Welcome to TiddlyWiki created by Jeremy Ruston, Copyright © 2007 UnaMesa Association
automount location that searches for network fileshares at that host...
ls /net/instructor looks for shares mountable from the host instructor.
* [[Overview|http://www.redhat.com/rhel/]]
* [[Server|http://www.redhat.com/rhel/server/]] and [[Desktop|http://www.redhat.com/rhel/desktop/]] variants
* [[Add-on Functionality|http://www.redhat.com/rhel/add-ons/]]
* [[LifeCycle|https://access.redhat.com/support/policy/updates/errata/]]
!Accessing a shell prompt
* In runlevel 3
* From the Desktop
* From the Menu
* From the Run Application dialog
* From a virtual Terminal
! Basic Syntax
* Typical Command Format
{{{command <options> <target>}}}
* Command help and man pages
* virt-manager
* virt-viewer
!To access it as a text console only
With libguestfs-tools installed and the VM in question shut-down, from the host::
# virt-edit {VMname} /boot/grub/menu.lst
There, append to the kernel line::
console=tty0 console=ttyS0.
After saving, the following commands should allow a console based view of the boot process and a console login::
# virsh start {VMname} ; virsh console {VMname}
[[Remote access using SSH]]
[[Remote access using VNC]]
Authentication keeps information such as: username, password, uid, gid, shell, home dir, etc. By default this is kept on the local system -- but it can be stored in a centralized server such as an LDAP server.
yum groupinstall directory-client
system-config-authentication
authconfig-gtk
system-config-authentication
sssd -- caches credentials
getent passwd username
[[SELinux bug when changing password in single user mode]]
! By changing the default:
In the file {{{/etc/inittab}}}, find the line that reads:
{{{
id:X:initdefault:
}}}
(where the "X" is a number between 2 and 5 corresponding to the run-level definition shown in the file)
Use a text editor to change the number (represented by "X" in the example above) to that of the runlevel you want to become the new default.
This is a good use-case for [[sed]], where the following line will implement the change from run-level 5 to run-level 3 without the need to open a file for editing:
{{{
# sed -i s/id:5:/id:3:/g /etc/inittab
}}}
! By intervening in the boot process by using the GRUB menu:
Press a key at the GRUB prompt. Use the GRUB menu interface to append the desired runlevel number to the end of the line that invokes the kernel:
* GRUB Menu
* Display Manager Screen
* Gnome or KDE
* Terminal commands: shutdown, halt, poweroff, reboot, init
! Documentation on Using and Creating RPM Packages
As of this writing, Red Hat is pointing users to the following RPM Guide from the Fedora project for more information on RPM creation:
http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/RPM_Guide/
! Inside an RPM package
* files
* scripts
* metadata
Good example of a spec file can be obtained from the source rpm for redhat-release.
Open .spec in vim for color highlighting
Main sections:
%prep
%build
%install
%clean
Useful entries:
* BuildRequires:
* BuildArch:
! Packages to install
* rpm-build
* rpmdevtools
* rpmlint
! Setting up a Build Environment
As a non-privileged user, run:
{{{$ rpmdev-setuptree}}}
This should create the following directory structure in your home directory:
{{{
~/rpmbuild
├── BUILD
├── RPMS
├── SOURCES
├── SPECS
└── SRPMS
}}}
In that structure, your source files (in a tarball) should be placed {{{~/rpmbuild/SOURCES/}}} and your .spec file in {{{~/rpmbuild/SPECS/}}}. The {{{~/rpmbuild/BUILD/}}} directory will be a temporary working directory for the build process. And, after the rpmbuild process is complete, the finished binary and source RPMs will be placed in {{{~/rpmbuild/RPMS/}}} and {{{~/rpmbuild/SRPMS/}}}, respectively.
! Viewing the Build Environment
When diagnosing build problems, it is sometimes useful to see what files are actually being created in the build environment in order to identify deviations of actual behavior from expected behavior. The {{{tree}}} utility is useful for that.
Install {{{tree}}} with {{{# yum install tree}}}.
Invoke {{{tree}}} with {{{$ tree ~/rpmbuild}}} to show the contents of the build environment.
! Signing Your ~RPMs
Your RPMs can be digitally signed to protect users from the possibility of forged packages (any RPM package can execute scripts w/ root privileges when installed!). To implement this, first generate and identify a gpg key:
{{{
$ gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Scott Purcell
Email address: scott@texastwister.info
Comment:
You selected this USER-ID:
"Scott Purcell <scott@texastwister.info>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key B9AED1DE marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/B9AED1DE 2011-02-22
Key fingerprint = 9987 B276 A24A 1210 13A7 4D05 9F3F 8934 B9AE D1DE
uid Scott Purcell <scott@texastwister.info>
sub 2048R/0DA4CCE9 2011-02-22
[scott@Client1 rhel6]$
}}}
The key ID can be seen in the output above, or can be found with {{{gpg --fingerprint}}}
Export the key to a file:
{{{
$ gpg --armor --output ~/RPM-GPG-KEY-ScottPurcell --export B9AED1DE
[scott@Client1 ~]$ ls RPM-GPG-KEY*
RPM-GPG-KEY-ScottPurcell
[scott@Client1 ~]$ cat RPM-GPG-KEY-ScottPurcell
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)
mQENBE1jVagBCADVDTOvRl3Z5xPZb6AAl2D3bM/H4kEhyJ+yk1pbVPmu8yu0Cbsl
2cOXSz5MCAZKaeu2YK929v3FQ+I8Rk5j+hXvEUM0ZbbdlRjtqvQ9I2vxpZLCq+gj
NdUEo7neehfInVnZBhxzbaTCWYFN3k0YoE9RzyduTnRjQ0HqtKNQADSvgxOvjNGQ
UsGoPfBW1/SBQAy26ZesWXVE8R3z/G4IHdXFJ8mMjxEduGn7eFag1uLySXCKGRY1
4kjMEVITSeTOW2m8N0o47Vu++00GhCsvLrQgu6rGmNYDyj1HSpU2F7GWFbRBqvUp
AOiDaE9ZRkymeOCyALF1N9zgz2NyNeYAe8qDABEBAAG0J1Njb3R0IFB1cmNlbGwg
PHNjb3R0QHRleGFzdHdpc3Rlci5pbmZvPokBOAQTAQIAIgUCTWNVqAIbAwYLCQgH
AwIGFQgCCQoLBBYCAwECHgECF4AACgkQnz+JNLmu0d73zAf7BmnzOk7oPyJO6A9D
dZhA+pg77LB9jKNQR2+Qx7lNbJyDIVGafrpU39qdOzc1IWDNyXMnAZUDwqjz48Y0
ioUj/FFuJzPohjaO4pZn+r58ICYA7+uuARNJ0ujmaVsOR8YlkHSldITNK9ni01DV
3ha/V1g+3L9Kgebq0l3R+3NaRJvBfUIJgM/ceCGSvn135gL9whIZnfPRVusSiCLA
waCjT88v+tLwwjGDaUqHUXb47yNEN+gw+thYKAbUlv/sf4Z6PS4+DiLpCp7wybUl
4sack1F9WrDVvNx0TEoSxJlYvYpU+1NdZlXu5rK6qVrroeO2ozdhn7nx31rIdQPo
31lNYbkBDQRNY1WoAQgAq1A+1r9T45FUv4KV7BcX3DKeSqk5rWBqXLpiCENxV8cU
NBOYGKBfAQJ6Gv9MUrEPcDzZ3AQdaFUyzQpOdJFy61whn8oGkRZFOhQLWhHkaRrD
uFMj3LujQiWlrKyf0m16daHAYqqIl+hzUvhpy2uSkRFVAnPj4RTSPw4aAieoksQJ
NHSoA2ZTPGM3S/tW0OKNbSp6L4TXddP7zo/X9iEax0DStVhheg7v8bJcWTF3Gd8c
tBdxmkwYBfO1KEXsrDgkaAaIXQQd/j1GDmWiw3L7rICbgPVhloKOVb7Q5elGDiry
pRON0CpkUdb9SbKVNHEmwGlB+DZ0yQZFvB0ZjiXhVQARAQABiQEfBBgBAgAJBQJN
Y1WoAhsMAAoJEJ8/iTS5rtHecC8H/14xWH2w+OFxVol4asA55Kz5YtrtGpQe98VK
fR86QsdBSUs4Evy22g5WXkARtdgg741LBqrm3SWVnbLfuoLujN3Q+ylqmiNk6Bmh
E+McEfMQ8rcKEifEfiFlQJj9wIScebD4nxPXpAqcaKyz4HpjPzgOnKQpXxPk4kSV
d7OkmxdyDDvmBOHODYivPybZTdiHIBraFmCGlmfLkFcMZbuZwjE7LyWB4Xjo2fw2
QnqQEs/XzXsaXDwBMuayebzoKb06RNzQQC3uqQFszw7ObRtIqi9nEg5Hcfy2ip3j
R+J9rjvN8rNpQwm40Gx6RpM7qtP/LodzD46dNfbr87lJ4F+4A3U=
=f4Gq
-----END PGP PUBLIC KEY BLOCK-----
}}}
Configure rpm-related tools to use your signature:
{{{
$ echo '%_gpg_name Scott Purcell'>> ~/.rpmmacros
}}}
or
{{{
$ echo '%_gpg_name B9AED1DE'>> ~/.rpmmacros
}}}
Now packages can be created and signed at the same time with rpmbuild using the {{{--sign}}} option. Or existing packages can be retroactively signed with rpm using the {{{--addsign}}} or {{{--resign}}} options.
With a signed package in place, the user intending to install it now needs to import the key:
{{{
# rpm --import /home/scott/RPM-GPG-KEY-ScottPurcell
}}}
And with the key imported, the package can be verified:
{{{
$ rpm -K rpmbuild/RPMS/x86_64/rhel6rhce-0.5-1.el6.x86_64.rpm
rpmbuild/RPMS/x86_64/rhel6rhce-0.5-1.el6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
}}}
!Exercise
As root, install rpm-build, rpmlint, rpmdevtools
{{{# yum -y install rpmbuild rpmdevtools rpmlint}}}
As a non-privileged user:
Create a project directory
{{{$ mkdir ~/hello-1.0}}}
Name this according to the convention: <projname>-<majorver>.<minorver>
Create bash script: ~/hello-1.0/hello.sh
{{{
#!/bin/bash
# hello.sh
echo 'hello'
exit 0
}}}
Create a tarball of the project directory
{{{$ tar cvzf hello-1.0.tar.gz ~/hello-1.0/}}}
Create an rpm development environment
{{{$ rpmdev-setuptree}}}
Move the tarball to the SOURCES directory
Create a .spec file in the SPECS directory
{{{$ vim pkgname.spec}}}
or
{{{$ rpmdev-newspec -o pkgname.spec}}}
Insert a name (Match the pkgname on the tarball and direcotory)
Insert a version (Match the version)
Leave the release alone
Insert a summary (one line)
Insert a group (package group)
Insert a license
Insert a URL or delete the line
Insert on the Source0 line, the name of your tarball
Leave the BuildRoot line alone
Unless your package has prerequisites needed before it can be compiled, delete the BuildRequires line
Unless your package has prerequisites needed before it can work, delete the Requires line
On a blank line below %description, insert a brief description of your package
Leave the %prep and %setup lines alone
If your package does not need to be "built" (compiled), delete the %build, %configure, and make lines.
