Set Up Routing with the ip Tool

You can use the ip tool to configure the routing table of the Linux kernel. The routing table determines the path IP packets use to reach the destination system. Because routing is a very complex topic, this objective only covers the most common routing scenarios. You can use the ip tool to perform the following tasks Add Routes to the Routing Table Delete Routes from the Routing Table As changes made with ip are lost with the next reboot, you also have to know how to Save Routing Settings to a...

Linux Security Modules

To solve this problem, the Linux Security Modules (LSM) were developed. In an LSM enabled system a process (Subject) can only access the files (Objects) defined in a policy. This policy is set by the system administrator and enforced by the operating system kernel access to files is no longer at the discretion of the user. According to the kernel documentation, the LSM kernel patch provides a general kernel framework to support security modules. In particular, the LSM framework is primarily...

Objective 3 Create a Configuration File for AutoYaST

The easiest way to create a configuration file for AutoYaST is to use the YaST Autoinstallation module. Enter yast2 > Miscellaneous > Autoinstallation This module starts with the following dialog The left window contains all parameters which can be configured in a tree-like structure. By selecting a main entry, all available modules of this entry are displayed in the main window. 1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED To select a module, either select the link in the main window or...

Unmount a File System

Once a file system is mounted, you can use the umount command (without an n) to unmount the file system. You can unmount the file system by using umount with the device or the mount point. For example to unmount a CD file system mounted at media cdrecorder, you could enter one of the following In order to unmount the file system, no application or user may use the file system. If it is being used, Linux sees the file system as being busy and will refuse to unmount the file system. To help...

Manage Partitions with YaST

You can use the YaST Expert Partitioner during or after installation to customize the default or existing partition configuration. The interface of the Expert Partitioner after installation does not differ from the interface you used during installation. To start the Expert Partitioner, press Alt+F2, enter yast2, and enter the root password when prompted. Then select System > Partitioner. The following warning appears 1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED After selecting Yes, the...

Objective 1 Manage the Network with YaST

The YaST module for configuring network cards and the network connection can be accessed from the YaST Control Center. To activate the network configuration module, select Network Devices > Network Card. YaST wants to know the network setup method User Controlled with NetworkManager. Use a desktop applet that manages the connections for all network interfaces. (This is mainly useful on mobile computers.) Traditional Method with ifup. The traditional method uses the command ifup. (We recommend...

SUSE Linux Enterprise Server

SUSE Linux Enterprise Server 10 can be configured as iSCSI target and as iSCSI initiator. You can do this with the configuration tool YaST or manually. Mount iSCSI Targets Automatically at Boot Time You can either start YaST and select Network Services > iSCSI Target, or start the iSCSI Target module directly by entering as root in a console window yast2 iscsi-server. If the iscsitarget package is not installed, YaST will invite you to do that Initializing iSCSI Target Configuration...

Mount a File System

You can use the command mount to manually mount a file system. The general syntax for mounting a file system with mount is mount -t file_system_type -o mount_options device mount_point_directory By using mount, you can override the default settings in etc fstab. For example, entering the following mounts the partition dev hda9 to the directory space You do not usually specify the file system type because it is recognized automatically (using magic numbers in the superblock, or simply by trying...

Init Configuration File etcinittab

To understand the contents of the file etc inittab, you need to know the following The following is the syntax of each line in the file etc inittab The following describes the parameters id. A unique name for the entry in etc inittab. It can be up to four characters long. rl. Refers to one or more runlevels in which this entry should be evaluated. action. Describes what init is to do. process. Is the process connected to this entry. The first entry in the file etc inittab contains the following...

Set Defaults for New User Accounts

You can use YaST to select default settings to be applied to new user accounts. From the Gnome desktop, press Alt+F2, enter yast2 and enter the root password when prompted. Select Security and Users > User Management. You can also start the User Management module directly from a terminal window as root by entering yast2 users. Select Expert Options > Defaults for New Users. The following appears 1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED You can enter or edit information in the following...

