{{tag>[rhel7 certification]}}
=====RHCSA v7 EX200 objectives (20160323)=====
Some notes on the EX200 exam.
* [[https://www.redhat.com/en/services/training/ex200-red-hat-certified-system-administrator-rhcsa-exam]]
* You cannot shrink Xfs (you can shrink ext4).
* Change root password in single user mode is a different procedure (rd.break).
* ''makewhatis'' is gone, use ''mandb''.
==== - Understand and use essential tools====
=== - Access a shell prompt and issue commands with correct syntax===
* Use SSH or the console to log in. You can try tab-complete to find commands or the locate, find, etc, command. Use the man-pages or options:-h -x -? --help
=== - Use input-output redirection (>, >>, |, 2>, etc.)===
* ''>'' Redirect output, target is truncated before writing starts.
* ''>>'' Redirect output, append to target.
* ''|'' Connect standard output to standard input (a pipe).
* ''2>'' redirect stderr.
=== - Use grep and regular expressions to analyze text===
* Grep all lines without starting with an ''#'' or empty space: grep ^[^#] file
* Interpret PATTERN as a list of fixed string: grep -F
#or
fgrep
* Invert match ''grep -v''.
=== - Access remote systems using ssh===
* SSH client configuration in ''~/.ssh/config''.
* Verbose logging: ''ssh -vvv ''.
* Tunnel: ''ssh -L8080:host:80 host''.
* Enable X11 forwarding: ''ssh -X '', ''gunzip ''.
=== - Create and edit text files===
* Create 'text' file: ''vi'' or ''vim''.
* Redirect output (overwrite) to file: ''echo "hi" > filename''.
=== - Create, delete, copy, and move files and directories===
* Create empty file: ''touch''.
* Remove file: ''rm file''.
* Force: ''-f''.
* Recursive: ''-r''.
* Copy: ''cp source destination''.
* Preserve mode, owner and timestamps: ''-p''.
* Recursive ''-r''.
* Move: ''mv source destination''
=== - Create hard and soft links===
* Create hard link: ''ln target link-name''.
* Create soft link: ''ln -s target link-name''.
* Show inode number (for hard links): ''ls -i''.
=== - List, set, and change standard ugo/rwx permissions===
* List permissions: ''ls -l'' or ''stat file''.
* Set permissions: ''chmod 755'' or ''chmod o+rw'' etc.
* Change owner: ''chown user:group target''.
=== - Locate, read, and use system documentation including man, info, and files in /usr/share/doc===
* Man pages: ''man command''.
* Search all man pages: ''man -k command''.
* Search for text in all man pages: ''man -K text''.
* Info pages: ''info command''.
* Read documentation in ''/usr/share/doc'' directories.
==== - Operate running systems====
=== - Boot, reboot, and shut down a system normally===
* Boot: turn on server or virtual machine.
* Reboot: ''reboot'' or ''shutdown -r now'' or ''systemctl isolate reboot.target''
* Shutdown: ''shutdown -h now'' or ''systemctl isolate poweroff.target''.
=== - Boot systems into different targets manually===
* Show default target: ''systemctl get-default'' or ''ls -lh /etc/systemd/system/default.target''
* List all tartgets:systemctl list-units --type target --all
* Rescue mode: ''systemctl rescue''.
* Emergency mode: ''systemctl emergency''
=== - Interrupt the boot process in order to gain access to a system===
* In grub boot menu, select desired kernel, press 'e', edit the kernel line and append (ctrl-e) the word ''single''. Boot the system.
* If you need to change the root password:
# press 'e' in the grub menu,
# change add: rd.break enforcing=0
# press ctrl-x
mount -o remount,rw /sysroot
chroot /sysroot
passwd root
touch /.autorelabel
mount -o remount,ro /
exit
exit
=== - Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes===
* Identify CPU/Memory intensive processes with: ''top''.
* Adjust priority with ''nice command -n '' and ''renice -n ''. A higher number is more nice.
* Show nice level of processes: ''ps -efl''.
=== - Locate and interpret system log files and journals===
* Query the systemd journal: ''journalctl''.
* Follow: ''-f''.
* Augment log lines with explanation texts: ''-x''.
* Show all logs from specified service: ''journalctl /usr/sbin/sshd''.
=== - Access a virtual machine's console===
* ''virsh console ''.
