Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


RHCSA v7 EX200 objectives (20160323)

Some notes on the EX200 exam.

  • You cannot shrink Xfs (you can shrink ext4).
  • Change root password in single user mode is a different procedure (rd.break).
  • makewhatis is gone, use mandb.

- Understand and use essential tools

- Access a shell prompt and issue commands with correct syntax

  • Use SSH or the console to log in. You can try tab-complete to find commands or the locate, find, etc, command. Use the man-pages or options:
    -h -x -? --help

- Use input-output redirection (>, >>, |, 2>, etc.)

  • > Redirect output, target is truncated before writing starts.
  • » Redirect output, append to target.
  • | Connect standard output to standard input (a pipe).
  • 2> redirect stderr.

- Use grep and regular expressions to analyze text

  • Grep all lines without starting with an # or empty space:
    grep ^[^#] file
  • Interpret PATTERN as a list of fixed string:
    grep -F <string> <file>
  • Invert match grep -v.

- Access remote systems using ssh

  • SSH client configuration in ~/.ssh/config.
  • Verbose logging: ssh -vvv <host>.
  • Tunnel: ssh -L8080:host:80 host.
  • Enable X11 forwarding: ssh -X <host.

- Log in and switch users in multiuser targets

  • Switch to root: sudo -i or sudo su -.
  • Edit sudoers: visudo or add to /etc/sudoers.d/.
  • Swith to user with nologin shell: su -s /bin/bash user.

- Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2

  • TAR
    • Create: c.
    • Verbose: v.
    • File: f.
    • Gzip: z.
    • Bzip2: j.
  • GZIP: gzip <file>, gunzip <file>.

- Create and edit text files

  • Create 'text' file: vi or vim.
  • Redirect output (overwrite) to file: echo “hi” > filename.

- Create, delete, copy, and move files and directories

  • Create empty file: touch.
  • Remove file: rm file.
    • Force: -f.
    • Recursive: -r.
  • Copy: cp source destination.
    • Preserve mode, owner and timestamps: -p.
    • Recursive -r.
  • Move: mv source destination
  • Create hard link: ln target link-name.
  • Create soft link: ln -s target link-name.
  • Show inode number (for hard links): ls -i.

- List, set, and change standard ugo/rwx permissions

  • List permissions: ls -l or stat file.
  • Set permissions: chmod 755 or chmod o+rw etc.
  • Change owner: chown user:group target.

- Locate, read, and use system documentation including man, info, and files in /usr/share/doc

  • Man pages: man command.
  • Search all man pages: man -k command.
  • Search for text in all man pages: man -K text.
  • Info pages: info command.
  • Read documentation in /usr/share/doc directories.

- Operate running systems

- Boot, reboot, and shut down a system normally

  • Boot: turn on server or virtual machine.
  • Reboot: reboot or shutdown -r now or systemctl isolate
  • Shutdown: shutdown -h now or systemctl isolate

- Boot systems into different targets manually

  • Show default target: systemctl get-default or ls -lh /etc/systemd/system/
  • List all tartgets:
    systemctl list-units --type target --all
  • Rescue mode: systemctl rescue.
  • Emergency mode: systemctl emergency

- Interrupt the boot process in order to gain access to a system

  • In grub boot menu, select desired kernel, press 'e', edit the kernel line and append (ctrl-e) the word single. Boot the system.
  • If you need to change the root password:
    # press 'e' in the grub menu, 
    # change add: rd.break enforcing=0
    # press ctrl-x
    mount -o remount,rw /sysroot
    chroot /sysroot
    passwd root
    touch /.autorelabel
    mount -o remount,ro /

- Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes

  • Identify CPU/Memory intensive processes with: top.
  • Adjust priority with nice command -n <number -20 - 19> and renice -n <priority> <PID>. A higher number is more nice.
  • Show nice level of processes: ps -efl.

- Locate and interpret system log files and journals

  • Query the systemd journal: journalctl.
    • Follow: -f.
    • Augment log lines with explanation texts: -x.
    • Show all logs from specified service: journalctl /usr/sbin/sshd.

