User:Tom/RHCSA EX200
< User:Tom
Jump to navigation
Jump to search
Lab setup
Physical host host1 Virtual machine 1 server1 192.168.122.110 Virtual machine 2 server2 192.168.122.120
Hoofdstuk 02 Using basic Linux Tools
ssh host ssh -l user host ssh -X host ls pwd cd mkdir tty who uptime whoami logname if groups last lastb lastlog uname hostnamectl timedatectl list-time-zones clear which wc lspci lscpu gzip gunzip bzip2 bunzip2 tar star vi man apropos mandb whatis info
Hoofdstuk 03 Working with files and file permissions
/boot /var/ /usr /opt /home /dev /proc /sys /tmp file touch cat less head tail cp mv rm lsattr chattr find ln, ln -s chmod chown chgrp umask files en directories. Initial permissions for file 666 and for directories 777.
Special permissions setuid setgid sticky. setuid s set on owner of executable files, setgid s set on group of executable files. Examples are su and wall. setgid on directory group; new files inherit directory's owning group.
Hoofdstuk 04 Dealing with the Bash shell, processes and scheduling
variables, local and environment export unset > >> &> HISTFILE history set -o vi grep * ? \ ps pidof pgrep nice renice kill pkill killall at crontab
Hoofdstuk 05 Managing software packages
RHSM Red Hat Subscription Management SAM Subscription Asset Manager subscription-manager rpm rpm2cpio mount /dev/cdrom /mnt mount -o loop /.../*.iso /mnt
yum-config-manager
yum check-update clean, group install, group info, group list, group remove,
repolist, repolist all, repository-packages
info, install, list, search, update, history
createrepo
man yum.conf for info about repository files
gnome-packagekit
/etc/yum.conf /etc/yum.repos.d
Hoofdstuk 06 Configuring server virtualization and network installing RHEL7
lscpu yum -y group install
virt-install virsh list pool-list pool-info virt-manager
brctl
Kickstart anaconda-ks.cfg ksvalidator wget
/etc/sysconfig/network-scripts
Hoofdstuk 07 Booting RHEL 7, updating Kernel and logging messages
lsmod modinfo modprobe grub2-mkconfig -o /boot/grub2/grub.cfg grub2-set-default
rootpw init=/sysroot/bin/sh, chroot /sysroot, mount -o remount,rw /, passwd, touch /.autorelabel, exit, reboot
yum list installed kernel
/boot /etc/grub.d
systemctl systemd-analyze systemd-cgtop
journalctl mkdir -p /var/log/journal systemctl restart systemd-journald
Hoofdstuk 08 Managing users and groups
pwck pwconv grpconv
useradd, usermod, userdel chage
vigr vipw
groupadd, groupmod, groupdel gpasswd /etc/default/useradd /etc/passwd /etc/shadow /etc/login.defs /etc/skel /etc/group /etc/gshadow
/etc/bashrc /etc/profile /etc/profile.d .bashrc ./bash_profile
Hoofdstuk 09 Partitioning and managing disk storage
Master Boot Record (MBR) on BIOS-based systems versus GUID Partition Tabel (GPT) on UEFI-based systems.
parted, gdisk, fdisk partprobe lsblk
pvs vgs lvs vgdisplay lvdisplay lvmdiskscan
pvcreate vgcreate vgextend vgreduce vgremove
lvextend lvresize lvreduce lvremove
/etc/lvm/backup Contains volume group details
Hoofdstuk 10 Constructing and using filesystems and swap
Filesystem administration commands.
e2fsck fsck.ext3 fsck.ext4 mke2fs mkfs.xfs resize2fs tune2fs
Commands common to all filesystems.
blkid - Used to dermine UUID of a partition / logical volume / filesystem mount umount
NFS filesystems
Package nfs-utils mount -t nfs 192.168.1.110:/aapje /aap /etc/fstab: 192.168.1.110:/aapje /aap nfs _netdev 0 0
AutoFS
Package autofs Daemon automount
/etc/sysconfig/autofs /etc/auto.master
UUID universally Unique IDentifier
Swap Space
free -h lvcreate mkswap swapon
ACL's
chacl getfacl file1 setfacl -m user:aap:rw file1
mount options: defaults,acl
Hoofdstuk 11 Controlling Access through Firewall and SELinux
SELinux
context for subjects and objects context contains a type or domain and a security level with subject and object information -u user, _r role, _t domain
Domain transitioning allows a proces in one domain to enter another domain to execute an application authrized to run in that domain only, a proper rule must exist to support such a transition.
Commands
id -Z View context set on Linux user ls -Z Determine context for files ps -eZ Determine context on processes seinfo -u List available SELinux users semanage sestatus SELinux status tool getsebool -a Show all SELinux Boolean variables setsebool Set a boolean variable getenforce Get the current mode of SELinux setenforce cp --preserve=context Preserve specified attributes sealert SELinux troubleshooter
Packages
libselinux-utils policycoreutils setools-console contains seinfo command setroubleshoot-server Troub
Files
/etc/sestatus.conf /etc/selinux/config Controls state of SELinux (enforcing, permissive or disabled /etc/selinux/targeted/contexts/files/file_contexts.local custom context /sys/fs/selinux/booleans
Hoofdstuk 12 Administering Network Interfaces and Network Clients
Hostname
Commands
arp -a ip neighbor hostname hostnamectl ifdown ifup nmcli nm-connection-editor nmtui uname systemctl restart systemd-hostnamed
yum install *ldap* packages authconfig authconfig-gtk authconfig-tui system-config-authentication
Files
/etc/hosts /etc/resolv.conf /etc/sysconfig/network-scripts
/etc/sssd/sssd.conf
Hoofdstuk 13 Securing access with SSH and TCP wrappers
ssh-keygen ssh-copy-id
sftp
yum info tcp_wrappers /etc/sshd/sshd_config /etc/sshd/ssh_config /etc/hosts.allow /etc/hosts.deny /var/log/secure
Hints
repo kernel update acl ntp autofs ldap swap create lvm en partitie lv in nieuwe vg