| 3 comments ]

Redhat/Fedora's 'system-config' Tools Guide

This document describes how to use the popular system-config-* tools for Linux. This is only needed for administration purposes only. Also, these tools are available with Red Hat based Linux Open Client installs only.

As root on a Red hat based system (i.e. Redhat 4+ Open Client 1.x+), users can run a set of configuration tools. If these tools are launched from within a graphical system (XWindows), they will start as a graphical tool, from the command line they will launch their TUI (Text User Interface) variants. *Note: The redhat-config tools used in Red Hat Enterprise Linux version 3 are now system-config for version 4+.

Popular 'System-config-' Described In This Document
Tool Description
Installing and Listing the available 'system-config' tools List the system-config-***** tools available on a system.
Launching "System-Config" Tools Remotely Use the system config tools from a remote system.
system-config-authentication The Authentication Configuration Tool provides a graphical interface for configuring NIS, LDAP, and Hesiod to retrieve user information as well as for configuring LDAP, Kerberos, and SMB as authentication protocols. Note, the firewall may need to be adjusted to allow the changes made here.
system-config-date The Time and Date Properties Tool allows the user to change the system date and time, to configure the time zone used by the system, and to setup the Network Time Protocol (NTP) daemon to synchronize the system clock with a time server.
system-config-display A graphical interface for configuring the X Window System display
system-config-network his is the GUI of the network configuration tool, supporting Ethernet, Wireless, TokenRing, ADSL, ISDN and PPP.
system-config-securitylevel utility for easy configuration of firewall-rules end SELinux security settings. It's more of an beginners tool as it is limited to opening ports and it can only overwrite the existing configuration. Note, with Open Client, this tool could be disabled, look to the firewall section for technical details for port management with IPTABLES.
system-config-services This is a graphical tool for enabling and disabling services (including xinetd services). Functionality to start, stop, and restart services is also included.


Configuration Commands and Details

Installing and Listing the available 'system-config' tools


  • Installing the tools
    To install the tool use the add remove applications utilities. If the system is connected to a "yum" channel, you can install the from the command line with " yum -y install system-config-authentication " command. For example:
    su -
    yum -y install system-config-network

    Optionally all of the tools can be installed using the wildcard ' *** ' option:

    yum -y install system-*

    If yum or yumex (the graphical tool) are not available, use the distro DVD to install these packages with the rpm -Uvh system-*.rpm command.

  • Locating the installed tools
    listing the available system-config- tools on your system\
  • Using the tools from remote hosts
    how to remotely use the tool on other sytems\
  • A more complete list of tools:
    [root@duvel ~]# system-config-       ( and press the tab key twice )

    system-config-authentication system-config-network-tui
    system-config-date system-config-printer
    system-config-display system-config-securitylevel
    system-config-kdump system-config-securitylevel-tui
    system-config-keyboard system-config-selinux
    system-config-language system-config-services
    system-config-lvm system-config-soundcard
    system-config-network system-config-time
    system-config-network-cmd system-config-users
    system-config-network-gui
    [root@duvel ~]# system-config-


back to top

Launching "System-Config" Tools Remotely


This section describes how to SSH into a machine and launch the system-config tools. The process is largely the same for telnet but users must first issue xhost+ and export DISPLAY when on the host.

Using the Tool

1. Use SSH -X option to connect to the system.

[quickm@duvel ~]$ ssh -X 192.168.15.100 -l quickm
quickm@192.168.15.100's password:
Last login: Wed Nov 7 01:58:23 2007 from 192.168.15.12
====> Welcome to Evil 1 <====

[quickm@evil1 ~]$

2. Type system-config- (press tab twice) to see which tools are available.

[quickm@evil1 ~]$ system-config-
system-config-authentication system-config-network-tui
system-config-date system-config-printer
system-config-display system-config-securitylevel
system-config-kdump system-config-securitylevel-tui
system-config-keyboard system-config-selinux
system-config-language system-config-services
system-config-lvm system-config-soundcard
system-config-network system-config-time
system-config-network-cmd system-config-users
system-config-network-gui
[quickm@evil1 ~]$ system-config-

3. Then just issue the command at the terminal screen

[quickm@evil1 ~]$ system-config-users &

Note: if the display tool isn't working correctly,

*Unable to initialize graphical environment. Most likely cause of failure
is that the tool was not run using a graphical environment. Please either
start your graphical user interface or set your DISPLAY variable.
Caught exception: could not open display*

then run the "tui" version of the application or find the command line alternative .

