Linux Patch Management: Keeping Linux Systems Up To Date
Here are some of the key points from the certification objectives in Chapter 6.
User Account Management
| ❑ | After installation, your system may have only a single login account: root. For most installations, you'll want to create more accounts, if only for everyday use. |
| ❑ | Accounts can be added by directly editing /etc/passwd or with the useradd command. The advantage of useradd is that it automatically adds the new home directory as well as configuration files from /etc/skel. |
| ❑ | Accounts can be added with the Red Hat User Manager tool. You can also use this tool or related commands such as chage and usermod to configure an account further with parameters such as a password lifetime or a time limit on the account. |
| ❑ | Discourage the use of shared accounts, where several people use a single account. Shared accounts are almost always unnecessary, and they are easily compromised. |
| ❑ | If you're using the Network File System (NFS), it can help establish user accounts with the same UID across systems. |
| ❑ | The Network Information System (NIS) can serve the same purpose by establishing one database for all systems on your network. |
The Basic User Environment
| ❑ | Each user on your system has an environment when logged on to the system. |
| ❑ | The home directory for each login account is the initial directory in which users are placed when they first log on. They start with hidden files configured in the /etc/skel/ directory. |
Shell Configuration Files
| ❑ | All system-wide shell configuration files are kept in the /etc directory. |
| ❑ | /etc/profile is the system-wide startup shell script for bash users. |
| ❑ | All users have hidden shell configuration files in their home directories. |
Setting Up and Managing Disk Quotas
| ❑ | Quotas are used to limit a user's or a group of users' ability to consume disk space. |
| ❑ | Quotas are set on specific filesystems mounted to standard Linux formats. |
| ❑ | Quota support must be enabled in the kernel. By default, quotas are enabled in RHEL kernels. |
| ❑ | Quotas have soft limits and hard limits. If both soft and hard limits are set, a user can exceed his or her soft limit for a modest period of time. |
| ❑ | Users and groups may never exceed their hard quota limits. |
Creating and Maintaining Special Groups
| ❑ | Red Hat's user private group scheme configures users with their own unique user and group ID numbers. |
| ❑ | With appropriate SGID permissions, you can configure a shared directory for a specific group of users. |
| ❑ | Setting the SGID bit ensures that all files created in a shared directory belong to the correct group. |
| ❑ | Setting the SGID bit is easy; use chown to set nobody as the user owner and the name of the group as the group owner. Then run the chmod 2770 command on the shared directory. |
Pluggable Authentication Modules
| ❑ | Red Hat Enterprise Linux uses the Pluggable Authentication Modules (PAM) system to check for authorized users. |
| ❑ | PAM modules are called by configuration files in the /etc/pam.d directory. These configuration files are usually named after the service or command that they control. |
| ❑ | There are four types of PAM modules: authentication, account, password, and session management. |
| ❑ | PAM configuration files include lines that list the module_type, the control_ flag, and the path to the actual module, followed by arguments. |
| ❑ | PAM modules are well documented in the /usr/share/doc/pam-versionnumber/ txts directory. |
Network Authentication Configuration: NIS and LDAP
| ❑ | NIS allows you to configure one centrally managed username and password database with other Linux and Unix systems on your LAN. |
| ❑ | LDAP provides similar support to NIS, and it supports various forms of encryption. |