Leave the %install section header alone.
Under the %install section, leave the rm line alone.
If your package does not need to be built, modify the make install line to something like this:
{{{install -D myfile $RPM_BUILD_ROOT/path/to/install/dest/myfile}}}
Leave the %clean and the rm -rf lines alone.
Under %files, use the following syntax to list each of the files your package will place on the target system:
{{{%attr(770,owner,group)/path/to/file}}}
Use the following syntax to list each of the directories you package will place on the target system:
{{{%dir /root/bin}}}
The changelog section can be deleted or left alone.
Background: #fff
Foreground: #000
PrimaryPale: #8cf
PrimaryLight: #b90000
PrimaryMid: #490005
PrimaryDark: #210000
SecondaryPale: #ffc
SecondaryLight: #fe8
SecondaryMid: #db4
SecondaryDark: #841
TertiaryPale: #eee
TertiaryLight: #ccc
TertiaryMid: #999
TertiaryDark: #666
Error: #f88
!Packages
* iscsi-initiator-utils
* scsi-target-utils
!Documentation
!Terms to Know
!Process for accessing a remote iSCSI target
# Install the initiator utilities
# Set the local initiator name
# Discover the targets offered by the iSCSI server (target portal)
# Log in to an offered target
# Identify the device name assigned
# Use it as any SCSI disk -- partition, create FS, mount, configure for persistent mounting in /etc/fstab.
Only caveats are that /etc/fstab should mount it via UUID (or label) since device naming can change on reboot and should include _netdev as a mount option so that no attempt is made to mount the device until after the network is activated.
[[Session 1]] Introductions, expectations, and basic system operation topics
[[Session 2]] Storage and filesystems
[[Session 3]] Managing software, processes, kernel attribute, and users and groups
[[Session 4]] Networking and routing
[[Session 5]] Firewalls and SELinux
[[Session 6]] Virtualization
[[Session 7]] Logging and remote access
[[Session 8]] Network Time Protocol
[[Session 9]] HTTP and FTP
[[Session 10]] NFS and Samba
[[Session 11]] DNS and SMTP
[[Session 12]] Finish uncompleted topics, Review, or Practice Exam
/usr/share/doc/bind-9.7.0/arm/Bv9ARM.* html and pdf versions of a book
named-checkconf
named-checkzone
netstat -tulpn
!Installation
!~SELinux Configuration
!Configure Persistently On
!Configure for Basic Operation
!Configure host-based Security
!Configure user-based Security
For local caching-only nameserver: install and start it.
For caching-only nameserver serving others: install it, configure to listen on "any" or specific interfaces and to allow queries from localhost and localnets or specific networks, start it.
Fdisk
* Untrustworthy with disks > 2 TB
* fdisk -c should be used to disable cylinder boundaries -- now considered obsolete
* fdisk -cu changes units used to sectors
Parted
parted devname print is equiv to fdisk -l
With libguestfs-tools installed and the VM in question shut-down, from the host:
{{{# virt-edit {VMname} /boot/grub/menu.lst}}}
There, append to the kernel line {{{console=tty0 console=ttyS0}}}.
After saving, the following commands should allow a console based view of the boot process and a console login:
{{{# virsh start {VMname} ; virsh console {VMname} }}}
vsftpd
!Installation
{{{# yum install vsftpd}}}
!~SELinux Configuration
man 8 ftpd_selinux
!Configure Persistently On
{{{# chkconfig vsftpd on ; service vsftpd start }}}
!Configure for Basic Operation
!!Share files for anonymous download:
Install and start the service.
Place files for download in {{{/var/ftp/pub}}}
!!Allow Anon uploads
Install and start the service.
Modify
Place files for download in {{{/var/ftp/pub}}}
!Configure host-based Security
!Configure user-based Security
yum -y install vsftpd
service vsftpd start
chkconfig vsftpd on
cd /var/ftp
mkdir incoming
chgrp ftp incoming
chmod 730 incoming
man ftpd_selinux
semanage fcontext -a -t public_content_rw_t '/var/ftp/incoming(/.*)?'
semanage boolean -l |grep anon
setsebool -P allow_ftpd_anon_write on
restorecon -rvv /var/ftp/
vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
local_enable=NO
write_enable=YES
anon_upload_enable=YES
chown_uploads=YES
chown_username=daemon
restart service
configure firewall
in /etc/sysconfig/iptables:
IPTABELS_MODULES="nf_conntrack_ftp"
(GUI tool adds this automatically)
Tip:
Use system-config-firewall to enable and select FTP and SSH to generate a sample set of rules and load the connection tracking module.
iptables
Two key tables -- Filter, and NAT
options
-n -- no translation from ports to expected services
-v -- clarifies which rules apply to which interface
-l -- no lookup
Each table has chains -- such as input, forward, output
Each default chain has a default policy -- accept or drop
iptables -nvL --line-numbers
iptables -I INPUT 6 -i eth0 -s192.168.0.0/24 -p tcp -m state --state NEW --dport 80 -j ACCEPT
Try to have most-frequently matched rules at the top -
{{{# watch -d -n 2 `iptables -nvL` }}} shows connections being accepted or rejected in realtime
troubleshooting tip -- but don't leav this running always!
iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --
!Inline Formatting
|!Option|!Syntax|!Output|
|bold font|{{{''bold''}}}|''bold''|
|italic type|{{{//italic//}}}|//italic//|
|underlined text|{{{__underlined__}}}|__underlined__|
|strikethrough text|{{{--strikethrough--}}}|--strikethrough--|
|superscript text|{{{^^super^^script}}}|^^super^^script|
|subscript text|{{{~~sub~~script}}}|~~sub~~script|
|highlighted text|{{{@@highlighted@@}}}|@@highlighted@@|
|preformatted text|<html><code>{{{preformatted}}}</code></html>|{{{preformatted}}}|
!Block Elements
!!Headings
{{{
!Heading 1
!!Heading 2
!!!Heading 3
!!!!Heading 4
!!!!!Heading 5
}}}
<<<
!Heading 1
!!Heading 2
!!!Heading 3
!!!!Heading 4
!!!!!Heading 5
<<<
!!Lists
{{{
* unordered list, level 1
** unordered list, level 2
*** unordered list, level 3
# ordered list, level 1
## ordered list, level 2
### ordered list, level 3
; definition list, term
: definition list, description
}}}
<<<
* unordered list, level 1
** unordered list, level 2
*** unordered list, level 3
# ordered list, level 1
## ordered list, level 2
### ordered list, level 3
; definition list, term
: definition list, description
<<<
!!Blockquotes
{{{
> blockquote, level 1
>> blockquote, level 2
>>> blockquote, level 3
<<<
blockquote
<<<
}}}
<<<
> blockquote, level 1
>> blockquote, level 2
>>> blockquote, level 3
> blockquote
<<<
!!Preformatted Text
<html><pre>
{{{
preformatted (e.g. code)
}}}
</pre></html>
<<<
{{{
preformatted (e.g. code)
}}}
<<<
!!Tables
{{{
|CssClass|k
|!heading column 1|!heading column 2|
|row 1, column 1|row 1, column 2|
|row 2, column 1|row 2, column 2|
|>|COLSPAN|
|ROWSPAN| … |
|~| … |
|CssProperty:value;…| … |
|caption|c
}}}
''Annotation:''
* The {{{>}}} marker creates a "colspan", causing the current cell to merge with the one to the right.
* The {{{~}}} marker creates a "rowspan", causing the current cell to merge with the one above.
<<<
|CssClass|k
|!heading column 1|!heading column 2|
|row 1, column 1|row 1, column 2|
|row 2, column 1|row 2, column 2|
|>|COLSPAN|
|ROWSPAN| … |
|~| … |
|CssProperty:value;…| … |
|caption|c
<<<
!!Images /% TODO %/
cf. [[TiddlyWiki.com|http://www.tiddlywiki.com/#EmbeddedImages]]
!Hyperlinks
* [[WikiWords|WikiWord]] are automatically transformed to hyperlinks to the respective tiddler
** the automatic transformation can be suppressed by preceding the respective WikiWord with a tilde ({{{~}}}): {{{~WikiWord}}}
* [[PrettyLinks]] are enclosed in square brackets and contain the desired tiddler name: {{{[[tiddler name]]}}}
** optionally, a custom title or description can be added, separated by a pipe character ({{{|}}}): {{{[[title|target]]}}}<br>''N.B.:'' In this case, the target can also be any website (i.e. URL).
!Custom Styling
* {{{@@CssProperty:value;CssProperty:value;…@@}}}<br>''N.B.:'' CSS color definitions should use lowercase letters to prevent the inadvertent creation of WikiWords.
* <html><code>{{customCssClass{…}}}</code></html>
* raw HTML can be inserted by enclosing the respective code in HTML tags: {{{<html> … </html>}}}
!Special Markers
* {{{<br>}}} forces a manual line break
* {{{----}}} creates a horizontal ruler
* [[HTML entities|http://www.tiddlywiki.com/#HtmlEntities]]
* {{{<<macroName>>}}} calls the respective [[macro|Macros]]
* To hide text within a tiddler so that it is not displayed, it can be wrapped in {{{/%}}} and {{{%/}}}.<br/>This can be a useful trick for hiding drafts or annotating complex markup.
* To prevent wiki markup from taking effect for a particular section, that section can be enclosed in three double quotes: e.g. {{{"""WikiWord"""}}}.
To get started with this blank [[TiddlyWiki]], you'll need to modify the following tiddlers:
* [[SiteTitle]] & [[SiteSubtitle]]: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)
* [[MainMenu]]: The menu (usually on the left)
* [[DefaultTiddlers]]: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened
* [[ColorPalette]]: Allows changes to the Color Scheme.
