Читать книгу Linux Bible - Christopher Negus - Страница 7

If you want to develop an idea for a computer-related research project or technology company, where do you begin? You begin with an idea. After that, you look for the tools you need to explore and eventually create your vision. Then, you look for others to help you during that creation process.

Today, the hard costs of starting a company like Google or Facebook include just a computer, a connection to the Internet, and enough caffeinated beverage of your choice to keep you up all night writing code. If you have your own world-changing idea, Linux and thousands of software packages are available to help you build your dreams. The open source world also comes with communities of developers, administrators, and users who are available to help you.

If you want to get involved with an existing open source project, projects are always looking for people to write code, test software, or write documentation. In those projects, you will find people who use the software, work on the software, and are usually willing to share their expertise to help you as well.

But whether you seek to develop the next great open source software project or simply want to gain the skills needed to compete for the thousands of well-paying Linux administrator or development jobs, it will help you to know how to install, secure, and maintain Linux systems.

So, what are the prospects for Linux careers? “The 2014 Linux Jobs Report” from the Linux Foundation (http://www.linuxfoundation.org/publications/linux-foundation/linux-adoption-trends-end-user-report-2014) surveyed more than 1,100 hiring managers and 4,000 Linux professionals. Here is what the Linux Foundation found:

● Linux talent is a high priority– Hiring people with Linux expertise is a priority for 77 percent of hiring managers.

● Career advancement with Linux– As for career opportunities, 86 percent of Linux professionals reported that Linux knowledge increased career opportunities.

● More Linux recruiting– Of the hiring managers surveyed, 46 percent reported that they planned to increase recruitment of Linux talent from the previous year (up 3 percent from the previous year).

The major message to take from this survey is that Linux continues to grow and create demands for Linux expertise. Companies that have begun using Linux have continued to move forward with Linux. Those using Linux continue to expand its use and find that cost savings, security, and the flexibility it offers continue to make Linux a good investment.

Understanding how companies make money with Linux

Open source enthusiasts believe that better software can result from an open source software development model than from proprietary development models. So in theory, any company creating software for its own use can save money by adding its software contributions to those of others to gain a much better end product for themselves.

Companies that want to make money by selling software need to be more creative than they were in the old days. Although you can sell the software you create that includes GPL software, you must pass the source code of that software forward. Of course, others can then recompile that product, basically using and even reselling your product without charge. Here are a few ways that companies are dealing with that issue:

● Software subscriptions– Red Hat, Inc., sells its Red Hat Enterprise Linux products on a subscription basis. For a certain amount of money per year, you get binary code to run Linux (so you don't have to compile it yourself), guaranteed support, tools for tracking the hardware and software on your computer, access to the company's knowledge base, and other assets.

Although Red Hat's Fedora project includes much of the same software and is also available in binary form, there are no guarantees associated with the software or future updates of that software. A small office or personal user might take a risk on using Fedora (which is itself an excellent operating system), but a big company that's running mission-critical applications will probably put down a few dollars for RHEL.

● Training and certification– With Linux system use growing in government and big business, professionals are needed to support those systems. Red Hat offers training courses and certification exams to help system administrators become proficient using Red Hat Enterprise Linux systems. In particular, the Red Hat Certified Engineer (RHCE) and Red Hat Certified System Administrator (RHCSA) certifications have become popular (http://www.redhat.com/certification). More on RHCE/RHCSA certifications later in this chapter.

Other certification programs are offered by Linux Professional Institute (http://www.lpi.org), CompTIA (http://www.comptia.org), and Novell (https://training.novell.com/). LPI and CompTIA are professional computer industry associations. Novell centers its training and certification on its SUSE Linux products.

● Bounties– Software bounties are a fascinating way for open source software companies to make money. Suppose you are using XYZ software package and you need a new feature right away. By paying a software bounty to the project itself, or to other software developers, you can have your needed improvements moved to the head of the queue. The software you pay for will remain covered by its open source license, but you will have the features you need, at probably a fraction of the cost of building the project from scratch.

● Donations– Many open source projects accept donations from individuals or open source companies that use code from their projects. Amazingly, many open source projects support one or two developers and run exclusively on donations.

● Boxed sets, mugs, and T-shirts– Some open source projects have online stores where you can buy boxed sets (some people still like physical DVDs and hard copies of documentation) and a variety of mugs, T-shirts, mouse pads, and other items. If you really love a project, for goodness sake, buy a T-shirt!

This is in no way an exhaustive list, because more creative ways are being invented every day to support those who create open source software. Remember that many people have become contributors to and maintainers of open source software because they needed or wanted the software themselves. The contributions they make for free are worth the return they get from others who do the same.

