PythonQ 248-8XX Guide d'installation Page 1

Red Hat Linux 8.0The Official Red Hat LinuxReference Guide

x Introduction2.1.3. Beginning Linux Books• Red Hat Linux for Dummies, 2nd Edition by Jon "maddog" Hall; IDG• Special Edition Using Red Hat

100 Chapter 6. The X Window SystemInputDeviceConfigures an input device such as a mouse or keyboard used to submit information into the sys-tem using t

Chapter 6. The X Window System 101• VertRefresh — Lists the vertical refresh range frequencies supported by the monitor, inkHz. These values are used

102 Chapter 6. The X Window SystemFor more information, refer to the XF86Config man page.To review the current configuration of your XFree86 server, ty

Chapter 6. The X Window System 103to work in that environment to commonly integrate and be used in new ways, such as permittingdrag-and-drop behavior

104 Chapter 6. The X Window Systemxmodmap utility to configure the keyboard. The Xresources files are read to assign specific prefer-ence values to parti

Chapter 6. The X Window System 105When the user finishes an X session on the default display (:0) and logs out, the/etc/X11/xdm/TakeConsole script runs

106 Chapter 6. The X Window System• clone-self — Decides if the font server will clone a new version of itself when the client-limit is hit. By defaul

Chapter 6. The X Window System 1076.6. Additional ResourcesMuch more can be said about the XFree86 server, the clients that connect to it, and the ass

108 Chapter 6. The X Window System• KDE 2.0 Development by David Sweet and Matthias Ettrich; Sams Publishing — Instructs be-ginning and advanced devel

Security Reference

Introduction xidisplayed in a different style on their own (such as filenames). In these cases, they are consideredto be part of the command, so the en

Chapter 7.Pluggable Authentication Modules (PAM)Programs which give privileges to users must properly authenticate each user. For instance, when youlo

112 Chapter 7. Pluggable Authentication Modules (PAM)The next four sections will describe the basic format of PAM configuration files and how they usePA

Chapter 7. Pluggable Authentication Modules (PAM) 1137.3.2. Creating ModulesNew PAM modules can be added at any time, and PAM-aware applications can t

114 Chapter 7. Pluggable Authentication Modules (PAM)A newer control flag syntax allowing for even more control is now available for PAM. Please see th

Chapter 7. Pluggable Authentication Modules (PAM) 115This line causes the user to be asked for a password and then checks the password using the infor

116 Chapter 7. Pluggable Authentication Modules (PAM)#%PAM-1.0auth required /lib/security/pam_nologin.soauth required /lib/security/pam_securetty.soau

Chapter 7. Pluggable Authentication Modules (PAM) 1177.8.1. Device OwnershipWhen a user logs into a machine under Red Hat Linux, the pam_console.so mo

118 Chapter 7. Pluggable Authentication Modules (PAM)

Chapter 8.TCP Wrappers and xinetdControlling access to network services can be a challenge. Firewalls are useful for controlling accessin and out of a

xii Introductionbutton on a GUI screen or windowThis style indicates that the text will be found on a clickable button on a GUI screen. For example:Cl

120 Chapter 8. TCP Wrappers and xinetdspecifically given access to the service in hosts.allow are allowed to access the service. In addition,all rules

Chapter 8. TCP Wrappers and xinetd 121CautionThe KNOWN, UNKNOWN, and PARANOID wildcards should be used very carefully, as a disruption in nameresoluti

122 Chapter 8. TCP Wrappers and xinetdspecial file or email an administrator. Below is an example of a booby trap in the hosts.deny filewhich will write

Chapter 8. TCP Wrappers and xinetd 123instances of this service is under a particular threshold, and any other rules specified for that serviceor all x

124 Chapter 8. TCP Wrappers and xinetd• EXIT — Logs the exit status or termination signal of the service. (log_on_success)• HOST — Logs the remote hos

Chapter 8. TCP Wrappers and xinetd 1258.3.1.3. Access Control within xinetdUsers of xinetd services can choose to use the TCP wrapper host access cont

126 Chapter 8. TCP Wrappers and xinetd8.3.1.4. Binding and Port RedirectionThe service configuration files for xinetd also support binding the service t

Chapter 8. TCP Wrappers and xinetd 1278.4. Additional ResourcesAdditional information concerning TCP wrappers and xinetd is available on system docume

128 Chapter 8. TCP Wrappers and xinetd

Chapter 9.SSH ProtocolSSH™ allows users to log into host systems remotely. Unlike rlogin or telnet SSH encrypts thelogin session, making it impossible

Introduction xiiiImportantIf you modify the DHCP configuration file, the changes will not take effect until you restart the DHCPdaemon.CautionDo not per

130 Chapter 9. SSH Protocol9.1.1. Why Use SSH?Nefarious computer users have a variety of tools at their disposal to disrupt, intercept, and re-routene

Chapter 9. SSH Protocol 131Both SSH protocol versions 1 and 2 add layers of security with each of these layers providing its owntype of protection.9.3

132 Chapter 9. SSH ProtocolServers can be configured to allow different types of authentication, which gives each side the opti-mal amount of control.

