From 59921db098703f82f6f951069367c8a5ac6968bc Mon Sep 17 00:00:00 2001 From: Robert Krátký Date: Aug 10 2017 10:59:55 +0000 Subject: Switch to hardcoded xrefs. --- diff --git a/en-US/RPM.adoc b/en-US/RPM.adoc index 4fad69e..8dbb558 100644 --- a/en-US/RPM.adoc +++ b/en-US/RPM.adoc @@ -14,7 +14,7 @@ The [application]*RPM Package Manager* only works with packages built in the *RP [WARNING] ==== indexterm:[packages,DNF instead of RPM] -For most package-management tasks, the [application]*DNF* package manager offers equal and often greater capabilities and utility than [application]*RPM*. [application]*DNF* also performs and tracks complicated system-dependency resolutions. [application]*DNF* maintains the system integrity and forces a system integrity check if packages are installed or removed using another application, such as [application]*RPM*, instead of [application]*DNF*. For these reasons, it is highly recommended that you use [application]*DNF* instead of [application]*RPM* whenever possible to perform package-management tasks. See <>. +For most package-management tasks, the [application]*DNF* package manager offers equal and often greater capabilities and utility than [application]*RPM*. [application]*DNF* also performs and tracks complicated system-dependency resolutions. [application]*DNF* maintains the system integrity and forces a system integrity check if packages are installed or removed using another application, such as [application]*RPM*, instead of [application]*DNF*. For these reasons, it is highly recommended that you use [application]*DNF* instead of [application]*RPM* whenever possible to perform package-management tasks. See xref:package-management/DNF.adoc#ch-DNF[DNF]. If you prefer a graphical interface, you can use the [application]*PackageKit* GUI application, which uses [application]*DNF* as its back end, to manage your system's packages. @@ -51,7 +51,7 @@ The goal of keeping sources pristine may seem important only for developers, but [[s1-rpm-using]] === Using RPM -[application]*RPM* has five basic modes of operationindexterm:[RPM,basic modes] (not counting package building): installing, uninstalling, upgrading, querying, and verifying. This section contains an overview of each mode. For complete details and options, try [command]#rpm --help# or see *rpm*(8). Also, see <> for more information on [application]*RPM*. +[application]*RPM* has five basic modes of operationindexterm:[RPM,basic modes] (not counting package building): installing, uninstalling, upgrading, querying, and verifying. This section contains an overview of each mode. For complete details and options, try [command]#rpm --help# or see *rpm*(8). Also, see xref:RPM.adoc#s1-rpm-additional-resources[Additional Resources] for more information on [application]*RPM*. [[sec-Installing_and_Upgrading]] ==== Installing and Upgrading Packages @@ -110,7 +110,7 @@ Preparing... ########################################### [100%] [command]#rpm# provides two different options for installing packages: the aforementioned [option]`-U` option (which historically stands for *upgrade*), and the [option]`-i` option (which historically stands for *install*). Because the [option]`-U` option includes both install and upgrade functions, the use of [command]#rpm -Uvh# with all packages, *except kernel packages*, is recommended. -You should always use the [option]`-i` option to *install* a new kernel package instead of upgrading it. This is because using the [option]`-U` option to upgrade a kernel package removes the previous (older) kernel package, which could render the system unable to boot if there is a problem with the new kernel. Therefore, use the [command]#rpm -i _kernel_package_pass:attributes[{blank}]# command to install a new kernel *without replacing any older kernel packages*. For more information on installing [package]*kernel* packages, see <>. +You should always use the [option]`-i` option to *install* a new kernel package instead of upgrading it. This is because using the [option]`-U` option to upgrade a kernel package removes the previous (older) kernel package, which could render the system unable to boot if there is a problem with the new kernel. Therefore, use the [command]#rpm -i _kernel_package_pass:attributes[{blank}]# command to install a new kernel *without replacing any older kernel packages*. For more information on installing [package]*kernel* packages, see xref:kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc#ch-Manually_Upgrading_the_Kernel[Manually Upgrading the Kernel]. ==== @@ -123,7 +123,7 @@ If you do not have the appropriate key installed to verify the signature, the me warning: tree-1.7.0-3.{PKGOS}.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 431d51: NOKEY ---- -See <> for more information on checking package signatures. +See xref:RPM.adoc#s1-check-rpm-sig[Checking Package Signatures] for more information on checking package signatures. [[s3-rpm-errors]] ===== Replacing Already-Installed Packages @@ -353,7 +353,7 @@ Official {MAJOROS} installation media. * indexterm:[initial RPM repositories,installable packages] indexterm:[packages,initial RPM repositories] -Official [application]*RPM* repositories provided with the [application]*DNF* package manager. See <> for details on how to use the official {MAJOROS} package repositories. +Official [application]*RPM* repositories provided with the [application]*DNF* package manager. See xref:package-management/DNF.adoc#ch-DNF[DNF] for details on how to use the official {MAJOROS} package repositories. * Unofficial, third-party repositories not affiliated with {OSORG} also provide RPM packages. @@ -379,7 +379,7 @@ To verify that a package has not been corrupted or tampered with, check its [app Note that the [application]*DNF* package manager performs automatic checking of [application]*GPG* signatures during installations and upgrades. -[application]*GPG* is installed by default, as well as a set of Red{nbsp}Hat keys for verifying packages. To import additional keys for use with [application]*RPM*, see <>. +[application]*GPG* is installed by default, as well as a set of Red{nbsp}Hat keys for verifying packages. To import additional keys for use with [application]*RPM*, see xref:RPM.adoc#s2-keys-importing[Importing GPG Keys]. [[s2-keys-importing]] ===== Importing GPG Keys @@ -481,4 +481,4 @@ indexterm:[RPM,website]indexterm:[RPM,online documentation] indexterm:[RPM,see also] - * <> describes how to use the [application]*DNF* package manager to search, install, update, and uninstall packages on the command line. + * xref:package-management/DNF.adoc#ch-DNF[DNF] describes how to use the [application]*DNF* package manager to search, install, update, and uninstall packages on the command line. diff --git a/en-US/basic-system-configuration/Configuring_the_Date_and_Time.adoc b/en-US/basic-system-configuration/Configuring_the_Date_and_Time.adoc index 082cd6d..fe30fa3 100644 --- a/en-US/basic-system-configuration/Configuring_the_Date_and_Time.adoc +++ b/en-US/basic-system-configuration/Configuring_the_Date_and_Time.adoc @@ -20,7 +20,7 @@ The system time is always kept in _Coordinated Universal Time_ (*UTC*) and conve The [application]*timedatectl* utility is distributed as part of the `systemd` system and service manager and allows you to review and change the configuration of the system clock. You can use this tool to change the current date and time, set the time zone, or enable automatic synchronization of the system clock with a remote server. -For information on how to display the current date and time in a custom format, see also <>. +For information on how to display the current date and time in a custom format, see also xref:Configuring_the_Date_and_Time.adoc#sect-Configuring_the_Date_and_Time-date[Using the date Command]. [[sect-Configuring_the_Date_and_Time-timedatectl-Display]] ===== Displaying the Current Date and Time @@ -74,7 +74,7 @@ Replace _HH_ with an hour, _MM_ with a minute, and _SS_ with a second, all typed This command updates both the system time and the hardware clock. The result it is similar to using both the [command]#date --set# and [command]#hwclock --systohc# commands. -The command will fail if an `NTP` service is enabled. See <> to temporally disable the service. +The command will fail if an `NTP` service is enabled. See xref:Configuring_the_Date_and_Time.adoc#sect-Configuring_the_Date_and_Time-timedatectl-NTP[Synchronizing the System Clock with a Remote Server] to temporally disable the service. [[exam-Configuring_the_Date_and_Time-timedatectl-Time]] .Changing the Current Time @@ -196,7 +196,7 @@ To enable automatic synchronization of the system clock with a remote server, ty ~]#{nbsp}timedatectl set-ntp yes ---- -The command will fail if an `NTP` service is not installed. See <> for more information. +The command will fail if an `NTP` service is not installed. See xref:../servers/Configuring_NTP_Using_the_chrony_Suite.adoc#sect-Installing_chrony[Installing chrony] for more information. ==== @@ -205,7 +205,7 @@ The command will fail if an `NTP` service is not installed. See <>. +For information on how to change the time zone or enable automatic synchronization of the system clock with a remote server, see xref:Configuring_the_Date_and_Time.adoc#sect-Configuring_the_Date_and_Time-timedatectl[Using the timedatectl Command]. [[sect-Configuring_the_Date_and_Time-date-Display]] ===== Displaying the Current Date and Time @@ -232,7 +232,7 @@ You can also customize the format of the displayed information by providing the date +"format" ---- -Replace _format_ with one or more supported control sequences as illustrated in <>. See <> for a list of the most frequently used formatting options, or the `date`(1) manual page for a complete list of these options. +Replace _format_ with one or more supported control sequences as illustrated in xref:Configuring_the_Date_and_Time.adoc#exam-Configuring_the_Date_and_Time-date-Display[Displaying the Current Date and Time]. See xref:Configuring_the_Date_and_Time.adoc#tabl-Configuring_the_Date_and_Time-date-Format[Commonly Used Control Sequences] for a list of the most frequently used formatting options, or the `date`(1) manual page for a complete list of these options. [[tabl-Configuring_the_Date_and_Time-date-Format]] .Commonly Used Control Sequences @@ -357,7 +357,7 @@ Precision Time Protocol (PTP), the kernel automatically synchronizes the hardwar ==== -For details about NTP, see <> and <>. For information about PTP, see <>. For information about setting the hardware clock after executing [application]*ntpdate*, see <>. +For details about NTP, see xref:../servers/Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] and xref:../servers/Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd]. For information about PTP, see xref:../servers/Configuring_PTP_Using_ptp4l.adoc#ch-Configuring_PTP_Using_ptp4l[Configuring PTP Using ptp4l]. For information about setting the hardware clock after executing [application]*ntpdate*, see xref:../servers/Configuring_NTP_Using_ntpd.adoc#s1-Configuring_the_Hardware_Clock_update[Configuring the Hardware Clock Update]. [[sect2-displaying-time-hwclock]] ===== Displaying the Current Date and Time @@ -387,7 +387,7 @@ CEST is a time zone abbreviation and stands for Central European Summer Time. ==== -For information on how to change the time zone, see <>. +For information on how to change the time zone, see xref:Configuring_the_Date_and_Time.adoc#sect-Configuring_the_Date_and_Time-timedatectl-Time_Zone[Changing the Time Zone]. [[sect3-changing-date-time-hwclock]] ===== Setting the Date and Time @@ -454,7 +454,7 @@ To set the hardware clock to the current system time and keep the hardware clock ~]#{nbsp}hwclock --systohc --localtime ---- -To avoid problems with time zone and DST switching, it is recommended to keep the hardware clock in UTC. The shown <> is useful, for example, in case of a multi boot with a Windows system, which assumes the hardware clock runs in local time by default, and all other systems need to accommodate to it by using local time as well. It may also be needed with a virtual machine; if the virtual hardware clock provided by the host is running in local time, the guest system needs to be configured to use local time, too. +To avoid problems with time zone and DST switching, it is recommended to keep the hardware clock in UTC. The shown xref:Configuring_the_Date_and_Time.adoc#exam4-sect4-synchornizing-systohc-hwclock[Synchronizing the Hardware Clock with System Time] is useful, for example, in case of a multi boot with a Windows system, which assumes the hardware clock runs in local time by default, and all other systems need to accommodate to it by using local time as well. It may also be needed with a virtual machine; if the virtual hardware clock provided by the host is running in local time, the guest system needs to be configured to use local time, too. ==== @@ -473,4 +473,4 @@ For more information on how to configure the date and time in {MAJOROSVER}, see .See Also -* <> documents how to configure the keyboard layout. +* xref:System_Locale_and_Keyboard_Configuration.adoc#ch-System_Locale_and_Keyboard_Configuration[System Locale and Keyboard Configuration] documents how to configure the keyboard layout. diff --git a/en-US/basic-system-configuration/Gaining_Privileges.adoc b/en-US/basic-system-configuration/Gaining_Privileges.adoc index c4e7214..d6cefb1 100644 --- a/en-US/basic-system-configuration/Gaining_Privileges.adoc +++ b/en-US/basic-system-configuration/Gaining_Privileges.adoc @@ -37,7 +37,7 @@ You can also use the [application]*Users* settings tool to modify group membersh . Change the Account Type from `Standard` to `Administrator`. This will add the user to the `wheel` group. -See <> for more information about the [application]*Users* tool. +See xref:Managing_Users_and_Groups.adoc#s1-users-configui[Managing Users in a Graphical Environment] for more information about the [application]*Users* tool. After you add the desired users to the `wheel` group, it is advisable to only allow these specific users to use the [command]#su# command. To do this, edit the PAM configuration file for [command]#su#, `/etc/pam.d/su`. Open this file in a text editor and uncomment the following line by removing the `#` character: @@ -154,4 +154,4 @@ While programs allowing users to gain administrative privileges are a potential .See Also -* <> documents how to manage system users and groups in the graphical user interface and on the command line. +* xref:Managing_Users_and_Groups.adoc#ch-Managing_Users_and_Groups[Managing Users and Groups] documents how to manage system users and groups in the graphical user interface and on the command line. diff --git a/en-US/basic-system-configuration/Managing_Users_and_Groups.adoc b/en-US/basic-system-configuration/Managing_Users_and_Groups.adoc index d314f74..8126bd3 100644 --- a/en-US/basic-system-configuration/Managing_Users_and_Groups.adoc +++ b/en-US/basic-system-configuration/Managing_Users_and_Groups.adoc @@ -72,7 +72,7 @@ When a new user is created, the account is disabled until a password is set. The [[s1-users-tools]] ==== Using Command Line Tools indexterm:[users,tools for management of,useradd]indexterm:[users,tools for management of,the Users setting tool]indexterm:[groups,tools for management of,groupadd] -Apart from the [application]*Users* settings tool described in <>, which is designed for basic managing of users, you can use command line tools for managing users and groups that are listed in <>. +Apart from the [application]*Users* settings tool described in xref:Managing_Users_and_Groups.adoc#s1-users-configui[Managing Users in a Graphical Environment], which is designed for basic managing of users, you can use command line tools for managing users and groups that are listed in xref:Managing_Users_and_Groups.adoc#table-users-tools[Command line utilities for managing users and groups]. [[table-users-tools]] .Command line utilities for managing users and groups @@ -99,7 +99,7 @@ To add a new user to the system, type the following at a shell prompt as `root`: [command]#useradd# _options_ _username_ ---- -…where _options_ are command-line options as described in <>. +…where _options_ are command-line options as described in xref:Managing_Users_and_Groups.adoc#table-useradd-options[Common useradd command-line options]. indexterm:[user configuration,command line configuration,passwd] By default, the [command]#useradd# command creates a locked user account. To unlock the account, run the following command as `root` to assign a password: @@ -108,7 +108,7 @@ By default, the [command]#useradd# command creates a locked user account. To unl [command]#passwd# _username_ ---- -Optionally, you can set a password aging policy. See <> for information on how to enable password aging. +Optionally, you can set a password aging policy. See xref:Managing_Users_and_Groups.adoc#s2-users-tools-password-aging[Enabling Password Aging] for information on how to enable password aging. [[table-useradd-options]] .Common useradd command-line options @@ -189,7 +189,7 @@ If an encrypted password is passed using the [option]`-p` flag, it is placed in juan:x:1001: ---- + -A group with the same name as a user is called a _user private group_. For more information on user private groups, see <>. +A group with the same name as a user is called a _user private group_. For more information on user private groups, see xref:Managing_Users_and_Groups.adoc#s2-users-groups-private-groups[User Private Groups]. + The line created in `/etc/group` has the following characteristics: + @@ -249,7 +249,7 @@ To add a new group to the system, type the following at a shell prompt as `root` groupadd pass:quotes[_options_] pass:quotes[_group_name_] ---- -…where _options_ are command-line options as described in <>. +…where _options_ are command-line options as described in xref:Managing_Users_and_Groups.adoc#table-groupadd-options[Common groupadd command-line options]. [[table-groupadd-options]] .Common groupadd command-line options @@ -274,7 +274,7 @@ For security reasons, it is advisable to require users to change their passwords [IMPORTANT] ==== -Shadow passwords must be enabled to use the [command]#chage# command. For more information, see <>. +Shadow passwords must be enabled to use the [command]#chage# command. For more information, see xref:Managing_Users_and_Groups.adoc#s2-users-groups-shadow-utilities[Shadow Passwords]. ==== indexterm:[user configuration,command line configuration,chage] @@ -285,7 +285,7 @@ To configure password expiration for a user from a shell prompt, run the followi [command]#chage# _options_ _username_ ---- -…where _options_ are command line options as described in <>. When the [command]#chage# command is followed directly by a username (that is, when no command line options are specified), it displays the specified users current password aging values and allows you to change these values interactively. +…where _options_ are command line options as described in xref:Managing_Users_and_Groups.adoc#table-chage-options[chage command line options]. When the [command]#chage# command is followed directly by a username (that is, when no command line options are specified), it displays the specified users current password aging values and allows you to change these values interactively. [[table-chage-options]] .chage command line options @@ -351,7 +351,7 @@ Especially when the user is logged in as `root`, an unattended login session may [command]#dnf# [option]`install` [option]`screen` ---- + -For more information on how to install packages in {MAJOROS}, refer to <>. +For more information on how to install packages in {MAJOROS}, refer to xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. . As `root`, add the following line at the beginning of the `/etc/profile` file to make sure the processing of this file cannot be interrupted: + diff --git a/en-US/basic-system-configuration/System_Locale_and_Keyboard_Configuration.adoc b/en-US/basic-system-configuration/System_Locale_and_Keyboard_Configuration.adoc index 56860e8..7532180 100644 --- a/en-US/basic-system-configuration/System_Locale_and_Keyboard_Configuration.adoc +++ b/en-US/basic-system-configuration/System_Locale_and_Keyboard_Configuration.adoc @@ -23,7 +23,7 @@ LC_MESSAGES=C ---- -Here, the LC_MESSAGES option determines the locale used for diagnostic messages written to the standard error output. To further specify locale settings in `/etc/locale.conf`, you can use several other options, the most relevant are summarized in <>. See the `locale(7)` manual page for detailed information on these options. Note that the LC_ALL option, which represents all possible options, should not be configured in `/etc/locale.conf`. +Here, the LC_MESSAGES option determines the locale used for diagnostic messages written to the standard error output. To further specify locale settings in `/etc/locale.conf`, you can use several other options, the most relevant are summarized in xref:System_Locale_and_Keyboard_Configuration.adoc#tab-locale_options[Options configurable in /etc/locale.conf]. See the `locale(7)` manual page for detailed information on these options. Note that the LC_ALL option, which represents all possible options, should not be configured in `/etc/locale.conf`. [[tab-locale_options]] .Options configurable in /etc/locale.conf @@ -110,7 +110,7 @@ To set the default system locale, use the following command as `root`: [command]#localectl# [option]`set-locale` [option]`LANG`pass:attributes[{blank}]=pass:attributes[{blank}]_locale_ ---- -Replace _locale_ with the locale name, found with the [command]#localectl# [option]`list-locales` command. The above syntax can also be used to configure parameters from <>. +Replace _locale_ with the locale name, found with the [command]#localectl# [option]`list-locales` command. The above syntax can also be used to configure parameters from xref:System_Locale_and_Keyboard_Configuration.adoc#tab-locale_options[Options configurable in /etc/locale.conf]. .Changing the Default Locale ==== diff --git a/en-US/infrastructure-services/OpenSSH.adoc b/en-US/infrastructure-services/OpenSSH.adoc index 9e6dc72..4ef0a85 100644 --- a/en-US/infrastructure-services/OpenSSH.adoc +++ b/en-US/infrastructure-services/OpenSSH.adoc @@ -140,7 +140,7 @@ In order to perform tasks described in this section, you must have superuser pri indexterm:[SSH protocol,configuration files] There are two different sets of configuration files: those for client programs (that is, [command]#ssh#, [command]#scp#, and [command]#sftp#), and those for the server (the [command]#sshd# daemon). indexterm:[SSH protocol,configuration files,system-wide configuration files]indexterm:[SSH protocol,configuration files,user-specific configuration files] -System-wide SSH configuration information is stored in the `/etc/ssh/` directory as described in <>. User-specific SSH configuration information is stored in `~/.ssh/` within the user's home directory as described in <>. +System-wide SSH configuration information is stored in the `/etc/ssh/` directory as described in xref:OpenSSH.adoc#table-ssh-configuration-configs-system[System-wide configuration files]. User-specific SSH configuration information is stored in `~/.ssh/` within the user's home directory as described in xref:OpenSSH.adoc#table-ssh-configuration-configs-user[User-specific configuration files]. [[table-ssh-configuration-configs-system]] .System-wide configuration files @@ -187,7 +187,7 @@ indexterm:[OpenSSH,server] [NOTE] ==== -To run an OpenSSH server, you must have the [package]*openssh-server* package installed. See <> for more information on how to install new packages in {MAJOROSVER}. +To run an OpenSSH server, you must have the [package]*openssh-server* package installed. See xref:../package-management/DNF.adoc#sec-Installing[Installing Packages] for more information on how to install new packages in {MAJOROSVER}. ==== indexterm:[OpenSSH,server,starting] @@ -213,7 +213,7 @@ If you want the daemon to start automatically at the boot time, type as `root`: ln -s '/usr/lib/systemd/system/sshd.service' '/etc/systemd/system/multi-user.target.wants/sshd.service' ---- -See <> for more information on how to configure services in {MAJOROS}. +See xref:Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. Note that if you reinstall the system, a new set of identification keys will be created. As a result, clients who had connected to the system with any of the OpenSSH tools before the reinstall will see the following message: @@ -227,7 +227,7 @@ Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. ---- -To prevent this, you can backup the relevant files from the `/etc/ssh/` directory (see <> for a complete list), and restore them whenever you reinstall the system. +To prevent this, you can backup the relevant files from the `/etc/ssh/` directory (see xref:OpenSSH.adoc#table-ssh-configuration-configs-system[System-wide configuration files] for a complete list), and restore them whenever you reinstall the system. [[s2-ssh-configuration-requiring]] ===== Requiring SSH for Remote Connections @@ -254,7 +254,7 @@ To disable running these services at startup, type: [command]#systemctl disable vsftpd.service# ---- -See <> for more information on how to configure services in {MAJOROS}. +See xref:Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. [[s2-ssh-configuration-keypairs]] ===== Using Key-based Authentication @@ -270,7 +270,7 @@ If you are working on a system other than a new default installation, check that To be able to use [command]#ssh#, [command]#scp#, or [command]#sftp# to connect to the server from a client machine, generate an authorization key pair by following the steps below. Note that keys must be generated for each user separately. -{MAJOROSVER} uses SSH Protocol 2 and RSA keys by default (see <> for more information). +{MAJOROSVER} uses SSH Protocol 2 and RSA keys by default (see xref:OpenSSH.adoc#s2-ssh-versions[Protocol Versions] for more information). .Do not generate key pairs as root [IMPORTANT] @@ -413,7 +413,7 @@ ssh-copy-id -i ~/.ssh/id_ecdsa.pub USER@hostname + This will copy the content of `~/.ssh/id_ecdsa.pub` into the `~/.ssh/authorized_keys` on the machine to which you want to connect. If the file already exists, the keys are appended to its end. -See <> for information on how to set up your system to remember the passphrase. +See xref:OpenSSH.adoc#s3-ssh-configuration-keypairs-agent[Configuring ssh-agent] for information on how to set up your system to remember the passphrase. .Never share your private key [IMPORTANT] @@ -758,7 +758,7 @@ HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub . On user's systems. remove keys belonging to hosts from the `~/.ssh/known_hosts` file if the user has previously logged into the host configured above. When a user logs into the host they should no longer be presented with the warning about the hosts authenticity. -To test the host certificate, on a client system, ensure the client has set up the global `/etc/ssh/known_hosts` file, as described in <>, and that the server's public key is not in the `~/.ssh/known_hosts` file. Then attempt to log into the server over SSH as a remote user. You should not see a warning about the authenticity of the host. If required, add the [option]`-v` option to the SSH command to see logging information. +To test the host certificate, on a client system, ensure the client has set up the global `/etc/ssh/known_hosts` file, as described in xref:OpenSSH.adoc#proc-Trusting_the_Host_Signing_Key[Trusting the Host Signing Key], and that the server's public key is not in the `~/.ssh/known_hosts` file. Then attempt to log into the server over SSH as a remote user. You should not see a warning about the authenticity of the host. If required, add the [option]`-v` option to the SSH command to see logging information. [[sec-Creating_SSH_Certificates_for_Authenticating_Users]] ====== Creating SSH Certificates for Authenticating Users @@ -841,7 +841,7 @@ drwx------. 3 user1 user1 4096 May 7 12:37 .. -rw-r--r--. 