{{tag>[rhel certification]}}
=====RedHat EX200 objectives (20121221)=====
[[http://www.redhat.com/training/courses/ex200/examobjective|RedHat EX200 objectives]]
==== Understand and use essential tools ====
* Access a shell prompt and issue commands with correct syntax.
* Use input-output redirection (>, >>, |, 2>, etc.).
> redirect, creates or overwrite file
>> redirect, creates or appends file
1> redirect stdout, 1>> append
2> redirect stderr, 2>> append
&> redirect stdout and stderr
2>&1 redirect stderr to stdout
command < /dir/file # stdin
* Use grep and regular expressions to analyze text.
grep ^at start of line
grep at end of line$
grep ^$ for empty lines
grep -e "foo|bar" OR
* Access remote systems using ssh and VNC.
#server
yum -y install tigervnc-server
/etc/sysconfig/vncservers
remove -localhost
#as normal user
vncpasswd
vncserver :1
#kill session
vncserver -kill :1
#client
yum -y install tigervnc
vncviewer nucvm3:5901
* Log in and switch users in multiuser runlevels.
su -
sudo
* Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2.
Star is a very fast tar like tape archiver with improved functionality. Can handle ACL information.
* Create and edit text files.
* Create, delete, copy, and move files and directories.
* Create hard and soft links.
ln TARGET LINK # hard link
ln -s # soft link
ls -lia show inodes (for hardlinks)
* List, set, and change standard ugo/rwx permissions.
ls -l
chmod
r = read
w = write
x = execute or search
s = setuid, setgid
t = sticky bit (/tmp)
chown
* Locate, read, and use system documentation including man, info, and files in /usr/share/doc.
man -k #search for keywords
makewhatis
info -k #search for keywords
info coreutils 'chmod invocation' #example
> Note: Red Hat may use applications during the exam that are not included in Red Hat Enterprise Linux
for the purpose of evaluating candidate's abilities to meet this objective.
==== Operate running systems ====
* Boot, reboot, and shut down a system normally.
shutdown -r now #reboot
shutdown -h now #halt
reboot
/etc/inittab
* Boot systems into different runlevels manually.
init
telinit
* Use single-user mode to gain access to a system.
add runlevel number at end end of kernel line (grub)
* Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes.
top
ps
kill -
nice -n command # run program with modified prio, from -20 to 19, higer = more nice (-20 is hi
ghest prio)
renice -n # alter priority of running processes
ps -efl # also shows nice level
* Locate and interpret system log files.
* Access a virtual machine's console.
virt-manager # gui
virsh console
virsh list --all # list VMs
* Start and stop virtual machines.
virsh reboot
virsh shutdown
virsh start
* Start, stop, and check the status of network services.
service network start|stop|restart
ifconfig -a
netstat -rn # route -n
netstat -tapn # as root shows PID names (processes) for TCP ports
chkconfig --list
==== Configure local storage ====
* List, create, delete, and set partition type for primary, extended, and logical partitions.
df
fdisk -l
fdisk /dev/vdb, n, p, 1, , , w
fdisk /dev/vda n +512M, w
partprobe
* Create and remove physical volumes, assign physical volumes to volume groups, and create and delet
e logical volumes.
add disk to VM, choose VirtIO, will be hot plugged
fdisk /dev/vdb, type 8e Linux LVM
pvcreate /dev/vdb1
vgextend vg_nucvm1 /dev/vdb1 #toevoegen aan VG
vgcreate -s 8M VolumeGroupName /dev/sdb1 /dev/sdb2
lvcreate -L 5GB -n ExtraLV vg_nucvm1
mkfs.ext4 /dev/...
blkid
/etc/fstab
mkdir -p .....
mount -a
lvremove /dev/vg_nucvm1/ExtraLV
vgreduce vg_nucvm1 /dev/vdb1
pvremove /dev/vdb1
# or check gui: system-config-lvm
* Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount an decrypted file system at boot.
