- Create, delete, and modify local user accounts
useradd
usermod
userdel - Change passwords and adjust password aging for local user accounts
passwd
chage
/etc/login.defs - Create, delete, and modify local groups and group memberships
groupadd
groupmod
groupdel - Configure a system to use an existing authentication service for user and group information
yum install sssd auth*
system-config-authentication / authconfig-tui
LDAP
Base DN dc=example,dc=com
LDAP server ldap://classroom.example.com
Use TLS
Download cert
Method – LDAP password
RHCSA
RHCSA: Deploy, configure, and maintain systems
- Configure networking and hostname resolution statically or dynamically
nmcli, nmtui
/etc/resolv.conf
/etc/hosts
hostnamectl - Schedule tasks using at and cron
at 15:00 <<%
echo test
%
crontab –e –u gertrude
15,45 09-17 * * 6 echo test - Start and stop services and configure services to start automatically at boot
systemctl start/stop sshd.service
systemctl enable sshd.service - Configure systems to boot into a specific target automatically
systemctl set-default graphical.target
systemctl set-default multi-user.target - Install Red Hat Enterprise Linux automatically using Kickstart
system-config-kickstart - Configure a physical machine to host virtual guests
yum install qemu-kvm qemu-img libvirt virt-manager - Install Red Hat Enterprise Linux systems as virtual guests
virt-install / virtmanager - Configure systems to launch virtual machines at boot
virsh autostart ‘name’ - Configure network services to start automatically at boot
systemctl enable network - Configure a system to use time services
yum install chrony
/etc/ntp.conf - Install and update software packages from Red Hat Network, a remote repository, or from the local file system
yum install package
yum upgrade package
rpm –Uvh / –ivh package
yum-config-manager –add-repo http://content.example.com/rhel7.0/x86_64/dvd - Update the kernel package appropriately to ensure a bootable system
yum upgrade kernel
rpm -ivh kernel-<kernel version>.<arch>.rpm - Modify the system bootloader
grubby –info=/boot/<kernel>
grubby –remove-args=”arg1 arg2” –args=”argx argy” –update-kernel=/boot/<kernel>
grubby –update-kernel=ALL
RHCSA: Create and configure file systems
- Create, mount, unmount, and use vfat, ext4, and xfs file systems
mkfs.xfs, mkfs.ext4, mkfs.vfat
mount, umount
/etc/fstab - Mount and unmount CIFS and NFS network file systems
mount –t cifs server:/vol/share /mnt/share -o user=userid,pass=pword,dom=AD
mount –t nfs server:/vol/share /mnt/share - Extend existing logical volumes
vgextend
lvextend
xfs_growfs
resize2fs
ssm resize - Create and configure set-GID directories for collaboration
setgid dirs make created files/dirs have the setgid group id
chgrp mygroup ./directory
chmod 2755 ./directory - Create and manage Access Control Lists (ACLs)
getfacl
setfacl - Diagnose and correct file permission problems
chmod, chown, getfacl, setfacl
RHCSA: Configure local storage
- List, create, delete partitions on MBR and GPT disks
fdisk gdisk parted
blkid lsblk - Create and remove physical volumes, assign physical volumes to volume groups, and create and delete logical volumes
using a new disk/partition with LVM: pvcreate /dev/device
creating a new volume group: vgcreate VG00 /dev/device
adding a PV to an existing volume group: vgextend VG00 /dev/device
creating a logical volume: lvcreate -L 100G -n lvhome VG00 - Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label
blkid to get the UUID/label, then add to /etc/fstab
can set label on ext filesystems with tune2fs or e2label - Add new partitions and logical volumes, and swap to a system non-destructively
as per above commands!
need to set the fstype correctly with fdisk/gdisk/parted
mkswap, swapon
RHCSA: Operate running systems
- Boot, reboot, and shut down a system normally
reboot, poweroff, shutdown, wall
systemctl reboot/poweroff/suspend/hibernate/hybrid-sleep/halt
The systemctl commands are preferred. - Boot systems into different targets manually
systemctl get-default, systemctl set-default multi-user.target
systemctl rescue, systemctl emergency, systemctl isolate multi-user.target
systemctl set-default graphical.target - Interrupt the boot process in order to gain access to a system
Esc in grub, e to edit, find linux16 line, CTRL-E to get to end of line and
Boot to rescue mode:
append system.unit=rescue.targetBoot to change root passwd:
remove rhgb and quiet (if there)
append rd.break enforcing=0 to break after ramdisk, and turn off SElinux
mount –o remount,rw /sysroot
chroot /sysroot
passwd… etc
exit
mount –o remount,ro /sysroot
exit (continues boot process)
restorecon /etc/shadow
setenforce enforcing - Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes
top, nice –n <nnn>, renice +5, kill, kill -9
you can only lower the priority of your processes, unless you are root which can raise them too - Locate and interpret system log files and journals
/var/log/*
journalctl - Access a virtual machine’s console
virt-manager - Start and stop virtual machines
virt-manager
virsh start myVM
virtsh shutdown myVM
virsh reboot myVM - Start, stop, and check the status of network services
systemctl start/stop/status network.service
Securely transfer files between systems
scp file user@system2:/path/newfile
RHCSA: Manage security
- Configure firewall settings using firewall-config, firewall-cmd, or iptables
firewall-config (graphical tool)
firewall-cmd
iptables - Configure key-based authentication for SSH
ssh-keygen –t rsa
~/.ssh/authorized_keys - Set enforcing and permissive modes for SELinux
boot parameter “enforcing=0|1”
Edit /etc/sysconfig/selinux applied at reboot
setenforce Enforcing|Permissive|1|0 - List and identify SELinux file and process context
/etc/selinux/targeted/contexts/ - Restore default file contexts
restorecon /file - Use boolean settings to modify system SELinux settings
/etc/selinux/targeted/modules/active/Booleans
getsebool
setsebool
sestatus –b | grep ‘httpd’ - Diagnose and address routine SELinux policy violations
view SELinux violations: sealert
fix basic problems: restorecon, or with the instructions shown
RHCSA: Understand and use essential tools
- Access a shell prompt and issue commands with correct syntax
bash shell, case sensitivity, pwd, ls, cd
fundamental stuff! - Use input-output redirection (>, >>, |, 2>, etc.)
redirect to and from files: > < >> << 1> 2>
pipe between commands: |
prevent > overwriting an existing file: set –o noclobber
DOCHERE:
cat – <<%
text input
% - Use grep and regular expressions to analyze text
grep “string” file.txt
egrep “string1|string2” file.txt - Access remote systems using ssh
ssh user@hostname - Log in and switch users in multiuser targets
su, su – username, sudo - Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2
tar cvf xvf file.tar file.*
(add z for gzip, Z for compress, j for bzip2)
star -xattr -H=exustar -c -f=test.star file.*
cpio –iv / -ov - Create and edit text files
vim, touch - Create, delete, copy, and move files and directories
rm mv touch cp mkdir rmdir - Create hard and soft links
hard link (inodes point to same blocks): ln file newfile
soft link (indirect pointer): ln –s file newfile
directories have to be soft links - List, set, and change standard ugo/rwx permissions
chmod 777 file, chmod a+rwx file
7 is made from the sum of 4 (read) 2 (write) and 1 (execute)
So 5 would be read + execute, 4 would be read only
3 digits for User, Group, Other - Locate, read, and use system documentation including man, info, and files in /usr/share/doc
man ps, whatis ps, apropos ps, info bash
Install SElinux man pages: yum install -y selinux-policy-devel;mandb
YAVB - Rich Dowling 