LFCE: Installing Network Services and Configuring Automatic Startup at Boot – Part 1

A Linux Foundation Certified Engineer (LFCE) is prepared to install, configure, manage, and troubleshoot network services in Linux systems, and is responsible for the design and implementation of system architecture.

Configure Services at System Startup

Linux Foundation Certified Engineer – Part 1

Introducing The Linux Foundation Certification Program.

In this 12-article series, titled Preparation for the LFCE (Linux Foundation Certified Engineer) exam, we will cover the required domains and competencies in Ubuntu, CentOS, and openSUSE:

Part 1: Installing Network Services and Configuring Automatic Startup at Boot

Installing Network Services

When it comes to setting up and using any kind of network services, it is hard to imagine a scenario that Linux cannot be a part of. In this article we will show how to install the following network services in Linux (each configuration will be covered in upcoming separate articles):

  1. NFS (Network File System) Server
  2. Apache Web Server
  3. Squid Proxy Server + SquidGuard
  4. Email Server (Postfix + Dovecot), and
  5. Iptables

In addition, we will want to make sure all of those services are automatically started on boot or on-demand.

We must note that even when you can run all of these network services in the same physical machine or virtual private server, one of the first so-called “rules” of network security tells system administrators to avoid doing so to the extent possible. What is the judgement that supports that statement? It’s rather simple: if for some reason a network service is compromised in a machine that runs more than one of them, it can be relatively easy for an attacker to compromise the rest as well.

Now, if you really need to install multiple network services on the same machine (in a test lab, for example), make sure you enable only those that you need at a certain moment, and disable them later.

Before we begin, we need to clarify that the current article (along with the rest in the LFCS and LFCE series) is focused on a performance-based perspective, and thus cannot examine every theoretical detail about the covered topics. We will, however, introduce each topic with the necessary information as a starting point.

In order to use the following network services, you will need to disable the firewall for the time being until we learn how to allow the corresponding traffic through the firewall.

Please note that this is NOT recommended for a production setup, but we will do so for learning purposes only.

In a default Ubuntu installation, the firewall should not be active. In openSUSE and CentOS, you will need to explicitly disable it:

# systemctl stop firewalld
# systemctl disable firewalld 
or
# or systemctl mask firewalld

That being said, let’s get started!

Installing A NFSv4 Server

NFS in itself is a network protocol, whose latest version is NFSv4. This is the version that we will use throughout this series.

A NFS server is the traditional solution that allows remote Linux clients to mount its shares over a network and interact with those file systems as though they are mounted locally, allowing to centralize storage resources for the network.

On CentOS
# yum update && yum install nfs-utils
On Ubuntu
# aptitude update && aptitude install nfs-kernel-server
On OpenSUSE
# zypper refresh && zypper install nfsserver

For more detailed instructions, read our article that tells how to Configuring NFS Server and Client on Linux systems.

Installing Apache Web Server

The Apache web server is a robust and reliable FOSS implementation of a HTTP server. As of the end of October 2014, Apache powers 385 million sites, giving it a 37.45% share of the market. You can use Apache to serve a standalone website or multiple virtual hosts in one machine.

# yum update && yum install httpd		[On CentOS]
# aptitude update && aptitude apache2 		[On Ubuntu]
# zypper refresh && zypper apache2		[On openSUSE]

For more detailed instructions, read our following articles that shows on how to create Ip-based & Name-based Apache virtual hosts and how to secure Apache web server.

  1. Apache IP Based and Name Based Virtual Hosting
  2. Apache Web Server Hardening and Security Tips

Installing Squid and SquidGuard

Squid is a proxy server and web cache daemon and, as such, acts as intermediary between several client computers and the Internet (or a router connected to the Internet), while speeding up frequent requests by caching web contents and DNS resolution at the same time. It can also be used to deny (or grant) access to certain URLs by network segment or based on forbidden keywords, and keeps a log file of all connections made to the outside world on a per-user basis.

Squidguard is a redirector that implements blacklists to enhance squid, and integrates seamlessly with it.

# yum update && yum install squid squidGuard			[On CentOS] 
# aptitude update && aptitude install squid3 squidguard		[On Ubuntu]
# zypper refresh && zypper install squid squidGuard 		[On openSUSE]

Installing Postfix and Dovecot

Postfix is a Mail Transport Agent (MTA). It is the application responsible for routing and delivering email messages from a source to a destination mail servers, whereas dovecot is a widely used IMAP and POP3 email server that fetches messages from the MTA and delivers them to the right user mailbox.

Dovecot plugins for several relational database management systems are also available.

# yum update && yum install postfix dovecot 				[On CentOS] 
# aptitude update && aptitude postfix dovecot-imapd dovecot-pop3d 	[On Ubuntu]
# zypper refresh && zypper postfix dovecot				[On openSUSE]	

About Iptables

In few words, a firewall is a network resource that is used to manage access to or from a private network, and to redirect incoming and outgoing traffic based on certain rules.