Chapter 9. SSH Protocol 133• ssh_host_key.pub — The RSA public key used by the sshd daemon for version 1 of the SSHprotocol.• ssh_host_rsa_key — The R

134 Chapter 9. SSH Protocol9.5.2. Port ForwardingWith SSH you can secure otherwise insecure TCP/IP protocols via port forwarding. When using thistechn

Chapter 9. SSH Protocol 1359.6. Require SSH for Remote ConnectionsFor SSH to be truly effective in protecting your network connections, you must stop

136 Chapter 9. SSH Protocol

Chapter 10.KerberosKerberos is a network authentication protocol created by MIT which uses secret-key cryptography —obviating the need to send passwor

138 Chapter 10. Kerberos10.3. Kerberos TerminologyLike any other system, Kerberos has its own terminology to define various aspects of the service.Befo

Chapter 10. Kerberos 139ticketA temporary set of electronic credentials that verify the identity of a client for a particular service.Ticket Granting

xiv Introduction6.1. We Need Feedback!If you find an error in the Official Red Hat Linux Reference Guide, or if you have thought of away to make this ma

140 Chapter 10. KerberosNoteKerberos depends on certain network services to work correctly. First, Kerberos requires approximateclock synchronization

Chapter 10. Kerberos 141KDC from kerberos.example.com to the name of your Kerberos server. By convention,all realm names are uppercase and all DNS hos

142 Chapter 10. KerberosOnce you have completed the steps listed above, the Kerberos server should be up and running. Next,we will set up a Kerberos c

Chapter 10. Kerberos 14310.8.1. Installed Documentation• /usr/share/doc/krb5-server- version-number — The Kerberos V5 Installation Guideand the Kerber

144 Chapter 10. Kerberos

Chapter 11.TripwireTripwire data integrity assurance software monitors the reliability of critical system files and directo-ries by identifying changes

146 Chapter 11. Tripwire1. Install Tripwire and customize the policy file.Install the tripwire RPM (Section 11.2). Then, customize the sample configurat

Chapter 11. Tripwire 1472. If the CD-ROM does not automatically mount, type the following command:mount /mnt/cdrom3. Verify that the tripwire RPM is o

148 Chapter 11. Tripwire• EDITOR — Specifies the text editor called by Tripwire. The default value is /bin/vi.• LATEPROMPTING — If set to true this var

Chapter 11. Tripwire 149WarningFor security purposes, you should either delete or store in a secure location any copies of the plaintext /etc/tripwire

System Reference

150 Chapter 11. Tripwirean initial integrity check. This check should be done prior to connecting the computer to the network,and putting it into prod

Chapter 11. Tripwire 151Database file used: /var/lib/tripwire/some.host.com.twdCommand line used: /usr/sbin/tripwire --check==========================

152 Chapter 11. Tripwire/bin/arch-rwxr-xr-x root (0) 2844 Tue Dec 12 05:51:35 2000/bin/ash-rwxr-xr-x root (0) 64860 Thu Dec 7 22:35:05 2000/bin/ash.st

Chapter 11. Tripwire 153ImportantIt is important that you change only authorized integrity violations in the database.All proposed updates to the Trip

154 Chapter 11. TripwireThen type the following command to create a new database using the updated policy file:/usr/sbin/tripwire --initTo make sure th

Chapter 11. Tripwire 155Since the configuration file does not not alter any Tripwire policies or files tracked by the application,it is not necessary to

156 Chapter 11. Tripwire/etc/tripwire/tw.polThe active Tripwire policy file is an encrypted file containing comments, rules, directives, andvariables. T

Network Services Reference

Chapter 12.Network ScriptsUsing Red Hat Linux, all network communications occur between configured interfaces and physicalnetworking devices connected

160 Chapter 12. Network Scriptsconfigure them. These files are usually named ifcfg- name , where name refers to the nameof the device that the configurat

Chapter 12. Network Scripts 161• yes — This device should be activated at boot-time.• no — This device should not be activated at boot-time.• PEERDNS=

162 Chapter 12. Network Scripts• yes — This interface will allow pppd to initiate a connection when someone attempts to use it.• no — A connection mus

Chapter 12. Network Scripts 163WarningNever edit the loopback interface script, /etc/sysconfig/network-scripts/ifcfg-lo, by hand.Doing so can prevent

164 Chapter 12. Network ScriptsThe two interface control scripts are ifdown and ifup and are symbolic links to scripts in the /sbin/directory. When ei

Chapter 12. Network Scripts 165The most common network functions file is network-functions, located in the/etc/sysconfig/network-scripts/ directory. Th

166 Chapter 12. Network Scripts

Chapter 13.Firewalls and iptablesLinux comes with advanced tools for packet filtering — the process of controlling network packetsas they enter, move t

168 Chapter 13. Firewalls and iptables• OUTPUT — This chain applies to packets sent out via the same network interface which receivedthe packets.• FOR

Chapter 13. Firewalls and iptables 169packets. For this reason, you must be sure to place the rule designed to catch a particular packet inthe rule th

Chapter 1.File System Structure1.1. Why Share a Common Structure?An operating system’s file system structure is its most basic level of organization. A

170 Chapter 13. Firewalls and iptables13.3.2. StructureMany iptables commands have the following structure:iptables [-t table-name ] command chain-nam

