لطفا منتظر باشید ...
Using System Administration Utilities
Red Hat has developed a number of other graphical utilities that can help you with the day-to-day tasks of administering your Linux system. They are in various stages of development; expect improvements as Red Hat releases new packages and later versions of its distribution.
Table 19.4 summarizes the Red Hat graphical system administration utilities. Keep in mind that this is an arbitrary list of the utilities described in this section; you could also classify the other utilities in this chapter as system administration utilities.
Utility | Function |
|---|---|
redhat-config-packages | Managing RPM package groups |
redhat-config-rootpassword | Changing the root user’s password |
redhat-config-users | Adding and maintaining users |
redhat-config-xfree86 | Configuring the GUI |
redhat-logviewer | Inspecting current log files |
redhat-update-gnome-font-install redhat-update-gnome-font-install2 | Updating fonts |
redhat-config-kickstart | Building a Kickstart file for automated installation |
redhat-config-securitylevel | Configuring a firewall |
redhat-config-proc | Changing kernel settings in /proc |
authconfig-gtk | Setting up authentication |
authconfig | Using the text-mode version of authconfig-gtk |
Package Group Management
You can use the redhat-config-packages utility to inspect, install, and remove the RPM packages currently on your Linux system. Start it from a GNOME desktop by selecting Main Menu Ø System Settings Ø‚ Add/Remove Applications. This opens the Package Management window, shown in Figure 19.24.
Figure 19.24: Package Management by groups
If you installed Red Hat Linux graphically per Chapter 03, Figure 19.24 should look familiar. It includes the same organization of package groups that you used during the graphical installation process.
You can select some individual packages in each group for installation and removal. As an example, take a look at the packages associated with the KDE Desktop Environment. On the far right side of the associated entry, click Details. This opens the KDE Desktop Environment Package Details window, shown in Figure 19.25.
Figure 19.25: KDE Desktop Environment Package Details
As you can see, there are two categories of packages: standard and extra. Standard packages correspond to the mandatory packages as defined in the comps.xml file described in Web Chapter 5. The extra packages are either default or optional packages as defined in comps.xml.
In this way, you can deselect the packages or package groups of your choice. Make any desired changes and click Close. When you click Update in the Package Management window, this utility makes sure that you don’t have unsatisfied dependencies. You get a last chance to cancel (see Figure 19.26) before the deselected packages are removed from the system. Click Show Details to review the packages that are to be removed.
Figure 19.26: Before packages are removed
Adding new packages is a bit more complex, because it requires access to the installation RPMs. If you start redhat-config-packages from the command line, this utility will prompt you for CDs.
| Tip | If you have a network source for your Red Hat installation files, you don’t need the installation CDs. For example, if the /RedHat/RPMS directory with your RPM packages is mounted on /mnt/source, run the redhat-config- packages --tree=/mnt/source command. As long as the RPMs are accessible over the network, redhat -config-packages starts and can use this source to install the packages that you specify. |
One more way to start redhat-config-packages is with the redhat-cdinstall-helper --tree=/ mnt/cdrom command. You’ll be prompted to insert the first Red Hat Installation CD before Red Hat takes you to the redhat-config-packages utility.
Linux logs the updated list of installed RPM packages each week in /var/log/rpmpkgs. The original list from when you installed Red Hat Linux is stored in /root/install.log.
Root Password
The redhat-config-rootpassword utility lets you change the password associated with the root user account. Start it from a GNOME desktop by selecting Main Menu Ø System Settings Ø Root Password. If you’re not logged in as the root user, you’re prompted for the root password, as shown in Figure 19.27.
Figure 19.27: You should have the root password before you can change it.
Assuming you enter the correct password (or are already logged into the root account), you’ll see the Root Password dialog box, shown in Figure 19.28. The next time you want to log into the root account, you’ll need this password.
Figure 19.28: Changing the root user password
Configuring Users
You can use the redhat-config-users utility to manage the users and groups with accounts on your Linux system. More information on the affected configuration files is available in Chapter 09.
Start it from a GNOME desktop by selecting Main Menu Ø System Settings Ø Users and Groups. This opens the Red Hat User Manager window, shown in Figure 19.29.
Figure 19.29: The Red Hat User Manager
As you can see, this window includes two tabs. The Users tab lists current users on the system, from /etc/passwd. The categories should be familiar if you know this file. To add a user, click Add User. This opens the Create New User dialog box, shown in Figure 19.30.
Figure 19.30: Creating a new user
This dialog box allows you to enter the information associated with the new user, along with the password. Normally, the new user gets the next user ID available, in this case, 503. If you activate Specify User ID Manually, you can set the number of your choice.
You can add more account information for each user. Highlight a user and click Properties. This opens the User Properties dialog box, shown in Figure 19.31.
