RHCE Objectives: Network services
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
- Install the packages needed to provide the service
- Configure SELinux to support the service
- Use SELinux port labeling to allow services to use non-standard ports
- Configure the service to start when the system is booted
- Configure the service for basic operation
- Configure host-based and user-based security for the service
http://www.certdepot.net/rhel7-use-selinux-port-labelling/
- Synchronize time using other NTP peers
Install packages: yum install ntp, systemctl start ntpd
Configure SELinux: Should be configured out of the box; ps -e –context | grep ntp
SELinux Port labeling: Use the semanage tool to see the existing ports to be used:
semanage port -l | grep ntp
To use a different port, you’ll need to make sure the target port isn’t different
sepolicy network -p [port number]
If unreserved, then assign it.
semanage port -a -t ntp_port_t -p tcp 60123
Configure to start when booted: systemctl enable ntpd
Configure for basic operation: By default; ntpq -p to review the output.
Configure host-based and user-based security for the service:
Synchronize time using other NTP peers: Start ntpd; systemctl start ntpd. This will start the sync process. If you need to initially set your hardware clock, you can use ntpdate [servername] to manually set the date and time but ntpd can’t be running. So stop ntpd (systemctl stop ntpd), run ntpdate [servername] to sync, and then start ntpd back up (systemctl start ntpd).