User:Tom/RHCSA EX200: Difference between revisions
< User:Tom
Jump to navigation
Jump to search
| (26 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
====Lab setup==== | ====Lab setup==== | ||
Physical host host1 | Physical host host1 | ||
Virtual machine 1 server1 | Virtual machine 1 server1 192.168.122.110 | ||
Virtual machine 2 server2 | Virtual machine 2 server2 192.168.122.120 | ||
====Hoofdstuk 02 Using basic Linux Tools==== | ====Hoofdstuk 02 Using basic Linux Tools==== | ||
| Line 31: | Line 31: | ||
ln, ln -s | ln, ln -s | ||
chmod chown chgrp | chmod chown chgrp | ||
umask files en directories | umask files en directories. Initial permissions for file 666 and for directories 777. | ||
Special permissions setuid setgid sticky | |||
Special permissions setuid setgid sticky. setuid s set on owner of executable files, setgid s set on group of executable files. | |||
Examples are su and wall. | |||
setgid on directory group; new files inherit directory's owning group. | |||
====Hoofdstuk 04 Dealing with the Bash shell, processes and scheduling==== | ====Hoofdstuk 04 Dealing with the Bash shell, processes and scheduling==== | ||
| Line 58: | Line 61: | ||
yum-config-manager | yum-config-manager | ||
yum check-update clean, group install, group info, group list, group remove, | yum check-update clean, group install, group info, group list, group remove, | ||
repolist, repository-packages | repolist, repolist all, repository-packages | ||
info, install, list, search, update, history | info, install, list, search, update, history | ||
createrepo | createrepo | ||
man yum.conf for info about repository files | |||
gnome-packagekit | gnome-packagekit | ||
| Line 82: | Line 87: | ||
/etc/sysconfig/network-scripts | /etc/sysconfig/network-scripts | ||
====Hoofdstuk 07 Booting RHEL 7, updating Kernel and logging messages==== | |||
lsmod | |||
modinfo | |||
modprobe | |||
grub2-mkconfig -o /boot/grub2/grub.cfg | |||
grub2-set-default | |||
rootpw init=/sysroot/bin/sh, chroot /sysroot, mount -o remount,rw /, passwd, touch /.autorelabel, exit, reboot | |||
yum list installed kernel | |||
/boot | |||
/etc/grub.d | |||
systemctl | |||
systemd-analyze | |||
systemd-cgtop | |||
journalctl | |||
mkdir -p /var/log/journal | |||
systemctl restart systemd-journald | |||
====Hoofdstuk 08 Managing users and groups==== | |||
pwck | |||
pwconv | |||
grpconv | |||
useradd, usermod, userdel | |||
chage | |||
vigr | |||
vipw | |||
groupadd, groupmod, groupdel | |||
gpasswd | |||
/etc/default/useradd | |||
/etc/passwd | |||
/etc/shadow | |||
/etc/login.defs | |||
/etc/skel | |||
/etc/group | |||
/etc/gshadow | |||
/etc/bashrc | |||
/etc/profile | |||
/etc/profile.d | |||
.bashrc | |||
./bash_profile | |||
====Hoofdstuk 09 Partitioning and managing disk storage==== | |||
Master Boot Record (MBR) on BIOS-based systems versus GUID Partition Tabel (GPT) on UEFI-based systems. | |||
parted, gdisk, fdisk | |||
partprobe | |||
lsblk | |||
pvs | |||
vgs | |||
lvs | |||
vgdisplay | |||
lvdisplay | |||
lvmdiskscan | |||
pvcreate | |||
vgcreate | |||
vgextend | |||
vgreduce | |||
vgremove | |||
lvextend | |||
lvresize | |||
lvreduce | |||
lvremove | |||
/etc/lvm/backup Contains volume group details | |||
====Hoofdstuk 10 Constructing and using filesystems and swap==== | ====Hoofdstuk 10 Constructing and using filesystems and swap==== | ||
Filesystem administration commands. | Filesystem administration commands. | ||
e2fsck | e2fsck | ||
