Linux servers.

Upgrading Red Hat Enterprise Linux / CentOS / Oracle Linux

RHEL/CentOS/Oracle Linux Migration:
Network Services

Network services came under the control of systemd with RHEL 7, making xinetd redundant. Samba has been greatly improved with the release of its version 4, and the old web-based administration tool has been dropped due to many security holes and very little maintenance. Services like Apache and BIND have been through several upgrades.

Previous: Networking

The previous page explained the many changes in networking, including changes in network interface names and in the networking commands. It also described how Red Hat has been pushing their firewall daemon for access control.

9 — Networking: Network Services, and
10 — Print and File Service

For RHEL 6, see the earlier discussion of the media split into DVD1 and DVD2. If you want samba-swat, lpd-cups, and several other network servers, you will need to get the packages from DVD2 in RHEL 6.

Better yet, add the YUM respository and install things from there.

RHEL 7 includes an update to Samba 4, meaning that your Linux server can function as a full Active Directory server.

That also means that you can no longer use SWAT or the browser-based Samba Web Admin Tool. It was removed at Samba version 4.1 due to security concerns.

Apache updates to version 2.4.37 with RHEL 8 and 2.4.51 with RHEL 9. HTTP/2 is now provided by the mod_httpd module, part of the httpd package. The ACME protocol for automated TLS provisioning and renewal is supported starting with RHEL 8, so you can easily use Let's Encrypt certificates. The MPM or multi-processing module used by default with RHEL 8 has changed from prefork to the higher performance event model.

Or, you can simply use the included Nginx web server and proxy included with RHEL 8 and later.

RHEL 8 supports TLS 1.3 with both Apache and Nginx, and in its back-end crypto libraries.

RHEL 9 includes OpenSSL 3, a huge redesign.

OpenSSH updates from 7.4p1 to 7.8p1 going from RHEL 7 to 8, dropping support for:

RHEL 8 / OpenSSH 7.8p1 adds support for these key exchange algorithms: gss-group14-sha256-, gss-group16-sha512-, gss-nistp256-sha256-, gss-curve25519-sha256-

RHEL 9 has OpenSSH 8.7p1, with further changes to increase the security of default behavior.

See the OpenSSH Release Notes for full details.

It worries me that returned an invalid HTTPS response when I was updating this page during the winter of 2019.

It doesn't quite have the "One man's hobby, last updated in 2014" feel of the server hosting the dnsmasq package, but both seem wobbly.

The NTP service changed from classic ntpd to chronyd some time after RHEL 6.0. That is, the initial RHEL 6.0 had ntpd, but it was replaced by chronyd in a later 6.x release.

RHEL 8 dropped tcpwrappers. That will challenge sites using tcpwrapper to meet extensive banner requirements.

cvs and tftp were the only xinetd services left in RHEL 7, everything else runs as a standalone network service. (Except for some truly antiquated services like chargen and discard that was included in the xinetd package) Verify this with:

# cd /path/to/package/files
# for P in *
> do
>   echo $P $( rpm -qlp $P 2> /dev/null | grep '/etc/xinetd.d' ) | grep '/etc/xinetd.d'
> done 

Even those were gone with RHEL 8. You can write your own xinetd service, but none is provided from Red Hat.

NFS service configuration changes significantly going from RHEL 7 to 8.

The kernel itself continues to evolve rapidly. Added features, improved performance, and bug fixes. But the way you configure a kernel hasn't changed much.

Clusters, on the other hand, work completely differently when you move from RHEL 6 to 7.

Next ❯ Kernel & Clusters