Certification Objective 2.08-Post-installation, Security, and the First Boot Process

Now you've selected the package groups you need. The installation program takes a moment (or even a few minutes) to collect the list of packages and installs any other packages on which they depend (also known as dependencies). Once complete, Linux reboots. The first time RHEL boots, it starts the First Boot process shown in Figure 2-15, which takes you through the license agreement, firewall configuration, SELinux activation, kdump configuration for kernel crashes, the date and time, software updates from the Red Hat Network, creating a user, configuring a sound card, and installing from additional CDs if required. You may not see all of the options shown in the figure; for example, if your computer does not have a sound card, you won't see that option.

Figure 2-15: First Boot configuration

If you haven't installed the GUI, what you see is quite different, as shown in Figure 2-16. We'll describe the text-mode First Boot process at the end of this section.

Figure 2-16: Text-mode First Boot configuration

Licensing

If you're running RHEL, you'll need to agree to the license agreement. If you do not agree, you're prompted to shut down your system and uninstall the operating system.

Initial Firewall Configuration

Next, you'll be able to configure a standard firewall for your computer. Generally, you won't need to configure a firewall for a workstation inside a LAN. Firewalls are generally located on computers that serve as junctions, or routers between networks such as a LAN and the Internet. Figure 2-17 illustrates a configuration with two network cards that are presumably connected to different networks. The options you see here are identical to those shown in the system-config-securitylevel (Security Level Configuration) tool, which is described in Chapter 15.

Figure 2-17: Configuring a firewall

Initial SELinux Configuration

After configuring a firewall, you can set up basic SELinux protections on your system. It provides a different layer of defense to protect a wide variety of systems on your computer. If you don't know SELinux well, you may want to disable its protection temporarily. It's easy to do here, as shown in Figure 2-18; you can change it and customize it further using the new SELinux Management Tool described in Chapter 15.

Figure 2-18: Configuring SELinux

kdump

The kdump service allows you to configure what happens in the event of a kernel crash. In the associated First Boot screen, you can dedicate a specific amount of RAM to the process. Be aware that any such RAM is then unavailable for other processes.

Date and Time

In the Date and Time screen, you can set the date and time for your system. Under the Network Time Protocol tab, if you select the Enable Network Time Protocol option, you can synchronize your computer with a Network Time Protocol server. Red Hat provides three: 0.rhel.pool.ntp.org, 1.rhel.pool.ntp.org, and 2.rhel.pool.ntp.org. If you're not sure, you can return to this configuration screen with the system-config-time utility. Make any selections required by your exam, and click Next.

The Red Hat exams are closed book. While you can use available documentation such as the man pages, don't expect to have a connection to the Internet during your exam.

Red Hat has recently included NTP in the list of services associated with the RHCE exam, so it's quite possible that you'll have to configure a connection to a time server. For more information, see the Date/Time Configuration tool as described in Chapter 13.

Set Up Software Updates

If you want to register with the Red Hat Network, select Yes, I'd Like To Register Now, and you'll first see the Choose Server screen. You can select whether you receive updates directly from the Red Hat Network or from a local Red Hat caching service, such as a Red Hat Network Proxy or Satellite Server. If it's the latter, you'll need the URL of the local server.

If you click the Advanced Network Configuration button, you can set your system to read through any installed local proxy server.

Then you'll see a Red Hat Network configuration screen where you can set up a connection. You'll either need the username and password of your Red Hat Network account or you'll want to click Create A New Account.

The First Boot process then collects a profile of your hardware and currently installed packages and assumes that the current IP address is the name of your system. You can review what it will send to the Red Hat Network, change the system name, and disable transmission of the hardware or software profiles. If you do not want to register at this time, you can set up a Red Hat Network connection using the rhn_register command (or in the GNOME Desktop Environment, select Applications | System Tools | Software Updater, which registers your system before checking for available updates).

The First Regular User

Generally, you should configure at least one regular user account on every Linux system. Using the root account for everything is considered dangerous. In the User Account screen, you can configure a regular account. You may be required to create regular users with a specific password during your exam. You can create additional users with the system-config-users (Red Hat User Manager) tool described in Chapter 6. Create a user if required. Don't click Next yet; first review the next section.

If you're required to set up users over a network, pay attention to the requirements of your exam. Click the Use Network Login button and study the Authentication Configuration window. Are these users on a central NIS server or a Samba-based Primary Domain Controller (PDC)? For more information on the Authentication Configuration window, read Chapter 6.

Password Security

First, when you create a password, Red Hat has some protections. The First Boot process won't accept a password of less than six characters. In real life, it's best to use a password with a mixture of numbers and upper- and lowercase letters, and even punctuation. I like to create passwords from a favorite phrase or sentence. For example, a user could use Ieic3teT. because he told you "I eat ice cream 3 times every Thursday." (The period at the end is part of the password.)

In First Boot's Create User screen, there's a Use Network Login button. This opens the same window and tabs associated with the Authentication Configuration tool described in Chapter 6. Briefly, you can use it to configure connections to a NIS, LDAP, or Samba user database, encryption support such as that associated with Kerberos, Hesiod, or MD5 support, and more.

Sound Card Configuration

Normally, Red Hat automatically detects sound cards. If successful, you can click the Play Test Sound button to confirm. If more than one sound card is installed, you may see them in different tabs; you can click the tab for the other sound card and repeat the process. Click Next to continue.

Additional CDs

Finally, if you have more software to install, such as software from a Red Hat supplementary CD, you'll get to do so in the Additional CDs window. Don't do this unless required by your particular exam. Click Next to continue.

You'll now see the Finish Setup screen, which tells you that "Your system is now set up and ready to use." Click Next to finish the process.

Congratulations! Installation is now complete. As the basic installation process for Rebuilds such as CentOS (and even Fedora Core 6) is almost identical to RHEL, you can use that freely available operating system to practice for the exam. In addition to the trademarks, the only major substantive difference is the lack of access to the Red Hat Network (RHN). And there is no mention of the RHN in the Exam Prep guide.

If You Haven't Configured the GUI

The text-mode First Boot process does not require a lot. As shown back in Figure 2-16, it starts the Setup Agent, which supports access to the following text-based configuration tools:

1. Authentication

2. Firewall Configuration (no access to SELinux configuration)

3. Keyboard Configuration

4. Network Configuration

5. System Services

6. Timezone Configuration

While I encourage you to learn to configure Linux from the command line, these tools are not as capable as their GUI-based cousins. (Of course, if you want the most capable tools, learn to edit appropriate configuration files directly from the command line.) You can learn more about the GUI versions of these tools throughout this book.

Caveat Emptor on Installation

Do not worry if you make a mistake the first time you practice installing Linux on a test computer. Just redo the installation; it will be significantly faster and easier than trying to correct a problem. With so many installation options and possibilities available, it is not possible to name them all or take them all into account here. In most cases, the default is sufficient if you do not understand the question posed. Move on and get it installed, and then read the FAQs, HOWTOs, and other related documents once you are up and running. You can always reinstall. The second and third installs are actually a good thing, considering you need to know this process very well for the Red Hat exam.

If you have to reinstall Linux on the Installation and Configuration part of the exam, you may not have time to configure services as required.

You are not allowed to reinstall Linux during the RHCE or RHCT Troubleshooting and System Maintenance portion of those exams