You'll also need to enter your username for signing your edits: <<option txtUserName>>
Virtual host
!Installation
{{{# yum -y groupinstall "Web Server"}}}
The group "Web Server" installs all you'll commonly need -- Apache, mod_ssl, httpd-manual, perl, etc.
!~SELinux Configuration
{{{$ man htttp_selinux}}}
! Firewall Configuration
!Configure Persistently On
{{{# chkconfig httpd on; service httpd start}}}
!Configure for Basic Operation
# Install
# Start and configure "on"
# Check/set Firewall
# Place pages in {{{/var/www/html}}}
# Check/set SELinux
!Configure host-based Security
!Configure user-based Security
!Configure a virtual host
uncomment the open and close 1st virtual host stanza, leave the contents alone -- it inherits the defaults as your first vh
Then copy the stanza, paste, and edit for add'l virtual hosts.
!Configure private directories
!Deploy a basic CGI application
!Configure group-managed content
For a list of available package groups: {{{# yum grouplist -v}}}. Use the name in parentheses in the ks.cfg
! [[Working with RPM Packages]]
! [[Working with Remote Repositories]]
! [[Working with the Red Hat Network|RHN]]
[[Password Randomization Script]]
! Your Instructor
Scott Purcell
!! Contact Info:
scottpurcell78750@gmail.com
http://www.linkedin.com/in/scottpurcell
http://twitter.com/texastwister
http://www.facebook.com/Scott.L.Purcell
!! Qualifications
* RHCSA, RHCE #110-008-877 (RHEL6)
* Also: CTT+, CLA, CLP, CNI, LPIC1, Linux+
* Curriculum Developer and Trainer for a major computer manufacturer for going on 11 years
* Linux Enthusiast since 2000
!! Personal
* Husband, father, disciple and apologist
* Fun: Part-time Balloon Entertainer
! Fellow Students
Please Introduce Yourselves
* Name
* Where you work or what you do.
* What Linux experience do you already have?
* What goals do you have for this class?
* Something fun about yourself.
Type the text for 'New Tiddler'
LDAP passwords are plain-text over the network unless TLS encryption is used.
Create a partition
Initialize for LUKS
{{{# cryptsetup luksFormat /dev/devname}}}
Open it
{{{# cryptsetup luksOpen /dev/devname encryptname}}}
Create a filesystem on the encrypted device
{{{# mkfs -t fstype /dev/mapper/encryptname}}}
Mount it (assuming already open)
{{{# mount /dev/mapper/encryptname /path/to/mountpoint}}}
Configure /etc/crypttab
{{{ encryptname /dev/devname <password or path to passfile>}}}
Configure /etc/fstab
{{{ /dev/mapper/encryptname /path/to/mountpoint fstype defaults 1 2 }}}
Reboot to test
MountLUKSfs
UnmountLUKSfs
UseLUKSfs
Type the text for 'New Tiddler'
[[SALab: Access a Remote System with VNC]]
[[SALab: Create and Use LUKS-encrypted Volumes]]
[[SALab: Add New Storage and Swap Non-Disruptively]]
[[SALab: Configure Users, Groups, Permissions, and FACLs for Collaboration]]
[[SALab: Configure and Use a Kickstart File for Installation]]
[[SALab: Configure a System for Virtualization]]
[[SALab: Install RHEL on a Virtual Machine]]
[[SALab: Configure a System to Access a Yum Repository]]
[[SALab: Safely Perform a Kernel Update]]
[[SALab: Configure a System to Use an LDAP Server]]
[[ELab: Enable Routing]]
[[ELab: Create a Static Route]]
[[ELab: Configure a Firewall for Packet Filtering]]
[[ELab: Configure a Firewall for NAT]]
[[ELab: Package a File for Distribution through RPM]]
[[ELab: Create a Repository with Custom RPMs]]
[[ELab: Mount an iSCSI target and Ensure Persistence]]
[[ELab: Analyze and Report on System Utilization]]
[[E/SALab: Use Scripting and Scheduling for System Maintenance Tasks]]
[[ELab: Send Syslog Messages to a Remote Server]]
[[ELab: Receive Syslog Messages from a Remote Server]]
[[E/SALab: Configure a Web Server]]
[[ELab: Configure a Caching DNS Server]]
[[E/SALab: Configure an FTP Server]]
[[E/SALab: Configure an NFS Export]]
[[E/SALab: Configure a Samba Fileshare]]
[[ELab: Configure an NTP Server]]
[[E/SALab: Access a Remote System with SSH]]
/***
|''Name:''|LoadRemoteFileThroughProxy (previous LoadRemoteFileHijack)|
|''Description:''|When the TiddlyWiki file is located on the web (view over http) the content of [[SiteProxy]] tiddler is added in front of the file url. If [[SiteProxy]] does not exist "/proxy/" is added. |
|''Version:''|1.1.0|
|''Date:''|mar 17, 2007|
|''Source:''|http://tiddlywiki.bidix.info/#LoadRemoteFileHijack|
|''Author:''|BidiX (BidiX (at) bidix (dot) info)|
|''License:''|[[BSD open source license|http://tiddlywiki.bidix.info/#%5B%5BBSD%20open%20source%20license%5D%5D ]]|
|''~CoreVersion:''|2.2.0|
***/
//{{{
version.extensions.LoadRemoteFileThroughProxy = {
major: 1, minor: 1, revision: 0,
date: new Date("mar 17, 2007"),
source: "http://tiddlywiki.bidix.info/#LoadRemoteFileThroughProxy"};
if (!window.bidix) window.bidix = {}; // bidix namespace
if (!bidix.core) bidix.core = {};
bidix.core.loadRemoteFile = loadRemoteFile;
loadRemoteFile = function(url,callback,params)
{
if ((document.location.toString().substr(0,4) == "http") && (url.substr(0,4) == "http")){
url = store.getTiddlerText("SiteProxy", "/proxy/") + url;
}
return bidix.core.loadRemoteFile(url,callback,params);
}
//}}}
``/var/log/*``
View with ``cat``, ``less`` or other tools
Search with ``grep``
Type the text for 'New Tiddler'
[[WelcomeToTiddlyspot]]
[[GettingStarted]]
----------
[[RH_Cert_Landscape|The Red Hat Certification Landscape]]
[[RHCSA]]
[[RHCE]]
----------
[[PrepEnvironment]]
[[CourseOutline]]
[[Labs]]
[[Instructor Aids]]
----------
[[Edit this Menu|MainMenu]]
<html>
<a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-sa/3.0/80x15.png" /></a><br /><span xmlns:dct="http://purl.org/dc/terms/" href="http://purl.org/dc/dcmitype/Text" property="dct:title" rel="dct:type">Preparing for RHCE on RHEL6</span> by <a xmlns:cc="http://creativecommons.org/ns#" href="http://rhel6rhce.tiddlyspot.com/" property="cc:attributionName" rel="cc:attributionURL">Scott Purcell</a> is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/">Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License</a>.
</html>
Type the text for 'Modify the system bootloader'
!Installation
!~SELinux Configuration
!Configure Persistently On
!Configure for Basic Operation
!Configure host-based Security
!Configure user-based Security
bonding.txt installed in usr/share/docs... by the kernel-doc package
system-config-date or system-config-time
Purposes: 1) Keep accurate time 2) Keep consistent time
!Installation
!~SELinux Configuration
!Configure Persistently On
!Configure for Basic Operation
!Configure host-based Security
!Configure user-based Security
!Synchronize time using other NTP peers
/etc/sysctl.conf
net.ipv4.ip_forward
/proc/sys/net/ipb4/ip_forward
echo values into thes
Service name: NetworkManager
Start it: {{{# service NetworkManager start}}}
Configure it persistently on: {{{# chkconfig NetworkManager on}}}
NM now the default.
Config option allows individual options to opt-out of NM control
moves gateway and and dns info into interface config file
Doesn't do IP Aliasing, nor Bonding
! Switching between them
!Installation
!~SELinux Configuration
!Configure Persistently On
!Configure for Basic Operation
!Configure host-based Security
!Configure user-based Security
{{{
#!/bin/bash
# Sets a random password to simulate a lost password and create a password recovery situation.
# Run as root on a learning system.
tr -dc A-Za-z0-9 </dev/urandom | head -c 14 | passwd --stdin
}}}
/***
|''Name:''|PasswordOptionPlugin|
|''Description:''|Extends TiddlyWiki options with non encrypted password option.|
|''Version:''|1.0.2|
|''Date:''|Apr 19, 2007|
|''Source:''|http://tiddlywiki.bidix.info/#PasswordOptionPlugin|
|''Author:''|BidiX (BidiX (at) bidix (dot) info)|
|''License:''|[[BSD open source license|http://tiddlywiki.bidix.info/#%5B%5BBSD%20open%20source%20license%5D%5D ]]|
|''~CoreVersion:''|2.2.0 (Beta 5)|
***/
//{{{
version.extensions.PasswordOptionPlugin = {
major: 1, minor: 0, revision: 2,
date: new Date("Apr 19, 2007"),
source: 'http://tiddlywiki.bidix.info/#PasswordOptionPlugin',
author: 'BidiX (BidiX (at) bidix (dot) info',
license: '[[BSD open source license|http://tiddlywiki.bidix.info/#%5B%5BBSD%20open%20source%20license%5D%5D]]',
coreVersion: '2.2.0 (Beta 5)'
};
config.macros.option.passwordCheckboxLabel = "Save this password on this computer";
config.macros.option.passwordInputType = "password"; // password | text
setStylesheet(".pasOptionInput {width: 11em;}\n","passwordInputTypeStyle");
merge(config.macros.option.types, {
'pas': {
elementType: "input",
valueField: "value",
eventName: "onkeyup",
className: "pasOptionInput",
typeValue: config.macros.option.passwordInputType,
create: function(place,type,opt,className,desc) {
// password field
config.macros.option.genericCreate(place,'pas',opt,className,desc);
// checkbox linked with this password "save this password on this computer"
config.macros.option.genericCreate(place,'chk','chk'+opt,className,desc);
// text savePasswordCheckboxLabel
place.appendChild(document.createTextNode(config.macros.option.passwordCheckboxLabel));
},
onChange: config.macros.option.genericOnChange
}
});
merge(config.optionHandlers['chk'], {
get: function(name) {
// is there an option linked with this chk ?
var opt = name.substr(3);
if (config.options[opt])
saveOptionCookie(opt);
return config.options[name] ? "true" : "false";
}
});
merge(config.optionHandlers, {
'pas': {
get: function(name) {
if (config.options["chk"+name]) {
return encodeCookie(config.options[name].toString());
} else {
return "";
}
},
set: function(name,value) {config.options[name] = decodeCookie(value);}
}
});
// need to reload options to load passwordOptions
loadOptionsCookie();
/*
if (!config.options['pasPassword'])
config.options['pasPassword'] = '';
merge(config.optionsDesc,{
pasPassword: "Test password"
});
*/
//}}}
* You should have mastered many elements of the RHCSA objectives before ever beginning this course.