Chapter 13. Firewalls and iptables 171CautionBe aware of which option (-A or -I) you are using when adding a rule. The order of the rules canbe very i

172 Chapter 13. Firewalls and iptablesiptables man page for more information on these and other targets, including rules regardingtheir use.You may al

Chapter 13. Firewalls and iptables 173Like many other options, using the exclamation point character (!) after --tcp-flags reverses theeffect of the m

174 Chapter 13. Firewalls and iptables• INVALID — The matching packet cannot be tied to a known connection.• NEW — The matching packet is either creat

Chapter 13. Firewalls and iptables 175• --log-prefix — Places a string before the log line when it is written. Accepts up to 29characters after the --

176 Chapter 13. Firewalls and iptablessystem’s version of this file. This allows you to quickly distribute sets of iptables rules to manydifferent mach

Chapter 14.Apache HTTP ServerThe Apache HTTP Server is a robust, commercial-grade open source Web server developed by theApache Software Foundation (h

178 Chapter 14. Apache HTTP ServerA more complete list complete list of changes can be found online at http://httpd.apache.org/docs-2.0/.14.1.2. Packa

Chapter 14. Apache HTTP Server 179it to suit; however, some parts of the file have changed more than others and a mixed approach isgenerally the best.

18 Chapter 1. File System Structure1.2.1. FHS OrganizationThe directories and files noted here are a small subset of those specified by the FHS document

180 Chapter 14. Apache HTTP Server14.2.1.2. Server-pool Size RegulationIn Apache HTTP Server 2.0, the responsibility for accepting requests and dispat

Chapter 14. Apache HTTP Server 181• LoadModule lines for modules packaged in their own RPMs (mod_ssl, php, mod_perl, and thelike) are no longer necess

182 Chapter 14. Apache HTTP Server14.2.2.2. LoggingThe following logging directives have been removed:• AgentLog• RefererLog• RefererIgnoreHowever, ag

Chapter 14. Apache HTTP Server 183For more on this topic, refer to the following documentation on the Apache Software Foundation’swebsite:• http://htt

184 Chapter 14. Apache HTTP Server14.2.4.1. The mod_ssl ModuleThe configuration for mod_ssl has been moved from httpd.conf into the file/etc/httpd/conf.

Chapter 14. Apache HTTP Server 18514.2.4.3. The mod_include ModuleThe mod_include module is now implemented as a filter (see Section 14.2.4 for more on

186 Chapter 14. Apache HTTP ServerAction dbmmanage command(Apache 1.3)Equivalent htdbmcommand (Apache 2.0)Add user to database (usinggiven password)db

Chapter 14. Apache HTTP Server 18714.2.4.6. The mod_python ModuleThe configuration for mod_python; has been moved from httpd.conf into the file/etc/http

188 Chapter 14. Apache HTTP ServerNoteRed Hat, Inc. does not ship FrontPage extensions as the Microsoft™ license prohibits the inclusionof these exten

Chapter 14. Apache HTTP Server 189NoteIf you are running the Apache HTTP Server as a secure server, you will be prompted for the secureserver’s passwo

Chapter 1. File System Structure 191.2.1.6. The /proc DirectoryThe /proc directory contains special "files" that either extract information f

190 Chapter 14. Apache HTTP Server14.5.3. PidFilePidFile names the file where the server records its process ID (pid). Your Web server is set to record

Chapter 14. Apache HTTP Server 191Your server’s default MinSpareServers is 5; your server’s default MaxSpareServers is 20. Thesedefault settings shoul

192 Chapter 14. Apache HTTP Server14.5.15. LoadModuleLoadModule is used to load in Dynamic Shared Object (DSO) modules. More information on the theApa

Chapter 14. Apache HTTP Server 19314.5.19. GroupThe Group directive is similar to the User. The Group sets the group under which the server willanswer

194 Chapter 14. Apache HTTP ServerUsing Directory tags, the DocumentRoot is defined to have less rigid parameters, so that HTTPrequests can be served f

Chapter 14. Apache HTTP Server 19514.5.27. AllowAllow specifies which requester can access a given directory. The requester can be all, a domainname, a

196 Chapter 14. Apache HTTP Server14.5.32. CacheNegotiatedDocsBy default, your Web server asks proxy servers not to cache any documents which were neg

Chapter 14. Apache HTTP Server 197other words, after a reverse lookup is performed, a forward lookup is performed on the result. At leastone of the IP

198 Chapter 14. Apache HTTP ServerauthuserIf authentication was required, this is the username with which the user identified herself. Usu-ally, this i

Chapter 14. Apache HTTP Server 199See Section 14.5.59 and Section 14.5.23 for instructions on how to execute CGI scripts in directoriesother than the

Red Hat Linux 8.0: The Official Red Hat Linux Reference GuideCopyright © 2002 by Red Hat, Inc.Red Hat, Inc.1801 Varsity DriveRaleigh NC 27606-2072 USAP

20 Chapter 1. File System Structurethat are not designed to be directly utilized by users or shell scripts. The libexec directory containssmall helper

200 Chapter 14. Apache HTTP Server14.5.49. AddIconAddIcon tells the server which icon to show in server generated directory listings for certain file t