Iptables is a tool installed by default in Linux and serves as a frontend to the netfilter kernel module, which is the ultimate responsible for implementing a firewall to perform packet filtering / redirection and network address translation functionalities.

Since iptables is installed in Linux by default, you only have to make sure it is actually running. To do that, we should check that the iptables modules are loaded:

# lsmod | grep ip_tables

If the above command does not return anything, it means the ip_tables module has not been loaded. In that case, run the following command to load the module.

# modprobe -a ip_tables

Read Also: Basic Guide to Linux Iptables Firewall

Configuring Services Automatic Start on Boot

As discussed in Managing System Startup Process and Services – Part 7 of the 10-article series about the LFCS certification, there are several system and service managers available in Linux. Whatever your choice, you need to know how to start, stop, and restart network services on-demand, and how to enable them to automatically start on boot.

You can check what is your system and service manager by running the following command:

# ps --pid 1
Check Linux Service Manager

Check Linux Service Manager

Depending on the output of the above command, you will use one of the following commands to configure whether each service should start automatically on boot or not:

On systemd-based
----------- Enable Service to Start at Boot -----------
# systemctl enable [service]
----------- Prevent Service from Starting at Boot -----------
# systemctl disable [service] # prevent [service] from starting at boot
On sysvinit-based
----------- Start Service at Boot in Runlevels A and B -----------
# chkconfig --level AB [service] on 
-----------  Don’t Start Service at boot in Runlevels C and D -----------
# chkconfig --level CD service off 
On upstart-based

Make sure the /etc/init/[service].conf script exists and contains the minimal configuration, such as:

# When to start the service
start on runlevel [2345]
# When to stop the service
stop on runlevel [016]
# Automatically restart process in case of crash
respawn
# Specify the process/command (add arguments if needed) to run
exec /absolute/path/to/network/service/binary arg1 arg2

You may also want to check Part 7 of the LFCS series (which we just referred to in the beginning of this section) for other useful commands to manage network services on-demand.

Summary

By now you should have all the network services described in this article installed, and possibly running with the default configuration. In later articles we will explore how to configure them according to our needs, so make sure to stay tuned! And please feel free to share your comments (or post questions, if you have any) on this article using the form below.

Reference Links
  1. About the LFCE
  2. Why get a Linux Foundation Certification?
  3. Register for the LFCE exam

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

46 Responses

  1. cluster says:

    So… the linux foundation is now offering training for the lfce, if you’re thinking about buying this, A word of advice. DON’T DO IT, this training sucks donkey a$$.

  2. Ricky says:

    Just passed the exam.. your tutorials and guidelines are very helpful!

    kudos to you :)

    • Ravi Saive says:

      @Ricky,

      Congratulations for passing out RHCE in one attempt, could you share your exam experience and objectives here? so that it will helpful to others..

      • Ricky says:

        @Ravi

        I took the exam LFCE not RHCE :)

        anyway I’ve also took RHCE before and it was very difficult for my experience you need to config Server and Client and i’ve failed. unlike in LFCE you are focus on the server side. Most of the topics for LFCE came out especially in httpd, smtp and iptables you need to master them all.

  3. jon says:

    I have a question,

    i know that on feb 2 LFCSA changed the domain competency, was LFCE competency changed too?

  4. Ansil H says:

    Passed LFCE last week.
    Many Thanks for the tutorials

  5. Ansil H says:

    Part 8: How To Setup an Iptables Firewall to Enable Remote Access to Services in Linux
    Part 10: How To Setup an Iptables Firewall to Enable Remote Access to Services in Linux

    Seems like part 10 heading should be Routing packets statically & dynamically ; isn’t it ?

  6. Dmitry says:

    Hi,

    Please tell – are all necessary knowledge domains covered to pass exam?

  7. Manoj says:

    hello Gabriel,

    I am not a seasoned Linux Admin but am using it mostly as application admin (like running Hadoop, MongoDB etc). I followed your notes for LFCS and passed the exam now I want to do the same for LFCE. Any special recommendation apart from your notes
    LFCE seems task oriented, like Configure a service and move on to new service. Do i need to practice the steps until i can repeat without any external assiatnce? or will there be any special troubleshooting questions?

    I know its generic question but wondering if u can help here as I don’t feel Linuxfoundation did a good job assembling all the necessary information about exam :(

    –Manoj

  8. jon says:

    So… what if you use centos 7 like i do? does that mean that we’re stlil using sysvinit in the exam?

  9. @dtsf,
    As of today, systemd is not included in the Linux Foundation certification exams. I decided to talk a little about systemd (and also upstart, even though that is not required in the exams either) just in case those topics make it to the required domain and competencies (I don’t think upstart will make it, but systemd surely will).

  10. dtsf says:

    Hi, I see you mention systemd. Is there any of the three distros available to do the exam which already features systemd? I thought it’s only for Centos 7 and above?

Leave a Reply to jon Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.