1 user1 user1 421 May 7 12:37 id_rsa.pub ---- + -See <> for more examples of key generation and for instructions on setting the correct directory permissions. +See xref:OpenSSH.adoc#s2-ssh-configuration-keypairs[Using Key-based Authentication] for more examples of key generation and for instructions on setting the correct directory permissions. . The chosen public key must be copied to the server designated as the CA, in order to be signed. The secure copy command can be used to do this, the command has the following format: + @@ -860,7 +860,7 @@ admin@ca-server.example.com's password: id_rsa.pub 100% 421 0.4KB/s 00:00 ---- + -If you have configured the client system to trust the host signing key as described in <> then you should not see a warning about the authenticity of the remote host. +If you have configured the client system to trust the host signing key as described in xref:OpenSSH.adoc#proc-Trusting_the_Host_Signing_Key[Trusting the Host Signing Key] then you should not see a warning about the authenticity of the remote host. . On the CA server, sign the user's public key. For example, as `root`: + @@ -1031,7 +1031,7 @@ indexterm:[OpenSSH,client] [NOTE] ==== -To connect to an OpenSSH server from a client machine, you must have the [package]*openssh-clients* package installed. See <> for more information on how to install new packages in {MAJOROSVER}. +To connect to an OpenSSH server from a client machine, you must have the [package]*openssh-clients* package installed. See xref:../package-management/DNF.adoc#sec-Installing[Installing Packages] for more information on how to install new packages in {MAJOROSVER}. ==== @@ -1201,7 +1201,7 @@ Connected to penguin.example.com. sftp> ---- -After you enter the correct password, you will be presented with a prompt. The [command]#sftp# utility accepts a set of commands similar to those used by [command]#ftp# (see <>). +After you enter the correct password, you will be presented with a prompt. The [command]#sftp# utility accepts a set of commands similar to those used by [command]#ftp# (see xref:OpenSSH.adoc#table-ssh-clients-sftp[A selection of available sftp commands]). [[table-ssh-clients-sftp]] .A selection of available sftp commands diff --git a/en-US/infrastructure-services/Services_and_Daemons.adoc b/en-US/infrastructure-services/Services_and_Daemons.adoc index 0def50c..4f9c9ca 100644 --- a/en-US/infrastructure-services/Services_and_Daemons.adoc +++ b/en-US/infrastructure-services/Services_and_Daemons.adoc @@ -52,7 +52,7 @@ To configure a service to be automatically started at boot time, use the [comman systemctl enable service_name.service ---- -The service will be started the next time you boot the system. For information on how to start the service immediately, refer to <>. +The service will be started the next time you boot the system. For information on how to start the service immediately, refer to xref:Services_and_Daemons.adoc#s3-services-running-running[Running the Service]. [[exam-services-configuration-enabling]] .Enabling the httpd service @@ -75,7 +75,7 @@ To disable starting a service at boot time, use the [command]#systemctl# command systemctl disable service_name.service ---- -The next time you boot the system, the service will *not* be started. For information on how to stop the service immediately, refer to <>. +The next time you boot the system, the service will *not* be started. For information on how to stop the service immediately, refer to xref:Services_and_Daemons.adoc#s3-services-running-stopping[Stopping the Service]. [[exam-services-configuration-disabling]] .Disabling the telnet service @@ -121,7 +121,7 @@ systemctl is-active service_name.service .Checking the status of the httpd service ==== -<> illustrated how to enable starting the `httpd` service at boot time. Imagine that the system has been restarted and you need to verify that the service is really running. You can do so by typing the following at a shell prompt: +xref:Services_and_Daemons.adoc#exam-services-configuration-enabling[Enabling the httpd service] illustrated how to enable starting the `httpd` service at boot time. Imagine that the system has been restarted and you need to verify that the service is really running. You can do so by typing the following at a shell prompt: [subs="quotes, macros"] ---- @@ -204,13 +204,13 @@ To run a service, use the [command]#systemctl# command in the following form: systemctl start service_name.service ---- -This will start the service in the current session. To configure the service to be started at boot time, refer to <>. +This will start the service in the current session. To configure the service to be started at boot time, refer to xref:Services_and_Daemons.adoc#s3-services-configuration-enabling[Enabling the Service]. [[exam-services-running-running]] .Running the httpd service ==== -<> illustrated how to run the `httpd` service at boot time. You can start the service immediately by typing the following at a shell prompt as `root`: +xref:Services_and_Daemons.adoc#exam-services-configuration-enabling[Enabling the httpd service] illustrated how to run the `httpd` service at boot time. You can start the service immediately by typing the following at a shell prompt as `root`: ---- ~]# systemctl start httpd.service @@ -227,13 +227,13 @@ To stop a service, use the [command]#systemctl# command in the following form: systemctl stop service_name.service ---- -This will stop the service in the current session. To disable starting the service at boot time, refer to <>. +This will stop the service in the current session. To disable starting the service at boot time, refer to xref:Services_and_Daemons.adoc#s3-services-configuration-enabling[Enabling the Service]. [[exam-services-running-stopping]] .Stopping the telnet service ==== -<> illustrated how to disable starting the `telnet` service at boot time. You can stop the service immediately by running the following command as `root`: +xref:Services_and_Daemons.adoc#exam-services-configuration-disabling[Disabling the telnet service] illustrated how to disable starting the `telnet` service at boot time. You can stop the service immediately by running the following command as `root`: ---- ~]# systemctl stop telnet.service diff --git a/en-US/infrastructure-services/TigerVNC.adoc b/en-US/infrastructure-services/TigerVNC.adoc index d05a092..3d5c905 100644 --- a/en-US/infrastructure-services/TigerVNC.adoc +++ b/en-US/infrastructure-services/TigerVNC.adoc @@ -54,7 +54,7 @@ To install the [application]*TigerVNC* server, issue the following command as `r ---- + -There is no need to include the display number in the file name because `systemd` automatically creates the appropriately named instance in memory on demand, replacing `'%i'` in the service file by the display number. For a single user it is not necessary to rename the file. For multiple users, a uniquely named service file for each user is required, for example, by adding the user name to the file name in some way. See <> for details. +There is no need to include the display number in the file name because `systemd` automatically creates the appropriately named instance in memory on demand, replacing `'%i'` in the service file by the display number. For a single user it is not necessary to rename the file. For multiple users, a uniquely named service file for each user is required, for example, by adding the user name to the file name in some way. See xref:TigerVNC.adoc#configuring-vncserver-2users[Configuring VNC Server for Two Users] for details. . Edit `/etc/systemd/system/vncserver@.service`, replacing _USER_ with the actual user name. @@ -102,7 +102,7 @@ file can find the plain-text password. ==== -Proceed to <>. +Proceed to xref:TigerVNC.adoc#s4-starting-vncserver[Starting VNC Server]. [[configuring-vncserver-2users]] ====== Configuring VNC Server for Two Users @@ -134,7 +134,7 @@ Verify: ===== Starting VNC Server To start or enable the service, specify the display number directly in the command. -The file configured above in <> works as a template, in which `%i` is substituted with +The file configured above in xref:TigerVNC.adoc#configuring-vncserver[Configuring the first VNC connection] works as a template, in which `%i` is substituted with the display number by `systemd`. With a valid display number, execute the following command: @@ -259,7 +259,7 @@ assigned display number. For example, for the second port: 2 + 5900 = 5902. ==== -For displays `0` to `3`, make use of `firewalld`pass:attributes[{blank}]'s support for the VNC service by means of the [option]`service` option as described below. Note that for display numbers greater than `3`, the corresponding ports will have to be opened specifically as explained in <>. +For displays `0` to `3`, make use of `firewalld`pass:attributes[{blank}]'s support for the VNC service by means of the [option]`service` option as described below. Note that for display numbers greater than `3`, the corresponding ports will have to be opened specifically as explained in xref:TigerVNC.adoc#proc-Opening-Ports_in_firewalld[Opening Ports in firewalld]. [[proc-Enabling_VNC_Service_in_firewalld]] .Enabling VNC Service in firewalld @@ -369,7 +369,7 @@ ExecStart=/sbin/runuser -l _user_ -c "/usr/bin/vncserver -localhost %i" This will stop `vncserver` from accepting connections from anything but the local host and port-forwarded connections sent using `SSH` as a result of the [option]`-via` option. -For more information on using `SSH`, see <>. +For more information on using `SSH`, see xref:OpenSSH.adoc#ch-OpenSSH[OpenSSH]. [[s9-additional-sources]] ==== Additional Resources diff --git a/en-US/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc b/en-US/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc index 0de8d6c..7457f53 100644 --- a/en-US/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc +++ b/en-US/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc @@ -20,7 +20,7 @@ Whenever possible, use either the [application]*DNF* or [application]*PackageKit ==== indexterm:[kernel,installing kernel packages] -For more information on installing kernel packages with [application]*DNF*, see <>. +For more information on installing kernel packages with [application]*DNF*, see xref:../package-management/DNF.adoc#sec-Updating_Packages[Updating Packages]. [[s1-kernel-packages]] ==== Overview of Kernel Packages @@ -130,7 +130,7 @@ kernel-modules.x86_64 4.0.4-300.fc22 @System kernel-modules.x86_64 4.0.4-301.fc22 @System ---- -From the output, determine which packages need to be downloaded for the kernel upgrade. For a single processor system, the only required package is the [package]*kernel* package. See <> for descriptions of the different packages. +From the output, determine which packages need to be downloaded for the kernel upgrade. For a single processor system, the only required package is the [package]*kernel* package. See xref:Manually_Upgrading_the_Kernel.adoc#s1-kernel-packages[Overview of Kernel Packages] for descriptions of the different packages. [[s1-kernel-download]] ==== Downloading the Upgraded Kernel @@ -144,7 +144,7 @@ There are several ways to determine if an updated kernel is available for the sy dnf check-update --enablerepo=updates-testing ---- -To install the kernel manually, continue to <>. +To install the kernel manually, continue to xref:Manually_Upgrading_the_Kernel.adoc#s1-kernel-perform-upgrade[Performing the Upgrade]. [[s1-kernel-perform-upgrade]] ==== Performing the Upgrade @@ -166,14 +166,14 @@ At a shell prompt, change to the directory that contains the kernel RPM packages ~]#{nbsp}rpm -ivh kernel-kernel_version.arch.rpm ---- -The next step is to verify that the initial RAM disk image has been created. See <> for details. +The next step is to verify that the initial RAM disk image has been created. See xref:Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image] for details. [[sec-Verifying_the_Initial_RAM_Disk_Image]] ==== Verifying the Initial RAM Disk Image indexterm:[initial RAM disk image,verifying] The job of the initial RAM disk image is to preload the block device modules, such as for IDE, SCSI or RAID, so that the root file system, on which those modules normally reside, can then be accessed and mounted. On {MAJOROSVER} systems, whenever a new kernel is installed using either the [application]*DNF*, [application]*PackageKit*, or [application]*RPM* package manager, the [application]*Dracut* utility is always called by the installation scripts to create an _initramfs_ (initial RAM disk image). -On all architectures other than IBM eServer System i (see <>), you can create an `initramfs` by running the [command]#dracut# command. However, you usually don't need to create an `initramfs` manually: this step is automatically performed if the kernel and its associated packages are installed or upgraded from RPM packages distributed by {OSORG}. +On all architectures other than IBM eServer System i (see xref:Manually_Upgrading_the_Kernel.adoc#bh-Verifying_the_Initial_RAM_Disk_Image_and_Kernel_on_IBM_eServer_System_i[Verifying the Initial RAM Disk Image and Kernel on IBM eServer System i]), you can create an `initramfs` by running the [command]#dracut# command. However, you usually don't need to create an `initramfs` manually: this step is automatically performed if the kernel and its associated packages are installed or upgraded from RPM packages distributed by {OSORG}. On architectures that use the GRUB 2 boot loader, you can verify that an `initramfs` corresponding to your current kernel version exists and is specified correctly in the `/boot/grub2/grub.cfg` configuration file by following this procedure: @@ -212,7 +212,7 @@ vmlinuz-3.17.7-300.fc21.x86_64 ==== + -<> shows that: +xref:Manually_Upgrading_the_Kernel.adoc#ex-Ensuring_that_the_kernel_and_initramfs_versions_match[Ensuring that the kernel and initramfs versions match] shows that: + ** we have three kernels installed (or, more correctly, three kernel files are present in the `/boot/` directory), + @@ -270,7 +270,7 @@ See [command]#man dracut# and [command]#man dracut.conf# for more information on initrd16 /initramfs-0-rescue-db90b4e3715b42daa871351439343ca4.img ---- + -See <> for more information on how to read and update the `/boot/grub2/grub.cfg` file. +See xref:Manually_Upgrading_the_Kernel.adoc#s1-kernel-boot-loader[Verifying the Boot Loader] for more information on how to read and update the `/boot/grub2/grub.cfg` file. [[bh-Verifying_the_Initial_RAM_Disk_Image_and_Kernel_on_IBM_eServer_System_i]] .Verifying the Initial RAM Disk Image and Kernel on IBM eServer System i @@ -299,10 +299,10 @@ In the following table, find your system's architecture to determine the boot lo [options="header"] |=== |Architecture|Boot Loader|See -|x86|GRUB 2|<> -|AMD AMD64 *or* Intel 64|GRUB 2|<> -|IBM eServer System i|OS/400|<> -|IBM eServer System p|YABOOT|<> +|x86|GRUB 2|xref:Manually_Upgrading_the_Kernel.adoc#s3-kernel-boot-loader-grub[Configuring the GRUB 2 Boot Loader] +|AMD AMD64 *or* Intel 64|GRUB 2|xref:Manually_Upgrading_the_Kernel.adoc#s3-kernel-boot-loader-grub[Configuring the GRUB 2 Boot Loader] +|IBM eServer System i|OS/400|xref:Manually_Upgrading_the_Kernel.adoc#s2-kernel-boot-loader-iseries[Configuring the OS/400 Boot Loader] +|IBM eServer System p|YABOOT|xref:Manually_Upgrading_the_Kernel.adoc#s2-kernel-boot-loader-pseries[Configuring the YABOOT Boot Loader] |IBM System z|z/IPL|— |=== @@ -338,7 +338,7 @@ menuentry 'Fedora (3.17.6-300.fc21.x86_64) 21 (Twenty One)' --class fedora --cla Each `menuentry` block that represents an installed Linux kernel contains `linux` and `initrd` directives followed by the path to the kernel and the `initramfs` image respectively. If a separate `/boot` partition was created, the paths to the kernel and the `initramfs` image are relative to `/boot`. In the example above, the `initrd16 /initramfs-3.17.6-300.fc21.x86_64.img` line means that the `initramfs` image is actually located at `/boot/initramfs-3.17.6-300.fc21.x86_64.img` when the root file system is mounted, and likewise for the kernel path. -The kernel version number as given on the `linux /vmlinuz-_kernel_version_pass:attributes[{blank}]` line must match the version number of the `initramfs` image given on the `initrd /initramfs-_kernel_version_.img` line of each `menuentry` block. For more information on how to verify the initial RAM disk image, refer to <>. +The kernel version number as given on the `linux /vmlinuz-_kernel_version_pass:attributes[{blank}]` line must match the version number of the `initramfs` image given on the `initrd /initramfs-_kernel_version_.img` line of each `menuentry` block. For more information on how to verify the initial RAM disk image, refer to xref:Manually_Upgrading_the_Kernel.adoc#procedure-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image]. [[note-The_initrd_directive_in_grub.cfg_refers_to_an_initramfs_image]] .The initrd directive in grub.cfg refers to an initramfs image @@ -347,7 +347,7 @@ The kernel version number as given on the `linux /vmlinuz-_kernel_version_pass:a In `menuentry` blocks, the `initrd` directive must point to the location (relative to the `/boot` directory if it is on a separate partition) of the `initramfs` file corresponding to the same kernel version. This directive is called `initrd` because the previous tool which created initial RAM disk images, [command]#mkinitrd#, created what were known as `initrd` files. The `grub.cfg` directive remains `initrd` to maintain compatibility with other tools. The file-naming convention of systems using the [command]#dracut# utility to create the initial RAM disk image is `initramfs-_kernel_version_.img`. -For information on using [application]*Dracut*, refer to <>. +For information on using [application]*Dracut*, refer to xref:Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image]. ==== diff --git a/en-US/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc b/en-US/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc index f8b443b..c725863 100644 --- a/en-US/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc +++ b/en-US/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc @@ -35,7 +35,7 @@ In order to use the kernel module utilities described in this chapter, first ens ---- -For more information on installing packages with DNF, see <>. +For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== @@ -87,7 +87,7 @@ Each row of [command]#lsmod# output specifies: * the amount of memory it uses; and, -* the sum total of processes that are using the module and other modules which depend on it, followed by a list of the names of those modules, if there are any. Using this list, you can first unload all the modules depending the module you want to unload. For more information, see <>. +* the sum total of processes that are using the module and other modules which depend on it, followed by a list of the names of those modules, if there are any. Using this list, you can first unload all the modules depending the module you want to unload. For more information, see xref:Working_with_Kernel_Modules.adoc#sec-Unloading_a_Module[Unloading a Module]. indexterm:[kernel module,files,/proc/modules] Finally, note that [command]#lsmod# output is less verbose and considerably easier to read than the content of the `/proc/modules` pseudo-file. @@ -257,7 +257,7 @@ However, this command will fail if a process is using: * any module that `wacom`, through the dependency tree, depends on indirectly. -See <> for more information about using [command]#lsmod# to obtain the names of the modules which are preventing you from unloading a certain module. +See xref:Working_with_Kernel_Modules.adoc#sec-Listing_Currently-Loaded_Modules[Listing Currently-Loaded Modules] for more information about using [command]#lsmod# to obtain the names of the modules which are preventing you from unloading a certain module. [[ex-unloading_a_kernel_module]] .Unloading a kernel module @@ -306,7 +306,7 @@ Like the kernel itself, modules can also take parameters that change their behav . You can unload all dependencies of the module you want to set parameters for, unload the module using [command]#modprobe -r#, and then load it with [command]#modprobe# along with a list of customized parameters. This method is often used when the module does not have many dependencies, or to test different combinations of parameters without making them persistent, and is the method covered in this section. -. Alternatively, you can list the new parameters in an existing or newly created file in the `/etc/modprobe.d/` directory. This method makes the module parameters persistent by ensuring that they are set each time the module is loaded, such as after every reboot or [command]#modprobe# command. This method is covered in <>, though the following information is a prerequisite. +. Alternatively, you can list the new parameters in an existing or newly created file in the `/etc/modprobe.d/` directory. This method makes the module parameters persistent by ensuring that they are set each time the module is loaded, such as after every reboot or [command]#modprobe# command. This method is covered in xref:Working_with_Kernel_Modules.adoc#sec-Persistent_Module_Loading[Persistent Module Loading], though the following information is a prerequisite. [[ex-Supplying_optional_parameters_when_loading_a_kernel_module]] .Supplying optional parameters when loading a kernel module @@ -348,7 +348,7 @@ Here are the recommended steps for setting custom parameters and then loading a ~]#{nbsp} ---- + -Output would indicate that the module is already loaded into the kernel, in which case you must first unload it before proceeding. See <> for instructions on safely unloading it. +Output would indicate that the module is already loaded into the kernel, in which case you must first unload it before proceeding. See xref:Working_with_Kernel_Modules.adoc#sec-Unloading_a_Module[Unloading a Module] for instructions on safely unloading it. . Load the module and list all custom parameters after the module name. For example, if you wanted to load the Intel PRO/1000 network driver with the interrupt throttle rate set to 3000 interrupts per second for the first, second, and third instances of the driver, and turn on debug, you would run, as `root`: + @@ -363,7 +363,7 @@ This example illustrates passing multiple values to a single parameter by separa [[sec-Persistent_Module_Loading]] ==== Persistent Module Loading indexterm:[kernel module,loading,at the boot time]indexterm:[kernel module,directories,/etc/modules-load.d/] -As shown in <>, many kernel modules are loaded automatically at boot time. You can specify additional modules to be loaded by the `systemd-modules-load.service` daemon by creating a `pass:attributes[{blank}]_program_.conf` file in the `/etc/modules-load.d/` directory, where _program_ is any descriptive name of your choice. The files in `/etc/modules-load.d/` are text files that list the modules to be loaded, one per line. +As shown in xref:Working_with_Kernel_Modules.adoc#ex-Listing_information_about_a_kernel_module_with_lsmod[Listing information about a kernel module with lsmod], many kernel modules are loaded automatically at boot time. You can specify additional modules to be loaded by the `systemd-modules-load.service` daemon by creating a `pass:attributes[{blank}]_program_.conf` file in the `/etc/modules-load.d/` directory, where _program_ is any descriptive name of your choice. The files in `/etc/modules-load.d/` are text files that list the modules to be loaded, one per line. [[ex-A_Text_File_to_Load_a_Module]] .A Text File to Load a Module @@ -420,7 +420,7 @@ In Fedora, when a kernel module is loaded, the module's signature is checked usi [[sect-sources-for-public-keys-used-to-authenticate-kernel-modules]] ====== Sources For Public Keys Used To Authenticate Kernel Modules -During boot, the kernel loads X.509 keys into the system key ring or the system black list key ring from a set of persistent key stores as shown in <> +During boot, the kernel loads X.509 keys into the system key ring or the system black list key ring from a set of persistent key stores as shown in xref:Working_with_Kernel_Modules.adoc#table-sources-for-system-key-rings[Sources For System Key Rings] [[table-sources-for-system-key-rings]] .Sources For System Key Rings @@ -478,7 +478,7 @@ The above output shows the addition of two keys from the UEFI Secure Boot "db" k [[sect-kernel-module-authentication-requirements]] ====== Kernel Module Authentication Requirements -If UEFI Secure Boot is enabled or if the [option]`module.sig_enforce` kernel parameter has been specified, then only signed kernel modules that are authenticated using a key on the system key ring can be successfully loaded.footnote:[Provided that the public key is not on the system black list key ring.] If UEFI Secure Boot is disabled and if the [option]`module.sig_enforce` kernel parameter has not been specified, then unsigned kernel modules and signed kernel modules without a public key can be successfully loaded. This is summarized in <>. +If UEFI Secure Boot is enabled or if the [option]`module.sig_enforce` kernel parameter has been specified, then only signed kernel modules that are authenticated using a key on the system key ring can be successfully loaded.footnote:[Provided that the public key is not on the system black list key ring.] If UEFI Secure Boot is disabled and if the [option]`module.sig_enforce` kernel parameter has not been specified, then unsigned kernel modules and signed kernel modules without a public key can be successfully loaded. This is summarized in xref:Working_with_Kernel_Modules.adoc#table-kernel-module-authentication-requirements-for-loading[Kernel Module Authentication Requirements for Loading]. [[table-kernel-module-authentication-requirements-for-loading]] .Kernel Module Authentication Requirements for Loading @@ -614,7 +614,7 @@ There are no extra steps required to prepare your kernel module for signing. You > my_module.ko ---- -Your kernel module is in ELF image format and this script computes and appends the signature directly to the ELF image in your `my_module.ko` file. The [command]#modinfo# utility can be used to display information about the kernel module's signature, if it is present. For information on using the utility, see <>. +Your kernel module is in ELF image format and this script computes and appends the signature directly to the ELF image in your `my_module.ko` file. The [command]#modinfo# utility can be used to display information about the kernel module's signature, if it is present. For information on using the utility, see xref:Working_with_Kernel_Modules.adoc#sec-Displaying_Information_About_a_Module[Displaying Information About a Module]. Note that this appended signature is not contained in an ELF image section and is not a formal part of the ELF image. Therefore, tools such as [command]#readelf# will not be able to display the signature on your kernel module. diff --git a/en-US/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc b/en-US/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc index cfc421d..27c1939 100644 --- a/en-US/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc +++ b/en-US/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc @@ -14,7 +14,7 @@ GRUB 2 reads its configuration from the `/boot/grub2/grub.cfg` file on tradition The GRUB 2 configuration file, `grub.cfg`, is generated during installation, or by invoking the [application]*/usr/sbin/grub2-mkconfig* utility, and is automatically updated by [command]#grubby# each time a new kernel is installed. When regenerated manually using [application]*grub2-mkconfig*, the file is generated according to the template files located in `/etc/grub.d/`, and custom settings in the `/etc/default/grub` file. Edits of `grub.cfg` will be lost any time [application]*grub2-mkconfig* is used to regenerate the file, so care must be taken to reflect any manual changes in `/etc/default/grub` as well. -Normal operations on `grub.cfg`, such as the removal and addition of new kernels, should be done using the [command]#grubby# tool and, for scripts, using [command]#new-kernel-pkg# tool. If you use [command]#grubby# to modify the default kernel the changes will be inherited when new kernels are installed. For more information on [command]#grubby#, see <>. +Normal operations on `grub.cfg`, such as the removal and addition of new kernels, should be done using the [command]#grubby# tool and, for scripts, using [command]#new-kernel-pkg# tool. If you use [command]#grubby# to modify the default kernel the changes will be inherited when new kernels are installed. For more information on [command]#grubby#, see xref:Working_with_the_GRUB_2_Boot_Loader.adoc#sec-Making_Persistent_Changes_to_a_GRUB_2_Menu_Using_the_grubby_Tool[Making Persistent Changes to a GRUB 2 Menu Using the grubby Tool]. The `/etc/default/grub` file is used by the [command]#grub2-mkconfig# tool, which is used by `anaconda` when creating `grub.cfg` during the installation process, and can be used in the event of a system failure, for example if the boot loader configurations need to be recreated. In general, it is not recommended to replace the `grub.cfg` file by manually running `grub2-mkconfig` except as a last resort. Note that any manual changes to `/etc/default/grub` require rebuilding the `grub.cfg` file. @@ -43,14 +43,14 @@ menuentry 'Fedora, with Linux 3.17.4-301.fc21.x86_64' --class fedora --class gnu Each `menuentry` block that represents an installed Linux kernel contains `linux` on 64-bit IBM POWER Series, `linux16` on x86_64 BIOS-based systems, and `linuxefi` on UEFI-based systems. Then the `initrd` directives followed by the path to the kernel and the `initramfs` image respectively. If a separate `/boot` partition was created, the paths to the kernel and the `initramfs` image are relative to `/boot`. In the example above, the `initrd /initramfs-3.17.4-301.fc21.x86_64.img` line means that the `initramfs` image is actually located at `/boot/initramfs-3.17.4-301.fc21.x86_64.img` when the `root` file system is mounted, and likewise for the kernel path. -The kernel version number as given on the `linux16 /vmlinuz-kernel_version` line must match the version number of the `initramfs` image given on the `initrd /initramfs-kernel_version.img` line of each `menuentry` block. For more information on how to verify the initial RAM disk image, see <>. +The kernel version number as given on the `linux16 /vmlinuz-kernel_version` line must match the version number of the `initramfs` image given on the `initrd /initramfs-kernel_version.img` line of each `menuentry` block. For more information on how to verify the initial RAM disk image, see xref:Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image]. [NOTE] ==== In `menuentry` blocks, the `initrd` directive must point to the location (relative to the `/boot/` directory if it is on a separate partition) of the `initramfs` file corresponding to the same kernel version. This directive is called `initrd` because the previous tool which created initial RAM disk images, [command]#mkinitrd#, created what were known as `initrd` files. The `grub.cfg` directive remains `initrd` to maintain compatibility with other tools. The file-naming convention of systems using the [command]#dracut# utility to create the initial RAM disk image is `initramfs-_kernel_version_.img`. -For information on using [application]*Dracut*, see <>. +For information on using [application]*Dracut*, see xref:Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image]. ==== @@ -59,11 +59,11 @@ For information on using [application]*Dracut*, see <>. +* To make non-persistent changes to the GRUB 2 menu, see xref:Working_with_the_GRUB_2_Boot_Loader.adoc#sec-Making_Temporary_Changes_to_a_GRUB_2_Menu[Making Temporary Changes to a GRUB 2 Menu]. -* To make persistent changes to a running system, see <>. +* To make persistent changes to a running system, see xref:Working_with_the_GRUB_2_Boot_Loader.adoc#sec-Making_Persistent_Changes_to_a_GRUB_2_Menu_Using_the_grubby_Tool[Making Persistent Changes to a GRUB 2 Menu Using the grubby Tool]. -* For information on making and customizing a GRUB 2 configuration file, see <>. +* For information on making and customizing a GRUB 2 configuration file, see xref:Working_with_the_GRUB_2_Boot_Loader.adoc#sec-Customizing_the_GRUB_2_Configuration_File[Customizing the GRUB 2 Configuration File]. [[sec-Making_Temporary_Changes_to_a_GRUB_2_Menu]] ==== Making Temporary Changes to a GRUB 2 Menu @@ -89,7 +89,7 @@ linux16 /vmlinuz-4.2.0-1.fc23.x86_64 root=/dev/mapper/fedora-root ro rd.md= The [option]`rhgb` and [option]`quiet` parameters can be removed in order to enable system messages. -These settings are not persistent and apply only for a single boot. To make persistent changes to a menu entry on a system, use the [command]#grubby# tool. See <> for more information on using [command]#grubby#. +These settings are not persistent and apply only for a single boot. To make persistent changes to a menu entry on a system, use the [command]#grubby# tool. See xref:Working_with_the_GRUB_2_Boot_Loader.adoc#bh-Adding_and_Removing_Arguments_from_a_GRUB_Menu_Entry[Adding and Removing Arguments from a GRUB Menu Entry] for more information on using [command]#grubby#. [[sec-Making_Persistent_Changes_to_a_GRUB_2_Menu_Using_the_grubby_Tool]] ==== Making Persistent Changes to a GRUB 2 Menu Using the grubby Tool @@ -428,7 +428,7 @@ Alternatively, if you want to keep the files in the `/etc/grub2.d/` directory, m [[sec-GRUB_2_Password_Protection]] ==== GRUB 2 Password Protection -GRUB 2 supports both plain-text and encrypted passwords in the GRUB 2 template files. To enable the use of passwords, specify a superuser who can reach the protected entries. Other users can be specified to access these entries as well. Menu entries can be password-protected for booting by adding one or more users to the menu entry as described in <>. To use encrypted passwords, see <>. +GRUB 2 supports both plain-text and encrypted passwords in the GRUB 2 template files. To enable the use of passwords, specify a superuser who can reach the protected entries. Other users can be specified to access these entries as well. Menu entries can be password-protected for booting by adding one or more users to the menu entry as described in xref:Working_with_the_GRUB_2_Boot_Loader.adoc#sec-Setting_Up_Users_and_Password_Protection_Specifying_Menu_Entries[Setting Up Users and Password Protection, Specifying Menu Entries]. To use encrypted passwords, see xref:Working_with_the_GRUB_2_Boot_Loader.adoc#sec-Password_Encryption[Password Encryption]. [WARNING] ==== @@ -606,7 +606,7 @@ This method completely removes all GRUB 2 configuration files and system setting ~]#{nbsp}grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg ---- -. Now follow the procedure in <> to restore GRUB2 on the `/boot/` partition. +. Now follow the procedure in xref:Working_with_the_GRUB_2_Boot_Loader.adoc#sec-Reinstalling_GRUB_2[Reinstalling GRUB 2] to restore GRUB2 on the `/boot/` partition. [[sec-GRUB_2_over_a_Serial_Console]] ==== GRUB 2 over a Serial Console @@ -631,7 +631,7 @@ To make persistent changes to a menu entry on a system, use the [command]#grubby ~]# grubby --remove-args="rhgb quiet" --args=console=ttyS0,115200 --update-kernel=DEFAULT ---- -The [option]`--update-kernel` parameter also accepts the keyword `ALL` or a comma separated list of kernel index numbers. See <> for more information on using [command]#grubby#. +The [option]`--update-kernel` parameter also accepts the keyword `ALL` or a comma separated list of kernel index numbers. See xref:Working_with_the_GRUB_2_Boot_Loader.adoc#bh-Adding_and_Removing_Arguments_from_a_GRUB_Menu_Entry[Adding and Removing Arguments from a GRUB Menu Entry] for more information on using [command]#grubby#. If required to build a new GRUB 2 configuration file, add the following two lines in the `/etc/default/grub` file: @@ -672,7 +672,7 @@ console=pass:attributes[{blank}]_ttyS0,9600n8_ Where [option]`console=ttyS0` is the serial terminal to be used, [option]`9600` is the baud rate, [option]`n` is for no parity, and [option]`8` is the word length in bits. A much higher baud rate, for example `115200`, is preferable for tasks such as following log files. -For more information on serial console settings, see <> +For more information on serial console settings, see xref:Working_with_the_GRUB_2_Boot_Loader.adoc#bh-Installable_and_External_Documentation[Installed Documentation] ==== @@ -767,9 +767,9 @@ Note that in GRUB 2, resetting the password is no longer performed in single-use Two procedures for resetting the `root` password are shown here: -* <> takes you to a shell prompt, without having to edit the grub menu. It is the shorter of the two procedures and it is also the recommended method. You can use a server boot disk or a netinstall installation disk. +* xref:Working_with_the_GRUB_2_Boot_Loader.adoc#proc-Resetting_the_Root_Password_Using_an_Installation_Disk[Resetting the Root Password Using an Installation Disk] takes you to a shell prompt, without having to edit the grub menu. It is the shorter of the two procedures and it is also the recommended method. You can use a server boot disk or a netinstall installation disk. -* <> makes use of [command]#rd.break# to interrupt the boot process before control is passed from `initramfs` to `systemd`. The disadvantage of this method is that it requires more steps, includes having to edit the GRUB menu, and involves choosing between a possibly time consuming SELinux file relabel or changing the SELinux enforcing mode and then restoring the SELinux security context for `/etc/shadow/` when the boot completes. +* xref:Working_with_the_GRUB_2_Boot_Loader.adoc#proc-Resetting_the_Root_Password_Using_rd.break[Resetting the Root Password Using rd.break] makes use of [command]#rd.break# to interrupt the boot process before control is passed from `initramfs` to `systemd`. The disadvantage of this method is that it requires more steps, includes having to edit the GRUB menu, and involves choosing between a possibly time consuming SELinux file relabel or changing the SELinux enforcing mode and then restoring the SELinux security context for `/etc/shadow/` when the boot completes. [[proc-Resetting_the_Root_Password_Using_an_Installation_Disk]] .Resetting the Root Password Using an Installation Disk diff --git a/en-US/monitoring-and-automation/Automating_System_Tasks.adoc b/en-US/monitoring-and-automation/Automating_System_Tasks.adoc index 4bf3d6e..c9ae4d2 100644 --- a/en-US/monitoring-and-automation/Automating_System_Tasks.adoc +++ b/en-US/monitoring-and-automation/Automating_System_Tasks.adoc @@ -11,7 +11,7 @@ Tasks, also known as _jobs_, can be configured to run automatically within a spe {MAJOROS} comes with the following automated task utilities: [command]#cron#, [command]#anacron#, [command]#at#, and [command]#batch#. -Every utility is intended for scheduling a different job type: while Cron and Anacron schedule recurring jobs, At and Batch schedule one-time jobs (refer to <> and <> respectively). +Every utility is intended for scheduling a different job type: while Cron and Anacron schedule recurring jobs, At and Batch schedule one-time jobs (refer to xref:Automating_System_Tasks.adoc#s1-autotasks-cron-anacron[Cron and Anacron] and xref:Automating_System_Tasks.adoc#s1-autotasks-at-batch[At and Batch] respectively). {MAJOROS} supports the use of `systemd.timer` for executing a job at a specific time. See man `systemd.timer(5)` for more information. @@ -52,7 +52,7 @@ For example, to install both Cron and Anacron, type the following at a shell pro ~]#{nbsp}dnf install cronie cronie-anacron ---- -For more information on how to install new packages in {MAJOROS}, see <>. +For more information on how to install new packages in {MAJOROS}, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. [[sect-Cron-Running]] ===== Running the Crond Service @@ -229,7 +229,7 @@ HOME=/ # * * * * * user-name command to be executed ---- -The first three lines contain the same variable definitions as an `anacrontab` file: `SHELL`, `PATH`, and `MAILTO`. For more information about these variables, see <>. +The first three lines contain the same variable definitions as an `anacrontab` file: `SHELL`, `PATH`, and `MAILTO`. For more information about these variables, see xref:Automating_System_Tasks.adoc#s2-configuring-anacron-jobs[Configuring Anacron Jobs]. In addition, the file can define the `HOME` variable. The `HOME` variable defines the directory, which will be used as the home directory when executing commands or scripts run by the job. @@ -315,7 +315,7 @@ To define a black list, create a `jobs.deny` file in the directory that [command To define a white list, create a `jobs.allow` file. -The principles of `jobs.deny` and `jobs.allow` are the same as those of `cron.deny` and `cron.allow` described in section <>. +The principles of `jobs.deny` and `jobs.allow` are the same as those of `cron.deny` and `cron.allow` described in section xref:Automating_System_Tasks.adoc#s2-autotasks-cron-access[Controlling Access to Cron]. [[s1-autotasks-at-batch]] ==== At and Batch @@ -348,7 +348,7 @@ For example, to install both At and Batch, type the following at a shell prompt: ~]#{nbsp}dnf install at ---- -For more information on how to install new packages in {MAJOROS}, see <>. +For more information on how to install new packages in {MAJOROS}, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. [[sect-Atd-Running]] ===== Running the At Service @@ -454,9 +454,9 @@ The job will use the shell set in the user's `SHELL` environment, the user's log If the set of commands or the script tries to display information to standard output, the output is emailed to the user. -To view the list of pending jobs, use the [command]#atq# command. See <> for more information. +To view the list of pending jobs, use the [command]#atq# command. See xref:Automating_System_Tasks.adoc#s2-autotasks-at-batch-viewing[Viewing Pending Jobs] for more information. -You can also restrict the usage of the [command]#at# command. For more information, see <> for details. +You can also restrict the usage of the [command]#at# command. For more information, see xref:Automating_System_Tasks.adoc#s2-autotasks-at-batch-controlling-access[Controlling Access to At and Batch] for details. [[s2-autotasks-batch-configuring]] ===== Configuring a Batch Job @@ -479,9 +479,9 @@ If a script is entered, the job uses the shell set in the user's `SHELL` environ If the set of commands or the script tries to display information to standard output, the output is emailed to the user. -To view the list of pending jobs, use the [command]#atq# command. See <> for more information. +To view the list of pending jobs, use the [command]#atq# command. See xref:Automating_System_Tasks.adoc#s2-autotasks-at-batch-viewing[Viewing Pending Jobs] for more information. -You can also restrict the usage of the [command]#batch# command. For more information, see <> for details. +You can also restrict the usage of the [command]#batch# command. For more information, see xref:Automating_System_Tasks.adoc#s2-autotasks-at-batch-controlling-access[Controlling Access to At and Batch] for details. [[s2-autotasks-at-batch-viewing]] ===== Viewing Pending Jobs diff --git a/en-US/monitoring-and-automation/OProfile.adoc b/en-US/monitoring-and-automation/OProfile.adoc index 8934633..fefc186 100644 --- a/en-US/monitoring-and-automation/OProfile.adoc +++ b/en-US/monitoring-and-automation/OProfile.adoc @@ -28,7 +28,7 @@ Be aware of the following limitations when using OProfile: [[s1-oprofile-overview-tools]] ==== Overview of Tools indexterm:[OProfile,overview of tools] -<> provides a brief overview of the most commonly used tools provided with the `oprofile` package. +xref:OProfile.adoc#tb-oprofile-tools[OProfile Commands] provides a brief overview of the most commonly used tools provided with the `oprofile` package. [[tb-oprofile-tools]] .OProfile Commands @@ -38,11 +38,11 @@ indexterm:[OProfile,overview of tools] |Command|Description |[command]#ophelp#|Displays available events for the system's processor along with a brief description of each. |[command]#opimport#|Converts sample database files from a foreign binary format to the native format for the system. Only use this option when analyzing a sample database from a different architecture. -|[command]#opannotate#|Creates annotated source for an executable if the application was compiled with debugging symbols. See <> for details. -|[command]#opcontrol#|Configures what data is collected. See <> for details. -|[command]#operf#|Recommended tool to be used in place of [command]#opcontrol# for profiling. See <> for details. - For differences between [command]#operf# and [command]#opcontrol# see <>. -|[command]#opreport#|Retrieves profile data. See <> for details. +|[command]#opannotate#|Creates annotated source for an executable if the application was compiled with debugging symbols. See xref:OProfile.adoc#s2-oprofile-reading-opannotate[Using [command]#opannotate#] for details. +|[command]#opcontrol#|Configures what data is collected. See xref:OProfile.adoc#s1-oprofile-configuring[Configuring OProfile Using Legacy Mode] for details. +|[command]#operf#|Recommended tool to be used in place of [command]#opcontrol# for profiling. See xref:OProfile.adoc#s1-using-operf[Using operf] for details. + For differences between [command]#operf# and [command]#opcontrol# see xref:OProfile.adoc#s2-operf_vs_opcontrol[operf vs. opcontrol]. +|[command]#opreport#|Retrieves profile data. See xref:OProfile.adoc#s2-oprofile-reading-opreport[Using [command]#opreport#] for details. |[command]#oprofiled#|Runs as a daemon to periodically write sample data to disk. |=== @@ -54,12 +54,12 @@ There are two mutually exclusive methods for collecting profiling data with OPro .operf This is the recommended mode for profiling. The [command]#operf# tool uses the Linux Performance Events Subsystem, and therefore does not require the *oprofile* kernel driver. The [command]#operf# tool allows you to target your profiling more precisely, as a single process or system-wide, and also allows OProfile to co-exist better with other tools using the performance monitoring hardware on your system. Unlike [command]#opcontrol#, it can be used without the `root` privileges. However, [command]#operf# is also capable of system-wide operations with use of the [option]`--system-wide` option, where root authority is required. -With [command]#operf#, there is no initial setup needed. You can invoke [command]#operf# with command-line options to specify your profiling settings. After that, you can run the OProfile post-processing tools described in <>. See <> for further information. +With [command]#operf#, there is no initial setup needed. You can invoke [command]#operf# with command-line options to specify your profiling settings. After that, you can run the OProfile post-processing tools described in xref:OProfile.adoc#s1-oprofile-analyzing-data[Analyzing the Data]. See xref:OProfile.adoc#s1-using-operf[Using operf] for further information. .opcontrol This mode consists of the [command]#opcontrol# shell script, the `oprofiled` daemon, and several post-processing tools. The [command]#opcontrol# command is used for configuring, starting, and stopping a profiling session. An OProfile kernel driver, usually built as a kernel module, is used for collecting samples, which are then recorded into sample files by `oprofiled`. You can use legacy mode only if you have `root` privileges. In certain cases, such as when you need to sample areas with disabled interrupt request (IRQ), this is a better alternative. -Before OProfile can be run in legacy mode, it must be configured as shown in <>. These settings are then applied when starting OProfile (<>). +Before OProfile can be run in legacy mode, it must be configured as shown in xref:OProfile.adoc#s1-oprofile-configuring[Configuring OProfile Using Legacy Mode]. These settings are then applied when starting OProfile (xref:OProfile.adoc#s1-oprofile-starting[Starting and Stopping OProfile Using Legacy Mode]). [[s1-using-operf]] ==== Using operf @@ -73,7 +73,7 @@ Before OProfile can be run in legacy mode, it must be configured as shown in <> +[option]`--system-wide` - this setting allows for global profiling, see xref:OProfile.adoc#using_operf_system-wide[Using [command]#operf# in System-wide Mode] [option]`--pid=pass:attributes[{blank}]_PID_pass:attributes[{blank}]` - this is to profile a running application, where _PID_ is the process ID of the process you want to profile. @@ -114,9 +114,9 @@ With this option, you can specify a path to a vmlinux file that matches the runn [[s2-operf-events]] ===== Setting Events to Monitor -Most processors contain counters, which are used by OProfile to monitor specific events. As shown in <>, the number of counters available depends on the processor. +Most processors contain counters, which are used by OProfile to monitor specific events. As shown in xref:OProfile.adoc#tb-oprofile-processors[OProfile Processors and Counters], the number of counters available depends on the processor. -The events for each counter can be configured via the command line or with a graphical interface. For more information on the graphical interface, see <>. If the counter cannot be set to a specific event, an error message is displayed. +The events for each counter can be configured via the command line or with a graphical interface. For more information on the graphical interface, see xref:OProfile.adoc#s1-oprofile-gui[Graphical Interface]. If the counter cannot be set to a specific event, an error message is displayed. .Older Processors and operf [NOTE] @@ -167,7 +167,7 @@ Here, pass a comma-separated list of event specifications for profiling. Each ev _event-name_:pass:attributes[{blank}]_sample-rate_:pass:attributes[{blank}]_unit-mask_:pass:attributes[{blank}]_kernel_:pass:attributes[{blank}]_user_ ---- -<> summarizes these options. The last three values are optional, if you omit them, they will be set to their default values. Note that certain events do require a unit mask. +xref:OProfile.adoc#tab_event_specifications[Event Specifications] summarizes these options. The last three values are optional, if you omit them, they will be set to their default values. Note that certain events do require a unit mask. [[tab_event_specifications]] .Event Specifications @@ -183,7 +183,7 @@ _event-name_:pass:attributes[{blank}]_sample-rate_:pass:attributes[{blank}]_unit |_user_|Specifies whether to profile user-space code (insert `0` or `1` (default)) |=== -The events available vary depending on the processor type. When no event specification is given, the default event for the running processor type will be used for profiling. See <> for a list of these default events. To determine the events available for profiling, use the [command]#ophelp# command. +The events available vary depending on the processor type. When no event specification is given, the default event for the running processor type will be used for profiling. See xref:OProfile.adoc#tb-oprofile-default-events[Default Events] for a list of these default events. To determine the events available for profiling, use the [command]#ophelp# command. [subs="quotes, macros"] ---- @@ -227,14 +227,14 @@ indexterm:[OProfile,opcontrol,--no-vmlinux] ~]# opcontrol --setup --no-vmlinux ---- -This command also loads the `oprofile` kernel module, if it is not already loaded, and creates the `/dev/oprofile/` directory, if it does not already exist. See <> for details about this directory. +This command also loads the `oprofile` kernel module, if it is not already loaded, and creates the `/dev/oprofile/` directory, if it does not already exist. See xref:OProfile.adoc#s1-oprofile-dev-oprofile[Understanding the /dev/oprofile/ directory] for details about this directory. -Setting whether samples should be collected within the kernel only changes what data is collected, not how or where the collected data is stored. To generate different sample files for the kernel and application libraries, see <>. +Setting whether samples should be collected within the kernel only changes what data is collected, not how or where the collected data is stored. To generate different sample files for the kernel and application libraries, see xref:OProfile.adoc#s2-oprofile-starting-separate[Separating Kernel and User-space Profiles]. [[s2-oprofile-events]] ===== Setting Events to Monitor indexterm:[OProfile,events,setting] -Most processors contain _counters_, which are used by OProfile to monitor specific events. As shown in <>, the number of counters available depends on the processor. +Most processors contain _counters_, which are used by OProfile to monitor specific events. As shown in xref:OProfile.adoc#tb-oprofile-processors[OProfile Processors and Counters], the number of counters available depends on the processor. [[tb-oprofile-processors]] .OProfile Processors and Counters @@ -277,11 +277,11 @@ Most processors contain _counters_, which are used by OProfile to monitor specif |TIMER_INT|timer|1 |=== -Use <> to determine the number of events that can be monitored simultaneously for your CPU type. If the processor does not have supported performance monitoring hardware, the `timer` is used as the processor type. +Use xref:OProfile.adoc#tb-oprofile-processors[OProfile Processors and Counters] to determine the number of events that can be monitored simultaneously for your CPU type. If the processor does not have supported performance monitoring hardware, the `timer` is used as the processor type. If `timer` is used, events cannot be set for any processor because the hardware does not have support for hardware performance counters. Instead, the timer interrupt is used for profiling. -If `timer` is not used as the processor type, the events monitored can be changed, and counter 0 for the processor is set to a time-based event by default. If more than one counter exists on the processor, the counters other than 0 are not set to an event by default. The default events monitored are shown in <>. +If `timer` is not used as the processor type, the events monitored can be changed, and counter 0 for the processor is set to a time-based event by default. If more than one counter exists on the processor, the counters other than 0 are not set to an event by default. The default events monitored are shown in xref:OProfile.adoc#tb-oprofile-default-events[Default Events]. [[tb-oprofile-default-events]] .Default Events @@ -333,11 +333,11 @@ cpu_type 'unset' is not valid you should upgrade oprofile or force the use of timer mode ---- -To configure OProfile, follow the instructions in <>. +To configure OProfile, follow the instructions in xref:OProfile.adoc#s1-oprofile-configuring[Configuring OProfile Using Legacy Mode]. ==== -The events for each counter can be configured via the command line or with a graphical interface. For more information on the graphical interface, see <>. If the counter cannot be set to a specific event, an error message is displayed. +The events for each counter can be configured via the command line or with a graphical interface. For more information on the graphical interface, see xref:OProfile.adoc#s1-oprofile-gui[Graphical Interface]. If the counter cannot be set to a specific event, an error message is displayed. To set the event for each configurable counter via the command line, use [command]#opcontrol#: @@ -530,7 +530,7 @@ The executable being profiled must be used with these tools to analyze the data. ==== -Samples for each executable are written to a single sample file. Samples from each dynamically linked library are also written to a single sample file. While OProfile is running, if the executable being monitored changes and a sample file for the executable exists, the existing sample file is automatically deleted. Thus, if the existing sample file is needed, it must be backed up, along with the executable used to create it before replacing the executable with a new version. The OProfile analysis tools use the executable file that created the samples during analysis. If the executable changes, the analysis tools will be unable to analyze the associated samples. See <> for details on how to back up the sample file. +Samples for each executable are written to a single sample file. Samples from each dynamically linked library are also written to a single sample file. While OProfile is running, if the executable being monitored changes and a sample file for the executable exists, the existing sample file is automatically deleted. Thus, if the existing sample file is needed, it must be backed up, along with the executable used to create it before replacing the executable with a new version. The OProfile analysis tools use the executable file that created the samples during analysis. If the executable changes, the analysis tools will be unable to analyze the associated samples. See xref:OProfile.adoc#s1-oprofile-saving-data[Saving Data in Legacy Mode] for details on how to back up the sample file. [[s2-oprofile-reading-opreport]] ===== Using [command]#opreport# @@ -810,7 +810,7 @@ Depending on the JVM that you are using, you may have to install the *debuginfo* After successful setup, you can apply the standard profiling and analyzing tools described in previous sections -To learn more about Java support in OProfile, see the OProfile Manual, which is linked from <>. +To learn more about Java support in OProfile, see the OProfile Manual, which is linked from xref:OProfile.adoc#s1-oprofile_additional_resources[Additional Resources]. [[s1-oprofile-gui]] ==== Graphical Interface @@ -819,20 +819,20 @@ Some OProfile preferences can be set with a graphical interface. Make sure you h After changing any of the options, save them by clicking the btn:[Save and quit] button. The preferences are written to `/root/.oprofile/daemonrc`, and the application exits. Exiting the application does not stop OProfile from sampling. -On the `Setup` tab, to set events for the processor counters as discussed in <>, select the counter from the pulldown menu and select the event from the list. A brief description of the event appears in the text box below the list. Only events available for the specific counter and the specific architecture are displayed. The interface also displays whether the profiler is running and some brief statistics about it. +On the `Setup` tab, to set events for the processor counters as discussed in xref:OProfile.adoc#s2-oprofile-events[Setting Events to Monitor], select the counter from the pulldown menu and select the event from the list. A brief description of the event appears in the text box below the list. Only events available for the specific counter and the specific architecture are displayed. The interface also displays whether the profiler is running and some brief statistics about it. [[fig-oprofile-setup]] .OProfile Setup image::oprof-start-setup.png[oprof_start interface] -On the right side of the tab, select the `Profile kernel` option to count events in kernel mode for the currently selected event, as discussed in <>. If this option is not selected, no samples are collected for the kernel. +On the right side of the tab, select the `Profile kernel` option to count events in kernel mode for the currently selected event, as discussed in xref:OProfile.adoc#s2-oprofile-starting-separate[Separating Kernel and User-space Profiles]. If this option is not selected, no samples are collected for the kernel. -Select the `Profile user binaries` option to count events in user mode for the currently selected event, as discussed in <>. If this option is not selected, no samples are collected for user applications. +Select the `Profile user binaries` option to count events in user mode for the currently selected event, as discussed in xref:OProfile.adoc#s2-oprofile-starting-separate[Separating Kernel and User-space Profiles]. If this option is not selected, no samples are collected for user applications. -Use the `Count` text field to set the sampling rate for the currently selected event as discussed in <>. +Use the `Count` text field to set the sampling rate for the currently selected event as discussed in xref:OProfile.adoc#s3-oprofile-events-sampling[Sampling Rate]. -If any unit masks are available for the currently selected event, as discussed in <>, they are displayed in the `Unit Masks` area on the right side of the `Setup` tab. Select the check box beside the unit mask to enable it for the event. +If any unit masks are available for the currently selected event, as discussed in xref:OProfile.adoc#s3-oprofile-events-unit-masks[Unit Masks], they are displayed in the `Unit Masks` area on the right side of the `Setup` tab. Select the check box beside the unit mask to enable it for the event. On the `Configuration` tab, to profile the kernel, enter the name and location of the `vmlinux` file for the kernel to monitor in the `Kernel image file` text field. To configure OProfile not to monitor the kernel, select `No kernel image`. @@ -843,9 +843,9 @@ image::oprof-start-config.png[OProfile Configuration] If the `Verbose` option is selected, the [command]#oprofiled# daemon log includes more detailed information. -If `Per-application profiles` is selected, OProfile generates per-application profiles for libraries. This is equivalent to the [command]#opcontrol --separate=library# command. If `Per-application profiles, including kernel` is selected, OProfile generates per-application profiles for the kernel and kernel modules as discussed in <>. This is equivalent to the [command]#opcontrol --separate=kernel# command. +If `Per-application profiles` is selected, OProfile generates per-application profiles for libraries. This is equivalent to the [command]#opcontrol --separate=library# command. If `Per-application profiles, including kernel` is selected, OProfile generates per-application profiles for the kernel and kernel modules as discussed in xref:OProfile.adoc#s2-oprofile-starting-separate[Separating Kernel and User-space Profiles]. This is equivalent to the [command]#opcontrol --separate=kernel# command. -To force data to be written to samples files as discussed in <>, click the btn:[Flush] button. This is equivalent to the [command]#opcontrol --dump# command. +To force data to be written to samples files as discussed in xref:OProfile.adoc#s1-oprofile-analyzing-data[Analyzing the Data], click the btn:[Flush] button. This is equivalent to the [command]#opcontrol --dump# command. To start OProfile from the graphical interface, click btn:[Start]. To stop the profiler, click btn:[Stop]. Exiting the application does not stop OProfile from sampling. @@ -858,7 +858,7 @@ While using OProfile is suggested in cases of collecting data on where and why t You might want to use SystemTap when instrumenting specific places in code. Because SystemTap allows you to run the code instrumentation without having to stop and restart the instrumented code, it is particularly useful for instrumenting the kernel and daemons. -For more information on SystemTap, see <> for the relevant SystemTap documentation. +For more information on SystemTap, see xref:OProfile.adoc#br-oprofile_online_documentation[Online Documentation] for the relevant SystemTap documentation. [[s1-oprofile_additional_resources]] ==== Additional Resources diff --git a/en-US/monitoring-and-automation/System_Monitoring_Tools.adoc b/en-US/monitoring-and-automation/System_Monitoring_Tools.adoc index 8b1065e..2248364 100644 --- a/en-US/monitoring-and-automation/System_Monitoring_Tools.adoc +++ b/en-US/monitoring-and-automation/System_Monitoring_Tools.adoc @@ -110,7 +110,7 @@ Swap: 1540092k total, 55780k used, 1484312k free, 256408k cached 15 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kblockd ---- -<> contains useful interactive commands that you can use with [command]#top#. For more information, refer to the *top*(1) manual page. +xref:System_Monitoring_Tools.adoc#interactive-top-command[Interactive top commands] contains useful interactive commands that you can use with [command]#top#. For more information, refer to the *top*(1) manual page. [[interactive-top-command]] .Interactive top commands @@ -788,7 +788,7 @@ This section provides information on configuring the Net-SNMP agent to securely [[sect-System_Monitoring_Tools-Net-SNMP-Installing]] ===== Installing Net-SNMP -The Net-SNMP software suite is available as a set of RPM packages in the {MAJOROS} software distribution. <> summarizes each of the packages and their contents. +The Net-SNMP software suite is available as a set of RPM packages in the {MAJOROS} software distribution. xref:System_Monitoring_Tools.adoc#tabl-System_Monitoring_Tools-Net-SNMP-Packages[Available Net-SNMP packages] summarizes each of the packages and their contents. [[tabl-System_Monitoring_Tools-Net-SNMP-Packages]] .Available Net-SNMP packages @@ -816,12 +816,12 @@ For example, to install the SNMP Agent Daemon and SNMP clients used in the rest ~]# dnf install net-snmp net-snmp-libs net-snmp-utils ---- -Note that you must have superuser privileges (that is, you must be logged in as `root`) to run this command. For more information on how to install new packages in {MAJOROS}, refer to <>. +Note that you must have superuser privileges (that is, you must be logged in as `root`) to run this command. For more information on how to install new packages in {MAJOROS}, refer to xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. [[sect-System_Monitoring_Tools-Net-SNMP-Running]] ===== Running the Net-SNMP Daemon -The [package]*net-snmp* package contains `snmpd`, the SNMP Agent Daemon. This section provides information on how to start, stop, and restart the `snmpd` service, and shows how to enable or disable it in the `multi-user` target unit. For more information on the concept of target units and how to manage system services in {MAJOROS} in general, refer to <>. +The [package]*net-snmp* package contains `snmpd`, the SNMP Agent Daemon. This section provides information on how to start, stop, and restart the `snmpd` service, and shows how to enable or disable it in the `multi-user` target unit. For more information on the concept of target units and how to manage system services in {MAJOROS} in general, refer to xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. [[sect-System_Monitoring_Tools-Net-SNMP-Running-Starting]] ====== Starting the Service @@ -1029,12 +1029,12 @@ SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 2.6.32-122.el6.x86_ The Net-SNMP Agent in {MAJOROS} provides a wide variety of performance information over the SNMP protocol. In addition, the agent can be queried for a listing of the installed RPM packages on the system, a listing of currently running processes on the system, or the network configuration of the system. -This section provides an overview of OIDs related to performance tuning available over SNMP. It assumes that the [package]*net-snmp-utils* package is installed and that the user is granted access to the SNMP tree as described in <>. +This section provides an overview of OIDs related to performance tuning available over SNMP. It assumes that the [package]*net-snmp-utils* package is installed and that the user is granted access to the SNMP tree as