rhcsa7_objectives
Table of Contents
RHCSA v7 EX200 objectives (20160323)
Some notes on the EX200 exam.
- You cannot shrink Xfs (you can shrink ext4).
- Change root password in single user mode is a different procedure (rd.break).
makewhatisis gone, usemandb.
- Understand and use essential tools
- Access a shell prompt and issue commands with correct syntax
- Use SSH or the console to log in. You can try tab-complete to find commands or the locate, find, etc, command. Use the man-pages or options:
-h -x -? --help
- Use input-output redirection (>, >>, |, 2>, etc.)
>Redirect output, target is truncated before writing starts.»Redirect output, append to target.|Connect standard output to standard input (a pipe).2>redirect stderr.
- Use grep and regular expressions to analyze text
- Grep all lines without starting with an
#or empty space:grep ^[^#] file
- Interpret PATTERN as a list of fixed string:
grep -F <string> <file> #or fgrep
- Invert match
grep -v.
- Access remote systems using ssh
- SSH client configuration in
~/.ssh/config. - Verbose logging:
ssh -vvv <host>. - Tunnel:
ssh -L8080:host:80 host. - Enable X11 forwarding:
ssh -X <host.
- Log in and switch users in multiuser targets
- Switch to root:
sudo -iorsudo su -. - Edit sudoers:
visudoor add to/etc/sudoers.d/. - Swith to user with nologin shell:
su -s /bin/bash user.
- Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2
- TAR
- Create:
c. - Verbose:
v. - File:
f. - Gzip:
z. - Bzip2:
j.
- GZIP:
gzip <file>,gunzip <file>.
- Create and edit text files
- Create 'text' file:
viorvim. - Redirect output (overwrite) to file:
echo “hi” > filename.
- Create, delete, copy, and move files and directories
- Create empty file:
touch. - Remove file:
rm file.- Force:
-f. - Recursive:
-r.
- Copy:
cp source destination.- Preserve mode, owner and timestamps:
-p. - Recursive
-r.
- Move:
mv source destination
- Create hard and soft links
- Create hard link:
ln target link-name. - Create soft link:
ln -s target link-name. - Show inode number (for hard links):
ls -i.
- List, set, and change standard ugo/rwx permissions
- List permissions:
ls -lorstat file. - Set permissions:
chmod 755orchmod o+rwetc. - Change owner:
chown user:group target.
- Locate, read, and use system documentation including man, info, and files in /usr/share/doc
- Man pages:
man command. - Search all man pages:
man -k command. - Search for text in all man pages:
man -K text. - Info pages:
info command. - Read documentation in
/usr/share/docdirectories.
- Operate running systems
- Boot, reboot, and shut down a system normally
- Boot: turn on server or virtual machine.
- Reboot:
rebootorshutdown -r noworsystemctl isolate reboot.target - Shutdown:
shutdown -h noworsystemctl isolate poweroff.target.
- Boot systems into different targets manually
- Show default target:
systemctl get-defaultorls -lh /etc/systemd/system/default.target - List all tartgets:
systemctl list-units --type target --all
- Rescue mode:
systemctl rescue. - Emergency mode:
systemctl emergency
- Interrupt the boot process in order to gain access to a system
- In grub boot menu, select desired kernel, press 'e', edit the kernel line and append (ctrl-e) the word
single. Boot the system. - If you need to change the root password:
# press 'e' in the grub menu, # change add: rd.break enforcing=0 # press ctrl-x mount -o remount,rw /sysroot chroot /sysroot passwd root touch /.autorelabel mount -o remount,ro / exit exit
- Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes
- Identify CPU/Memory intensive processes with:
top. - Adjust priority with
nice command -n <number -20 - 19>andrenice -n <priority> <PID>. A higher number is more nice. - Show nice level of processes:
ps -efl.
- Locate and interpret system log files and journals
- Query the systemd journal:
journalctl.- Follow:
-f. - Augment log lines with explanation texts:
-x. - Show all logs from specified service:
journalctl /usr/sbin/sshd.