Becoming Red Hat certified

Although this book is not focused on becoming certified in Linux, it touches on the activities you need to be able to master to pass popular Linux certification exams. In particular, most of what is covered in the Red Hat Certified Engineer (RHCE) and Red Hat Certified System Administrator (RHCSA) exams for Red Hat Enterprise Linux 7 is described in this book.

If you are looking for a job as a Linux IT professional, often RHCSA or RHCE certification is listed as a requirement or at least a preference for employers. The RHCSA exam (EX200) provides the basic certification, covering such topics as configuring disks and filesystems, adding users, setting up a simple web and FTP server, and adding swap space. The RHCE exam (EX300) tests for more advanced server configuration, as well an advanced knowledge of security features, such as SELinux and firewalls.

Those of us who have taught RHCE/RHCSA courses and given exams (as I did for three years) are not allowed to tell you exactly what is on the exam. However, Red Hat gives an overview of how the exams work, as well as a list of topics you can expect to see covered in the exam. You can find those exam objectives on the following sites:

● RHCSA—http://www.redhat.com/en/services/training/ex200-red-hat-certified-system-administrator-rhcsa-exam

● RHCE—http://www.redhat.com/en/services/training/ex300-red-hat-certified-engineer-rhce-exam

As the exam objectives state, the RHCSA and RHCE exams are performance-based, which means that you are given tasks to do and you must perform those tasks on an actual Red Hat Enterprise Linux system, as you would on the job. You are graded on how well you obtained the results of those tasks.

If you plan to take the exams, check back to the exam objectives pages often, because they change from time to time. Keep in mind also that the RHCSA is a standalone certification; however, you must pass the RHCSA and the RHCE exams to get an RHCE certification. Often, the two exams are given on the same day.

You can sign up for RHCSA and RHCE training and exams at http://training.redhat.com. Training and exams are given at major cities all over the United States and around the world. The skills you need to complete these exams are described in the following sections.

RHCSA topics

As noted earlier, RHCSA exam topics cover basic system administration skills. These are the current topics listed for Red Hat Enterprise Linux 7 at the RHCSA exam objectives site (again, check the exam objectives site in case they change) and where in this book you can learn about them:

● Understand essential tools– You are expected to have a working knowledge of the command shell (bash), including how to use proper command syntax and do input/output redirection (< > »). You need to know how to log in to remote and local systems. Expect to have to create, edit, move, copy, link, delete, and change permission and ownership on files. Likewise, you should know how to look up information on man pages and /usr/share/doc. Most of these topics are covered in Chapters 3 and 4 in this book. Chapter 5 describes how to edit and find files.

● Operate running systems– In this category, you must understand the Linux boot process, go into single-user mode, shut down, reboot, and change to different targets (previously called runlevels). You need to identify processes and change nice values or kill processes as requested. You must be able to start and stop virtual machines and network services, as well as find and interpret log files. Chapter 15 describes how to change targets and runlevels and manage system services. See Chapter 6 for information on managing and changing processes. Chapter 26 describes how to manage virtual machines. Logging is described in Chapter 13.

● Configure local storage– Setting up disk partitions includes creating physical volumes and configuring them to be used for Logical Volume Management (LVM) or encryption (LUKS). You should also be able to set up those partitions as filesystems or swap space that can be mounted or enabled at boot time. Disk partitioning and LVM are covered in Chapter 12. LUKS and other encryption topics are described in Chapter 23.

● Create and configure filesystems– Create and automatically mount different kinds of filesystems, including regular Linux filesystems (ext2, ext3, or ext4), LUKS-encrypted filesystems, and network filesystems (NFS and CIFS). Create collaborative directories using the set group ID bit feature and Access Control Lists (ACL). You must also be able to use LVM to extend the size of a logical volume. Filesystem topics are covered in Chapter 12. See Chapter 19 for CIFS and Chapter 20 for NFS coverage.

● Deploy, configure, and maintain systems– This covers a range of topics, including configuring networking, creating cron tasks, setting the default runlevel, and installing RHEL systems. You must also be able to configure a simple HTTP and FTP server. For software packages, you must be able to install packages from Red Hat Network, a remote repository, or the local filesystem. Finally, you must be able to properly install a new kernel and choose that or some other kernel to boot up when the system starts. The cron facility is described in Chapter 13. Web server (HTTP) and FTP server setups are covered in Chapters 17 and 18, respectively.

● Manage users and groups– You must know how to add, delete, and change user and group accounts. Another topic you should know is password aging, using the chage command. You must also know how to configure a system to authenticate by connecting to an LDAP directory server. See Chapter 11 for information on configuring users and groups.