described in xref:System_Monitoring_Tools.adoc#sect-System_Monitoring_Tools-Net-SNMP-Configuring-Authentication[Configuring Authentication]. [[sect-System_Monitoring_Tools-Net-SNMP-Retrieving-Hardware]] ====== Hardware Configuration -The `Host Resources MIB` included with Net-SNMP presents information about the current hardware and software configuration of a host to a client utility. <> summarizes the different OIDs available under that MIB. +The `Host Resources MIB` included with Net-SNMP presents information about the current hardware and software configuration of a host to a client utility. xref:System_Monitoring_Tools.adoc#tabl-System_Monitoring_Tools-Net-SNMP-OIDs[Available OIDs] summarizes the different OIDs available under that MIB. [[tabl-System_Monitoring_Tools-Net-SNMP-OIDs]] .Available OIDs @@ -1224,7 +1224,7 @@ IF-MIB::ifInOctets.3 = Counter32: 0 The Net-SNMP Agent can be extended to provide application metrics in addition to raw system metrics. This allows for capacity planning as well as performance issue troubleshooting. For example, it may be helpful to know that an email system had a 5-minute load average of 15 while being tested, but it is more helpful to know that the email system has a load average of 15 while processing 80,000 messages a second. When application metrics are available via the same interface as the system metrics, this also allows for the visualization of the impact of different load scenarios on system performance (for example, each additional 10,000 messages increases the load average linearly until 100,000). -A number of the applications that ship with {MAJOROS} extend the Net-SNMP Agent to provide application metrics over SNMP. There are several ways to extend the agent for custom applications as well. This section describes extending the agent with shell scripts and Perl plug-ins. It assumes that the [package]*net-snmp-utils* and [package]*net-snmp-perl* packages are installed, and that the user is granted access to the SNMP tree as described in <>. +A number of the applications that ship with {MAJOROS} extend the Net-SNMP Agent to provide application metrics over SNMP. There are several ways to extend the agent for custom applications as well. This section describes extending the agent with shell scripts and Perl plug-ins. It assumes that the [package]*net-snmp-utils* and [package]*net-snmp-perl* packages are installed, and that the user is granted access to the SNMP tree as described in xref:System_Monitoring_Tools.adoc#sect-System_Monitoring_Tools-Net-SNMP-Configuring-Authentication[Configuring Authentication]. [[sect-System_Monitoring_Tools-Net-SNMP-Extending-Shell]] ====== Extending Net-SNMP with Shell Scripts diff --git a/en-US/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc b/en-US/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc index ada33d5..a5fde14 100644 --- a/en-US/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc +++ b/en-US/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc @@ -11,9 +11,9 @@ Log files can be very useful when trying to troubleshoot a problem with the syst indexterm:[log files,rsyslogd daemon]indexterm:[rsyslog] Some log files are controlled by a daemon called `rsyslogd`. The `rsyslogd` daemon is an enhanced replacement for [application]*sysklogd*, and provides extended filtering, encryption protected relaying of messages, various configuration options, input and output modules, support for transportation via the `TCP` or `UDP` protocols. Note that [application]*rsyslog* is compatible with [application]*sysklogd*. -Log files can also be managed by the `journald` daemon – a component of `systemd`. The `journald` daemon captures Syslog messages, kernel log messages, initial RAM disk and early boot messages as well as messages written to standard output and standard error output of all services, indexes them and makes this available to the user. The native journal file format, which is a structured and indexed binary file, improves searching and provides faster operation, and it also stores meta data information like time stamps or user IDs. Log files produced by `journald` are by default not persistent, log files are stored only in memory or a small ring-buffer in the `/run/log/journal/` directory. The amount of logged data depends on free memory, when you reach the capacity limit, the oldest entries are deleted. However, this setting can be altered – see <>. For more information on Journal see <>. +Log files can also be managed by the `journald` daemon – a component of `systemd`. The `journald` daemon captures Syslog messages, kernel log messages, initial RAM disk and early boot messages as well as messages written to standard output and standard error output of all services, indexes them and makes this available to the user. The native journal file format, which is a structured and indexed binary file, improves searching and provides faster operation, and it also stores meta data information like time stamps or user IDs. Log files produced by `journald` are by default not persistent, log files are stored only in memory or a small ring-buffer in the `/run/log/journal/` directory. The amount of logged data depends on free memory, when you reach the capacity limit, the oldest entries are deleted. However, this setting can be altered – see xref:Viewing_and_Managing_Log_Files.adoc#s2-Enabling_Persistent_Storage[Enabling Persistent Storage]. For more information on Journal see xref:Viewing_and_Managing_Log_Files.adoc#s1-Using_the_Journal[Using the Journal]. -By default, these two logging tools coexist on your system. The `journald` daemon is the primary tool for troubleshooting. It also provides additional data necessary for creating structured log messages. Data acquired by `journald` is forwarded into the `/run/systemd/journal/syslog` socket that may be used by `rsyslogd` to process the data further. However, [application]*rsyslog* does the actual integration by default via the `imjournal` input module, thus avoiding the aforementioned socket. You can also transfer data in the opposite direction, from `rsyslogd` to `journald` with use of `omjournal` module. See <> for further information. The integration enables maintaining text-based logs in a consistent format to ensure compatibility with possible applications or configurations dependent on `rsyslogd`. Also, you can maintain rsyslog messages in a structured format (see <>). +By default, these two logging tools coexist on your system. The `journald` daemon is the primary tool for troubleshooting. It also provides additional data necessary for creating structured log messages. Data acquired by `journald` is forwarded into the `/run/systemd/journal/syslog` socket that may be used by `rsyslogd` to process the data further. However, [application]*rsyslog* does the actual integration by default via the `imjournal` input module, thus avoiding the aforementioned socket. You can also transfer data in the opposite direction, from `rsyslogd` to `journald` with use of `omjournal` module. See xref:Viewing_and_Managing_Log_Files.adoc#s1-interaction_of_rsyslog_and_journal[Interaction of Rsyslog and Journal] for further information. The integration enables maintaining text-based logs in a consistent format to ensure compatibility with possible applications or configurations dependent on `rsyslogd`. Also, you can maintain rsyslog messages in a structured format (see xref:Viewing_and_Managing_Log_Files.adoc#s1-structured_logging_with_rsyslog[Structured Logging with Rsyslog]). [[s1-logfiles-locating]] ==== Locating Log Files @@ -87,7 +87,7 @@ cron.!info,!debug ==== -Property-based filters:: Property-based filters let you filter syslog messages by any property, such as `timegenerated` or `syslogtag`. For more information on properties, see <>. You can compare each of the specified properties to a particular value using one of the compare-operations listed in <>. Both property names and compare operations are case-sensitive. +Property-based filters:: Property-based filters let you filter syslog messages by any property, such as `timegenerated` or `syslogtag`. For more information on properties, see xref:Viewing_and_Managing_Log_Files.adoc#brid-properties[Properties]. You can compare each of the specified properties to a particular value using one of the compare-operations listed in xref:Viewing_and_Managing_Log_Files.adoc#table-compare-operations[Property-based compare-operations]. Both property names and compare operations are case-sensitive. Property-based filter must start with a colon (`:`). To define the filter, use the following syntax: @@ -102,7 +102,7 @@ where: ** The optional exclamation point (`!`) negates the output of the compare-operation. Other Boolean operators are currently not supported in property-based filters. -** The _COMPARE_OPERATION_ attribute specifies one of the compare-operations listed in <>. +** The _COMPARE_OPERATION_ attribute specifies one of the compare-operations listed in xref:Viewing_and_Managing_Log_Files.adoc#table-compare-operations[Property-based compare-operations]. ** The _STRING_ attribute specifies the value that the text provided by the property is compared to. This value must be enclosed in quotation marks. To escape certain character inside the string (for example a quotation mark (`"`)), use the backslash character (`\`). @@ -165,7 +165,7 @@ where: ** Expression-based filters are indicated by the keyword *if* at the start of a new line. The *then* keyword separates the _EXPRESSION_ from the _ACTION_. Optionally, you can employ the *else* keyword to specify what action is to be performed in case the condition is not met. -With expression-based filters, you can nest the conditions by using a script enclosed in curly braces as in <>. The script allows you to use *facility/priority-based* filters inside the expression. On the other hand, *property-based* filters are not recommended here. RainerScript supports regular expressions with specialized functions `re_match()` and `re_extract()`. +With expression-based filters, you can nest the conditions by using a script enclosed in curly braces as in xref:Viewing_and_Managing_Log_Files.adoc#ex-expression-based_filters[Expression-based Filters]. The script allows you to use *facility/priority-based* filters inside the expression. On the other hand, *property-based* filters are not recommended here. RainerScript supports regular expressions with specialized functions `re_match()` and `re_extract()`. [[ex-expression-based_filters]] .Expression-based Filters @@ -188,7 +188,7 @@ if $programname == 'prog1' then { ==== -See <> for more examples of various expression-based filters. RainerScript is the basis for [application]*rsyslog*pass:attributes[{blank}]'s new configuration format, see <> +See xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online Documentation] for more examples of various expression-based filters. RainerScript is the basis for [application]*rsyslog*pass:attributes[{blank}]'s new configuration format, see xref:Viewing_and_Managing_Log_Files.adoc#sec-using_the_new_configuration_format[Using the New Configuration Format] [[s2-Actions]] ===== Actions @@ -226,7 +226,7 @@ Your specified file path can be either *static* or *dynamic*. Static files are r _FILTER_ ?_DynamicFile_ ---- -where _DynamicFile_ is a name of a predefined template that modifies output paths. You can use the dash prefix (`-`) to disable syncing, also you can use multiple templates separated by a colon (`;`). For more information on templates, see <>. +where _DynamicFile_ is a name of a predefined template that modifies output paths. You can use the dash prefix (`-`) to disable syncing, also you can use multiple templates separated by a colon (`;`). For more information on templates, see xref:Viewing_and_Managing_Log_Files.adoc#brid-generating-dynamic-fnames[Generating Dynamic File Names]. If the file you specified is an existing [application]*terminal* or `/dev/console` device, syslog messages are sent to standard output (using special [application]*terminal*-handling) or your console (using special `/dev/console`-handling) when using the X Window System, respectively. @@ -280,7 +280,7 @@ The following compresses messages with [application]*zlib* (level 9 compression) ==== -Output channels:: Output channels are primarily used to specify the maximum size a log file can grow to. This is very useful for log file rotation (for more information see <>). An output channel is basically a collection of information about the output action. Output channels are defined by the `$outchannel` directive. To define an output channel in `/etc/rsyslog.conf`, use the following syntax: +Output channels:: Output channels are primarily used to specify the maximum size a log file can grow to. This is very useful for log file rotation (for more information see xref:Viewing_and_Managing_Log_Files.adoc#s2-log_rotation[Log Rotation]). An output channel is basically a collection of information about the output action. Output channels are defined by the `$outchannel` directive. To define an output channel in `/etc/rsyslog.conf`, use the following syntax: [subs="macros"] ---- @@ -328,9 +328,9 @@ Once the limit (in the example 100{nbsp}MB) is hit, the `/home/joe/log_rotation_ ==== -Sending syslog messages to specific users:: [application]*rsyslog* can send syslog messages to specific users by specifying a user name of the user you want to send the messages to (as in <>). To specify more than one user, separate each user name with a comma (`,`). To send messages to every user that is currently logged on, use an asterisk (`*`). +Sending syslog messages to specific users:: [application]*rsyslog* can send syslog messages to specific users by specifying a user name of the user you want to send the messages to (as in xref:Viewing_and_Managing_Log_Files.adoc#ex-multiple_actions[Specifying Multiple Actions]). To specify more than one user, separate each user name with a comma (`,`). To send messages to every user that is currently logged on, use an asterisk (`*`). -Executing a program:: [application]*rsyslog* lets you execute a program for selected syslog messages and uses the `system()` call to execute the program in shell. To specify a program to be executed, prefix it with a caret character (`^`). Consequently, specify a template that formats the received message and passes it to the specified executable as a one line parameter (for more information on templates, see <>). +Executing a program:: [application]*rsyslog* lets you execute a program for selected syslog messages and uses the `system()` call to execute the program in shell. To specify a program to be executed, prefix it with a caret character (`^`). Consequently, specify a template that formats the received message and passes it to the specified executable as a one line parameter (for more information on templates, see xref:Viewing_and_Managing_Log_Files.adoc#s2-Templates[Templates]). [subs="macros"] ---- @@ -378,7 +378,7 @@ where: ** The _DB_PASSWORD_ attribute specifies the password used with the aforementioned database user. -** The _TEMPLATE_ attribute specifies an optional use of a template that modifies the syslog message. For more information on templates, see <>. +** The _TEMPLATE_ attribute specifies an optional use of a template that modifies the syslog message. For more information on templates, see xref:Viewing_and_Managing_Log_Files.adoc#s2-Templates[Templates]. .Using MySQL and PostgreSQL [IMPORTANT] @@ -394,7 +394,7 @@ $ModLoad ompgsql # Output module for PostgreSQL support ---- -For more information on [application]*rsyslog* modules, see <>. +For more information on [application]*rsyslog* modules, see xref:Viewing_and_Managing_Log_Files.adoc#s1-using_rsyslog_modules[Using Rsyslog Modules]. Alternatively, you may use a generic database interface provided by the `omlibdb` module (supports: Firebird/Interbase, MS SQL, Sybase, SQLLite, Ingres, Oracle, mSQL). @@ -445,7 +445,7 @@ kern.=crit user1 ==== -Any action can be followed by a template that formats the message. To specify a template, suffix an action with a semicolon (`;`) and specify the name of the template. For more information on templates, see <>. +Any action can be followed by a template that formats the message. To specify a template, suffix an action with a semicolon (`;`) and specify the name of the template. For more information on templates, see xref:Viewing_and_Managing_Log_Files.adoc#s2-Templates[Templates]. .Using templates [WARNING] @@ -473,7 +473,7 @@ where: * Anything between the two quotation marks (`"`pass:attributes[{blank}]…pass:attributes[{blank}]`"`) is the actual template text. Within this text, special characters, such as `\n` for new line or `\r` for carriage return, can be used. Other characters, such as `%` or `"`, have to be escaped if you want to use those characters literally. -* The text specified between two percent signs (`%`) specifies a _property_ that allows you to access specific contents of a syslog message. For more information on properties, see <>. +* The text specified between two percent signs (`%`) specifies a _property_ that allows you to access specific contents of a syslog message. For more information on properties, see xref:Viewing_and_Managing_Log_Files.adoc#brid-properties[Properties]. * The `OPTION` attribute specifies any options that modify the template functionality. The currently supported template options are `sql` and `stdsql`, which are used for formatting the text as an SQL query. @@ -483,7 +483,7 @@ where: Note that the database writer checks whether the `sql` or `stdsql` options are specified in the template. If they are not, the database writer does not perform any action. This is to prevent any possible security threats, such as SQL injection. -See section [citetitle]_Storing syslog messages in a database_ in <> for more information. +See section [citetitle]_Storing syslog messages in a database_ in xref:Viewing_and_Managing_Log_Files.adoc#s2-Actions[Actions] for more information. ==== @@ -554,7 +554,7 @@ The following are some examples of simple properties: .Template Examples This section presents a few examples of [application]*rsyslog* templates. -<> shows a template that formats a syslog message so that it outputs the message's severity, facility, the time stamp of when the message was received, the host name, the message tag, the message text, and ends with a new line. +xref:Viewing_and_Managing_Log_Files.adoc#example-temp1[A verbose syslog message template] shows a template that formats a syslog message so that it outputs the message's severity, facility, the time stamp of when the message was received, the host name, the message tag, the message text, and ends with a new line. [[example-temp1]] .A verbose syslog message template @@ -567,7 +567,7 @@ $template verbose, "%syslogseverity%, %syslogfacility%, %timegenerated%, %HOSTNA ==== -<> shows a template that resembles a traditional wall message (a message that is send to every user that is logged in and has their `mesg(1)` permission set to `yes`). This template outputs the message text, along with a host name, message tag and a time stamp, on a new line (using `\r` and `\n`) and rings the bell (using `\7`). +xref:Viewing_and_Managing_Log_Files.adoc#example-temp2[A wall message template] shows a template that resembles a traditional wall message (a message that is send to every user that is logged in and has their `mesg(1)` permission set to `yes`). This template outputs the message text, along with a host name, message tag and a time stamp, on a new line (using `\r` and `\n`) and rings the bell (using `\7`). [[example-temp2]] .A wall message template @@ -580,7 +580,7 @@ $template wallmsg,"\r\n\7Message from syslogd@%HOSTNAME% at %timegenerated% ...\ ==== -<> shows a template that formats a syslog message so that it can be used as a database query. Notice the use of the `sql` option at the end of the template specified as the template option. It tells the database writer to format the message as an MySQL `SQL` query. +xref:Viewing_and_Managing_Log_Files.adoc#example-temp3[A database formatted message template] shows a template that formats a syslog message so that it can be used as a database query. Notice the use of the `sql` option at the end of the template specified as the template option. It tells the database writer to format the message as an MySQL `SQL` query. [[example-temp3]] .A database formatted message template @@ -651,7 +651,7 @@ $MainMsgQueueSize 50000 The default size defined for this directive (10,000 messages) can be overridden by specifying a different value (as shown in the example above). -You can define multiple directives in your `/etc/rsyslog.conf` configuration file. A directive affects the behavior of all configuration options until another occurrence of that same directive is detected. Global directives can be used to configure actions, queues and for debugging. A comprehensive list of all available configuration directives can be found in <>. Currently, a new configuration format has been developed that replaces the $-based syntax (see <>). However, classic global directives remain supported as a legacy format. +You can define multiple directives in your `/etc/rsyslog.conf` configuration file. A directive affects the behavior of all configuration options until another occurrence of that same directive is detected. Global directives can be used to configure actions, queues and for debugging. A comprehensive list of all available configuration directives can be found in xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online Documentation]. Currently, a new configuration format has been developed that replaces the $-based syntax (see xref:Viewing_and_Managing_Log_Files.adoc#sec-using_the_new_configuration_format[Using the New Configuration Format]). However, classic global directives remain supported as a legacy format. [[s2-log_rotation]] ===== Log Rotation @@ -731,7 +731,7 @@ For the full list of directives and various configuration options, see the `logr indexterm:[rsyslog,new configuration format] In [application]*rsyslog* version 6, a new configuration syntax was introduced. This new configuration format aims to be more powerful, more intuitive, and to prevent common mistakes by not permitting certain invalid constructs. The syntax enhancement is enabled by the new configuration processor that relies on RainerScript. The legacy format is still fully supported and it is used by default in the `/etc/rsyslog.conf` configuration file. -RainerScript is a scripting language designed for processing network events and configuring event processors such as [application]*rsyslog*. RainerScript was first used to define expression-based filters, see <>. The version of RainerScript in rsyslog version 7 implemented the `input()` and `ruleset()` statements, which permit the `/etc/rsyslog.conf` configuration file to be written in the new syntax. The new syntax differs mainly in that it is much more structured; parameters are passed as arguments to statements, such as input, action, template, and module load. The scope of options is limited by blocks. This enhances readability and reduces the number of bugs caused by misconfiguration. There is also a significant performance gain. Some functionality is exposed in both syntaxes, some only in the new one. +RainerScript is a scripting language designed for processing network events and configuring event processors such as [application]*rsyslog*. RainerScript was first used to define expression-based filters, see xref:Viewing_and_Managing_Log_Files.adoc#ex-expression-based_filters[Expression-based Filters]. The version of RainerScript in rsyslog version 7 implemented the `input()` and `ruleset()` statements, which permit the `/etc/rsyslog.conf` configuration file to be written in the new syntax. The new syntax differs mainly in that it is much more structured; parameters are passed as arguments to statements, such as input, action, template, and module load. The scope of options is limited by blocks. This enhances readability and reduces the number of bugs caused by misconfiguration. There is also a significant performance gain. Some functionality is exposed in both syntaxes, some only in the new one. Compare the configuration written with legacy-style parameters: @@ -754,7 +754,7 @@ input(type="imfile" file="/tmp/inputfile" tag="tag1:" statefile="inputfile-state ---- -This significantly reduces the number of parameters used in configuration, improves readability, and also provides higher execution speed. For more information on RainerScript statements and parameters see <>. +This significantly reduces the number of parameters used in configuration, improves readability, and also provides higher execution speed. For more information on RainerScript statements and parameters see xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online Documentation]. [[sec-Rulesets]] ===== Rulesets @@ -802,7 +802,7 @@ input(type="pass:quotes[_input_type_]" port="pass:quotes[_port_num_]" ruleset="p Here you can identify an input message by _input_type_, which is an input module that gathered the message, or by _port_num_ – the port number. Other parameters such as *file* or *tag* can be specified for `input()`. Replace _rulesetname_ with a name of the ruleset to be evaluated against the message. In case an input message is not explicitly bound to a ruleset, the default ruleset is triggered. -You can also use the legacy format to define rulesets, for more information see <>. +You can also use the legacy format to define rulesets, for more information see xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online Documentation]. [[ex-using_rulesets]] .Using rulesets @@ -962,7 +962,7 @@ Replace _object_ with [option]`MainMsg` or with [option]`Action` to use this opt .Reliable Forwarding of Log Messages to a Server ==== -Rsyslog is often used to maintain a centralized logging system, where log messages are forwarded to a server over the network. To avoid message loss when the server is not available, it is advisable to configure an action queue for the forwarding action. This way, messages that failed to be sent are stored locally until the server is reachable again. Note that such queues are not configurable for connections using the `UDP` protocol. To establish a fully reliable connection, for example when your logging server is outside of your private network, consider using the RELP protocol described in <>. +Rsyslog is often used to maintain a centralized logging system, where log messages are forwarded to a server over the network. To avoid message loss when the server is not available, it is advisable to configure an action queue for the forwarding action. This way, messages that failed to be sent are stored locally until the server is reachable again. Note that such queues are not configurable for connections using the `UDP` protocol. To establish a fully reliable connection, for example when your logging server is outside of your private network, consider using the RELP protocol described in xref:Viewing_and_Managing_Log_Files.adoc#s2-using_RELP[Using RELP]. [[proc-net_forwarding_with_queue]] .Forwarding To a Single Server @@ -1037,7 +1037,7 @@ $ActionQueueSaveOnShutdown on [[s2-managing_queues]] ===== Managing Queues -All types of queues can be further configured to match your requirements. You can use several directives to modify both action queues and the main message queue. Currently, there are more than 20 queue parameters available, see <>. Some of these settings are used commonly, others, such as worker thread management, provide closer control over the queue behavior and are reserved for advanced users. With advanced settings, you can optimize [application]*rsyslog*pass:attributes[{blank}]'s performance, schedule queuing, or modify the behavior of a queue on system shutdown. +All types of queues can be further configured to match your requirements. You can use several directives to modify both action queues and the main message queue. Currently, there are more than 20 queue parameters available, see xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online Documentation]. Some of these settings are used commonly, others, such as worker thread management, provide closer control over the queue behavior and are reserved for advanced users. With advanced settings, you can optimize [application]*rsyslog*pass:attributes[{blank}]'s performance, schedule queuing, or modify the behavior of a queue on system shutdown. .Limiting Queue Size You can limit the number of messages that queue can contain with the following setting: @@ -1151,7 +1151,7 @@ If set, all queue elements are saved to disk before [application]*rsyslog* termi [[s1-configuring_rsyslog_on_a_logging_server]] ==== Configuring rsyslog on a Logging Server -The `rsyslog` service provides facilities both for running a logging server and for configuring individual systems to send their log files to the logging server. See <> for information on client rsyslog configuration. +The `rsyslog` service provides facilities both for running a logging server and for configuring individual systems to send their log files to the logging server. See xref:Viewing_and_Managing_Log_Files.adoc#ex-net_forwarding_with_queue[Reliable Forwarding of Log Messages to a Server] for information on client rsyslog configuration. The `rsyslog` service must be installed on the system that you intend to use as a logging server and all systems that will be configured to send logs to it. Rsyslog is installed by default in {MAJOROSVER}. If required, to ensure that it is, enter the following command as `root`: @@ -1309,7 +1309,7 @@ $ModLoad imfile * Message Modification Modules — Message modification modules change content of syslog messages. Names of these modules start with the `mm` prefix. Message Modification Modules such as [command]#mmanon#, [command]#mmnormalize#, or [command]#mmjsonparse# are used for anonymization or normalization of messages. -* String Generator Modules — String generator modules generate strings based on the message content and strongly cooperate with the template feature provided by [application]*rsyslog*. For more information on templates, see <>. The name of a string generator module always starts with the `sm` prefix, such as [command]#smfile# or [command]#smtradfile#. +* String Generator Modules — String generator modules generate strings based on the message content and strongly cooperate with the template feature provided by [application]*rsyslog*. For more information on templates, see xref:Viewing_and_Managing_Log_Files.adoc#s2-Templates[Templates]. The name of a string generator module always starts with the `sm` prefix, such as [command]#smfile# or [command]#smtradfile#. * Library Modules — Library modules provide functionality for other loadable modules. These modules are loaded automatically by [application]*rsyslog* when needed and cannot be configured by the user. @@ -1366,7 +1366,7 @@ Four settings are required to specify an input text file: * add the *$InputRunFileMonitor* directive that enables the file monitoring. Without this setting, the text file will be ignored. -Apart from the required directives, there are several other settings that can be applied on the text input. Set the severity of imported messages by replacing _severity_ with an appropriate keyword. Replace _facility_ with a keyword to define the subsystem that produced the message. The keywords for severity and facility are the same as those used in facility/priority-based filters, see <>. +Apart from the required directives, there are several other settings that can be applied on the text input. Set the severity of imported messages by replacing _severity_ with an appropriate keyword. Replace _facility_ with a keyword to define the subsystem