RHEL 7 ISCSI configuration.

ISCSI configuration is a very tricky topic of the RHCE 7 exam.

If a RHCE candidate takes the exam without previous iScsi experience, he will fail!
Man pages are not enough to understand the intricacy of this subject and there is too much to read in a so limited time.

With iScsi configuration, you have to choose among several backstores, mainly fileio and block. Then, you have to set authentication, basic or CHAP (Challenge Handshake Authentication Protocol).

Also, you have to understand what is a target (the server side), an initiator (the client side), a LUN (Logical Unit Number), a portal (an entry point consisting of an ip address and a port), a TPG (Target Portal Group) and an ACL (Access Control List).

To get comfortable with this topic, you will have to practice iSCSI configuration at least 8 times: with each kind of backstores, with each kind of main authentication mechanisms and at least twice to get it memorized!

Good luck!

Posted in RHEL7

CentOS 7.1 released.

Today, Centos 7 (1503) aka CentOS 7.1 has just been released.
The distribution can now be downloaded from the CentOS website.

The Release Notes explain the major changes:

  • As of March 2015 ABRT (>= 2.1.11-19.el7.centos.0.1) can report bugs directly to bugs.centos.org.
  • Support for new processors (Intel Broadwell) and graphics (AMD Hawaii)
  • Full support for LVM cache
  • Ability to mount ceph block devices
  • Updated Hyper-V network drivers
  • New libguestfs features
  • Full support for OpenJDK-1.8.0
  • Improved clock stability (for PTP and NTP)
  • Updated Networkmanager packages to version 1.0
  • Updated docker to 1.4.1
  • Updated OpenSSH to 6.6.1
  • New package: Mozilla Thunderbird
  • Update to numerous storage, network and graphics drivers
  • Technology Preview: Support of the Btrfs file system, OverlayFS and the Cisco VIC kernel driver.

Reminder: This version is mandatory for RHCE candidates. It brings fixes for the Samba + Kerberos objective.

Happy download!

Posted in RHEL7

RHEL 7 HTTPD SELinux policy hardening.

If you have to migrate a HTTPD server from RHEL 6/CentOS 6 to RHEL 7/CentOS 7, you should be careful.

The default HTTPD SELinux policy has changed and very limited information has been provided about it: many free tutorials available on the Internet won’t work because of SELinux!

In RHEL 6/CentOS 6, you didn’t need to define precisely what directories or files you were allowed to read, write and execute. You could assign the httpd_sys_content_t SELinux context to all the directories and files under the /var/www/html directory or any path of your choice and, as the httpd_unified SELinux boolean was set to on by default, you could get read, write, and execution access rights everywhere within this path. Things were pretty simple!

With RHEL 7/CentOS 7, the httpd_unified SELinux boolean is now set to off by default, meaning that the httpd_sys_content_t SELinux context allows only read access.

You’ve got now three cases:

  • you agree with the previous relaxed SELinux policy: set the httpd_unified SELinux boolean to on and you are done,
  • you accept the new restricted policy and your webserver uses the /var/www/html path: apply the restorecon -R /var/www/html command and test your webserver behaviour,
  • you accept the new restricted policy but your server doesn’t use the standard /var/www/html path: you have to define precisely all the SELinux rules to get read, write or execution access rights.

With WordPress websites for example, a symptom of a wrong SELinux configuration can be the inability to upload anything or when updating a plugin getting a message asking for the ftp account!

At the end of the day, there is nothing complicated. But you need to be aware!

Additional information is available in the HTTPD SELinux policy page.

Posted in RHEL7

Linux package management tips.

Although keeping a system tidy is not an exam objective, it’s a nice skill to have.

Three tutorials can help you to progress in this domain:

Through these various pages you will learn that yum is your friend.

Posted in RHEL7

RHEL 7.1 officially released.

Today, Red Hat announces the official release of RHEL 7.1. To know more about this new version you can read a summary of the RHEL 7.1 changes or the RHEL 7.1 Release Notes.

In addition, Red Hat is also releasing its RHEL 7 Atomic Host, an operating system optimized for running the next generation of applications with Linux containers.