Figure 19.31: Changing user properties
There are four tabs of information within User Properties, which are described in Table 19.5.
Tab | Description |
|---|---|
User Data | Lists basic data for the user, stored in /etc/passwd and /etc/shadow. |
Account Info | Allows you to lock and/or set an expiration date for the account; the information is stored in /etc/shadow. |
Password Info | Lets you set up password expiration parameters; the information is stored in /etc/shadow. |
Groups | Permits you to set group membership for that user; the information is stored in /etc/group. |
Click OK to return to the main Red Hat User Manager window. Next, select the Groups tab, which lists current groups from /etc/group. Click Add Group. This opens the Create New Group dialog box, shown in Chapter 09.
Figure 19.32: Creating a new group
Whenever you create a special group, it’s a good idea to give it a number in a different range from your users. I’ve created the group named angels. After selecting angels from the Groups tab, I clicked the Properties button, which opens the Group Properties dialog box. On the Group Users tab shown in Figure 19.33, you can add the users of your choice to this new group, in this case, nancy and randy.
Figure 19.33: Adding users to a group
GUI Configuration
The Red Hat graphical configuration tool is redhat-config-xfree86, which is described in detail in Chapter 15. Start it from a GNOME desktop by selecting Main Menu Ø System Settings Ø Display. This opens the Display Settings window, shown in Figure 19.34.
Figure 19.34: Configuring the X Window
In most cases, you can run redhat-config-xfree86 from a terminal window, even if you didn’t choose to install graphical packages during the Red Hat Linux installation process. Once changes are made, you’ll be able to see the results in /etc/X11/XF86Config. If you’ve used redhat-config-xfree86 before, you’ll probably see this comment at the top of that file:
# XFree86 4 configuration created by redhat-config-xfree86
Otherwise, if you’ve only configured the X Window during the Red Hat installation process, you’ll see this comment instead:
# XFree86 4 configuration created by pyxf86config
Log Viewer
Red Hat includes a graphical viewer for standard log files, redhat-logviewer. Start it from a GNOME desktop by selecting Main Menu Ø System Tools Ø System Logs. This opens the System Logs window, shown in Figure 19.35.
Figure 19.35: Reviewing system logs
Note the list of logs on the left and a view of the specific log file on the right. You can see right away, from the exclamation point (the alert icon) and “failed” messages that there might be some problem with ntpd, the Network Time Protocol daemon.
You can use this tool to search for specific messages; enter the search term of your choice and the redhat-logviewer isolates any messages with the search term. You might even realize that this search capability is a function of the grep command.
The redhat-logviewer is configured to review log files from standard locations. If you click Edit Ø Preferences, that opens the Preferences dialog box, where you can change the file associated with a log, and specify the messages that set off the alert icon.
The standard locations for the redhat-logviewer log files are shown in Table 19.6.
Log Name | File Location |
|---|---|
Boot | /var/log/boot.log |
Cron | /var/log/cron |
Kernel Startup | /var/log/dmesg |
Apache Access | /var/log/httpd/access_log |
Apache Error | /var/log/httpd/error_log |
/var/log/maillog | |
News | /var/log/spooler |
RPM Packages | /var/log/rpmpkgs |
Security | /var/log/secure |
System | /var/log/messages |
XFree86 | /var/log/XFree86.0.log |
If a log file is missing from the list, you may not have started the service before. For example, if you don’t see an Apache Access Log in Figure 19.35, you probably haven’t started or accessed the Apache web server on your computer.
Fonts
There are two similar-looking utilities related to fonts:
# redhat-update-gnome-font-install
# redhat-update-gnome-font-install2
Both can help you upload fonts that support printing from GNOME applications. The first utility generates a font map used in printing GNOME-based applications. They update the following font configuration files:
/etc/gnome/fonts/gnome-print-rpm.fontmap
/etc/gnome/libgnomeprint-2.0/fonts/libgnomeprint-rpm.fontmap
Kickstart
The Red Hat Kickstart configuration tool is redhat-config-kickstart, which is described in detail in Chapter 05. Start it from a GNOME desktop by selecting Main Menu Ø System Tools Ø Kickstart. This opens the Kickstart Configurator window, shown in Figure 19.36.
Figure 19.36: The Kickstart Configurator
Normally, you should save Kickstart files to ks.cfg; a model Kickstart file based on how you installed Red Hat Linux on the local computer is available at /root/anaconda-ks.cfg.
Security Level
The Red Hat Firewall configuration tool is redhat-config-securitylevel, which is essentially the same tool that you used during the installation process in Chapter 03 or 4. Start it from a GNOME desktop by selecting Main Menu Ø System Settings Ø Security Level. This opens the Security Level Configuration window, shown in Figure 19.37.
