Subtitles of the Movie

In this video, let's discuss some general concepts related to system performance and security. Though none of these items address specific issues cited in the RHCE Prep Guide, they are foundation concepts and can help you in your career, and your skill set when you solve problems on the RHCE Exam. To review current system performance, run the top command. Look at how it shows current usage for memory, swap space, as well as CPU. Note how it breaks down performance by process, process identifier, as well as process name. Note how it identifies the user who owns the process, so if there's a slow down on the server, you can run to the top command on that server and see what processes and which users are overloading your system. There's also a sar command, which sets up a system activity report. I won't go into that one in detail. As for security, there are a number of categories. There's password security. The best passwords are a mix of upper and lower case letters, numbers, and punctuation. For myself, I like to make passwords out of favorite sentences. For example, upper case Id3tmeM. could stand for I drink three triple mochas every Monday period. To be sure that you're users run sufficiently strong passwords some administrators use tools like Crack. Yeah, that's really the name of an actual tool to make sure that passwords created by their users meet corporate guidelines. Another category of security is access to the root account. As you should already know, anyone who boots in rescue mode, or with a live CD can get access to your root account. This emphasizes the importance of basic security measures, such as BIOS passwords. With a password on the BIOS a cracker can't get into the BIOS menu and force your system to boot from a CD. You can also set up locks on CD drives, USB drives, and other boot media drives, which can physically stop a cracker from booting from such media, and related to physical security are basic measures, such as locks on server rooms, cameras for surveillance, and so on. Of course, there's also network security. During your exam you may need to diagnose network related security issues, and when you do, remember that they can fall into several categories, so when you check one area of network security, don't forget the others. One area is TCP wrappers. For those network servers that use TCP packets, and that's most network services, they can be regulated by rules listed in etc slash hosts dot allow, and etc slash hosts dot deny files. Of course, basic network security is configured through firewalls as described by the iptables command. The current firewall as configured can be listed by the iptables dash L command. The default firewall is configured in the etc slash sysconfig slash iptables file. While not directly related to network security, security-enhanced Linux can highlight problems on network services where security-enhanced Linux rules are violated, and that's where things like the security-enhanced Linux troubleshooter can help. You can start that with the sealert dash b command.