Use Domain Save and Restore

A very simple way to migrate a domain is to use the save and restore function of the xm tool. With the command xm save < domain_id> < filename> , you can suspend the specified domain and save the status to the given filename. This file can then be copied to the new host system. To restore the domain, use the command xm restore < filename> . 1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED As mentioned above, besides the file created with xm, you might also have to copy the file systems...

Info

Note The sux command shares the same syntax as the su command and exports the xhost and DISPLAY options when elevating to root. su - < CR> (login root) su -c cmd to run su - < CR> (login root) su -c cmd to run Kerberos SMB LDAP WinBind NIS HESIOD The differences between Red Hat and SUSE Linux Enterprise Server GUI and TUI tools for user management are more than slightly divergent. While both have a single portal point for creating users and groups. Red Hat uses a single application and...

AutoYaST on SUSE Linux Enterprise Server

AutoYaST is the tool for automated installations on SUSE Linux Enterprise Server 10. All information needed during installation, e.g. partitioning or software selection, is provided by a control file in XML format. No manual intervention is necessary during the installation process. 1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED If you have to install several systems with the same setup you can save time by automating the installation. Depending on your requirements, you can ensure all systems...

Authentication and PAM

- Config stublet files directory etc pam.d * - (usually ignored if above is present) etc pam. conf - RHEL Fedora system-config-authentication - SLES SUSE yast (Security and Users -> Local Security) - RHEL and SUSE encrypt their passwords differently so encrypted passwords won't transfer straight over. You can modify PAM on SLES SUSE to use the same method as RH if you want. You'd have to modify etc pam. d passwd -for more info, see 1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED - RNDC Key file...

Configure Security Settings

YaST provides a Local Security module that lets you configure the following local security settings for your SUSE Linux Enterprise Server You can select from (or modify) three preset levels of security, or create your own customized security settings to meet the requirements of your enterprise security policies and procedures. You can access the Security Settings module from the YaST Control Center by selecting Security and Users > Local Security, or by entering as root yast2 security in a...

Section 1 Install SUSE Linux Enterprise Server

1-1 Objective 1 Perform a SLES 10 Installation 1-2 Boot from the Installation Media 1-2 Select the System Language 1-5 Select the Installation Mode 1-6 Set the Clock and Time Zone 1-8 Understand and Change the Installation Settings 1-9 Select Software 1-25 Start the Installation Process 1-28 Objective 2 Configure the SLES 10 Set the Host Set the root Configure the Network Test the Internet Connection Novell Customer Center Configuration and Online Update . 1-39 Configure Network Services...

Boot a System Directly into a Shell

The boot screen of the GRUB boot loader lets you pass parameters that modify the Linux kernel before the kernel is actually loaded. At the bottom of the GRUB boot screen is a Boot Options field. To add a boot option, select an operating system and type the additional boot option in the Boot Options field. One way to access a system that is not booting anymore is to set a different program for the init process. Normally, the Linux kernel tries to find a program with the name init and starts this...

Boot from the Installation Media

To start the installation process, insert the SUSE Linux Enterprise Server 10 Product DVD into the DVD drive and then reboot the computer to start the installation program. To start the installation program, your computer needs to be configured to start from a DVD drive. You might need to change the boot drive order in the BIOS setup of your system to boot from the drive. Consult the manual shipped with your hardware for further information. When your system has started from the installation...

Configure GRUB with YaST

While you can use YaST (bootloader Configuration module) to simplify the configuration of the boot loader, you should not experiment with this module unless you understand the concepts behind it. To start the YaST Boot Loader module, start YaST, enter the root password, then select System > Boot Loader, or start the Boot Loader module directly from a terminal window by entering as root yast2 bootloader. When the Section Management tab is selected, you see the current GRUB settings for your...