- Access a virtual machine's console
virsh console <vm>.
- Start and stop virtual machines
virsh stop <vm>.virsh start <vm>.
- Start, stop, and check the status of network services
- Show connections:
nmcli c show - Up:
nmcli c up eth0 - Down:
nmcli c down eth0 - Edit:
nmcli c edit eth0
- Securely transfer files between systems
- SCP:
scp <file> <target-host> - sftp
- Configure local storage
- List, create, delete partitions on MBR and GPT disks
- List partitions:
fdisk -l /dev/vdaorfdisk /dev/vda - Delete and edit with:
fdiskorparted
- Create and remove physical volumes, assign physical volumes to volume groups, and create and delete logical volumes
- Create PV:
pvcreate /dev/vda2. - Assign to VG:
vgextend <VGname> <PhysicalDevicePath>. - Create LV:
lvcreate -L 5GB -n <lvname> <vgname>. - Remove LV:
lvremove /dev/<vgname>/<lvname>.
- Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label
- Show UUID's:
blkid. - Add UUID to /etc/fstab:
UUID=7c2eaf53-ae5b-4b81-a539-b5f5d34c60c5 /boot xfs defaults,noatime 0 0 - Label a device:
e2label /dev/mapper/testV testlv - In
/etc/fstabuse:LABEL=testlvas device.
- Add new partitions and logical volumes, and swap to a system non-destructively
- For Partitions and LVs, see above.
- Add SWAP:
- fdisk set partition to SWAP
partx -a /dev/vdc.partprobe.mkswap /dev/vdc1.swapon -v /dev/vdc1.- Show swap:
swapon -s.
- Add swap file as an example:
- Create 512MB file:
dd if=/dev/zero of=/var/tmp/swapfile1 bs=1024 count=524288. - Change owner and mode:
chown root:root /var/tmp/swapfile1chmod 0600 /var/tmp/swapfile1. - Make swap:
mkswap /var/tmp/swapfile1. - Activate swap:
swapon /var/tmp/swapfile1. - Show swap:
swapon -s.
- Create and configure file systems
- Create, mount, unmount, and use vfat, ext4, and xfs file systems
- Create file system:
mkfs.<fstype>. - Mount file system:
mount -t <vfstype> <device> <directory>.
- Mount and unmount CIFS and NFS network file systems
- Show NFS exports:
showmount -e. - Mount NFS:
mount <server>:mountoint <directory>. - Show SMB shares:
smbclient -L diskstation -U user. - Mount CIFS:
mount -t cifs //server/share /mnt -o user=username
- Extend existing logical volumes
- Check spave available in PV and VG:
pvs,vgs - Resize LV:
lvresize -r -l+100%FREE <lvname>.
- Create and configure set-GID directories for collaboration
- An SGID on directory will have new files and directories have its group set to the group.
- Create team group, change group of directory (chown).
- Add SGID:
chmod g+s /data/team. - Allow write:
chmod g+w /data/team. - Enable users to see files from others, but no delete (like /tmp):
chmod +t /data/team
- Create and manage Access Control Lists (ACLs)
- Check if filesystem is mounted with acl option:
mount. But ext4 is already acl aware. - If not mounted with acl option, add it to fstab and remount, or:
mount -o remount /var - If an ACL is present, then
ls -lwill show a plus sign next to the rwx modes. - Set ACL:
setfacl -m u:user:rw- <filename>
- Diagnose and correct file permission problems
ls -l,getfacl,lsattr.chmod,chown,setfacl,chattr.
- Deploy, configure, and maintain systems
- Configure networking and hostname resolution statically or dynamically
- Edit network configuration (including DNS servers):
nmcli - Static hostname resolution in
/etc/hosts. - Set own hostname:
hostnamectl set-hostname <hostname>.