=== - Start and stop virtual machines===
* ''virsh stop ''.
* ''virsh start ''.
=== - Start, stop, and check the status of network services===
* Show connections: ''nmcli c show''
* Up: ''nmcli c up eth0''
* Down: ''nmcli c down eth0''
* Edit: ''nmcli c edit eth0''
=== - Securely transfer files between systems===
* SCP: ''scp ''
* sftp
==== - Configure local storage====
=== - List, create, delete partitions on MBR and GPT disks===
* List partitions: ''fdisk -l /dev/vda'' or ''fdisk /dev/vda''
* Delete and edit with: ''fdisk'' or ''parted''
=== - Create and remove physical volumes, assign physical volumes to volume groups, and create and delete logical volumes===
* Create PV: ''pvcreate /dev/vda2''.
* Assign to VG: ''vgextend ''.
* Create LV: ''lvcreate -L 5GB -n ''.
* Remove LV: ''lvremove /dev//''.
=== - Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label===
* Show UUID's: ''blkid''.
* Add UUID to /etc/fstab: ''UUID=7c2eaf53-ae5b-4b81-a539-b5f5d34c60c5 /boot xfs defaults,noatime 0 0''
* Label a device: ''e2label /dev/mapper/testV testlv''
* In ''/etc/fstab'' use: ''LABEL=testlv '' as device.
=== - Add new partitions and logical volumes, and swap to a system non-destructively===
* For Partitions and LVs, see above.
* Add SWAP:
* fdisk set partition to SWAP
* ''partx -a /dev/vdc''.
* ''partprobe''.
* ''mkswap /dev/vdc1''.
* ''swapon -v /dev/vdc1''.
* Show swap: ''swapon -s''.
* Add swap file as an example:
* Create 512MB file: ''dd if=/dev/zero of=/var/tmp/swapfile1 bs=1024 count=524288''.
* Change owner and mode: ''chown root:root /var/tmp/swapfile1'' ''chmod 0600 /var/tmp/swapfile1''.
* Make swap: ''mkswap /var/tmp/swapfile1''.
* Activate swap: ''swapon /var/tmp/swapfile1''.
* Show swap: ''swapon -s''.
==== - Create and configure file systems====
=== - Create, mount, unmount, and use vfat, ext4, and xfs file systems===
* Create file system: ''mkfs.''.
* Mount file system: ''mount -t ''.
=== - Mount and unmount CIFS and NFS network file systems===
* Show NFS exports: ''showmount -e''.
* Mount NFS: ''mount :mountoint ''.
* Show SMB shares: ''smbclient -L diskstation -U user''.
* Mount CIFS: mount -t cifs //server/share /mnt -o user=username
=== - Extend existing logical volumes===
* Check spave available in PV and VG: ''pvs'', ''vgs''
* Resize LV: ''lvresize -r -l+100%FREE ''.
=== - Create and configure set-GID directories for collaboration===
* An SGID on directory will have new files and directories have its group set to the group.
* Create team group, change group of directory (chown).
* Add SGID: ''chmod g+s /data/team''.
* Allow write: ''chmod g+w /data/team''.
* Enable users to see files from others, but no delete (like /tmp): ''chmod +t /data/team''
=== - Create and manage Access Control Lists (ACLs)===
* Check if filesystem is mounted with acl option: ''mount''. But ext4 is already acl aware.
* If not mounted with acl option, add it to fstab and remount, or: ''mount -o remount /var''
* If an ACL is present, then ''ls -l'' will show a plus sign next to the rwx modes.
* Set ACL: ''setfacl -m u:user:rw- ''
=== - Diagnose and correct file permission problems===
* ''ls -l'', ''getfacl'', ''lsattr''.
* ''chmod'', ''chown'', ''setfacl'', ''chattr''.
==== - Deploy, configure, and maintain systems====
=== - Configure networking and hostname resolution statically or dynamically===
* Edit network configuration (including DNS servers): ''nmcli''
* Static hostname resolution in ''/etc/hosts''.
* Set own hostname: ''hostnamectl set-hostname ''.
=== - Schedule tasks using at and cron===
* Add crontabs in ''/etc/crontab'' and below directories ''/etc/cron.d'', ''/etc/cron.daily'', etc.
