Tips to better configure RedHat Linux systems. Written during the RedHat enterprise 3 to 4 timeframe.
Automate crond Restarts
The crond process may randomly fail. Employ configuration management or some other method to ensure crond stays running, especially if critical software runs under cron(8). Release processes that rely on killing crond to disable automated jobs must instead set a status file that the scripts consult to see whether to run or not. Under CFEngine, simply run the following policy on RedHat class systems:
processes:
any::
"crond$" restart "/sbin/service crond restart"
shellcommands:
any::
"/sbin/chkconfig crond on" ifelapsed=1439
restart_cron::
"/sbin/service crond restart >/dev/null" useshell=true
Disable Unused Services
kudzu wastes time at boot. If needed, enable the startup script, reboot, and make the required hardware changes. Then have something automatically turn it off again.
shellcommands:
any::
"/sbin/chkconfig kudzu off" ifelapsed=1439
Some systems may need iptables and SELinux enabled, others not. Create groups of hosts, and turn these daemons off anywhere they are not needed. This simplifies debugging, as the firewall will not be randomly on, or SELinux blocking legitimate requests (or spamming the logfiles).
shellcommands:
needs_firewall::
"/sbin/chkconfig iptables on" ifelapsed=1439
!needs_firewall::
"/sbin/chkconfig iptables off" ifelapsed=1439
"/sbin/iptables --flush" ifelapsed=1439
Disable SELinux in /etc/selinux/config with SELINUX=disabled.
Set auto-fsck
In /etc/sysconfig/autofsck, set AUTOFSCK_DEF_CHECK=yes. This setting will especially benefit unattended server systems where one rarely if ever consults the console.
