Managing Samba Users smbasswd and pdbedit

The easiest way to manage Samba users is to use the system-config-samba tool. Click Preferences to select Samba Users. In this window you can then add, edit, or remove Samba users. In the SWAT tool you would use the Password panel. To manage users you can either use the smbpasswd command or the pdbedit tool. The smbpasswd command with the -a option will add a user and the -x option will remove one. To enable or disable users you would use the -e and -d options. The smbpasswd command will...

Monitoring Your Network ping netstat tcpdump Ether Ape Ettercap and Wireshark

Several applications are available on Linux to let you monitor your network activity. Graphical applications like EtherApe, Ettercap, and Wireshark provide detailed displays and logs to let you analyze and detect network usage patterns. Other tools like ping offers specific services. The EtherApe, Ettercap, and Wireshark tools can be accessed on the Applications Internet menu. Tools like ping, tracerout, and netstat can be accessed with the Gnome Network Tools application accessible on the...

Pcmcia Devices

PCMCIA devices are card readers commonly found on laptops to connect devices like modems or wireless cards, though they are becoming standard on many desktop systems as well. The same PCMCIA device can support many different kinds of devices, including network cards, modems, hard disks, and Bluetooth devices. PCMCIA support is now managed by udev and HAL. You no longer use the cardmgr pcmcia service. PCMCIA devices are now considered hotplugged devices managed by HAL and udev directly. Card...

Compiling SELinux Modules

Instead of compiling the entire source each time you want to make a change, you can just compile a module for the area you changed. The modules directory holds the different modules. Each module is built from a corresponding .te file. The checkmodule command is used to create a .mod module file from the .te file, and then the semanage_module command is used to create the loadable .pp module file as well as an .fc file context file. As noted in the SELinux documentation, if you need to just...

The rpm Command

With the rpm command, you can maintain packages, query them, build your own, and verify the ones you have. Maintaining packages involves installing new ones, upgrading to new versions, and uninstalling packages. The rpm command uses a set of options to determine what action to take. In addition, certain tasks, such as installing or querying packages, have their own options that further qualify the kinds of action they take. For example, the -q option queries a package, but when combined with...

Linux Software RAID Levels

Linux software RAID can be implemented at different levels, depending on whether you want organization, efficiency, redundancy, or reconstruction capability. Each capability corresponds to different RAID levels. For most levels, the size of the hard disk devices should be the same. For mirroring, RAID 1, disks of the same size are required, and for RAID 5 they are recommended. Linux software RAID supports five levels as shown in Table 31-1. RAID 5 does require at least three hard drives. (On...

Security

Squid can use its role as an intermediary between Web clients and a Web server to implement access controls, determining who can access the Web server and how. Squid does this by checking access control lists (ACLs) of hosts and domains that have had controls placed on them. When it finds a Web client from one of those hosts attempting to connect to the Web server, it executes the control. Squid supports a number of controls with which it can deny or allow access to the Web server by the remote...

The Vi Editor Vim and Gvim

The Vim editor included with most Linux distributions is an enhanced version of the Vi editor. It includes all the commands and features of the Vi editor. Vi, which stands for visual, remains one of the most widely used editors in Linux. Keyboard-based editors like Vim and Emacs use a keyboard for two different operations to specify editing commands and to receive character input. Used for editing commands, certain keys perform deletions, some execute changes, and others perform cursor...

The rmmod Command

The rmmod command performs the actual unloading of modules. It is the command used by modprobe and the Kernel Module Loader to unload modules. You can use the rmmod command to remove a particular module as long as it is not being used or required by other modules. You can remove a module and all its dependent modules by using the -r option. The -a option removes all unused modules. With the -e option, when rmmod unloads a module, it saves any persistent data (parameters) in the persistent data...

Sendmail Configuration

The main Sendmail configuration file is sendmail.cf, located in the etc directory. This file consists of a sometimes lengthy list of mail definitions that set general options, designate MTAs, and define the address rewrite rules. A series of options set features, such as the maximum size of mail messages or the name of host files. The MTAs are those mailers through which Sendmail routes messages. The rewrite rules rewrite a mail address to route through the appropriate Internet connections to...

