Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


rhel_ex200_objectives

RedHat EX200 objectives (20121221)

Understand and use essential tools

  • Access a shell prompt and issue commands with correct syntax.
  • Use input-output redirection (>, », |, 2>, etc.).
> redirect, creates or overwrite file
>> redirect, creates or appends file
1> redirect stdout, 1>> append
2> redirect stderr, 2>> append
&> redirect stdout and stderr
2>&1 redirect stderr to stdout
command < /dir/file # stdin
  • Use grep and regular expressions to analyze text.
grep ^at start of line
grep at end of line$
grep ^$ for empty lines
grep -e "foo|bar" OR
  • Access remote systems using ssh and VNC.
#server
yum -y install tigervnc-server
/etc/sysconfig/vncservers
remove -localhost

#as normal user
vncpasswd
vncserver :1

#kill session
vncserver -kill :1

#client
yum -y install tigervnc
vncviewer nucvm3:5901
  • Log in and switch users in multiuser runlevels.
su -
sudo
  • Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2.
Star is a very fast tar like tape archiver with improved functionality. Can handle ACL information.
  • Create and edit text files.
  • Create, delete, copy, and move files and directories.
  • Create hard and soft links.
ln TARGET LINK # hard link
ln -s # soft link
ls -lia show inodes (for hardlinks)
  • List, set, and change standard ugo/rwx permissions.
ls -l
chmod
  r = read
  w = write
  x = execute or search
  s = setuid, setgid
  t = sticky bit (/tmp)
chown
  • Locate, read, and use system documentation including man, info, and files in /usr/share/doc.
man -k #search for keywords
makewhatis
info -k #search for keywords
info coreutils 'chmod invocation' #example
Note: Red Hat may use applications during the exam that are not included in Red Hat Enterprise Linux

for the purpose of evaluating candidate's abilities to meet this objective.

Operate running systems

  • Boot, reboot, and shut down a system normally.
shutdown -r now #reboot
shutdown -h now #halt
reboot
/etc/inittab
  • Boot systems into different runlevels manually.
init <runlevel>
telinit <runlevel>
  • Use single-user mode to gain access to a system.
add runlevel number at end end of kernel line (grub)
  • Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes.
top
ps
kill -<signal> <pid>
nice -n <level> command # run program with modified prio, from -20 to 19, higer = more nice (-20 is hi
ghest prio)
renice -n <level> <pid> # alter priority of running processes
ps -efl # also shows nice level
  • Locate and interpret system log files.
  • Access a virtual machine's console.
virt-manager # gui
virsh console <vmname>
virsh list --all # list VMs
  • Start and stop virtual machines.
virsh reboot <vmname>
virsh shutdown <vmname>
virsh start <vmname>
  • Start, stop, and check the status of network services.
service network start|stop|restart
ifconfig -a
netstat -rn # route -n
netstat -tapn # as root shows PID names (processes) for TCP ports
chkconfig --list

Configure local storage

  • List, create, delete, and set partition type for primary, extended, and logical partitions.
df
fdisk -l
fdisk /dev/vdb, n, p, 1, <enter>, <enter>, w
fdisk /dev/vda n +512M, w
partprobe
  • Create and remove physical volumes, assign physical volumes to volume groups, and create and delet

e logical volumes.

add disk to VM, choose VirtIO, will be hot plugged
fdisk /dev/vdb, type 8e Linux LVM
pvcreate /dev/vdb1 <device2> <device...>
vgextend vg_nucvm1 /dev/vdb1 #toevoegen aan VG
vgcreate -s 8M VolumeGroupName /dev/sdb1 /dev/sdb2
lvcreate -L 5GB -n ExtraLV vg_nucvm1
mkfs.ext4 /dev/...
blkid
/etc/fstab
mkdir -p .....
mount -a

lvremove /dev/vg_nucvm1/ExtraLV 
vgreduce vg_nucvm1 /dev/vdb1
pvremove /dev/vdb1 

# or check gui: system-config-lvm
  • Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount an decrypted file system at boot.
#on a loop device
dd if=/dev/urandom of=testfile bs=1M count=10
losetup /dev/loop0 testfile