Chapter 14. Apache HTTP Server 20114.5.56. AddLanguageAddLanguage associates filename extensions with specific content languages. This directive is most

202 Chapter 14. Apache HTTP Server14.5.61. MetaDirMetaDir specifies the name of a directory where your Web server should look for files containingmeta i

Chapter 14. Apache HTTP Server 203# Deny from all# Allow from .your_domain.com#/LocationAgain, you must fill in .your_domain.com.14.5.66. ProxyRequests

204 Chapter 14. Apache HTTP ServerNoteAny name-based virtual hosts you set up will only work with non-secure HTTP connections as youcannot use name-ba

Chapter 14. Apache HTTP Server 20514.6. Default ModulesThe Apache HTTP Server is distributed with a number of modules. By default the following module

206 Chapter 14. Apache HTTP ServerA sample LoadModule line looks like this:LoadModule access_module modules/mod_access.soIf you add or delete modules

Chapter 14. Apache HTTP Server 207The configuration directives for your secure server are contained within virtual host tags in the/etc/httpd/conf.d/ss

208 Chapter 14. Apache HTTP Server14.9. Additional ResourcesTo learn more about the Apache HTTP Server, refer to the following resources.14.9.1. Usefu

Chapter 15.EmailEmail is one of the most widely used services on the Internet. Red Hat Linux offers many ways toserve and access email, whether you ar

Chapter 1. File System Structure 21|- named|- nis|- opt|- preserve|- run+- spool|- anacron|- at|- cron|- fax|- lpd|- mail|- mqueue|- news|- rwho|- sam

210 Chapter 15. Emailthe message on the email server after it has been successfully transferred to the client’s system, thoughthis can usually be chan

Chapter 15. Email 211particular mail server using the VRFY command or expand a mailing list using the EXPN command.Email can also be relayed between t

212 Chapter 15. EmailMany of the larger and more complex MUAs can also be used to send email. However, this actionshould not be confused with the acti

Chapter 15. Email 213which grew out of an earlier email delivery system called Delivermail, quickly became the standardas the email began to expand an

214 Chapter 15. EmailFor example, if you want all email addressed to any domain.com account to be delivered to<[email protected]>, you need to

Chapter 15. Email 215In this situation, the sendmail server needs to masquerade the machine names on the company networkso that their return address i

216 Chapter 15. Email15.3.6. Using Sendmail with LDAPUsing the Lightweight Directory Access Protocol (LDAP) is a very quick and powerful way to findspe

Chapter 15. Email 21715.4.1. Fetchmail Configuration OptionsAlthough it is possible to pass all options on the command line necessary to check for emai

218 Chapter 15. EmailWhile you can set up your .fetchmailrc file manually, it is much easier to let the included fetch-mailconf program do it for you.

Chapter 15. Email 219• limit max-number-bytes — Allows you to specify that only messages below a particularsize may be retrieved. This option is usefu

22 Chapter 1. File System StructureThe /var/spool/up2date/ directory contains files used by Red Hat Update Agent, includingRPM header information for t

220 Chapter 15. Email• --quit — Quits the Fetchmail daemon process.More commands and .fetchmailrc options can be found on the fetchmail man page.15.5.

Chapter 15. Email 221Many environment variables are not used by most Procmail users, and many of the more importantenvironment variables are already d

222 Chapter 15. EmailA thorough explanation of regular expressions is beyond the scope of this chapter. The structure ofProcmail recipes is more impor

Chapter 15. Email 223To ensure that the action on this last previous matching recipe was successfully completed beforeallowing a match on the current

224 Chapter 15. Email• $ — Refers to a variable set earlier in the rc file. This is usually used to set a common mailbox thatwill be referred to by var

Chapter 15. Email 225:0:* ^(From|CC|To).*tux-lugtuxlugAny messages sent from the [email protected] mailing list will be placed in the tuxlug mail-box

226 Chapter 15. Email15.6.2. Secure Email ServersOffering SSL encryption to IMAP and POP users on the email server is almost as easy. Red Hat Linuxals

Chapter 15. Email 227• /usr/share/doc/fetchmail- version-number — Contains a full list of Fetchmail fea-tures in the FEATURES file and an introductory

228 Chapter 15. Email• Removing the Spam: Email Processing and Filtering by Geoff Mulligan; Addison-Wesley Publish-ing Company — A volume that looks a

Chapter 16.Berkeley Internet Name Domain (BIND)Today, the Internet and almost all local networks depend upon a working and reliable Domain NameService

Chapter 2.The proc File SystemThe Linux kernel has two primary functions: to control access to physical devices on the computerand to schedule when an

230 Chapter 16. Berkeley Internet Name Domain (BIND)When looking at how a FQDN is resolved to find the IP address that relates to a particular system,y

Chapter 16. Berkeley Internet Name Domain (BIND) 231The /etc/named.conf file must be free of errors in order for named to start. While some erroneousop

232 Chapter 16. Berkeley Internet Name Domain (BIND)When used with other /etc/named.conf statements and their options, acl statements can bevery usefu

Chapter 16. Berkeley Internet Name Domain (BIND) 233• allow-recursion — Similar to allow-query, except it applies to recursive queries. By de-fault, a

234 Chapter 16. Berkeley Internet Name Domain (BIND)statements are listed is important, as the first view statement that matches a particular client’s

