■■ USEMD5=value, where value is one of the following: ■■ yes— MD5 is used for authentication.. ■■ USEKERBEROS=value, where value is one of the following: ■■ yes— Kerberos is used for aut
Trang 1# Everybody gets emergency messages
You may need to edit this file if you’ve installed a program that has installed
a shared library to a different library directory that is not listed in theld.so.conffile In this case, you get an error at runtime that the library doesnot exist
An additional troubleshooting step to take in that case is to run ldd on theexecutable in question, which prints shared library dependencies The outputwould look something like this:
[root@terry root]# ldd /bin/bash libtermcap.so.2 => /lib/libtermcap.so.2 (0x40026000) libdl.so.2 => /lib/libdl.so.2 (0x4002a000)
libc.so.6 => /lib/tls/libc.so.6 (0x42000000) /lib/ld-linux.so.2 (0x40000000)
You can see a default listing of library directories in Listing 8-5
include ld.so.conf.d/*.conf /usr/X11R6/lib
/usr/lib/qt-3.3/lib /usr/lib/mysql
Listing 8-5 A typical ld.so.conf file.
logrotate.conf
logrotate.conf and the files within the logrotate.d directory mine how often your log files are rotated by the logrotate program Logrotation refers to the process of deleting older log files and replacing them withmore recent ones logrotate can automatically rotate, compress, remove,
Trang 2deter-and mail your log files Log files can be rotated based on size or on time, such
as daily, weekly, or monthly
As you can see from the default logrotate.conf file shown in Listing8-6, most of the options set for how and when to rotate the system logs arepretty self-explanatory
For every program that has a separate log rotation configuration file inlogrotate.d, and uses syslogd for logging, there should be a logrotconfigfile for all log entries in /etc/syslog.conf, as well as log files pro-duced by external applications, such as Apache This is because syslog needs
to save log entries for these programs in separate files so that their log files can
be rotated independently of one another
# see “man logrotate” for details
# rotate log files weekly weekly
# keep 4 weeks worth of backlogs rotate 4
# create new (empty) log files after rotating old ones create
# uncomment this if you want your log files compressed
}
# system-specific logs may be also be configured here.
Listing 8-6 The logrotate.conf file.
Examining the /etc/sysconfig/ Directory
The following information outlines some of the files found in the /etc/sysconfig/directory, their functions, and their contents This information
is not intended to be complete, as many of these files have a variety of optionsused only in very specific or rare circumstances The /usr/share/doc/initscripts-version-number/sysconfig.txt file contains a more
Trang 3authoritative listing of the files found in the /etc/sysconfig directory andthe configuration options available Figure 8-1 shows the contents in a FedoraCore 3 /etc/sysconfig directory.
N OT E These files are used to pass configuration information to scripts that run when the system starts It is possible that your system may be missing some of the configuration files described here, or it may have more of the files and directories, depending on whether the corresponding programs that need the files are installed or not Also, if the service that uses the configuration file
is not started, the configuration file will not be read
/etc/sysconfig/apmd
The /etc/sysconfig/apmd file is used by apmd as a configuration for whatthings to start, stop, change on suspend, or resume It provides information tothe apmd during startup if apmd is set to start, depending on whether yourhardware supports Advanced Power Management (APM) or whether youchoose to use it APM is a monitoring daemon that works with power man-agement code within the Linux kernel It can alert you to a low battery if youare using Red Hat Linux on a laptop, among other things
Figure 8-1 The contents of the /etc/sysconfig directory.
