Oracle® Linux 7

Administrator's Guide

Oracle Legal Notices
Oracle Documentation License


July 2020

Table of Contents

I System Configuration
1 Yum
2 Ksplice
3 Boot and Service Configuration
4 System Configuration Settings
5 Kernel Modules
6 Device Management
7 Task Management
8 System Monitoring and Tuning
9 System Dump Analysis
II Networking and Network Services
10 Network Configuration
10.1 About Network Interfaces
10.2 About Network Interface Names
10.3 About Network Configuration Files
10.3.1 /etc/hosts
10.3.2 /etc/nsswitch.conf
10.3.3 /etc/resolv.conf
10.3.4 /etc/sysconfig/network
10.4 Command-line Network Configuration Interfaces
10.5 Configuring Network Interfaces Using Graphical Interfaces
10.6 About Network Interface Bonding
10.6.1 Configuring Network Interface Bonding
10.7 About Network Interface Teaming
10.7.1 Configuring Network Interface Teaming
10.7.2 Adding Ports to and Removing Ports from a Team
10.7.3 Changing the Configuration of a Port in a Team
10.7.4 Removing a Team
10.7.5 Displaying Information About Teams
10.8 Configuring VLANs with Untagged Data Frames
10.8.1 Using the ip Command to Create VLAN Devices
10.9 Configuring Network Routing
11 Network Address Configuration
11.1 About the Dynamic Host Configuration Protocol
11.2 Configuring a DHCP Server
11.3 Configuring a DHCP Client
11.4 About Network Address Translation
12 Name Service Configuration
12.1 About DNS and BIND
12.2 About Types of Name Servers
12.3 About DNS Configuration Files
12.3.1 /etc/named.conf
12.3.2 About Resource Records in Zone Files
12.3.3 About Resource Records for Reverse-name Resolution
12.4 Configuring a Name Server
12.5 Administering the Name Service
12.6 Performing DNS Lookups
13 Network Time Configuration
13.1 About the chronyd Daemon
13.1.1 Configuring the chronyd Service
13.2 About the NTP Daemon
13.2.1 Configuring the ntpd Service
13.3 About PTP
13.3.1 Configuring the PTP Service
13.3.2 Using PTP as a Time Source for NTP
14 Web Service Configuration
14.1 About the Apache HTTP Server
14.2 Installing the Apache HTTP Server
14.3 Configuring the Apache HTTP Server
14.4 Testing the Apache HTTP Server
14.5 Configuring Apache Containers
14.5.1 About Nested Containers
14.6 Configuring Apache Virtual Hosts
15 Email Service Configuration
15.1 About Email Programs
15.2 About Email Protocols
15.2.1 About SMTP
15.2.2 About POP and IMAP
15.3 About the Postfix SMTP Server
15.4 About the Sendmail SMTP Server
15.4.1 About Sendmail Configuration Files
15.5 Forwarding Email
15.6 Configuring a Sendmail Client
16 High Availability Configuration
16.1 About Oracle Linux high availability services
16.2 Installing Pacemaker and Corosync
16.3 Configuring Your First Cluster and Service
16.4 Fencing Configuration
16.5 More Information
17 Load Balancing Configuration
17.1 About HAProxy
17.2 Installing and Configuring HAProxy
17.2.1 About the HAProxy Configuration File
17.3 Configuring Simple Load Balancing Using HAProxy
17.3.1 Configuring HAProxy for Session Persistence
17.4 About Keepalived
17.5 Installing and Configuring Keepalived
17.5.1 About the Keepalived Configuration File
17.6 Configuring Simple Virtual IP Address Failover Using Keepalived
17.7 Configuring Load Balancing Using Keepalived in NAT Mode
17.7.1 Configuring Firewall Rules for Keepalived NAT-Mode Load Balancing
17.7.2 Configuring Back-End Server Routing for Keepalived NAT-Mode Load Balancing
17.8 Configuring Load Balancing Using Keepalived in DR Mode
17.8.1 Configuring Firewall Rules for Keepalived DR-Mode Load Balancing
17.8.2 Configuring the Back-End Servers for Keepalived DR-Mode Load Balancing
17.9 Configuring Keepalived for Session Persistence and Firewall Marks
17.10 Making HAProxy Highly Available Using Keepalived
17.11 About Keepalived Notification and Tracking Scripts
17.12 Making HAProxy Highly Available Using Oracle Clusterware
18 VNC Service Configuration
18.1 About VNC
18.2 Configuring a VNC Server
18.3 Connecting to VNC Desktop
III Storage and File Systems
19 Storage Management
19.1 About Disk Partitions
19.1.1 Managing Partition Tables Using fdisk
19.1.2 Managing Partition Tables Using parted
19.1.3 Mapping Partition Tables to Devices
19.2 About Swap Space
19.2.1 Viewing Swap Space Usage
19.2.2 Creating and Using a Swap File
19.2.3 Creating and Using a Swap Partition
19.2.4 Removing a Swap File or Swap Partition
19.3 About Logical Volume Manager
19.3.1 Initializing and Managing Physical Volumes
19.3.2 Creating and Managing Volume Groups
19.3.3 Creating and Managing Logical Volumes
19.3.4 Creating Logical Volume Snapshots
19.3.5 Creating and Managing Thinly-Provisioned Logical Volumes
19.3.6 Using snapper with Thinly-Provisioned Logical Volumes
19.4 About Software RAID
19.4.1 Creating Software RAID Devices