Chapter 16. Berkeley Internet Name Domain (BIND) 235nameservers use only few of them. The following zone statements are very basic examples that canbe

236 Chapter 16. Berkeley Internet Name Domain (BIND)For example, a zone file may contains the following line:$ORIGIN domain.comAt this point, any names

Chapter 16. Berkeley Internet Name Domain (BIND) 237over others. The MX resource record with the lowest preference-value is preferred overthe others,

238 Chapter 16. Berkeley Internet Name Domain (BIND)Seconds Other Time Units60 1M1800 30M3600 1H10800 3H21600 6H43200 12H86400 1D259200 3D604800 1WTab

Chapter 16. Berkeley Internet Name Domain (BIND) 239In this example, standard directives and SOA values are used. The authoritative nameservers are se

24 Chapter 2. The proc File SystemWhen viewing different virtual files in the /proc/ file system, you will notice some of the informationis easily under

240 Chapter 16. Berkeley Internet Name Domain (BIND)address to be reversed and ".in-addr.arpa" to be included after them. This allows the si

Chapter 16. Berkeley Internet Name Domain (BIND) 24116.3.1.2. /etc/rndc.confYou need to add the following lines to /etc/rndc.conf if rndc is to automa

242 Chapter 16. Berkeley Internet Name Domain (BIND)• stats — Dumps the current named stats to the /var/named/named.stats file.• stop — Stops the serve

Chapter 16. Berkeley Internet Name Domain (BIND) 24316.4.2. Multiple ViewsThrough the use of the view statement in /etc/named.conf, BIND allows you to

244 Chapter 16. Berkeley Internet Name Domain (BIND)• Remember to place dots (.) in zone files after all FQDNs and omit them on hostnames.The dot denot

Chapter 16. Berkeley Internet Name Domain (BIND) 245• http://www.redhat.com/mirrors/LDP/HOWTO/DNS-HOWTO.html — Covers the use of BIND asa resolving, c

246 Chapter 16. Berkeley Internet Name Domain (BIND)

Chapter 17.Network File System (NFS)NFS (Network File System) exists to allow hosts to mount partitions on a remote system and use themas though they

248 Chapter 17. Network File System (NFS)permitted or prevented access to the NFS server. For more information on configuring accesscontrols with TCP w

Chapter 17. Network File System (NFS) 249100005 3 tcp 1106 mountd100003 2 udp 2049 nfs100003 3 udp 2049 nfs100021 1 udp 1028 nlockmgr100021 3 udp 1028

Chapter 2. The proc File System 25Running the apm -v command on such a system results in output similar to this:APM BIOS 1.2 (kernel driver 1.16)AC on

250 Chapter 17. Network File System (NFS)17.2.1. /etc/exportsThe /etc/exports file is the standard for controlling which file systems are exported to wh

Chapter 17. Network File System (NFS) 251However, be careful when using wildcards with fully qualified domain names, as they tend to bemore exact than

252 Chapter 17. Network File System (NFS)The options area specifies how the file system is to be mounted. For example, if the options areastates rw,suid

Chapter 17. Network File System (NFS) 253This line states that any directory a user tries to access under the local /home directory (due to theasteris

254 Chapter 17. Network File System (NFS)17.4.1. Host AccessNFS controls who can mount an exported file system based on the host making the mount reque

Chapter 17. Network File System (NFS) 255• fstab — Gives details for the format of the /etc/fstab file used to mount file systems atsystem boot.• nfs —

256 Chapter 17. Network File System (NFS)

Chapter 18.Lightweight Directory Access Protocol (LDAP)Lightweight Directory Access Protocol (LDAP) is a set of open protocols used to access centrall

258 Chapter 18. Lightweight Directory Access Protocol (LDAP)• Updated C API — Improves the way programmers can connect to and use the application.• LD

Chapter 18. Lightweight Directory Access Protocol (LDAP) 259• ldapsearch — Searches for entries in the LDAP directory using a shell prompt.• ldapdelet

26 Chapter 2. The proc File System• processor — Provides each processor with an identifying number. If you only have one processor,you will only see a

260 Chapter 18. Lightweight Directory Access Protocol (LDAP)18.3. LDAP TerminologyAn entry is one unit in an LDAP directory. Each entry is identified b

Chapter 18. Lightweight Directory Access Protocol (LDAP) 261• /etc/openldap/slapd.conf — This is the configuration file for the slapd daemon. See Sec-ti

262 Chapter 18. Lightweight Directory Access Protocol (LDAP)TipIf you are using the slapadd command-line tool locally to populate the LDAP directory,

Chapter 18. Lightweight Directory Access Protocol (LDAP) 263The basic steps for creating an LDAP server are as follows:1. Install the openldap, openld

264 Chapter 18. Lightweight Directory Access Protocol (LDAP)18.7.2.2. On the Clients, Edit /etc/ldap.conf and /etc/openldap/ldap.confOn all client mac

Chapter 18. Lightweight Directory Access Protocol (LDAP) 265Existing name service Is LDAPrunning?Script to Use/etc flat files yes migrate_all_online.sh/

266 Chapter 18. Lightweight Directory Access Protocol (LDAP)18.8.3. Related Books• Implementing LDAP by Mark Wilcox; Wrox Press, Inc.• Understanding a