that produced the message. The keywords for severity and facility are the same as those used in facility/priority-based filters, see xref:Viewing_and_Managing_Log_Files.adoc#s2-Filters[Filters]. [[ex-importing_text_files]] .Importing Text Files @@ -1428,9 +1428,9 @@ Confidentiality and integrity in network transmissions can be provided by either [[s1-interaction_of_rsyslog_and_journal]] ==== Interaction of Rsyslog and Journal -As mentioned above, [application]*Rsyslog* and [application]*Journal*, the two logging applications present on your system, have several distinctive features that make them suitable for specific use cases. In many situations it is useful to combine their capabilities, for example to create structured messages and store them in a file database (see <>). A communication interface needed for this cooperation is provided by input and output modules on the side of [application]*Rsyslog* and by the [application]*Journal*pass:attributes[{blank}]'s communication socket. +As mentioned above, [application]*Rsyslog* and [application]*Journal*, the two logging applications present on your system, have several distinctive features that make them suitable for specific use cases. In many situations it is useful to combine their capabilities, for example to create structured messages and store them in a file database (see xref:Viewing_and_Managing_Log_Files.adoc#s1-structured_logging_with_rsyslog[Structured Logging with Rsyslog]). A communication interface needed for this cooperation is provided by input and output modules on the side of [application]*Rsyslog* and by the [application]*Journal*pass:attributes[{blank}]'s communication socket. -By default, `rsyslogd` uses the `imjournal` module as a default input mode for journal files. With this module, you import not only the messages but also the structured data provided by `journald`. Also, older data can be imported from `journald` (unless forbidden with the [option]`$ImjournalIgnorePreviousMessages` directive). See <> for basic configuration of `imjournal`. +By default, `rsyslogd` uses the `imjournal` module as a default input mode for journal files. With this module, you import not only the messages but also the structured data provided by `journald`. Also, older data can be imported from `journald` (unless forbidden with the [option]`$ImjournalIgnorePreviousMessages` directive). See xref:Viewing_and_Managing_Log_Files.adoc#s2-importing_data_from_journal[Importing Data from Journal] for basic configuration of `imjournal`. As an alternative, configure `rsyslogd` to read from the socket provided by `journal` as an output for syslog-based applications. The path to the socket is `/run/systemd/journal/syslog`. Use this option when you want to maintain plain rsyslog messages. Compared to `imjournal` the socket input currently offers more features, such as ruleset binding or filtering. To import [application]*Journal* data trough the socket, use the following configuration in `/etc/rsyslog.conf`: @@ -1499,7 +1499,7 @@ Searching structured data with use of key-value pairs is faster and more precise In [application]*rsyslog*, log messages with meta data are pulled from [application]*Journal* with use of the `imjournal` module. With the `mmjsonparse` module, you can parse data imported from [application]*Journal* and from other sources and process them further, for example as a database output. For parsing to be successful, `mmjsonparse` requires input messages to be structured in a way that is defined by the *Lumberjack* project. -The *Lumberjack* project aims to add structured logging to [application]*rsyslog* in a backward-compatible way. To identify a structured message, *Lumberjack* specifies the *@cee:* string that prepends the actual JSON structure. Also, *Lumberjack* defines the list of standard field names that should be used for entities in the JSON string. For more information on *Lumberjack*, see <>. +The *Lumberjack* project aims to add structured logging to [application]*rsyslog* in a backward-compatible way. To identify a structured message, *Lumberjack* specifies the *@cee:* string that prepends the actual JSON structure. Also, *Lumberjack* defines the list of standard field names that should be used for entities in the JSON string. For more information on *Lumberjack*, see xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online Documentation]. The following is an example of a lumberjack-formatted message: @@ -1510,12 +1510,12 @@ The following is an example of a lumberjack-formatted message: ---- -To build this structure inside [application]*Rsyslog*, a template is used, see <>. Applications and servers can employ the `libumberlog` library to generate messages in the lumberjack-compliant form. For more information on `libumberlog`, see <>. +To build this structure inside [application]*Rsyslog*, a template is used, see xref:Viewing_and_Managing_Log_Files.adoc#s2-filtering_structured_messages[Filtering Structured Messages]. Applications and servers can employ the `libumberlog` library to generate messages in the lumberjack-compliant form. For more information on `libumberlog`, see xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online Documentation]. [[s2-importing_data_from_journal]] ===== Importing Data from Journal -The [command]#imjournal# module is [application]*Rsyslog*pass:attributes[{blank}]'s input module to natively read the journal files (see <>). Journal messages are then logged in text format as other rsyslog messages. However, with further processing, it is possible to translate meta data provided by [application]*Journal* into a structured message. +The [command]#imjournal# module is [application]*Rsyslog*pass:attributes[{blank}]'s input module to natively read the journal files (see xref:Viewing_and_Managing_Log_Files.adoc#s1-interaction_of_rsyslog_and_journal[Interaction of Rsyslog and Journal]). Journal messages are then logged in text format as other rsyslog messages. However, with further processing, it is possible to translate meta data provided by [application]*Journal* into a structured message. To import data from [application]*Journal* to [application]*Rsyslog*, use the following configuration in `/etc/rsyslog.conf`: @@ -1558,7 +1558,7 @@ $AddUnixListenSocket /run/systemd/journal/syslog ==== -You can translate all data and meta data stored by [application]*Journal* into structured messages. Some of these meta data entries are listed in <>, for a complete list of journal fields see the `systemd.journal-fields(7)` manual page. For example, it is possible to focus on *kernel journal fields*, that are used by messages originating in the kernel. +You can translate all data and meta data stored by [application]*Journal* into structured messages. Some of these meta data entries are listed in xref:Viewing_and_Managing_Log_Files.adoc#ex-verbose_journalctl_output[Verbose journalctl Output], for a complete list of journal fields see the `systemd.journal-fields(7)` manual page. For example, it is possible to focus on *kernel journal fields*, that are used by messages originating in the kernel. [[s2-filtering_structured_messages]] ===== Filtering Structured Messages @@ -1605,7 +1605,7 @@ In this example, the `mmjsonparse` module is loaded on the first line, then all [application]*Rsyslog* supports storing JSON logs in the MongoDB document database through the *ommongodb* output module. -To forward log messages into MongoDB, use the following syntax in the `/etc/rsyslog.conf` (configuration parameters for *ommongodb* are available only in the new configuration format; see <>): +To forward log messages into MongoDB, use the following syntax in the `/etc/rsyslog.conf` (configuration parameters for *ommongodb* are available only in the new configuration format; see xref:Viewing_and_Managing_Log_Files.adoc#sec-using_the_new_configuration_format[Using the New Configuration Format]): [subs="macros"] ---- @@ -1658,7 +1658,7 @@ Where `1` represents level of verbosity of the output message. This is a forward [[sec-Troubleshooting_Logging_to_a_Server]] ==== Troubleshooting Logging to a Server -* Ensure the time is correctly set on the systems generating the log messages as well as on any logging servers. See <> for information on checking and setting the time. See <> and <> for information on using `NTP` to keep the system clock accurately set. +* Ensure the time is correctly set on the systems generating the log messages as well as on any logging servers. See xref:../basic-system-configuration/Configuring_the_Date_and_Time.adoc#ch-Configuring_the_Date_and_Time[Configuring the Date and Time] for information on checking and setting the time. See xref:../servers/Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd] and xref:../servers/Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] for information on using `NTP` to keep the system clock accurately set. * On a logging server, check that the firewall has the appropriate ports open to allow ingress of either `UDP` or `TCP`, depending on what traffic and port the sending systems are configured to use. For example: @@ -1780,7 +1780,7 @@ Fri 2013-08-02 14:41:22 CEST [s=e1021ca1b81e4fc688fad6a3ea21d35b;i=55c;b=78c8144 ---- -This example lists fields that identify a single log entry. These meta data can be used for message filtering as shown in <>. For a complete description of all possible fields see the `systemd.journal-fields(7)` manual page. +This example lists fields that identify a single log entry. These meta data can be used for message filtering as shown in xref:Viewing_and_Managing_Log_Files.adoc#advanced_filtering[Advanced Filtering]. For a complete description of all possible fields see the `systemd.journal-fields(7)` manual page. ==== @@ -1868,7 +1868,7 @@ Filtering options can be combined to reduce the set of results according to spec [[advanced_filtering]] .Advanced Filtering -<> lists a set of fields that specify a log entry and can all be used for filtering. For a complete description of meta data that `systemd` can store, see the `systemd.journal-fields(7)` manual page. This meta data is collected for each log message, without user intervention. Values are usually text-based, but can take binary and large values; fields can have multiple values assigned though it is not very common. +xref:Viewing_and_Managing_Log_Files.adoc#ex-verbose_journalctl_output[Verbose journalctl Output] lists a set of fields that specify a log entry and can all be used for filtering. For a complete description of meta data that `systemd` can store, see the `systemd.journal-fields(7)` manual page. This meta data is collected for each log message, without user intervention. Values are usually text-based, but can take binary and large values; fields can have multiple values assigned though it is not very common. To view a list of unique values that occur in a specified field, use the following syntax: @@ -2016,7 +2016,7 @@ In order to use the [application]*System Log*, first ensure the [package]*gnome- ---- -For more information on installing packages with DNF, see <>. +For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== @@ -2028,7 +2028,7 @@ After you have installed the [package]*gnome-system-log* package, open the [appl ---- -The application only displays log files that exist; thus, the list might differ from the one shown in <>. +The application only displays log files that exist; thus, the list might differ from the one shown in xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer[System Log]. indexterm:[System Log,searching]indexterm:[System Log,filtering] [[fig-redhat-logviewer]] @@ -2043,7 +2043,7 @@ The [application]*System Log* application lets you filter any existing log file. image::redhat-filters.png[System Log - Filters] -Adding or editing a filter lets you define its parameters as is shown in <>. +Adding or editing a filter lets you define its parameters as is shown in xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-filter-sample[System Log - defining a filter]. [[fig-redhat-filter-sample]] .System Log - defining a filter @@ -2076,7 +2076,7 @@ When you select the `Show matches only` option, only the matched strings will be To add a log file you want to view in the list, select menu:File[ > `Open` > -]. This will display the `Open Log` window where you can select the directory and file name of the log file you want to view. <> illustrates the Open Log window. +]. This will display the `Open Log` window where you can select the directory and file name of the log file you want to view. xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer-add[System Log - adding a log file] illustrates the Open Log window. [[fig-redhat-logviewer-add]] .System Log - adding a log file @@ -2096,7 +2096,7 @@ The [application]*System Log* also allows you to open log files zipped in the `. [[s2-logfiles-examining]] ===== Monitoring Log Files indexterm:[log files,monitoring]indexterm:[System Log,monitoring] -[application]*System Log* monitors all opened logs by default. If a new line is added to a monitored log file, the log name appears in bold in the log list. If the log file is selected or displayed, the new lines appear in bold at the bottom of the log file. <> illustrates a new alert in the `cron` log file and in the `messages` log file. Clicking on the `messages` log file displays the logs in the file with the new lines in bold. +[application]*System Log* monitors all opened logs by default. If a new line is added to a monitored log file, the log name appears in bold in the log list. If the log file is selected or displayed, the new lines appear in bold at the bottom of the log file. xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer-monitoring[System Log - new log alert] illustrates a new alert in the `cron` log file and in the `messages` log file. Clicking on the `messages` log file displays the logs in the file with the new lines in bold. [[fig-redhat-logviewer-monitoring]] .System Log - new log alert diff --git a/en-US/package-management/DNF.adoc b/en-US/package-management/DNF.adoc index 66b5879..e2c3a30 100644 --- a/en-US/package-management/DNF.adoc +++ b/en-US/package-management/DNF.adoc @@ -12,7 +12,7 @@ include::en-US/entities.adoc[] [IMPORTANT] ==== -DNF provides secure package management by enabling GPG (Gnu Privacy Guard; also known as GnuPG) signature verification on GPG-signed packages to be turned on for all package repositories (package sources), or for individual repositories. When signature verification is enabled, DNF will refuse to install any packages not GPG-signed with the correct key for that repository. This means that you can trust that the [application]*RPM* packages you download and install on your system are from a trusted source, such as {OSORG}, and were not modified during transfer. See <> for details on enabling signature-checking with DNF, or <> for information on working with and verifying GPG-signed [application]*RPM* packages in general. +DNF provides secure package management by enabling GPG (Gnu Privacy Guard; also known as GnuPG) signature verification on GPG-signed packages to be turned on for all package repositories (package sources), or for individual repositories. When signature verification is enabled, DNF will refuse to install any packages not GPG-signed with the correct key for that repository. This means that you can trust that the [application]*RPM* packages you download and install on your system are from a trusted source, such as {OSORG}, and were not modified during transfer. See xref:DNF.adoc#sec-Configuring_DNF_and_DNF_Repositories[Configuring DNF and DNF Repositories] for details on enabling signature-checking with DNF, or xref:../RPM.adoc#s1-check-rpm-sig[Checking Package Signatures] for information on working with and verifying GPG-signed [application]*RPM* packages in general. ==== @@ -115,7 +115,7 @@ This output contains: . DNF presents the update information and then prompts you as to whether you want it to perform the update; DNF runs interactively by default. If you already know which transactions DNF plans to perform, you can use the [option]`-y` option to automatically answer [command]#yes# to any questions DNF may ask (in which case it runs non-interactively). However, you should always examine which changes DNF plans to make to the system so that you can easily troubleshoot any problems that might arise. + -If a transaction does go awry, you can view DNF's transaction history by using the [command]#dnf history# command as described in <>. +If a transaction does go awry, you can view DNF's transaction history by using the [command]#dnf history# command as described in xref:DNF.adoc#sec-DNF-Transaction_History[Working with Transaction History]. [[important-Important-Updating_and_Installing_Kernels_with_DNF]] .Updating and installing kernels with DNF @@ -124,7 +124,7 @@ If a transaction does go awry, you can view DNF's transaction history by using t DNF always *installs* a new kernel in the same sense that [application]*RPM* installs a new kernel when you use the command [command]#rpm -i kernel#. Therefore, you do not need to worry about the distinction between *installing* and *upgrading* a kernel package when you use the [command]#dnf# command: it will do the right thing, regardless of whether you are using the [command]#dnf upgrade# or [command]#dnf install# command. -When using [application]*RPM*, on the other hand, it is important to use the [command]#rpm -i kernel# command (which installs a new kernel) instead of [command]#rpm -u kernel# (which *replaces* the current kernel). See <> for more information on installing and updating kernels with [application]*RPM*. +When using [application]*RPM*, on the other hand, it is important to use the [command]#rpm -i kernel# command (which installs a new kernel) instead of [command]#rpm -u kernel# (which *replaces* the current kernel). See xref:../RPM.adoc#sec-Installing_and_Upgrading[Installing and Upgrading Packages] for more information on installing and updating kernels with [application]*RPM*. ==== @@ -139,7 +139,7 @@ To update all packages and their dependencies, enter [command]#dnf upgrade# with [[sec-Preserving_Configuration_File_Changes]] ===== Preserving Configuration File Changes indexterm:[Configuration File Changes] -You will inevitably make changes to the configuration files installed by packages as you use your {MAJOROS} system. [application]*RPM*, which DNF uses to perform changes to the system, provides a mechanism for ensuring their integrity. See <> for details on how to manage changes to configuration files across package upgrades. +You will inevitably make changes to the configuration files installed by packages as you use your {MAJOROS} system. [application]*RPM*, which DNF uses to perform changes to the system, provides a mechanism for ensuring their integrity. See xref:../RPM.adoc#sec-Installing_and_Upgrading[Installing and Upgrading Packages] for details on how to manage changes to configuration files across package upgrades. [[sec-Packages_and_Package_Groups]] ==== Packages and Package Groups @@ -209,7 +209,7 @@ kernel-core.x86_64 4.0.2-300.fc22 @System [output truncated] ---- -See <> and <> for an example usage of both these methods. +See xref:DNF.adoc#ex-Listing_all_ABRT_addons_and_plugins_using_glob_expressions[Listing all ABRT addons and plug-ins using glob expressions] and xref:DNF.adoc#ex-Listing_available_packages_using_a_single_glob_expression_with_escaped_wildcards[Listing available packages using a single glob expression with escaped wildcard characters] for an example usage of both these methods. ==== @@ -574,7 +574,7 @@ Similar to [command]#install#, [command]#remove# can take these arguments: [WARNING] ==== -DNF is not able to remove a package without also removing packages which depend on it. This type of operation can only be performed by [application]*RPM*, is not advised, and can potentially leave your system in a non-functioning state or cause applications to misbehave and terminate unexpectedly. For further information, refer to <> in the [application]*RPM* chapter. +DNF is not able to remove a package without also removing packages which depend on it. This type of operation can only be performed by [application]*RPM*, is not advised, and can potentially leave your system in a non-functioning state or cause applications to misbehave and terminate unexpectedly. For further information, refer to xref:../RPM.adoc#s2-rpm-uninstalling[Uninstalling Packages] in the [application]*RPM* chapter. ==== @@ -647,7 +647,7 @@ The [command]#dnf history list# command produces tabular output with each row co * `Date and time` — the date and time when a transaction was issued. -* `Action(s)` — a list of actions that were performed during a transaction as described in <>. +* `Action(s)` — a list of actions that were performed during a transaction as described in xref:DNF.adoc#tabl-DNF-Transaction_History-Actions[Possible values of the Action(s) field]. * `Altered` — the number of packages that were affected by a transaction, possibly followed by additional information. @@ -735,7 +735,7 @@ The following are the most commonly-used options in the `[main]` section: + If this option is set in the `[main]` section of the `/etc/dnf/dnf.conf` file, it sets the GPG-checking rule for all repositories. However, you can also set [option]`gpgcheck=pass:attributes[{blank}]_value_pass:attributes[{blank}]` for individual repositories instead; you can enable GPG-checking on one repository while disabling it on another. Setting [option]`gpgcheck=pass:attributes[{blank}]_value_pass:attributes[{blank}]` for an individual repository in its corresponding `.repo` file overrides the default if it is present in `/etc/dnf/dnf.conf`. + -For more information on GPG signature-checking, refer to <>. +For more information on GPG signature-checking, refer to xref:../RPM.adoc#s1-check-rpm-sig[Checking Package Signatures]. [option]`installonlypkgs`pass:attributes[{blank}]=pass:attributes[{blank}]_space_pass:attributes[{blank}] pass:attributes[{blank}]_separated_pass:attributes[{blank}] pass:attributes[{blank}]_list_pass:attributes[{blank}] pass:attributes[{blank}]_of_pass:attributes[{blank}] pass:attributes[{blank}]_packages_:: Here you can provide a space-separated list of packages which [command]#dnf# can *install*, but will never *update*. See the *dnf.conf*(5) manual page for the list of packages which are install-only by default. + @@ -799,7 +799,7 @@ Usually this URL is an HTTP link, such as: baseurl=http://path/to/repo/releases/$releasever/server/$basearch/os/ ---- + -Note that DNF always expands the `$releasever`, `$arch`, and `$basearch` variables in URLs. For more information about DNF variables, refer to <>. +Note that DNF always expands the `$releasever`, `$arch`, and `$basearch` variables in URLs. For more information about DNF variables, refer to xref:DNF.adoc#sec-Using_DNF_Variables[Using DNF Variables]. To configure the default set of repositories, use the [option]`enabled` option as follows: @@ -849,7 +849,7 @@ cachedir = /var/cache/dnf/x86_64/22 [[sec-Managing_DNF_Repositories]] ==== Adding, Enabling, and Disabling a DNF Repository indexterm:[DNF,repository] -<> describes various options you can use to define a DNF repository. This section explains how to add, enable, and disable a repository by using the [command]#dnf config-manager# command. +xref:DNF.adoc#sec-Setting_repository_Options[Setting [repository] Options] describes various options you can use to define a DNF repository. This section explains how to add, enable, and disable a repository by using the [command]#dnf config-manager# command. .Adding a DNF Repository To define a new repository, you can either add a `[pass:attributes[{blank}]_repository_pass:attributes[{blank}]]` section to the `/etc/dnf/dnf.conf` file, or to a `.repo` file in the `/etc/yum.repos.d/` directory. All files with the `.repo` file extension in this directory are read by DNF, and it is recommended to define your repositories here instead of in `/etc/dnf/dnf.conf`. diff --git a/en-US/servers/Configuring_NTP_Using_ntpd.adoc b/en-US/servers/Configuring_NTP_Using_ntpd.adoc index 0831157..41f453b 100644 --- a/en-US/servers/Configuring_NTP_Using_ntpd.adoc +++ b/en-US/servers/Configuring_NTP_Using_ntpd.adoc @@ -10,7 +10,7 @@ include::en-US/entities.adoc[] The _Network Time Protocol_ (*NTP*) enables the accurate dissemination of time and date information in order to keep the time clocks on networked computer systems synchronized to a common reference over the network or the Internet. Many standards bodies around the world have atomic clocks which may be made available as a reference. The satellites that make up the Global Position System contain more than one atomic clock, making their time signals potentially very accurate. Their signals can be deliberately degraded for military reasons. An ideal situation would be where each site has a server, with its own reference clock attached, to act as a site-wide time server. Many devices which obtain the time and date via low frequency radio transmissions or the Global Position System (GPS) exist. However for most situations, a range of publicly accessible time servers connected to the Internet at geographically dispersed locations can be used. These `NTP` servers provide "pass:attributes[{blank}]_Coordinated Universal Time_pass:attributes[{blank}]" (*UTC*). Information about these time servers can found at [citetitle]_www.pool.ntp.org_. -Accurate time keeping is important for a number of reasons in IT. In networking for example, accurate time stamps in packets and logs are required. Logs are used to investigate service and security issues and so time stamps made on different systems must be made by synchronized clocks to be of real value. As systems and networks become increasingly faster, there is a corresponding need for clocks with greater accuracy and resolution. In some countries there are legal obligations to keep accurately synchronized clocks. Please see [citetitle]_www.ntp.org_ for more information. In Linux systems, `NTP` is implemented by a daemon running in user space. The default `NTP` user space daemon in {MAJOROSVER} is `chronyd`. It must be disabled if you want to use the `ntpd` daemon. See <> for information on [application]*chrony*. +Accurate time keeping is important for a number of reasons in IT. In networking for example, accurate time stamps in packets and logs are required. Logs are used to investigate service and security issues and so time stamps made on different systems must be made by synchronized clocks to be of real value. As systems and networks become increasingly faster, there is a corresponding need for clocks with greater accuracy and resolution. In some countries there are legal obligations to keep accurately synchronized clocks. Please see [citetitle]_www.ntp.org_ for more information. In Linux systems, `NTP` is implemented by a daemon running in user space. The default `NTP` user space daemon in {MAJOROSVER} is `chronyd`. It must be disabled if you want to use the `ntpd` daemon. See xref:Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] for information on [application]*chrony*. The user space daemon updates the system clock, which is a software clock running in the kernel. Linux uses a software clock as its system clock for better resolution than the typical embedded hardware clock referred to as the "pass:attributes[{blank}]_Real Time Clock_pass:attributes[{blank}]" *(RTC)*. See the `rtc(4)` and `hwclock(8)` man pages for information on hardware clocks. The system clock can keep time by using various clock sources. Usually, the _Time Stamp Counter_ (*TSC*) is used. The TSC is a CPU register which counts the number of cycles since it was last reset. It is very fast, has a high resolution, and there are no interrupts. On system start, the system clock reads the time and date from the RTC. The time kept by the RTC will drift away from actual time by up to 5 minutes per month due to temperature variations. Hence the need for the system clock to be constantly synchronized with external time references. When the system clock is being synchronized by `ntpd`, the kernel will in turn update the RTC every 11 minutes automatically. @@ -58,7 +58,7 @@ This implementation of `NTP` enables sub-second accuracy to be achieved. Over th The `NTP` protocol provides additional information to improve accuracy. Four time stamps are used to allow the calculation of round-trip time and server response time. In order for a system in its role as `NTP` client to synchronize with a reference time server, a packet is sent with an "originate time stamp". When the packet arrives, the time server adds a "receive time stamp". After processing the request for time and date information and just before returning the packet, it adds a "transmit time stamp". When the returning packet arrives at the `NTP` client, a "receive time stamp" is generated. The client can now calculate the total round trip time and by subtracting the processing time derive the actual traveling time. By assuming the outgoing and return trips take equal time, the single-trip delay in receiving the `NTP` data is calculated. The full `NTP` algorithm is much more complex than presented here. -When a packet containing time information is received it is not immediately responded to, but is first subject to validation checks and then processed together with several other time samples to arrive at an estimate of the time. This is then compared to the system clock to determine the time offset, the difference between the system clock's time and what `ntpd` has determined the time should be. The system clock is adjusted slowly, at most at a rate of 0.5ms per second, to reduce this offset by changing the frequency of the counter being used. It will take at least 2000 seconds to adjust the clock by 1 second using this method. This slow change is referred to as slewing and cannot go backwards. If the time offset of the clock is more than 128ms (the default setting), `ntpd` can "step" the clock forwards or backwards. If the time offset at system start is greater than 1000 seconds then the user, or an installation script, should make a manual adjustment. See <>. With the [option]`-g` option to the [command]#ntpd# command (used by default), any offset at system start will be corrected, but during normal operation only offsets of up to 1000 seconds will be corrected. +When a packet containing time information is received it is not immediately responded to, but is first subject to validation checks and then processed together with several other time samples to arrive at an estimate of the time. This is then compared to the system clock to determine the time offset, the difference between the system clock's time and what `ntpd` has determined the time should be. The system clock is adjusted slowly, at most at a rate of 0.5ms per second, to reduce this offset by changing the frequency of the counter being used. It will take at least 2000 seconds to adjust the clock by 1 second using this method. This slow change is referred to as slewing and cannot go backwards. If the time offset of the clock is more than 128ms (the default setting), `ntpd` can "step" the clock forwards or backwards. If the time offset at system start is greater than 1000 seconds then the user, or an installation script, should make a manual adjustment. See xref:../basic-system-configuration/Configuring_the_Date_and_Time.adoc#ch-Configuring_the_Date_and_Time[Configuring the Date and Time]. With the [option]`-g` option to the [command]#ntpd# command (used by default), any offset at system start will be corrected, but during normal operation only offsets of up to 1000 seconds will be corrected. Some software may fail or produce an error if the time is changed backwards. For systems