* You should have a measure of experience with or prior study of a wide range of network services before beginning this course.
* Should you be able to pass the RHCE on this class alone?
** A stunning number of seasoned professionals taking Red Hat's own prep courses fail to pass on first attempt.
* Planning for more than one attempt is prudent.
* Maximizing your out-of-class preparation time is prudent.
lpq
/var/spool/cups/
Port 631 open
RHCE is a senior system administration certification. It is an eligibility requirement for taking any COE exams and is thus a requirement for the upper-level credentials as well.
[[RHCE Objectives]]
!!!Prerequisites
[[RHCSA]]
[[RHCSA Objectives]]
As of 2/7/2011:
RHCE exam candidates should be able to accomplish the following without assistance. These have been grouped into several categories.
!System Configuration and Management
* [[Route IP traffic and create static routes]]
* [[Use iptables to implement packet filtering and configure NAT]]
* [[Use /proc/sys and sysctl to modify and set kernel run-time parameters]]
* [[Configure system to authenticate using Kerberos]]
* [[Build a simple RPM that packages a single file|Building RPMs]]
* [[Configure a system as an iSCSI initiator that persistently mounts an iSCSI target]]
* [[Produce and deliver reports on system utilization]] (processor, memory, disk, and network)
* [[Use shell scripting to automate system maintenance tasks]]
* [[Configure a system to log to a remote system]]
* [[Configure a system to accept logging from a remote system]]
!Network Services
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
* Install the packages needed to provide the service
* Configure SELinux to support the service
* Configure the service to start when the system is booted
* Configure the service for basic operation
* Configure host-based and user-based security for the service
RHCE candidates should also be capable of meeting the following objectives associated with specific services:
!![[HTTP/HTTPS]]
* [[Configure a virtual host]]
* [[Configure private directories]]
* [[Deploy a basic CGI application]]
* [[Configure group-managed content]]
!![[DNS]]
* [[Configure a caching-only name server]]
* [[Configure a caching-only name server to forward DNS queries]]
* Note: Candidates are not expected to configure master or slave name servers
!![[FTP]]
* [[Configure anonymous-only download]]
!![[NFS]]
* [[Provide network shares to specific clients]]
* [[Provide network shares suitable for group collaboration]]
!![[SMB]]
* [[Provide network shares to specific clients]]
* [[Provide network shares suitable for group collaboration]]
!![[SMTP]]
* [[Configure a mail transfer agent (MTA) to accept inbound email from other systems]]
* [[Configure an MTA to forward (relay) email through a smart host]]
!![[SSH]]
* [[Configure key-based authentication]]
* [[Configure additional SSH options described in documentation]]
!![[NTP]]
* [[Synchronize time using other NTP peers]]
RHCSA is new, replacing the RHCT. It is the "core" sysadmin certification from Red Hat. To earn RHCE and other system administration certs will require first earning the RHCSA.
[[RHCSA Objectives]]
As of 2/7/2011:
RHCSA exam candidates should be able to accomplish the tasks below without assistance. These have been grouped into several categories.
!Understand and Use Essential Tools
* [[Access a shell prompt and issue commands with correct syntax]]
* [[Use input-output redirection]] (>, >>, |, 2>, etc.)
* [[Use grep and regular expressions to analyze text]]
* [[Access remote systems using ssh and VNC]]
* [[Log in and switch users in multi-user runlevels]]
* [[Archive, compress, unpack and uncompress files using tar, star, gzip, and bzip2]]
* [[Create and edit text files]]
* [[Create, delete, copy and move files and directories]]
* [[Create hard and soft links]]
* [[List, set and change standard ugo/rwx permissions]]
* [[Locate, read and use system documentation including man, info, and files in /usr/share/doc.]]
[Note: Red Hat may use applications during the exam that are not included in Red Hat Enterprise Linux for the purpose of evaluating candidate's abilities to meet this objective.]
!Operate Running Systems
* [[Boot, reboot, and shut down a system normally]]
* [[Boot systems into different runlevels manually]]
* [[Use single-user mode to gain access to a system]]
* [[Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes]]
* [[Locate and interpret system log files]]
* [[Access a virtual machine's console]]
* [[Start and stop virtual machines]]
* [[Start, stop and check the status of network services]]
!Configure Local Storage
* [[List, create, delete and set partition type for primary, extended, and logical partitions]]
* [[Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes]]
* [[Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot|LUKS-encrypted file systems]]
* [[Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label]]
* [[Add new partitions, logical volumes, and swap to a system non-destructively]]
!Create and Configure File Systems
* [[Create, mount, unmount and use ext2, ext3 and ext4 file systems]]
* [[Mount, unmount and use ~LUKS-encrypted file systems]]
* [[Mount and unmount CIFS and NFS network file systems]]
* [[Configure systems to mount ext4, ~LUKS-encrypted and network file systems automatically]]
* [[Extend existing unencrypted ext4-formatted logical volumes]]
* [[Create and configure set-GID directories for collaboration]]
* [[Create and manage Access Control Lists]]
* [[Diagnose and correct file permission problems]]
!Deploy, Configure and Maintain Systems
* [[Configure networking and hostname resolution statically or dynamically]]
* [[Schedule tasks using cron]]
* [[Configure systems to boot into a specific runlevel automatically]]
* [[Install Red Hat Enterprise Linux automatically using Kickstart]]
* [[Configure a physical machine to host virtual guests]]
* [[Install Red Hat Enterprise Linux systems as virtual guests]]
* [[Configure systems to launch virtual machines at boot]]
* [[Configure network services to start automatically at boot]]
* [[Configure a system to run a default configuration HTTP server]]
* [[Configure a system to run a default configuration FTP server]]
* [[Install and update software packages from Red Hat Network, a remote repository, or from the local filesystem]]
* [[Update the kernel package appropriately to ensure a bootable system]]
* [[Modify the system bootloader]]
!Manage Users and Groups
* [[Create, delete, and modify local user accounts]]
* [[Change passwords and adjust password aging for local user accounts]]
* [[Create, delete and modify local groups and group memberships]]
* [[Configure a system to use an existing LDAP directory service for user and group information]]
!Manage Security
* [[Configure firewall settings using system-config-firewall or iptables]]
* [[Set enforcing and permissive modes for SELinux]]
* [[List and identify SELinux file and process context]]
* [[Restore default file contexts]]
* [[Use boolean settings to modify system SELinux settings]]
* [[Diagnose and address routine SELinux policy violations]]
Register with {{{rhn_register}}} or ''System|Administration|RHN Registration''
!Man Pages
rhn_register (8)
rhnplugin (8)
!1) Create Key
In GUI:
{{{$ gpg --gen-key}}}
{{{gpg --list-keys}}}
!2) Configure RPM Macros
in {{{~/.rpmmacros}}} (created by rpmdevtools), add:
{{{
%_signature gpg
%_gpg_name <key owner or key ID>
}}}
!3) Sign or resign RPM Package
{{{$ rpmbuild -bb --sign packagename.spec }}}
{{{$ rpm --addsign path/to/packagename.rpm}}}
! Packages
* openssh-clients
* openssh-server
! Packages
* tigervnc
* tigervnc-server
* tsclient
* vinagre
* vino
!Enabling Forwarding
!Adjusting IP Tables
!Creating Routes
! Packages
policycoreutils policycoreutils-gui policycoreutils-python selinux-policy-* setools* setroubleshoot*
apropos _selinux
man booleans
system-config-sercuritylevel
system-config-firewall
system-config-selinux
policycoreutils-gui
{{{# setenforce 0}}} quickly sets permissive mode
semanage
setroubleshoot-server setroubleshoot
{{{# semanage fcontext -l}}} shows all filesystem contexts. This output can then be grepped to see what context should be assigned to locations used for non-standard purposes.
Once an appropriate context is found, chcon can be used to test -- but changes made will not be persistent. To make persistent, use {{{# semanage fcontext -a -t {new context} "/path/or/regex/for/multipaths/"
{{{# sealert -a /var/log/audit/audit.log }}} analyzes the log file for denials and proposes a fix
{{{# sealert }}} launches a gui app that does the same.
In the original release of RHEL6 (on which the RHCSA and RHCE will be based for a considerable length of time) a bug in SELinux prevents the administrator from changing the root password in single-user mode while SELInux is in "enforcing" mode.
Use the following work around:
{{{
# setenforce permissive
# passwd
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
# setenforce enforcing
}}}
!Installation
"CIFS File Server" group has a single package: samba
!~SELinux Configuration
selinux notes are in the config file ( but with one typo "samba-share_t" instead of "samba_share_t")
!Configure Persistently On
!Configure for Basic Operation
!Configure host-based Security
!Configure user-based Security
man pages
man 1 postfix
man postconf
/etc/postfix/main.cf
inet_interfaces = localhost >> inet_interfaces = all
netstat -tulpn |grep \:25
/var/log/maillog
postconf -d shows all defaults.
postconf -n shows parameters that have been changed from their defaults (either by YOUR config, or by the changes RH has made from the PostFix defaults)
!Installation
!~SELinux Configuration
!Configure Persistently On
!Configure for Basic Operation
!Configure host-based Security
!Configure user-based Security
Name:
Version
Summary (one line)
License
Source
URL can be deleted
!Installation
!~SELinux Configuration
!Configure Persistently On
!Configure for Basic Operation
!Configure host-based Security
!Configure user-based Security
!Package
samba
! Client Usage
{{{smbclient -L hostname}}} shows shares
{{{smbclient //host//share -U username -P password}}} connects to the share
{{{
{{{man mount.cifs}}}
{{{mount -t cifs //server/share -o user=bob /mnt }}}
in {{{/etc/fstab}}}
{{{//server/share /mnt/ cifs user=myuser 0 0}}}
!Server Config
rpm -qc samba
create a samba-only user:
{{{useradd -s /sbin/nologin winuser}}}
{{{smbpasswd -a winuser}}}
{{{getsebool -a}}}
{{{semanage boolean -l }}}
{{{setsebool -P samba_enable_home_dirs on}}}
password file is at {{{/var/lib/samba/private/passdb.tdb}}}
{{{pdbedit -L}}} dumps the contents of that file to screen.
Port 445 is latest port.