Appendixes

Appendix A.General Parameters and ModulesThis appendix is provided to illustrate some of the possible parameters available for some commonhardware dev

Chapter 2. The proc File System 27The other difference is that block devices can send and receive information in blocks of a size config-ured per devic

270 Appendix A. General Parameters and ModulesNoteOnly use one method, and not both, when loading a module with particular parameters.CautionWhen a pa

Appendix A. General Parameters and Modules 271Hardware Module ParametersISP16, MAD16, or Mozartsound card CD-ROM interface(OPTi 82C928 and OPTi82C929)

272 Appendix A. General Parameters and ModulesNoteMost newer Sound Blaster cards come with IDE interfaces. For these cards, you do not need to usesbpc

Appendix A. General Parameters and Modules 273Hardware Module ParametersACARD ATP870U PCI SCSIControlleratp870u.oCompaq Smart Array 5300Controllerccis

274 Appendix A. General Parameters and ModulesHardware Module ParametersNCR SCSI controllers with810/810A/815/825/825A/860/875/876/895chipsetsncr53c8x

Appendix A. General Parameters and Modules 275Configuration ExampleFuture Domain TMC-800 at CA000, IRQ 10 controller_type=2 base_address=0xca000irq=10T

276 Appendix A. General Parameters and ModulesHardware Module ParametersCrystalSemiconductorCS89[02]0cs89x0.oEtherWORKS DE425TP/COAX EISA, DE434TP PCI

Appendix A. General Parameters and Modules 277Hardware Module ParametersIntel EtherExpress 16(i82586)eexpress.o eexpress=io_port,IRQ OR eexpressio=io_

278 Appendix A. General Parameters and ModulesHardware Module ParametersMiCom-Interlan NI5010 ni5010.oNI5210 card (i82586Ethernet chip)ni52.o ni52=io_

Appendix A. General Parameters and Modules 279Hardware Module ParametersWD8003 andWD8013-compatibleEthernet cardswd.o wd=io_port,IRQ,mem, mem_end OR w

28 Chapter 2. The proc File SystemThe first column signifies whether the file system is mounted on a block device. Those beginning withnodev are not moun

280 Appendix A. General Parameters and Modules

IndexSymbols.fetchmailrc, 217global options, 218server options, 218user options, 218.procmailrc, 220/dev directory, 18/etc directory, 18/etc/exports,

282BBasic Input/Output System(See BIOS)Berkeley Internet Name Domain(See BIND)BINDadditional resources, 244installed documentation, 244related books,

283DefaultIcon, 200DefaultType, 196Deny, 195Directory, 193DirectoryIndex, 195DocumentRoot, 193ErrorDocument, 202ErrorLog, 197ExtendedStatus, 192for ca

284changing, 206changing shared, 207DoS(See Denial of Service)DoS attack(See Denial odf Service attack)drag and drop, xiiidrivers(See kernel modules)D

285useful websites, 87boot process, 77changing runlevels with, 81, 86commands, 81configuration file/boot/grub/grub.conf, 83structure, 83definition of, 77

286KKDE, 102(See Also XFree86)KeepAliveApache configuration directive, 190KeepAliveTimeoutApache configuration directive, 190Kerberosadditional resource

287(See Also LILO)ListenApache configuration directive, 191LoadModuleApache configuration directive, 192LocationApache configuration directive, 202LockFi

288(See kernel modules)non-secure Web serverdisabling, 207ntsysv, 62(See Also services)Oobjects, dynamically shared(See DSOs)OpenLDAP(See LDAP)OpenSSH

289/proc/uptime, 37/proc/version, 37additional resources, 53installed documentation, 53useful websites, 53changing files within, 24, 45, 52files within,

Chapter 2. The proc File System 292.2.10. /proc/iomemThis file shows you the current map of the system’s memory for each physical device:00000000-0009f

290(See Also LDAP)slappasswd command, 258(See Also LDAP)slave nameserver(See BIND)slurpd command, 258(See Also LDAP)SSH protocol, 129authentication, 1

291additional resources, 156installed documentation, 156useful websites, 156applications, 155tripwire, 155tripwire-check, 150twadmin, 153, 154, 155twi

XX(See XFree86)X Window System(See XFree86)X.500(See LDAP)X.500 Lite(See LDAP)XFree86additional resources, 107installed documentation, 107related book

ColophonThe Official Red Hat Linux manuals are written in DocBook SGML v4.1 format. The HTML andPDF formats are produced using custom DSSSL stylesheets

294

Table of ContentsIntroduction...

30 Chapter 2. The proc File System2.2.12. /proc/isapnpThis file lists Plug and Play (PnP) cards in ISA slots on the system. This is most often seen wit

Chapter 2. The proc File System 312.2.14. /proc/kmsgThis file is used to hold messages generated by the kernel. These messages are then picked up by ot

32 Chapter 2. The proc File System2.2.18. /proc/mdstatThis file contains the current information for multiple-disk, RAID configurations. If your system

Chapter 2. The proc File System 33• MemFree — The amount of physical RAM, in kilobytes, left unused by the system.• MemShared — Unused with 2.4 and hi

34 Chapter 2. The proc File System(0). The final column states if the module can unload itself automatically after a period without use(autoclean) or i

Chapter 2. The proc File System 352.2.25. /proc/pciThis file contains a full listing of every PCI device on your system. Depending on the number of PCI

36 Chapter 2. The proc File System2.2.26. /proc/slabinfoThis file gives information about memory usage on the slab level. Linux kernels greater than 2.