Alternative DNS Servers

Several alternative DNS servers are now available. These include djbdns, noted for its security features, CustomDNS, a dynamic server implemented in Java (customdns.sourceforge.net), and Yaku-NS, an embedded server. The djbdns server (cr.yp.to djbdns.html), written by D.J. Bernstein, is designed specifically with security in mind, providing a set of small server daemons, each performing specialized tasks. In particular, djbdns separates the name server, caching server, and zone transfer tasks...

Hardware Abstraction Layer HAL

The purpose of the Hardware Abstraction Layer (HAL) is to abstract the process of applications accessing devices. Applications should not have to know anything about a device, even its symbolic name. It should just have to request a device of a certain type, and then a service, like HAL, should provide what is available. Device implementation becomes hidden from applications. HAL makes devices easily available to desktops and applications using a D-BUS (device bus) structure. Devices are...

Device Information File Directives

Properties are defined in directives listed in device information files. As noted, device information files have .fdi extensions. A directive is encased in greater- and less-than symbols. There are three directives The merge directive will merge a new property into a device's information database. The append directive will append or modify a property for that device already in the database. The match directive will test device information values. A directive will include a type attribute...

Port Forwarding Tunneling

If, for some reason, you can connect to a secure host only by going through an insecure host, ssh provides a feature called port forwarding. With port forwarding, you can secure the insecure segment of your connection. This involves simply specifying the port at which the insecure host is to connect to the secure one. This sets up a direct connection between the local host and the remote host, through the intermediary insecure host. Encrypted data is passed through directly. This process is...

Network Talk and Messenger Clients VoIp Icq Irc Aim and Talk

You may, at times, want to communicate directly with other users on your network. You can do so with VoIP, Talk, ICQ, instant messenger, and IRC utilities, provided the other user is also logged in to a connected system at the same time (see Table 15-2). With Voice over the Internet Protocol applications, you can speak over Internet connections, talking as if on a telephone. The Talk utility operates like a two-way text messaging tool, enabling you to have a direct two-way conversation with...

Controlling User and Host Access

With an access file, you can control access by certain users, hosts, and domains. The access file works much like the one used for Sendmail. Entries are made in a text file beginning with the user, host, or domain name or address, followed by an action to take. A user, host, or domain can be accepted, rejected, or rejected with a message. Once entries are made, they can be installed in a Postfix database file with the postmap command You can then use the access file in various Postfix...

SELinux Policy Packages

Fedora Linux provides several SELinux policy packages. The targeted one is installed by default. You can use Pirut to download the others. The source code, along with the source code documentation, is now kept in separate RPMS packages, which you download and manually install. NOTE You can also use setroubleshoot to check and locate problems you may be having with Each policy installs its configuration files in etc selinux. If you want to add your own module, you need to use the policy headers...

Curl

The curl Internet client operates much like wget, but with much more flexibility. With curl you can specify multiple URLs on its command line. You can also use braces to specify multiple matching URLs, like different Web sites with the same domain name. You can list the different Web site host names within braces, followed by their domain name (or visa versa). You can also use brackets to specify a range of multiple items. This can be very useful for downloading archived files that have the...

The mount Command

The mount command takes two arguments the storage device through which Linux accesses the file system, and the directory in the file structure to which the new file system is attached. The mountpoint is the directory on your main directory tree where you want the files on the storage device attached. The device is a special device file that connects your system to the hardware device. The syntax for the mount command is as follows As noted previously, device files are located in the dev...

Sftp and sftpserver

With sftp, you can transfer FTP files secured by encryption. The sftp client, which works only with ssh version 2, operates much like ftp, with many of the same commands (see Chapter 14). Use sftp instead of ftp to invoke the sftp client. To use the sftp client to connect to an FTP server, that server needs to be operating the sftp-server application. The ssh server invokes sftp-server to provide encrypted FTP transmissions to those using the sftp client. The sftp server and client use the SSH...

Fstab Fields

An entry in an fstab file contains several fields, each separated from the next by a space or tab. These are described as the device, mountpoint, file system type, options, dump, and fsck fields, arranged in the sequence shown here < device> < mountpoint> < filesystemtype> < options> < dump> < fsck> The first field is the name of the file system to be mounted. This entry can be either a device name or an ext2 or ext3 file system label. A device name usually begins with...