Trang 4The /etc/sysconfig/authconfig file provides settings to /usr/sbin/authconfig, which is called from /etc/rc.sysinit for the kind of autho-rization to be used on the host The basic syntax for lines in this file is:
USE <service name> =<value>
Some sample lines from the file are shown here
■■ USEMD5=value, where value is one of the following:
■■ yes— MD5 is used for authentication
■■ no— MD5 is not used for authentication
■■ USEKERBEROS=value, where value is one of the following:
■■ yes— Kerberos is used for authentication
■■ no— Kerberos is not used for authentication
■■ USELDAPAUTH=value, where value is one of the following:
■■ yes— LDAP is used for authentication
■■ no— LDAP is not used for authentication
/etc/sysconfig/clock
The /etc/sysconfig/clock file controls the interpretation of values readfrom the system clock Currently, the correct values are as follows:
■■ UTC=value, where value is one of the following Boolean values:
■■ true— Indicates that the hardware clock is set to Universal Time
■■ Any other value indicates that it is set to local time
■■ ARC=value, where value is the following:
■■ true— Indicates the ARC console’s 42-year time offset is in effect
■■ Any other value indicates that the normal UNIX epoch is assumed(for Alpha-based systems only)
■■ ZONE=filename— Indicates the time zone file under /usr/share/zoneinfothat /etc/localtime is a copy of, such as: ZONE=
”America/New York” Identifies the time zone file copied into /etc/localtime, such as ZONE=”America/New York” Time zone filesare stored in /usr/share/zoneinfo
Trang 5The /etc/sysconfig/grub file is used to pass arguments to GRUB at boottime The information passed is the drive to boot from and whether to use lbamode
/etc/sysconfig/harddisks
The /etc/sysconfig/harddisks file allows you to tune your hard drive(s)
C A U T I O N Do not make changes to this file lightly If you change the default values stored here, you could corrupt all of the data on your hard drive(s).
The /etc/sysconfig/harddisks file may contain the following:
■■ USE_DMA=1, where setting this to 1 enables DMA However, with somechipsets and hard-drive combinations, DMA can cause data corruption.Check with your hard-drive documentation or manufacturer beforeenabling this
Trang 6■■ Multiple_IO=16, where a setting of 16 allows for multiple sectors perI/O interrupt When enabled, this feature reduces operating systemoverhead by 30 to 50 percent Use with caution.
■■ EIDE_32BIT=3enables (E)IDE 32-bit I/O support to an interface card
■■ LOOKAHEAD=1enables drive read-lookahead
■■ EXTRA_PARAMS=specifies where extra parameters can be added
/etc/sysconfig/hwconf
The /etc/sysconfig/hwconf file lists all the hardware that kudzu detected
on your system, as well as the drivers used, vendor ID, and device ID mation The kudzu program detects and configures new and/or changedhardware on a system The /etc/sysconfig/hwconf file is not meant to bemanually edited If you do edit it, devices can suddenly show up as added ornot show up if removed
■■ BOOTUP=value, where value is one of the following:
■■ BOOTUP=colormeans the standard color boot display, where thesuccess or failure of devices and services starting up is shown in dif-ferent colors
■■ BOOTUP=verbosemeans an old-style display, which provides moreinformation than purely a message of success or failure
■■ Anything else means a new display, but without ANSI formatting
■■ RES_COL=value,where value is the number of the column of thescreen to start status labels It defaults to 60
■■ MOVE_TO_COL=value, where value moves the cursor to the value inthe RES_COL line It defaults to ANSI sequences output by echo -e
Trang 7■■ SETCOLOR_SUCCESS=value, where value sets the color to a colorindicating success It defaults to ANSI sequences output by echo -e,setting the color to green.
■■ SETCOLOR_FAILURE=value, where value sets the color to one cating failure It defaults to ANSI sequences output by echo -e, settingthe color to red
indi-■■ SETCOLOR_WARNING=value, where value sets the color to one cating warning It defaults to ANSI sequences output by echo -e, set-ting the color to yellow
indi-■■ SETCOLOR_NORMAL=value, where value sets the color to “normal.”