Chapter 2. The proc File System 372.2.28. /proc/swapsThis file measures swap space and its utilization. For a system with only one swap partition, the

38 Chapter 2. The proc File SystemThese directories are called process directories, as they are named after a program’s process ID andcontain informat

Chapter 2. The proc File System 394. Number of pages are code5. Number of pages of data/stack6. Number of pages of library7. Number of dirty pages• st

6.4. Runlevels... 1036.5. Fonts...

40 Chapter 2. The proc File SystemSo, for example, a system with a USB bus but no USB devices connected to it has a /proc/bus/usb/directory containing

Chapter 2. The proc File System 412.3.5. /proc/ide/This directory holds information about IDE devices on the system. Each IDE channel is representedas

42 Chapter 2. The proc File System• model — The model name or number of the device.• settings — A collection of current parameters of the device. This

Chapter 2. The proc File System 43• dev_mcast — Displays the various Layer2 multicast groups each device is listening to.• igmp — Lists the IP multica

44 Chapter 2. The proc File Systemmegaraid directories are present, as those two drivers are being utilized. The files in each of thedirectories typica

Chapter 2. The proc File System 45controller is communicating with the CD-ROM at 20 megabytes per second, while the tape drive isonly connected at 10

46 Chapter 2. The proc File SystemNoteAny configuration changes you make using the echo command will disappear when the system isrestarted. To make you

Chapter 2. The proc File System 47• dentry-state — Provides the status of the directory cache. The file looks similar to this:57411 52939 45 0 0 0The fi

48 Chapter 2. The proc File Systemprocesses are stored in non-swappable kernel memory. Any increase in msgmax would increaseRAM requirements for the s

Chapter 2. The proc File System 49• threads-max — Sets the maximum number of threads to be used by the kernel, with a defaultvalue of 2048.• version —

III. Network Services Reference ... 15712. Network Sc

50 Chapter 2. The proc File System• icmp_echo_ignore_all and icmp_echo_ignore_broadcasts — Allows the kernel to ignoreICMP ECHO packets from every hos

Chapter 2. The proc File System 51• kswapd — Sets various values concerned with the kernel swap-out daemon, kswapd. This file hasthree values:512 32 8T

52 Chapter 2. The proc File Systempty_master /dev/ptm 128 0-255 pty:masterpty_slave /dev/ttyp 3 0-255 pty:slavepty_master /dev/pty 2 0-255 pty:master/

Chapter 2. The proc File System 532.5. Additional ResourcesBelow are additional sources of information about /proc/.2.5.1. Installed DocumentationMost

54 Chapter 2. The proc File System

Chapter 3.Boot Process, Init, and ShutdownAn important and powerful aspect of Red Hat Linux is the open method it uses for starting and stop-ping the

56 Chapter 3. Boot Process, Init, and ShutdownOnce loaded, the BIOS tests the system, looks for and checks peripherals and then locates a validdevice

Chapter 3. Boot Process, Init, and Shutdown 57If you need to alter the command line arguments to the kernel, see Chapter 4. For information onchanging

58 Chapter 3. Boot Process, Init, and ShutdownNext, the init command sets the source function library, /etc/rc.d/init.d/functions, for thesystem. This

Chapter 3. Boot Process, Init, and Shutdown 59S40atd -> ../init.d/atdS45pcmcia -> ../init.d/pcmciaS55sshd -> ../init.d/sshdS56rawdevices ->

IV. Appendixes ... 267A.

60 Chapter 3. Boot Process, Init, and ShutdownAfter the init command has progressed through the appropriate rc directory for the runlevel, the/etc/ini

Chapter 3. Boot Process, Init, and Shutdown 61The init.d directory contains the scripts used by the init command when controlling services.Each of the

62 Chapter 3. Boot Process, Init, and Shutdownthem to quickly move in and out of their custom configuration without disturbing the normal set offeature

Chapter 3. Boot Process, Init, and Shutdown 633.7.1. Files in the /etc/sysconfig/ DirectoryThe following files are normally found in the /etc/sysconfig

64 Chapter 3. Boot Process, Init, and Shutdown• vncservers• xinetdIt is possible that your system may be missing a few of them if the corresponding pr

Chapter 3. Boot Process, Init, and Shutdown 653.7.1.5. /etc/sysconfig/clockThe /etc/sysconfig/clock file controls the interpretation of values read fro

66 Chapter 3. Boot Process, Init, and Shutdown3.7.1.9. /etc/sysconfig/gpmThe /etc/sysconfig/gpm file is used to pass arguments to the gpm daemon at boo

Chapter 3. Boot Process, Init, and Shutdown 673.7.1.14. /etc/sysconfig/initThe /etc/sysconfig/init file controls how the system will appear and functio

68 Chapter 3. Boot Process, Init, and Shutdown3.7.1.16. /etc/sysconfig/iptablesLike /etc/sysconfig/ipchains, the /etc/sysconfig/iptables file stores in