Pirut Package Manager A Repository Model of Software Management

The Pirut Package Manager is a new package management tool that now replaces the older system-config-packages, which was used primarily for the disk-based packages. The Package Manager is Internet-based, installing from online repositories only, using Yum to download and install. Pirut is the same tool used during the installation procedure to select packages, only now you can uninstall packages. Check fedoraproject.org wiki Tools yum for tips on using Yum, including a script to let you perform...

Creating Your Own Fedora Install Spins with Pungi

You can create your own distribution discs with Pungi. The Pungi tool uses configuration files in the etc pungi directory. It will generate a basic collection of packages, downloading them from the Fedora repository. Default settings are listed in the pungi.conf file. The packages to add to the spin are listed by category in the minimal-manifest file. It uses the same syntax as kickstart. The comps.xml file in the etc pungi directory defines the package grouping for your release. The etc pungi...

Nautilus as a FTP Browser

Nautilus works as an operational FTP browser. You can use the Location box (toggle to box view) or the Open Location entry on the File menu to access any FTP site. Just enter the URL for the FTP site in the Location box and press enter (you do not need to specify ftp ). Folders on the FTP site will be displayed, and you can drag files to a local directory to download them. The first time you connect to a site, an Authentication dialog will open letting you select either Anonymous access or...

SELinux Management Tools

SELinux provides a number of tools to let you manage your SELinux configuration and policy implementation, including semanage to configure your policy. The Fedora system configuration tool for SELinux is system-config-selinux. The setools packages provides SELinux configuration and analysis tools including apol, the Security Policy Analysis tool for domain transition analysis, sediffx for policy differences, and seaudit to examine the auditd logs (see Table 17-2). The setools collection also...

The Gnome Volume Manager

Managing DVD CD-ROMs, card readers, floppy disks, digital cameras, and other removable media is the task of the GNOME Volume Manager. This is a lower-level utility that remains transparent to the user, though how you treat removable media can be configured with the Drives and Removable Media preferences tool. The GNOME Volume Manager allows you not only to access removable media, but to access all your mounted file systems, remote and local, including any Windows shared directories accessible...

Mounting Floppy Disks

As noted previously, to access a file on a floppy disk, the disk first has to be mounted on your Linux system. The device name for your floppy drive is fd0, and it is located in the directory dev. Entering dev fd0 references your floppy drive. Notice the number 0 after fd. If you have more than one floppy drive, the additional drives are represented by fdl, fd2, and so on. You can mount to any directory you want. Red Hat Enterprise creates a convenient directory to use for floppy disks, media...

Adding and Removing Users with useradd usermod and userdel

Linux also provides the useradd, usermod, and userdel commands to manage user accounts. All these commands take in all their information as options on the command line. If an option is not specified, they use predetermined default values. These are command line operations. To use them on your desktop you first need to open a terminal window (right-click on the desktop and select Open Terminal), and then enter the commands at the shell prompt. If you are using a desktop interface with Red Hat...

Mail Transport Agents

Red Hat Linux and Fedora automatically install and configure both Sendmail and Postfix for you. On starting your system, you can send and receive messages between local users using Sendmail or Postfix. Red Hat and Fedora include a special tool called the Mail Transport Agent Switcher, accessible from the System Settings menu or window, to let you switch between the two. You can also set up your Linux system to run a POP server. Sendmail mail transfer agent, supported by the Sendmail consortium...

Running Microsoft Office on Linux Crossover

One of the primary concerns for new Linux users is what kind of access they will have to their Microsoft Office files, particularly Word files. The Linux operating system and many applications for it are designed to provide seamless access to MS Office files. The major Linux Office suites, including KOffice, OpenOffice, and StarOffice, all read and manage any Microsoft Office files. In addition, these office suites are fast approaching the same level of features and support for office tasks as...

SELinux

Though numerous security tools exist for protecting specific services, as well as user information and data, no tool has been available for protecting the entire system at the administrative level. Security-Enhanced Linux provides built-in administrative protection for aspects of your Linux system. Instead of relying on users to protect their files or on a specific network program to control access, security measures are built into the basic file management system and the network access...

Accessing Shares with smbclient

You can then add several options to access shares, such as the remote username or the list of services available. With the - I option, you can specify the system using its IP address. You use the -U option and a login name for the remote login name you want to use on the remote system. Attach with the password if a password is required. With the -L option, you can obtain a list of the services provided on a server, such as shared directories or printers. The following command will list the...