137, 138, and 139 (NetBIOS)
netstat
smbd nmb
testparm
{{{
mkdir -p /shared/samba
groupadd -r samba
chgrp samba /shared/samba
chmod 2770
semanage fcontext -a -t public_content_t '/shared(/.*)?'
semanage fcontext -a -t samba_share_t '/shared/samba(/.*)?'
restorecon -rvv /shared/
[samba]
path = /shared/samba
writeable = no
write list = @samba
public = no
}}}
!! Introduction
* [[Introductions]]
* [[Prerequisites and Expectations]]
* [[About RHEL6]]
* [[The Red Hat Certification Landscape]]
* [[Study Recommendations]]
* Operating a System
** [[Boot, reboot, and shut down a system normally]]
** [[Boot systems into different runlevels manually]]
** [[Use single-user mode to gain access to a system]]
** [[Locate and interpret system log files]]
** [[Access a virtual machine's console]]
** [[Start and stop virtual machines]]
** [[Start, stop and check the status of network services]]
** [[Modify the system bootloader]]
!!! Labs
* Use single-user mode to recover a root password
* Boot into a specified (non-default) run-level
* Use a virtual terminal and an x-term to read system logs
* Manipulate the CUPS service
o NFS
+ * Install the packages needed to provide the service
+ * Configure SELinux to support the service
+ * Configure the service to start when the system is booted
+ * Configure the service for basic operation
+ * Configure host-based and user-based security for the service
+ * Provide network shares to specific clients
+ * Provide network shares suitable for group collaboration
o Samba
+ * Install the packages needed to provide the service
+ * Configure SELinux to support the service
+ * Configure the service to start when the system is booted
+ * Configure the service for basic operation
+ * Configure host-based and user-based security for the service
+ * Provide network shares to specific clients
+ * Provide network shares suitable for group collaboration
o DNS
+ * Install the packages needed to provide the service
+ * Configure SELinux to support the service
+ * Configure the service to start when the system is booted
+ * Configure the service for basic operation
+ * Configure host-based and user-based security for the service
+ * Configure a caching-only name server
+ * Configure a caching-only name server to forward DNS queries
+ * Note: Candidates are not expected to configure master or slave name servers
o SMTP
+ * Install the packages needed to provide the service
+ * Configure SELinux to support the service
+ * Configure the service to start when the system is booted
+ * Configure the service for basic operation
+ * Configure host-based and user-based security for the service
+ * Configure a mail transfer agent (MTA) to accept inbound email from other systems
+ * Configure an MTA to forward (relay) email through a smart host
* Local Storage
** [[List, create, delete and set partition type for primary, extended, and logical partitions|Disk Partitioning]]
** [[Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes|Logical Volume Management]]
** [[Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot|LUKS Encryption]]
** [[Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label|FS Labels and UUIDs]]
** [[Add new partitions, logical volumes, and swap to a system non-destructively|Adding Storage]]
* File systems
** [[Create, mount, unmount and use ext2, ext3 and ext4 file systems|File Systems]]
** Mount, unmount and use ~LUKS-encrypted file systems
** Mount and unmount [[CIFS|Samba Client Access] and [[NFS|NFS client access]] network file systems]]
** Configure systems to mount ext4, ~LUKS-encrypted and network file systems automatically
** Extend existing unencrypted ext4-formatted logical volumes
** [[Create and configure set-GID directories for collaboration]]
** [[Create and manage File Access Control Lists]]
** Diagnose and correct file permission problems
* Network Storage
** [[Configure a system as an iSCSI initiator that persistently mounts an iSCSI target]]
o Managing Software
+ RHN
+ Repos
+ Yum
#
* Install and update software packages from Red Hat Network, a remote repository, or from the local filesystem
+ RPM
+ Building RPMs
# * Build a simple RPM that packages a single file
+ Signing and Publishing RPMs
+ * Update the kernel package appropriately to ensure a bootable system
o Manage Processes and Services
+ * Configure network services to start automatically at boot
+ * Configure systems to boot into a specific runlevel automatically
+ * Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes
+ * Schedule tasks using cron
o Manage system performance
+ * Use /proc/sys and sysctl to modify and set kernel run-time parameters
+ * Produce and deliver reports on system utilization (processor, memory, disk, and network)
+ * Use shell scripting to automate system maintenance tasks
o Manage Users and Groups
+ * Create, delete, and modify local user accounts
+ * Change passwords and adjust password aging for local user accounts
+ * Create, delete and modify local groups and group memberships
+ * Configure a system to use an existing LDAP directory service for user and group information
+ * Configure system to authenticate using Kerberos
o Networking & Routing
+ * Configure networking and hostname resolution statically or dynamically
+ * Route IP traffic and create static routes
o IPTables
+ * Configure firewall settings using system-config-firewall or iptables
o SELinux
+ * Set enforcing and permissive modes for SELinux
+ * List and identify SELinux file and process context
+ * Restore default file contexts
+ * Use boolean settings to modify system SELinux settings
+ * Diagnose and address routine SELinux policy violations
o KVM Virtualization
+ * Configure a physical machine to host virtual guests
+ * Install Red Hat Enterprise Linux systems as virtual guests
+ * Configure systems to launch virtual machines at boot
+ * Install Red Hat Enterprise Linux automatically using Kickstart
o + - Remote Logging
+ * Configure a system to log to a remote system
+ * Configure a system to accept logging from a remote system
o + - Remote Access
+ SSH
# * Install the packages needed to provide the service
# * Configure SELinux to support the service
# * Configure the service to start when the system is booted
# * Configure the service for basic operation
# * Configure host-based and user-based security for the service
# * Configure key-based authentication
# * Configure additional SSH options described in documentation
+ VNC
# * Install the packages needed to provide the service
# * Configure SELinux to support the service
# * Configure the service to start when the system is booted
# * Configure the service for basic operation
# * Configure host-based and user-based security for the service
o NTP
+ * Install the packages needed to provide the service
+ * Configure SELinux to support the service
+ * Configure the service to start when the system is booted
+ * Configure the service for basic operation
+ * Configure host-based and user-based security for the service
o HTTP(s)
+ * Install the packages needed to provide the service
+ * Configure SELinux to support the service
+ * Configure the service to start when the system is booted
+ * Configure the service for basic operation
+ * Configure host-based and user-based security for the service
+ * Configure a virtual host
+ * Configure private directories
+ * Deploy a basic CGI application
+ * Configure group-managed content
o FTP
+ * Install the packages needed to provide the service
+ * Configure SELinux to support the service
+ * Configure the service to start when the system is booted
+ * Configure the service for basic operation
+ * Configure host-based and user-based security for the service
+ * Configure anonymous-only download
Preparing for RHCE on ~RHEL6
* Using virt-manager
* Using virsh commands
Type the text for 'Start, stop and check the status of network services'
Set up a Practice/Study Environment
* 2 or 3 systems or virtual machines, networked together. Virtualized hosting providers may be an alternative.
* RHEL 6 (eval), CENTOS 6 (when available), or Fedora (Fedora 13 will be closest to RHEL 6)
* Red Hat docs at:
** http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/index.html
* RHCE Objectives and other information at:
** http://www.redhat.com/certification/
* Take initiative -- form a study group.
* Participate in our Google Group: http://groups.google.com/group/acc-ce-linux-learners
* Practice, practice, practice!
![[RHCSA]]
[[RHCSA]] is new, replacing the [[RHCT]]. It is the "core" sysadmin certification from Red Hat. To earn [[RHCE]] and other system administration certs will require first earning the [[RHCSA]].
[[RHCSA Objectives]]
![[RHCE]]
[[RHCE]] is a senior system administration certification. It is an eligibility requirement for taking any [[COE]] exams and is thus a requirement for the upper-level credentials as well.
[[RHCE Objectives]]
![[Certificates of Expertise]]
[[COEs|Certificates of Expertise]] are incremental credentials demonstrating skills and knowledge in specialized areas. They are worthy credentials in their own right, but also the building blocks of the upper level credentials.
http://www.redhat.com/certification/certificates_of_expertise/
![[RHCSS]], [[RHCDS]], [[RHCA]], [[RHCVA]]
These upper level credentials recognize those who have achieved expertise in several related specialized areas. Each one requires multiple [[COEs|Certificates of Expertise]].
/***
Description: Contains the stuff you need to use Tiddlyspot
Note, you also need UploadPlugin, PasswordOptionPlugin and LoadRemoteFileThroughProxy
from http://tiddlywiki.bidix.info for a complete working Tiddlyspot site.
***/
//{{{
// edit this if you are migrating sites or retrofitting an existing TW
config.tiddlyspotSiteId = 'rhel6rhce';
// make it so you can by default see edit controls via http
config.options.chkHttpReadOnly = false;
window.readOnly = false; // make sure of it (for tw 2.2)
window.showBackstage = true; // show backstage too
// disable autosave in d3
if (window.location.protocol != "file:")
config.options.chkGTDLazyAutoSave = false;
// tweak shadow tiddlers to add upload button, password entry box etc
with (config.shadowTiddlers) {
SiteUrl = 'http://'+config.tiddlyspotSiteId+'.tiddlyspot.com';
SideBarOptions = SideBarOptions.replace(/(<<saveChanges>>)/,"$1<<tiddler TspotSidebar>>");
OptionsPanel = OptionsPanel.replace(/^/,"<<tiddler TspotOptions>>");
DefaultTiddlers = DefaultTiddlers.replace(/^/,"[[WelcomeToTiddlyspot]] ");
MainMenu = MainMenu.replace(/^/,"[[WelcomeToTiddlyspot]] ");
}
// create some shadow tiddler content
merge(config.shadowTiddlers,{
'TspotOptions':[
"tiddlyspot password:",
"<<option pasUploadPassword>>",
""
].join("\n"),
'TspotControls':[
"| tiddlyspot password:|<<option pasUploadPassword>>|",
"| site management:|<<upload http://" + config.tiddlyspotSiteId + ".tiddlyspot.com/store.cgi index.html . . " + config.tiddlyspotSiteId + ">>//(requires tiddlyspot password)//<br>[[control panel|http://" + config.tiddlyspotSiteId + ".tiddlyspot.com/controlpanel]], [[download (go offline)|http://" + config.tiddlyspotSiteId + ".tiddlyspot.com/download]]|",
"| links:|[[tiddlyspot.com|http://tiddlyspot.com/]], [[FAQs|http://faq.tiddlyspot.com/]], [[blog|http://tiddlyspot.blogspot.com/]], email [[support|mailto:support@tiddlyspot.com]] & [[feedback|mailto:feedback@tiddlyspot.com]], [[donate|http://tiddlyspot.com/?page=donate]]|"
].join("\n"),
'WelcomeToTiddlyspot':[
"This document is a ~TiddlyWiki from tiddlyspot.com. A ~TiddlyWiki is an electronic notebook that is great for managing todo lists, personal information, and all sorts of things.",
"",
"@@font-weight:bold;font-size:1.3em;color:#444; //What now?// @@ Before you can save any changes, you need to enter your password in the form below. Then configure privacy and other site settings at your [[control panel|http://" + config.tiddlyspotSiteId + ".tiddlyspot.com/controlpanel]] (your control panel username is //" + config.tiddlyspotSiteId + "//).",
"<<tiddler TspotControls>>",
"See also GettingStarted.",
"",
"@@font-weight:bold;font-size:1.3em;color:#444; //Working online// @@ You can edit this ~TiddlyWiki right now, and save your changes using the \"save to web\" button in the column on the right.",
"",
"@@font-weight:bold;font-size:1.3em;color:#444; //Working offline// @@ A fully functioning copy of this ~TiddlyWiki can be saved onto your hard drive or USB stick. You can make changes and save them locally without being connected to the Internet. When you're ready to sync up again, just click \"upload\" and your ~TiddlyWiki will be saved back to tiddlyspot.com.",
"",
"@@font-weight:bold;font-size:1.3em;color:#444; //Help!// @@ Find out more about ~TiddlyWiki at [[TiddlyWiki.com|http://tiddlywiki.com]]. Also visit [[TiddlyWiki.org|http://tiddlywiki.org]] for documentation on learning and using ~TiddlyWiki. New users are especially welcome on the [[TiddlyWiki mailing list|http://groups.google.com/group/TiddlyWiki]], which is an excellent place to ask questions and get help. If you have a tiddlyspot related problem email [[tiddlyspot support|mailto:support@tiddlyspot.com]].",
"",
"@@font-weight:bold;font-size:1.3em;color:#444; //Enjoy :)// @@ We hope you like using your tiddlyspot.com site. Please email [[feedback@tiddlyspot.com|mailto:feedback@tiddlyspot.com]] with any comments or suggestions."
