Book Image

Red Hat Enterprise Linux 8 Administration

By : Miguel Pérez Colino, Pablo Iranzo Gómez, Scott McCarty

Book Image

Red Hat Enterprise Linux 8 Administration

By: Miguel Pérez Colino, Pablo Iranzo Gómez, Scott McCarty

Overview of this book

Whether in infrastructure or development, as a DevOps or site reliability engineer, Linux skills are now more relevant than ever for any IT job, forming the foundation of understanding the most basic layer of your architecture. With Red Hat Enterprise Linux (RHEL) becoming the most popular choice for enterprises worldwide, achieving the Red Hat Certified System Administrator (RHCSA) certification will validate your Linux skills to install, configure, and troubleshoot applications and services on RHEL systems. Complete with easy-to-follow tutorial-style content, self-assessment questions, tips, best practices, and practical exercises with detailed solutions, this book covers essential RHEL commands, user and group management, software management, networking fundamentals, and much more. You'll start by learning how to create an RHEL 8 virtual machine and get to grips with essential Linux commands. You'll then understand how to manage users and groups on an RHEL 8 system, install software packages, and configure your network interfaces and firewall. As you advance, the book will help you explore disk partitioning, LVM configuration, Stratis volumes, disk compression with VDO, and container management with Podman, Buildah, and Skopeo. By the end of this book, you'll have covered everything included in the RHCSA EX200 certification and be able to use this book as a handy, on-the-job desktop reference guide. This book and its contents are solely the work of Miguel Pérez Colino, Pablo Iranzo Gómez, and Scott McCarty. The content does not reflect the views of their employer (Red Hat Inc.). This work has no connection to Red Hat, Inc. and is not endorsed or supported by Red Hat, Inc.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Share Your Thoughts

Section 1: Systems Administration – Software, User, Network, and Services Management

Section 1: Systems Administration – Software, User, Network, and Services Management

Free Chapter

Chapter 1: Installing RHEL8

Chapter 1: Installing RHEL8

Technical requirements

Obtaining RHEL software and a subscription

Installing RHEL8

Chapter 2: RHEL8 Advanced Installation Options

Chapter 2: RHEL8 Advanced Installation Options

Technical requirements

Automating RHEL deployments with Anaconda

Deploying RHEL on the cloud

Installation best practices

Chapter 3: Basic Commands and Simple Shell Scripts

Chapter 3: Basic Commands and Simple Shell Scripts

Logging in as a user and managing multi-user environments

Changing users with the su command

Understanding users, groups, and basic permissions

Using the command line, environment variables, and navigating through the filesystem

Understanding I/O redirection in the command line

Filtering output with grep and sed

Listing, creating, copying, and moving files and directories, links, and hard links

Using tar and gzip

Creating basic shell scripts

Using system documentation resources

Chapter 4: Tools for Regular Operations

Chapter 4: Tools for Regular Operations

Technical requirements

Managing system services with systemd

Scheduling tasks with cron and systemd

Learning about time synchronization with chrony and NTP

Checking for free resources – memory and disk (free and df)

Finding logs, using journald, and reading log files, including log preservation and rotation

Chapter 5: Securing Systems with Users, Groups, and Permissions

Chapter 5: Securing Systems with Users, Groups, and Permissions

Creating, modifying, and deleting local user accounts and groups

Managing groups and reviewing assignments

Adjusting password policies

Configuring sudo access for administrative tasks

Checking, reviewing, and modifying file permissions

Using special permissions

Chapter 6: Enabling Network Connectivity

Chapter 6: Enabling Network Connectivity

Technical requirements

Exploring network configuration in RHEL

Getting to know the configuration files and NetworkManager

Configuring network interfaces with IPv4 and IPv6

Configuring hostname and hostname resolutions (DNS)