● Manage security– You must have a basic understanding of how to set up a firewall (firewalld, system-config-firewall or iptables) and how to use SELinux. You must be able to set up SSH to do key-based authentication. Learn about SELinux in Chapter 24. Firewalls are covered in Chapter 25. Chapter 13 includes a description of key-based authentication.

Most of these topics are covered in this book. Refer to Red Hat documentation (https://access.redhat.com/documentation/) under the Red Hat Enterprise Linux heading for descriptions of features not found in this book. In particular, the System Administrator's Guide contains descriptions of many of the RHCSA-related topics.

RHCE topics

RHCE exam topics cover more advanced server configuration, along with a variety of security features for securing those servers in Red Hat Enterprise Linux 7. Again, check the RHCE exam objectives site for the most up-to-date information on topics you should study for the exam.

System configuration and management

The system configuration and management requirement for the RHCE exam covers a range of topics, including the following:

● Bonding– Set up bonding to aggregate network links. Bonding is described in Chapter 14.

● Route IP traffic– Set up static routes to specific network addresses. Chapter 14 includes a description of how to set up custom routes.

● Firewalls– Block or allow traffic to selected ports on your system that offer services such as web, FTP, and NFS, as well as block or allow access to services based on the originator's IP address. Firewalls are covered in Chapter 25.

● Kernel tunables– Set kernel tunable parameters using the /etc/sysctl.conf file and the sysctl command. See Chapter 14 for a description of how to use the /etc/sysctl.conf file to change IP forwarding settings in /proc/sys.

● Kerberos authentication– Use Kerberos to authenticate users on a RHEL system. Chapter 11 includes a description of setting up a system to authentication to a Kerberos server.

● Configure iSCSI– Set up system as an iSCSI target and initiator that mounts an iSCSI target at boot time. See the Red Hat Storage Administration Guide for further information (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Storage_Administration_Guide/ch-iscsi.html)

● System reports– Use features such as sar to report on system use of memory, disk access, network traffic, and processor utilization. Chapter 13 describes how to use the sar command.

● Shell scripting– Create a simple shell script to take input and produce output in various ways. Shell scripting is described in Chapter 7.

● Remote logging– Configure the rsyslogd facility to gather log messages and distribute them to a remote logging server. Also, configure a remote logging server facility to gather log messages from logging clients. Chapter 13 covers remote logging with rsyslogd.

● SELinux– With Security Enhanced Linux in Enforcing mode, make sure that all server configurations described in the next section are properly secured with SELinux. SELinux is described in Chapter 24.

Installing and configuring network services

For each of the network services in the list that follows, make sure that you can go through the steps to install packages required by the service, set up SELinux to allow access to the service, set the service to start at boot time, secure the service by host or by user (using iptables, TCP wrappers, or features provided by the service itself), and configure it for basic operation. These are the services:

● Web server– Configure an Apache (HTTP/HTTPS) server. You must be able to set up a virtual host, deploy a CGI script, use private directories, and allow a particular Linux group to manage the content. Chapter 17 describes how to configure a Web server.

● DNS server– Set up a DNS server (bind package) to act as a caching-only name server that can forward DNS queries to another DNS server. No need to configure master or slave zones. DNS is described from the client side in Chapter 14. For information on configuring a DNS server with Bind, see the RHEL Networking Guide (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Networking_Guide).

● NFS server– Configure an NFS server to share specific directories to specific client systems so they can be used for group collaboration. Chapter 20 covers NFS.

● Windows file sharing server– Set up Linux (Samba) to provide SMB shares to specific hosts and users. Configure the shares for group collaboration. See Chapter 19 to learn about configuring Samba.

● Mail server– Configure postfix or sendmail to accept incoming mail from outside the local host. Relay mail to a smart host. Mail server configuration is not covered in this book (and should not be done lightly). See the RHEL System Administrator's Guide for information on configuring mail servers (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/System_Administrators_Guide/index.html#ch-Mail_Servers).

● Secure Shell server– Set up the SSH service (sshd) to allow remote login to your local system as well as key-based authentication. Otherwise, configure the sshd.conf file as needed. Chapter 13 describes how to configure the sshd service.

● Network Time server– Configure a Network Time Protocol server (ntpd) to synchronize time with other NTP peers. See Chapter 26 for information on configuring the ntpd service.

● Database server– Configure the MariaDB database and manage it in various ways. Learn how to configure MariaDB from the MariaDB.org site (https://mariadb.com/kb/en/mariadb/documentation/).

Although there are other tasks in the RHCE exam, as just noted, keep in mind that most of the tasks have you configure servers and then secure those servers using any technique you need. Those can include firewall rules (iptables), SELinux, TCP Wrappers, or any features built into configuration files for the particular service.