rhcsa7_objectives
Table of Contents
RHCSA v7 EX200 objectives (20160323)
Some notes on the EX200 exam.
- You cannot shrink Xfs (you can shrink ext4).
- Change root password in single user mode is a different procedure (rd.break).
makewhatis
is gone, usemandb
.
- Understand and use essential tools
- Access a shell prompt and issue commands with correct syntax
- Use SSH or the console to log in. You can try tab-complete to find commands or the locate, find, etc, command. Use the man-pages or options:
-h -x -? --help
- Use input-output redirection (>, >>, |, 2>, etc.)
>
Redirect output, target is truncated before writing starts.»
Redirect output, append to target.|
Connect standard output to standard input (a pipe).2>
redirect stderr.
- Use grep and regular expressions to analyze text
- Grep all lines without starting with an
#
or empty space:grep ^[^#] file
- Interpret PATTERN as a list of fixed string:
grep -F <string> <file> #or fgrep
- Invert match
grep -v
.
- Access remote systems using ssh
- SSH client configuration in
~/.ssh/config
. - Verbose logging:
ssh -vvv <host>
. - Tunnel:
ssh -L8080:host:80 host
. - Enable X11 forwarding:
ssh -X <host
.
- Log in and switch users in multiuser targets
- Switch to root:
sudo -i
orsudo su -
. - Edit sudoers:
visudo
or add to/etc/sudoers.d/
. - Swith to user with nologin shell:
su -s /bin/bash user
.
- Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2
- TAR
- Create:
c
. - Verbose:
v
. - File:
f
. - Gzip:
z
. - Bzip2:
j
.
- GZIP:
gzip <file>
,gunzip <file>
.
- Create and edit text files
- Create 'text' file:
vi
orvim
. - Redirect output (overwrite) to file:
echo “hi” > filename
.
- Create, delete, copy, and move files and directories
- Create empty file:
touch
. - Remove file:
rm file
.- Force:
-f
. - Recursive:
-r
.
- Copy:
cp source destination
.- Preserve mode, owner and timestamps:
-p
. - Recursive
-r
.
- Move:
mv source destination
- Create hard and soft links
- Create hard link:
ln target link-name
. - Create soft link:
ln -s target link-name
. - Show inode number (for hard links):
ls -i
.
- List, set, and change standard ugo/rwx permissions
- List permissions:
ls -l
orstat file
. - Set permissions:
chmod 755
orchmod o+rw
etc. - Change owner:
chown user:group target
.
- Locate, read, and use system documentation including man, info, and files in /usr/share/doc
- Man pages:
man command
. - Search all man pages:
man -k command
. - Search for text in all man pages:
man -K text
. - Info pages:
info command
. - Read documentation in
/usr/share/doc
directories.
- Operate running systems
- Boot, reboot, and shut down a system normally
- Boot: turn on server or virtual machine.
- Reboot:
reboot
orshutdown -r now
orsystemctl isolate reboot.target
- Shutdown:
shutdown -h now
orsystemctl isolate poweroff.target
.
- Boot systems into different targets manually
- Show default target:
systemctl get-default
orls -lh /etc/systemd/system/default.target
- List all tartgets:
systemctl list-units --type target --all
- Rescue mode:
systemctl rescue
. - Emergency mode:
systemctl emergency
- Interrupt the boot process in order to gain access to a system
- In grub boot menu, select desired kernel, press 'e', edit the kernel line and append (ctrl-e) the word
single
. Boot the system. - If you need to change the root password:
# press 'e' in the grub menu, # change add: rd.break enforcing=0 # press ctrl-x mount -o remount,rw /sysroot chroot /sysroot passwd root touch /.autorelabel mount -o remount,ro / exit exit
- Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes
- Identify CPU/Memory intensive processes with:
top
. - Adjust priority with
nice command -n <number -20 - 19>
andrenice -n <priority> <PID>
. A higher number is more nice. - Show nice level of processes:
ps -efl
.
- Locate and interpret system log files and journals
- Query the systemd journal:
journalctl
.- Follow:
-f
. - Augment log lines with explanation texts:
-x
. - Show all logs from specified service:
journalctl /usr/sbin/sshd
.