- Access a virtual machine's console

  • virsh console <vm>.

- Start and stop virtual machines

  • virsh stop <vm>.
  • virsh start <vm>.

- Start, stop, and check the status of network services

  • Show connections: nmcli c show
  • Up: nmcli c up eth0
  • Down: nmcli c down eth0
  • Edit: nmcli c edit eth0

- Securely transfer files between systems

  • SCP: scp <file> <target-host>
  • sftp

- Configure local storage

- List, create, delete partitions on MBR and GPT disks

  • List partitions: fdisk -l /dev/vda or fdisk /dev/vda
  • Delete and edit with: fdisk or parted

- Create and remove physical volumes, assign physical volumes to volume groups, and create and delete logical volumes

  • Create PV: pvcreate /dev/vda2.
  • Assign to VG: vgextend <VGname> <PhysicalDevicePath>.
  • Create LV: lvcreate -L 5GB -n <lvname> <vgname>.
  • Remove LV: lvremove /dev/<vgname>/<lvname>.

- Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label

  • Show UUID's: blkid.
  • Add UUID to /etc/fstab: UUID=7c2eaf53-ae5b-4b81-a539-b5f5d34c60c5 /boot xfs defaults,noatime 0 0
  • Label a device: e2label /dev/mapper/testV testlv
  • In /etc/fstab use: LABEL=testlv as device.

- Add new partitions and logical volumes, and swap to a system non-destructively

  • For Partitions and LVs, see above.
  • Add SWAP:
    • fdisk set partition to SWAP
    • partx -a /dev/vdc.
    • partprobe.
    • mkswap /dev/vdc1.
    • swapon -v /dev/vdc1.
    • Show swap: swapon -s.
  • Add swap file as an example:
    • Create 512MB file: dd if=/dev/zero of=/var/tmp/swapfile1 bs=1024 count=524288.
    • Change owner and mode: chown root:root /var/tmp/swapfile1 chmod 0600 /var/tmp/swapfile1.
    • Make swap: mkswap /var/tmp/swapfile1.
    • Activate swap: swapon /var/tmp/swapfile1.
    • Show swap: swapon -s.

- Create and configure file systems

- Create, mount, unmount, and use vfat, ext4, and xfs file systems

  • Create file system: mkfs.<fstype>.
  • Mount file system: mount -t <vfstype> <device> <directory>.

- Mount and unmount CIFS and NFS network file systems

  • Show NFS exports: showmount -e.
  • Mount NFS: mount <server>:mountoint <directory>.
  • Show SMB shares: smbclient -L diskstation -U user.
  • Mount CIFS:
    mount -t cifs //server/share /mnt -o user=username

- Extend existing logical volumes

  • Check spave available in PV and VG: pvs, vgs
  • Resize LV: lvresize -r -l+100%FREE <lvname>.

- Create and configure set-GID directories for collaboration

  • An SGID on directory will have new files and directories have its group set to the group.
  • Create team group, change group of directory (chown).
  • Add SGID: chmod g+s /data/team.
  • Allow write: chmod g+w /data/team.
  • Enable users to see files from others, but no delete (like /tmp): chmod +t /data/team

- Create and manage Access Control Lists (ACLs)

  • Check if filesystem is mounted with acl option: mount. But ext4 is already acl aware.
  • If not mounted with acl option, add it to fstab and remount, or: mount -o remount /var
  • If an ACL is present, then ls -l will show a plus sign next to the rwx modes.
  • Set ACL: setfacl -m u:user:rw- <filename>

- Diagnose and correct file permission problems

  • ls -l, getfacl, lsattr.
  • chmod, chown, setfacl, chattr.

- Deploy, configure, and maintain systems

- Configure networking and hostname resolution statically or dynamically

  • Edit network configuration (including DNS servers): nmcli
  • Static hostname resolution in /etc/hosts.
  • Set own hostname: hostnamectl set-hostname <hostname>.