Archiving and Compressing Files with File Roller

Red Hat and Fedora provide the File Roller tool (accessible from the Accessories menu, labeled Archive Manager) that operates as a GUI front end to archive and compress files, letting you perform Zip, gzip, tar, and bzip2 operation using a GUI interface (see Figure 10-4). You can examine the contents of archives, extract the files you want, and create new compressed archives. When you create an archive, you determine its compression method by specifying its filename extension, such as .gz for...

Red Hat and Fedora ip6tables Support

For ip6tables, Red Hat and Fedora use a different, corresponding set of supporting scripts and configuration files. ip6tables has its own service script, ip6tables, as well as its own restore and save scripts, ip6tables-save and ip6tables-restore. In their names, they have the number 6, as in etc sysconfig ip6tables. The ip6tables configuration scripts and files are shown in Table 20-9. Fedora Red Hat ip6tables script to create IPv6 IPtables rules. Configuration file for etc rc.d init.d...

Configuration with systemconfigselinux

With system-config-selinux you can manage and configure your SELinux policies, though you cannot create new policies (see Figure 17-1). You can access system-config-selinux from the System Administration menu by selecting the SELinux Management entry. The system-config-selinux window will list several panes with a sidebar menu for Status, Boolean, File Labeling, User Mapping, SELinux User, Translation, Network Port, and Policy Module. system-config-selinux will invoke the SELinux management...

Creating File Systems mkfs mke2fs mkswap parted and fdisk

Linux provides a variety of tools for creating and managing file systems, letting you add new hard disk partitions, create CD images, and format floppies. To use a new hard drive, you will have to first partition it and then create a file system on it. You can use either parted or fdisk to partition your hard drive. To create the file system on the partitions, you use the mkfs command, which is a front end for various file system builders. For swap partitions, you use a special tool, mkswap,...

Definition and Evaluation of Variables set unset

You define a variable in a shell when you first use the variable's name. A variable's name may be any set of alphabetic characters, including the underscore. The name may also include a number, but the number cannot be the first character in the name. A name may not have any other type of character, such as an exclamation point, an ampersand, or even a space. Such symbols are reserved by the shell for its own use. Also, a variable name may not include more than one word. The shell uses spaces...

The modprobe Command

To install a module manually, you use the modprobe command and the module name. You can add any parameters the module may require. The following command installs the Intel high definition sound module. modprobe also supports the use of the * character to enable you to use a pattern to select several modules. This example uses several values commonly used for sound cards. You would use the values recommended for your sound card on your system. Most sound card drivers are supported by the ALSA...

KDE Panel Kicker

The KDE panel (Kicker), located at the bottom of the screen, provides access to most KDE functions (see Figure 7-3). The panel includes icons for menus, directory windows, specific programs, and virtual desktops. At the left end of the panel is an button for the main menu (also know as the K menu), a fedora f icon on Fedora. To add an application to the panel, right-click anywhere on the panel and select Add from the pop-up menu. The Add menu displays the kind of objects you can add, including...

Video Graphics Card Driver Support Ati Nvidia and Livna

Though a generic Xorg NVIDIA and ATI driver is included with Fedora, to make full use of your graphics driver, you will have to use the vendor-supplied NVIDIA or ATI drivers. Both NVIDIA and ATI provide Linux-compatible versions of their drivers, released almost monthly. The drivers contain updated bug fixes and enhancements. You can download and install these drivers either directly from the vendor Web site or with Yum using the Livna-prepared versions. It is always preferable to use the Livna...

Parallel Virtual File System PVFS

The Parallel Virtual File System (PVFS) implements a distributed network file system using a management server that manages the files system on different I O servers. Management servers maintain the file system information, including access permissions, directory structure, and metadata information. Requests for access to a file are submitted by a client of the management server. The management server then sets up a connection between the client and the I O servers that hold the requested...

RSH Kerberos and SSH Remote Access Commands

The remote access commands were designed for smaller networks, such as intranets. They enable you to log in remotely to another account on another system and to copy files from one system to another. You can also obtain information about another system, such as who is currently logged on (see Table 15-3). Many of the remote commands have comparable network communication utilities used for the Internet. For example, rlogin, which remotely logs in to a system, is similar to telnet. The rcp...

