rhel_ex200_objectives
Table of Contents
RedHat EX200 objectives (20121221)
Understand and use essential tools
- Access a shell prompt and issue commands with correct syntax.
- Use input-output redirection (>, », |, 2>, etc.).
> redirect, creates or overwrite file >> redirect, creates or appends file 1> redirect stdout, 1>> append 2> redirect stderr, 2>> append &> redirect stdout and stderr 2>&1 redirect stderr to stdout command < /dir/file # stdin
- Use grep and regular expressions to analyze text.
grep ^at start of line grep at end of line$ grep ^$ for empty lines grep -e "foo|bar" OR
- Access remote systems using ssh and VNC.
#server yum -y install tigervnc-server /etc/sysconfig/vncservers remove -localhost #as normal user vncpasswd vncserver :1 #kill session vncserver -kill :1 #client yum -y install tigervnc vncviewer nucvm3:5901
- Log in and switch users in multiuser runlevels.
su - sudo
- Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2.
Star is a very fast tar like tape archiver with improved functionality. Can handle ACL information.
- Create and edit text files.
- Create, delete, copy, and move files and directories.
- Create hard and soft links.
ln TARGET LINK # hard link ln -s # soft link ls -lia show inodes (for hardlinks)
- List, set, and change standard ugo/rwx permissions.
ls -l chmod r = read w = write x = execute or search s = setuid, setgid t = sticky bit (/tmp) chown
- Locate, read, and use system documentation including man, info, and files in /usr/share/doc.
man -k #search for keywords makewhatis info -k #search for keywords info coreutils 'chmod invocation' #example
Note: Red Hat may use applications during the exam that are not included in Red Hat Enterprise Linux
for the purpose of evaluating candidate's abilities to meet this objective.
Operate running systems
- Boot, reboot, and shut down a system normally.
shutdown -r now #reboot shutdown -h now #halt reboot /etc/inittab
- Boot systems into different runlevels manually.
init <runlevel> telinit <runlevel>
- Use single-user mode to gain access to a system.
add runlevel number at end end of kernel line (grub)
- Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes.
top ps kill -<signal> <pid> nice -n <level> command # run program with modified prio, from -20 to 19, higer = more nice (-20 is hi ghest prio) renice -n <level> <pid> # alter priority of running processes ps -efl # also shows nice level
- Locate and interpret system log files.
- Access a virtual machine's console.
virt-manager # gui virsh console <vmname> virsh list --all # list VMs
- Start and stop virtual machines.
virsh reboot <vmname> virsh shutdown <vmname> virsh start <vmname>
- Start, stop, and check the status of network services.
service network start|stop|restart ifconfig -a netstat -rn # route -n netstat -tapn # as root shows PID names (processes) for TCP ports chkconfig --list
Configure local storage
- List, create, delete, and set partition type for primary, extended, and logical partitions.
df fdisk -l fdisk /dev/vdb, n, p, 1, <enter>, <enter>, w fdisk /dev/vda n +512M, w partprobe
- Create and remove physical volumes, assign physical volumes to volume groups, and create and delet
e logical volumes.
add disk to VM, choose VirtIO, will be hot plugged fdisk /dev/vdb, type 8e Linux LVM pvcreate /dev/vdb1 <device2> <device...> vgextend vg_nucvm1 /dev/vdb1 #toevoegen aan VG vgcreate -s 8M VolumeGroupName /dev/sdb1 /dev/sdb2 lvcreate -L 5GB -n ExtraLV vg_nucvm1 mkfs.ext4 /dev/... blkid /etc/fstab mkdir -p ..... mount -a lvremove /dev/vg_nucvm1/ExtraLV vgreduce vg_nucvm1 /dev/vdb1 pvremove /dev/vdb1 # or check gui: system-config-lvm
- Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount an decrypted file system at boot.