- Schedule tasks using at and cron

  • Add crontabs in /etc/crontab and below directories /etc/cron.d, /etc/cron.daily, etc.
  • Scheduling: min hour daymonth month dayweek(0=sun)
    • /2 = every 2 hours
    • /5 = every 5 minutes
    • 30 4 1,15 * 5 would cause a command to be run at 4:30 am on the 1st and 15th of each month, plus every Friday.

- Start and stop services and configure services to start automatically at boot

  • List services:
    systemctl list-unit-files --type service
  • Start: systemctl start sshd.service.
  • Stop: systemctl stop sshd.service.
  • Restart: systemctl restart sshd.service.
  • Start at boot: systemctl enable sshd.service.
  • Disable start at boot: systemctl disable sshd.service.

- Configure systems to boot into a specific target automatically

  • List targets:
    systemctl list-units --type target --all
  • Show default target:
    systemctl get-default
    ls -lh /etc/systemd/system/
  • Set default target:
    systemctl get-default

- Install Red Hat Enterprise Linux automatically using Kickstart

  • Install webserver to service the Kickstart file: yum -y install httpd system-config-kickstart.
  • rsync CDROM to /var/www/html/pub
  • At boot edit kernel line, add: ks=

- Configure a physical machine to host virtual guests

  • Install virtualization packages: yum groupinstall Virtualization “Virtualization Tools”.

- Install Red Hat Enterprise Linux systems as virtual guests

  • Use virsh or virt-manager.

- Configure systems to launch virtual machines at boot

  • Configure: virsh autostart <vm>

- Configure network services to start automatically at boot

  • See nmcli above.

- Configure a system to use time services

  • Use NTPd or Chrony.

- Install and update software packages from Red Hat Network, a remote repository, or from the local file system

  • Use repo files in /etc/yum.repos.d or RedHat Satellite.
  • yum-config-manager

- Update the kernel package appropriately to ensure a bootable system

  • Install new kernel: rpm or yum.
  • Check: /etc/default/grub.

- Modify the system bootloader

  • Edit: /etc/default/grub.
  • Generate the new config: grub2-mkconfig -o /boot/grub2/grub.cfg
  • grub2-editenv list
  • grub2-set-default

- Manage users and groups

- Create, delete, and modify local user accounts

  • Create: useradd.
  • Modify: usermod.
  • Delete: userdel.

- Change passwords and adjust password aging for local user accounts

  • Change password: passwd.
  • Change age: chage.
  • List age: chage -l <username>.

- Create, delete, and modify local groups and group memberships

  • Create: groupadd.
  • Modify: groupmod.
  • Delete: groupdel.

- Configure a system to use an existing authentication service for user and group information

  • Configure SSSd or PAM-LDAP.
  • Use authconfig-tui.

- Manage security

- Configure firewall settings using firewall-config, firewall-cmd, or iptables

  • Get info on active zones: firewall-cmd –get-active-zones.
  • Get info on specific zone: firewall-cmd –zone public –list-all.
  • Add service to zone: firewall-cmd –zone public –add-service httpd –permanent.
  • Add source to zone: firewall-cmd –zone public –add-source –permanent.
  • Reload with new config: firewall-cmd –reload.

- Configure key-based authentication for SSH

  • Generate key pair: ssh-keygen -t <type>.
  • Put public key in ~/.ssh/authorized_keys on remote server.

- Set enforcing and permissive modes for SELinux

  • Enforcing: setenforce 1.
  • Permissive: setenforce 0.
  • Edit /etc/selinux/config for permanent configuration.

- List and identify SELinux file and process context

  • Files: ls -lZ.
  • Processes: ps -efZ.

- Restore default file contexts

  • Restore file contexts: restorecon -Rv /var/www/html.

- Use boolean settings to modify system SELinux settings

  • Get booleans: getsebool -a.
  • Set boolean: setsebool <boolean> <value>, use -P for permanent (at boot time).

- Diagnose and address routine SELinux policy violations

  • Check /var/log/audit/audit.log.
  • Read selinux man pages.
  • Quick and dirty solution: audit2allow.
rhcsa7_objectives.txt · Last modified: 2021/10/09 15:14 by