Red Hat Enterprise Linux 9 for SysAdmins (Jerome Gotangco, Luca Berton) (z-library.sk, 1lib.sk, z-lib.sk)

Red Hat Enterprise Linux 9 -----for----- SysAdmins A technical guide for building secure production systems using RHEL 9 administration

Red Hat Enterprise Linux 9 for SysAdmins A technical guide for building secure production systems using RHEL 9 administration Jerome Gotangco Luca Berton www.bpbonline.com

ii ■ First Edition 2025 Copyright © BPB Publications, India ISBN: 978-93-65891-171 All Rights Reserved. No part of this publication may be reproduced, distributed or transmitted in any form or by any means or stored in a database or retrieval system, without the prior written permission of the publisher with the exception to the program listings which may be entered, stored and executed in a computer system, but they can not be reproduced by the means of publication, photocopy, recording, or by any electronic and mechanical means. LIMITS OF LIABILITY AND DISCLAIMER OF WARRANTY The information contained in this book is true to correct and the best of author’s and publisher’s knowledge. The author has made every effort to ensure the accuracy of these publications, but publisher cannot be held responsible for any loss or damage arising from any information in this book. All trademarks referred to in the book are acknowledged as properties of their respective owners but BPB Publications cannot guarantee the accuracy of this information. To View Complete BPB Publications Catalogue Scan the QR Code: iH ■■ s www.bpbonline.com

■ iii Dedicated to My family and closest friends - they are the foundation of who I am today; Jose, Nidia, Joseph, Joshua, Gigi, Veronica, Imman, Valentine, Pauline, and Elnaz; Thank you for the continued support and encouragement. -Jerome Gotangco My son Filippo - the joy of my life -Luca Berton

iv ■ About the Authors l Jerome Gotangco is a technology consultant with extensive experience in the IT Industry. Currently an OpenShift Specialist at Red Hat, he champions the Open Hybrid Cloud approach for enterprises using open-source software platforms. Jerome has a strong background in open source, previously involved in OpenStack and Ubuntu development. Prior to Red Hat, he served as an Azure consultant at Microsoft and held technology consultant roles at Accenture and Hewlett Packard Enterprise. Beyond his technical expertise, Jerome enjoys reading, writing essays and poems, painting miniature figurines, and maintaining an active lifestyle with fitness and golf. l Luca Berton is a seasoned IT professional with over 18 years of experience in Linux system administration, cloud engineering, and automation. Renowned as an IT Automation expert, Luca has authored several best-selling books, including Ansible for VMware by Examples, Ansible for Kubernetes by Examples, Red Hat Ansible Automation Platform, and Hands-on Ansible Automation. Luca’s dedication to open-source projects and his commitment to sharing knowledge are reflected in his creation of the Ansible Pilot project, which serves as a resource for automation enthusiasts worldwide. His expertise extends to presenting at international conferences, contributing to the growth of the Ansible community, and mentoring aspiring IT professionals. As a thought leader and practitioner, Luca combines a deep technical understanding with practical insights, making his work a trusted resource for IT professionals globally. Through this book, he aims to equip readers with the skills and confidence to excel in their careers and beyond.

■ v Acknowledgements m As a first-time author, this book took some time to complete, even though I had numerous tips and advice received to write as fast as I can and refine later, I made sure every chapter written didn’t just get the approval of the editing team involved - I had to convince myself that each command worked to my personal standard. I thank my family for their continued support of my career and my aspirations in life. Even though I embarked on a fulfilling career in IT, writing has been close to my heart, be it creative or technical. I also extend my thanks to my fellow associates at Red Hat for their support on this book project, most especially my former managers, Anirban Mukherjee and Lennie Tan, for their approval and support to me when I took on this book writing project. Without them, this book wouldn’t even be possible. Finally, to my co-author, Luca Berton, for his guidance and most important, his patience on agreeing to see this book from the beginning to what you have in your hands today. - Jerome Gotangco m Creating this book has been a journey of collaboration, effort, and learning. I am profoundly grateful to all who made this possible. First, I want to express my heartfelt thanks to my family for their unending support and patience during this journey. Their encouragement has been my foundation. I am deeply appreciative of the guidance provided by my mentors and colleagues in the IT and open-source communities. A special acknowledgment goes to the Ansible community for nurturing the growth of automation enthusiasts like me. Thank you to my publishers for their trust, vision, and professionalism in transforming this work into reality. Lastly, to the readers, thank you for choosing this book. I hope it serves as a valuable guide on your path forward in your professional career and beyond. - Luca Berton