that are sensitive to step changes in the time, the threshold can be changed to 600s instead of 128ms using the [option]`-x` option (unrelated to the [option]`-g` option). Using the [option]`-x` option to increase the stepping limit from 0.128s to 600s has a drawback because a different method of controlling the clock has to be used. It disables the kernel clock discipline and may have a negative impact on the clock accuracy. The [option]`-x` option can be added to the `/etc/sysconfig/ntpd` configuration file. @@ -70,9 +70,9 @@ The drift file is used to store the frequency offset between the system clock ru [[s1-UTC_timezones_and_DST]] ==== UTC, Timezones, and DST -As `NTP` is entirely in UTC (Universal Time, Coordinated), Timezones and DST (Daylight Saving Time) are applied locally by the system. The file `/etc/localtime` is a copy of, or symlink to, a zone information file from `/usr/share/zoneinfo`. The RTC may be in localtime or in UTC, as specified by the 3rd line of `/etc/adjtime`, which will be one of LOCAL or UTC to indicate how the RTC clock has been set. Users can easily change this setting using the checkbox `System Clock Uses UTC` in the [application]*Date and Time* graphical configuration tool. See <> for information on how to use that tool. Running the RTC in UTC is recommended to avoid various problems when daylight saving time is changed. +As `NTP` is entirely in UTC (Universal Time, Coordinated), Timezones and DST (Daylight Saving Time) are applied locally by the system. The file `/etc/localtime` is a copy of, or symlink to, a zone information file from `/usr/share/zoneinfo`. The RTC may be in localtime or in UTC, as specified by the 3rd line of `/etc/adjtime`, which will be one of LOCAL or UTC to indicate how the RTC clock has been set. Users can easily change this setting using the checkbox `System Clock Uses UTC` in the [application]*Date and Time* graphical configuration tool. See xref:../basic-system-configuration/Configuring_the_Date_and_Time.adoc#ch-Configuring_the_Date_and_Time[Configuring the Date and Time] for information on how to use that tool. Running the RTC in UTC is recommended to avoid various problems when daylight saving time is changed. -The operation of `ntpd` is explained in more detail in the man page `ntpd(8)`. The resources section lists useful sources of information. See <>. +The operation of `ntpd` is explained in more detail in the man page `ntpd(8)`. The resources section lists useful sources of information. See xref:Configuring_NTP_Using_ntpd.adoc#s1-ntpd_additional-resources[Additional Resources]. [[s1-Authentication_Options_for_NTP]] ==== Authentication Options for NTP @@ -81,7 +81,7 @@ The operation of `ntpd` is explained in more detail in the man page `ntpd(8)`. T An attacker on the network can attempt to disrupt a service by sending `NTP` packets with incorrect time information. On systems using the public pool of `NTP` servers, this risk is mitigated by having more than three `NTP` servers in the list of public `NTP` servers in `/etc/ntp.conf`. If only one time source is compromised or spoofed, `ntpd` will ignore that source. You should conduct a risk assessment and consider the impact of incorrect time on your applications and organization. If you have internal time sources you should consider steps to protect the network over which the `NTP` packets are distributed. If you conduct a risk assessment and conclude that the risk is acceptable, and the impact to your applications minimal, then you can choose not to use authentication. -The broadcast and multicast modes require authentication by default. If you have decided to trust the network then you can disable authentication by using [command]#disable auth# directive in the `ntp.conf` file. Alternatively, authentication needs to be configured by using SHA1 or MD5 symmetric keys, or by public (asymmetric) key cryptography using the Autokey scheme. The Autokey scheme for asymmetric cryptography is explained in the `ntp_auth(8)` man page and the generation of keys is explained in `ntp-keygen(8`). To implement symmetric key cryptography, see <> for an explanation of the [option]`key` option. +The broadcast and multicast modes require authentication by default. If you have decided to trust the network then you can disable authentication by using [command]#disable auth# directive in the `ntp.conf` file. Alternatively, authentication needs to be configured by using SHA1 or MD5 symmetric keys, or by public (asymmetric) key cryptography using the Autokey scheme. The Autokey scheme for asymmetric cryptography is explained in the `ntp_auth(8)` man page and the generation of keys is explained in `ntp-keygen(8`). To implement symmetric key cryptography, see xref:Configuring_NTP_Using_ntpd.adoc#s2_Configuring_Symmetric_Authentication_Using_a_Key[Configuring Symmetric Authentication Using a Key] for an explanation of the [option]`key` option. [[s1-Managing_the_Time_on_Virtual_Machines]] ==== Managing the Time on Virtual Machines @@ -103,7 +103,7 @@ The daemon, `ntpd`, reads the configuration file at system start or when the ser ~]${nbsp}pass:attributes[{blank}][command]#less /etc/ntp.conf# ---- -The configuration commands are explained briefly later in this chapter, see <>, and more verbosely in the `ntp.conf(5)` man page. +The configuration commands are explained briefly later in this chapter, see xref:Configuring_NTP_Using_ntpd.adoc#s1-Configure_NTP[Configure NTP], and more verbosely in the `ntp.conf(5)` man page. Here follows a brief explanation of the contents of the default configuration file: @@ -116,7 +116,7 @@ driftfile /var/lib/ntp/drift If you change this be certain that the directory is writable by `ntpd`. The file contains one value used to adjust the system clock frequency after every system or service start. -See <> for more information. +See xref:Configuring_NTP_Using_ntpd.adoc#s1-Understanding_the_Drift_File[Understanding the Drift File] for more information. The access control entries:: The following line sets the default access control restriction: @@ -181,7 +181,7 @@ server 2.fedora.pool.ntp.org iburst server 3.fedora.pool.ntp.org iburst ---- -The broadcast multicast servers entry:: By default, the `ntp.conf` file contains some commented out examples. These are largely self explanatory. See <> for the explanation of the specific commands. If required, add your commands just below the examples. +The broadcast multicast servers entry:: By default, the `ntp.conf` file contains some commented out examples. These are largely self explanatory. See xref:Configuring_NTP_Using_ntpd.adoc#s1-Configure_NTP[Configure NTP] for the explanation of the specific commands. If required, add your commands just below the examples. [NOTE] ==== @@ -376,7 +376,7 @@ where _option_ is one or more of: * [option]`kod` — a "Kiss-o'-death" packet is to be sent to reduce unwanted queries. -* [option]`limited` — do not respond to time service requests if the packet violates the rate limit default values or those specified by the [command]#discard# command. `ntpq` and `ntpdc` queries are not affected. For more information on the [command]#discard# command and the default values, see <>. +* [option]`limited` — do not respond to time service requests if the packet violates the rate limit default values or those specified by the [command]#discard# command. `ntpq` and `ntpdc` queries are not affected. For more information on the [command]#discard# command and the default values, see xref:Configuring_NTP_Using_ntpd.adoc#s2_Configure_Rate_Limiting_Access_to_an_NTP_Service[Configure Rate Limiting Access to an NTP Service]. * [option]`lowpriotrap` — traps set by matching hosts to be low priority. @@ -403,7 +403,7 @@ The `ntpq` and `ntpdc` queries can be used in amplification attacks (see [citeti [[s2_Configure_Rate_Limiting_Access_to_an_NTP_Service]] ===== Configure Rate Limiting Access to an NTP Service -To enable rate limiting access to the `NTP` service running on a system, add the [option]`limited` option to the [command]#restrict# command as explained in <>. If you do not want to use the default discard parameters, then also use the [command]#discard# command as explained here. +To enable rate limiting access to the `NTP` service running on a system, add the [option]`limited` option to the [command]#restrict# command as explained in xref:Configuring_NTP_Using_ntpd.adoc#s2-Configure_Access_Control_to_an_NTP_service[Configure Access Control to an NTP Service]. If you do not want to use the default discard parameters, then also use the [command]#discard# command as explained here. The [command]#discard# command takes the following form: @@ -464,7 +464,7 @@ The address of a remote reference server or local reference clock from which pac To add a broadcast or multicast address for sending, that is to say, the address to broadcast or multicast `NTP` packets to, make use of the [command]#broadcast# command in the `ntp.conf` file. -The broadcast and multicast modes require authentication by default. See <>. +The broadcast and multicast modes require authentication by default. See xref:Configuring_NTP_Using_ntpd.adoc#s1-Authentication_Options_for_NTP[Authentication Options for NTP]. The [command]#broadcast# command takes the following form: @@ -506,7 +506,7 @@ The [command]#broadcastclient# command takes the following form: [command]#broadcastclient# ---- -Enables the receiving of broadcast messages. Requires authentication by default. See <>. +Enables the receiving of broadcast messages. Requires authentication by default. See xref:Configuring_NTP_Using_ntpd.adoc#s1-Authentication_Options_for_NTP[Authentication Options for NTP]. This command configures a system to act as an `NTP` client. Systems can be both client and server at the same time. @@ -590,7 +590,7 @@ broadcast 192.168.1.255 key 20 manycastclient 239.255.254.254 key 30 ---- -See also <>. +See also xref:Configuring_NTP_Using_ntpd.adoc#s1-Authentication_Options_for_NTP[Authentication Options for NTP]. [[s2_Configuring_the_Poll_Interval]] ===== Configuring the Poll Interval diff --git a/en-US/servers/Configuring_NTP_Using_the_chrony_Suite.adoc b/en-US/servers/Configuring_NTP_Using_the_chrony_Suite.adoc index a607a02..c8da030 100644 --- a/en-US/servers/Configuring_NTP_Using_the_chrony_Suite.adoc +++ b/en-US/servers/Configuring_NTP_Using_the_chrony_Suite.adoc @@ -608,7 +608,7 @@ To make changes to the local instance of `chronyd` using the command line utilit ~]#{nbsp}chronyc -a ---- -[application]*chronyc* must run as `root` if some of the restricted commands are to be used. The [option]`-a` option is for automatic authentication using the local keys when configuring `chronyd` on the local system. See <> for more information. +[application]*chronyc* must run as `root` if some of the restricted commands are to be used. The [option]`-a` option is for automatic authentication using the local keys when configuring `chronyd` on the local system. See xref:Configuring_NTP_Using_the_chrony_Suite.adoc#sect-Security_with_chronyc[Security with chronyc] for more information. The [application]*chronyc* command prompt will be displayed as follows: diff --git a/en-US/servers/Configuring_PTP_Using_ptp4l.adoc b/en-US/servers/Configuring_PTP_Using_ptp4l.adoc index 179c209..a500ffd 100644 --- a/en-US/servers/Configuring_PTP_Using_ptp4l.adoc +++ b/en-US/servers/Configuring_PTP_Using_ptp4l.adoc @@ -91,12 +91,12 @@ The kernel in Fedora includes support for `PTP`. User space support is provided This will install [application]*ptp4l* and [application]*phc2sys*. -Do not run more than one service to set the system clock's time at the same time. If you intend to serve `PTP` time using `NTP`, see <>. +Do not run more than one service to set the system clock's time at the same time. If you intend to serve `PTP` time using `NTP`, see xref:Configuring_PTP_Using_ptp4l.adoc#sec-Serving_PTP_Time_with_NTP[Serving PTP Time with NTP]. [[sec-Starting_ptp4l]] ===== Starting ptp4l -The [application]*ptp4l* program can be started from the command line or it can be started as a service. When running as a service, options are specified in the `/etc/sysconfig/ptp4l` file. Options required for use both by the service and on the command line should be specified in the `/etc/ptp4l.conf` file. The `/etc/sysconfig/ptp4l` file includes the [command]#-f /etc/ptp4l.conf# command line option, which causes the `ptp4l` program to read the `/etc/ptp4l.conf` file and process the options it contains. The use of the `/etc/ptp4l.conf` is explained in <>. More information on the different [application]*ptp4l* options and the configuration file settings can be found in the `ptp4l(8)` man page. +The [application]*ptp4l* program can be started from the command line or it can be started as a service. When running as a service, options are specified in the `/etc/sysconfig/ptp4l` file. Options required for use both by the service and on the command line should be specified in the `/etc/ptp4l.conf` file. The `/etc/sysconfig/ptp4l` file includes the [command]#-f /etc/ptp4l.conf# command line option, which causes the `ptp4l` program to read the `/etc/ptp4l.conf` file and process the options it contains. The use of the `/etc/ptp4l.conf` is explained in xref:Configuring_PTP_Using_ptp4l.adoc#sec-Specifying_a_Configuration_File[Specifying a Configuration File]. More information on the different [application]*ptp4l* options and the configuration file settings can be found in the `ptp4l(8)` man page. .Starting ptp4l as a Service To start [application]*ptp4l* as a service, issue the following command as `root`: @@ -559,7 +559,7 @@ Notice the section named as follows: [ntp_server pass:quotes[_address_]] ---- -This is an example of an `NTP` server section, "ntp-server.local" is an example of a host name for an `NTP` server on the local LAN. Add more sections as required using a host name or `IP` address as part of the section name. Note that the short polling values in that example section are not suitable for a public server, see <> for an explanation of suitable [option]`minpoll` and [option]`maxpoll` values. +This is an example of an `NTP` server section, "ntp-server.local" is an example of a host name for an `NTP` server on the local LAN. Add more sections as required using a host name or `IP` address as part of the section name. Note that the short polling values in that example section are not suitable for a public server, see xref:Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd] for an explanation of suitable [option]`minpoll` and [option]`maxpoll` values. Notice the section named as follows: @@ -616,7 +616,7 @@ The section headings and there contents are explained in detail in the `timemast ~]# vi /etc/timemaster.conf ---- -. For each `NTP` server you want to control using [application]*timemaster*, create `[ntp_server _address_pass:attributes[{blank}]]` sections . Note that the short polling values in the example section are not suitable for a public server, see <> for an explanation of suitable [option]`minpoll` and [option]`maxpoll` values. +. For each `NTP` server you want to control using [application]*timemaster*, create `[ntp_server _address_pass:attributes[{blank}]]` sections . Note that the short polling values in the example section are not suitable for a public server, see xref:Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd] for an explanation of suitable [option]`minpoll` and [option]`maxpoll` values. . To add interfaces that should be used in a domain, edit the `#[ptp_domain 0]` section and add the interfaces. Create additional domains as required. For example: @@ -628,7 +628,7 @@ The section headings and there contents are explained in detail in the `timemast interfaces eth1 ---- -. If required to use `ntpd` as the `NTP` daemon on this system, change the default entry in the `[timemaster]` section from `chronyd` to `ntpd`. See <> for information on the differences between ntpd and chronyd. +. If required to use `ntpd` as the `NTP` daemon on this system, change the default entry in the `[timemaster]` section from `chronyd` to `ntpd`. See xref:Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] for information on the differences between ntpd and chronyd. . If using `chronyd` as the `NTP` server on this system, add any additional options below the default [option]`include /etc/chrony.conf` entry in the `[chrony.conf]` section. Edit the default [option]`include` entry if the path to `/etc/chrony.conf` is known to have changed. @@ -636,9 +636,9 @@ The section headings and there contents are explained in detail in the `timemast . In the `[ptp4l.conf]` section, add any options to be copied to the configuration file generated for [application]*ptp4l*. This chapter documents common options and more information is available in the `ptp4l(8)` manual page. -. In the `[chronyd]` section, add any command line options to be passed to `chronyd` when called by [application]*timemaster*. See <> for information on using `chronyd`. +. In the `[chronyd]` section, add any command line options to be passed to `chronyd` when called by [application]*timemaster*. See xref:Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] for information on using `chronyd`. -. In the `[ntpd]` section, add any command line options to be passed to `ntpd` when called by [application]*timemaster*. See <> for information on using `ntpd`. +. In the `[ntpd]` section, add any command line options to be passed to `ntpd` when called by [application]*timemaster*. See xref:Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd] for information on using `ntpd`. . In the `[phc2sys]` section, add any command line options to be passed to [application]*phc2sys* when called by [application]*timemaster*. This chapter documents common options and more information is available in the `phy2sys(8)` manual page. diff --git a/en-US/servers/FTP.adoc b/en-US/servers/FTP.adoc index 1f39aa1..5784802 100644 --- a/en-US/servers/FTP.adoc +++ b/en-US/servers/FTP.adoc @@ -22,7 +22,7 @@ active mode:: Active mode is the original method used by the `FTP` protocol for passive mode:: Passive mode, like active mode, is initiated by the `FTP` client application. When requesting data from the server, the `FTP` client indicates it wants to access the data in passive mode and the server provides the `IP` address and a random, unprivileged port (greater than 1024) on the server. The client then connects to that port on the server to download the requested information. + -While passive mode resolves issues for client-side firewall interference with data connections, it can complicate administration of the server-side firewall. You can reduce the number of open ports on a server by limiting the range of unprivileged ports on the `FTP` server. This also simplifies the process of configuring firewall rules for the server. See <> for more information about limiting passive ports. +While passive mode resolves issues for client-side firewall interference with data connections, it can complicate administration of the server-side firewall. You can reduce the number of open ports on a server by limiting the range of unprivileged ports on the `FTP` server. This also simplifies the process of configuring firewall rules for the server. See xref:File_and_Print_Servers.adoc#s3-ftp-vsftpd-conf-opt-net[Network Options] for more information about limiting passive ports. [[s2-ftp-servers]] ===== FTP Servers @@ -61,11 +61,11 @@ Use of these security practices has the following effect on how [command]#vsftpd indexterm:[vsftpd,RPM,files installed by] The `vsftpd` RPM installs the daemon (`/usr/sbin/vsftpd`), its configuration and related files, as well as `FTP` directories onto the system. The following lists the files and directories related to [command]#vsftpd# configuration: -* `/etc/rc.d/init.d/vsftpd` — The *initialization script* (_initscript_) used by the [command]#systemctl# command to start, stop, or reload [command]#vsftpd#. See <> for more information about using this script. +* `/etc/rc.d/init.d/vsftpd` — The *initialization script* (_initscript_) used by the [command]#systemctl# command to start, stop, or reload [command]#vsftpd#. See xref:File_and_Print_Servers.adoc#s2-ftp-vsftpd-start[Starting and Stopping [command]#vsftpd#] for more information about using this script. * `/etc/pam.d/vsftpd` — The Pluggable Authentication Modules (PAM) configuration file for [command]#vsftpd#. This file specifies the requirements a user must meet to login to the `FTP` server. For more information on PAM, refer to the [citetitle]_Using Pluggable Authentication Modules (PAM)_ chapter of the {MAJOROSVER} [citetitle]_Managing Single Sign-On and Smart Cards_ guide. -* `/etc/vsftpd/vsftpd.conf` — The configuration file for [command]#vsftpd#. See <> for a list of important options contained within this file. +* `/etc/vsftpd/vsftpd.conf` — The configuration file for [command]#vsftpd#. See xref:File_and_Print_Servers.adoc#s2-ftp-vsftpd-conf[[command]#vsftpd# Configuration Options] for a list of important options contained within this file. * `/etc/vsftpd/ftpusers` — A list of users not allowed to log into [command]#vsftpd#. By default, this list includes the `root`, `bin`, and `daemon` users, among others. @@ -110,7 +110,7 @@ To conditionally restart the server, as `root` type: [command]#systemctl condrestart vsftpd.service# ---- -By default, the [command]#vsftpd# service does *not* start automatically at boot time. To configure the [command]#vsftpd# service to start at boot time, use a service manager such as [command]#systemctl#. See <> for more information on how to configure services in {MAJOROS}. +By default, the [command]#vsftpd# service does *not* start automatically at boot time. To configure the [command]#vsftpd# service to start at boot time, use a service manager such as [command]#systemctl#. See xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. [[s3-ftp-vsftpd-start-multi]] ====== Starting Multiple Copies of [command]#vsftpd# @@ -185,7 +185,7 @@ The following is a list of directives which control the login behavior and acces + The default value is [command]#YES#. + -See <> for a list of directives affecting anonymous users. +See xref:File_and_Print_Servers.adoc#s3-ftp-vsftpd-conf-opt-anon[Anonymous User Options] for a list of directives affecting anonymous users. * [command]#banned_email_file# — If the [command]#deny_email_enable# directive is set to [command]#YES#, this directive specifies the file containing a list of anonymous email passwords which are not permitted access to the server. + @@ -211,7 +211,7 @@ By default [command]#vsftpd# displays its standard banner. + The default value is [command]#YES#. + -See <> for a list of directives affecting local users. +See xref:File_and_Print_Servers.adoc#s3-ftp-vsftpd-conf-opt-usr[Local User Options] for a list of directives affecting local users. * [command]#pam_service_name# — Specifies the PAM service name for [command]#vsftpd#. + @@ -461,7 +461,7 @@ There is no default value for this directive. [NOTE] ==== -If running multiple copies of [command]#vsftpd# serving different `IP` addresses, the configuration file for each copy of the [command]#vsftpd# daemon must have a different value for this directive. See <> for more information about multihomed `FTP` servers. +If running multiple copies of [command]#vsftpd# serving different `IP` addresses, the configuration file for each copy of the [command]#vsftpd# daemon must have a different value for this directive. See xref:File_and_Print_Servers.adoc#s3-ftp-vsftpd-start-multi[Starting Multiple Copies of [command]#vsftpd#] for more information about multihomed `FTP` servers. ==== @@ -473,7 +473,7 @@ There is no default value for this directive. [NOTE] ==== -If running multiple copies of [command]#vsftpd# serving different `IP` addresses, the configuration file for each copy of the [command]#vsftpd# daemon must have a different value for this directive. See <> for more information about multihomed `FTP` servers. +If running multiple copies of [command]#vsftpd# serving different `IP` addresses, the configuration file for each copy of the [command]#vsftpd# daemon must have a different value for this directive. See xref:File_and_Print_Servers.adoc#s3-ftp-vsftpd-start-multi[Starting Multiple Copies of [command]#vsftpd#] for more information about multihomed `FTP` servers. ==== diff --git a/en-US/servers/Mail_Servers.adoc b/en-US/servers/Mail_Servers.adoc index c297586..77a7b6d 100644 --- a/en-US/servers/Mail_Servers.adoc +++ b/en-US/servers/Mail_Servers.adoc @@ -53,7 +53,7 @@ In order to use [application]*Dovecot*, first ensure the [package]*dovecot* pack ~]#{nbsp}dnf install dovecot ---- -For more information on installing packages with DNF, see <>. +For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== @@ -73,12 +73,12 @@ There are, however, a variety of lesser-used `POP` protocol variants: * *RPOP* — `POP3` with `RPOP` authentication. This uses a per-user ID, similar to a password, to authenticate POP requests. However, this ID is not encrypted, so `RPOP` is no more secure than standard `POP`. -For added security, it is possible to use _Secure Socket Layer_ (_SSL_) encryption for client authentication and data transfer sessions. This can be enabled by using the [command]#pop3s# service, or by using the [command]#stunnel# application. For more information on securing email communication, see <>. +For added security, it is possible to use _Secure Socket Layer_ (_SSL_) encryption for client authentication and data transfer sessions. This can be enabled by using the [command]#pop3s# service, or by using the [command]#stunnel# application. For more information on securing email communication, see xref:Mail_Servers.adoc#s2-email-security[Securing Communication]. [[s3-email-protocols-imap]] ====== IMAP indexterm:[email,protocols,IMAP] -The default `IMAP` server under {MAJOROS} is [application]*Dovecot* and is provided by the [package]*dovecot* package. See <> for information on how to install [application]*Dovecot*. +The default `IMAP` server under {MAJOROS} is [application]*Dovecot* and is provided by the [package]*dovecot* package. See xref:Mail_Servers.adoc#s3-email-protocols-pop[POP] for information on how to install [application]*Dovecot*. When using an `IMAP` mail server, email messages remain on the server where users can read or delete them. `IMAP` also allows client applications to create, rename, or delete mail directories on the server to organize and store email. @@ -88,7 +88,7 @@ For convenience, `IMAP` client applications are capable of caching copies of mes `IMAP`, like `POP`, is fully compatible with important Internet messaging standards, such as MIME, which allow for email attachments. -For added security, it is possible to use `SSL` encryption for client authentication and data transfer sessions. This can be enabled by using the [command]#imaps# service, or by using the [command]#stunnel# program. For more information on securing email communication, see <>. +For added security, it is possible to use `SSL` encryption for client authentication and data transfer sessions. This can be enabled by using the [command]#imaps# service, or by using the [command]#stunnel# program. For more information on securing email communication, see xref:Mail_Servers.adoc#s2-email-security[Securing Communication]. Other free, as well as commercial, IMAP clients and servers are available, many of which extend the IMAP protocol and provide additional functionality. @@ -162,7 +162,7 @@ Many modern email client programs can act as an MTA when sending email. However, Since {MAJOROS} offers two MTAs, _Postfix_ and _Sendmail_, email client programs are often not required to act as an MTA. {MAJOROS} also includes a special purpose MTA called _Fetchmail_. -For more information on Postfix, Sendmail, and Fetchmail, see <>. +For more information on Postfix, Sendmail, and Fetchmail, see xref:Mail_Servers.adoc#s1-email-mta[Mail Transport Agents]. [[s2-email-types-mda]] ===== Mail Delivery Agent @@ -202,7 +202,7 @@ Similarly, to disable the service, type the following at a shell prompt: ~]#{nbsp}systemctl disable service ---- -For more information on how to manage system services in {MAJOROSVER}, see <>. +For more information on how to manage system services in {MAJOROSVER}, see xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. [[s2-email-mta-postfix]] ===== Postfix @@ -236,7 +236,7 @@ The `aliases` file can be found in the `/etc/` directory. This file is shared be [IMPORTANT] ==== -The default `/etc/postfix/main.cf` file does not allow Postfix to accept network connections from a host other than the local computer. For instructions on configuring Postfix as a server for other clients, see <>. +The default `/etc/postfix/main.cf` file does not allow Postfix to accept network connections from a host other than the local computer. For instructions on configuring Postfix as a server for other clients, see xref:Mail_Servers.adoc#s3-email-mta-postfix-conf[Basic Postfix Configuration]. ==== @@ -306,19 +306,19 @@ The `/etc/postfix/ldap-aliases.cf` file can specify various parameters, includin ==== -For more information on `LDAP`, see <>. +For more information on `LDAP`, see xref:Directory_Servers.adoc#s1-OpenLDAP[OpenLDAP]. [[s2-email-mta-sendmail]] ===== Sendmail indexterm:[email,Sendmail]indexterm:[Sendmail] -Sendmail's core purpose, like other MTAs, is to safely transfer email among hosts, usually using the `SMTP` protocol. Note that Sendmail is considered deprecated and users are encouraged to use Postfix when possible. See <> for more information. +Sendmail's core purpose, like other MTAs, is to safely transfer email among hosts, usually using the `SMTP` protocol. Note that Sendmail is considered deprecated and users are encouraged to use Postfix when possible. See xref:Mail_Servers.adoc#s2-email-mta-postfix[Postfix] for more information. [[s3-email-mta-sendmail-purpose]] ====== Purpose and Limitations indexterm:[Sendmail,purpose]indexterm:[Sendmail,limitations] It is important to be aware of what Sendmail is and what it can do, as opposed to what it is not. In these days of monolithic applications that fulfill multiple roles, Sendmail may seem like the only application needed to run an email server within an organization. Technically, this is true, as Sendmail can spool mail to each users' directory and deliver outbound mail for users. However, most users actually require much more than simple email delivery. Users usually want to interact with their email using an MUA, that uses `POP` or `IMAP`, to download their messages to their local machine. Or, they may prefer a Web interface to gain access to their mailbox. These other applications can work in conjunction with Sendmail, but they actually exist for different reasons and can operate separately from one another. -It is beyond the scope of this section to go into all that Sendmail should or could be configured to do. With literally hundreds of different options and rule sets, entire volumes have been dedicated to helping explain everything that can be done and how to fix things that go wrong. See the <> for a list of Sendmail resources. +It is beyond the scope of this section to go into all that Sendmail should or could be configured to do. With literally hundreds of different options and rule sets, entire volumes have been dedicated to helping explain everything that can be done and how to fix things that go wrong. See the xref:Mail_Servers.adoc#s1-email-additional-resources[Additional Resources] for a list of Sendmail resources. This section reviews the files installed with Sendmail by default and reviews basic configuration changes, including how to stop unwanted email (spam) and how to extend Sendmail with the _Lightweight Directory Access Protocol (LDAP)_. @@ -339,9 +339,9 @@ In order to configure Sendmail, ensure