It defaults to ANSI sequences output by echo -e
■■ LOGLEVEL=value, where value sets the initial console logging levelfor the kernel The default is 7; 8 means everything (including debug-ging); 1 means nothing except kernel panics syslogd will override thisonce it starts
■■ PROMPT=value, where value is one of the following Boolean values:
■■ yes— Enables the key check for interactive mode
■■ no— Disables the key check for interactive mode
/etc/sysconfig/iptables
The /etc/sysconfig/iptables file stores information used by the kernel
to set up packet-filtering services at boot time or whenever the service isstarted You should not modify this file by hand unless you are familiar withhow to construct iptables rules The simplest way to add rules is to use the/usr/sbin/lokkitcommand from a terminal prompt if you aren’t running
an X server If you are running an X server, you can type
system-config-securitylevel from a terminal prompt or select Applications ➪ SystemSettings ➪ Security Level from the main menu to start the graphical applica-tion to create your firewall Using these applications automatically edits thisfile at the end of the process
If you wish, you can manually create rules using /sbin/iptables and
then type /sbin/service iptables save to add the rules to the /etc/
sysconfig/iptables file Once this file exists, any firewall rules savedthere are persisted through a system reboot or a service restart
C R O S S - R E F E R E N C E For more information on iptables, see Chapter 34.
Trang 8The /etc/sysconfig/irda file controls how infrared devices on your tem are configured at startup The following values may be used:
sys-■■ IRDA=value, where value is one of the following Boolean values:
■■ yes— irattach will be run, which periodically checks to see whetheranything is trying to connect to the infrared port, such as anothernotebook computer attempting to make a network connection Forinfrared devices to work on your system, this line must be set to yes
■■ no— irattach will not be run, preventing infrared device communication
■■ DEVICE=value, where value is the device (usually a serial port) thathandles infrared connections
■■ DONGLE=value, where value specifies the type of dongle being usedfor infrared communication This setting exists for people who use ser-ial dongles rather than real infrared ports A dongle is a device attached
to a traditional serial port to communicate via infrared This line is mented out by default because notebooks with real infrared ports arefar more common than computers with add-on dongles
com-■■ DISCOVERY=value, where value is one of the following Boolean values:
■■ yes— Starts irattach in discovery mode, meaning it actively checksfor other infrared devices This needs to be turned on in order forthe machine to be actively looking for an infrared connection (mean-ing the peer that does not initiate the connection)
■■ no— Does not start irattach in discovery mode
Trang 9■■ KEYTABLE=file ,where file is the name of a keytable file For ple: KEYTABLE=”us” The files that can be used as keytables start in/usr/lib/kbd/keymaps/i386and branch into different keyboardlayouts from there, all labeled file.kmap.gz The first file foundbeneath /usr/lib/kbd/keymaps/i386 that matches the KEYTABLEsetting is used.
exam-/etc/sysconfig/kudzu
The /etc/sysconfig/kuzdu is used by /etc/init.d/kudzu, and itallows you to specify a safe probe of your system’s hardware by kudzu at boottime A safe probe is one that disables serial port probing
■■ SAFE=value, where value is one of the following:
■■ yes— kuzdu does a safe probe
■■ no— kuzdu does a normal probe
■■ MOUSETYPE=value, where value is one of the following:
■■ microsoft— A Microsoft mouse
■■ mouseman— A MouseMan mouse
■■ mousesystems — A Mouse Systems mouse
■■ ps/2— A PS/2 mouse
■■ msbm— A Microsoft bus mouse
■■ logibm— A Logitech bus mouse
■■ atibm— An ATI bus mouse
■■ logitech— A Logitech mouse
■■ mmseries— An older MouseMan mouse
■■ mmhittab— An mmhittab mouse
Trang 10■■ XEMU3=value, where value is one of the following Boolean values:
■■ yes— The mouse has only two buttons, but three mouse buttonsshould be emulated
■■ no— The mouse already has three buttons
■■ XMOUSETYPE=value, where value refers to the kind of mouse usedwhen X is running The options here are the same as those provided bythe MOUSETYPE setting in this same file
■■ DEVICE=value, where value is the mouse device In addition,/dev/mouseis a symbolic link that points to the actual mouse device
/etc/sysconfig/named
The /etc/sysconfig/named file is used to pass arguments to the nameddaemon at boot time if the named daemon is started The named daemon is aDomain Name System (DNS) server, which implements the Berkeley InternetName Domain (BIND) version 9 distribution This server maintains a table ofwhich hostnames are associated with IP addresses on the network Currently,only the following values may be used:
■■ ROOTDIR=/some/where, where /some/where refers to the full tory path of a configured chroot environment under which named
direc-will run This chroot environment must first be configured Type info
chrootfor more information on how to do this
■■ OPTIONS=”value”, where value is any option listed in the man pagefor named except -t In place of -t, use the preceding ROOTDIR line
For more information about what parameters you can use in this file, type
man named By default, the file contains no parameters
C R O S S - R E F E R E N C E For detailed information on how to configure a BIND DNS server, see Chapter 18.
