RedHat EX200 objectives

• Access a shell prompt and issue commands with correct syntax.
• Use input-output redirection (>, », |, 2>, etc.).

> redirect, creates or overwrite file
>> redirect, creates or appends file
1> redirect stdout, 1>> append
2> redirect stderr, 2>> append
&> redirect stdout and stderr
2>&1 redirect stderr to stdout
command < /dir/file # stdin

• Use grep and regular expressions to analyze text.

grep ^at start of line
grep at end of line$
grep ^$ for empty lines
grep -e "foo|bar" OR

• Access remote systems using ssh and VNC.

#server
yum -y install tigervnc-server
/etc/sysconfig/vncservers
remove -localhost

#as normal user
vncpasswd
vncserver :1

#kill session
vncserver -kill :1

#client
yum -y install tigervnc
vncviewer nucvm3:5901

• Log in and switch users in multiuser runlevels.

su -
sudo

• Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2.

Star is a very fast tar like tape archiver with improved functionality. Can handle ACL information.

• Create and edit text files.
• Create, delete, copy, and move files and directories.
• Create hard and soft links.

ln TARGET LINK # hard link
ln -s # soft link
ls -lia show inodes (for hardlinks)

• List, set, and change standard ugo/rwx permissions.

ls -l
chmod
  r = read
  w = write
  x = execute or search
  s = setuid, setgid
  t = sticky bit (/tmp)
chown

• Locate, read, and use system documentation including man, info, and files in /usr/share/doc.

man -k #search for keywords
makewhatis
info -k #search for keywords
info coreutils 'chmod invocation' #example

Note: Red Hat may use applications during the exam that are not included in Red Hat Enterprise Linux

for the purpose of evaluating candidate's abilities to meet this objective.

• Boot, reboot, and shut down a system normally.

shutdown -r now #reboot
shutdown -h now #halt
reboot
/etc/inittab

• Boot systems into different runlevels manually.

init <runlevel>
telinit <runlevel>

• Use single-user mode to gain access to a system.

add runlevel number at end end of kernel line (grub)

• Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes.

top
ps
kill -<signal> <pid>
nice -n <level> command # run program with modified prio, from -20 to 19, higer = more nice (-20 is hi
ghest prio)
renice -n <level> <pid> # alter priority of running processes
ps -efl # also shows nice level

• Locate and interpret system log files.
• Access a virtual machine's console.

virt-manager # gui
virsh console <vmname>
virsh list --all # list VMs

• Start and stop virtual machines.

virsh reboot <vmname>
virsh shutdown <vmname>
virsh start <vmname>

• Start, stop, and check the status of network services.

service network start|stop|restart
ifconfig -a
netstat -rn # route -n
netstat -tapn # as root shows PID names (processes) for TCP ports
chkconfig --list

• List, create, delete, and set partition type for primary, extended, and logical partitions.

df
fdisk -l
fdisk /dev/vdb, n, p, 1, <enter>, <enter>, w
fdisk /dev/vda n +512M, w
partprobe

• Create and remove physical volumes, assign physical volumes to volume groups, and create and delet

e logical volumes.

add disk to VM, choose VirtIO, will be hot plugged
fdisk /dev/vdb, type 8e Linux LVM
pvcreate /dev/vdb1 <device2> <device...>
vgextend vg_nucvm1 /dev/vdb1 #toevoegen aan VG
vgcreate -s 8M VolumeGroupName /dev/sdb1 /dev/sdb2
lvcreate -L 5GB -n ExtraLV vg_nucvm1
mkfs.ext4 /dev/...
blkid
/etc/fstab
mkdir -p .....
mount -a

lvremove /dev/vg_nucvm1/ExtraLV 
vgreduce vg_nucvm1 /dev/vdb1
pvremove /dev/vdb1 

# or check gui: system-config-lvm

• Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount an decrypted file system at boot.

