Step 5: Mount the filesystem remotely
Client # mount Server_IP://export_dir /export_mnt
Step 6: verify remote mounts using showmount command
# showmount -a
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 49
Advanced User Management
In this section we deal with users on network
NIS User
LDAP User
User Management
Password restrictions
Authentication
Setting Disk quota
Advanced file permissions
Roaming user profile using NFS
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 50
NIS User Administration
Create NIS Master
Step 1: Install ypbind, ypserv and yp-tools package
Step 2: Edit /etc/yp.conf and add the following entry
domain example.com server 192.168.0.254
ypserver 127.0.0.1
Step 3: Add the following entry to /etc/sysconfig/network
NISDOMAIN=example.com
Step 4: Set NIS domain name also update /etc/hosts with FQDN
# domainname example.com
# ypdomainname example.com
Step 5: Start portmap, ypbind, ypserv and ypxfrd services and make
sure to enable it using chkconfig
Step 6: Check if ports are listening
# rpcinfo -u localhost ypserv
Step 7: Initialize the maps
# /usr/lib/yp/ypinit -m
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 51
NIS User Administration
On Clinet: system-config-authentication
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 52
DHCP
DHCP Dynamic Host Configuration Protocol
- Used to provide dynamic IP address to clients
Step 1 : Install dhcp RPM
# rpm ivh dhcp*.rpm
Step 2 : copy-paste the default config file to /etc/dhcpd.conf
# cp /usr/share/doc/dhcp-<version-number>/dhcpd.conf.sample /etc/dhcpd.conf
Step 3 : Edit the dhcp configuration accordingly
Step 4 : Start dhcp server service and turn it on
# service dhcpd start
# chkconfig dhcpd on
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 53
HTTP Server
Step 1: Install HTTP RPM
# rpm ivh httpd-*.rpm
Step 2: Edit the /etc/httpd/conf/httpd.conf file to make the changes
Step 3: Create virtual hosts by adding lines into the configuration file
and edit DocumentRoot variable.
Step 4: Start httpd service and turn it on
# service httpd start
# chkconfig httpd on
Default HTTP port is 80
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 54
Mail Services
Understand electronic mail operation
Use the alternatives system to select a mail server
Perform basic configuration of a mail server
Configure postfix
Configure Dovecot for encrypted and unencrypted protocols
Debug email services
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 55
Dovecot Configuration
Dovecot is an open source IMAP and POP3 server for
Linux/UNIX-like systems, written with security primarily in
mind.
Step 1 : Install dovecot RPM
# rpm ivh dovecot-*.rpm
Step 2 : Find and remove dovecot.pem default permission file
# find /etc name dovecot.pem exec rm {} \;
Step 3 : Create a new dovecot.pem file
# make c /etc/pki/tls/certs dovecot.pem
Step 4 : Add the entries to /etc/dovecot.conf file with the updated
dovecot.pem file and enable required imap/pop protocol
Edit protocol and ssl_certs line in /etc/dovecot.conf file
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 56
Configure Postfix
Step 1: Install postfix RPM
# rpm ivh postfix-*.rpm
Step 2: Stop sendmail service and turn it off
# service sendmail stop
# chkconfig sendmail off
Step 3: Change the default MTA from sendmail to postfix
# alternatives - - config mta
Step 4: Edit /etc/postfix/main.cf file and modify the inet_interfaces entry
inet_interfaces <host_IP>
Step 5: add apropriate entries in /etc/aliases for aliasing.
sysadmin: trainer,student1,student3
Step 6: Start postfix service and turn it on
# service postfix start
# chkconfig postfix on
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 57
POP3
Depending on the security setup it is recommended to add specific
IPTABLE rules to restrict access to domains
Eg:
# iptables A INPUT s ! 192.168.0.0/24 p tcp dport 110 j REJECT
Will deny access to any network other than 192.168.0.0/24 network
Send a mail to the group called sysadmin and check if users receive mail in
their mailbox
# echo testmail | mail s Subject: testmail [email protected]
Verify mail
# mail pop://[email protected]
Default POP3 port is 110
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 58
IMAPS
Depending on the security setup it is recommended to add specific
IPTABLE rules to restrict access to domains
Eg:
# iptables A INPUT s ! 192.168.0.0/24 p tcp dport 993 j REJECT
Will deny access to any network other than 192.168.0.0/24 network
Send a mail to the group called sysadmin and check if users receive mail in
their mailbox
# echo testmail | mail s Subject: testmail [email protected]
Verify mail
# mail imaps://[email protected]
Default IMAPS port is 993
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 59
SQUID
Step 1: Install Squid rpm
# rpm ivh squid*.rpm
Step 2: Edit the squid configuration file
# vi /etc/squid/squid.conf
Change the following:
http_port from default 3128 to 8080
Change Recommended and INSERT lines in the file
Step 3: Start postfix service and turn it on
# service squid start
# chkconfig squid on
Step 4: change the proxy setting in firefox
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 60
Kickstart Server
Kickstart server is used to build RedHat clients in network
It is an un-attended installation and holds the installation files
Supports installation via local CDROM/HDD/NFS/HTTP/FTP
Kickstart Config file
Command Section
Package Section
Pre and Post scripts section
Kickstart can be configured using ksconfig
system-config-kickstart provides a simple method of creating a
kickstart file that can be used to automate the installation process on
Red Hat Linux.
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 61
System-config-kickstart
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 62
Install client
Boot the system using boot media and at
the boot prompt
boot: linux ks=nfs:server:/kickstart/ks.cfg
boot: linux ks=http://<server>/<path>
boot: linux ks=ftp://<server>/<path>
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 63
Post Quiz
Write your Name and Employee ID without fail.
20 questions, multiple choices in 30 minutes
Use the post-quiz columns for writing your answers
Do not discuss
A question can have more than one correct answer, but choose the
best one.
Please encircle your guessed answers to find how good you are at
guessing
Chocolates will be distributed for:
1. Pre-quiz highest scorer
2. Post-quiz highest scorer
3. One with maximum difference
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 64
Post Quiz
Score Card
Sl no Trainee Name Pre-quiz Post-quiz Difference
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Prepared By Vinodh Kombissan
Date Feb 1, 2010 Page 65
Thank You
Vinodh Kombissan
[email protected]
Mobile: 9940041817
Nortel : +91 44 43721227
Extn 1227
Computer Sciences Corporation,
7th Floor , DLF IT Park, Tower 1B,
Manapakkam, Chennai - 600 086.
Please provide your valuable feedback and suggestions!!!
RHCE Certificate number: 805010021746212