Overview of firewall configuration

Testing network connectivity

Chapter 7: Adding, Patching, and Managing Software

Chapter 7: Adding, Patching, and Managing Software

RHEL subscription registration and management

Managing repositories and signatures with YUM/DNF

Doing software installations, updates, and rollbacks with YUM/DNF

Creating and syncing repositories with createrepo and reposync

Understanding RPM internals

Section 2: Security with SSH, SELinux, a Firewall, and System Permissions

Section 2: Security with SSH, SELinux, a Firewall, and System Permissions

Chapter 8: Administering Systems Remotely

Chapter 8: Administering Systems Remotely

Technical requirements

SSH and OpenSSH overview and base configuration

Accessing remote systems with SSH

Key-based authentication with SSH

SCP/rsync – remote file management

Advanced remote management – SSH tunnels and SSH redirections

Remote terminals with tmux

Chapter 9: Securing Network Connectivity with firewalld

Chapter 9: Securing Network Connectivity with firewalld

Introduction to the RHEL firewall – firewalld

Enabling firewalld in the system and reviewing the default zones

Enabling and managing services and ports

Creating and using service definitions for firewalld

Configuring firewalld with the web interface

Chapter 10: Keeping Your System Hardened with SELinux

Chapter 10: Keeping Your System Hardened with SELinux

Technical requirements

SELinux usage in enforcing and permissive modes

Reviewing the SELinux context for files and processes

Tweaking the policy with semanage

Restoring changed file contexts to the default policy

Using SELinux Boolean settings to enable services

SELinux troubleshooting and common fixes

Chapter 11:System Security Profiles with OpenSCAP

Chapter 11:System Security Profiles with OpenSCAP

Getting started with OpenSCAP and discovering system vulnerabilities

Using OpenSCAP with security profiles for OSPP and PCI DSS

Section 3: Resource Administration – Storage, Boot Process, Tuning, and Containers

Section 3: Resource Administration – Storage, Boot Process, Tuning, and Containers

Chapter 12: Managing Local Storage and Filesystems

Chapter 12: Managing Local Storage and Filesystems

Technical requirements

Partitioning disks (MBR and GPT disks)

Formatting and mounting filesystems

Setting default mounts and options in fstab

Using network filesystems with NFS

Chapter 13: Flexible Storage Management with LVM

Chapter 13: Flexible Storage Management with LVM

Technical requirements

Understanding LVM

Creating, moving, and removing physical volumes

Combining physical volumes into volume groups

Creating and extending logical volumes

Adding new disks to a volume group and extending a logical volume

Removing logical volumes, volume groups, and physical volumes

Reviewing LVM commands

Chapter 14: Advanced Storage Management with Stratis and VDO

Chapter 14: Advanced Storage Management with Stratis and VDO

Technical requirements

Understanding Stratis

Installing and enabling Stratis

Managing storage pools and filesystems with Stratis

Preparing systems to use VDO

Creating a VDO volume

Assigning a VDO volume to an LVM volume

Testing a VDO volume and reviewing the stats

Chapter 15: Understanding the Boot Process

Chapter 15: Understanding the Boot Process

Understanding the boot process – BIOS and UEFI booting

Working with GRUB, the bootloader, and initrd system images

Managing the boot sequence with systemd

Intervening in the boot process to gain access to a system

Chapter 16: Kernel Tuning and Managing Performance Profiles with tuned

Chapter 16: Kernel Tuning and Managing Performance Profiles with tuned

Technical requirements

Identifying processes, checking memory usage, and killing processes

Adjusting kernel scheduling parameters to better manage processes

Installing tuned and managing tuning profiles

Creating a custom tuned profile

Chapter 17: Managing Containers with Podman, Buildah, and Skopeo

Chapter 17: Managing Containers with Podman, Buildah, and Skopeo

Technical requirements

Introduction to containers

Running a container using Podman and UBI

When to use Buildah and Skopeo

Section 4: Practical Exercises

Section 4: Practical Exercises

Chapter 18: Practice Exercises – 1

Chapter 18: Practice Exercises – 1

Technical requirements

Tips for the exercise

Practice exercise 1

Exercise 1 resolution

Chapter 19: Practice Exercise – 2

Chapter 19: Practice Exercise – 2

Technical requirements

Tips for the exercise

Practice exercise – 2

Answers to practice exercise 2

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Using SELinux Boolean settings to enable services

Many services have a wide range of configuration options for many common cases, but not always the same. For example, the http server should not access user files, but at the same time, it's a common way of operation to enable personal websites from the www or public_html folders in each user's home directory.

To overcome that use case and, at the same time, provide enhanced security, the SELinux policy makes use of Booleans.

A Boolean is a tunable that can be set by the administrator that can enable or disable conditionals in the policy code. Let's see, for example, a list of Booleans available for httpd by executing getsebol -a|grep ^http (list reduced):

httpd_can_network_connect --> off
httpd_can_network_connect_db --> off
httpd_can_sendmail --> off
httpd_enable_homedirs --> off
httpd_use_nfs --> off

This list is a reduced subset of the Booleans available, but it does give us an idea of what...