fsck.ext3 | fsck.ext3 | ||
fsck.ext4 | fsck.ext4 | ||
mke2fs | mke2fs | ||
mkfs.xfs | mkfs.xfs | ||
resize2fs | resize2fs | ||
tune2fs | tune2fs | ||
Commands common to all filesystems. | Commands common to all filesystems. | ||
blkid - Used to dermine UUID of a partition / logical volume / filesystem | blkid - Used to dermine UUID of a partition / logical volume / filesystem | ||
mount | mount | ||
umount | umount | ||
NFS filesystems | |||
Package nfs-utils | |||
mount -t nfs 192.168.1.110:/aapje /aap | |||
/etc/fstab: 192.168.1.110:/aapje /aap nfs _netdev 0 0 | |||
AutoFS | |||
Package autofs | |||
Daemon automount | |||
/etc/sysconfig/autofs | |||
/etc/auto.master | |||
UUID universally Unique IDentifier | UUID universally Unique IDentifier | ||
| Line 103: | Line 199: | ||
=====Swap Space===== | =====Swap Space===== | ||
free -h | free -h | ||
lvcreate | |||
mkswap | |||
swapon | |||
=====ACL's===== | |||
chacl | |||
getfacl file1 | |||
setfacl -m user:aap:rw file1 | |||
====Hoofdstuk 11 Controlling Access | mount options: defaults,acl | ||
====Hoofdstuk 11 Controlling Access through Firewall and SELinux==== | |||
=====SELinux===== | =====SELinux===== | ||
| Line 139: | Line 245: | ||
====Hoofdstuk 12 Administering Network Interfaces and Network Clients==== | ====Hoofdstuk 12 Administering Network Interfaces and Network Clients==== | ||
=====Hostname===== | =====Hostname===== | ||
======Commands====== | ======Commands====== | ||
arp -a | arp -a | ||
ip neighbor | ip neighbor | ||
hostname | hostname | ||
hostnamectl | hostnamectl | ||
ifdown ifup | |||
nmcli | nmcli | ||
nm-connection-editor | nm-connection-editor | ||
| Line 150: | Line 260: | ||
uname | uname | ||
systemctl restart systemd-hostnamed | systemctl restart systemd-hostnamed | ||
yum install *ldap* packages | |||
authconfig | |||
authconfig-gtk | |||
authconfig-tui | |||
system-config-authentication | |||
======Files====== | ======Files====== | ||
/etc/hosts | |||
/etc/sysconfig/network-scripts | /etc/hosts | ||
/etc/resolv.conf | |||
/etc/sysconfig/network-scripts | |||
/etc/sssd/sssd.conf | |||
====Hoofdstuk 13 Securing access with SSH and TCP wrappers==== | |||
ssh-keygen | |||
ssh-copy-id | |||
sftp | |||
yum info tcp_wrappers | |||
/etc/sshd/sshd_config | |||
/etc/sshd/ssh_config | |||
/etc/hosts.allow | |||
/etc/hosts.deny | |||
/var/log/secure | |||
Hints | |||
repo | |||
kernel update | |||
acl | |||
ntp | |||
autofs | |||
ldap | |||
swap create lvm en partitie | |||
lv in nieuwe vg | |||
Latest revision as of 20:44, 18 July 2016
Lab setup
Physical host host1 Virtual machine 1 server1 192.168.122.110 Virtual machine 2 server2 192.168.122.120
Hoofdstuk 02 Using basic Linux Tools
ssh host ssh -l user host ssh -X host ls pwd cd mkdir tty who uptime whoami logname if groups last lastb lastlog uname hostnamectl timedatectl list-time-zones clear which wc lspci lscpu gzip gunzip bzip2 bunzip2 tar star vi man apropos mandb whatis info
Hoofdstuk 03 Working with files and file permissions
/boot /var/ /usr /opt /home /dev /proc /sys /tmp file touch cat less head tail cp mv rm lsattr chattr find ln, ln -s chmod chown chgrp umask files en directories. Initial permissions for file 666 and for directories 777.
Special permissions setuid setgid sticky. setuid s set on owner of executable files, setgid s set on group of executable files. Examples are su and wall. setgid on directory group; new files inherit directory's owning group.