#with normal device
cryptsetup luksFormat /dev/vdb1 # type uppercase YES
cryptsetup luksOpen /dev/vdb1 CryptLV

/dev/mapper/CryptLV	/crypt			ext4	defaults	0 0  # /etc/fstab
CryptLV	/dev/vdb1	none # /etc/crypttab

  • Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label.
blkid # show UUID's
UUID=72607ef8-d59a-4b7b-892f-2a515a1b8104 # in /etc/fstab

e2label /dev/mapper/CryptLV luksdrive
LABEL=luksdrive # in /etc/fstab
  • Add new partitions and logical volumes, and swap to a system non-destructively.
fdisk set partition to SWAP
partx -a /dev/vdc
partprobe
mkswap /dev/vdc1
swapon -v /dev/vdc1

swapon -s # show 

Create and configure file systems

  • Create, mount, unmount, and use ext2, ext3, and ext4 file systems.
  • Mount, unmount, and use LUKS-encrypted file systems.
  • Mount and unmount CIFS and NFS network file systems.
mount -t nfs server:/share /mnt
showmount -e # show exported filesystems

mount -t cifs //server/share /mnt -o user=username
smbclient -L diskstation -U benst
  • Configure systems to mount ext4, LUKS-encrypted, and network file systems automatically.
In /etc/fstab

luks: /etc/fstab AND /etc/crypttab

192.168.1.100:/share    /mnt/share  nfs     ro,user,_netdev         0 0
  • Extend existing unencrypted ext4-formatted logical volumes
#extend
lvextend -L +100M /dev/vg_nucvm1/smallfs
resize2fs /dev/mapper/vg_nucvm1-smallfs

#decrease
umount
fsck
resize2fs -f /dev/... 100M
lvreduce -L 100M /dev/...
mount -a

#online resize
lvresize -r -L NewSize /dev/...
  • Create and configure set-GID directories for collaboration.
mkdir /opt/team
groupadd team
chgrp team /opt/team
chmod 760 /opt/team
chown g+s /opt/team
  • Create and manage Access Control Lists (ACLs).
Add ACL functionality to filesystem with /etc/fstab
/dev/mapper/vg_nucvm1-smallfs /small 	ext4 	defaults,acl	0 0
mount -o remount /small

getfacl testfile
ls -l # shows a plus + sign
-rw-rwxr--+  1 root root     0 Jan 20 20:24 testfile

setfacl -m u:benst:rw ./testfile # modify user rights
setfacl -m g:team:rwx ./testfile # modify group rights
setfacl -m u:benst:--- ./testfile # remove rights
  • Diagnose and correct file permission problems.

Deploy, configure, and maintain systems

  • Configure networking and hostname resolution statically or dynamically.
BOOTPROTO=dhcp
BOOTPROTO=static
  • Schedule tasks using cron.
yum install cronie
min hour daymonth month dayweek(0=sun)
*/2 = every 2 hours
*/5 = every 5 minutes
"30  4 1,15 * 5" would cause a command to be run at 4:30 am on the 1st and 15th of each month, plus ev
ery Friday.
  • Configure systems to boot into a specific runlevel automatically.
  • Install Red Hat Enterprise Linux automatically using Kickstart.
yum -y install httpd system-config-kickstart
rsync CDROM to /var/www/html/pub
at boot edit kernel line, add: ks=http://192.168.122.35/ks.cfg
  • Configure a physical machine to host virtual guests.
yum groupinstall Virtualization "Virtualization Tools"
  • Install Red Hat Enterprise Linux systems as virtual guests.
via virsh or virt-manager
  • Configure systems to launch virtual machines at boot.
virsh autostart nucvm1
chkconfig libvirtd on
  • Configure network services to start automatically at boot.
chkconfig
  • Configure a system to run a default configuration HTTP server.
yum groupinstall "Web Server"
chkconfig httpd on
service httpd start
selinux?

#Virtual hosts
NameVirtualHost *:80
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot /var/www/station
    ServerName station
    ErrorLog logs/station-error
    CustomLog logs/station-access common
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot /var/www/html
    ServerName install
    ErrorLog logs/html-error
    CustomLog logs/html-access common
</VirtualHost>
  • Configure a system to run a default configuration FTP server.
yum -y groupinstall "FTP server"
chkconfig vsftpd on
service vsftpd start

Configure selinux and iptables.

