|< Day Day Up >|| |
As you've seen in the past two chapters, there are many facets to system security. Making sure that network services run under nonprivileged accounts helps minimize the risks associated with outside attack.
By default, Red Hat Enterprise Linux assigns unique user and group ID numbers to each new user. This is known as the User Private Group scheme. This scheme allows you to configure special groups for a specific set of users. The users in the group can be configured with read and write privileges in a dedicated directory, courtesy of the SGID bit.
Two key cron jobs are anacron and tmpwatch. The anacron system, once installed from an outside source, automatically runs jobs that did not run while a RHEL 3 computer was turned off. The tmpwatch system is used to clear files from specified directories on a regular basis.
One of the most valuable skills you can have as a RHEL 3 systems administrator is knowing how to rescue a system. Some configuration problems can prevent a system from booting. Others can keep you from logging in. Key tools to manage configuration problems include: a boot disk from the mkbootdisk command, the linux rescue environment from a Red Hat installation floppy or CD, and single-user mode at the GRUB or LILO prompt. The linux rescue environment loads basic utilities and attempts to remount your directories on /mnt/sysimage. Key tools for managing problems include fdisk, fsck, e2label, and dumpe2fs.
Any network that is connected to an insecure network such as the Internet is vulnerable. The OpenSSH server can help you set up encrypted communication between computers. Encryption uses private and public keys. Whether you're using SSH or GPG, the default 1024-bit encryption scheme provides a 'reasonable' level of security.
Finally, you need to know how to add, remove, and resize Logical Volumes (LV). Once you've configured partitions properly, you can add an LV with appropriate use of the pvcreate, vgcreate, and lvcreate commands. You can remove an LV with the lvremove command. You can resize an LV with the help of the vgextend and lvextend commands.
|< Day Day Up >|| |