Manage Software RAID

To manage software RAID (Redundant Array of Independent (or Inexpensive) Disks), select RAID in the YaST Expert Partitioner. The purpose of RAID is to combine several hard disk partitions into one large virtual hard disk for optimizing performance and improving data security. There are two types of RAID configurations Hardware RAID. The hard disks are connected to a separate RAID controller. The operating system sees the combined hard disks as one device. No additional RAID configuration is...

Verify Partitioning

In most cases, YaST proposes a reasonable partitioning scheme that you can accept without change. However, you might need to change the partitioning manually if You want to optimize the partitioning scheme for a special purpose server (such as a file server). You want to configure LVM (Logical Volume Manager). You have more than one hard drive and want to configure RAID (Redundant Array of Independent Disks). You want to delete existing operating systems so you have more space available for...

View App Armors Status

Rcapparmor status gives you a general overview of profiles and processes da10 rcapparmor status apparmor module is loaded. 50 profiles are loaded. 49 profiles are in enforce mode. 1 profiles are in complain mode. Out of 69 processes running 5 processes have profiles defined. 5 processes have profiles in enforce mode. 0 processes have profiles in complain mode. To emphasize the point that, after restarting AppArmor, processes need to be restarted to be again confined, have a look at the...

Configure the Postfix Master Daemon

The Postfix master daemon usr lib postfix master is started directly by Postfix when the system is booted and is terminated only when the system goes down or if Postfix ends. The Postfix master daemon is normally configured once only when as the email system is set up, and is usually never changed. The master daemon, which monitors the entire mail system, Controls and monitors individual Postfix processes. Adheres to configured resource limits, which were defined in the file master.cf. Restarts...

Ext2fs File System Format

The ext2 file system format is, in many ways, identical to traditional UNIX file system formats. The concepts of inodes, blocks, and directories are the same. When a file system is created (the equivalent of formatting in other operating systems), the maximum number of files that can be created is specified. The inode density (together with the capacity of the partition) determines how many inodes can be created. Remember that it is not possible to generate additional inodes later. You can only...

Create a Reiser File System

You can create a Reiser file system by using the command mkreiserfs or mkfs -t reiserfs mkfs.reiserfs 3.6.19 (2003 www.namesys.com) Yury Umanets (aka Umka) developed libreiser4, Guessing about desired format Kernel 2.6.16.14- Count of blocks on the device 62240 Number of blocks consumed by mkreiserfs formatting process 8213 Hash function used to sort names r5 Journal Size 8193 blocks (first block 18) UUID 73abdf80-2b72-4844-99 67-74e99813d056 ATTENTION YOU SHOULD REBOOT AFTER FDISK ALL DATA...

Create a File System with YaST

You can use YaST to create a file system (such as ext3 or ReiserFS) on a partition. This is done by starting the Expert Partitioner as root by entering in a console window yast2 disk. After acknowledging the warning message, the Expert Partitioner opens up. To create a file system on a partition, select the partition and then select Edit the following appears To format the partition with a file system, select Format. From the File system drop-down list, select a file system from the list of...

Understand Profiles and Rules

Novell AppArmor profiles contain two types of AppArmor rules path entries and capability entries. Path entries specify what a process can access in the file system. AppArmor, by default, limits the capabilities a process is given (see man apparmor). Capability entries are used to specify specific POSIX capabilities (man 7 capabilities) a process is granted, overriding the default limitation. Other files containing AppArmor rules can be pulled in with include statements. As an example, let's...

Configure the Lookup Tables

Lookup tables contain rules for processing email within the overall Postfix system. These tables are activated by variables in the file After a lookup table has been defined, it needs to be converted to the required format (usually in the form of a hash table) using the command postmap. postmap hash etc postfix lookup-table The structure of lookup tables is subject to the following general rules Blank lines or lines that begin with a are not interpreted as command lines. Lines that begin with a...

