Our server operating system is Red Hat Enterprise Linux (RHEL) 5. We maintain an annual subscription at the Basic level, ordered directly from Red Hat.
Most error correction and revision of the operating system takes place automatically under the management of Red Hat Network, whose services are included in our subscription to the operating system.
Most software installed under the operating system is provided by Red Hat in the form of RPM files, which are automatically installed or revised.
Some software that we use is not available from Red Hat, and we obtain and install it separately. If it is obtained as RPM files, Red Hat Network keeps a record of its presence on the server but does not support it.
Software supplied by Red Hat is usually older than the most recent version available directly from the developer, but it is much easier to install and maintain.
We have occasionally encountered problems trying to install software not provided by Red Hat, because it can require other software as a prerequisite, which either isn't installed yet or is installed in a version or location that prevents the new RPM script from recognizing or accepting it. We received advice in 2007 from Stuart Cooper (stuart.cooper@gmail.com) to counteract this problem by collecting all related RPM files of the same software system and install them together with a single "rpm" command, and also by using the "-Uvh" switch with the command instead of "-i".
The server acts as a central logging repository for its own services and other devices in our network. The “syslogd” daemon performs the logging. Its availability for logging of other devices requires that the file “/etc/sysconfig/syslog” be customized. In our configuration, the file contains the statement “SYSLOGD_OPTIONS="-r -x"”, in lieu of the standard statement “SYSLOGD_OPTIONS="-m 0"”. With our custom statement, messages are accepted from other hosts and periodic time-stamps are added to the log files.
The files where logging messages are stored are defined in the “/etc/syslog.conf” file. Each service or device also has a configuration determining what it logs and whether it sends log messages to the central logging service or to some other destination.
We use discretionary (file-permission-based) access control for security. RHEL also offers mandatory access control with the SELinux (Security Enhanced Linux) system. We run the server with SELinux disabled, because enabling it (in permissive mode) creates a need for complex configuration and causes numerous warnings that are so poorly documented that we can’t use them to check or correct access permissions knowledgeably.