/etc/sysconfig/netdump
The /etc/sysconfig/netdump file is the configuration file for the /etc/init.d/netdump service The netdump service sends both oops data andmemory dumps over the network In general, netdump is not a required ser-vice, so you should run it only if you absolutely need to For more information
about what parameters you can use in this file, type man netdump.
Trang 11■■ yes— Networking should be configured.
■■ no— Networking should not be configured
■■ HOSTNAME=value, where value should be the fully qualified domainname (FQDN), such as hostname.domain.com, but can be whateverhostname you want
N OT E For compatibility with older software that people might install, the
/etc/HOSTNAMEfile and the /etc/sysconfig/network file should contain the same value.
■■ GATEWAY=value, where value is the IP address of the network’s gateway
■■ GATEWAYDEV=value, where value is the gateway device, such as eth0
■■ NISDOMAIN=value, where value is the NIS domain name
/etc/sysconfig/ntpd
The /etc/sysconfig/ntpd file is used to pass arguments to the ntpd mon if it is used at boot time The ntpd daemon sets and maintains the systemclock to synchronize with an Internet standard time server It implements ver-sion 4 of the Network Time Protocol (NTP) For more information about whatparameters you can use in this file, point a browser at the following file:/usr/share/doc/ntp-version/ntpd.htm (where version is the ver-sion number of ntpd) By default, this file sets the owner of the ntpd process tothe user ntp
dae-/etc/sysconfig/pcmcia
The /etc/sysconfig/pcmcia file is used to specify PCMCIA configurationinformation The following values may be used:
■■ PCMCIA=value, where value is one of the following:
■■ yes— PCMCIA support should be enabled
■■ no— PCMCIA support should not be enabled
Trang 12■■ PCIC=value, where value is one of the following:
■■ i82365— The computer has an i82365-style PCMCIA socket chipset
■■ tcic— The computer has a tcic-style PCMCIA socket chipset
■■ PCIC_OPTS=value, where value is the socket driver (i82365 or tcic)timing parameters
■■ CORE_OPTS=value, where value is the list of pcmcia_core options
■■ CARDMGR_OPTS=value, where value is the list of options for thePCMCIA cardmgr (such as -q for quiet mode, -m to look for loadablekernel modules in the specified directory, and so on) Read the cardmgrman page for more information
/etc/sysconfig/selinux
This file is a link to /etc/selinux/config and is used to control selinux onthe system It contains two settings that control the state of selinux — enforc-ing, permissive, or disabled — and the type of policy, either targeted or strict
A sample of this file is shown here
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
/etc/sysconfig/system-config-users
The /etc/sysconfig/system-config-users file is the configuration filefor the graphical application User Manager This file is used to filter out systemusers such as root, daemon, and lp This file is edited via the Preferences ➪Filter system users and groups pull-down menu in the User Manager applica-tion and should not be edited manually
/etc/sysconfig/system-logviewer
The /etc/sysconfig/system-logviewer file is the configuration file forthe graphical, interactive log-viewing application Log Viewer This file is edited
Trang 13via the Edit ➪ Preferences pull-down menu in the System Logs application andshould not be edited manually
/etc/sysconfig/samba
The /etc/sysconfig/samba file is used to pass arguments to the smbd andthe nmbd daemons at boot time The smbd daemon offers file-sharing connec-tivity for Windows clients on the network The nmbd daemon offers NetBIOS-over-IP naming services For more information about what parameters you
can use in this file, type man smbd By default, this file sets smbd and nmbd to
run in daemon mode
/etc/sysconfig/sendmail