Finally, for the RHCE certification candidate it’s an interesting day: Red Hat today delivers a bunch of software updates. One of them fixes some embarassing bugs preventing Samba+Kerberos configurations from working. Hopefully, these updates will be available soon in CentOS 7.

Posted in RHEL7

Website news.

In order to make mobile connection easier the website theme has been changed.
It should now be handier to access pages during a trip.

In addition, there are two new quiz: one for the RHCSA 7 exam and one for the RHCE 7 exam.

Braindumps are a pretty stupid way to get prepared for the hands-on RHCSA/RHCE exams, they don’t teach you anything about understanding or reasoning. However, learning by heart specific command syntax or tricks can be very useful to remember key points not only during the exams, but also after.

Each of this quiz contains more than 30 questions and more will be added in the future.


Posted in RHEL7

Minimal Image Survival Guide.

Every day I can hear someone saying: the ifconfig command has been removed from the RHEL 7/CentOS 7 distribution and nobody told me anything!
Invariably, it’s about a RHEL/CentOS minimal installation.
To alleviate this unpleasant situation, there is now a minimal image survival guide.
Next time you happen to hear someone ranting about minimal installation, forward him this survival guide, it will be your good deed of the day!

Posted in RHEL7

Final call for RHCSA 6 & RHCE 6 exams.

Just to remind you that you have until February 28 to buy your voucher for the RHCSA 6 or RHCE 6 exams. Then, you will have 1 year from the purchase date to take the exams.
After February 28, you will have to learn RHEL 7.

Note: If you’ve got a valid RHCSA 6 certification, you can already take the RHCE 7 exam.

Source: https://www.facebook.com/RedHatCertified.

Posted in RHEL6

Linux Foundation exam updates.

The Linux Foundation is making some adjustments to its LFCS and LFCE exams starting on March 1, 2015:

  • in the LFCS exam objectives, RAID is replaced with LVM,
  • in the LFCS exam, the pass mark becomes 74% (instead of 65%),
  • in the LFCE exam, the pass mark is now 72% (instead of 65%),
  • some updates to security protocols occur,
  • the exam interface’s got some improvements.

Perhaps in response to the Red Hat RHCE 7 exam hardening, the Linux Foundation makes its exams more difficult to get by raising their pass mark: an exam too easy to pass doesn’t get good publicity nor doesn’t trigger good training sales.

Sources: Linux Foundation LFCS & LFCE pages.

Posted in RHEL6

Postfix tips.

When dealing with SMTP for the RHCE or LFCE exams, there are some tips that can be very useful to know about Postfix.

First, you’ve got a very interesting website at http://www.postfix.org/postfix-manuals.html.

Then, during the exam, you can get some configuration examples in the /usr/share/doc/postfix-2.10.1/README_FILES directory for RHEL 7 (-/postfix-2.6.6/README_FILES for RHEL 6) in the BASIC_CONFIGURATION_README and STANDARD_CONFIGURATION_README files. This documentation comes with the postfix package.

In addition, the /etc/postfix/main.cf file, the main configuration file, is fully documented. This will help you decide what parameter to change.

But there are more to know!
You’ve got the choice to edit the /etc/postfix/main.cf file or to use the very powerful postconf command. Instead of wasting time, searching for the Postfix parameter in the main.cf file, if you know its name, you can directly assign a value to it or get its value:

# postconf -e 'relayhost=[]'
# postconf relayhost
relayhost = []

This is not only very efficient, but the configuration is also definitively written in the main.cf file!
You can restart the Postfix processes or even reboot the server, it’s still there.

Also, by using the relayhost = [] syntax during your test, you can avoid the use of a master DNS server and its associated MX record (MaileXchange), which can be very handy.

Finally, at any time, you can check the syntax of the main.cf file with the postfix check command.
You can also get the list of the parameters with non-default assigned values with the postconf -n command.

In conclusion, Postfix is really a powerful and well designed tool.

Posted in RHEL7

RHCSA7: Task of the day

Allowed time: 3 minutes.
Check that you've got no SELinux policy violations.

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a default secure MariaDB database called maria with a user named muser with all privileges.

Poll for favorite RHEL 6 book

What is your favorite RHEL 6 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHEL 6 topic

What do you think is the most difficult RHEL 6 topic?

View Results

Loading ... Loading ...