].join("\n"),
'TspotSidebar':[
"<<upload http://" + config.tiddlyspotSiteId + ".tiddlyspot.com/store.cgi index.html . . " + config.tiddlyspotSiteId + ">><html><a href='http://" + config.tiddlyspotSiteId + ".tiddlyspot.com/download' class='button'>download</a></html>"
].join("\n")
});
//}}}
| !date | !user | !location | !storeUrl | !uploadDir | !toFilename | !backupdir | !origin |
| 18/04/2011 14:58:12 | ScottPurcell | [[/|http://rhel6rhce.tiddlyspot.com/]] | [[store.cgi|http://rhel6rhce.tiddlyspot.com/store.cgi]] | . | [[index.html | http://rhel6rhce.tiddlyspot.com/index.html]] | . | ok |
| 18/04/2011 15:08:52 | ScottPurcell | [[/|http://rhel6rhce.tiddlyspot.com/]] | [[store.cgi|http://rhel6rhce.tiddlyspot.com/store.cgi]] | . | [[index.html | http://rhel6rhce.tiddlyspot.com/index.html]] | . | ok |
| 18/04/2011 15:44:53 | ScottPurcell | [[/|http://rhel6rhce.tiddlyspot.com/]] | [[store.cgi|http://rhel6rhce.tiddlyspot.com/store.cgi]] | . | [[index.html | http://rhel6rhce.tiddlyspot.com/index.html]] | . | ok |
| 18/04/2011 15:47:21 | ScottPurcell | [[/|http://rhel6rhce.tiddlyspot.com/]] | [[store.cgi|http://rhel6rhce.tiddlyspot.com/store.cgi]] | . | [[index.html | http://rhel6rhce.tiddlyspot.com/index.html]] | . | ok |
| 18/04/2011 16:17:20 | ScottPurcell | [[/|http://rhel6rhce.tiddlyspot.com/]] | [[store.cgi|http://rhel6rhce.tiddlyspot.com/store.cgi]] | . | [[index.html | http://rhel6rhce.tiddlyspot.com/index.html]] | . | ok |
| 18/04/2011 16:31:08 | ScottPurcell | [[/|http://rhel6rhce.tiddlyspot.com/]] | [[store.cgi|http://rhel6rhce.tiddlyspot.com/store.cgi]] | . | [[index.html | http://rhel6rhce.tiddlyspot.com/index.html]] | . |
| 18/04/2011 18:15:52 | ScottPurcell | [[/|http://rhel6rhce.tiddlyspot.com/]] | [[store.cgi|http://rhel6rhce.tiddlyspot.com/store.cgi]] | . | [[index.html | http://rhel6rhce.tiddlyspot.com/index.html]] | . | ok |
| 18/04/2011 21:52:41 | ScottPurcell | [[/|http://rhel6rhce.tiddlyspot.com/]] | [[store.cgi|http://rhel6rhce.tiddlyspot.com/store.cgi]] | . | [[index.html | http://rhel6rhce.tiddlyspot.com/index.html]] | . |
| 20/04/2011 09:41:47 | ScottPurcell | [[/|http://rhel6rhce.tiddlyspot.com/]] | [[store.cgi|http://rhel6rhce.tiddlyspot.com/store.cgi]] | . | [[index.html | http://rhel6rhce.tiddlyspot.com/index.html]] | . | ok |
| 20/04/2011 15:17:43 | ScottPurcell | [[/|http://rhel6rhce.tiddlyspot.com/]] | [[store.cgi|http://rhel6rhce.tiddlyspot.com/store.cgi]] | . | [[index.html | http://rhel6rhce.tiddlyspot.com/index.html]] | . |
/***
|''Name:''|UploadPlugin|
|''Description:''|Save to web a TiddlyWiki|
|''Version:''|4.1.3|
|''Date:''|Feb 24, 2008|
|''Source:''|http://tiddlywiki.bidix.info/#UploadPlugin|
|''Documentation:''|http://tiddlywiki.bidix.info/#UploadPluginDoc|
|''Author:''|BidiX (BidiX (at) bidix (dot) info)|
|''License:''|[[BSD open source license|http://tiddlywiki.bidix.info/#%5B%5BBSD%20open%20source%20license%5D%5D ]]|
|''~CoreVersion:''|2.2.0|
|''Requires:''|PasswordOptionPlugin|
***/
//{{{
version.extensions.UploadPlugin = {
major: 4, minor: 1, revision: 3,
date: new Date("Feb 24, 2008"),
source: 'http://tiddlywiki.bidix.info/#UploadPlugin',
author: 'BidiX (BidiX (at) bidix (dot) info',
coreVersion: '2.2.0'
};
//
// Environment
//
if (!window.bidix) window.bidix = {}; // bidix namespace
bidix.debugMode = false; // true to activate both in Plugin and UploadService
//
// Upload Macro
//
config.macros.upload = {
// default values
defaultBackupDir: '', //no backup
defaultStoreScript: "store.php",
defaultToFilename: "index.html",
defaultUploadDir: ".",
authenticateUser: true // UploadService Authenticate User
};
config.macros.upload.label = {
promptOption: "Save and Upload this TiddlyWiki with UploadOptions",
promptParamMacro: "Save and Upload this TiddlyWiki in %0",
saveLabel: "save to web",
saveToDisk: "save to disk",
uploadLabel: "upload"
};
config.macros.upload.messages = {
noStoreUrl: "No store URL in parmeters or options",
usernameOrPasswordMissing: "Username or password missing"
};
config.macros.upload.handler = function(place,macroName,params) {
if (readOnly)
return;
var label;
if (document.location.toString().substr(0,4) == "http")
label = this.label.saveLabel;
else
label = this.label.uploadLabel;
var prompt;
if (params[0]) {
prompt = this.label.promptParamMacro.toString().format([this.destFile(params[0],
(params[1] ? params[1]:bidix.basename(window.location.toString())), params[3])]);
} else {
prompt = this.label.promptOption;
}
createTiddlyButton(place, label, prompt, function() {config.macros.upload.action(params);}, null, null, this.accessKey);
};
config.macros.upload.action = function(params)
{
// for missing macro parameter set value from options
if (!params) params = {};
var storeUrl = params[0] ? params[0] : config.options.txtUploadStoreUrl;
var toFilename = params[1] ? params[1] : config.options.txtUploadFilename;
var backupDir = params[2] ? params[2] : config.options.txtUploadBackupDir;
var uploadDir = params[3] ? params[3] : config.options.txtUploadDir;
var username = params[4] ? params[4] : config.options.txtUploadUserName;
var password = config.options.pasUploadPassword; // for security reason no password as macro parameter
// for still missing parameter set default value
if ((!storeUrl) && (document.location.toString().substr(0,4) == "http"))
storeUrl = bidix.dirname(document.location.toString())+'/'+config.macros.upload.defaultStoreScript;
if (storeUrl.substr(0,4) != "http")
storeUrl = bidix.dirname(document.location.toString()) +'/'+ storeUrl;
if (!toFilename)
toFilename = bidix.basename(window.location.toString());
if (!toFilename)
toFilename = config.macros.upload.defaultToFilename;
if (!uploadDir)
uploadDir = config.macros.upload.defaultUploadDir;
if (!backupDir)
backupDir = config.macros.upload.defaultBackupDir;
// report error if still missing
if (!storeUrl) {
alert(config.macros.upload.messages.noStoreUrl);
clearMessage();
return false;
}
if (config.macros.upload.authenticateUser && (!username || !password)) {
alert(config.macros.upload.messages.usernameOrPasswordMissing);
clearMessage();
return false;
}
bidix.upload.uploadChanges(false,null,storeUrl, toFilename, uploadDir, backupDir, username, password);
return false;
};
config.macros.upload.destFile = function(storeUrl, toFilename, uploadDir)
{
if (!storeUrl)
return null;
var dest = bidix.dirname(storeUrl);
if (uploadDir && uploadDir != '.')