The /etc/sysconfig/sendmail file allows messages to be sent to one ormore recipients, routing the message over whatever networks are necessary.The file sets the default values for the Sendmail application to run Its defaultvalues are to run as a background daemon, and to check its queue once anhour in case something has backed up and stalled the process The followingvalues may be used:
■■ DAEMON=value, where value is one of the following Boolean values:
■■ yes— Sendmail should be configured to listen to port 25 for ing mail yes implies the use of Sendmail’s -bd options
incom-■■ no— Sendmail should not be configured to listen to port 25 forincoming mail
■■ QUEUE=1h, which is given to Sendmail as -q$QUEUE The -q option isnot given to Sendmail if /etc/sysconfig/sendmail exists andQUEUEis empty or undefined
/etc/sysconfig/vncservers
The /etc/sysconfig/vncservers file configures the way the virtual work computing (VNC) server starts up VNC is a remote display system thatallows you to view a desktop environment not only on the machine where it isrunning but across different networks on a variety of architectures It may con-tain the following:
net-■■ VNCSERVERS=value, where value is set to something like 1:fred toindicate that a VNC server should be started for user fred on display:1 User fred must have set a VNC password using vncpasswd beforeattempting to connect to the remote VNC server
Trang 14Note that when you use a VNC server, your communication with it is crypted, and so it should not be used on an untrusted network For specificinstructions concerning the use of SSH to secure the VNC communication, seeresearch.att.com/vnc/sshvnc.html To find out more about SSH,see Chapter 28.
unen-/etc/sysconfig/xinetd
The /etc/sysconfig/xinetd file is used to pass arguments to the xinetddaemon at boot time The xinetd daemon starts programs that provide Inter-net services when a request to the port for that service is received For more
information about what parameters you can use in this file, type man xinetd.
For more information on the xinetd service, see Chapter 25
Directories in the /etc/sysconfig/ Directory
The following directories are normally found in /etc/sysconfig/
apm-scripts
This contains the Red Hat APM suspend/resume script You should not editthis file directly If you need customization, simply create a file called /etc/sysconfig/apm-scripts/apmcontinue, and it will be called at the end
of the script Also, you can control the script by editing /etc/sysconfig/apmd
daemons
This directory is initially empty after the system installation It is used to holdthe configuration scripts for programs that the user may have installed Forexample, the configuration files for the webmin program are placed in thisdirectory during its installation
Trang 15This directory contains files used for network configuration
■■ Network configuration files for each configured network interface, such
as ifcfg-eth0 for the eth0 Ethernet interface
■■ Scripts used to bring up and down network interfaces, such as ifupand ifdown
■■ Scripts used to bring up and down ISDN interfaces, such as isdnand ifdown-isdn
ifup-■■ Various shared network function scripts that should not be editeddirectly
rhn
This directory contains the configuration files and GPG keys for Red Hat work No files in this directory should be edited by hand For more informa-tion on Red Hat Network, see the Red Hat Network Web site at https://rhn.redhat.com
Net-Examining the Network Configuration Files
This section discusses the following topics:
■■ Files to change when setting up a system or moving the system
■■ Starting up network services from xinetd
■■ Starting up network services from the rc scripts
■■ Other important network configuration files in the /etc/sysconfigdirectory
Files to Change When Setting Up
a System or Moving the System
Whenever you set up a system to work on a new network, either because you’vejust installed Red Hat or you’re moving the machine from one location toanother, a set of files needs to be modified to get it working on the new network.You need to:
■■ Set up the IP addresses of your network interfaces Make changes to: