Book Image

Red Hat Enterprise Linux 9 Administration - Second Edition

By : Pablo Iranzo Gómez, Pedro Ibáñez Requena, Miguel Pérez Colino, Scott McCarty

2 (2)

Book Image

Red Hat Enterprise Linux 9 Administration - Second Edition

2 (2)

By: Pablo Iranzo Gómez, Pedro Ibáñez Requena, Miguel Pérez Colino, Scott McCarty

Overview of this book

With Red Hat Enterprise Linux 9 becoming the standard for enterprise Linux used from data centers to the cloud, Linux administration skills are in high demand. With this book, you’ll learn how to deploy, access, tweak, and improve enterprise services on any system on any cloud running Red Hat Enterprise Linux 9. Throughout the book, you’ll get to grips with essential tasks such as configuring and maintaining systems, including software installation, updates, and core services. You’ll also understand how to configure the local storage using partitions and logical volumes, as well as assign and deduplicate storage. You’ll learn how to deploy systems while also making them secure and reliable. This book provides a base for users who plan to become full-time Linux system administrators by presenting key command-line concepts and enterprise-level tools, along with essential tools for handling files, directories, command-line environments, and documentation for creating simple shell scripts or running commands. With the help of command line examples and practical tips, you’ll learn by doing and save yourself a lot of time. By the end of the book, you’ll have gained the confidence to manage the filesystem, users, storage, network connectivity, security, and software in RHEL 9 systems on any footprint.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Share your thoughts

Download a free PDF copy of this book

Part 1 – Systems Administration – Software, User, Network, and Services Management

Part 1 – Systems Administration – Software, User, Network, and Services Management

Free Chapter

Chapter 1: Getting RHEL Up and Running

Chapter 1: Getting RHEL Up and Running

Technical requirements

Obtaining RHEL and a subscription

Installing RHEL 9

Chapter 2: RHEL 9 Advanced Installation Options

Chapter 2: RHEL 9 Advanced Installation Options

Technical requirements

Automating RHEL deployments with Anaconda

Deploying RHEL on the cloud

Installation best practices

Chapter 3: Basic Commands and Simple Shell Scripts

Chapter 3: Basic Commands and Simple Shell Scripts

Logging in as a user and managing multi-user environments

Changing users with the su command

Understanding users, groups, and basic permissions

Using the command line, environment variables, and navigating through the filesystem

Understanding I/O redirection on the command line

Filtering output with grep and sed

Listing, creating, copying, and moving files, directories, links, and hard links

Using tar and gzip

Creating basic shell scripts

Using system documentation resources

Chapter 4: Tools for Regular Operations

Chapter 4: Tools for Regular Operations

Technical requirements

Managing system services with systemd

Scheduling tasks with cron and systemd

Learning about time synchronization with chrony and NTP

Checking for free resources – memory and disk (free and df)

Finding logs, using journald, and reading log files, including log preservation and rotation

Chapter 5: Securing Systems with Users, Groups, and Permissions

Chapter 5: Securing Systems with Users, Groups, and Permissions

Creating, modifying, and deleting local user accounts and groups

Managing groups and reviewing assignments

Adjusting password policies

Configuring sudo access for administrative tasks

Checking, reviewing, and modifying file permissions

Using special permissions

Chapter 6: Enabling Network Connectivity

Chapter 6: Enabling Network Connectivity

Technical requirements

Exploring network configuration in RHEL

Getting to know the configuration files and NetworkManager

Configuring network interfaces with IPv4 and IPv6

Configuring hostname and hostname resolutions (DNS)

An overview of firewall configuration

Testing network connectivity

Chapter 7: Adding, Patching, and Managing Software

Chapter 7: Adding, Patching, and Managing Software

RHEL subscription registration and management

Managing repositories and signatures with yum/dnf

Doing software installations, updates, and rollbacks with YUM/DNF

Creating and syncing repositories with createrepo and reposync

Understanding RPM internals

Part 2 – Security with SSH, SELinux, a Firewall, and System Permissions

Part 2 – Security with SSH, SELinux, a Firewall, and System Permissions

Chapter 8: Administering Systems Remotely

Chapter 8: Administering Systems Remotely

Technical requirements

SSH and OpenSSH overview and base configuration

Enabling root access via SSH (and when not to do it)

