Home page Services provided Software available Site licenses Systems status Local Documentation Windows 2000 Reporting problems Links Contact information





Next Previous Contents

5. Routine Duties

5.1 Setting up new accounts

If you used the post-install script from above, then you enable Kerberos logins. So to add a new user: 

  useradd -c "Real Name of Person" NetID

5.2 Making NIS maps

The Network Information Services (NIS) directory is /var/yp. To remake and distribute the NIS database files or maps, simply type make from the /var/yp directory. The important maps that get distributed are: passwd, group, netgroup and hosts. The source files are located in /etc. If you ever make a change to one of these files in /etc you should remake and distribute the NIS database files.

5.3 Installing RPM updates

Fedora Core

We are also using smartpm to do the updates, so the process is quite easy. Here is how you would do the RPM updates on a Fedora Core machine: 

   smart update
   smart upgrade

RHEL Desktop and AS

You should always install the latest RPMs, including kernel updates, whenever they are available.

Getting your updates from Red Hat

If you are getting your RPM updates from Red Hat, then look at the lower right hand corner of the screen, you'll see a flashing red explanation mark "!". This means there are critical updates that you must install in order to secure the machine. You will first have to configure the Critical Updates applet, then use it to get the current updates. If you have already configured the applet, then you can skip this section. So here's how to configure the Critical Update applet (the red flashing "!"): 

  Click on the Red Flashing explanation mark "!" in the lower right
  Click on Forward
  Click on Forward (Terms of Service)
  Click on Forward (no proxy)
  Click on Apply
Now let's get the updates and install them: 
  Click on the Red Flashing explanation mark "!" in the lower right
  Click Launch up2date
  Click OK
  Click Yes (Install Key)
  Click on Forward (Start Update Agent)
  Click on Forward (Privacy Statement)
  Click on Forward (after putting in RHN login information)
  Click on Forward (send hardware profile)
    Check off Select All Packages
  Click on Forward (List of RPM updates)
  Click on Forward (Send profile to RHN)
  Click on Forward (Channels)
    Check off kernel updates if available
  Click on Forward
  Click on Forward (do it)
  Click on Forward (finish)
  Click on Forward (all done)
  Click on Finish

Getting your updates from the WSS RHEL apt repository

If you already registered your machine with WSS and installed smartpm, it is very simple to get updates: 

   smart update
   smart upgrade

Please see the section Standard Red Hat Enterprise Linux (RHEL) Desktop4/AS4 Install for more information on registering you machine with WSS and installing smartpm.

5.4 Make a system-wide environment variable

The following scripts are executed at login time: 

  /etc/csh.login  (for csh and tcsh)
  /etc/profile    (for bash and sh)
So you need to place the environment variable in these two files.

5.5 Network Security

There are restrictions on some of the daemons running on the server. The restrictions help in security of NFS and NIS so that everyone can't mount disks and find out passwords. The method of restricting access is through tcpwrappers. This is an option that is compiled into the following daemons: ypserv, ypbind and portmap. There are other daemons as well that have tcpwrappers compiled into them.

In general you want to deny everyone access to these daemons and ports, then just allow the hosts and domains you want to have access. This is accomplished through two files: /etc/hosts.deny and /etc/hosts.allow.

Here is what they should look like: 

#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
#
# Deny access to hosts not in hosts.allow (Econ Dept)
#          Paul Gluhosky   23 Feb 2000
#
ALL: ALL

#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# Restrict access to Yale.    Paul Gluhosky   23 Feb 2000
#
sshd:       ALL
ALL:        .yale.edu,127.0.0.1

5.6 chkconfig flags

There is a method of easily controlling which processes get started at boot time. This method is controlled through the /sbin/chkconfig command. The source files for chkconfig are in /etc/rc.d/init.d. You can list out all the processes by typing: 

  /sbin/chkconfig --list

You can turn processes on and off by using the "add" and "del" switches. Here is an example of turning the "xinetd" process on then off again. 

   /sbin/chkconfig --add xinetd
   /sbin/chkconfig --del xinetd
Keep in mind that this does NOT start or stop the daemon from running. It simply changes what gets started or not at boot time. You have control of specifying at which boot level which processes start. You can specify these in the source files in /etc/rc.d/init.d. Please look at the source files in /etc/rc.d/init.d for examples or read man chkconfig for more information.

5.7 Changing network card settings

Use the ethtool command to view and change network card settings. The man page gives a full explanation. Here is an example of setting the eth1 interface to 100 mbit full duplex and turning off autonegotiation. 

   /sbin/ethtool -s eth1 speed 100 duplex full autoneg off

Next Previous Contents




Certifying authority: Paul Gluhosky
Manager, AM&T Workstation Support Services
URL: http://wss.yale.edu/doco/LINUX
Last update: 12.20.06
AMT home pageITS home pageYale Front DoorContact usSearchWorkstation Support Services home page