Red Hat APPLICATION STACK 1.2 RELEASE Instrukcja Użytkownika Pobierz pdf (Strona 22)

Chapter 4. Networking and Services

• A serial getty is still automatically configured if the serial console is the primary system console. In

prior releases, this was done by kudzu, which would edit /etc/inittab. In Red Hat Enterprise

Linux 6, configuration of the primary serial console is handled by /etc/init/serial.conf.

• To configure a getty running on a non-default serial console, you must now write an Upstart job

instead of editing /etc/inittab. For example, if a getty on ttyS1 is desired, the following job file

(/etc/init/serial-ttyS1.conf) would work:

# This service maintains a getty on /dev/ttyS1.

start on stopped rc RUNLEVEL=[2345]

stop on starting runlevel [016]

respawn

exec /sbin/agetty /dev/ttyS1 115200 vt100-nav

As in prior releases, you should still make sure that ttyS1 is in /etc/securetty if you wish to allow

root logins on this getty.

Because of the move to Upstart, using /etc/shutdown.allow for defining who can shut the

machine down is no longer supported.

4.3. IPTables/Firewalls

IPTables includes a SECMARK target module. This is used to set the security mark value associated

with the packet for use by security subsystems such as SELinux. It is only valid in the mangle table.

Refer to the following for example usage:

iptables -t mangle -A INPUT -p tcp --dport 80 -j SECMARK --selctx \

system_u:object_r:httpd_packet_t:s0

4.4. BIND

There are several major changes in BIND configuration:

• Default ACL configuration - in Red Hat Enterprise Linux 5, the default ACL configuration allowed

queries and offered recursion for all hosts. By default in Red Hat Enterprise Linux 6, all hosts

can make queries for authoritative data but only hosts from the local network can make recursive

queries.

• New allow-query-cache option - the allow-recursion option has been deprecated in favor

of this option. It is used to control access to server caches, which include all non-authoritative data

(like recursive lookups and root nameserver hints).

• Chroot environment management - the bind-chroot-admin script, which was used to create

symlinks from a non-chroot environment to a chroot enviromnent, is deprecated and no longer

exists. Instead, configuration can be managed directly in a non-chroot environment and init scripts

automatically mount needed files to the chroot environment during named startup in the case that

files are not already present in the chroot.

• /var/named directory permissions - The /var/named directory is no longer writable. All zone files

that need to be writable (such as dynamic DNS zones, DDNS) should be placed in the new writable

directory: /var/named/dynamic.

1 2 ... 17 18 19 20 21 22 23 24 25 26 27 ... 43 44

Brak uwag

Red Hat APPLICATION STACK 1.2 RELEASE Instrukcja Użytkownika Strona 22