the [package]*sendmail-cf* package is ins ~]#{nbsp}dnf install sendmail-cf ---- -For more information on installing packages with DNF, see <>. +For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. -Before using Sendmail, the default MTA has to be switched from Postfix. For more information how to switch the default MTA refer to <>. +Before using Sendmail, the default MTA has to be switched from Postfix. For more information how to switch the default MTA refer to xref:Mail_Servers.adoc#s1-email-mta[Mail Transport Agents]. The Sendmail executable is `sendmail`. @@ -356,7 +356,7 @@ Sendmail's lengthy and detailed configuration file is `/etc/mail/sendmail.cf`. A + All other generated files in `/etc/mail` (db files) will be regenerated if needed. The old makemap commands are still usable. The make command is automatically used whenever you start or restart the `sendmail` service. -More information on configuring Sendmail can be found in <>. +More information on configuring Sendmail can be found in xref:Mail_Servers.adoc#s3-email-mta-sendmail-changes[Common Sendmail Configuration Changes]. Various Sendmail configuration files are installed in the `/etc/mail/` directory including: @@ -514,7 +514,7 @@ Message header analysis allows you to reject mail based on header contents. `SMT The above examples only represent a small part of what Sendmail can do in terms of allowing or blocking access. See the `/usr/share/sendmail-cf/README` file for more information and examples. -Since Sendmail calls the Procmail MDA when delivering mail, it is also possible to use a spam filtering program, such as SpamAssassin, to identify and file spam for users. See <> for more information about using SpamAssassin. +Since Sendmail calls the Procmail MDA when delivering mail, it is also possible to use a spam filtering program, such as SpamAssassin, to identify and file spam for users. See xref:Mail_Servers.adoc#s3-email-mda-spam[Spam Filters] for more information about using SpamAssassin. [[s3-email-mta-sendmail-ldap]] ====== Using Sendmail with LDAP @@ -541,9 +541,9 @@ Consult `/usr/share/sendmail-cf/README` for detailed `LDAP` routing configuratio ==== -Next, recreate the `/etc/mail/sendmail.cf` file by running the [command]#m4# macro processor and again restarting Sendmail. See <> for instructions. +Next, recreate the `/etc/mail/sendmail.cf` file by running the [command]#m4# macro processor and again restarting Sendmail. See xref:Mail_Servers.adoc#s3-email-mta-sendmail-changes[Common Sendmail Configuration Changes] for instructions. -For more information on `LDAP`, see <>. +For more information on `LDAP`, see xref:Directory_Servers.adoc#s1-OpenLDAP[OpenLDAP]. [[s2-email-mta-fetchmail]] ===== Fetchmail @@ -561,7 +561,7 @@ In order to use [application]*Fetchmail*, first ensure the [package]*fetchmail* ~]#{nbsp}dnf install fetchmail ---- -For more information on installing packages with DNF, see <>. +For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== @@ -781,7 +781,7 @@ A comprehensive explanation of all environments variables, and their default val [[s2-email-procmail-recipes]] ===== Procmail Recipes indexterm:[Procmail,recipes] -New users often find the construction of recipes the most difficult part of learning to use Procmail. This difficulty is often attributed to recipes matching messages by using _regular expressions_ which are used to specify qualifications for string matching. However, regular expressions are not very difficult to construct and even less difficult to understand when read. Additionally, the consistency of the way Procmail recipes are written, regardless of regular expressions, makes it easy to learn by example. To see example Procmail recipes, see <>. +New users often find the construction of recipes the most difficult part of learning to use Procmail. This difficulty is often attributed to recipes matching messages by using _regular expressions_ which are used to specify qualifications for string matching. However, regular expressions are not very difficult to construct and even less difficult to understand when read. Additionally, the consistency of the way Procmail recipes are written, regardless of regular expressions, makes it easy to learn by example. To see example Procmail recipes, see xref:Mail_Servers.adoc#s3-email-procmail-recipes-examples[Recipe Examples]. Procmail recipes take the following form: @@ -799,7 +799,7 @@ The first two characters in a Procmail recipe are a colon and a zero. Various fl A recipe can contain several conditions to match against the message. If it has no conditions, every message matches the recipe. Regular expressions are placed in some conditions to facilitate message matching. If multiple conditions are used, they must all match for the action to be performed. Conditions are checked based on the flags set in the recipe's first line. Optional special characters placed after the asterisk character ([command]#*#) can further control the condition. -The [command]#pass:attributes[{blank}]_action-to-perform_pass:attributes[{blank}]# argument specifies the action taken when the message matches one of the conditions. There can only be one action per recipe. In many cases, the name of a mailbox is used here to direct matching messages into that file, effectively sorting the email. Special action characters may also be used before the action is specified. See <> for more information. +The [command]#pass:attributes[{blank}]_action-to-perform_pass:attributes[{blank}]# argument specifies the action taken when the message matches one of the conditions. There can only be one action per recipe. In many cases, the name of a mailbox is used here to direct matching messages into that file, effectively sorting the email. Special action characters may also be used before the action is specified. See xref:Mail_Servers.adoc#s3-email-procmail-recipes-special[Special Conditions and Actions] for more information. [[s2-email-procmail-recipes-delivering]] ====== Delivering vs. Non-Delivering Recipes @@ -925,7 +925,7 @@ tuxlug Any messages sent from the `tux-lug@domain.com` mailing list are placed in the `tuxlug` mailbox automatically for the MUA. Note that the condition in this example matches the message if it has the mailing list's email address on the `From`, `Cc`, or `To` lines. -Consult the many Procmail online resources available in <> for more detailed and powerful recipes. +Consult the many Procmail online resources available in xref:Mail_Servers.adoc#s1-email-additional-resources[Additional Resources] for more detailed and powerful recipes. [[s3-email-mda-spam]] ====== Spam Filters @@ -947,7 +947,7 @@ In order to use [application]*SpamAssassin*, first ensure the [package]*spamassa ~]#{nbsp}dnf install spamassassin ---- -For more information on installing packages with DNF, see <>. +For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== @@ -990,7 +990,7 @@ To start the SpamAssassin daemon when the system is booted, run: [command]#systemctl enable spamassassin.service# ---- -See <> for more information on how to configure services in {MAJOROS}. +See xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. To configure Procmail to use the SpamAssassin client application instead of the Perl script, place the following line near the top of the `~/.procmailrc` file. For a system-wide configuration, place it in `/etc/procmailrc`: @@ -1072,7 +1072,7 @@ In order to use [command]#stunnel#, first ensure the [package]*stunnel* package ~]#{nbsp}dnf install stunnel ---- -For more information on installing packages with DNF, see <>. +For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== diff --git a/en-US/servers/OpenLDAP.adoc b/en-US/servers/OpenLDAP.adoc index 16e4a28..2f3a5df 100644 --- a/en-US/servers/OpenLDAP.adoc +++ b/en-US/servers/OpenLDAP.adoc @@ -72,11 +72,11 @@ OpenLDAP suite provides a number of important features: indexterm:[OpenLDAP,configuration,overview] The typical steps to set up an LDAP server on {MAJOROS} are as follows: -. Install the OpenLDAP suite. See <> for more information on required packages. +. Install the OpenLDAP suite. See xref:Directory_Servers.adoc#s2-ldap-installation[Installing the OpenLDAP Suite] for more information on required packages. -. Customize the configuration as described in <>. +. Customize the configuration as described in xref:Directory_Servers.adoc#s2-ldap-configuration[Configuring an OpenLDAP Server]. -. Start the `slapd` service as described in <>. +. Start the `slapd` service as described in xref:Directory_Servers.adoc#s2-ldap-running[Running an OpenLDAP Server]. . Use the [command]#ldapadd# utility to add entries to the LDAP directory. @@ -125,7 +125,7 @@ For example, to perform the basic LDAP server installation, type the following a ~]#{nbsp}dnf install openldap openldap-clients openldap-servers ---- -Note that you must have superuser privileges (that is, you must be logged in as `root`) to run this command. For more information on how to install new packages in {MAJOROS}, see <>. +Note that you must have superuser privileges (that is, you must be logged in as `root`) to run this command. For more information on how to install new packages in {MAJOROS}, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. [[s3-ldap-packages-openldap-servers]] ====== Overview of OpenLDAP Server Utilities @@ -149,7 +149,7 @@ To perform administrative tasks, the [package]*openldap-servers* package install |[command]#slaptest#|Allows you to check the LDAP server configuration. |=== -For a detailed description of these utilities and their usage, see the corresponding manual pages as referred to in <>. +For a detailed description of these utilities and their usage, see the corresponding manual pages as referred to in xref:Directory_Servers.adoc#bh-Installed_Documentation_OpenLDAP[Installed Documentation]. .Make sure the files have correct owner [IMPORTANT] @@ -175,7 +175,7 @@ To preserve the data integrity, stop the `slapd` service before using [command]# ~]#{nbsp}systemctl stop slapd.service ---- -For more information on how to start, stop, restart, and check the current status of the `slapd` service, see <>. +For more information on how to start, stop, restart, and check the current status of the `slapd` service, see xref:Directory_Servers.adoc#s2-ldap-running[Running an OpenLDAP Server]. ==== @@ -233,7 +233,7 @@ Note that OpenLDAP no longer reads its configuration from the `/etc/openldap/sla ~]#{nbsp}slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ ---- -The `slapd` configuration consists of LDIF entries organized in a hierarchical directory structure, and the recommended way to edit these entries is to use the server utilities described in <>. +The `slapd` configuration consists of LDIF entries organized in a hierarchical directory structure, and the recommended way to edit these entries is to use the server utilities described in xref:Directory_Servers.adoc#s3-ldap-packages-openldap-servers[Overview of OpenLDAP Server Utilities]. .Do not edit LDIF files directly [IMPORTANT] @@ -255,7 +255,7 @@ indexterm:[OpenLDAP,directives,olcAllows] [option]`olcAllows`:: The [option]`olcAllows`: _feature_pass:attributes[{blank}]… ---- -It accepts a space-separated list of features as described in <>. The default option is [option]`bind_v2`. +It accepts a space-separated list of features as described in xref:Directory_Servers.adoc#table-ldap-configuration-olcallows[Available olcAllows options]. The default option is [option]`bind_v2`. [[table-ldap-configuration-olcallows]] .Available olcAllows options @@ -327,7 +327,7 @@ indexterm:[OpenLDAP,directives,olcDisallows] [option]`olcDisallows`:: [option]`olcDisallows`: _feature_pass:attributes[{blank}]… ---- -It accepts a space-separated list of features as described in <>. No features are disabled by default. +It accepts a space-separated list of features as described in xref:Directory_Servers.adoc#table-ldap-configuration-olcdisallows[Available olcDisallows options]. No features are disabled by default. [[table-ldap-configuration-olcdisallows]] .Available olcDisallows options @@ -556,7 +556,7 @@ Replace _path_ either with a path to the CA certificate file, or, if you use Moz [option]`olcTLSCACertificatePath`:: The [option]`olcTLSCACertificatePath` directive specifies the path to a directory containing individual CA certificates in separate files. This directory must be specially managed with the OpenSSL [application]*c_rehash* utility that generates symbolic links with the hashed names that point to the actual certificate files. In general, it is simpler to use the [option]`olcTLSCACertificateFile` directive instead. + -If Mozilla NSS is used, [option]`olcTLSCACertificatePath` accepts a path to the Mozilla NSS database (as shown in <>). In such a case, [application]*c_rehash* is not needed. +If Mozilla NSS is used, [option]`olcTLSCACertificatePath` accepts a path to the Mozilla NSS database (as shown in xref:Directory_Servers.adoc#ex-using_olcTLSCACertificatePath_with_Mozilla_NSS[Using olcTLSCACertificatePath with Mozilla NSS]). In such a case, [application]*c_rehash* is not needed. + The directive takes the following form: + @@ -625,7 +625,7 @@ olcTLSCertificateFile pass:quotes[*slapd_cert*] [option]`olcTLSCertificateKeyFile`: _path_ ---- -Replace _path_ with a path to the private key file if you use PEM certificates. When using Mozilla NSS, _path_ stands for the name of a file that contains the password for the key for the certificate specified with the [option]`olcTLSCertificateFile` directive (see <>). +Replace _path_ with a path to the private key file if you use PEM certificates. When using Mozilla NSS, _path_ stands for the name of a file that contains the password for the key for the certificate specified with the [option]`olcTLSCertificateFile` directive (see xref:Directory_Servers.adoc#ex-using_olcTLSCertificateKeyFile_with_Mozilla_NSS[Using olcTLSCertificateKeyFile with Mozilla NSS]). [[ex-using_olcTLSCertificateKeyFile_with_Mozilla_NSS]] .Using olcTLSCertificateKeyFile with Mozilla NSS @@ -681,7 +681,7 @@ Replace _path_ with a path to the client certificate file, or with a name of a c [option]`TLS_KEY`:: The [option]`TLS_KEY` specifies the file that contains the private key that matches the certificate stored in the file specified with the [option]`TLS_CERT` directive. As with [option]`olcTLSCertificateFile` on a server, encrypted key files are not supported, so the file itself must be carefully protected. This option is only configurable in a user's `~/.ldaprc` file. + -When using Mozilla NSS, [option]`TLS_KEY` specifies the name of a file that contains the password for the private key that protects the certificate specified with the [option]`TLS_CERT` directive. Similarly to the [option]`olcTLSCertificateKeyFile` directive on a server (see <>), you can use the [command]#modutil# command to manage this password. +When using Mozilla NSS, [option]`TLS_KEY` specifies the name of a file that contains the password for the private key that protects the certificate specified with the [option]`TLS_CERT` directive. Similarly to the [option]`olcTLSCertificateKeyFile` directive on a server (see xref:Directory_Servers.adoc#ex-using_olcTLSCertificateKeyFile_with_Mozilla_NSS[Using olcTLSCertificateKeyFile with Mozilla NSS]), you can use the [command]#modutil# command to manage this password. + The [option]`TLS_KEY` directive takes the following form: + @@ -695,7 +695,7 @@ Replace _path_ with a path to the client certificate file or with a name of the [[s3-setting_up_replication]] ====== Setting Up Replication indexterm:[OpenLDAP,configuration,TLS]indexterm:[OpenLDAP,directories,/etc/openldap/slapd.d/]indexterm:[OpenLDAP,replication] -Replication is the process of copying updates from one LDAP server (*provider*) to one or more other servers or clients (*consumers*). A provider replicates directory updates to consumers, the received updates can be further propagated by the consumer to other servers, so a consumer can also act simultaneously as a provider. Also, a consumer does not have to be an LDAP server, it may be just an LDAP client. In OpenLDAP, you can use several replication modes, most notable are *mirror* and *sync*. For more information on OpenLDAP replication modes, see the *OpenLDAP Software Administrator's Guide* installed with [package]*openldap-servers* package (see <>). +Replication is the process of copying updates from one LDAP server (*provider*) to one or more other servers or clients (*consumers*). A provider replicates directory updates to consumers, the received updates can be further propagated by the consumer to other servers, so a consumer can also act simultaneously as a provider. Also, a consumer does not have to be an LDAP server, it may be just an LDAP client. In OpenLDAP, you can use several replication modes, most notable are *mirror* and *sync*. For more information on OpenLDAP replication modes, see the *OpenLDAP Software Administrator's Guide* installed with [package]*openldap-servers* package (see xref:Directory_Servers.adoc#bh-Installed_Documentation_OpenLDAP[Installed Documentation]). To enable a chosen replication mode, use one of the following directives in `/etc/openldap/slapd.d/` on both provider and consumers. @@ -706,7 +706,7 @@ To enable a chosen replication mode, use one of the following directives in `/et [option]`olcMirrorMode` [option]`on` ---- -This option needs to be specified both on provider and consumers. Also a [option]`serverID` must be specified along with [option]`syncrepl` options. Find a detailed example in the *18.3.4. MirrorMode* section of the *OpenLDAP Software Administrator's Guide* (see <>). +This option needs to be specified both on provider and consumers. Also a [option]`serverID` must be specified along with [option]`syncrepl` options. Find a detailed example in the *18.3.4. MirrorMode* section of the *OpenLDAP Software Administrator's Guide* (see xref:Directory_Servers.adoc#bh-Installed_Documentation_OpenLDAP[Installed Documentation]). [option]`olcSyncrepl`:: The [option]`olcSyncrepl` directive enables the sync replication mode. It takes the following form: @@ -715,7 +715,7 @@ This option needs to be specified both on provider and consumers. Also a [option [option]`olcSyncrepl` [option]`on` ---- -The sync replication mode requires a specific configuration on both the provider and the consumers. This configuration is thoroughly described in the *18.3.1. Syncrepl* section of the *OpenLDAP Software Administrator's Guide* (see <>). +The sync replication mode requires a specific configuration on both the provider and the consumers. This configuration is thoroughly described in the *18.3.1. Syncrepl* section of the *OpenLDAP Software Administrator's Guide* (see xref:Directory_Servers.adoc#bh-Installed_Documentation_OpenLDAP[Installed Documentation]). [[s3-loading_modules_or_backends]] ====== Loading Modules and Backends @@ -765,7 +765,7 @@ The [option]`-P` option makes this setting persistent across system reboots. See [[s2-ldap-running]] ===== Running an OpenLDAP Server indexterm:[slapd,OpenLDAP] -This section describes how to start, stop, restart, and check the current status of the [application]*Standalone LDAP Daemon*. For more information on how to manage system services in general, see <>. +This section describes how to start, stop, restart, and check the current status of the [application]*Standalone LDAP Daemon*. For more information on how to manage system services in general, see xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. [[s3-ldap-running-starting]] ====== Starting the Service @@ -784,7 +784,7 @@ To configure the service to start automatically at the boot time, use the follow ~]#{nbsp}systemctl enable slapd.service ---- -See <> for more information on how to configure services in {MAJOROS}. +See xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. [[s3-ldap-running-stopping]] ====== Stopping the Service @@ -804,7 +804,7 @@ To prevent the service from starting automatically at the boot time, type as `ro rm '/etc/systemd/system/multi-user.target.wants/slapd.service' ---- -See <> for more information on how to configure services in {MAJOROS}. +See xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. [[s3-ldap-running-restarting]] ====== Restarting the Service @@ -832,7 +832,7 @@ active [[s2-ldap-pam]] ===== Configuring a System to Authenticate Using OpenLDAP -In order to configure a system to authenticate using OpenLDAP, make sure that the appropriate packages are installed on both LDAP server and client machines. For information on how to set up the server, follow the instructions in <> and <>. On a client, type the following at a shell prompt as `root`: +In order to configure a system to authenticate using OpenLDAP, make sure that the appropriate packages are installed on both LDAP server and client machines. For information on how to set up the server, follow the instructions in xref:Directory_Servers.adoc#s2-ldap-installation[Installing the OpenLDAP Suite] and xref:Directory_Servers.adoc#s2-ldap-configuration[Configuring an OpenLDAP Server]. On a client, type the following at a shell prompt as `root`: [subs="attributes"] ---- @@ -867,7 +867,7 @@ Alternatively, you can specify the environment variables directly on the command /usr/share/migrationtools/migrate_all_online.sh ---- -To decide which script to run in order to migrate the user database, see <>. +To decide which script to run in order to migrate the user database, see xref:Directory_Servers.adoc#table-ldap-migrationtools[Commonly used LDAP migration scripts]. [[table-ldap-migrationtools]] .Commonly used LDAP migration scripts diff --git a/en-US/servers/Printer_Configuration.adoc b/en-US/servers/Printer_Configuration.adoc index 6a5d4db..6ca0023 100644 --- a/en-US/servers/Printer_Configuration.adoc +++ b/en-US/servers/Printer_Configuration.adoc @@ -21,7 +21,7 @@ With the [application]*Printers* configuration tool you can perform various oper To start the [application]*Printers* configuration tool if using the GNOME desktop, press the kbd:[Super] key to enter the Activities Overview, type [command]#Printers#, and then press kbd:[Enter]. The [application]*Printers* configuration tool appears. The kbd:[Super] key appears in a variety of guises, depending on the keyboard and other hardware, but often as either the Windows or Command key, and typically to the left of the kbd:[Spacebar]. -The `Printers` window depicted in <> appears. +The `Printers` window depicted in xref:File_and_Print_Servers.adoc#fig-printconf-main[Printers Configuration window] appears. [[fig-printconf-main]] .Printers Configuration window @@ -39,7 +39,7 @@ If you are setting up a local printer connected with USB, the printer is discove Follow this procedure to start a manual printer setup: -. Start the Printers configuration tool (refer to <>). +. Start the Printers configuration tool (refer to xref:File_and_Print_Servers.adoc#sec-Starting_Printer_Config[Starting the Printers Configuration Tool]). . Select `Unlock` to enable changes to be made. In the `Authentication Required` box, type an administrator or the `root` user password and confirm. @@ -52,7 +52,7 @@ Follow this procedure to add a local printer connected with other than a serial [[proc-Adding_Other_Printer]] -. Open the `Add a New Printer` dialog (refer to <>). +. Open the `Add a New Printer` dialog (refer to xref:File_and_Print_Servers.adoc#sec-Setting_Printer[Starting Printer Setup]). . If the device does not appear automatically, select the port to which the printer is connected in the list on the left (such as `Serial Port #1` or `LPT #1`). @@ -74,7 +74,7 @@ image::print_conf_window.png[Adding a local printer] . Click btn:[Forward]. -. Select the printer model. See <> for details. +. Select the printer model. See xref:File_and_Print_Servers.adoc#s1-printing-select-model[Selecting the Printer Model and Finishing] for details. [[s1-printing-jetdirect-printer]] ===== Adding an AppSocket/HP JetDirect printer @@ -83,7 +83,7 @@ Follow this procedure to add an AppSocket/HP JetDirect printer: [[proc-Adding_JetDirect_Printer]] -. Open the `Add a New Printer` dialog (refer to <>). +. Open the `Add a New Printer` dialog (refer to xref:File_and_Print_Servers.adoc#sec-Starting_Printer_Config[Starting the Printers Configuration Tool]). . In the list on the left, select menu:Network Printer[pass:attributes[{blank}]`AppSocket/HP JetDirect`pass:attributes[{blank}]]. @@ -100,7 +100,7 @@ image::printconf-jetdirect.png[Adding a JetDirect Printer] . Click btn:[Forward]. -. Select the printer model. See <> for details. +. Select the printer model. See xref:File_and_Print_Servers.adoc#s1-printing-select-model[Selecting the Printer Model and Finishing] for details. [[s1-printing-ipp-printer]] ===== Adding an IPP Printer @@ -113,7 +113,7 @@ If a firewall is enabled on the printer server, then the firewall must be config Follow this procedure to add an `IPP` printer: -. Open the `Printers` dialog (refer to <>). +. Open the `Printers` dialog (refer to xref:File_and_Print_Servers.adoc#sec-Setting_Printer[Starting Printer Setup]). . In the list of devices on the left, select Network Printer and `Internet Printing Protocol (ipp)` or `Internet Printing Protocol (https)`. @@ -132,7 +132,7 @@ image::printconf-ipp.png[Networked IPP Printer] . Click btn:[Forward] to continue. -. Select the printer model. See <> for details. +. Select the printer model. See xref:File_and_Print_Servers.adoc#s1-printing-select-model[Selecting the Printer Model and Finishing] for details. [[sec-printing-LPDLPR-printer]] ===== Adding an LPD/LPR Host or Printer @@ -142,7 +142,7 @@ indexterm:[Printer Configuration,LDP/LPR Printers] Follow this procedure to add an LPD/LPR host or printer: -. Open the `New Printer` dialog (refer to <>). +. Open the `New Printer` dialog (refer to xref:File_and_Print_Servers.adoc#sec-Setting_Printer[Starting Printer Setup]). . In the list of devices on the left, select menu:Network Printer[pass:attributes[{blank}]`LPD/LPR Host or Printer`pass:attributes[{blank}]]. @@ -161,7 +161,7 @@ image::printconf-lpd.png[Adding an LPD/LPR Printer] . Click btn:[Forward] to continue. -. Select the printer model. See <> for details. +. Select the printer model. See xref:File_and_Print_Servers.adoc#s1-printing-select-model[Selecting the Printer Model and Finishing] for details. [[s1-printing-smb-printer]] ===== Adding a Samba (SMB) printer @@ -182,15 +182,15 @@ Note that in order to add a Samba printer, you need to have the [package]*samba- [command]#dnf install samba-client# ---- -For more information on installing packages with DNF, refer to <>. +For more information on installing packages with DNF, refer to xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== -. Open the `New Printer` dialog (refer to <>). +. Open the `New Printer` dialog (refer to xref:File_and_Print_Servers.adoc#sec-Setting_Printer[Starting Printer Setup]). . In the list on the left, select menu:Network Printer[pass:attributes[{blank}]`Windows Printer via SAMBA`pass:attributes[{blank}]]. -. Enter the SMB address in the `smb://` field. Use the format _computer name/printer share_. In <>, the _computer name_ is [command]#dellbox# and the _printer share_ is [command]#r2#. +. Enter the SMB address in the `smb://` field. Use the format _computer name/printer share_. In xref:File_and_Print_Servers.adoc#fig-printconf-smb[Adding a SMB printer], the _computer name_ is [command]#dellbox# and the _printer share_ is [command]#r2#. [[fig-printconf-smb]] .Adding a SMB printer @@ -223,7 +223,7 @@ If there are files shared on the Samba print server, it is recommended that they . Click btn:[Forward]. -. Select the printer model. See <> for details. +. Select the printer model. See xref:File_and_Print_Servers.adoc#s1-printing-select-model[Selecting the Printer Model and Finishing] for details. [[s1-printing-select-model]] ===== Selecting the Printer Model and Finishing @@ -257,7 +257,7 @@ image::printconf-select-model.png[Selecting a printer brand from the printer dat . Click btn:[Forward] to continue. -. If applicable for your option, window shown in <> appears. Choose the corresponding model in the `Models` column on the left. +. If applicable for your option, window shown in xref:File_and_Print_Servers.adoc#fig-printconf-select-driver[Selecting a printer model] appears. Choose the corresponding model in the `Models` column on the left. .Selecting a printer driver [NOTE] @@ -283,7 +283,7 @@ image::printconf-add-printer.png[Printer Setup] . Click btn:[Apply] to confirm your printer configuration and add the print queue if the settings are correct. Click btn:[Back] to modify the printer configuration. -. After the changes are applied, a dialog box appears allowing you to print a test page. Click btn:[Print Test Page] to print a test page now. Alternatively, you can print a test page later as described in <>. +. After the changes are applied, a dialog box appears allowing you to print a test page. Click btn:[Print Test Page] to print a test page now. Alternatively, you can print a test page later as described in xref:File_and_Print_Servers.adoc#s1-printing-test-page[Printing a Test Page]. [[s1-printing-test-page]] ===== Printing a Test Page @@ -429,7 +429,7 @@ Ben-62 root 1024 Tue 08 Feb 2011 16:45:42 GMT ==== -If you want to cancel a print job, find the job number of the request with the command [command]#lpstat -o# and then use the command [command]#cancel _job number_pass:attributes[{blank}]#. For example, [command]#cancel 60# would cancel the print job in <>. You cannot cancel print jobs that were started by other users with the [command]#cancel# command. However, you can enforce deletion of such job by issuing the [command]#cancel -U root _job_number_pass:attributes[{blank}]# command. To prevent such canceling, change the printer operation policy to `Authenticated` to force `root` authentication. +If you want to cancel a print job, find the job number of the request with the command [command]#lpstat -o# and then use the command [command]#cancel _job number_pass:attributes[{blank}]#. For example, [command]#cancel 60# would cancel the print job in xref:File_and_Print_Servers.adoc#lpq-example[Example of [command]#lpstat -o# output]. You cannot cancel print jobs that were started by other users with the [command]#cancel# command. However, you can enforce deletion of such job by issuing the [command]#cancel -U root _job_number_pass:attributes[{blank}]# command. To prevent such canceling, change the printer operation policy to `Authenticated` to force `root` authentication. You can also print a file directly from a shell prompt. For example, the command [command]#lp sample.txt# prints the text file `sample.txt`. The print filter determines what type of file it is and converts it into a format the printer can understand. diff --git a/en-US/servers/Samba.adoc b/en-US/servers/Samba.adoc index fb3c2f3..110caaa 100644 --- a/en-US/servers/Samba.adoc +++ b/en-US/servers/Samba.adoc @@ -15,7 +15,7 @@ In order to use [application]*Samba*, first ensure the [package]*samba* package ~]#{nbsp}dnf install samba ---- -For more information on installing packages with DNF, see <>. +For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== @@ -72,7 +72,7 @@ The `winbind` daemon is controlled by the `winbind` service and does not require [NOTE] ==== -See <> for a list of utilities included in the Samba distribution. +See xref:File_and_Print_Servers.adoc#sect-Samba_Distribution_Programs[Samba Distribution Programs] for a list of utilities included in the Samba distribution. ==== @@ -147,7 +147,7 @@ The [application]*mount.cifs* utility is a separate RPM (independent from Samba) ~]#{nbsp}dnf install cifs-utils ---- -For more information on installing packages with DNF, see <>. +For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. Note that the [package]*cifs-utils* package