Book Image

Red Hat Enterprise Linux Server Cookbook

By : Jakub Gaj, William Leemans
Book Image

Red Hat Enterprise Linux Server Cookbook

By: Jakub Gaj, William Leemans

Overview of this book

Dominating the server market, the Red Hat Enterprise Linux operating system gives you the support you need to modernize your infrastructure and boost your organization’s efficiency. Combining both stability and flexibility, RHEL helps you meet the challenges of today and adapt to the demands of tomorrow. This practical Cookbook guide will help you get to grips with RHEL 7 Server and automating its installation. Designed to provide targeted assistance through hands-on recipe guidance, it will introduce you to everything you need to know about KVM guests and deploying multiple standardized RHEL systems effortlessly. Get practical reference advice that will make complex networks setups look like child’s play, and dive into in-depth coverage of configuring a RHEL system. Also including full recipe coverage of how to set up, configuring, and troubleshoot SELinux, you’ll also discover how secure your operating system, as well as how to monitor it.

Related Content you might be interested in

Current Title:

Small book image
Red Hat Enterprise Linux Server Cookbook
Jakub Gaj | William Leemans
Dec, 2015 | 250 pages
No titles found
Table of Contents (17 chapters)
Red Hat Enterprise Linux Server Cookbook
Red Hat Enterprise Linux Server Cookbook
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Working with KVM Guests
Working with KVM Guests
Introduction
Installing and configuring a KVM
Configuring resources
Building guests
Adding CPUs on the fly
Adding RAM on the fly
Adding disks on the fly
Moving disks to another storage
Moving VMs
Backing up your VM metadata
2
Deploying RHEL "En Masse"
Deploying RHEL "En Masse"
Introduction
Creating a kickstart file
Publishing your kickstart file using httpd
Deploying a system using PXE
Deploying a system using a custom boot ISO file
3
Configuring Your Network
Configuring Your Network
Introduction
Creating a VLAN interface
Creating a teamed interface
Creating a bridge
Configuring IPv4 settings
Configuring your DNS resolvers
Configuring static network routes
4
Configuring Your New System
Configuring Your New System
Introduction
The systemd service and setting runlevels
Starting and stopping systemd services
Configuring the systemd journal for persistence
Monitoring services using journalctl
Configuring logrotate
Managing time
Configuring your boot environment
Configuring smtp
5
Using SELinux
Using SELinux
Introduction
Changing file contexts
Configuring SELinux booleans
Configuring SELinux port definitions
Troubleshooting SELinux
Creating SELinux policies
Applying SELinux policies
6
Orchestrating with Ansible
Orchestrating with Ansible
Introduction
Install Ansible
Configuring the Ansible inventory
Creating a template for a kickstart file
Creating a playbook to deploy a new VM with kickstart
Creating a playbook to perform system configuration tasks
Troubleshooting Ansible
7
Puppet Configuration Management
Puppet Configuration Management
Introduction
Installing and configuring Puppet Master
Installing and configuring the Puppet agent
Defining a simple module to configure time
Defining nodes and node grouping
Deploying modules to single nodes and node groups
8
Yum and Repositories
Yum and Repositories
Introduction
Managing yum history
Creating a copy of an RHN repository
Configuring additional repositories
Setting up yum to automatically update
Configuring logrotate for yum
Recovering from a corrupted RPM database
9
Securing RHEL 7
Securing RHEL 7
Introduction
Installing and configuring IPA
Securing the system login
Configuring privilege escalation with sudo
Secure the network with firewalld
Using kdump and SysRq
Using ABRT
Auditing the system
10
Monitoring and Performance Tuning
Monitoring and Performance Tuning
Introduction
Tuning your system's performance
Setting up PCP – Performance Co-Pilot
Monitoring basic system performance
Monitoring CPU performance
Monitoring RAM performance
Monitoring storage performance
Monitoring network performance
Index
Index

Creating SELinux policies

In some cases, you'll need to create a new SELinux policy—for instance, when installing a piece of software from source. Although I do not recommend installing software from source on enterprise systems, this is sometimes your only option for company-developed software.

It is then time to create your own SELinux policy.

Getting ready

For this recipe, you need to have policycoreutils-python installed.

How to do it…

We'll use the denied entries in the audit.log log file to build our SELinux policy with audit2allow.

In this recipe, we'll use the same example as in the previous recipe: the SELinux context of /var/www/html/index.html that is changed to system_u:object_r:user_home_t:s0. Perform the following steps:

  1. First, create a human readable policy for verification via the following command:

    ~# egrep 'avc.*denied' /var/log/audit/audit.log |audit2allow -m example_policy

module example_policy 1.0;

require {
        type httpd_t;
        type user_home_t;
        class file...
Previous Section
End of Section 7
Next Section