#on a loop device
dd if=/dev/urandom of=testfile bs=1M count=10
losetup /dev/loop0 testfile


#with normal device
cryptsetup luksFormat /dev/vdb1 # type uppercase YES
cryptsetup luksOpen /dev/vdb1 CryptLV

/dev/mapper/CryptLV	/crypt			ext4	defaults	0 0  # /etc/fstab
CryptLV	/dev/vdb1	none # /etc/crypttab

• Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label.

blkid # show UUID's
UUID=72607ef8-d59a-4b7b-892f-2a515a1b8104 # in /etc/fstab

e2label /dev/mapper/CryptLV luksdrive
LABEL=luksdrive # in /etc/fstab

• Add new partitions and logical volumes, and swap to a system non-destructively.

fdisk set partition to SWAP
partx -a /dev/vdc
partprobe
mkswap /dev/vdc1
swapon -v /dev/vdc1

swapon -s # show 

• Create, mount, unmount, and use ext2, ext3, and ext4 file systems.
• Mount, unmount, and use LUKS-encrypted file systems.
• Mount and unmount CIFS and NFS network file systems.

mount -t nfs server:/share /mnt
showmount -e # show exported filesystems

mount -t cifs //server/share /mnt -o user=username
smbclient -L diskstation -U benst

• Configure systems to mount ext4, LUKS-encrypted, and network file systems automatically.

In /etc/fstab

luks: /etc/fstab AND /etc/crypttab

192.168.1.100:/share    /mnt/share  nfs     ro,user,_netdev         0 0

• Extend existing unencrypted ext4-formatted logical volumes

#extend
lvextend -L +100M /dev/vg_nucvm1/smallfs
resize2fs /dev/mapper/vg_nucvm1-smallfs

#decrease
umount
fsck
resize2fs -f /dev/... 100M
lvreduce -L 100M /dev/...
mount -a

#online resize
lvresize -r -L NewSize /dev/...

• Create and configure set-GID directories for collaboration.

mkdir /opt/team
groupadd team
chgrp team /opt/team
chmod 760 /opt/team
chown g+s /opt/team

• Create and manage Access Control Lists (ACLs).

Add ACL functionality to filesystem with /etc/fstab
/dev/mapper/vg_nucvm1-smallfs /small 	ext4 	defaults,acl	0 0
mount -o remount /small

getfacl testfile
ls -l # shows a plus + sign
-rw-rwxr--+  1 root root     0 Jan 20 20:24 testfile

setfacl -m u:benst:rw ./testfile # modify user rights
setfacl -m g:team:rwx ./testfile # modify group rights
setfacl -m u:benst:--- ./testfile # remove rights

• Diagnose and correct file permission problems.

• Configure networking and hostname resolution statically or dynamically.

BOOTPROTO=dhcp
BOOTPROTO=static

• Schedule tasks using cron.

yum install cronie
min hour daymonth month dayweek(0=sun)
*/2 = every 2 hours
*/5 = every 5 minutes
"30  4 1,15 * 5" would cause a command to be run at 4:30 am on the 1st and 15th of each month, plus ev
ery Friday.

• Configure systems to boot into a specific runlevel automatically.
• Install Red Hat Enterprise Linux automatically using Kickstart.

yum -y install httpd system-config-kickstart
rsync CDROM to /var/www/html/pub
at boot edit kernel line, add: ks=http://192.168.122.35/ks.cfg

• Configure a physical machine to host virtual guests.

yum groupinstall Virtualization "Virtualization Tools"

• Install Red Hat Enterprise Linux systems as virtual guests.

via virsh or virt-manager

• Configure systems to launch virtual machines at boot.

virsh autostart nucvm1
chkconfig libvirtd on

• Configure network services to start automatically at boot.

chkconfig

• Configure a system to run a default configuration HTTP server.

yum groupinstall "Web Server"
chkconfig httpd on
service httpd start
selinux?

#Virtual hosts
NameVirtualHost *:80
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot /var/www/station
    ServerName station
    ErrorLog logs/station-error
    CustomLog logs/station-access common
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot /var/www/html
    ServerName install
    ErrorLog logs/html-error
    CustomLog logs/html-access common
</VirtualHost>

• Configure a system to run a default configuration FTP server.

yum -y groupinstall "FTP server"
chkconfig vsftpd on
service vsftpd start

Configure selinux and iptables.