Accessing remote systems with SSH

Key-based authentication with SSH

Remote file management with SCP/rsync

Advanced remote management – SSH tunnels and SSH redirections

Remote terminals with tmux

Introduction to Ansible automation

Chapter 9: Securing Network Connectivity with firewalld

Chapter 9: Securing Network Connectivity with firewalld

Introduction to the RHEL firewall – firewalld

Enabling firewalld in the system and reviewing the default zones

Enabling and managing services and ports

Creating and using service definitions for firewalld

Configuring firewalld with the web interface

Chapter 10: Keeping Your System Hardened with SELinux

Chapter 10: Keeping Your System Hardened with SELinux

Technical requirements

SELinux usage in enforcing and permissive modes

Reviewing the SELinux context for files and processes

Tweaking the policy with semanage

Restoring changed file contexts to the default policy

Using SELinux Boolean settings to enable services

SELinux troubleshooting and common fixes

Integrity Measurement Architecture, digital hashes, and signatures for enhancing security

Chapter 11: System Security Profiles with OpenSCAP

Chapter 11: System Security Profiles with OpenSCAP

Getting started with OpenSCAP and discovering system vulnerabilities

Using OpenSCAP with security profiles for OSPP and PCI DSS

Part 3 – Resource Administration – Storage, Boot Process, Tuning, and Containers

Part 3 – Resource Administration – Storage, Boot Process, Tuning, and Containers

Chapter 12: Managing Local Storage and Filesystems

Chapter 12: Managing Local Storage and Filesystems

Technical requirements

Partitioning disks (MBR and GPT disks)

Formatting and mounting filesystems

Setting default mounts and options in fstab

Using network filesystems with NFS

Chapter 13: Flexible Storage Management with LVM

Chapter 13: Flexible Storage Management with LVM

Technical requirements

Understanding LVM

Creating, moving, and removing physical volumes

Combining physical volumes into volume groups

Creating and extending logical volumes

Adding new disks to a volume group and extending an logical volume

Removing logical volumes, volume groups, and physical volumes

Reviewing LVM commands

Chapter 14: Advanced Storage Management with Stratis and VDO

Chapter 14: Advanced Storage Management with Stratis and VDO

Technical requirements

Understanding Stratis

Installing and enabling Stratis

Managing storage pools and filesystems with Stratis

Preparing systems to use VDO

Creating and using a VDO volume

Testing a VDO volume and reviewing the stats

Chapter 15: Understanding the Boot Process

Chapter 15: Understanding the Boot Process

Understanding the boot process – BIOS and UEFI booting

Working with GRUB, the bootloader, and the initrd system images

Managing the boot sequence with systemd

Intervening in the boot process to gain access to a system

Chapter 16: Kernel Tuning and Managing Performance Profiles with tuned

Chapter 16: Kernel Tuning and Managing Performance Profiles with tuned

Technical requirements

Identifying processes, checking memory usage, and killing processes

Adjusting kernel scheduling parameters to better manage processes

Installing tuned and managing tuning profiles

Creating a custom tuned profile

Using the web console for observing performance metrics

Chapter 17: Managing Containers with Podman, Buildah, and Skopeo

Chapter 17: Managing Containers with Podman, Buildah, and Skopeo

Technical requirements

Introduction to containers

Running a container using Podman and UBI

When to use Buildah and Skopeo

Part 4 – Practical Exercises

Part 4 – Practical Exercises

Chapter 18: Practice Exercises – 1

Chapter 18: Practice Exercises – 1

Technical requirements

Tips for the exercise

Practice exercise 1

Exercise 1 solution

Chapter 19: Practice Exercise – 2

Chapter 19: Practice Exercise – 2

Technical requirements

Tips for the exercise

Practice exercise 2

Exercise 2 resolution

Index

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Share your thoughts

Download a free PDF copy of this book

Customer Reviews

2 (2)

5 star

0

4 star

0

3 star

50%

2 star

0

1 star

50%

Using SELinux Boolean settings to enable services

Many services have a wide range of configuration options for many common cases, but not always the same. For example, the http server should not access user files, but at the same time, it’s a common operation to enable personal websites from the www or public_html folders in each user’s home directory.

To overcome that use case and at the same time, provide enhanced security, the SELinux policy makes use of Booleans.

A Boolean is a tunable that can be set by the administrator that can enable or disable conditionals in the policy code. Let’s see, for example, a list of Booleans available for httpd by executing getsebool -a|grep ^http (list reduced):

httpd_can_network_connect --> off
httpd_can_network_connect_db --> off
httpd_can_sendmail --> off
httpd_enable_homedirs --> off
httpd_use_nfs --> off

This list is a reduced subset of the Booleans available, but it does give us an idea of what...