  • Install and update software packages from Red Hat Network, a remote repository, or from the local

file system.

rpm -i # install
rpm -u # update
yum install
yum localinstall

#repo file:
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

[base]
name=CDROM
baseurl=file:///mnt/cd/Server
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
  • Update the kernel package appropriately to ensure a bootable system.
yum update kernel
  • Modify the system bootloader.
[root@nucvm1 grub]# more grub.conf 
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/mapper/vg_nucvm1-lv_root
#          initrd /initrd-[generic-]version.img
#boot=/dev/vda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-279.19.1.el6.x86_64)
	root (hd0,0)
	kernel /vmlinuz-2.6.32-279.19.1.el6.x86_64 ro root=/dev/mapper/vg_nucvm1-lv_root rd_NO_LUKS  K
EYBOARDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_LVM_LV=vg_nucvm1/lv_swap rd_NO_MD rd_LVM_LV=vg_nucvm1/l
v_root crashkernel=auto SYSFONT=latarcyrheb-sun16 rd_NO_DM rhgb quiet console=tty0 console=ttyS0
	initrd /initramfs-2.6.32-279.19.1.el6.x86_64.img

title CentOS (2.6.32-279.el6.x86_64)
	root (hd0,0)
	kernel /vmlinuz-2.6.32-279.el6.x86_64 ro root=/dev/mapper/vg_nucvm1-lv_root rd_NO_LUKS  KEYBOA
RDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_LVM_LV=vg_nucvm1/lv_swap rd_NO_MD rd_LVM_LV=vg_nucvm1/lv_roo
t crashkernel=auto SYSFONT=latarcyrheb-sun16 rd_NO_DM rhgb quiet
	initrd /initramfs-2.6.32-279.el6.x86_64.img

Manage users and groups

  • Create, delete, and modify local user accounts.
useradd, usermod, userdel
/etc/passwd
/etc/shadow
  • Change passwords and adjust password aging for local user accounts.
passwd <user>
chage -l benst # list age info
chage -M 30 -W 5 benst # change after 30 days, 5 day warning
  • Create, delete, and modify local groups and group memberships.
groupadd, groupmod, groupdel
/etc/group
  • Configure a system to use an existing LDAP directory service for user and group information.
# For graphical config:
system-configure-authentication:
User Account Database: LDAP
Base DN: dc=diskstation,dc=home
Server: ldap://diskstation.home
Authentication Method: LDAP
Apply

getent passwd ldapuser

#autofs if needed
getent passwd user #for homedirectory info

#/etc/auto.master
/rhome	/etc/auto.rhome

#/etc/auto.rhome
*   -fstype=nfs,soft,intr,rw   diskstation:/volume1/rhome/&

service autofs start

Manage security

  • Configure firewall settings using system-config-firewall or iptables.
yum -y install system-config-firewall
/etc/sysconfig/iptables
  • Set enforcing and permissive modes for SELinux.
getenforce
setenforce 0 # Permissive temporary
/etc/sysconfig/selinux # Permissive or Disabled 
  • List and identify SELinux file and process context.
ps -efZ
ls -lZ
  • Restore default file contexts.
man -k selinux
yum -y install policycoreutils-gui
system-config-selinux

semanage fcontext -a -t public_content_t "/root/testwwwdir(/.*)?"
restorecon -F -R -v /root/testwwwdir
  • Use boolean settings to modify system SELinux settings.
getsebool -a
getsebool -a | grep httpd
togglesebool httpd_verify_dns # temporary change
setsebool httpd_verify_dns 0 # temporary disable
setsebool -P httpd_verify_dns 0 # permanently disable
  • Diagnose and address routine SELinux policy violations.
Application logs
/var/log/audit
man ftpd_selinux

yum -y install setroubleshoot setroubleshoot-server
chkconfig auditd on
reboot

# change context, if for example this was wrong
# targed policy does not use users or roles :)
chcon -t httpd_sys_content_t index.html

OR

chcon --reference /var/www/html /var/www/html/index.html

OR

restorecon -vR /var/www/html
rhel_ex200_objectives.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1