RHCE topics
RHCE exam topics cover more advanced server configuration, along with a variety of security features for securing those servers in Red Hat Enterprise Linux 7. Again, check the RHCE exam objectives site for the most up-to-date information on topics you should study for the exam.
System configuration and management
The system configuration and management requirement for the RHCE exam covers a range of topics, including the following:
● Bonding– Set up bonding to aggregate network links. Bonding is described in Chapter 14.
● Route IP traffic– Set up static routes to specific network addresses. Chapter 14 includes a description of how to set up custom routes.
● Firewalls– Block or allow traffic to selected ports on your system that offer services such as web, FTP, and NFS, as well as block or allow access to services based on the originator's IP address. Firewalls are covered in Chapter 25.
● Kernel tunables– Set kernel tunable parameters using the /etc/sysctl.conf file and the sysctl command. See Chapter 14 for a description of how to use the /etc/sysctl.conf file to change IP forwarding settings in /proc/sys.
● Kerberos authentication– Use Kerberos to authenticate users on a RHEL system. Chapter 11 includes a description of setting up a system to authentication to a Kerberos server.
● Configure iSCSI– Set up system as an iSCSI target and initiator that mounts an iSCSI target at boot time. See the Red Hat Storage Administration Guide for further information (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Storage_Administration_Guide/ch-iscsi.html)
● System reports– Use features such as sar to report on system use of memory, disk access, network traffic, and processor utilization. Chapter 13 describes how to use the sar command.
● Shell scripting– Create a simple shell script to take input and produce output in various ways. Shell scripting is described in Chapter 7.
● Remote logging– Configure the rsyslogd facility to gather log messages and distribute them to a remote logging server. Also, configure a remote logging server facility to gather log messages from logging clients. Chapter 13 covers remote logging with rsyslogd.
● SELinux– With Security Enhanced Linux in Enforcing mode, make sure that all server configurations described in the next section are properly secured with SELinux. SELinux is described in Chapter 24.
Installing and configuring network services
For each of the network services in the list that follows, make sure that you can go through the steps to install packages required by the service, set up SELinux to allow access to the service, set the service to start at boot time, secure the service by host or by user (using iptables, TCP wrappers, or features provided by the service itself), and configure it for basic operation. These are the services:
● Web server– Configure an Apache (HTTP/HTTPS) server. You must be able to set up a virtual host, deploy a CGI script, use private directories, and allow a particular Linux group to manage the content. Chapter 17 describes how to configure a Web server.
● DNS server– Set up a DNS server (bind package) to act as a caching-only name server that can forward DNS queries to another DNS server. No need to configure master or slave zones. DNS is described from the client side in Chapter 14. For information on configuring a DNS server with Bind, see the RHEL Networking Guide (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Networking_Guide).
● NFS server– Configure an NFS server to share specific directories to specific client systems so they can be used for group collaboration. Chapter 20 covers NFS.
● Windows file sharing server– Set up Linux (Samba) to provide SMB shares to specific hosts and users. Configure the shares for group collaboration. See Chapter 19 to learn about configuring Samba.
● Mail server– Configure postfix or sendmail to accept incoming mail from outside the local host. Relay mail to a smart host. Mail server configuration is not covered in this book (and should not be done lightly). See the RHEL System Administrator's Guide for information on configuring mail servers (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/System_Administrators_Guide/index.html#ch-Mail_Servers).
● Secure Shell server– Set up the SSH service (sshd) to allow remote login to your local system as well as key-based authentication. Otherwise, configure the sshd.conf file as needed. Chapter 13 describes how to configure the sshd service.
● Network Time server– Configure a Network Time Protocol server (ntpd) to synchronize time with other NTP peers. See Chapter 26 for information on configuring the ntpd service.
● Database server– Configure the MariaDB database and manage it in various ways. Learn how to configure MariaDB from the MariaDB.org site (https://mariadb.com/kb/en/mariadb/documentation/).
Although there are other tasks in the RHCE exam, as just noted, keep in mind that most of the tasks have you configure servers and then secure those servers using any technique you need. Those can include firewall rules (iptables), SELinux, TCP Wrappers, or any features built into configuration files for the particular service.
Summary
Linux is an operating system that is built by a community of software developers around the world and led by its creator, Linus Torvalds. It is derived originally from the UNIX operating system, but has grown beyond UNIX in popularity and power over the years.
The history of the Linux operating system can be tracked from early UNIX systems that were distributed free to colleges and improved by initiatives such as the Berkeley Software Distribution (BSD). The Free Software Foundation helped make many of the components needed to create a fully-free UNIX-like operating system. The Linux kernel itself was the last major component needed to complete the job.
Most Linux software projects are protected by one of a set of licenses that fall under the Open Source Initiative umbrella. The most prominent of these is the GNU Public License (GPL). Standards such as the Linux Standard Base and world-class Linux organizations and companies (such as Canonical Ltd.