vi ■ Preface First, we wish to thank you for getting this book, be it for your continued learning using Linux distributions as a hobby, or just simply interested in learning a new operating system. Second, this book has been written for you, dear system administrators of the world, to enable and empower you to be productive with the latest edition of Red Hat’s flagship Linux distribution Red Hat Enterprise Linux 9 (RHEL 9). This book is written in such a way that it can be used as a handy reference whenever you need to do something with my RHEL 9 system, like installing a database service, spinning up a single node instance for Kubernetes, and more! Treat it like a cookbook if you will - always ready to give you the quickest and best way to cook up a recipe. In fact, it is the way the book is structured! Who is this book for and how to use the cookbook? As the title suggests, Red Hat Enterprise Linux 9 for SysAdmins is written for System Administrators or SysAdmins who are responsible for installing, configuring, and managing an RHEL 9 server in their respective IT environments, be it deployed in a data center rack server, on-premises in the company as a stand-alone server, a virtual machine running in a hypervisor, or even in public and private cloud as a virtual machine deployment. From a day-to-day point of view, SysAdmins are responsible for ensuring computer systems, such as servers, are running in peak condition and tuned to handle volumes of transactions. SysAdmins also do proactive planning and monitoring; these systems are accessed securely and don't affect the productivity of users relying on the services running in the systems being managed by SysAdmins. In short, they are the unsung heroes of today’s hyper-connected world, making sure the applications that we use every day, be it a social network, a digital wallet, or an online banking application, just among others, are always available and fast for our day-to-day transactions. This book is written for junior to mid-level SysAdmins who have managed a Linux server before and need to become productive with RHEL 9 in a short amount of time. The book contains over 107 recipes of tasks in building and managing a RHEL 9 system along with applications - from installing RHEL 9, building a database server, designing a cluster for high availability, and creating a platform for artificial intelligence, in the style of a cookbook. Each chapter will focus on a particular topic and will contain at least 5 recipes to get your task done in a shorter amount of time. The table of contents is structured this way along to make it easy to go back to your favorite recipes anytime!

■ vii We have written this book in a cookbook style and below are just some of the great things you’ll learn in each chapter: Chapter 1: Introducing Red Hat Enterprise Linux 9 - You will learn what Red Hat Enterprise Linux (or RHEL), its origin, and how critical this operating system is in the enterprise. You will also get additional information on getting support for RHEL, as well as known alternatives to RHEL. Chapter 2: Setting Up RHEL 9 - You will get information on downloading RHEL 9 and creating bootable media to be used for the installation. When you get to do an installation, you will learn the basics as well as advance lessons on disk partitioning and automating the RHEL 9 installation for mass deployments using Kickstart. Chapter 3: Establish RHEL 9 on Cloud - Cloud computing is a great way to learn about RHEL and you will learn how to deploy and configure RHEL 9 on the major cloud providers: AWS, Microsoft Azure, and Google Cloud Platform. You will also learn how to manage your RHEL 9 deployments with the Red Hat Hybrid Cloud Console and use existing subscriptions to save money on cloud deployments with Red Hat Cloud Access. Chapter 4: Miscellaneous Configurations of RHEL 9 - When you get to install and set up a RHEL 9 system, you will need to do some customizations and configurations to make it usable and secure. This chapter will guide you through basic and essential configurations in RHEL 9. Chapter 5: Managing RHEL 9 Subscriptions - Running RHEL 9 requires a subscription from Red Hat and you will learn in this chapter how to obtain a no-cost developer subscription for your learning journey, as well as registering your RHEL 9 systems to receive software updates and send diagnostic reports to Red Hat to get technical support. Chapter 6: Configuring Software Repositories and RHEL 9 Updates - You will learn to add third-party software repositories to be able to install new software as well as update already installed software. Chapter 7: Managing RHEL 9 with GNOME Desktop - RHEL 9 includes the GNOME Desktop and you will learn how to configure and navigate with this simple graphical user interface to use and manage your RHEL 9 system. Chapter 8: Managing Infrastructure and Databases - RHEL 9 provides a large repository of enterprise-grade open-source infrastructure and database software that you can install and configure in this chapter.

