Article Title: experience the latest system management software in Fedora13. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Fedora is not a server operating system suitable for production environments-its short support cycle, innovative and not mature and stable software package selection, and excessive experimental features demonstrate its goal only it is a desktop user who enjoys early adopters. However, for system administrators who want to learn about the latest security, virtualization, and server technologies, the new version of Fedora is a good experimental platform. The following describes the latest system management functions included in Fedora 13:
Security
Dogtag Authentication System
Enterprise-level open-source authentication systems support the lifecycle management of various certificates such as CA, DRM, OCSP, RA, TKS, TPS, and smart card management through the enterprise-level security client ESC.
Modprobe whitelist
The modprobe whitelist allows administrators to restrict modules loaded by modprobe to the list of modules configured by administrators in a high-security environment. This restriction prevents unauthorized users from reusing vulnerabilities in infrequently used modules (such as attaching hardware. Therefore, the number of potential vulnerability codes that can run in the kernel is limited.
In addition to Loading modules, modprobe can also run specific commands (Use install Configuration Management), which can be restricted by the same whitelist. To allow the system administrator to compile the whitelist, modprobe adds an additional feature: it can record all information (similar to modprobe-v) to a specified file, including the modprobe action in dracut initrd. A script can be used to compile the whitelist from log data.
Using the whitelist can greatly reduce kernel space attacks and avoid the risk of kernel mode code vulnerabilities that are rarely used. From a sample Fedora desktop system, 79 (1964) of the 4% available modules are loaded ). Based on the amount of code, including the main kernel file (/boot/vmlinuz *), the sample desktop system runs 24% MB of kernel space code, accounting for of the total amount of MB.
User Account session
The User Account session is re-designed to create and modify user information on a single user system or a small deployment system. The new session function replaces the previous tools, such as system-config-user, gnome-about-me, gdmsetup, and polkit-gnome-authorization, these functions can be set at the same location.
Policy Kit One
PolicyKitOne replaces PolicyKit to provide KDE users with a better application and desktop experience. Fedora 12 KDE Desktop Edition uses the Gnome Authentication Agent. PolicyKitOne makes it possible to use the local KDE verification proxy for KAuth in Fedora 13.
Virtualization
KVM requires the host system to support hardware virtualization. Systems without the hardware virtualization function do not support Xen virtual machines.
Kernel acceleration for KVM Networks
The VHost Net feature accelerates the KVM network by adding vhost = on flag in the-netdev option (not-net.
KVM stable PCI address
The KVM client in Fedora 13 now has a stable PCI address, reducing the chance that the Windows client needs to be re-activated after the configuration is modified. When other devices are added or removed, the PCI address of the KVM virtual machine remains unchanged.
Virt x2apic
X2apic reduces the resource overhead of APIC access and improves client performance. APIC access is used for program timers and cross-processor interruptions. Fedora 13 supports the x2apic feature on both the host and client.
Virtualization Technology preview Library
This library can be used to test the latest virtualization-related packages. This function is designed to facilitate early testing, rather than deployment in the production environment.
Xen Kernel support
The Fedora 13 kernel supports domU boot as the client, but it cannot be used as the dom0 until the upstream Kernel provides such support. This work is ongoing and is expected to be supported at the core of Fedora 13 and 2.6.33.
The earliest Fedora system that supports dom0 is Fedora 8.
To boot the Xen domU client on the ora 13 host, you need a KVM-based xenner. Xenner runs the Virtual Machine kernel together with a small Xen simulator as a KVM virtual machine.
Web Server
Apache
Httpd is updated from 2.2.13 to 2.2.14. This update only fixes bugs.
Email server
Cyrusimap
The latest stable cyrus-imapd server version is 2.3.16.
Dovecot
Dovecot in Fedora 13 is upgraded to 1.2.11.
Fetchmail
Fedora 13 uses fetchmail 6.3.14. This update fixes security-related bugs and restores IMAP2 support for some servers.
Sendmail
Update sendmail to 8.14.4. Including a large number of bug fixes and security improvements.
Zarafa
Zarafa is a newly added groupware package in Fedora 13. It can integrate with existing Linux email servers and implement a user interface similar to Outlook through Ajax.
Database Server
Db4
Fedora 13 integrates the Berkeleydb4 database of version 4.8.26. This version improves performance and adds db_ SQL tools and additional APIs.
MySQL
Update mysql to 5.1.44 (from 5.1.39 ). This version adds new replication capabilities.
Postgresql
Postgresql is updated to 8.4.2. Although this is a bug correction version, if you have a hash index, You Need To REINDEX the data tables after the update.
Sqlite
Sqlite of Fedora 13 has been updated from 3.6.17 to 3.6.23. This update adds a large number of new programs and functions and fixes bugs.
Samba (Windows compatibility)
Samba and related clients, extensions, and guis are upgraded to version 3.5.0.
System daemon
Mdadm
The mdadm of Fedora 13 is updated from 3.0.2 to 3.1.1. Major changes include:
When the members in the iner are still active, you do not have to stop the container.
Homehost has been added to the AUTO configuration line. When the-all option is used, this option enables mdadm to automatically combine any arrays belonging to the current machine, but not other arrays.
Previously dependent arrays must be arranged in certain order in mdadm. conf. Now, order is no longer important.
Openssh-server
Openssh-server is an open-source server daemon Based on the SSH protocol.
The openssh-server of Fedora 13 is updated from 5.2p1 to 5.4p1. Major changes include:
◆ SSH protocol 1 is disabled by default.
◆ Added support for PKCS #11 tokens
◆ Support for the new minimum OpenSSH Certificate Format (not X.509)
◆ Added the netcat mode.
◆ Added the Undo key function for sshd and ssh.
Server tools
This section mainly introduces the changes to various GUI servers and system configuration tools in ora 13.
Udisks
In Fedora 13, the udisks storage daemon supports LVM and multi-path devices. The palimpsest tool provides a graphical interface for these features. There are also other user interface improvements and optional remote access.
File System
Btrfs
Btrfs is a developed file system that can address and manage more and larger files and larger volumes than ext2, ext3, and ext4 file systems. Btrfs aims to design a file system with fault tolerance to facilitate detection and repair when an error occurs. It uses the verification method to ensure the validity of data and metadata, and maintains File System snapshots for backup or repair.
The file system snapshot function is the first in Fedora 13. When the yum Package Manager is installed or updated, a snapshot is automatically created.
Because Btrfs is still in experiment and development, it is not used by the installer by default. To create a Btrfs partition on the drive, you must add btrfs to the pilot option at the beginning of the installation process. Do not use Btrfs on systems that contain important data or important data.
NFS
Fedora 13 adopts NFSv4 as the default NFS Protocol (upgraded from NFSv3 of Fedora 12 ).
Fedora supports mounting NFS based on IPv6.