#on a loop device
dd if=/dev/urandom of=testfile bs=1M count=10
losetup /dev/loop0 testfile
#with normal device
cryptsetup luksFormat /dev/vdb1 # type uppercase YES
cryptsetup luksOpen /dev/vdb1 CryptLV
/dev/mapper/CryptLV /crypt ext4 defaults 0 0 # /etc/fstab
CryptLV /dev/vdb1 none # /etc/crypttab
* Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label.
blkid # show UUID's
UUID=72607ef8-d59a-4b7b-892f-2a515a1b8104 # in /etc/fstab
e2label /dev/mapper/CryptLV luksdrive
LABEL=luksdrive # in /etc/fstab
* Add new partitions and logical volumes, and swap to a system non-destructively.
fdisk set partition to SWAP
partx -a /dev/vdc
partprobe
mkswap /dev/vdc1
swapon -v /dev/vdc1
swapon -s # show
==== Create and configure file systems ====
* Create, mount, unmount, and use ext2, ext3, and ext4 file systems.
* Mount, unmount, and use LUKS-encrypted file systems.
* Mount and unmount CIFS and NFS network file systems.
mount -t nfs server:/share /mnt
showmount -e # show exported filesystems
mount -t cifs //server/share /mnt -o user=username
smbclient -L diskstation -U benst
* Configure systems to mount ext4, LUKS-encrypted, and network file systems automatically.
In /etc/fstab
luks: /etc/fstab AND /etc/crypttab
192.168.1.100:/share /mnt/share nfs ro,user,_netdev 0 0
* Extend existing unencrypted ext4-formatted logical volumes
#extend
lvextend -L +100M /dev/vg_nucvm1/smallfs
resize2fs /dev/mapper/vg_nucvm1-smallfs
#decrease
umount
fsck
resize2fs -f /dev/... 100M
lvreduce -L 100M /dev/...
mount -a
#online resize
lvresize -r -L NewSize /dev/...
* Create and configure set-GID directories for collaboration.
mkdir /opt/team
groupadd team
chgrp team /opt/team
chmod 760 /opt/team
chown g+s /opt/team
* Create and manage Access Control Lists (ACLs).
Add ACL functionality to filesystem with /etc/fstab
/dev/mapper/vg_nucvm1-smallfs /small ext4 defaults,acl 0 0
mount -o remount /small
getfacl testfile
ls -l # shows a plus + sign
-rw-rwxr--+ 1 root root 0 Jan 20 20:24 testfile
setfacl -m u:benst:rw ./testfile # modify user rights
setfacl -m g:team:rwx ./testfile # modify group rights
setfacl -m u:benst:--- ./testfile # remove rights
* Diagnose and correct file permission problems.
==== Deploy, configure, and maintain systems ====
* Configure networking and hostname resolution statically or dynamically.
BOOTPROTO=dhcp
BOOTPROTO=static
* Schedule tasks using cron.
yum install cronie
min hour daymonth month dayweek(0=sun)
*/2 = every 2 hours
*/5 = every 5 minutes
"30 4 1,15 * 5" would cause a command to be run at 4:30 am on the 1st and 15th of each month, plus ev
ery Friday.
* Configure systems to boot into a specific runlevel automatically.
* Install Red Hat Enterprise Linux automatically using Kickstart.
yum -y install httpd system-config-kickstart
rsync CDROM to /var/www/html/pub
at boot edit kernel line, add: ks=http://192.168.122.35/ks.cfg
* Configure a physical machine to host virtual guests.
yum groupinstall Virtualization "Virtualization Tools"
* Install Red Hat Enterprise Linux systems as virtual guests.
via virsh or virt-manager
* Configure systems to launch virtual machines at boot.
virsh autostart nucvm1
chkconfig libvirtd on
* Configure network services to start automatically at boot.
chkconfig
* Configure a system to run a default configuration HTTP server.
yum groupinstall "Web Server"
chkconfig httpd on
service httpd start
selinux?