viii ■ Chapter 9: Administration of Virtualization Workloads - You will learn how to create virtual machines and manage them in RHEL 9. Chapter 10: Create, Manage, and Monitor Containers - RHEL 9 has robust container support with Podman and Buildah and you will have a good grasp of the tools by creating and managing container workloads in RHEL 9. Chapter 11: Working Around Networks, Files, and Storage Services - This chapter covers the essentials of networking, file systems, and storage in RHEL 9. You will learn to configure and manage network interfaces, implement firewall rules, and set up DNS and DHCP services. Additionally, you will delve into managing file systems, including creating and mounting file systems, configuring NFS and SMB for file sharing, and working with advanced storage solutions like Logical Volume Manager (LVM) and Stratis. Chapter 12: Source Codes, DevOps Pipelines, and Application Development - This chapter explores how RHEL seamlessly integrates with modern development practices. It teaches you to set up development environments, manage source code repositories with Git, and build CI/CD pipelines using tools like Jenkins, Ansible, and Podman. You will also explore RHEL debugging utilities and performance profilers to streamline application development and deployment. Chapter 13: Administration of Clusters and Servers - RHEL is a trusted choice for enterprise-grade clustering and server management. This chapter focuses on creating and managing high-availability clusters with tools like Pacemaker and Corosync. You will learn to configure load balancers, optimize server performance, and maintain uptime for critical services. You will also explore distributed file systems and shared storage for clusters. Chapter 14: Security Hardening of RHEL - Securing systems is vital in the enterprise landscape. This chapter provides comprehensive guidance on hardening your RHEL installations. Topics include SELinux configuration, managing firewalls with FirewallD, implementing audit rules, and enforcing security policies. Learn about Red Hat Insights, the SCAP Security Guide, and automating security compliance checks to ensure your systems meet enterprise security standards. Chapter 15: Capacity Planning, Log Analysis, and System Audits - Efficient resource management and monitoring are crucial for RHEL administrators. In this chapter, you will explore tools like top, vmstat, and iotop to monitor system performance and plan for future capacity needs. You’ll also learn to manage and analyze logs using Rsyslog and Logrotate and conduct system audits using tools like Auditd to maintain compliance and traceability.

■ ix Chapter 16: Artificial Intelligence and Machine Learning - Discover how RHEL supports AI/ML workloads. This chapter introduces you to deploying and managing AI frameworks and libraries like TensorFlow, PyTorch, and Scikit-learn on RHEL. Learn to optimize hardware for AI/ML, and leverage containerized environments for machine learning pipelines to accelerate AI/ML application development. This is all you need to use this cookbook and go over through the recipes!

x ■ Code Bundle and Coloured Images Please follow the link to download the Code Bundle and the Coloured Images of the book: https://rebrand.ly/ba22ae The code bundle for the book is also hosted on GitHub at https://github.com/bpbpublications/Red-Hat-Enterprise-Linux-9-for-SysAdmins. In case there’s an update to the code, it will be updated on the existing GitHub repository. We have code bundles from our rich catalogue of books and videos available at https://github.com/bpbpublications. Check them out! Errata We take immense pride in our work at BPB Publications and follow best practices to ensure the accuracy of our content to provide with an indulging reading experience to our subscribers. Our readers are our mirrors, and we use their inputs to reflect and improve upon human errors, if any, that may have occurred during the publishing processes involved. To let us maintain the quality and help us reach out to any readers who might be having difficulties due to any unforeseen errors, please write to us at : errata@bpbonline.com Your support, suggestions and feedbacks are highly appreciated by the BPB Publications’ Family. Did you know that BPB offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.bpbonline. com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at : business@bpbonline.com for more details. At www.bpbonline.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on BPB books and eBooks.

■ xi Piracy If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at business@bpbonline.com with a link to the material. If you are interested in becoming an author If there is a topic that you have expertise in, and you are interested in either writing or contributing to a book, please visit www.bpbonline.com. We have worked with thousands of developers and tech professionals, just like you, to help them share their insights with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea. Reviews Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions. We at BPB can understand what you think about our products, and our authors can see your feedback on their book. Thank you! For more information about BPB, please visit www.bpbonline.com. Join our book's Discord space Join the book's Discord Workspace for Latest updates, Offers, Tech happenings around the world, New Release and Sessions with the Authors: https://discord.bpbonline.com