Alternative Text versions:


  • system-config-services
    the tool is located in the setuptool package, if it is not installed get it from yum (yum install setuptool). Then type ' setup ' to launch text tool.
  • system-config-authentication
    the tool is located in the setuptool package, if it is not installed get it from yum (yum install setuptool). Then type ' setup ' to launch text tool.
  • system-config-display
    the tool is located in the setuptool package, if it is not installed get it from yum (yum install setuptool). Then type ' setup ' to launch text tool.
  • system-config-keyboard
    the tool has a text version that will run in place of the GUI.
  • system-config-network
    the tool has a text version that will run in place of the GUI.
  • system-config-language
    the tool has a text version that will run in place of the GUI.
  • system-config-date
    the tool has a text version that will run in place of the GUI.
  • system-config-printer
    the tool has a text version that will run in place of the GUI.
  • system-config-securitylevel
    the tool has a text version that will run in place of the GUI.
  • system-config-users
    The alternative is the command line:
    su -  ( to become root )
    useradd -G wheel my_new_user ( create user, put them in the wheel group )
    passwd my_new_user ( set the password for user )
    chage -M 999 my_new_user ( change password age )


back to top

system-config-authentication


The Authentication Configuration Tool provides a graphical interface for configuring NIS, LDAP, and Hesiod to retrieve user information as well as for configuring LDAP, Kerberos, and SMB as authentication protocols. Note, the firewall may need to be adjusted to allow the changes made here.

To install the tool use the add remove applications utilities. If the system is connected to a "yum" channel, you can install the from the command line with " yum -y install system-config-authentication " command.

User Information


The User Information tab sets up the type of user login. The following list explains what each option can be configured:

  • Enable NIS Support — to configure the system as an NIS client which connects to an NIS server for user and password authentication. The network must have a NIS server domain (which is similar to Windows active directory or Novell's enterprise system.
    • The ypbind package must be installed and portmap running for this option to work.
  • Enable LDAP Support — to configure the system to retrieve user information via LDAP.
    • The openldap-clients package must be installed for this option to work.
  • Enable Hesiod Support — Select this option to configure the system to retrieve information from a remote Hesiod database, including user information.
    • The hesiod package must be installed.
  • Winbind — Select this option to configure the system to connect to a Windows Active Directory or a Windows domain controller.
  • Cache User Information — Select this option to enable the name service cache daemon (nscd) and configure it to start at boot time.
    • The nscd package must be installed for this option to work.

Authentication


The Authentication area allows for the configuration of network authentication methods. The following list explains what each option can be configured:

  • Enable Kerberos Support — Select this option to enable Kerberos authentication. Click the Configure Kerberos button to configure:
    • Realm —realm for the Kerberos server. The realm is the network that uses Kerberos.
    • Admin Servers — Specify the administration server(s) running kadmind.
    • KDC — Define the "Key Distribution Center" (KDC) - the server that provides Kerberos tickets.
  • Enable LDAP Support — standard PAM-enabled applications use LDAP for authentication. Click the Configure LDAP button to specify the following:
    • Use TLS to encrypt connections — to encrypt passwords sent to the LDAP server.
    • LDAP Search Base DN — Retrieve user information by its Distinguished Name (DN).
    • LDAP Server — Specify the IP address of the LDAP server.
  • Use Shadow Passwords — Select this option to store passwords in shadow password format in the /etc/shadow file instead of /etc/passwd.
  • Use MD5 Passwords — MD5 allows passwords to be up to 256 characters instead of eight characters or less.
  • Enable SMB Support — This option configures PAM to use a SMB server (Windows style Samba) to authenticate users. Click the Configure SMB button to specify:
    • Workgroup — Specify the SMB workgroup to use.
    • Domain Controllers — Specify the SMB domain controllers to use.
  • Winbind — Select this option to configure the system to connect to a Windows Active Directory or a Windows domain controller.
back to top

system-config-date


The Time and Date Properties Tool allows the user to change the system date and time, to configure the time zone used by the system, and to setup the Network Time Protocol (NTP) daemon to synchronize the system clock with a time server.