#Virtual hosts
NameVirtualHost *:80
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/station
ServerName station
ErrorLog logs/station-error
CustomLog logs/station-access common
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/html
ServerName install
ErrorLog logs/html-error
CustomLog logs/html-access common
* Configure a system to run a default configuration FTP server.
yum -y groupinstall "FTP server"
chkconfig vsftpd on
service vsftpd start
Configure selinux and iptables.
* Install and update software packages from Red Hat Network, a remote repository, or from the local
file system.
rpm -i # install
rpm -u # update
yum install
yum localinstall
#repo file:
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[base]
name=CDROM
baseurl=file:///mnt/cd/Server
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
* Update the kernel package appropriately to ensure a bootable system.
yum update kernel
* Modify the system bootloader.
[root@nucvm1 grub]# more grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/mapper/vg_nucvm1-lv_root
# initrd /initrd-[generic-]version.img
#boot=/dev/vda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-279.19.1.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-279.19.1.el6.x86_64 ro root=/dev/mapper/vg_nucvm1-lv_root rd_NO_LUKS K
EYBOARDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_LVM_LV=vg_nucvm1/lv_swap rd_NO_MD rd_LVM_LV=vg_nucvm1/l
v_root crashkernel=auto SYSFONT=latarcyrheb-sun16 rd_NO_DM rhgb quiet console=tty0 console=ttyS0
initrd /initramfs-2.6.32-279.19.1.el6.x86_64.img
title CentOS (2.6.32-279.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-279.el6.x86_64 ro root=/dev/mapper/vg_nucvm1-lv_root rd_NO_LUKS KEYBOA
RDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_LVM_LV=vg_nucvm1/lv_swap rd_NO_MD rd_LVM_LV=vg_nucvm1/lv_roo
t crashkernel=auto SYSFONT=latarcyrheb-sun16 rd_NO_DM rhgb quiet
initrd /initramfs-2.6.32-279.el6.x86_64.img
==== Manage users and groups ====
* Create, delete, and modify local user accounts.
useradd, usermod, userdel
/etc/passwd
/etc/shadow
* Change passwords and adjust password aging for local user accounts.
passwd
chage -l benst # list age info
chage -M 30 -W 5 benst # change after 30 days, 5 day warning
* Create, delete, and modify local groups and group memberships.
groupadd, groupmod, groupdel
/etc/group
* Configure a system to use an existing LDAP directory service for user and group information.
# For graphical config:
system-configure-authentication:
User Account Database: LDAP
Base DN: dc=diskstation,dc=home
Server: ldap://diskstation.home
Authentication Method: LDAP
Apply
getent passwd ldapuser
#autofs if needed
getent passwd user #for homedirectory info
#/etc/auto.master
/rhome /etc/auto.rhome
#/etc/auto.rhome
* -fstype=nfs,soft,intr,rw diskstation:/volume1/rhome/&
service autofs start
==== Manage security ====
* Configure firewall settings using system-config-firewall or iptables.
yum -y install system-config-firewall
/etc/sysconfig/iptables
* Set enforcing and permissive modes for SELinux.
getenforce
setenforce 0 # Permissive temporary
/etc/sysconfig/selinux # Permissive or Disabled
* List and identify SELinux file and process context.
ps -efZ
ls -lZ
* Restore default file contexts.
man -k selinux
yum -y install policycoreutils-gui
system-config-selinux
semanage fcontext -a -t public_content_t "/root/testwwwdir(/.*)?"
restorecon -F -R -v /root/testwwwdir
* Use boolean settings to modify system SELinux settings.
getsebool -a
getsebool -a | grep httpd
togglesebool httpd_verify_dns # temporary change
setsebool httpd_verify_dns 0 # temporary disable
setsebool -P httpd_verify_dns 0 # permanently disable
* Diagnose and address routine SELinux policy violations.
Application logs
/var/log/audit
man ftpd_selinux
yum -y install setroubleshoot setroubleshoot-server
chkconfig auditd on
reboot
# change context, if for example this was wrong
# targed policy does not use users or roles :)
chcon -t httpd_sys_content_t index.html
OR
chcon --reference /var/www/html /var/www/html/index.html
OR
restorecon -vR /var/www/html