xii ■ Table of Contents 1. Introducing Red Hat Enterprise Linux 9 ............................................................................. 1 Introduction............................................................................................................................ 1 Structure.................................................................................................................................. 1 Objectives ............................................................................................................................... 2 Understanding Red Hat Enterprise Linux...................................................................... 2 Who is Red Hat? .............................................................................................................. 3 Getting additional information on RHEL ....................................................................... 5 Alternatives to RHEL ........................................................................................................... 6 Fedora Linux ..................................................................................................................... 6 CentOS Linux and CentOS Stream ............................................................................... 7 Rocky Linux and AlmaLinux OS ................................................................................... 8 Oracle Linux ..................................................................................................................... 9 Conclusion ............................................................................................................................ 10 2. Setting Up RHEL 9 ................................................................................................................... 11 Introduction.......................................................................................................................... 11 Structure................................................................................................................................ 11 Objectives ............................................................................................................................. 12 Download the RHEL 9 installation image .................................................................... 12 Recipe #1: Create a bootable USB stick for RHEL 9 ................................................... 14 Step 1: Install the Fedora Media Writer application ................................................... 14 Step 2: Create the RHEL 9 bootable USB .................................................................... 15 Recipe #2: Choosing between the installation options for RHEL 9 ........................ 16 Step 1: Run the Anaconda installer .............................................................................. 18 Step 2: Set localization options ..................................................................................... 19 Step 3: Set user settings ................................................................................................. 20 Step 4: Set software options .......................................................................................... 21 Step 5: Set system options ............................................................................................. 22

■ xiii Step 6: Complete the RHEL 9 installation ................................................................... 23 Recipe #3: Configure disk partitions for RHEL 9 ........................................................ 25 Step 1: Customize the storage configuration ................................................................ 27 Step 2: Do a manual partition of the disk 27 Recipe #4: Conduct an automated installation of RHEL 9 using Kickstart .......... 28 Step 1: Access the Kickstart Generator tool ................................................................. 28 Step 2: Create the Kickstart file with the Kickstart Generator .................................... 29 Recipe #5: Install RHEL 9 with Kickstart ...................................................................... 31 Step 1: Run the Kickstart file from the boot prompt..................................................... 31 Conclusion ............................................................................................................................ 32 Points to remember ............................................................................................................ 32 3. Establish RHEL 9 on Cloud ................................................................................................... 33 Introduction.......................................................................................................................... 33 Structure................................................................................................................................ 34 Objectives ............................................................................................................................. 34 Recipe #6: Deploy a RHEL 9 virtual machine on Amazon Web Services (AWS) .. 34 Recipe #7: Deploy a RHEL 9 virtual machine on Microsoft Azure........................ 35 Recipe #8: Deploy a RHEL 9 virtual machine on Google Cloud Platform .......... 37 Recipe #9: Manage your RHEL 9 systems with the Red Hat Hybrid Cloud Console ...................................................................................... 39 Recipe #10: Migrate your current Red Hat subscription to cloud with Red Hat Cloud Access ...................................................... 40 Conclusion ............................................................................................................................ 42 Points to remember ............................................................................................................ 43 4. Miscellaneous Configurations of RHEL 9 ........................................................................ 45 Introduction.......................................................................................................................... 45 Structure................................................................................................................................ 45 Objectives ............................................................................................................................. 46 Recipe #11: Upgrade from a previous version of RHEL............................................ 46 Recipe #12: Manage user accounts and access permissions ..................................... 48

xiv ■ Recipe #13: Configure date and time settings .............................................................. 49 Recipe #14: Configure network interfaces .................................................................... 50 Recipe #15: Set up a firewall ............................................................................................ 52 Recipe #16: Enable and disable system services .......................................................... 53 Conclusion ............................................................................................................................ 55 Points to remember ............................................................................................................ 55 5. Managing RHEL 9 Subscriptions........................................................................................ 57 Introduction.......................................................................................................................... 57 Structure................................................................................................................................ 57 Objectives ............................................................................................................................. 58 Recipe #17: Get a no-cost RHEL for developers subscription for testing .............. 58 Recipe #18: Register your RHEL 9 system to receive software updates ................ 62 Recipe #19: Install the sos utility and generate a system report 66 Recipe #20: Clean the sos report to remove sensitive or private data 68 Recipe #21: Sending the sos report to Red Hat Technical support with various tools ............................................................................. 72 Conclusion ............................................................................................................................ 75 Points to remember ............................................................................................................ 75 6. Configuring Software Repositories and RHEL 9 Updates ........................................... 77 Introduction.......................................................................................................................... 77 Structure................................................................................................................................ 77 Objectives ............................................................................................................................. 78 Recipe #22: Configure the DNF tool and update RHEL 9 ......................................... 78 Recipe #23: Install and configure the EPEL repository 82 Recipe #24: Install and configure RPM Fusion repositories 86 Recipe #25: Manage RHEL 9 software packages ......................................................... 90 Recipe #26: Automate software updates with DNF Automatic ................................. 94 Conclusion ............................................................................................................................ 97 Points to remember ............................................................................................................ 97