- Access a virtual machine's console
virsh console <vm>
.
- Start and stop virtual machines
virsh stop <vm>
.virsh start <vm>
.
- Start, stop, and check the status of network services
- Show connections:
nmcli c show
- Up:
nmcli c up eth0
- Down:
nmcli c down eth0
- Edit:
nmcli c edit eth0
- Securely transfer files between systems
- SCP:
scp <file> <target-host>
- sftp
- Configure local storage
- List, create, delete partitions on MBR and GPT disks
- List partitions:
fdisk -l /dev/vda
orfdisk /dev/vda
- Delete and edit with:
fdisk
orparted
- Create and remove physical volumes, assign physical volumes to volume groups, and create and delete logical volumes
- Create PV:
pvcreate /dev/vda2
. - Assign to VG:
vgextend <VGname> <PhysicalDevicePath>
. - Create LV:
lvcreate -L 5GB -n <lvname> <vgname>
. - Remove LV:
lvremove /dev/<vgname>/<lvname>
.
- Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label
- Show UUID's:
blkid
. - Add UUID to /etc/fstab:
UUID=7c2eaf53-ae5b-4b81-a539-b5f5d34c60c5 /boot xfs defaults,noatime 0 0
- Label a device:
e2label /dev/mapper/testV testlv
- In
/etc/fstab
use:LABEL=testlv
as device.
- Add new partitions and logical volumes, and swap to a system non-destructively
- For Partitions and LVs, see above.
- Add SWAP:
- fdisk set partition to SWAP
partx -a /dev/vdc
.partprobe
.mkswap /dev/vdc1
.swapon -v /dev/vdc1
.- Show swap:
swapon -s
.
- Add swap file as an example:
- Create 512MB file:
dd if=/dev/zero of=/var/tmp/swapfile1 bs=1024 count=524288
. - Change owner and mode:
chown root:root /var/tmp/swapfile1
chmod 0600 /var/tmp/swapfile1
. - Make swap:
mkswap /var/tmp/swapfile1
. - Activate swap:
swapon /var/tmp/swapfile1
. - Show swap:
swapon -s
.
- Create and configure file systems
- Create, mount, unmount, and use vfat, ext4, and xfs file systems
- Create file system:
mkfs.<fstype>
. - Mount file system:
mount -t <vfstype> <device> <directory>
.
- Mount and unmount CIFS and NFS network file systems
- Show NFS exports:
showmount -e
. - Mount NFS:
mount <server>:mountoint <directory>
. - Show SMB shares:
smbclient -L diskstation -U user
. - Mount CIFS:
mount -t cifs //server/share /mnt -o user=username
- Extend existing logical volumes
- Check spave available in PV and VG:
pvs
,vgs
- Resize LV:
lvresize -r -l+100%FREE <lvname>
.
- Create and configure set-GID directories for collaboration
- An SGID on directory will have new files and directories have its group set to the group.
- Create team group, change group of directory (chown).
- Add SGID:
chmod g+s /data/team
. - Allow write:
chmod g+w /data/team
. - Enable users to see files from others, but no delete (like /tmp):
chmod +t /data/team
- Create and manage Access Control Lists (ACLs)
- Check if filesystem is mounted with acl option:
mount
. But ext4 is already acl aware. - If not mounted with acl option, add it to fstab and remount, or:
mount -o remount /var
- If an ACL is present, then
ls -l
will show a plus sign next to the rwx modes. - Set ACL:
setfacl -m u:user:rw- <filename>
- Diagnose and correct file permission problems
ls -l
,getfacl
,lsattr
.chmod
,chown
,setfacl
,chattr
.
- Deploy, configure, and maintain systems
- Configure networking and hostname resolution statically or dynamically
- Edit network configuration (including DNS servers):
nmcli
- Static hostname resolution in
/etc/hosts
. - Set own hostname:
hostnamectl set-hostname <hostname>
.
