rd.

break console=tty1 \enforcing=0

mount -o remount, rw /sysroot
chroot /sysroot
passwd root
touch /.autorelabel or mount -o remount, ro /
exit and reboot.

chage -m 0 -M 90 -W 7 -I 14 -E 2020-12-25 siyaan

useradd siyaan -c SIYAAN_SIJO -u 23600 -G support -s /bin/bash -e 2022-05-29 (YYYY-

MM-DD)- May 29, 2022

cat /dev/null >/etc/resolv.conf

echo "nameserver 192.168.0.100" >/etc/resolv.conf
echo "nameserver 192.168.0.200" >>/etc/resolv.conf
hostnamectl set-hostname servera.classroom.com
cat /etc/hostname

dnf-config-manager
dnf config-manager --add-repo http://repo.eight.example.com/BaseOS
dnf config-manager --add-repo http://repo.eight.example.com/Appstream
dnf update
or
cd /etc/yum.repos.d/

vim server.repo

[server]
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
NB--> if file path location where the CD/DVD contenets are copied to /rpms folder:-
"baseurl=file:///rpms/BaseOS"
enabled=1
gpgcheck=0
name=rhel8.0

[server1]
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream
NB--> if file path location where the CD/DVD contenets are copied to /rpms folder:-
"baseurl=file:///rpms/AppStrem"
enabled=1
gpgcheck=0
name=rhel8.0.1

esc
:wq

Verify Command-->yum repolist

timedatectl set-timezone "Asia/Dubai"

timedatectl set-ntp yes
dnf install chronyd

dnf install chrony

systemctl status chronyd

vi /etc/chrony.conf
------ntp command
timedatectl

system status chronyd

--> Verify Current Setup

vim /etc/chrony.conf

server classroom.example.com iburst

esc + :wq

systemctl restart chronyd

systemctl enable chronyd

nmcli connection modify ens32 connection mode static ipv4.addresses

192.168.44.121/24 ipv4.gateway 192.168.44.1 ipv4.dns 192.168.44.100 +ipv4.dns
8.8.8.8 ipv4.method manual connection.autoconnect yes

ip forwarding.

vi /etc/sysctl.conf
net.ipv4.ip_forward=1

systemctl set-default multi-user.target

vi /etc/defa ult/grub

umount /dev/sdb
fdisk /dev/sdb
m
n
p
1
+2G

fdisk -l /dev/sdb
pvcreate /dev/sdb1

pvs

vgcreate vgprac /dev/sdb1

mkfs.xfs /dev/mapper/vgpraclvprac

fstab entry

mount -a

lvextend -r
lvextend -L +500M -r /dev/vgprac/lvprac

Thin Volume
VDO

dnf install kmod-kvdo

vdo create --name=vdo1 --device=/dev/sdc --vdoLogicalSize=5T --writePolicy=auto
--force

mkfs.xfs -K /dev/mapper/vdo01
udevadm settle

mkdir /mnt/vdo01
mount /dev/mapper/vdo01 /mnt/vdo01/

x-systemd.requires=vdo.service

UUID=ef8c...39b1 /labvdovol xfs defaults,x-systemd.requires=vdo.service 0 0

The -K option in the preceding mkfs.xfs command prevents the unused blocks
in the file system from being discarded immediately which lets the command return
faster

dnf install httpd

systemctl status httpd

wget 127.0.0.1

vi /var/www/html/index.html

firewall-cmd --get-active-zones

firewall-cmd --list-all
firewall-cmd --zone public --add-service http --permanent
firewall-cmd --zone public --add-service https --permanent

# firewall-cmd --permanent --add-service=ntp

# firewall-cmd --reload

mkdir -p /find/largefiles

find /etc/ -size +5M -exec cp {} /find/largefiles/ \;

vim awesome.sh
if [ "$1" =="me"]; then
echo "Yes I am awesome"
elif ["$1" == "them" ] ; then
echo "They are awesome"
else
echo "Rubbish"
fi

chmod 700 awesome.sh

./awesome.sh me

Users

files in all profile

touch /etc/skel/welcome
ls -lhtra /etc/skel/welcome

vim /etc/login.defs

chmod -R g/u/o=--- /ittools

setfacl -m u/g/o:siyaan:rwx ittools
setfacl -m g:sales:rx /dir
chmod u/g/o+r-x itools

setfacl -m d:g:sales:rx /data

setfacl -m d:o::- /data.

