book

CentOS System Administration Essentials

by Andrew Mallett

November 2014

Beginner

174 pages

3h 50m

English

Packt Publishing

Read now

Unlock full access

Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
What this book covers

Downloading the color images of this bookErrataPiracyQuestions
CLI trickery – shortcuts that you will love
The GRUB and MBR
Editing stanzas in GRUBAdding a root entry to a stanzaAdding a kernel entry to a stanzaAdding an initrd entry to a stanza
Applying different themes
A magician's secretHard linksSymbolic links
The SUID bitThe SGID bitThe sticky bit
The last access timeThe last modified timeThe last changed time
What BTRFS has to offerInstalling BTRFSCreating a BTRFS filesystemExpanding a BTRFS filesystemVolume management with BTRFSBalancing the filesystemAdding an entry to /etc/fstabCreating an RAID1 mirror
Managing software installation with RPM files
Creating the Plymouth themetup.plymouthtup.scriptCreating the theme RPMUsing YUMYUM plugins
/etc/yum.repos.d/
Managing services with Upstart
Using the pgrep commandUsing the pstree commandUsing the pkill commandUsing the pmap command
Managing public and private groupsLinux groupsAdding users to groupsEvaluating private group usage
Setting quotas
LDAP concepts
Configuring DNS or hostname recordsSetting TCP keepalivesSetting file descriptorsCreating the directory server user and groupThe EPEL repositoryInstalling and configuring 389-dsTesting the installation
Adding users using the GUI consoleAdding users from the command line
Installing and configuring NginxInstalling NginxConfiguring NginxConfiguring a 404 Document Not Found Error page
Installing the Puppet masterConfiguring the firewallDNSNetwork Time ProtocolThe Puppet lab repository
ClassesResource definitionPuppet factsUsing includeCreating and testing manifestsEnrolling remote puppet agents
Understanding PAM configuration filesTypeControlThe module pathModule arguments
DomainTypeItem
Reading the current SELinux modeSetting the SELinux modePreventing mode changes from the command lineUnderstanding SELinux contextsTroubleshooting SELinux
Password auditingPreparing a password fileCracking passwordsWeakening the algorithmHardening the password
Securing remote access to your systemThe SSH public keyAnalyzing the risks of default settingsPopulating the keystorePublic key authenticationRoot loginsConclusion
LocaleTime and date informationManaging servicesAdditional ways to repair your machine than just using the single user modeRemote managementSystemd and nonstandard subcommandsThe Samba 4.1 packageFilesystem changesPassword policies

Content preview from CentOS System Administration Essentials

SELinux

I am not really sure if I can quantify how many blogs I read on the Internet where "the solution" to an issue is to disable SELinux, or at least set it into permissive mode. While I do not disagree that the immediate problem may then be resolved, it is a little like setting the filesystem permissions to rwx for all users authenticated or otherwise. Similarly, we all joke about users sticking post-it notes with password to the screen; there is little difference in this to an administrator disabling SELinux inappropriately.

There are reasons that the mandatory access control (MAC) list exists, and we as administrators should use it to our advantage. Traditionally, we are accustomed to using discretionary access control (DAC) lists and these ...