To install the tool use the add remove applications utilities. If the system is connected to a "yum" channel, you can install the from the command line with " yum -y install system-config-date " command.

Using the system-config-date tool

Starting the tool:

  • Type the command system-config-date, system-config-time, or dateconfig at a shell prompt.
  • The tool can be launched from the time/date taskbar applet.
  • The tool can be launched from the "control center".

Configuring the tool:

  • Setup the "Date / Time" functions
    • configure time and date set from the local system.
  • Setup the NTP (Network Time Protocol)
    • User can opt to have a server keep track of it for them. The Network Time Protocol (NTP) daemon synchronizes the system clock with a remote time server or time source. The application allows you to configure an NTP daemon to synchronize your system clock with a remote server.
    • Pick a predefined server by clicking the Edit or add a new server name by clicking Add.
  • Setup the Time Zone information
    • configure your Time Zone.
back to top

system-config-display


A graphical interface for configuring the X Window System display

To install the tool use the add remove applications utilities. If the system is connected to a "yum" channel, you can install the from the command line with " yum -y install system-config-display " command.

Manually (re)configuring with system-config-display :


  1. Boot system, press Cntrl+alt+ F1 for a terminal prompt
  2. Login as root
  3. confirm your runlevel by typing runlevel
    (it should return somthing like "N 3" or "5 3" *key is that we want the right most number to be '3')
    (if the system is in runlevel 5 the system will automatically try to use the default settings, or it will fail and ask to reconfig "X".)
    (to continue with a manual reconfig follow the next steps.)
  4. if the runlevel is 5 change it with init 3 command
  5. type
    system-config-display --reconfig
  6. reconfig the montor, be sure to get the right settings
    (you can get the vert/horz rates from the back of the monitor)
    (if it's a laptop, pick "generic LCD" which can do your settings)

Failure reasons:


  • the Linux driver is invalid (didn't detect it),
  • you picked the wrong monitor settings,
  • the monitor is very old and not 'plug and play'
  • you don't have shared memory for video set in Bios of some desktops.

Display settings in xorg.conf (the X-Window display config file)


  • Example 1: The Server layout section of xorg.conf
    Section "ServerLayout"
    Identifier "Multihead layout"
    Screen 0 "Screen0" LeftOf "Screen1"
    Screen 1 "Screen1" 0 0
    InputDevice "Keyboard0" "CoreKeyboard"
    InputDevice "Synaptics" "CorePointer"
    Option "Xinerama" "off"
    Option "Clone" "on"
    EndSection


    This section describes how many screens are connected to the system, which monitor is on the Left or right of the other, if the desk is to span across the two monitors or act as two seperate displays. In this case, there are two monitors called "multihead" with seperate desktops.

  • Example 2: The Monitor section of xorg.conf
    Section "Monitor"
    "Monitor0"
    VendorName "Monitor Vendor"
    ModelName "Generic Monitor"
    HorizSync 30.0 - 69.0
    VertRefresh 50.0 - 120.0
    Option "dpms"
    EndSection


    The Monitor section defines the display settings found on the back of the monitor. If you do not know the settings, pick a generic CRT or LCD monitor.

  • Exampe 3: The Device driver section of xorg.conf
    Section "Device"
    Identifier "Videocard0"
    Driver "radeon"
    VendorName "Videocard vendor"
    BoardName "ATI Radeon Mobility 7500"
    EndSection


    The device section contains the actual driver used ( Radeon in this case ) and is the crucial for the video to work. Look up the proper driver for your video card.

  • Example 4: The display size and color depth section of xorg.conf
    Section "Screen"
    Identifier "Screen0"
    Device "Videocard0"
    Monitor "Monitor0"
    DefaultDepth 16
    SubSection "Display"
    Viewport 0 0
    Depth 16
    Modes "1280x1024"
    EndSubSection
    SubSection "Display"
    Viewport 0 0
    Depth 24
    "1400x1050"
    EndSubSection
    EndSection


    The screen section contains the resolution modes and color depth. The depth is usually 16bit or 24bit (which is 2^16 colors or 2^24 colors). Each depth has it's own Display subsection. The Defualt depth uses the display for that depth. In this example, the default is 16bit color and using the modes which starts with 1280x1024.


back to top

Using the system-config-network utility


This is the GUI of the network configuration tool, supporting Ethernet, Wireless, TokenRing, ADSL, ISDN and PPP.