- Schedule tasks using at and cron
- Add crontabs in
/etc/crontab
and below directories/etc/cron.d
,/etc/cron.daily
, etc. - Scheduling:
min hour daymonth month dayweek(0=sun)
- /2 = every 2 hours
- /5 = every 5 minutes
30 4 1,15 * 5
would cause a command to be run at 4:30 am on the 1st and 15th of each month, plus every Friday.
- Start and stop services and configure services to start automatically at boot
- List services:
systemctl list-unit-files --type service
- Start:
systemctl start sshd.service
. - Stop:
systemctl stop sshd.service
. - Restart:
systemctl restart sshd.service
. - Start at boot:
systemctl enable sshd.service
. - Disable start at boot:
systemctl disable sshd.service
.
- Configure systems to boot into a specific target automatically
- List targets:
systemctl list-units --type target --all
- Show default target:
systemctl get-default #or ls -lh /etc/systemd/system/default.target
- Set default target:
systemctl get-default multi-user.target
- Install Red Hat Enterprise Linux automatically using Kickstart
- Install webserver to service the Kickstart file:
yum -y install httpd system-config-kickstart
. - rsync CDROM to
/var/www/html/pub
- At boot edit kernel line, add:
ks=http://192.168.122.35/ks.cfg
- Configure a physical machine to host virtual guests
- Install virtualization packages:
yum groupinstall Virtualization “Virtualization Tools”
.
- Install Red Hat Enterprise Linux systems as virtual guests
- Use
virsh
orvirt-manager
.
- Configure systems to launch virtual machines at boot
- Configure:
virsh autostart <vm>
- Configure network services to start automatically at boot
- See
nmcli
above.
- Configure a system to use time services
- Use NTPd or Chrony.
- Install and update software packages from Red Hat Network, a remote repository, or from the local file system
- Use repo files in /etc/yum.repos.d or RedHat Satellite.
yum-config-manager
- Update the kernel package appropriately to ensure a bootable system
- Install new kernel:
rpm
oryum
. - Check:
/etc/default/grub
.
- Modify the system bootloader
- Edit:
/etc/default/grub
. - Generate the new config:
grub2-mkconfig -o /boot/grub2/grub.cfg
grub2-editenv list
grub2-set-default
- Manage users and groups
- Create, delete, and modify local user accounts
- Create:
useradd
. - Modify:
usermod
. - Delete:
userdel
.
- Change passwords and adjust password aging for local user accounts
- Change password:
passwd
. - Change age:
chage
. - List age:
chage -l <username>
.
- Create, delete, and modify local groups and group memberships
- Create:
groupadd
. - Modify:
groupmod
. - Delete:
groupdel
.
- Configure a system to use an existing authentication service for user and group information
- Configure
SSSd
orPAM-LDAP
. - Use
authconfig-tui
.
- Manage security
- Configure firewall settings using firewall-config, firewall-cmd, or iptables
- Get info on active zones:
firewall-cmd –get-active-zones
. - Get info on specific zone:
firewall-cmd –zone public –list-all
. - Add service to zone:
firewall-cmd –zone public –add-service httpd –permanent
. - Add source to zone:
firewall-cmd –zone public –add-source 10.1.2.3 –permanent
. - Reload with new config:
firewall-cmd –reload
.
- Configure key-based authentication for SSH
- Generate key pair:
ssh-keygen -t <type>
. - Put public key in
~/.ssh/authorized_keys
on remote server.
- Set enforcing and permissive modes for SELinux
- Enforcing:
setenforce 1
. - Permissive:
setenforce 0
. - Edit
/etc/selinux/config
for permanent configuration.
- List and identify SELinux file and process context
- Files:
ls -lZ
. - Processes:
ps -efZ
.
- Restore default file contexts
- Restore file contexts:
restorecon -Rv /var/www/html
.
- Use boolean settings to modify system SELinux settings
- Get booleans:
getsebool -a
. - Set boolean:
setsebool <boolean> <value>
, use-P
for permanent (at boot time).
- Diagnose and address routine SELinux policy violations
- Check
/var/log/audit/audit.log
. - Read selinux man pages.
- Quick and dirty solution:
audit2allow
.
rhcsa7_objectives.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1