Hoofdstuk 04 Dealing with the Bash shell, processes and scheduling
variables, local and environment export unset > >> &> HISTFILE history set -o vi grep * ? \ ps pidof pgrep nice renice kill pkill killall at crontab
Hoofdstuk 05 Managing software packages
RHSM Red Hat Subscription Management SAM Subscription Asset Manager subscription-manager rpm rpm2cpio mount /dev/cdrom /mnt mount -o loop /.../*.iso /mnt
yum-config-manager
yum check-update clean, group install, group info, group list, group remove,
repolist, repolist all, repository-packages
info, install, list, search, update, history
createrepo
man yum.conf for info about repository files
gnome-packagekit
/etc/yum.conf /etc/yum.repos.d
Hoofdstuk 06 Configuring server virtualization and network installing RHEL7
lscpu yum -y group install
virt-install virsh list pool-list pool-info virt-manager
brctl
Kickstart anaconda-ks.cfg ksvalidator wget
/etc/sysconfig/network-scripts
Hoofdstuk 07 Booting RHEL 7, updating Kernel and logging messages
lsmod modinfo modprobe grub2-mkconfig -o /boot/grub2/grub.cfg grub2-set-default
rootpw init=/sysroot/bin/sh, chroot /sysroot, mount -o remount,rw /, passwd, touch /.autorelabel, exit, reboot
yum list installed kernel
/boot /etc/grub.d
systemctl systemd-analyze systemd-cgtop
journalctl mkdir -p /var/log/journal systemctl restart systemd-journald
Hoofdstuk 08 Managing users and groups
pwck pwconv grpconv
useradd, usermod, userdel chage
vigr vipw
groupadd, groupmod, groupdel gpasswd /etc/default/useradd /etc/passwd /etc/shadow /etc/login.defs /etc/skel /etc/group /etc/gshadow
/etc/bashrc /etc/profile /etc/profile.d .bashrc ./bash_profile
Hoofdstuk 09 Partitioning and managing disk storage
Master Boot Record (MBR) on BIOS-based systems versus GUID Partition Tabel (GPT) on UEFI-based systems.
parted, gdisk, fdisk partprobe lsblk
pvs vgs lvs vgdisplay lvdisplay lvmdiskscan
pvcreate vgcreate vgextend vgreduce vgremove
lvextend lvresize lvreduce lvremove
/etc/lvm/backup Contains volume group details
Hoofdstuk 10 Constructing and using filesystems and swap
Filesystem administration commands.
e2fsck fsck.ext3 fsck.ext4 mke2fs mkfs.xfs resize2fs tune2fs
Commands common to all filesystems.
blkid - Used to dermine UUID of a partition / logical volume / filesystem mount umount
NFS filesystems
Package nfs-utils mount -t nfs 192.168.1.110:/aapje /aap /etc/fstab: 192.168.1.110:/aapje /aap nfs _netdev 0 0
AutoFS
Package autofs Daemon automount
/etc/sysconfig/autofs /etc/auto.master
UUID universally Unique IDentifier
Swap Space
free -h lvcreate mkswap swapon
ACL's
chacl getfacl file1 setfacl -m user:aap:rw file1
mount options: defaults,acl
Hoofdstuk 11 Controlling Access through Firewall and SELinux
SELinux
context for subjects and objects context contains a type or domain and a security level with subject and object information -u user, _r role, _t domain
Domain transitioning allows a proces in one domain to enter another domain to execute an application authrized to run in that domain only, a proper rule must exist to support such a transition.
Commands
id -Z View context set on Linux user ls -Z Determine context for files ps -eZ Determine context on processes seinfo -u List available SELinux users semanage sestatus SELinux status tool getsebool -a Show all SELinux Boolean variables setsebool Set a boolean variable getenforce Get the current mode of SELinux setenforce cp --preserve=context Preserve specified attributes sealert SELinux troubleshooter
Packages
libselinux-utils policycoreutils setools-console contains seinfo command setroubleshoot-server Troub
Files
/etc/sestatus.conf /etc/selinux/config Controls state of SELinux (enforcing, permissive or disabled /etc/selinux/targeted/contexts/files/file_contexts.local custom context /sys/fs/selinux/booleans
Hoofdstuk 12 Administering Network Interfaces and Network Clients
Hostname
Commands
arp -a ip neighbor hostname hostnamectl ifdown ifup nmcli nm-connection-editor nmtui uname systemctl restart systemd-hostnamed
yum install *ldap* packages authconfig authconfig-gtk authconfig-tui system-config-authentication
Files
/etc/hosts /etc/resolv.conf /etc/sysconfig/network-scripts
/etc/sssd/sssd.conf
Hoofdstuk 13 Securing access with SSH and TCP wrappers
ssh-keygen ssh-copy-id
sftp
yum info tcp_wrappers /etc/sshd/sshd_config /etc/sshd/ssh_config /etc/hosts.allow /etc/hosts.deny /var/log/secure
Hints
repo kernel update acl ntp autofs ldap swap create lvm en partitie lv in nieuwe vg