To install the tool use the add remove applications utilities. If the system is connected to a "yum" channel, you can install the from the command line with " yum -y install system-config-network " command.

Using the tool


Simply run the command from the terminal session.

[quickm@duvel]$ system-config-network &

Configuration Files


redhat-config-network configures the following files:

Configuration File Description
/etc/sysconfig/network-scripts/ifcfg-* -Configuration files for each interface.
/etc/sysconfig/network -Hostname, default gateway, general configuration
/etc/sysconfig/static-routes -Static routes (if any)
/etc/hosts -the local DNS entry (which must have your hostname
/etc/resolv.conf -contains DNS info (for dhcp set dynamically)

Device config file descriptions

The ifcfg- file contains the specifics about the network device. The hostname, is it dhcp or static, what are the settings and so forth.

  • Example dhcp file:
    ifcfg-eth0
    DEVICE=eth0
    BOOTPROTO=dhcp
    DHCPCLASS=
    HWADDR=00:0D:60:F9:F9:B9
    ONBOOT=yes

The "network" file can contain gateway info, hostname, QIP info and so forth.

  • Example network file:
    network
    HOSTNAME=duvel.fishkill.ibm.com
    NETWORKING=yes
    NETWORKING_IPV6=no
    STATDARG=" -p 4000"
    SEARCH=ibm.com

The 'hosts' file contains local DNS entries like local home computers (i.e. kidsPC 192.168.1.4) and most importantly your hostname info (which is required).

  • Example hosts file:
    hosts
    127.0.0.1 localhost.localdomain localhost
    127.0.0.1 duvel.fishkill.ibm.com duvel

The resolv.conf file contains DNS servers and route paths (DSSO) (usually set automatically)

  • Example resolv.conf:
    resolv.conf
    search ibm.com optonline.net
    nameserver 9.0.2.1
    nameserver 9.0.4.1
    nameserver 167.206.251.13


back to top

Using the system-config-securitylevel utility


system-config-securitylevel is a utility for easy configuration of firewall-rules end SELinux security settings. It's more of an beginners tool as it is limited to opening ports and it can only overwrite the existing configuration. The configuration file that is affected is called "iptables" which is named after the firewall tool in Linux with the same name. iptables is fast and built into the kernel. For more information about seriously understanding the complex firewall configuration, refer to our technical 'iptables-firewall section' for more details.

To install the tool use the add remove applications utilities. If the system is connected to a "yum" channel, you can install the from the command line with " yum -y install system-config-securitylevel " command.

Firewall Configuration


Using the tool

Simply launch the tool from the command line:

[quickm@duvel sysconfig]$ system-config-securitylevel &

Firewall enable pulldown menu (or check box)

No firewall

  • No firewall provides complete access to your system and does no security checking. However, your system would have to be advertising in some way for this to be a huge risk. However, it's best advised to protect your system in every way possible.

Enable firewall

  • If you choose Enable firewall, connections are not accepted by your system (other than the default settings) that are not explicitly defined by you.

What services should be allowed to pass through the firewall?

Enabling these options allow the specified services to pass through the firewall. Redhat provides a list of the most popular services. If you want to use this tool to add other less popular ports, use the "other ports" area and add their numbers there.

Popular ports include:

  • Remote Login (SSH)
    Secure Shell (SSH) is a suite of tools for logging in to and executing commands on a remote machine.
  • HTTP (Webservers)
    The HTTP and HTTPS protocols are used by Apache (and by other Web servers) to serve webpages. If you plan on making your Web server publicly available, enable this option.
  • File Transfer (FTP)
    The FTP protocol is used to transfer files between machines on a network. Not recommended, as it's a security risk.
  • Mail Server (SMTP)
    If you want to allow incoming mail delivery through your firewall, almost never needed.

SE Linux Configuration


SELinux allows you to provide granular permissions for all subjects (users, programs, and processes) and objects (files and devices).

Three states are available for you to choose from during the installation process:

  • Disable — Select Disable if you do not want SELinux enabled on this system.
  • Warn — Select Warn to be notified of any denials. This will log issues but not actually block them!
  • Active — if you want SELinux to act in a fully active state. Choose this option only if you are sure that your system can still properly function with SELinux fully enabled.

