User:Tom/RHCSA EX200: Difference between revisions
< User:Tom
Jump to navigation
Jump to search
No edit summary |
|||
| (45 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
====Lab setup==== | |||
Physical host host1 | |||
Virtual machine 1 server1 192.168.122.110 | |||
Virtual machine 2 server2 192.168.122.120 | |||
====Hoofdstuk 02 Using basic Linux Tools==== | |||
ssh host | |||
ssh -l user host | |||
ssh -X host | |||
ls pwd cd mkdir | |||
tty who uptime whoami logname | |||
if groups | |||
last lastb lastlog | |||
uname | |||
hostnamectl | |||
timedatectl list-time-zones | |||
clear | |||
which wc | |||
lspci lscpu | |||
gzip gunzip bzip2 bunzip2 tar star | |||
vi | |||
man apropos mandb whatis info | |||
====Hoofdstuk 03 Working with files and file permissions==== | |||
/boot /var/ /usr /opt /home /dev /proc /sys /tmp | |||
file touch cat less head tail | |||
cp mv rm lsattr chattr | |||
find | |||
ln, ln -s | |||
chmod chown chgrp | |||
umask files en directories. Initial permissions for file 666 and for directories 777. | |||
Special permissions setuid setgid sticky. setuid s set on owner of executable files, setgid s set on group of executable files. | |||
Examples are su and wall. | |||
setgid on directory group; new files inherit directory's owning group. | |||
====Hoofdstuk 04 Dealing with the Bash shell, processes and scheduling==== | |||
variables, local and environment | |||
export unset | |||
> >> &> | |||
HISTFILE history | |||
set -o vi | |||
grep * ? \ | |||
ps pidof pgrep | |||
nice renice | |||
kill pkill killall | |||
at crontab | |||
====Hoofdstuk 05 Managing software packages==== | |||
RHSM Red Hat Subscription Management | |||
SAM Subscription Asset Manager | |||
subscription-manager | |||
rpm rpm2cpio | |||
mount /dev/cdrom /mnt | |||
mount -o loop /.../*.iso /mnt | |||
yum-config-manager | |||
yum check-update clean, group install, group info, group list, group remove, | |||
repolist, repolist all, repository-packages | |||
info, install, list, search, update, history | |||
createrepo | |||
man yum.conf for info about repository files | |||
gnome-packagekit | |||
/etc/yum.conf | |||
/etc/yum.repos.d | |||
====Hoofdstuk 06 Configuring server virtualization and network installing RHEL7==== | |||
lscpu | |||
yum -y group install | |||
virt-install | |||
virsh list pool-list pool-info | |||
virt-manager | |||
brctl | |||
Kickstart anaconda-ks.cfg | |||
ksvalidator | |||
wget | |||
/etc/sysconfig/network-scripts | |||
====Hoofdstuk 07 Booting RHEL 7, updating Kernel and logging messages==== | |||
lsmod | |||
modinfo | |||
modprobe | |||
grub2-mkconfig -o /boot/grub2/grub.cfg | |||
grub2-set-default | |||
rootpw init=/sysroot/bin/sh, chroot /sysroot, mount -o remount,rw /, passwd, touch /.autorelabel, exit, reboot | |||
yum list installed kernel | |||
/boot | |||
/etc/grub.d | |||
systemctl | |||
systemd-analyze | |||
systemd-cgtop | |||
journalctl | |||
mkdir -p /var/log/journal | |||
systemctl restart systemd-journald | |||
====Hoofdstuk 08 Managing users and groups==== | |||
pwck | |||
pwconv | |||
grpconv | |||
useradd, usermod, userdel | |||
chage | |||
vigr | |||
vipw | |||
groupadd, groupmod, groupdel | |||
gpasswd | |||
/etc/default/useradd | |||
/etc/passwd | |||
/etc/shadow | |||
/etc/login.defs | |||
/etc/skel | |||
/etc/group | |||
/etc/gshadow | |||
/etc/bashrc | |||
/etc/profile | |||
/etc/profile.d | |||
.bashrc | |||
./bash_profile | |||
====Hoofdstuk 09 Partitioning and managing disk storage==== | |||
Master Boot Record (MBR) on BIOS-based systems versus GUID Partition Tabel (GPT) on UEFI-based systems. | |||
parted, gdisk, fdisk | |||
partprobe | |||
lsblk | |||
pvs | |||
vgs | |||
lvs | |||
vgdisplay | |||
lvdisplay | |||
lvmdiskscan | |||
pvcreate | |||
vgcreate | |||
vgextend | |||
vgreduce | |||
vgremove | |||
lvextend | |||
lvresize | |||
lvreduce | |||
lvremove | |||
/etc/lvm/backup Contains volume group details | |||
====Hoofdstuk 10 Constructing and using filesystems and swap==== | ====Hoofdstuk 10 Constructing and using filesystems and swap==== | ||
Filesystem administration commands. | Filesystem administration commands. | ||
e2fsck | e2fsck | ||
fsck.ext3 | fsck.ext3 | ||
fsck.ext4 | fsck.ext4 | ||
mke2fs | mke2fs | ||