dest = dest + '/' + uploadDir;
dest = dest + '/' + toFilename;
return dest;
};
//
// uploadOptions Macro
//
config.macros.uploadOptions = {
handler: function(place,macroName,params) {
var wizard = new Wizard();
wizard.createWizard(place,this.wizardTitle);
wizard.addStep(this.step1Title,this.step1Html);
var markList = wizard.getElement("markList");
var listWrapper = document.createElement("div");
markList.parentNode.insertBefore(listWrapper,markList);
wizard.setValue("listWrapper",listWrapper);
this.refreshOptions(listWrapper,false);
var uploadCaption;
if (document.location.toString().substr(0,4) == "http")
uploadCaption = config.macros.upload.label.saveLabel;
else
uploadCaption = config.macros.upload.label.uploadLabel;
wizard.setButtons([
{caption: uploadCaption, tooltip: config.macros.upload.label.promptOption,
onClick: config.macros.upload.action},
{caption: this.cancelButton, tooltip: this.cancelButtonPrompt, onClick: this.onCancel}
]);
},
options: [
"txtUploadUserName",
"pasUploadPassword",
"txtUploadStoreUrl",
"txtUploadDir",
"txtUploadFilename",
"txtUploadBackupDir",
"chkUploadLog",
"txtUploadLogMaxLine"
],
refreshOptions: function(listWrapper) {
var opts = [];
for(i=0; i<this.options.length; i++) {
var opt = {};
opts.push();
opt.option = "";
n = this.options[i];
opt.name = n;
opt.lowlight = !config.optionsDesc[n];
opt.description = opt.lowlight ? this.unknownDescription : config.optionsDesc[n];
opts.push(opt);
}
var listview = ListView.create(listWrapper,opts,this.listViewTemplate);
for(n=0; n<opts.length; n++) {
var type = opts[n].name.substr(0,3);
var h = config.macros.option.types[type];
if (h && h.create) {
h.create(opts[n].colElements['option'],type,opts[n].name,opts[n].name,"no");
}
}
},
onCancel: function(e)
{
backstage.switchTab(null);
return false;
},
wizardTitle: "Upload with options",
step1Title: "These options are saved in cookies in your browser",
step1Html: "<input type='hidden' name='markList'></input><br>",
cancelButton: "Cancel",
cancelButtonPrompt: "Cancel prompt",
listViewTemplate: {
columns: [
{name: 'Description', field: 'description', title: "Description", type: 'WikiText'},
{name: 'Option', field: 'option', title: "Option", type: 'String'},
{name: 'Name', field: 'name', title: "Name", type: 'String'}
],
rowClasses: [
{className: 'lowlight', field: 'lowlight'}
]}
};
//
// upload functions
//
if (!bidix.upload) bidix.upload = {};
if (!bidix.upload.messages) bidix.upload.messages = {
//from saving
invalidFileError: "The original file '%0' does not appear to be a valid TiddlyWiki",
backupSaved: "Backup saved",
backupFailed: "Failed to upload backup file",
rssSaved: "RSS feed uploaded",
rssFailed: "Failed to upload RSS feed file",
emptySaved: "Empty template uploaded",
emptyFailed: "Failed to upload empty template file",
mainSaved: "Main TiddlyWiki file uploaded",
mainFailed: "Failed to upload main TiddlyWiki file. Your changes have not been saved",
//specific upload
loadOriginalHttpPostError: "Can't get original file",
aboutToSaveOnHttpPost: 'About to upload on %0 ...',
storePhpNotFound: "The store script '%0' was not found."
};
bidix.upload.uploadChanges = function(onlyIfDirty,tiddlers,storeUrl,toFilename,uploadDir,backupDir,username,password)
{
var callback = function(status,uploadParams,original,url,xhr) {
if (!status) {
displayMessage(bidix.upload.messages.loadOriginalHttpPostError);
return;
}
if (bidix.debugMode)
alert(original.substr(0,500)+"\n...");
// Locate the storeArea div's
var posDiv = locateStoreArea(original);
if((posDiv[0] == -1) || (posDiv[1] == -1)) {
alert(config.messages.invalidFileError.format([localPath]));
return;
}
bidix.upload.uploadRss(uploadParams,original,posDiv);
};
if(onlyIfDirty && !store.isDirty())
return;
clearMessage();
// save on localdisk ?
if (document.location.toString().substr(0,4) == "file") {
var path = document.location.toString();
var localPath = getLocalPath(path);
saveChanges();
}
// get original
var uploadParams = new Array(storeUrl,toFilename,uploadDir,backupDir,username,password);
var originalPath = document.location.toString();
// If url is a directory : add index.html
if (originalPath.charAt(originalPath.length-1) == "/")
originalPath = originalPath + "index.html";
var dest = config.macros.upload.destFile(storeUrl,toFilename,uploadDir);
var log = new bidix.UploadLog();
log.startUpload(storeUrl, dest, uploadDir, backupDir);
displayMessage(bidix.upload.messages.aboutToSaveOnHttpPost.format([dest]));
if (bidix.debugMode)
alert("about to execute Http - GET on "+originalPath);
var r = doHttp("GET",originalPath,null,null,username,password,callback,uploadParams,null);
if (typeof r == "string")
displayMessage(r);
return r;
};
bidix.upload.uploadRss = function(uploadParams,original,posDiv)
{
var callback = function(status,params,responseText,url,xhr) {
if(status) {
var destfile = responseText.substring(responseText.indexOf("destfile:")+9,responseText.indexOf("\n", responseText.indexOf("destfile:")));
displayMessage(bidix.upload.messages.rssSaved,bidix.dirname(url)+'/'+destfile);
bidix.upload.uploadMain(params[0],params[1],params[2]);
} else {
displayMessage(bidix.upload.messages.rssFailed);
}
};
// do uploadRss
if(config.options.chkGenerateAnRssFeed) {
var rssPath = uploadParams[1].substr(0,uploadParams[1].lastIndexOf(".")) + ".xml";
var rssUploadParams = new Array(uploadParams[0],rssPath,uploadParams[2],'',uploadParams[4],uploadParams[5]);
var rssString = generateRss();
// no UnicodeToUTF8 conversion needed when location is "file" !!!
if (document.location.toString().substr(0,4) != "file")
rssString = convertUnicodeToUTF8(rssString);
bidix.upload.httpUpload(rssUploadParams,rssString,callback,Array(uploadParams,original,posDiv));
} else {
bidix.upload.uploadMain(uploadParams,original,posDiv);
}
};
bidix.upload.uploadMain = function(uploadParams,original,posDiv)
{
var callback = function(status,params,responseText,url,xhr) {
var log = new bidix.UploadLog();
if(status) {
// if backupDir specified
if ((params[3]) && (responseText.indexOf("backupfile:") > -1)) {
var backupfile = responseText.substring(responseText.indexOf("backupfile:")+11,responseText.indexOf("\n", responseText.indexOf("backupfile:")));
displayMessage(bidix.upload.messages.backupSaved,bidix.dirname(url)+'/'+backupfile);
}
var destfile = responseText.substring(responseText.indexOf("destfile:")+9,responseText.indexOf("\n", responseText.indexOf("destfile:")));
displayMessage(bidix.upload.messages.mainSaved,bidix.dirname(url)+'/'+destfile);
store.setDirty(false);
log.endUpload("ok");
} else {
alert(bidix.upload.messages.mainFailed);
displayMessage(bidix.upload.messages.mainFailed);
log.endUpload("failed");
}
};
// do uploadMain
var revised = bidix.upload.updateOriginal(original,posDiv);
bidix.upload.httpUpload(uploadParams,revised,callback,uploadParams);
};
bidix.upload.httpUpload = function(uploadParams,data,callback,params)
{
var localCallback = function(status,params,responseText,url,xhr) {
url = (url.indexOf("nocache=") < 0 ? url : url.substring(0,url.indexOf("nocache=")-1));
if (xhr.status == 404)
alert(bidix.upload.messages.storePhpNotFound.format([url]));
if ((bidix.debugMode) || (responseText.indexOf("Debug mode") >= 0 )) {
alert(responseText);
if (responseText.indexOf("Debug mode") >= 0 )
responseText = responseText.substring(responseText.indexOf("\n\n")+2);
} else if (responseText.charAt(0) != '0')
alert(responseText);
if (responseText.charAt(0) != '0')
status = null;
callback(status,params,responseText,url,xhr);
};
// do httpUpload
var boundary = "---------------------------"+"AaB03x";
var uploadFormName = "UploadPlugin";
// compose headers data
var sheader = "";
sheader += "--" + boundary + "\r\nContent-disposition: form-data; name=\"";
sheader += uploadFormName +"\"\r\n\r\n";
sheader += "backupDir="+uploadParams[3] +
";user=" + uploadParams[4] +
";password=" + uploadParams[5] +
";uploaddir=" + uploadParams[2];
if (bidix.debugMode)
sheader += ";debug=1";
sheader += ";;\r\n";
sheader += "\r\n" + "--" + boundary + "\r\n";
sheader += "Content-disposition: form-data; name=\"userfile\"; filename=\""+uploadParams[1]+"\"\r\n";
sheader += "Content-Type: text/html;charset=UTF-8" + "\r\n";
sheader += "Content-Length: " + data.length + "\r\n\r\n";
// compose trailer data
var strailer = new String();
strailer = "\r\n--" + boundary + "--\r\n";
data = sheader + data + strailer;
if (bidix.debugMode) alert("about to execute Http - POST on "+uploadParams[0]+"\n with \n"+data.substr(0,500)+ " ... ");
var r = doHttp("POST",uploadParams[0],data,"multipart/form-data; ;charset=UTF-8; boundary="+boundary,uploadParams[4],uploadParams[5],localCallback,params,null);
if (typeof r == "string")
displayMessage(r);
return r;
};
// same as Saving's updateOriginal but without convertUnicodeToUTF8 calls
bidix.upload.updateOriginal = function(original, posDiv)
{
if (!posDiv)
posDiv = locateStoreArea(original);
if((posDiv[0] == -1) || (posDiv[1] == -1)) {
alert(config.messages.invalidFileError.format([localPath]));
return;
}
var revised = original.substr(0,posDiv[0] + startSaveArea.length) + "\n" +
store.allTiddlersAsHtml() + "\n" +
original.substr(posDiv[1]);
var newSiteTitle = getPageTitle().htmlEncode();
revised = revised.replaceChunk("<title"+">","</title"+">"," " + newSiteTitle + " ");
revised = updateMarkupBlock(revised,"PRE-HEAD","MarkupPreHead");
revised = updateMarkupBlock(revised,"POST-HEAD","MarkupPostHead");
revised = updateMarkupBlock(revised,"PRE-BODY","MarkupPreBody");
revised = updateMarkupBlock(revised,"POST-SCRIPT","MarkupPostBody");
return revised;
};
//
// UploadLog
//
// config.options.chkUploadLog :
// false : no logging
// true : logging
// config.options.txtUploadLogMaxLine :
// -1 : no limit
// 0 : no Log lines but UploadLog is still in place
// n : the last n lines are only kept
// NaN : no limit (-1)
bidix.UploadLog = function() {
if (!config.options.chkUploadLog)
return; // this.tiddler = null
this.tiddler = store.getTiddler("UploadLog");
if (!this.tiddler) {
this.tiddler = new Tiddler();
this.tiddler.title = "UploadLog";
this.tiddler.text = "| !date | !user | !location | !storeUrl | !uploadDir | !toFilename | !backupdir | !origin |";
this.tiddler.created = new Date();
this.tiddler.modifier = config.options.txtUserName;
this.tiddler.modified = new Date();
store.addTiddler(this.tiddler);
}
return this;
};
bidix.UploadLog.prototype.addText = function(text) {
if (!this.tiddler)
return;
// retrieve maxLine when we need it
var maxLine = parseInt(config.options.txtUploadLogMaxLine,10);
if (isNaN(maxLine))
maxLine = -1;
// add text
if (maxLine != 0)
this.tiddler.text = this.tiddler.text + text;
// Trunck to maxLine
if (maxLine >= 0) {
var textArray = this.tiddler.text.split('\n');
if (textArray.length > maxLine + 1)
textArray.splice(1,textArray.length-1-maxLine);
this.tiddler.text = textArray.join('\n');
}
// update tiddler fields
this.tiddler.modifier = config.options.txtUserName;
this.tiddler.modified = new Date();
store.addTiddler(this.tiddler);
// refresh and notifiy for immediate update
story.refreshTiddler(this.tiddler.title);
store.notify(this.tiddler.title, true);
};
bidix.UploadLog.prototype.startUpload = function(storeUrl, toFilename, uploadDir, backupDir) {
if (!this.tiddler)
return;
var now = new Date();
var text = "\n| ";
var filename = bidix.basename(document.location.toString());
if (!filename) filename = '/';
text += now.formatString("0DD/0MM/YYYY 0hh:0mm:0ss") +" | ";
text += config.options.txtUserName + " | ";
text += "[["+filename+"|"+location + "]] |";
text += " [[" + bidix.basename(storeUrl) + "|" + storeUrl + "]] | ";
text += uploadDir + " | ";
text += "[[" + bidix.basename(toFilename) + " | " +toFilename + "]] | ";
text += backupDir + " |";
this.addText(text);
};
bidix.UploadLog.prototype.endUpload = function(status) {
if (!this.tiddler)
return;
this.addText(" "+status+" |");
};
//
// Utilities
//
bidix.checkPlugin = function(plugin, major, minor, revision) {
var ext = version.extensions[plugin];
if (!