Figure 19.37: Setting up a firewall
To summarize, you can configure three levels of firewall protection for your computer: high, medium, or none.
You can further customize the firewall. For example, if one of the network cards is connected only to the local network, you may want it to be a trusted device; firewall rules do not apply to traffic through trusted devices. In addition, you can customize the firewall to allow incoming data associated with the protocols shown in the Security Level Configuration window.
If you’re using the default iptables firewall command, any changes that you make are written to /etc/sysconfig/iptables. For more information on firewalls and the iptables command, read Chapter 22.
The redhat-config-securitylevel utility is closely related to the GNOME lokkit firewall wizard, described in Chapter 16. Both can help you create an iptables-based firewall, using the same basic parameters.
Tuning the Kernel
The Red Hat kernel tuning tool is redhat-config-proc, which allows you to modify settings in the /proc directory. Some of the files in this directory are described in greater detail in Chapter 11. As of this writing, you can only start this utility from a GUI command-line interface; there is no entry in the GNOME Main Menu. Figure 19.38 displays the Kernel Tuning window.
Figure 19.38: Kernel Tuning
| Warning | Be careful before you use redhat-config-proc. At the very least, back up your current /etc/sysctl.conf file first. Any changes you make can change the functionality of your kernel, which could easily stop Linux from working. |
In the setting shown in Figure 19.38, you can enable IP Forwarding, which lets your Linux computer work as a gateway between two or more networks. Changes that you make are written to /etc/sysctl.conf.
Authentication
The Red Hat tool for setting up username and password databases is authconfig-gtk, which is essentially the same tool that you used during the installation process in Chapter 03 or 4. Start it from a GNOME desktop by selecting Main Menu Ø System Settings Ø Authentication. This opens the Authentication Configuration window, shown in Figure 19.39.
Figure 19.39: Setting up user information databases
Depending on the type of installation, you may have already set this up during the Red Hat Linux installation process in Chapter 03 or 4. Since you may be seeing these options for the first time, we’ll address them in detail here. First, the settings on the User Information tab are described in Table 19.7.
Setting | Description |
|---|---|
Cache User Information | Sets the local server to store user settings. |
Enable NIS Support | Configures authentication through an NIS Server. |
Configure NIS | Opens a window where you can enter the name of the NIS domain and server. |
Enable LDAP Support | Configures access to user information through the Lightweight Directory Assistance Protocol (LDAP). |
Configure LDAP | Opens a window where you can enable Transmission Layer Security (TLS), which is the formal name of the Secure Socket Layer (SSL) protocol, along with an LDAP search database and server. |
Hesiod | Configures authentication information and other configuration files in DNS; its functionally is similar to NIS. |
Configure Hesiod | Opens a window where you can specify Hesiod LHS, which is the prefix for a DNS server name, and the Hesiod RHS, which is the suffix for a DNS server name. For example, if the address of a DNS server is nameserv.mommabears.com, the LHS is nameserv and the RHS is mommabears.com. |
The settings found on the Authentication tab are shown in Figure 19.40; they include several other configuration options, described in Table 19.8.
Figure 19.40: Configuring additional username/password support
Setting | Description |
|---|---|
Enable LDAP Support | Configures user authentication through the Lightweight Directory Assistance Protocol (LDAP). |
Configure LDAP | Opens a window where you can enable Transmission Layer Security (TLS), which is the formal name of the Secure Socket Layer (SSL) protocol, along with an LDAP search database and server. |
Use Shadow Passwords | Enables the Shadow Password Suite, with passwords, account data, and group information protected in /etc/shadow and /etc/gshadow. |
Use MD5 Passwords | Configures the use of the MD5 form of password encryption. |
Enable Kerberos Support | Sets up strong encryption for checking user credentials, using this protocol developed at MIT. |
Configure Kerberos | Opens a window where you can set the Kerberos Realm—usually the name of the domain in upper case; the Kerberos Domain Controller (KDC), which is the name of the Kerberos server, using TCP/IP port 88; and any Kerberos administrative servers, using TCP/IP port 749. |
Enable SMB Support | Sets up authentication using Microsoft Windows or Samba servers on a Microsoft Windows–based network. |
Configure SMB | Opens a window where you can set the name of the workgroup or domain controller for the Microsoft Windows–based network. |
Any changes you make are written to the /etc/sysconfig/authconfig configuration file.
| Tip | If you want to configure Kerberos 5, you should configure your computers to a central NTP server, as described earlier with the redhat-config-time utility. |
There is a text-mode version of the Authentication Configuration utility, which you start with the authconfig command. It includes two text-mode screens that allow you to enter the same information described in this section.
