Oct 25

RHEL 7 SELinux additional man pages.

In one of his latest videos Sander van Vugt shows us that some SELinux information is not available without some tricky operations.

Actually, after a standard RHEL 7 / CentOS 7 installation, only basic SELinux man pages are installed. All the SELinux man pages dealing with applications (httpd, vsftpd, etc) need an additional work to be accessible.

Now, you’ve got two options: watch Sander van Vugt’s video or access my dedicated tutorial about deploying additional SELinux man pages. It’s up to you!

Oct 15

RHEL 6.6 officially released.

Yesterday, Red Hat announced the official release of RHEL 6.6.

This minor version brings several improvements:

  • The scap-security-guide package has been added providing a convenient and reliable way to verify system compliance on a regular basis,
  • The KeepAlived and HAProxy packages are now fully supported,
  • The System Security Services Daemon (SSSD) package has been updated to make Linux-Windows integration easier: you can now enable a cross-realm Kerberos trust through a RHEL 7 server,
  • The Performance Co-Pilot (PCP) framework for performance monitoring and management has been added: you can now monitor performance across a set of RHEL 6 and 7 servers in a single, consistent approach,
  • The OpenJDK 8 is now available as a technology preview,
  • Various performance improvements coming from RHEL 7 have been also backported.

Sources: Red Hat 6.6 Release Notes and Red Hat 6.6 Technical Notes.

Oct 13

Scientific Linux 7.0 released.

Today, Scientific Linux 7.0 is officially released.

In the Scientific Linux 7.0 release notes, two points need attention:

  • The default Scientific Linux 7 installation provides automatic updates via the yum-cron package: because this distribution is often installed by graduate students, it has been decided to reduce the security risks for a novice by applying security updates automatically each night.
  • There is no supported upgrade path from Scientific Linux 6 to Scientific Linux 7: it is a deliberate choice not to take any risk of leaving the system in an intermediate state.

You can download the Scientific Linux 7.0 distribution from now on.

Sep 25

KVM Virtualization in RHEL 7 made easy.

Today, Dell just released its KVM Virtualization made easy for RHEL 7.
To anybody interested in building a KVM lab, this is a must-read.

In this white paper, Jose De la Rosa from Dell explains all the steps involved in this operation:

  • required packages,
  • required services,
  • networking configuration (with or without bridge),
  • VM image location,
  • VM creation & cloning,
  • basic and advanced VM management.

Happy reading!

Sep 03

Happy birthday!

One year ago I decided to start this website.

One of the reasons explaining this move was to see how it was difficult to complete some tasks like LDAP client configuration without almost any tutorial to set up the server side.

Now that Red Hat is increasing the level of the RHCE exam, nothing has really changed. There is still a need for LDAP/Kerberos/DNS server side tutorials to test the client side objectives.

Today, I sincerely hope this website is useful to you. If you have learned some tips, I can tell you, I have learned a lot! One year ago I didn’t know what a powerful tool was WordPress and I never ran a website before.

What a wonderful adventure!

Aug 26

Red Hat RHCSA & RHCE minor changes.

The Red Hat certification team recently made some adjustments to the RHCSA & RHCE exams objectives for RHEL 7.

Concerning the RHCSA exam, VNC and LUKS related tasks have been removed, when firewall settings can now be set up through iptables or firewalld, which is very sensible. The client LDAP configuration, although no longer directly specified, seems to remain an objective through the client configuration to an authentication service.
This appears to be a slight adjustment with very limited consequences.

Concerning the RHCE exam, access to Samba shares through Kerberos authentication has been added when Rsyslog client & server configurations have been removed.
Two easy tasks have been replaced with a complicated one, emphasizing again the weight of Kerberos.
A RHCE 7 candidate will definitely need serious Kerberos skills! At least, it’s what Red Hat people want.

Aug 22

New Linux Foundation certification program.

Two days ago, the Linux Foundation announced a new certification program.

It consists in two exams:

Both exams are performance-based exam in English lasting 2 hours focusing on system administration and costing $300 ($50 until 24/8).

Candidates can choose between 3 Linux distributions (CentOS 6.4, OpenSUSE 13.1 and Ubuntu 14.04) before the beginning of the exam.

Compared to the RHCSA6 exam, the new LFCS exam on Centos 6.4 requires additional sudo, backup/restore and Raid configuration skills.

Similarly, compared to the RHCE6 exam, the new LFCE exam on CentOS 6.4 requires additional Apache SSL, Squid and IMAP/IMAPS configuration skills.

Time will tell us if this new Linux Foundation certification program can get some success.

Aug 13

RHEL 7 /tmp configuration.

Some applications writing files in the /tmp directory can see huge improvements when memory is used instead of disk.

By default in RHEL 7 / CentOS 7, the /tmp directory resides in the logical volume/physical partition associated with /:

# df -k /tmp
Filesystem            1K-blocks    Used Available Use% Mounted on
/dev/mapper/rhel-root   3030800 1069380   1787752  38% /

Here, another way to check the configuration:

# systemctl is-enabled tmp.mount

To change this behavior and put the /tmp directory into memory, type:

# systemctl enable tmp.mount

Now, if you check the new configuration, this is what you get:

# df -k /tmp
Filesystem     1K-blocks  Used Available Use% Mounted on
tmpfs             508988     8    508980   1% /tmp

Remember not to write big files due to the limited space and, obviously, don’t expect persistence across reboots.

Aug 02

RHEL 7 virtual console tip.

If you don’t know the kpartx command, you miss something!

If you regularly play with virtual machines under KVM, you know that sometimes things go wrong.
A change in the /etc/fstab file or in the ssh configuration and you are in trouble, you can no longer access your virtual machine because you hadn’t set any virtual console: you need to reinstall it and it’s not fun!

But there is a solution! I call it emergency procedure.

This solution consists in stopping your virtual machine with the destroy command, then map your virtual machine image file in your physical host environment with the kpartx command. Mount the /boot partition and edit your /boot/grub2/grub.cfg file, adding the console=ttyS0 string at the end of every kernel boot line.
Finally, unmount the /boot partition, unmap your virtual machine image and reboot your virtual machine: from now on, you’ve got your virtual console!

This tip works at least for RHEL 6/CentOS 6 and RHEL 7/CentOS 7.

To get all the details, go to the RHEL 7 virtual console page.