■ xv 7. Managing RHEL 9 with GNOME Desktop...................................................................... 99 Introduction.......................................................................................................................... 99 Structure.............................................................................................................................. 100 Objectives ........................................................................................................................... 100 Recipe #27: Running an application using GNOME ............................................... 100 Recipe #28: Manage and install applications with GNOME Software application manager ..................................................................... 102 Recipe #29: Managing storage in GNOME ................................................................ 106 Manage volumes and partitions .................................................................................. 106 Recipe #30 Setting up a printer and configuring printer settings ......................... 106 Recipe #31: Customizing the GNOME environment............................................... 108 Enabling text input for other languages .................................................................... 108 Setting up an application to run automatically upon login in GNOME ................ 110 Using GNOME Tweaks to customize your GNOME Desktop environment experience ................................................................ 111 Conclusion .......................................................................................................................... 112 Points to remember .......................................................................................................... 112 8. Managing Infrastructure and Databases ........................................................................ 113 In troduction.................................................................................................................... 113 Structure.............................................................................................................................. 113 Objectives ........................................................................................................................... 114 Recipe #32: Install and manage a basic LAMP stack ................................................ 114 Recipe #33: Install and configure NGINX ................................................................ 116 Recipe #34: Install and manage HAProxy ................................................................... 117 Recipe #35: Install and manage Varnish Cache .......................................................... 118 Recipe #36: Install and configure Squid proxy cache ............................................ 120 Recipe #37: Install and manage MySQL ...................................................................... 121 Recipe #38: Install and manage PostgreSQL ............................................................... 122 Recipe #39: Install and manage MariaDB .................................................................... 123 Recipe #40: Install and manage MongoDB Community Edition ........................... 123 Recipe #41: Install and manage CockroachDB ........................................................... 124

xvi ■ Recipe #42: Install and manage Neo4j ........................................................................ 126 Recipe #43: Install and manage Cassandra ................................................................ 127 Recipe #44: Install and manage Microsoft SQL Server ............................................ 128 Conclusion .......................................................................................................................... 130 Points to remember .......................................................................................................... 130 9. Administration of Virtualization Workloads ................................................................. 131 Introduction........................................................................................................................ 131 Structure.............................................................................................................................. 131 Objectives ........................................................................................................................... 132 Recipe #45: Install and manage the virtualization hypervisor packages............. 132 Recipe #46: Install a Linux guest virtual machine.................................................... 133 Recipe #47: Install a Windows guest virtual machine ............................................. 134 Recipe #48: Starting the virtual machine from the console ..................................... 135 Recipe #49: View information of deployed virtual machines 136 Recipe #50: Shut down and delete the virtual machine from the console 136 Conclusion .......................................................................................................................... 137 Points to remember .......................................................................................................... 137 10. Create, Manage, and Monitor Containers ...................................................................... 139 Introduction........................................................................................................................ 139 Structure.............................................................................................................................. 140 Objectives ........................................................................................................................... 140 Recipe #51: Install the container tools .......................................................................... 140 Recipe #52: Build a rootless container environment ................................................ 141 Recipe #53: Manage the container registry................................................................. 142 Recipe #54: Manage the containers with Podman ................................................... 143 Recipe #55: Monitor the container environment ....................................................... 145 Recipe #56: Manage the container network ............................................................... 146 Conclusion .......................................................................................................................... 147 Points to remember .......................................................................................................... 147