19.5 Creating Encrypted Block Devices
19.6 SSD Configuration Recommendations for Btrfs, ext4, and Swap
19.7 About Linux-IO Storage Configuration
19.7.1 Configuring an iSCSI Target
19.7.2 Restoring a Saved Configuration for an iSCSI target
19.7.3 Configuring an iSCSI Initiator
19.7.4 Updating the Discovery Database
19.8 About Device Multipathing
19.8.1 Configuring Multipathing
20 File System Administration
21 Local File System Administration
22 Shared File System Administration
23 Oracle Cluster File System Version 2
IV Authentication and Security
24 Authentication Configuration
24.1 About Authentication
24.2 About Local Oracle Linux Authentication
24.2.1 Configuring Local Access
24.2.2 Configuring Fingerprint Reader Authentication
24.2.3 Configuring Smart Card Authentication
24.3 About IPA Authentication
24.3.1 Configuring IPA Authentication
24.4 About LDAP Authentication
24.4.1 About LDAP Data Interchange Format
24.4.2 Configuring an LDAP Server
24.4.3 Replacing the Default Certificates
24.4.4 Creating and Distributing Self-signed CA Certificates
24.4.5 Initializing an Organization in LDAP
24.4.6 Adding an Automount Map to LDAP
24.4.7 Adding a Group to LDAP
24.4.8 Adding a User to LDAP
24.4.9 Adding Users to a Group in LDAP
24.4.10 Enabling LDAP Authentication
24.5 About NIS Authentication
24.5.1 About NIS Maps
24.5.2 Configuring an NIS Server
24.5.3 Adding User Accounts to NIS
24.5.4 Enabling NIS Authentication
24.6 About Kerberos Authentication
24.6.1 Configuring a Kerberos Server
24.6.2 Configuring a Kerberos Client
24.6.3 Enabling Kerberos Authentication
24.7 About Pluggable Authentication Modules
24.8 About the System Security Services Daemon
24.8.1 Configuring an SSSD Server
24.9 About Winbind Authentication
24.9.1 Enabling Winbind Authentication
25 Local Account Configuration
25.1 About User and Group Configuration
25.2 Changing Default Settings for User Accounts
25.3 Creating User Accounts
25.3.1 About umask and the setgid and Restricted Deletion Bits
25.4 Locking an Account
25.5 Modifying or Deleting User Accounts
25.6 Creating Groups
25.7 Modifying or Deleting Groups
25.8 Configuring Password Ageing
25.9 Granting sudo Access to Users
26 System Security Administration
26.1 About System Security
26.2 Configuring and Using SELinux
26.2.1 About SELinux Administration
26.2.2 About SELinux Modes
26.2.3 Setting SELinux Modes
26.2.4 About SELinux Policies
26.2.5 About SELinux Context
26.2.6 About SELinux Users
26.2.7 Troubleshooting Access-Denial Messages
26.3 About Packet-filtering Firewalls
26.3.1 Controlling the firewalld Firewall Service
26.3.2 Controlling the iptables Firewall Service
26.4 About TCP Wrappers
26.5 About chroot Jails
26.5.1 Running DNS and FTP Services in a Chroot Jail
26.5.2 Creating a Chroot Jail
26.5.3 Using a Chroot Jail
26.6 About Auditing
26.7 About System Logging
26.7.1 Configuring Logwatch
26.8 About Process Accounting
26.9 Security Guidelines
26.9.1 Minimizing the Software Footprint
26.9.2 Configuring System Logging
26.9.3 Disabling Core Dumps
26.9.4 Minimizing Active Services
26.9.5 Locking Down Network Services
26.9.6 Configuring a Packet-filtering Firewall
26.9.7 Configuring TCP Wrappers
26.9.8 Configuring Kernel Parameters
26.9.9 Restricting Access to SSH Connections
26.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
26.9.11 Checking User Accounts and Privileges
27 OpenSSH Configuration
27.1 About OpenSSH
27.2 OpenSSH Configuration Files
27.2.1 OpenSSH User Configuration Files
27.3 Configuring an OpenSSH Server
27.4 Installing the OpenSSH Client Packages
27.5 Using the OpenSSH Utilities
27.5.1 Using ssh to Connect to Another System
27.5.2 Using scp and sftp to Copy Files Between Systems
27.5.3 Using ssh-keygen to Generate Pairs of Authentication Keys
27.5.4 Enabling Remote System Access Without Requiring a Password
V Virtualization
28 Linux Containers
28.1 About Linux Containers
28.1.1 Supported Oracle Linux Container Versions
28.2 Configuring Operating System Containers
28.2.1 Installing and Configuring the Software
28.2.2 Setting up the File System for the Containers
28.2.3 Creating and Starting a Container
28.2.4 About the lxc-oracle Template Script
28.2.5 About Veth and Macvlan
28.2.6 Modifying a Container to Use Macvlan
28.3 Logging in to Containers
28.4 Creating Additional Containers
28.5 Monitoring and Shutting Down Containers
28.6 Starting a Command Inside a Running Container
28.7 Controlling Container Resources
28.8 Configuring ulimit Settings for an Oracle Linux Container
28.9 Configuring Kernel Parameter Settings for Oracle Linux Containers
28.10 Deleting Containers
28.11 Running Application Containers
28.12 For More Information About Linux Containers
29 Using KVM With Oracle Linux