User Defined Rules

For more complex rules, you may want to create your own chain to reduce repetition. A common method is to define a user chain for both INPUT and FORWARD chains, so that you do not have to repeat DROP operations for each. Instead, you would have only one user chain that both FORWARD and INPUT chains would feed into for DROP operations. Keep in mind that both FORWARD and INPUT operations may have separate rules in addition to the ones they share. In the next example, a user-defined chain called...

DHCP Dynamic DNS Updates

For networks that also support a Domain Name Server, dynamic allocation of IP addresses currently needs to address one major constraint DHCP needs to sync with a DNS server. A DNS server associates hostnames with particular IP addresses, whereas in the case of dynamic allocation, the DHCP server randomly assigns its own IP addresses to different hosts. These may or may not be the same as the IP addresses that the DNS server expects to associate with a hostname. A solution to this problem is...

GNOME Power Manager

The GNOME Power Manager is designed to take full advantage of the efficiency features available on both laptops and desktops. It supports tasks like reducing CPU frequency, dimming the display, shutting down unused hard drives, and automatic shutdown or suspension. See for a detailed description. The GNOME Power Manager is integrated with HAL (Hardware Abstraction Layer) and Dbus to detect hardware states and issue hardware notifications. Hardware notifications are issued using notification...

BIND Servers and Tools

The BIND DNS server software consists of a name server daemon, several sample configuration files, and resolver libraries. As of 1998, a new version of BIND, beginning with the series number 8.x, implemented a new configuration file using a new syntax. Version 9.0 adds new security features and support for IPv6. Older versions, which begin with the number 4.x, use a different configuration file with an older syntax. Most distributions currently install the newer 9.x version of BIND. The name of...

CUPS Command Line Administrative Tools

CUPS provides command line administrative tools like lpadmin, lpoptions, lpinfo, enable, disable, accept, and reject. The enable and disable commands start and stop print queues directly, whereas the accept and reject commands start and stop particular jobs. The lpinfo command provides information about printers, and lpoptions lets you set printing options. The lpadmin command lets you perform administrative tasks like adding printers and changing configurations. CUPS administrative tools are...

Yum Extender yumex

The Yum Extender is an alternative GUI interface for managing software packages on your Yum repositories (see Figure 3-10) yumex is included with Fedora. Open Add Remove Software and on the Browse panel select Base System, then Administration Tools, and then Q.74-17.fr he Samba Suite of programs 3.0.24-10.fc Samba (SMB) client programs. noarc 1.2.39-1.fc7 Samba server configuration tool This prckaoe 5 roup all mi van to sho.-e flics between Linn* and Hi WimkR tm) click the Optional Packages to...

Configure Command Options

Certain software may have specific options set up for the . configure operation. To find out what these are, you use the . configure command with the - -help option A useful common option is the -prefix option, which lets you specify the install directory TlP Some older X applications use xmkmf directly instead of a configure script to generate the needed Makefile. In this case, enter the command xmkmf in place of . configure. xmkmf has been officially replaced. Be sure to consult the INSTALL...

Linux as an IPv6 Router radvd

For a Linux system that operates as a router, you use the radvd Router ADVertisement Daemon to advertise addresses, specifying a network prefix in the etc radvd.conf file. The radvd daemon will detect router network address requests from hosts, known as router solicitations, and provide them with a network address using a router advertisement. These router advertisements will also be broadcast to provide the network address to any hosts that do not send in requests. For radvd to work, you will...

Kernel Configuration Tools

You can configure the kernel using one of several available configuration tools config, menuconfig, xconfig (qconf), and gconfig (gkc). You can also edit the configuration file directly. These tools perform the same configuration tasks but use different interfaces. The config tool is a simple configure script providing line-based prompts for different configuration options. The menuconfig tool provides a cursor-based menu, which you can still run from the command line. Menu entries exist for...

Running cron Directory Scripts

Each directory contains scripts that are all run at the same time. The scheduling for each group is determined by an entry in the etc crontab file. The actual execution of the scripts is performed by the usr bin run-parts script, which runs all the scripts and programs in a given directory. Scheduling for all the tasks in a given directory is handled by an entry in the etc crontab file. Fedora provides entries with designated times, which you may change for your own needs. The default Fedora...