■ xvii 11. Working Around Networks, Files, and Storage Services ........................................... 149 Introduction........................................................................................................................ 149 Structure.............................................................................................................................. 150 Objectives ........................................................................................................................... 150 Recipe #57: Configure the Ethernet and Wi-Fi connection ..................................... 150 Recipe #58: Configure a VLAN to secure network traffic ........................................ 152 Recipe #59: Configure network bonding on network interfaces for higher throughput ................................................................................... 154 Recipe #60: Configure a VPN connection ................................................................... 157 Recipe #61: Set up an IP tunnel ..................................................................................... 159 Recipe #62: Do basic disk administration with parted and fdisk ......................... 162 Recipe #63: Create logical storage devices with LVM ............................................. 166 Recipe #64: Manage a remote iSCSI storage .............................................................. 169 Recipe #65: Set up a Samba service for file and print services .............................. 173 Recipe #66: Set up an NFS service ................................................................................ 175 Conclusion .......................................................................................................................... 176 Points to remember .......................................................................................................... 177 12. Source Codes, DevOps Pipelines, and Application Development ......................... 179 Introduction........................................................................................................................ 179 Structure.............................................................................................................................. 179 Objectives ........................................................................................................................... 180 Recipe #67: Install OpenJDK JRE .................................................................................. 180 Recipe #68: Install .NET and publish .NET 6.0 applications .................................. 181 Publishing applications with .NET 6.0 ...................................................................... 182 Running .NET applications in containers ................................................................. 182 Recipe #69: Install and configure a GIT repository ................................................. 183 Recipe #70: Install and configure essential tools for DevOps ............................... 185 Recipe #71: Install and configure Ansible for DevOps pipeline automation .... 187 Conclusion .......................................................................................................................... 189 Points to remember .......................................................................................................... 190

xviii ■ 13. Administration of Clusters and Servers ......................................................................... 191 Introduction........................................................................................................................ 191 Structure.............................................................................................................................. 191 Objectives ........................................................................................................................... 192 Recipe #72: Install and configure Pacemaker ............................................................. 192 Recipe #73: Create a high availability cluster ............................................................ 194 Recipe #74: Configure an active/passive Apache server ........................................ 197 Recipe #75: Configure an active/passive NFS server .............................................. 199 Recipe #76: Manage cluster resources and cluster nodes........................................ 201 Resource relocation ....................................................................................................... 201 Live migration .............................................................................................................. 202 Resource ban ................................................................................................................. 202 Node standby mode ...................................................................................................... 202 Node addition ............................................................................................................... 203 Node removal ................................................................................................................ 203 Conclusion .......................................................................................................................... 203 Points to remember .......................................................................................................... 204 14. Security Hardening of RHEL ............................................................................................. 205 Introduction........................................................................................................................ 205 Structure.............................................................................................................................. 205 Objectives ........................................................................................................................... 206 Recipe #77: Check available security advisories from the console ....................... 207 Recipe #78: Identify available security updates not yet installed in RHEL........ 208 Recipe #79: Install a specific security update from an advisory 208 Recipe #80: Set up RHEL to install security updates automatically 209 Recipe #81: Implement secure disk partitions ........................................................... 211 Recommended partitioning scheme 211 Encrypting partitions with LUKS 212 Configuring LUKS encryption during installation .................................................. 212 Post-installation encryption with LUKS ................................................................... 212 Recipe #82: Set up and configure the firewall service firewalld............................ 214

■ xix Recipe #83: Implement nftables for a network-wide firewall service .................. 218 Migrating from iptables to nftables ............................................................................. 218 Writing and executing nftables scripts ...................................................................... 219 Configuring NAT with nftables .................................................................................. 219 Advanced features: using sets and maps .................................................................... 220 Recipe #84: Set up RHEL in Federal Information Processing Standard mode... 221 Enabling FIPS mode during installation ................................................................... 221 Switching an installed system to FIPS mode ............................................................. 222 Enabling FIPS mode in a container ............................................................................ 222 Recipe #85: Implement and manage SELinux in RHEL .......................................... 223 SELinux states and modes .......................................................................................... 223 Managing SELinux users and roles ............................................................................ 224 Configuring SELinux for applications ....................................................................... 224 Troubleshooting SELinux ............................................................................................ 225 Recipe #86: Implement OpenSSH for secure communications ............................. 225 Recipe #87: Configure OpenSSH clients with system roles .................................... 229 Recipe #88: Implement SSL and TLS ............................................................................ 231 Recipe #89: Set up a VPN with IPSec ........................................................................... 234 Recipe #90: Secure NFS services ................................................................................... 237 Conclusion .......................................................................................................................... 238 Points to remember .......................................................................................................... 239 15. Capacity Planning, Log Analysis, and System Audits ............................................... 241 Introduction........................................................................................................................ 241 Structure.............................................................................................................................. 241 Objectives ........................................................................................................................... 242 Recipe #91: Set the baseline requirement for capacity ............................................. 242 Recipe #92: Set up performance monitoring with sysstat ....................................... 244 Installing Sysstat ......................................................................................................... 244 Configuring Sysstat ..................................................................................................... 244 Using Sysstat tools for performance monitoring ....................................................... 245 Automating and scheduling reports............................................................................ 246