- Schedule tasks using at and cron
- Add crontabs in
/etc/crontaband below directories/etc/cron.d,/etc/cron.daily, etc. - Scheduling:
min hour daymonth month dayweek(0=sun)- /2 = every 2 hours
- /5 = every 5 minutes
30 4 1,15 * 5would cause a command to be run at 4:30 am on the 1st and 15th of each month, plus every Friday.
- Start and stop services and configure services to start automatically at boot
- List services:
systemctl list-unit-files --type service
- Start:
systemctl start sshd.service. - Stop:
systemctl stop sshd.service. - Restart:
systemctl restart sshd.service. - Start at boot:
systemctl enable sshd.service. - Disable start at boot:
systemctl disable sshd.service.
- Configure systems to boot into a specific target automatically
- List targets:
systemctl list-units --type target --all
- Show default target:
systemctl get-default #or ls -lh /etc/systemd/system/default.target
- Set default target:
systemctl get-default multi-user.target
- Install Red Hat Enterprise Linux automatically using Kickstart
- Install webserver to service the Kickstart file:
yum -y install httpd system-config-kickstart. - rsync CDROM to
/var/www/html/pub - At boot edit kernel line, add:
ks=http://192.168.122.35/ks.cfg
- Configure a physical machine to host virtual guests
- Install virtualization packages:
yum groupinstall Virtualization “Virtualization Tools”.
- Install Red Hat Enterprise Linux systems as virtual guests
- Use
virshorvirt-manager.
- Configure systems to launch virtual machines at boot
- Configure:
virsh autostart <vm>
- Configure network services to start automatically at boot
- See
nmcliabove.
- Configure a system to use time services
- Use NTPd or Chrony.
- Install and update software packages from Red Hat Network, a remote repository, or from the local file system
- Use repo files in /etc/yum.repos.d or RedHat Satellite.
yum-config-manager
- Update the kernel package appropriately to ensure a bootable system
- Install new kernel:
rpmoryum. - Check:
/etc/default/grub.
- Modify the system bootloader
- Edit:
/etc/default/grub. - Generate the new config:
grub2-mkconfig -o /boot/grub2/grub.cfg grub2-editenv listgrub2-set-default
- Manage users and groups
- Create, delete, and modify local user accounts
- Create:
useradd. - Modify:
usermod. - Delete:
userdel.
- Change passwords and adjust password aging for local user accounts
- Change password:
passwd. - Change age:
chage. - List age:
chage -l <username>.
- Create, delete, and modify local groups and group memberships
- Create:
groupadd. - Modify:
groupmod. - Delete:
groupdel.
- Configure a system to use an existing authentication service for user and group information
- Configure
SSSdorPAM-LDAP. - Use
authconfig-tui.
- Manage security
- Configure firewall settings using firewall-config, firewall-cmd, or iptables
- Get info on active zones:
firewall-cmd –get-active-zones. - Get info on specific zone:
firewall-cmd –zone public –list-all. - Add service to zone:
firewall-cmd –zone public –add-service httpd –permanent. - Add source to zone:
firewall-cmd –zone public –add-source 10.1.2.3 –permanent. - Reload with new config:
firewall-cmd –reload.
- Configure key-based authentication for SSH
- Generate key pair:
ssh-keygen -t <type>. - Put public key in
~/.ssh/authorized_keyson remote server.
- Set enforcing and permissive modes for SELinux
- Enforcing:
setenforce 1. - Permissive:
setenforce 0. - Edit
/etc/selinux/configfor permanent configuration.
- List and identify SELinux file and process context
- Files:
ls -lZ. - Processes:
ps -efZ.
- Restore default file contexts
- Restore file contexts:
restorecon -Rv /var/www/html.
- Use boolean settings to modify system SELinux settings
- Get booleans:
getsebool -a. - Set boolean:
setsebool <boolean> <value>, use-Pfor permanent (at boot time).
- Diagnose and address routine SELinux policy violations
- Check
/var/log/audit/audit.log. - Read selinux man pages.
- Quick and dirty solution:
audit2allow.
rhcsa7_objectives.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1