(ext &&
((ext.major > major) ||
((ext.major == major) && (ext.minor > minor)) ||
((ext.major == major) && (ext.minor == minor) && (ext.revision >= revision))))) {
// write error in PluginManager
if (pluginInfo)
pluginInfo.log.push("Requires " + plugin + " " + major + "." + minor + "." + revision);
eval(plugin); // generate an error : "Error: ReferenceError: xxxx is not defined"
}
};
bidix.dirname = function(filePath) {
if (!filePath)
return;
var lastpos;
if ((lastpos = filePath.lastIndexOf("/")) != -1) {
return filePath.substring(0, lastpos);
} else {
return filePath.substring(0, filePath.lastIndexOf("\\"));
}
};
bidix.basename = function(filePath) {
if (!filePath)
return;
var lastpos;
if ((lastpos = filePath.lastIndexOf("#")) != -1)
filePath = filePath.substring(0, lastpos);
if ((lastpos = filePath.lastIndexOf("/")) != -1) {
return filePath.substring(lastpos + 1);
} else
return filePath.substring(filePath.lastIndexOf("\\")+1);
};
bidix.initOption = function(name,value) {
if (!config.options[name])
config.options[name] = value;
};
//
// Initializations
//
// require PasswordOptionPlugin 1.0.1 or better
bidix.checkPlugin("PasswordOptionPlugin", 1, 0, 1);
// styleSheet
setStylesheet('.txtUploadStoreUrl, .txtUploadBackupDir, .txtUploadDir {width: 22em;}',"uploadPluginStyles");
//optionsDesc
merge(config.optionsDesc,{
txtUploadStoreUrl: "Url of the UploadService script (default: store.php)",
txtUploadFilename: "Filename of the uploaded file (default: in index.html)",
txtUploadDir: "Relative Directory where to store the file (default: . (downloadService directory))",
txtUploadBackupDir: "Relative Directory where to backup the file. If empty no backup. (default: ''(empty))",
txtUploadUserName: "Upload Username",
pasUploadPassword: "Upload Password",
chkUploadLog: "do Logging in UploadLog (default: true)",
txtUploadLogMaxLine: "Maximum of lines in UploadLog (default: 10)"
});
// Options Initializations
bidix.initOption('txtUploadStoreUrl','');
bidix.initOption('txtUploadFilename','');
bidix.initOption('txtUploadDir','');
bidix.initOption('txtUploadBackupDir','');
bidix.initOption('txtUploadUserName','');
bidix.initOption('pasUploadPassword','');
bidix.initOption('chkUploadLog',true);
bidix.initOption('txtUploadLogMaxLine','10');
// Backstage
merge(config.tasks,{
uploadOptions: {text: "upload", tooltip: "Change UploadOptions and Upload", content: '<<uploadOptions>>'}
});
config.backstageTasks.push("uploadOptions");
//}}}
!Packet Filtering with iptables
!Network Address Translation with iptables
At boot, use GRUB to enter runlevel 1 (or S).
You will be logged in as root without the need for a password and can then change the system password with {{{passwd}}}.
[[BUG ALERT!|SELinux bug when changing password in single user mode]]
{{{user host = (desired userID) {NOPASSWD:} commands}}}
package
tigervnc-server
/etc/sysconfig/vncservers
One line, two bits of info (display and name):
VNCSERVERS="1:student 2:visitor"
The next line is optional but can configure an indi
vncviewer -via user@host localhost:x
1 Install service
2 Configure
3 create passwords
4 start service (step 3 must be created first!)
vncviewer -via user@host localhost:1
Software and system updates in RHEL are most often distributed in the form of RPM Packages, which are files, scripts, and package metadata stored in a modified CPIO archive.
RPM originated as "Red Hat Package Management" but now stands for "RPM Package Management".
The base level command for manipulating RPM packaging is {{{rpm}}}. However, other utilities and applications -- especially those designed to work with repositories -- can also work with RPM packages as well.
! Related MAN pages
* rpm (8)
* rpm2cpio (8)
* cpio (8)
! RPM queries
{{{rpm -q --configfiles bash}}}
{{{rpm -qc bash}}}
{{{rpm -qd }}}
{{{rpm -q --scripts }}} shows the scripts that run when the package is installed or uninstalled.
{{{rpm -qp}}}
{{{rpm -qpl}}}
{{{rpm -qpi}}}
{{{rpm -q <kind of query: package, default> <what info: info, list, docs, confs, --scripts><which packages: all, pkgname>}}}
! Extracting RPM contents
{{{rpm2cpio packagename.prm | cpio -id}}}
extracts to current directory
! Documentation for {{{yum}}}
''man pages''
* yum (1)
* yum.conf (5)
! Configuring yum to use a remote repository
Must create an entry in yum.conf. The "best practice" way to do this is to create a file for this one repository, with a name ending in {{{.repo}}}, and place it in {{{/etc/yum.repos.d/}}}
''Must have:''
* {{{[shortname] -- no spaces permitted}}}
* {{{name=friendly name}}}
* {{{baseurl=<proto://path/to/repo>}}}
When finding the path to a repo -- it is a directory containing repodata/
''Optional:''
*gpgcheck (0=off, 1=on) (requires a gpgkey if used)
*enabled (0=off, 1=on) (changed with {{{yum --enablerepo reponame}}} or {{{yum --disablerepo}}})
''Example: /etc/yum.repos.d/hostiso.repo''
{{{
[hostiso]
name="Host ISO Repo"
baseurl=http://172.17.0.1/install/rhel6
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
}}}
! Non "Core" Repositories from Red Hat
"Optional" repo is unsupported extra packages, similar to EPEL
"Supplemental" repo is closed source packages like adobe acrobat reader, etc.
! Common Invocations of yum
* yum help
* yum list
** installed
** available
** updates
** <pkgname>
* {{{yum search <keyword>}}}
* {{{yum localinstall <pkgname>}}}
* {{{yum localinstall --nogpgcheck <pkgname>}}}
{{{yum list | grep <searchphrase>}}} differs from {{{yum search <searchphrase>}}} in that yum search searches the description and metadata as well. All you search with grep against yum list is what is shown.
* {{{yum info packagename}}}
* {{{yum install packagename}}}
* {{{yum remove packagename}}}
don't use -y with remove -- might remove more or fewer packages than you expect.
* {{{yum update packagename}}}
* {{{yum grouplist}}}
* {{{yum groupinfo}}}
* {{{yum groupinstall groupname}}}
* {{{yum update}}}
* {{{yum whatprovides}}} (accepts globs)
* {{{yum localinstall}}}
* {{{yum install --nogpgcheck}}}
! {{{yum}}} ''log files''
* {{{/var/log/yum.log}}}
! {{{yum}}} and Signed Packages
Signed packages allow verification that a given package is from the source it claims to be from, and that the package has not been modified since leaving that source. This prevents tampering and the distribution of compromised packages. Packagers that produce signed packages will usually provide their public key in some prominent and easily accessible way. Red Hat places their keys on the distribution DVDs or ISOs in the path {{{/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release}}}
If {{{gpg-check=1}}} in the {{{.repo}}} file, yum will decline to install unsigned packages and packages with unknown signatures. the {{{--nogpgcheck}}} option can be used to force the unvalidated installation of a package, but a better solution is to obtain and import the appropriate key with {{{rpm --import path/to/pubkey}}}.
[[yum exercises]]
{{{partprobe}}} no longer forces re-reading of partition table of files with mounted filesystems. ''Equivalent functionality can now be found in'' {{{partx}}}.
Type the text for 'New Tiddler'
libguestfs-tools
virt-edit
[[Enable Console on VM]]
! Man Pages for yum
* yum (1)
* yum.conf (5)
! Configuring yum to use a remote repository
Must create an entry in yum.conf. The "best practice" way to do this is to create a file for this one repository, with a name ending in .repo, and place it in /etc/yum.repos.d/
! Common Invocations of yum
* yum help
* yum list
* yum search keyword
* yum info packagename
* yum install packagename
* yum remove packagename
* yum update packagename
* yum grouplist
* yum groupinfo
* yum groupinstall groupname
* yum update
* yum whatprovides (accepts globs)
* yum localinstall
* yum install --nogpgcheck
When finding the path to a repo -- it is a directory containing repodata/
[[yum exercises]]
# Configure a Repo
# Attempt an uninstalled package
# Search for a package
# research a package
# install a package
remove a package
list groups
research a group
install a group