Archive for the tag 'Red Hat'

Support for partitions larger than 2.2 TB with BIOS

Installations can now be configured to boot from hard drive partitions larger than 2.2 TB using select BIOS models that support the newer GUID Partition Table (GPT). Legacy BIOS implementations previously limited ability to use large partitions on systems that were not using the newer Unified Extensible Firmware Interface (UEFI).
The initial ramdisk file on 64-bit PowerPC and 64-bit IBM POWER Series systems is now named initrd.img. In previous releases, it was named ramdisk.image.gz.

Red Hat Enterprise Linux 5.4 Virtualization Updates

Red Hat Enterprise Linux 5.4 now includes full support for the Kernel-based Virtual Machine (KVM) hypervisor on x86_64 based architectures. KVM is integrated into the Linux kernel, providing a virtualization platform that takes advantage of the stability, features, and hardware support inherent in Red Hat Enterprise Linux.

Virtualization using the KVM hypervisor is supported on wide variety of guest operating systems, including:

Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Windows XP
Windows Server 2003
Windows Server 2008

How to install Red Hat GPG key for RPM verification.

If the Red Hat GPG key is not installed, install it from a secure, static location, such as a Red Hat installation CD-ROM or DVD.

All Red Hat Enterprise Linux packages are signed with the Red Hat GPG key. GPG stands for GNU Privacy Guard, or GnuPG, a free software package used for ensuring the authenticity of distributed files. For example, a private key (secret key) locks the package while the public key unlocks and verifies the package. If the public key distributed by Red Hat Enterprise Linux does not match the private key during RPM verification, the package may have been altered and therefore cannot be trusted.

use the following command to import it into the keyring (a database of trusted keys on the system):

rpm –import /mnt/cdrom/RPM-GPG-KEY

To display a list of all keys installed for RPM verification, execute the following command:

rpm -qa gpg-pubkey*

It is extremely important to verify the signature of the RPM files before installing them to ensure that they have not been altered from the original source of the packages. To verify all the downloaded packages at once, issue the following command:

rpm -K /tmp/updates/*.rpm

sysreport and sosreport in Red Hat Enterprise Linux

Before Red Hat Enterprise Linux 4.5, we had “sysreport”. The “sosreport” command is a tool that collects information about a Red Hat Enterprise Linux system, such as what kernel is running, what drivers are loaded, and various configuration files for common services. It also does some simple diagnostics against known problematic patterns.

To run “sosreport”, the “sos” package must be installed. The package should be installed by default, bu if the package is not installed, follow the steps below:

Red Hat Enterprise Linux 4

If the system is registered with Red Hat Network (RHN), “sos” can be installed using the up2date command:

# up2date sos

Red Hat Enterprise Linux 5 and later

If the system is registered with RHN, use the yum command:

# yum install sos

sosreport” will generate a compressed a bz2 file under /tmp.

SBDavid

IPsec VPN on Red Hat Linux

IPsec VPN on Red Hat Linux

IPsec is the supported VPN implementation for Red Hat Enterprise Linux that sufficiently addresses the usability needs of organizations with branch offices or remote users.

IPsec can be implemented using a host-to-host (one computer workstation to another) or network-to-network (one LAN/WAN to another). The IPsec implementation in Red Hat Enterprise Linux uses Internet Key Exchange (IKE), which is a protocol implemented by the Internet Engineering Task Force (IETF) to be used for mutual authentication and secure associations between connecting systems.

On Red Hat Enterprise Linux systems, an IPsec connection uses the pre-shared key method of IPsec node authentication. In a pre-shared key IPsec connection, both hosts must use the same key in order to move to the second phase of the IPsec connection.

Implementing IPsec requires that the ipsec-tools RPM package be installed on all IPsec hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration).

/sbin/setkey
Manipulates the key management and security attributes of IPsec in the kernel.

/sbin/racoon
The IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems.

/etc/racoon/racoon.conf
The racoon daemon configuration file used to configure various aspects of the IPsec connection, including authentication methods and encryption algorithms used in the connection.

« Prev