For additional information about SELinux, refer to the following URLs:

  • http://www.redhat.com/docs/
  • http://www.nsa.gov/selinux/
back to top

Using the system-config-services utility


This is a graphical tool for enabling and disabling services (including xinetd services). Functionality to start, stop, and restart services is also included.

To install the tool use the add remove applications utilities. If the system is connected to a "yum" channel, you can install the from the command line with " yum -y install system-config-service " command.

Using the tool


Simply launch the command from a terminal session

[quickm@duvel sysconfig]$ system-config-services &

List of popular services are listed below. In order for the service to start when the system boots, it must be set for 3:on and 5:on. Use the Internet to learn more about these services.

NetworkManager  1:off   2:on    3:on    4:on    5:on ( enhanced networking mgmt for mobile users)
acpid 1:off 2:off 3:on 4:on 5:on ( ACPI power management )
apmd 1:off 2:on 3:on 4:on 5:on ( Utilities for Advanced Power Management (APM))
atd 1:off 2:on 3:on 4:on 5:on ( cron utility at time x do y )
autofs 1:off 2:on 3:on 4:on 5:on ( autofs mounting for network mounts, gsa, etc.)
crond 1:off 2:on 3:on 4:on 5:on ( a scheduler to run tasks )
cups 1:off 2:on 3:on 4:on 5:on ( the printer service )
gpm 1:off 2:on 3:on 4:on 5:on ( provides mouse support in terminals )
httpd 1:off 2:off 3:off 4:off 5:off( web server Service)
ibm-acpi 1:off 2:on 3:on 4:on 5:on ( IBM's APCI functions )
iptables 1:off 2:on 3:on 4:on 5:on ( The Linux Firewall )
kudzu 1:off 2:on 3:on 4:on 5:on ( runs on boot to look for new hardware )
messagebus 1:off 2:off 3:on 4:on 5:on (D-BUS provides talk between any two apps)
netfs 1:off 2:on 3:on 4:on 5:on (Auto Mounts and unmounts Netwrk File Systems)
netplugd 1:off 2:off 3:off 4:off 5:off ( checks for network disconnects )
network 1:off 2:on 3:on 4:on 5:on ( the network service )
nfs 1:off 2:off 3:off 4:off 5:off ( network file system mounts)
ntpd 1:off 2:on 3:on 4:on 5:on ( Net Time Protocol - clock syncs over the net)
portmap 1:off 2:on 3:on 4:on 5:on ( is a network helper service )
rhnsd 1:off 2:off 3:on 4:on 5:on (Queries the Red Hat Network for updates)
rpcsvcgssd 1:off 2:off 3:off 4:off 5:off ( Symantec Antivirus )
rtvscand 1:off 2:on 3:on 4:on 5:on ( Symantec Antivirus )
sendmail 1:off 2:off 3:off 4:off 5:off ( for sending AND receiving mail )
sshd 1:off 2:off 3:on 4:off 5:on ( Secure Shell incomming connections )
syslog 1:off 2:on 3:on 4:on 5:on ( system logging )
tsm 1:off 2:off 3:on 4:off 5:on ( Tivoli backup client )
vmware 1:off 2:off 3:off 4:off 5:off ( Service for VMware client )
vncserver 1:off 2:off 3:off 4:off 5:off ( Setup VNC displays on localhost )
wine 1:off 2:on 3:on 4:on 5:on ( allows Windows apps to be run )
xfs 1:off 2:on 3:on 4:on 5:on ( Font server,needed for XWindows to start)
xinetd 1:off 2:off 3:off 4:off 5:off ( net services through portmap like telnet)


3 comments

x!sign.dll said... @ April 30, 2012 at 9:42 AM

You should correct "yum -y system-*" to "yum -y system-config-*"

mahasiswa teladan said... @ August 28, 2013 at 8:41 PM

hi...Im student from Informatics engineering nice article,
thanks for sharing :)

Brandon Hudson said... @ December 12, 2013 at 2:49 AM

Your post really cool and interesting. Thanks very much.


Lenovo - ThinkPad 14" LED Ultrabook - Intel Core i7 i7-3517U 1.90 GHz - Black

Lenovo - 15.6" ThinkPad Notebook - 4 GB Memory - 500 GB Hard Drive - Black (239265U)

Post a Comment