also contains the [application]*cifs.upcall* binary called by the kernel in order to perform kerberized CIFS mounts. For more information on [application]*cifs.upcall*, see the *cifs.upcall*(8) manual page. @@ -296,7 +296,7 @@ By default, the `smb` service does *not* start automatically at boot time. To co ~]#{nbsp}systemctl enable smb.service ---- -See <> for more information regarding this tool. +See xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information regarding this tool. [[sect-Samba-Server_Types_and_the_smb.conf_File]] ===== Samba Server Types and the `smb.conf` File @@ -308,7 +308,7 @@ The following sections describe the different ways a Samba server can be configu [[sect-Samba-Standalone_Server]] ====== Stand-alone Server indexterm:[Samba,server types,Stand Alone] -A stand-alone server can be a workgroup server or a member of a workgroup environment. A stand-alone server is not a domain controller and does not participate in a domain in any way. The following examples include several user-level security configurations. For more information on security modes, see <>. +A stand-alone server can be a workgroup server or a member of a workgroup environment. A stand-alone server is not a domain controller and does not participate in a domain in any way. The following examples include several user-level security configurations. For more information on security modes, see xref:File_and_Print_Servers.adoc#sect-Samba-Security_Modes[Samba Security Modes]. .Anonymous Read-Onlyindexterm:[Samba,smb.conf,Anonymous Read Only example] The following `/etc/samba/smb.conf` file shows a sample configuration needed to implement anonymous read-only file sharing. Two directives are used to configure anonymous access – `map to guest = Bad user` and `guest account = nobody`. @@ -575,7 +575,7 @@ Samba cannot exist in a mixed Samba/Windows domain controller environment (Samba ==== .Primary Domain Controller (PDC) Using `tdbsam`pass:attributes[{blank}]indexterm:[Samba,smb.conf,PDC using tdbsam] -The simplest and most common implementation of a Samba PDC uses the new default `tdbsam` password database back end. Replacing the aging `smbpasswd` back end, `tdbsam` has numerous improvements that are explained in more detail in <>. The `passdb backend` directive controls which back end is to be used for the PDC. +The simplest and most common implementation of a Samba PDC uses the new default `tdbsam` password database back end. Replacing the aging `smbpasswd` back end, `tdbsam` has numerous improvements that are explained in more detail in xref:File_and_Print_Servers.adoc#sect-Samba-Account_Information-Databases[Samba Account Information Databases]. The `passdb backend` directive controls which back end is to be used for the PDC. The following `/etc/samba/smb.conf` file shows a sample configuration needed to implement a `tdbsam` password database back end. @@ -637,7 +637,7 @@ To provide a functional PDC system which uses `tdbsam` follow these steps: [[proc-Samba_Domain_Controller-PDC_Using_tdbsam]] -. Adjust the `smb.conf` configuration file as shown in <>. +. Adjust the `smb.conf` configuration file as shown in xref:File_and_Print_Servers.adoc#exam-Samba_Domain_Controller-PDC_Using_tdbsam[An Example Configuration of Primary Domain Controller (PDC) Using `tdbsam`]. . Add the `root` user to the Samba password database. You will be prompted to provide a new Samba password for the `root` user: + @@ -783,7 +783,7 @@ password server = kerberos.example.com [[sect-Samba_Security_Modes-Share_Level]] ====== Share-Level Security indexterm:[Samba,Security Modes,Share-Level Security] -With share-level security, the server accepts only a password without an explicit user name from the client. The server expects a password for each share, independent of the user name. There have been recent reports that Microsoft Windows clients have compatibility issues with share-level security servers. This mode is deprecated and has been removed from Samba. Configurations containing `security = share` should be updated to use user-level security. Follow the steps in <> to avoid using the `security = share` directive. +With share-level security, the server accepts only a password without an explicit user name from the client. The server expects a password for each share, independent of the user name. There have been recent reports that Microsoft Windows clients have compatibility issues with share-level security servers. This mode is deprecated and has been removed from Samba. Configurations containing `security = share` should be updated to use user-level security. Follow the steps in xref:File_and_Print_Servers.adoc#proc-Samba_Security_Modes-Samba_Guest_Shares[Configuring Samba Guest Shares] to avoid using the `security = share` directive. [[sect-Samba-Account_Information-Databases]] ===== Samba Account Information Databases @@ -801,11 +801,11 @@ Plain Text:: Plain text back ends are nothing more than the `/etc/passwd` type + The `tdbsam` back end is recommended for 250 users at most. Larger organizations should require Active Directory or LDAP integration due to scalability and possible network infrastructure concerns. -`ldapsam`:: The `ldapsam` back end provides an optimal distributed account installation method for Samba. LDAP is optimal because of its ability to replicate its database to any number of servers such as the [application]*Red{nbsp}Hat Directory Server* or an [application]*OpenLDAP Server*. LDAP databases are light-weight and scalable, and as such are preferred by large enterprises. Installation and configuration of directory servers is beyond the scope of this chapter. For more information on the [application]*Red{nbsp}Hat Directory Server*, see the [citetitle]_link:++https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/deployment_guide/index++[Red Hat Directory Server 10 Deployment Guide]_. For more information on LDAP, see <>. +`ldapsam`:: The `ldapsam` back end provides an optimal distributed account installation method for Samba. LDAP is optimal because of its ability to replicate its database to any number of servers such as the [application]*Red{nbsp}Hat Directory Server* or an [application]*OpenLDAP Server*. LDAP databases are light-weight and scalable, and as such are preferred by large enterprises. Installation and configuration of directory servers is beyond the scope of this chapter. For more information on the [application]*Red{nbsp}Hat Directory Server*, see the [citetitle]_link:++https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/deployment_guide/index++[Red Hat Directory Server 10 Deployment Guide]_. For more information on LDAP, see xref:Directory_Servers.adoc#s1-OpenLDAP[OpenLDAP]. + If you are upgrading from a previous version of Samba to 3.0, note that the OpenLDAP schema file (`/usr/share/doc/samba-_version_pass:attributes[{blank}]/LDAP/samba.schema`) and the Red{nbsp}Hat Directory Server schema file (`/usr/share/doc/samba-_version_pass:attributes[{blank}]/LDAP/samba-schema-FDS.ldif`) have changed. These files contain the _attribute syntax definitions_ and _objectclass definitions_ that the `ldapsam` back end needs in order to function properly. + -As such, if you are using the `ldapsam` back end for your Samba server, you will need to configure `slapd` to include one of these schema file. See <> for directions on how to do this. +As such, if you are using the `ldapsam` back end for your Samba server, you will need to configure `slapd` to include one of these schema file. See xref:Directory_Servers.adoc#s3-ldap-configuration-schema[Extending Schema] for directions on how to do this. + .Make sure the openldap-servers package is installed [NOTE] @@ -833,7 +833,7 @@ A domain master browser collates the browse lists from local master browsers on indexterm:[Samba,Network Browsing,Domain Browsing] By default, a Windows server PDC for a domain is also the domain master browser for that domain. A Samba server must *not* be set up as a domain master server in this type of situation. -For subnets that do not include the Windows server PDC, a Samba server can be implemented as a local master browser. Configuring the `/etc/samba/smb.conf` file for a local master browser (or no browsing at all) in a domain controller environment is the same as workgroup configuration (see <>). +For subnets that do not include the Windows server PDC, a Samba server can be implemented as a local master browser. Configuring the `/etc/samba/smb.conf` file for a local master browser (or no browsing at all) in a domain controller environment is the same as workgroup configuration (see xref:File_and_Print_Servers.adoc#sect-Samba-Configuring_a_Samba_Server[Configuring a Samba Server]). [[sect-Samba-WINS]] ====== WINS (Windows Internet Name Server) diff --git a/en-US/servers/The_Apache_HTTP_Server.adoc b/en-US/servers/The_Apache_HTTP_Server.adoc index ee2dfbf..be9b680 100644 --- a/en-US/servers/The_Apache_HTTP_Server.adoc +++ b/en-US/servers/The_Apache_HTTP_Server.adoc @@ -59,7 +59,7 @@ Some additional configuration files are provided by the [package]*httpd* package ** `/etc/httpd/conf.d/welcome.conf` — As in previous releases, this configures the welcome page displayed for `http://localhost/` when no content is present. -Default Configuration:: A minimal `httpd.conf` file is now provided by default. Many common configuration settings, such as `Timeout` or `KeepAlive` are no longer explicitly configured in the default configuration; hard-coded settings will be used instead, by default. The hard-coded default settings for all configuration directives are specified in the manual. See <> for more information. +Default Configuration:: A minimal `httpd.conf` file is now provided by default. Many common configuration settings, such as `Timeout` or `KeepAlive` are no longer explicitly configured in the default configuration; hard-coded settings will be used instead, by default. The hard-coded default settings for all configuration directives are specified in the manual. See xref:Web_Servers.adoc#bh-The_Apache_HTTP_Server-Installable_Documentation[Installable Documentationindexterm:[Apache HTTP Server,additional resources,installable documentation]] for more information. Incompatible Syntax Changes:: If migrating an existing configuration from [application]*httpd 2.2* to [application]*httpd 2.4*, a number of backwards-incompatible changes to the `httpd` configuration syntax were made which will require changes. See the following Apache document for more information on upgrading link:++http://httpd.apache.org/docs/2.4/upgrading.html++[] @@ -131,7 +131,7 @@ This section describes how to start, stop, restart, and check the current status For more information on the concept of targets and how to manage system services in {MAJOROS} in general, see //link to systemd section when ready - <>. + xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. [[s3-apache-running-starting]] ====== Starting the Service @@ -223,7 +223,7 @@ active [[s2-apache-editing]] ===== Editing the Configuration Files -When the `httpd` service is started, by default, it reads the configuration from locations that are listed in <>. +When the `httpd` service is started, by default, it reads the configuration from locations that are listed in xref:Web_Servers.adoc#table-apache-editing-files[The httpd service configuration files]. [[table-apache-editing-files]] .The httpd service configuration files @@ -237,7 +237,7 @@ When the `httpd` service is started, by default, it reads the configuration from `/etc/httpd/conf.d/`|An auxiliary directory for configuration files that are included in the main configuration file. |=== -Although the default configuration should be suitable for most situations, it is a good idea to become at least familiar with some of the more important configuration options. Note that for any changes to take effect, the web server has to be restarted first. See <> for more information on how to restart the `httpd` service. +Although the default configuration should be suitable for most situations, it is a good idea to become at least familiar with some of the more important configuration options. Note that for any changes to take effect, the web server has to be restarted first. See xref:Web_Servers.adoc#s3-apache-running-restarting[Restarting the Service] for more information on how to restart the `httpd` service. indexterm:[Apache HTTP Server,checking configuration] To check the configuration for possible errors, type the following at a shell prompt: @@ -397,7 +397,7 @@ indexterm:[Apache HTTP Server,directives,] [option]`>. +The _address_ can be an IP address, a fully qualified domain name, or a special form as described in xref:Web_Servers.adoc#table-apache-httpdconf-virtualhost[Available options]. [[table-apache-httpdconf-virtualhost]] .Available options @@ -704,7 +704,7 @@ The [option]`AllowOverride` directive allows you to specify which directives in AllowOverride _type_pass:attributes[{blank}]… ---- -The _type_ has to be one of the available grouping options as described in <>. +The _type_ has to be one of the available grouping options as described in xref:Web_Servers.adoc#table-apache-httpdconf-allowoverride[Available AllowOverride options]. [[table-apache-httpdconf-allowoverride]] .Available AllowOverride options @@ -801,7 +801,7 @@ indexterm:[Apache HTTP Server,directives,CacheEnable] [option]`CacheE CacheEnable _type_ _url_ ---- -The _type_ has to be a valid cache type as described in <>. The _url_ can be a path relative to the directory specified by the [option]`DocumentRoot` directive (for example, `/images/`), a protocol (for example, `ftp://`), or an external URL such as `http://example.com/`. +The _type_ has to be a valid cache type as described in xref:Web_Servers.adoc#table-apache-httpdconf-cacheenable[Available cache types]. The _url_ can be a path relative to the directory specified by the [option]`DocumentRoot` directive (for example, `/images/`), a protocol (for example, `ftp://`), or an external URL such as `http://example.com/`. [[table-apache-httpdconf-cacheenable]] .Available cache types @@ -872,7 +872,7 @@ indexterm:[Apache HTTP Server,directives,CacheNegotiatedDocs] [option CacheNegotiatedDocs _option_ ---- -The _option_ has to be a valid keyword as described in <>. Since the content-negotiated documents may change over time or because of the input from the requester, the default option is [option]`Off`. +The _option_ has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-cachenegotiateddocs[Available CacheNegotiatedDocs options]. Since the content-negotiated documents may change over time or because of the input from the requester, the default option is [option]`Off`. [[table-apache-httpdconf-cachenegotiateddocs]] .Available CacheNegotiatedDocs options @@ -1079,7 +1079,7 @@ indexterm:[Apache HTTP Server,directives,ExtendedStatus] [option]`Ext ExtendedStatus _option_ ---- -The _option_ has to be a valid keyword as described in <>. The default option is [option]`Off`. +The _option_ has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-extendedstatus[Available ExtendedStatus options]. The default option is [option]`Off`. [[table-apache-httpdconf-extendedstatus]] .Available ExtendedStatus options @@ -1151,7 +1151,7 @@ indexterm:[Apache HTTP Server,directives,HostnameLookups] [option]`Ho HostnameLookups _option_ ---- -The _option_ has to be a valid keyword as described in <>. To conserve resources on the server, the default option is [option]`Off`. +The _option_ has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-hostnamelookup[Available HostnameLookups options]. To conserve resources on the server, the default option is [option]`Off`. [[table-apache-httpdconf-hostnamelookup]] .Available HostnameLookups options @@ -1222,7 +1222,7 @@ indexterm:[Apache HTTP Server,directives,IndexOptions] [option]`Index IndexOptions _option_pass:attributes[{blank}]… ---- -The _option_ has to be a valid keyword as described in <>. The default options are [option]`Charset=UTF-8`, [option]`FancyIndexing`, [option]`HTMLTable`, [option]`NameWidth=*`, and [option]`VersionSort`. +The _option_ has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-indexoptions[Available directory listing options]. The default options are [option]`Charset=UTF-8`, [option]`FancyIndexing`, [option]`HTMLTable`, [option]`NameWidth=*`, and [option]`VersionSort`. [[table-apache-httpdconf-indexoptions]] .Available directory listing options @@ -1273,7 +1273,7 @@ indexterm:[Apache HTTP Server,directives,KeepAlive] [option]`KeepAliv KeepAlive _option_ ---- -The _option_ has to be a valid keyword as described in <>. The default option is [option]`Off`. +The _option_ has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-keepalive[Available KeepAlive options]. The default option is [option]`Off`. [[table-apache-httpdconf-keepalive]] .Available KeepAlive options @@ -1371,7 +1371,7 @@ LoadModule _name_ _path_ indexterm:[Apache HTTP Server,directories,/usr/lib/httpd/modules/]indexterm:[Apache HTTP Server,directories,/usr/lib64/httpd/modules/] The _name_ has to be a valid identifier of the required module. The _path_ refers to an existing module file, and must be relative to the directory in which the libraries are placed (that is, `/usr/lib/httpd/` on 32-bit and `/usr/lib64/httpd/` on 64-bit systems by default). -See <> for more information on the Apache HTTP Server's DSO support. +See xref:Web_Servers.adoc#s2-apache-dso[Working with Modules] for more information on the Apache HTTP Server's DSO support. [[example-apache-httpdconf-loadmodule]] .Using the LoadModule directive @@ -1390,7 +1390,7 @@ indexterm:[Apache HTTP Server,directives,LogFormat] [option]`LogForma LogFormat _format_ _name_ ---- -The _format_ is a string consisting of options as described in <>. The _name_ can be used instead of the format string in the [option]`CustomLog` directive. +The _format_ is a string consisting of options as described in xref:Web_Servers.adoc#table-apache-httpdconf-logformat[Common LogFormat options]. The _name_ can be used instead of the format string in the [option]`CustomLog` directive. [[table-apache-httpdconf-logformat]] .Common LogFormat options @@ -1426,7 +1426,7 @@ indexterm:[Apache HTTP Server,directives,LogLevel] [option]`LogLevel` LogLevel _option_ ---- -The _option_ has to be a valid keyword as described in <>. The default option is [option]`warn`. +The _option_ has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-loglevel[Available LogLevel options]. The default option is [option]`warn`. [[table-apache-httpdconf-loglevel]] .Available LogLevel options @@ -1512,7 +1512,7 @@ indexterm:[Apache HTTP Server,directives,Options] [option]`Options`:: Options _option_pass:attributes[{blank}]… ---- -The _option_ has to be a valid keyword as described in <>. +The _option_ has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-options[Available server features]. [[table-apache-httpdconf-options]] .Available server features @@ -1549,7 +1549,7 @@ indexterm:[Apache HTTP Server,directives,Order] [option]`Order`:: Th Order _option_ ---- -The _option_ has to be a valid keyword as described in <>. The default option is [option]`allow,deny`. +The _option_ has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-order[Available Order options]. The default option is [option]`allow,deny`. [[table-apache-httpdconf-order]] .Available Order options @@ -1599,7 +1599,7 @@ indexterm:[Apache HTTP Server,directives,ProxyRequests] [option]`Prox ProxyRequests _option_ ---- -The _option_ has to be a valid keyword as described in <>. The default option is [option]`Off`. +The _option_ has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-proxyrequests[Available ProxyRequests options]. The default option is [option]`Off`. [[table-apache-httpdconf-proxyrequests]] .Available ProxyRequests options @@ -1649,7 +1649,7 @@ indexterm:[Apache HTTP Server,directives,Redirect] [option]`Redirect` Redirect _status_ _path_ _url_ ---- -The _status_ is optional, and if provided, it has to be a valid keyword as described in <>. The _path_ refers to the old location, and must be relative to the directory specified by the [option]`DocumentRoot` directive (for example, `/docs`). The _url_ refers to the current location of the content (for example, `http://docs.example.com`). +The _status_ is optional, and if provided, it has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-redirect[Available status options]. The _path_ refers to the old location, and must be relative to the directory specified by the [option]`DocumentRoot` directive (for example, `/docs`). The _url_ refers to the current location of the content (for example, `http://docs.example.com`). [[table-apache-httpdconf-redirect]] .Available status options @@ -1778,7 +1778,7 @@ indexterm:[Apache HTTP Server,directives,ServerSignature] [option]`Se ServerSignature _option_ ---- -The _option_ has to be a valid keyword as described in <>. The default option is [option]`On`. +The _option_ has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-serversignature[Available ServerSignature options]. The default option is [option]`On`. [[table-apache-httpdconf-serversignature]] .Available ServerSignature options @@ -1809,7 +1809,7 @@ indexterm:[Apache HTTP Server,directives,ServerTokens] [option]`Serve ServerTokens _option_ ---- -The _option_ has to be a valid keyword as described in <>. The default option is [option]`OS`. +The _option_ has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-servertokens[Available ServerTokens options]. The default option is [option]`OS`. [[table-apache-httpdconf-servertokens]] .Available ServerTokens options @@ -1909,7 +1909,7 @@ indexterm:[Apache HTTP Server,directives,UseCanonicalName] [option]`U UseCanonicalName _option_ ---- -The _option_ has to be a valid keyword as described in <>. The default option is [option]`Off`. +The _option_ has to be a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-usecanonicalname[Available UseCanonicalName options]. The default option is [option]`Off`. [[table-apache-httpdconf-usecanonicalname]] .Available UseCanonicalName options @@ -1962,7 +1962,7 @@ indexterm:[Apache HTTP Server,directives,UserDir] [option]`UserDir`:: UserDir _option_ ---- indexterm:[Apache HTTP Server,directories,~/public_html/] -The _option_ can be either a name of the directory to look for in user's home directory (typically [option]`public_html`), or a valid keyword as described in <>. The default option is [option]`disabled`. +The _option_ can be either a name of the directory to look for in user's home directory (typically [option]`public_html`), or a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-userdir[Available UserDir options]. The default option is [option]`disabled`. [[table-apache-httpdconf-userdir]] .Available UserDir options @@ -2013,7 +2013,7 @@ indexterm:[Apache HTTP Server,directives,SetEnvIf] [option]`SetEnvIf` SetEnvIf _option_ _pattern_ !_variable_pass:attributes[{blank}]=pass:attributes[{blank}]_value_pass:attributes[{blank}]… ---- -The _option_ can be either a HTTP header field, a previously defined environment variable name, or a valid keyword as described in <>. The _pattern_ is a regular expression. The _variable_ is an environment variable that is set when the option matches the pattern. If the optional exclamation mark (that is, `!`) is present, the variable is removed instead of being set. +The _option_ can be either a HTTP header field, a previously defined environment variable name, or a valid keyword as described in xref:Web_Servers.adoc#table-apache-sslconf-setenvif[Available SetEnvIf options]. The _pattern_ is a regular expression. The _variable_ is an environment variable that is set when the option matches the pattern. If the optional exclamation mark (that is, `!`) is present, the variable is removed instead of being set. [[table-apache-sslconf-setenvif]] .Available SetEnvIf options @@ -2043,7 +2043,7 @@ SetEnvIf User-Agent ".*MSIE.*" \ ==== -Note that for the `/etc/httpd/conf.d/ssl.conf` file to be present, the [package]*mod_ssl* needs to be installed. See <> for more information on how to install and configure an SSL server. +Note that for the `/etc/httpd/conf.d/ssl.conf` file to be present, the [package]*mod_ssl* needs to be installed. See xref:Web_Servers.adoc#s2-apache-mod_ssl[Setting Up an SSL Server] for more information on how to install and configure an SSL server. [[s3-apache-mpm-common]] ====== Common Multi-Processing Module Directives @@ -2222,7 +2222,7 @@ Being a modular application, the `httpd` service is distributed along with a num [[s3-apache-dso-loading]] ====== Loading a Module indexterm:[Apache HTTP Server,modules,loading] -To load a particular DSO module, use the [option]`LoadModule` directive as described in <>. Note that modules provided by a separate package often have their own configuration file in the `/etc/httpd/conf.d/` directory. +To load a particular DSO module, use the [option]`LoadModule` directive as described in xref:Web_Servers.adoc#s3-apache-httpdconf-directives[Common httpd.conf Directives]. Note that modules provided by a separate package often have their own configuration file in the `/etc/httpd/conf.d/` directory. [[example-apache-dso-loading]] .Loading the mod_ssl DSO @@ -2234,7 +2234,7 @@ LoadModule ssl_module modules/mod_ssl.so ==== -Once you are finished, restart the web server to reload the configuration. See <> for more information on how to restart the `httpd` service. +Once you are finished, restart the web server to reload the configuration. See xref:Web_Servers.adoc#s3-apache-running-restarting[Restarting the Service] for more information on how to restart the `httpd` service. [[s3-apache-dso-writing]] ====== Writing a Module @@ -2262,7 +2262,7 @@ If the build was successful, you should be able to load the module the same way indexterm:[Apache HTTP Server,virtual host]indexterm:[virtual host,Apache HTTP Server] The Apache HTTP Server's built in virtual hosting allows the server to provide different information based on which IP address, host name, or port is being requested. -To create a name-based virtual host, copy the example configuration file `/usr/share/doc/httpd-_VERSION_pass:attributes[{blank}]/httpd-vhosts.conf` into the `/etc/httpd/conf.d/` directory, and replace the `@@Port@@` and `@@ServerRoot@@` placeholder values. Customize the options according to your requirements as shown in <>. +To create a name-based virtual host, copy the example configuration file `/usr/share/doc/httpd-_VERSION_pass:attributes[{blank}]/httpd-vhosts.conf` into the `/etc/httpd/conf.d/` directory, and replace the `@@Port@@` and `@@ServerRoot@@` placeholder values. Customize the options according to your requirements as shown in xref:Web_Servers.adoc#example-apache-virtualhosts-config[Example virtual host configuration]. [[example-apache-virtualhosts-config]] .Example virtual host configuration @@ -2292,7 +2292,7 @@ If you configure a virtual host to listen on a non-default port, make sure you u ==== -To activate a newly created virtual host, the web server has to be restarted first. See <> for more information on how to restart the `httpd` service. +To activate a newly created virtual host, the web server has to be restarted first. See xref:Web_Servers.adoc#s3-apache-running-restarting[Restarting the Service] for more information on how to restart the `httpd` service. [[s2-apache-mod_ssl]] ===== Setting Up an SSL Server @@ -2310,7 +2310,7 @@ To provide secure communications using SSL, an SSL server must use a digital cer When a web browser establishes a new SSL connection, it checks the certificate provided by the web server. If the certificate does not have a signature from a trusted CA, or if the host name listed in the certificate does not match the host name used to establish the connection, it refuses to communicate with the server and usually presents a user with an appropriate error message. -By default, most web browsers are configured to trust a set of widely used certificate authorities. Because of this, an appropriate CA should be chosen when setting up a secure server, so that target users can trust the connection, otherwise they will be presented with an error message, and will have to accept the certificate manually. Since encouraging users to override certificate errors can allow an attacker to intercept the connection, you should use a trusted CA whenever possible. For more information on this, see <>. +By default, most web browsers are configured to trust a set of widely used certificate authorities. Because of this, an appropriate CA should be chosen when setting up a secure server, so that target users can trust the connection, otherwise they will be presented with an error message, and will have to accept the certificate manually. Since encouraging users to override certificate errors can allow an attacker to intercept the connection, you should use a trusted CA whenever possible. For more information on this, see xref:Web_Servers.adoc#table-apache-mod_ssl-certificates-authorities[Information about CA lists used by common web browsers]. [[table-apache-mod_ssl-certificates-authorities]] .Information about CA lists used by common web browsers @@ -2336,7 +2336,7 @@ If you intend to set up an SSL server, make sure you have the [package]*mod_ssl* ~]#{nbsp}dnf install mod_ssl openssl ---- indexterm:[Apache HTTP Server,files,/etc/httpd/conf.d/ssl.conf] -This will create the `mod_ssl` configuration file at `/etc/httpd/conf.d/ssl.conf`, which is included in the main Apache HTTP Server configuration file by default. For the module to be loaded, restart the `httpd` service as described in <>. +This will create the `mod_ssl` configuration file at `/etc/httpd/conf.d/ssl.conf`, which is included in the main Apache HTTP Server configuration file by default. For the module to be loaded, restart the `httpd` service as described in xref:Web_Servers.adoc#s3-apache-running-restarting[Restarting the Service]. [IMPORTANT] ==== @@ -2408,7 +2408,7 @@ Certificates are issued for a particular IP address and domain name pair. If one VeriSign, a widely used certificate authority, issues certificates for a particular software product, IP address, and domain name. Changing the software product renders the certificate invalid. -In either of the above cases, you will need to obtain a new certificate. For more information on this topic, see <>. +In either of the above cases, you will need to obtain a new certificate. For more information on this topic, see xref:Web_Servers.adoc#s3-apache-mod_ssl-genkey[Generating a New Key and Certificate]. If you want to use an existing key and certificate, move the relevant files to the `/etc/pki/tls/private/` and `/etc/pki/tls/certs/` directories respectively. You can do so by issuing the following commands as `root`: @@ -2426,7 +2426,7 @@ SSLCertificateFile /etc/pki/tls/certs/pass:attributes[{blank}]_hostname_.crt SSLCertificateKeyFile /etc/pki/tls/private/pass:attributes[{blank}]_hostname_.key ---- -To load the updated configuration, restart the `httpd` service as described in <>. +To load the updated configuration, restart the `httpd` service as described in xref:Web_Servers.adoc#s3-apache-running-restarting[Restarting the Service]. [[example-apache-mod_ssl-keypair]] .Using a key and certificate from the Red{nbsp}Hat Secure Web Server @@ -2566,7 +2566,7 @@ SSLCertificateFile /etc/pki/tls/certs/pass:attributes[{blank}]_hostname_.crt SSLCertificateKeyFile /etc/pki/tls/private/pass:attributes[{blank}]_hostname_.key ---- -Finally, restart the `httpd` service as described in <>, so that the updated configuration is loaded. +Finally, restart the `httpd` service as described in xref:Web_Servers.adoc#s3-apache-running-restarting[Restarting the Service], so that the updated configuration is loaded. [[s2-apache-resources]] ===== Additional Resources