mkfs.xfs | mkfs.xfs | ||
resize2fs | resize2fs | ||
tune2fs | tune2fs | ||
Commands common to all filesystems. | Commands common to all filesystems. | ||
blkid - Used to dermine UUID of a partition / logical volume / filesystem | blkid - Used to dermine UUID of a partition / logical volume / filesystem | ||
mount | mount | ||
umount | umount | ||
NFS filesystems | |||
Package nfs-utils | |||
mount -t nfs 192.168.1.110:/aapje /aap | |||
/etc/fstab: 192.168.1.110:/aapje /aap nfs _netdev 0 0 | |||
AutoFS | |||
Package autofs | |||
Daemon automount | |||
/etc/sysconfig/autofs | |||
/etc/auto.master | |||
UUID universally Unique IDentifier | UUID universally Unique IDentifier | ||
| Line 20: | Line 199: | ||
=====Swap Space===== | =====Swap Space===== | ||
free -h | free -h | ||
lvcreate | |||
mkswap | |||
swapon | |||
=====ACL's===== | |||
chacl | |||
getfacl file1 | |||
setfacl -m user:aap:rw file1 | |||
mount options: defaults,acl | |||
====Hoofdstuk 11 Controlling Access through Firewall and SELinux==== | |||
=====SELinux===== | |||
context for subjects and objects | |||
context contains a type or domain and a security level with subject and object information | |||
-u user, _r role, _t domain | |||
Domain transitioning allows a proces in one domain to enter another domain to execute an application authrized to run in that domain only, a proper rule must exist to support such a transition. | |||
======Commands====== | |||
id -Z View context set on Linux user | |||
ls -Z Determine context for files | |||
ps -eZ Determine context on processes | |||
seinfo -u List available SELinux users | |||
semanage | |||
sestatus SELinux status tool | |||
getsebool -a Show all SELinux Boolean variables | |||
setsebool Set a boolean variable | |||
getenforce Get the current mode of SELinux | |||
setenforce | |||
cp --preserve=context Preserve specified attributes | |||
sealert SELinux troubleshooter | |||
======Packages====== | |||
libselinux-utils | |||
policycoreutils | |||
setools-console contains seinfo command | |||
setroubleshoot-server Troub | |||
======Files====== | |||
/etc/sestatus.conf | |||
/etc/selinux/config Controls state of SELinux (enforcing, permissive or disabled | |||
/etc/selinux/targeted/contexts/files/file_contexts.local custom context | |||
/sys/fs/selinux/booleans | |||
====Hoofdstuk 12 Administering Network Interfaces and Network Clients==== | |||
=====Hostname===== | |||
======Commands====== | |||
arp -a | |||
ip neighbor | |||
hostname | |||
hostnamectl | |||
ifdown ifup | |||
nmcli | |||
nm-connection-editor | |||
nmtui | |||
uname | |||
systemctl restart systemd-hostnamed | |||
yum install *ldap* packages | |||
authconfig | |||
authconfig-gtk | |||
authconfig-tui | |||
system-config-authentication | |||
======Files====== | |||
/etc/hosts | |||
/etc/resolv.conf | |||
/etc/sysconfig/network-scripts | |||
/etc/sssd/sssd.conf | |||
====Hoofdstuk 13 Securing access with SSH and TCP wrappers==== | |||
ssh-keygen | |||
ssh-copy-id | |||
sftp | |||
yum info tcp_wrappers | |||
/etc/sshd/sshd_config | |||
/etc/sshd/ssh_config | |||
/etc/hosts.allow | |||
/etc/hosts.deny | |||
/var/log/secure | |||
Hints | |||
repo | |||
kernel update | |||
acl | |||
ntp | |||
autofs | |||
ldap | |||
swap create lvm en partitie | |||
lv in nieuwe vg | |||
Latest revision as of 20:44, 18 July 2016
Lab setup
Physical host host1 Virtual machine 1 server1 192.168.122.110 Virtual machine 2 server2 192.168.122.120
Hoofdstuk 02 Using basic Linux Tools
ssh host ssh -l user host ssh -X host ls pwd cd mkdir tty who uptime whoami logname if groups last lastb lastlog uname hostnamectl timedatectl list-time-zones clear which wc lspci lscpu gzip gunzip bzip2 bunzip2 tar star vi man apropos mandb whatis info
Hoofdstuk 03 Working with files and file permissions
/boot /var/ /usr /opt /home /dev /proc /sys /tmp file touch cat less head tail cp mv rm lsattr chattr find ln, ln -s chmod chown chgrp umask files en directories. Initial permissions for file 666 and for directories 777.
Special permissions setuid setgid sticky. setuid s set on owner of executable files, setgid s set on group of executable files. Examples are su and wall. setgid on directory group; new files inherit directory's owning group.