• Install and update software packages from Red Hat Network, a remote repository, or from the local

file system.

rpm -i # install
rpm -u # update
yum install
yum localinstall

#repo file:
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

[base]
name=CDROM
baseurl=file:///mnt/cd/Server
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

• Update the kernel package appropriately to ensure a bootable system.

yum update kernel

• Modify the system bootloader.

[root@nucvm1 grub]# more grub.conf 
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/mapper/vg_nucvm1-lv_root
#          initrd /initrd-[generic-]version.img
#boot=/dev/vda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-279.19.1.el6.x86_64)
	root (hd0,0)
	kernel /vmlinuz-2.6.32-279.19.1.el6.x86_64 ro root=/dev/mapper/vg_nucvm1-lv_root rd_NO_LUKS  K
EYBOARDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_LVM_LV=vg_nucvm1/lv_swap rd_NO_MD rd_LVM_LV=vg_nucvm1/l
v_root crashkernel=auto SYSFONT=latarcyrheb-sun16 rd_NO_DM rhgb quiet console=tty0 console=ttyS0
	initrd /initramfs-2.6.32-279.19.1.el6.x86_64.img

title CentOS (2.6.32-279.el6.x86_64)
	root (hd0,0)
	kernel /vmlinuz-2.6.32-279.el6.x86_64 ro root=/dev/mapper/vg_nucvm1-lv_root rd_NO_LUKS  KEYBOA
RDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_LVM_LV=vg_nucvm1/lv_swap rd_NO_MD rd_LVM_LV=vg_nucvm1/lv_roo
t crashkernel=auto SYSFONT=latarcyrheb-sun16 rd_NO_DM rhgb quiet
	initrd /initramfs-2.6.32-279.el6.x86_64.img

• Create, delete, and modify local user accounts.

useradd, usermod, userdel
/etc/passwd
/etc/shadow

• Change passwords and adjust password aging for local user accounts.

passwd <user>
chage -l benst # list age info
chage -M 30 -W 5 benst # change after 30 days, 5 day warning

• Create, delete, and modify local groups and group memberships.

groupadd, groupmod, groupdel
/etc/group

• Configure a system to use an existing LDAP directory service for user and group information.

# For graphical config:
system-configure-authentication:
User Account Database: LDAP
Base DN: dc=diskstation,dc=home
Server: ldap://diskstation.home
Authentication Method: LDAP
Apply

getent passwd ldapuser

#autofs if needed
getent passwd user #for homedirectory info

#/etc/auto.master
/rhome	/etc/auto.rhome

#/etc/auto.rhome
*   -fstype=nfs,soft,intr,rw   diskstation:/volume1/rhome/&

service autofs start

• Configure firewall settings using system-config-firewall or iptables.

yum -y install system-config-firewall
/etc/sysconfig/iptables

• Set enforcing and permissive modes for SELinux.

getenforce
setenforce 0 # Permissive temporary
/etc/sysconfig/selinux # Permissive or Disabled 

• List and identify SELinux file and process context.

ps -efZ
ls -lZ

• Restore default file contexts.

man -k selinux
yum -y install policycoreutils-gui
system-config-selinux

semanage fcontext -a -t public_content_t "/root/testwwwdir(/.*)?"
restorecon -F -R -v /root/testwwwdir

• Use boolean settings to modify system SELinux settings.

getsebool -a
getsebool -a | grep httpd
togglesebool httpd_verify_dns # temporary change
setsebool httpd_verify_dns 0 # temporary disable
setsebool -P httpd_verify_dns 0 # permanently disable

• Diagnose and address routine SELinux policy violations.

Application logs
/var/log/audit
man ftpd_selinux

yum -y install setroubleshoot setroubleshoot-server
chkconfig auditd on
reboot

# change context, if for example this was wrong
# targed policy does not use users or roles :)
chcon -t httpd_sys_content_t index.html

OR

chcon --reference /var/www/html /var/www/html/index.html

OR

restorecon -vR /var/www/html