Configure Global Settings

All other configuration definitions apart from the configuration of processing rules in lookup tables are set in the following file On SUSE Linux Enterprise Server 10, the most common parameters of this file can be modified using variables in the files Postfix is one of the last services that needs SuSEconfig to run for generation of the actual configuration files from files located in etc sysconfig . The file etc sysconfig mail is used for general configurations that are not specific for...

Section C Appendix A Guide to SUSE Linux Enterprise Server for Red Hat Users

This guide was written in 2005 and focuses on SUSE Linux Enterprise Server 9. Some information in this guide does not apply to SUSE Linux Enterprise Server 10, however most of it remains valid. 1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED 1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED Disclaimer Novell, Inc. makes no representations or warranties with respect to the contents or use of this document and specifically disclaims any express or implied warranties of merchantability or fitness for any...

Objective 2 Set up an Installation Server

AutoYaST requires a certain layout of directories and files on the installation server. The layout is described in The purpose of the YaST module Installation Server is to create an installation repository that is suitable for automated installation using AutoYaST. It copies the needed files to their proper location and creates certain links and files. For setting up the installation server, start the YaST module Installation Server. yast2 gt Miscellaneous gt Installation Server yast2 gt...

Runlevel Symbolic Links

To enter a certain runlevel, init calls the script etc init.d rc with the runlevel as parameter. This script examines the respective runlevel directory etc init.d rcx.d and starts and stops services depending on the links in this directory. For each runlevel, there is a corresponding subdirectory in etc init.d . For runlevel 1 it is etc init.d rcl.d , for runlevel 2 it is etc init.d rc2.d , and so on. 1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED When you view the files in a directory such as...

Configure General Scenarios

The following scenarios presume that the variable MAIL_CREATE_CONFIG in the file etc sysconfig mail is set to no. If it is, the file etc postfix main.cf will not be changed by executing SuSEconfig, and the file etc postfix main.cf.SuSEconfig will not be generated. 1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED Because these files usually contain useful settings, only few modifications are necessary for some deployment scenarios. However, remember that the last entry of a variable in the file etc...

OCFS2 Configuration

The following sample configuration assumes that the OCFS2 resides on the device sda. To be able to share this device between nodes, this device could be made available using iSCSI as covered in Section iSCSI on page 9-1. VTo avoid having the storage device as a possible single point of failure, which would thwart the purpose of a HA cluster, the storage device should include HA features as well. DRBD Distributed Replicated Block Device and Heartbeat could be used for this purpose configuration...

OCFS to OCFS2 Migration

The on-disk layouts of OCFS and OCFS2 are not compatible. As drivers for OCFS only exist for 2.4.x linux kernels and drivers for OCFS2 only for 2.6.x linux kernels, you cannot use them both on the same machine concurrently. There are two possibilities to migrate to the new OCFS2 If the old cluster file system is still online you can replicate it to the new one via the network. You have to ensure that there are no changes to the old OCFS storage cluster after the last replication during the...

Process of Outbound Email

The following figure shows how an email is handled by Postfix before it leaves the system to be delivered do its destination The following topics describe this process Deliver Email to Local Users Deliver Email to Users on Remote Systems Process Undeliverable Emails The queue manager fetches an email from the incoming queue and copies it to the active queue as soon as the active queue contains no other emails. The trivial-rewrite daemon takes over the checking procedure based on the lookup...

Gfs Ocfs2 Comparison Table

1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED The purpose of this exercise is to familiarize you with OCFS2. This exercise builds on the previous one, Set up an iSCSI Target and an iSCSI initiator on page 9-23. You will find this exercise in the workbook. End of Exercise 1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED

Understand the Default Apache Configuration

The main Apache web server configuration is defined in the file etc apache2 default-server.conf. The following is an overview of the most important directives used in that file Table 6-1 Directive Description Table 6-1 Directive Description lt Directory dir_name gt Alias fakename' realname 1 HARDCOPY PERMITTED-NO DISTRIBUTION ALLOWED Allows you to create an alias to a directory containing scripts for dynamic content generation. In most cases the default settings are suitable and don't need to...