* Scheduling: ''min hour daymonth month dayweek(0=sun)''
* /2 = every 2 hours
* /5 = every 5 minutes
* ''30 4 1,15 * 5'' would cause a command to be run at 4:30 am on the 1st and 15th of each month, plus every Friday.
=== - Start and stop services and configure services to start automatically at boot===
* List services:systemctl list-unit-files --type service
* Start: ''systemctl start sshd.service''.
* Stop: ''systemctl stop sshd.service''.
* Restart: ''systemctl restart sshd.service''.
* Start at boot: ''systemctl enable sshd.service''.
* Disable start at boot: ''systemctl disable sshd.service''.
=== - Configure systems to boot into a specific target automatically===
* List targets: systemctl list-units --type target --all
* Show default target:systemctl get-default
#or
ls -lh /etc/systemd/system/default.target
* Set default target: systemctl get-default multi-user.target
=== - Install Red Hat Enterprise Linux automatically using Kickstart===
* Install webserver to service the Kickstart file: ''yum -y install httpd system-config-kickstart''.
* rsync CDROM to ''/var/www/html/pub''
* At boot edit kernel line, add: ''ks=http://192.168.122.35/ks.cfg''
=== - Configure a physical machine to host virtual guests===
* Install virtualization packages: ''yum groupinstall Virtualization "Virtualization Tools"''.
=== - Install Red Hat Enterprise Linux systems as virtual guests===
* Use ''virsh'' or ''virt-manager''.
=== - Configure systems to launch virtual machines at boot===
* Configure: ''virsh autostart ''
=== - Configure network services to start automatically at boot===
* See ''nmcli'' above.
=== - Configure a system to use time services===
* Use NTPd or Chrony.
=== - Install and update software packages from Red Hat Network, a remote repository, or from the local file system===
* Use repo files in /etc/yum.repos.d or RedHat Satellite.
* ''yum-config-manager''
=== - Update the kernel package appropriately to ensure a bootable system===
* Install new kernel: ''rpm'' or ''yum''.
* Check: ''/etc/default/grub''.
=== - Modify the system bootloader===
* Edit: ''/etc/default/grub''.
* Generate the new config: ''grub2-mkconfig -o /boot/grub2/grub.cfg''
* ''grub2-editenv list''
* ''grub2-set-default''
==== - Manage users and groups====
=== - Create, delete, and modify local user accounts===
* Create: ''useradd''.
* Modify: ''usermod''.
* Delete: ''userdel''.
=== - Change passwords and adjust password aging for local user accounts===
* Change password: ''passwd''.
* Change age: ''chage''.
* List age: ''chage -l ''.
=== - Create, delete, and modify local groups and group memberships===
* Create: ''groupadd''.
* Modify: ''groupmod''.
* Delete: ''groupdel''.
=== - Configure a system to use an existing authentication service for user and group information===
* Configure ''SSSd'' or ''PAM-LDAP''.
* Use ''authconfig-tui''.
==== - Manage security====
=== - Configure firewall settings using firewall-config, firewall-cmd, or iptables===
* Get info on active zones: ''firewall-cmd --get-active-zones''.
* Get info on specific zone: ''firewall-cmd --zone public --list-all''.
* Add service to zone: ''firewall-cmd --zone public --add-service httpd --permanent''.
* Add source to zone: ''firewall-cmd --zone public --add-source 10.1.2.3 --permanent''.
* Reload with new config: ''firewall-cmd --reload''.
=== - Configure key-based authentication for SSH===
* Generate key pair: ''ssh-keygen -t ''.
* Put public key in ''~/.ssh/authorized_keys'' on remote server.
=== - Set enforcing and permissive modes for SELinux===
* Enforcing: ''setenforce 1''.
* Permissive: ''setenforce 0''.
* Edit ''/etc/selinux/config'' for permanent configuration.
=== - List and identify SELinux file and process context===
* Files: ''ls -lZ''.
* Processes: ''ps -efZ''.
=== - Restore default file contexts===
* Restore file contexts: ''restorecon -Rv /var/www/html''.
*
=== - Use boolean settings to modify system SELinux settings===
* Get booleans: ''getsebool -a''.
* Set boolean: ''setsebool '', use ''-P'' for permanent (at boot time).
=== - Diagnose and address routine SELinux policy violations===
* Check ''/var/log/audit/audit.log''.
* Read selinux man pages.
* Quick and dirty solution: ''audit2allow''.