Fire Up your own Linux Server

Package Management

The Package Management tool shown in Figure 4.19, "The Package Management tool." is available by selecting Desktop > System Settings > Add/Remove Applications.

Figure 4.19. The Package Management tool.

This tool provides a means to add and remove applications from your system. You can adjust individual packages within groups, or remove an entire group.

Boot Configuration

The Boot Configuration tool shown in Figure 4.20, "The bootloader configuration tool." is available from Desktop > System Settings > Bootloader. It's a very simple tool for configuring the GRUB bootloader we discussed in Chapter 1, Building The Linux Environment, allowing you to select the kernel your system will use at boot.

Figure 4.20. The bootloader configuration tool.

When automatic updates to the Linux kernel are allowed, it's likely you'll end up with multiple kernels on the system. By default, the system will choose the newest kernel version when booting, but this tool allows you to select from any of the kernels installed on the system. It also provides a tool to set the boot timeout: the period of time the system will wait for you to select a kernel during boot before automatically booting the default kernel version.

Date and Time

Figure 4.21. The Date/Time Properties window.

The Date/Time Properties tool (Desktop > System Settings > Date & Time), shown in Figure 4.21, "The Date/Time Properties window.", serves several purposes. First, it provides a means to immediately adjust the system date and time. This is important for time-stamping and logging activity on the server.

In the Network Time Protocol tab, you can configure the server to make use of the Network Time Protocol (NTP) so that your system will connect with NTP servers around the world to automatically adjust its own internal clock. This will help ensure near-atomic-clock time accuracy on the server. To make use of NTP, check the Enable Network Time Protocol checkbox in the Network Time Protocol tab. Below this checkbox is a list of NTP servers to use; you can manage this list with the Add and Delete buttons.

Finally, in the Time Zone tab, the Date/Time Properties tool allows you to select the time zone in which the server is located. If you prefer that the server keep time based on the Coordinated Universal Time (UTC), check the System clock uses UTC checkbox.

Display Settings

The Display settings tool in Fedora Core (Desktop > System Settings > Display), shown in Figure 4.22, allows you to set the resolution and color depth, identify the hardware you're using (which has probably been auto-detected by the system), and set up "dual head" (or dual monitor) systems.

Figure 4.22. The Display settings dialog.

Network Settings

The network settings on your machine can be configured via the graphical Network Configuration tool shown in Figure 4.23 (Desktop > System Settings > Network).

This tool allows you to configure all elements of your network devices, from the actual hardware, to IP addressing, to DNS and DHCP. Additionally, the devices can be activated or deactivated from within the graphical interface. Advanced operations, such as configuring individual interfaces to allow activation by normal users, or on system start, can also be performed.

Figure 4.23. The Network Configuration tool.

Printers

Fedora provides the tool depicted in Figure 4.24 to configure the printers on your system (Desktop > System Settings > Printing).

Figure 4.24. The Printer configuration tool.

The New button will launch a wizard that allows you to use a printer that's connected directly to the server, or one that's on the network.

Security Level Configuration

The firewall and Security Enhanced Linux (SELinux) are configured using the Security Level Configuration tool shown in Figure 4.25. To launch it, select Desktop > System Settings > Security Level.

Figure 4.25. The Security Level Configuration tool.

This tool is a graphical front end for the iptables command-line tool and SELinux configuration.

iptables provides the capability to limit the network traffic coming in and out of your system to known traffic types, to specific ports, and/or to specific devices. This is all configured in the Firewall Options tab of the Security Level Configuration window. Clearly, if you're configuring and administering a Web server, it's important to allow WWW (HTTP) traffic on the machine. You can also optionally allow Secure WWW (HTTPS) traffic. For remote administration, it's useful to allow SSH (Secure Shell) traffic: this will allow you to log into the machine from a remote location and perform administrative duties securely, as if you were sitting at the server. Telnet should seldom be allowed: this protocol has many, many known security issues.

If, instead of allowing traffic types, you'd prefer to allow all traffic across a specific interface (the first ethernet device, for example, or eth0), select that option from the Trusted devices list. Note that this is less secure than limiting traffic to specific protocols, as all traffic across the chosen interface will be allowed.

You may also want to allow traffic through specific ports. You can define these ports in the Other ports text field of the Security Level Configuration window, separated by commas. Of all the options in the Firewall Options tab, this is the most secure, as it limits traffic to very specific entry points. We'll look at this in more detail in Chapter 9, Server Security.

SELinux is a new addition to Fedora Core, available as a standard option only since Fedora Core 3. It's a series of security related enhancements to the Linux kernel, largely written by the US National Security Administration (NSA). SELinux is such a rich tool that detailed configuration information is beyond the scope of this book. You can access more information about SELinux, including an extensive FAQ list, online at http://www.nsa.gov/selinux/.