Chapter 3. Boot Process, Init, and Shutdown 69For example: KEYTABLE="us". The files that can be used as keytables start in/usr/lib/kbd/keymap

IntroductionWelcome to the Official Red Hat Linux Reference Guide.The Official Red Hat Linux Reference Guide contains useful information about your Red

70 Chapter 3. Boot Process, Init, and Shutdown3.7.1.21. /etc/sysconfig/namedThe /etc/sysconfig/named file is used to pass arguments to the named daemon

Chapter 3. Boot Process, Init, and Shutdown 713.7.1.24. /etc/sysconfig/ntpdThe /etc/sysconfig/ntpd file is used to pass arguments to the ntpd daemon at

72 Chapter 3. Boot Process, Init, and Shutdown3.7.1.28. /etc/sysconfig/redhat-config-usersThe /etc/sysconfig/redhat-config-users file is the configurati

Chapter 3. Boot Process, Init, and Shutdown 733.7.1.33. /etc/sysconfig/squidThe /etc/sysconfig/squid file is used to pass arguments to the squid daemon

74 Chapter 3. Boot Process, Init, and ShutdownIt may contain the following:• VNCSERVERS= value , where value is set to something like "1:fred&quo

Chapter 3. Boot Process, Init, and Shutdown 753.8. Shutting DownTo shut down Red Hat Linux, issue the shutdown command. You can read the shutdown man

76 Chapter 3. Boot Process, Init, and Shutdown

Chapter 4.Boot LoadersBefore Red Hat Linux can run on a system, it must be started by special program called a boot loader.The boot loader program usu

78 Chapter 4. Boot LoadersThe boot process used by other operating systems may differ. For example, Microsoft’s DOS andWindows operating systems, as w

Chapter 4. Boot Loaders 79The following command installs GRUB to the MBR of the master IDE device on the primary IDEbus, alos known as the C drive:/sb

viii IntroductionNoteAlthough this manual reflects the most current information possible, you should read the Red HatLinux Release Notes for informatio

80 Chapter 4. Boot Loaders4.4.2. File NamesWhen typing commands to GRUB involving a file, such as a menu list to use when allowing thebooting of multip

Chapter 4. Boot Loaders 814.5.1. Menu InterfaceIf GRUB was automatically configured by the Red Hat Linux installation program, this is the inter-face s

82 Chapter 4. Boot LoadersThe following is a list useful commands:• boot — Boots the operating system or chain loader that has been previously specifie

Chapter 4. Boot Loaders 834.7.1. Special Configuration File CommandsThe following commands can only be used in the GRUB menu configuration file:• colorno

84 Chapter 4. Boot LoadersThis file would tell GRUB to build a menu with Red Hat Linux as the default operating system, setto autoboot it after 10 seco

Chapter 4. Boot Loaders 854.8.2. LILO vs. GRUBIn general, LILO works similarly to GRUB except for three major differences:• It has no interactive comm

86 Chapter 4. Boot Loaderslabel=linuxinitrd=/boot/initrd-2.4.0-0.43.6.imgread-onlyroot=/dev/hda5other=/dev/hda1label=dosThis example shows a system co

Chapter 4. Boot Loaders 87In this command, replace number with either the number of the runlevel you wish to boot into (1through 5), or the word singl

88 Chapter 4. Boot Loaders

Chapter 5.Users and GroupsControl of users and groups is a core element of Red Hat Linux system administration.Users can be either people, meaning acc

Introduction ix• An explanation of how Linux works — While delving into the most arcane aspects of the Linuxkernel is not necessary, it is a good idea

90 Chapter 5. Users and GroupsUser UID GID Home Directory Shellmail 8 12 /var/spool/mail /sbin/nologinnews 9 13 /var/spool/newsuucp 10 14 /var/spool/u

Chapter 5. Users and Groups 91User UID GID Home Directory Shellpostfix 89 89 /var/spool/postfix /bin/trueprivoxy 100 101 /etc/privoxypvm 24 24 /usr/sha

92 Chapter 5. Users and GroupsGroup GID Membersrpm 37 rpmutmp 22wnn 49ntp 38nscd 28apache 48mysql 27mailnull 47smmsp 51rpc 32xfs 43gdm 42rpcuser 29nfs

Chapter 5. Users and Groups 93User Private GroupEvery user has a primary group; the user is the only member of that group.umask = 002Traditionally, on

94 Chapter 5. Users and Groupschown -R root.emacs /usr/lib/emacs/site-lispNow, it is possible to add the proper users to the group with gpasswd:/usr/b

Chapter 5. Users and Groups 95• The utilities will work properly whether shadowing is enabled or not.• The utilities have been slightly modified to sup

96 Chapter 5. Users and Groups

Chapter 6.The X Window SystemWhile the heart of Red Hat Linux is the kernel, for many users, the face of the operating system is thegraphical environm

98 Chapter 6. The X Window System6.2. XFree86Red Hat Linux 8.0 uses XFree86 version 4.2 as the base X Window System, which includes thevarious necessa

Chapter 6. The X Window System 99DeviceSpecifies information about the video card used by the system. You must have at least one De-vice section in you