Downloading ISO and DVD Distribution Images with Bit Torrent

Very large files like distribution ISO images can be downloaded using BitTorrent. BitTorrent is a distributed download operation, where many users on the Internet participate in the same download, each uploading parts that others can in turn download. The file is cut into small IP packets, and each packet is individually uploaded and downloaded as if it were a separate file. Your BitTorrent client will automatically combine the packets into the complete file. There is no shared disk space like...

Web Servers Apache

Linux distributions provide several Web servers for use on your system. The primary Web server is Apache, which has almost become the standard Web server for Red Hat Linux and Fedora distributions. It is a very powerful, stable, and fairly easy-to-configure system. Other Web servers are also available, such as Tux. Tux is smaller, but very fast, and is very efficient at handling Web data that does not change. Red Hat and Fedora Linux provide default configurations for the Web servers, making...

IP Virtual Domains

IP-based virtual hosting allows more than one IP address to be used for a single machine. If a machine has two registered IP addresses, either one can be used to address the machine. If you want to treat the extra IP address as another host in your domain, you need only create an address record for it in your domain's zone file. The domain name for the host would be the same as your domain name. If you want to use a different domain name for the extra IP, however, you have to set up a virtual...

The dump Levels

The dump utility uses dump levels to determine to what degree you want your system backed up. A dump level of 0 will copy file systems in their entirety. The remaining dump levels perform incremental backups, backing up only files and directories that have been created or modified since the last lower-level backup. A dump level of 1 will back up only files that have changed since the last level 0 backup. The dump level 2, in turn, will back up only files that have changed since the last level 1...

Security Services

Fedora includes several security services for protecting your system and your network transmissions (see Table 4-3). Using GNU Privacy Guard (GPG), you can encrypt your e-mail messages or files you want to send, as well as sign them with an encrypted digital signature authenticating that the message was sent by you. The digital signature also includes encrypted modification digest information that provides an integrity check, allowing the recipient to verify that the message received is the...

Compression with gzip

Several compression utilities are available for use on Linux and Unix systems. Most software for Linux systems uses the GNU gzip and gunzip utilities. The gzip utility compresses files, and gunzip decompresses them. To compress a file, enter the command gzip and the filename. This replaces the file with a compressed version of it, with the extension .gz. To decompress a gzip file, use either gzip with the -d option or the command gunzip. These commands decompress a compressed file with the .gz...

TCPIP Protocol Suite

The TCP IP protocol suite actually consists of different protocols, each designed for a specific task in a TCP IP network. The three basic protocols are the Transmission Control Protocol (TCP), which handles receiving and sending out communications, the Internet Protocol (IP), which handles the actual transmissions, and the User Datagram Protocol (UDP), which also handles receiving and sending packets. The IP protocol, which is the base protocol that all others use, handles the actual...

How To Access Mysql Database In Fedora7

The SQL query language is the language used by most relational database management systems (RDBMSs), including both MySQL and PostgreSQL. Though many RDBMSs use administrative tools to manage databases, on Linux MySQL and PostgreSQL, you still have to use the SQL commands directly. Common SQL commands that you may use are listed in Table 26-7. The commands are often written in uppercase by convention, though they can be in lowercase. Create a table within a database, specifying fields. INSERT...

The etcmodprobeconf File

Module loading can require system renaming as well as specifying options to use when loading specific modules. Even when removing or installing a module, certain additional programs may have to be run or other options specified. These parameters can be set in the etc modprobe.conf file. The mobprobe.conf file supports four actions alias, options, install, and remove. alias module name Provides another name for the module, used for network and sound devices. options module options Specifies any...

Proxy Servers Squid

Proxy servers operate as an intermediary between a local network and services available on a larger one, such as the Internet. Requests from local clients for Web services can be handled by the proxy server, speeding transactions as well as controlling access. Proxy servers maintain current copies of commonly accessed Web pages, speeding Web access times by eliminating the need to access the original site constantly. They also perform security functions, protecting servers from unauthorized...

Pv6 Stateful Autoconfiguration DHCPv6

The IPv6 version of DHCP DHCPv6 provides stateful autoconfiguration to those networks that still want a DHCP-like service on IPv6 networks. DHCP IPv6 provides configuration information from a server, just like DHCP. But it is a completely different protocol from the IPv4 version, with different options and capabilities. As a stateful configuration process, information is provided by an independent server. DHCPv6 is still under development, though a version is distributed with Fedora and Red Hat...