Hoofdstuk 04 Dealing with the Bash shell, processes and scheduling
variables, local and environment export unset > >> &> HISTFILE history set -o vi grep * ? \ ps pidof pgrep nice renice kill pkill killall at crontab
Hoofdstuk 05 Managing software packages
RHSM Red Hat Subscription Management SAM Subscription Asset Manager subscription-manager rpm rpm2cpio mount /dev/cdrom /mnt mount -o loop /.../*.iso /mnt
yum-config-manager
yum check-update clean, group install, group info, group list, group remove,
repolist, repolist all, repository-packages
info, install, list, search, update, history
createrepo
man yum.conf for info about repository files
gnome-packagekit
/etc/yum.conf /etc/yum.repos.d
Hoofdstuk 06 Configuring server virtualization and network installing RHEL7
lscpu yum -y group install
virt-install virsh list pool-list pool-info virt-manager
brctl
Kickstart anaconda-ks.cfg ksvalidator wget
/etc/sysconfig/network-scripts
Hoofdstuk 07 Booting RHEL 7, updating Kernel and logging messages
lsmod modinfo modprobe grub2-mkconfig -o /boot/grub2/grub.cfg grub2-set-default
rootpw init=/sysroot/bin/sh, chroot /sysroot, mount -o remount,rw /, passwd, touch /.autorelabel, exit, reboot
yum list installed kernel
/boot /etc/grub.d
systemctl systemd-analyze systemd-cgtop
journalctl mkdir -p /var/log/journal systemctl restart systemd-journald
Hoofdstuk 08 Managing users and groups
pwck pwconv grpconv
useradd, usermod, userdel chage
vigr vipw
groupadd, groupmod, groupdel gpasswd /etc/default/useradd /etc/passwd /etc/shadow /etc/login.defs /etc/skel /etc/group /etc/gshadow
/etc/bashrc /etc/profile /etc/profile.d .bashrc ./bash_profile
Hoofdstuk 09 Partitioning and managing disk storage
Master Boot Record (MBR) on BIOS-based systems versus GUID Partition Tabel (GPT) on UEFI-based systems.
parted, gdisk, fdisk partprobe lsblk
pvs vgs lvs vgdisplay lvdisplay lvmdiskscan
pvcreate vgcreate vgextend vgreduce vgremove
lvextend lvresize lvreduce lvremove
/etc/lvm/backup Contains volume group details
Hoofdstuk 10 Constructing and using filesystems and swap
Filesystem administration commands.
e2fsck fsck.ext3 fsck.ext4 mke2fs mkfs.xfs resize2fs tune2fs
Commands common to all filesystems.
blkid - Used to dermine UUID of a partition / logical volume / filesystem mount umount
NFS filesystems
Package nfs-utils mount -t nfs 192.168.1.110:/aapje /aap /etc/fstab: 192.168.1.110:/aapje /aap nfs _netdev 0 0
AutoFS
Package autofs Daemon automount
/etc/sysconfig/autofs /etc/auto.master
UUID universally Unique IDentifier
Swap Space
free -h lvcreate mkswap swapon
ACL's
chacl getfacl file1 setfacl -m user:aap:rw file1
mount options: defaults,acl
Hoofdstuk 11 Controlling Access through Firewall and SELinux
SELinux
context for subjects and objects context contains a type or domain and a security level with subject and object information -u user, _r role, _t domain
Domain transitioning allows a proces in one domain to enter another domain to execute an application authrized to run in that domain only, a proper rule must exist to support such a transition.
Commands
id -Z View context set on Linux user ls -Z Determine context for files ps -eZ Determine context on processes seinfo -u List available SELinux users semanage sestatus SELinux status tool getsebool -a Show all SELinux Boolean variables setsebool Set a boolean variable getenforce Get the current mode of SELinux setenforce cp --preserve=context Preserve specified attributes sealert SELinux troubleshooter
Packages
libselinux-utils policycoreutils setools-console contains seinfo command setroubleshoot-server Troub
Files
/etc/sestatus.conf /etc/selinux/config Controls state of SELinux (enforcing, permissive or disabled /etc/selinux/targeted/contexts/files/file_contexts.local custom context /sys/fs/selinux/booleans
Hoofdstuk 12 Administering Network Interfaces and Network Clients
Hostname
Commands
arp -a ip neighbor hostname hostnamectl ifdown ifup nmcli nm-connection-editor nmtui uname systemctl restart systemd-hostnamed
yum install *ldap* packages authconfig authconfig-gtk authconfig-tui system-config-authentication
Files
/etc/hosts /etc/resolv.conf /etc/sysconfig/network-scripts
/etc/sssd/sssd.conf
Hoofdstuk 13 Securing access with SSH and TCP wrappers
ssh-keygen ssh-copy-id
sftp
yum info tcp_wrappers /etc/sshd/sshd_config /etc/sshd/ssh_config /etc/hosts.allow /etc/hosts.deny /var/log/secure
Hints
repo kernel update acl ntp autofs ldap swap create lvm en partitie lv in nieuwe vg