RedHat Configuration Tips

Automate crond Restarts | Disable Unused Services | Set auto-fsck

Tips to better configure RedHat Linux systems. Written during the RedHat enterprise 3 to 4 timeframe.

Automate crond Restarts

The crond process may randomly fail. Employ configuration management or some other method to ensure crond stays running, especially if critical software runs under cron(8). Release processes that rely on killing crond to disable automated jobs must instead set a status file that the scripts consult to see whether to run or not. Under CFEngine, simply run the following policy on RedHat class systems:

processes:
any::
"crond$" restart "/sbin/service crond restart"

shellcommands:
any::
"/sbin/chkconfig crond on" ifelapsed=1439

restart_cron::
"/sbin/service crond restart >/dev/null" useshell=true

Disable Unused Services

kudzu wastes time at boot. If needed, enable the startup script, reboot, and make the required hardware changes. Then have something automatically turn it off again.

shellcommands:
any::
"/sbin/chkconfig kudzu off" ifelapsed=1439

Some systems may need iptables and SELinux enabled, others not. Create groups of hosts, and turn these daemons off anywhere they are not needed. This simplifies debugging, as the firewall will not be randomly on, or SELinux blocking legitimate requests (or spamming the logfiles).

shellcommands:
needs_firewall::
"/sbin/chkconfig iptables on" ifelapsed=1439

!needs_firewall::
"/sbin/chkconfig iptables off" ifelapsed=1439
"/sbin/iptables --flush" ifelapsed=1439

Disable SELinux in /etc/selinux/config with SELINUX=disabled.

Set auto-fsck

In /etc/sysconfig/autofsck, set AUTOFSCK_DEF_CHECK=yes. This setting will especially benefit unattended server systems where one rarely if ever consults the console.