#on a loop device dd if=/dev/urandom of=testfile bs=1M count=10 losetup /dev/loop0 testfile #with normal device cryptsetup luksFormat /dev/vdb1 # type uppercase YES cryptsetup luksOpen /dev/vdb1 CryptLV /dev/mapper/CryptLV /crypt ext4 defaults 0 0 # /etc/fstab CryptLV /dev/vdb1 none # /etc/crypttab
- Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label.
blkid # show UUID's UUID=72607ef8-d59a-4b7b-892f-2a515a1b8104 # in /etc/fstab e2label /dev/mapper/CryptLV luksdrive LABEL=luksdrive # in /etc/fstab
- Add new partitions and logical volumes, and swap to a system non-destructively.
fdisk set partition to SWAP partx -a /dev/vdc partprobe mkswap /dev/vdc1 swapon -v /dev/vdc1 swapon -s # show
Create and configure file systems
- Create, mount, unmount, and use ext2, ext3, and ext4 file systems.
- Mount, unmount, and use LUKS-encrypted file systems.
- Mount and unmount CIFS and NFS network file systems.
mount -t nfs server:/share /mnt showmount -e # show exported filesystems mount -t cifs //server/share /mnt -o user=username smbclient -L diskstation -U benst
- Configure systems to mount ext4, LUKS-encrypted, and network file systems automatically.
In /etc/fstab luks: /etc/fstab AND /etc/crypttab 192.168.1.100:/share /mnt/share nfs ro,user,_netdev 0 0
- Extend existing unencrypted ext4-formatted logical volumes
#extend lvextend -L +100M /dev/vg_nucvm1/smallfs resize2fs /dev/mapper/vg_nucvm1-smallfs #decrease umount fsck resize2fs -f /dev/... 100M lvreduce -L 100M /dev/... mount -a #online resize lvresize -r -L NewSize /dev/...
- Create and configure set-GID directories for collaboration.
mkdir /opt/team groupadd team chgrp team /opt/team chmod 760 /opt/team chown g+s /opt/team
- Create and manage Access Control Lists (ACLs).
Add ACL functionality to filesystem with /etc/fstab /dev/mapper/vg_nucvm1-smallfs /small ext4 defaults,acl 0 0 mount -o remount /small getfacl testfile ls -l # shows a plus + sign -rw-rwxr--+ 1 root root 0 Jan 20 20:24 testfile setfacl -m u:benst:rw ./testfile # modify user rights setfacl -m g:team:rwx ./testfile # modify group rights setfacl -m u:benst:--- ./testfile # remove rights
- Diagnose and correct file permission problems.
Deploy, configure, and maintain systems
- Configure networking and hostname resolution statically or dynamically.
BOOTPROTO=dhcp BOOTPROTO=static
- Schedule tasks using cron.
yum install cronie min hour daymonth month dayweek(0=sun) */2 = every 2 hours */5 = every 5 minutes "30 4 1,15 * 5" would cause a command to be run at 4:30 am on the 1st and 15th of each month, plus ev ery Friday.
- Configure systems to boot into a specific runlevel automatically.
- Install Red Hat Enterprise Linux automatically using Kickstart.
yum -y install httpd system-config-kickstart rsync CDROM to /var/www/html/pub at boot edit kernel line, add: ks=http://192.168.122.35/ks.cfg
- Configure a physical machine to host virtual guests.
yum groupinstall Virtualization "Virtualization Tools"
- Install Red Hat Enterprise Linux systems as virtual guests.
via virsh or virt-manager
- Configure systems to launch virtual machines at boot.
virsh autostart nucvm1 chkconfig libvirtd on
- Configure network services to start automatically at boot.
chkconfig
- Configure a system to run a default configuration HTTP server.
yum groupinstall "Web Server" chkconfig httpd on service httpd start selinux? #Virtual hosts NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/station ServerName station ErrorLog logs/station-error CustomLog logs/station-access common </VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/html ServerName install ErrorLog logs/html-error CustomLog logs/html-access common </VirtualHost>
- Configure a system to run a default configuration FTP server.
yum -y groupinstall "FTP server" chkconfig vsftpd on service vsftpd start
Configure selinux and iptables.
- Install and update software packages from Red Hat Network, a remote repository, or from the local
file system.
rpm -i # install rpm -u # update yum install yum localinstall #repo file: [base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 [base] name=CDROM baseurl=file:///mnt/cd/Server enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
- Update the kernel package appropriately to ensure a bootable system.
yum update kernel
- Modify the system bootloader.
[root@nucvm1 grub]# more grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/mapper/vg_nucvm1-lv_root # initrd /initrd-[generic-]version.img #boot=/dev/vda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.32-279.19.1.el6.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-279.19.1.el6.x86_64 ro root=/dev/mapper/vg_nucvm1-lv_root rd_NO_LUKS K EYBOARDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_LVM_LV=vg_nucvm1/lv_swap rd_NO_MD rd_LVM_LV=vg_nucvm1/l v_root crashkernel=auto SYSFONT=latarcyrheb-sun16 rd_NO_DM rhgb quiet console=tty0 console=ttyS0 initrd /initramfs-2.6.32-279.19.1.el6.x86_64.img title CentOS (2.6.32-279.el6.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-279.el6.x86_64 ro root=/dev/mapper/vg_nucvm1-lv_root rd_NO_LUKS KEYBOA RDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_LVM_LV=vg_nucvm1/lv_swap rd_NO_MD rd_LVM_LV=vg_nucvm1/lv_roo t crashkernel=auto SYSFONT=latarcyrheb-sun16 rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-279.el6.x86_64.img
Manage users and groups
- Create, delete, and modify local user accounts.
useradd, usermod, userdel /etc/passwd /etc/shadow
- Change passwords and adjust password aging for local user accounts.
passwd <user> chage -l benst # list age info chage -M 30 -W 5 benst # change after 30 days, 5 day warning
- Create, delete, and modify local groups and group memberships.
groupadd, groupmod, groupdel /etc/group
- Configure a system to use an existing LDAP directory service for user and group information.
# For graphical config: system-configure-authentication: User Account Database: LDAP Base DN: dc=diskstation,dc=home Server: ldap://diskstation.home Authentication Method: LDAP Apply getent passwd ldapuser #autofs if needed getent passwd user #for homedirectory info #/etc/auto.master /rhome /etc/auto.rhome #/etc/auto.rhome * -fstype=nfs,soft,intr,rw diskstation:/volume1/rhome/& service autofs start
Manage security
- Configure firewall settings using system-config-firewall or iptables.
yum -y install system-config-firewall /etc/sysconfig/iptables
- Set enforcing and permissive modes for SELinux.
getenforce setenforce 0 # Permissive temporary /etc/sysconfig/selinux # Permissive or Disabled
- List and identify SELinux file and process context.
ps -efZ ls -lZ
- Restore default file contexts.
man -k selinux yum -y install policycoreutils-gui system-config-selinux semanage fcontext -a -t public_content_t "/root/testwwwdir(/.*)?" restorecon -F -R -v /root/testwwwdir
- Use boolean settings to modify system SELinux settings.
getsebool -a getsebool -a | grep httpd togglesebool httpd_verify_dns # temporary change setsebool httpd_verify_dns 0 # temporary disable setsebool -P httpd_verify_dns 0 # permanently disable
- Diagnose and address routine SELinux policy violations.
Application logs /var/log/audit man ftpd_selinux yum -y install setroubleshoot setroubleshoot-server chkconfig auditd on reboot # change context, if for example this was wrong # targed policy does not use users or roles :) chcon -t httpd_sys_content_t index.html OR chcon --reference /var/www/html /var/www/html/index.html OR restorecon -vR /var/www/html
rhel_ex200_objectives.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1