setfacl -m g:account:rx /data/sales

setfacl -m g:sales:rx /data/account
setfacl -m d:g:account:rx,g:sales:rwx ata/sales to set the default ACL for the
directory sales.
Add the default ACL for the directory /data/account by using setfacl -m
d:g:sales:rx,g:account:rwx /data/account.
setfacl -R -x u:ayaan support-bits/

mkdir /home/admins
chown :admingroup /home/admins
setfacl -m g:admingroup:rwx /home/admins
setfacl -m u:root:--- /home/admins
setfacl -m o:--- /home/admins
chown -R :admingroup /home/admins/
chmod g+s /home/admins

setfacl -m g:testgroup1:rwx /var/tmp/fstab (Read and Write Executable permission to

group testgroup1)
setfacl -m o:r-- /var/tmp/fstab (Others are having only read permission)

notes:- setfacl -d -m u::rwX,g::rwX,o::0 /var/grpdir

find / -user linda

chown -R linda /home/linda

note:- [a] – Minute [b] – Hour [c] – Day [d] – Month [e] – Day of the Week

crontab -e -u natasha
*/2 * * * * /usr/bin/logger "EXAM IS IN PROGRESS"

Hard Link
ln logsfileSJ.txt /root/folder1/newhardlink.txt

to check the inode number --> ls -li logfileSJ.txt /root/folder1/newhardlink.txt

( inode ID will be same)
SoftLink

ln -s newfile1.txt secondfile.txt ( Ls -li ( Inode id will be different, parent

file deleted the link also is not available)

/etc/passwd
/etc/shadow
/etc/group
/bin/bash
/dev/null
/bin/bash
/sbin/nologin
/etc/sudoers
/etc/profile & etc/bashrc --> umask value
cat /etc/bashrc--> for Umask default value setup
cat /etc/profile
/etc/selinux/config

Sudo Permission ( Wheel Group )

=======================================================
To enable full sudo access for the user user01, you could create
/etc/sudoers.d/user01
with the following content:
user01 ALL=(ALL) ALL
To enable full sudo access for the group group01, you could create
/etc/sudoers.d/group01
with the following content:
%group01 ALL=(ALL) ALL

example:-
echo "%admin ALL=(ALL) ALL" >> /etc/sudoers.d/admin

USER Removal
=========================================================
• The userdel username command removes the details of username from /etc/passwd,
but
leaves the user's home directory intact.
• The userdel -r username command removes the details of username from /etc/passwd
and also deletes the user's home directory.

CHMOD Command
=====================================================
chmod WhoWhatWhich file|directory
• Who is u, g, o, a (for user, group, other, all)
• What is +, -, = (for add, remove, set exactly)
• Which is r, w, x (for read, write, execute)
chmod -R g+rwX demodir --> change permission of demo directory for group
recursively ( read write and execute)
chmod a+x file2 --> Setting executable permission for ( user & group&Other users)
chmod go-rw file1--> removes the read and write permission for the gropu and other
user permissions

1. Start with 0.
2. If the read permission should be present for this access level, add 4.
3. If the write permission should be present, add 2.
4. If the execute permission should be present, add 1.

CHOWN Command
=====================================================
chown student test_file --> ownership of the test_file file to the student
chown -R sijo softhardlink/ -->user ownership of the folder and the contents are
changed to user sijo
chown -R :ictsupport softhardlink/ --> group ownership of the folder and the
contents are changed to group ictsupport
chown visitor:guests test_dir --> changing the user and group ownership
accordingly

=======================================================

u+s (suid) File executes as the user that owns the file, not the user that ran the
file. No effect.
g+s (sgid) File executes as the group that owns the file.
Files newly created in the directory have their group owner set to
match the group owner of the directory.
o+t (sticky) No effect. Users with write access to the directory can only remove
files that they own; they cannot remove or
force saves to files owned by other users.

Setting Special Permissions

• Symbolically: setuid = u+s; setgid = g+s; sticky = o+t
• Numerically (fourth preceding digit): setuid = 4; setgid = 2; sticky = 1

chmod g+s directory --> Add the setgid bit on directory

chmod 2770 directory --> Set the setgid bit and add read/write/execute permissions
for user and group, with no access
for others, on directory

umask

umask 007

vi command for permanent set

vi ~/.bash
below "# User specific aliases and functions"
umask <value>

vi ~/.bashrc
cat /etc/bashrc
cat /etc/profile

•SE Linux.
----------------------
Enforcing
Permissive
Disabled

semanage port -l
ps axZ
ps -ZC httpd
List all port definitions
# semanage port -l
Allow Apache to listen on tcp port 81
# semanage port -a -t http_port_t -p tcp 81
Allow sshd to listen on tcp port 8991
# semanage port -a -t ssh_port_t -p tcp 8991

restart the service

--> To Change the SE Linux mode

getenforce --> Will show the existing SE Linux Mode

setenforce permissive/enforcing changes to the selection.

/etc/selinux/config , can set the SE Linux mode persistently.

ls -Z /var/www/html/index.html --> Shows the SE linux Contenet of a File.

-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/
index.html

ls -Zd /var/www/html/ --> Shows the SE Linux xontent of the folder.

chcon -t httpd_sys_content_t /virtual --> changing the SE linux content of the

file to "httpd_sys_content_t"
restorecon ---> Changes to default SELinux content.

systemctl enable --now httpd

Question
Open a web browser on workstation and try to view http://servera/index.html.
You will get an error message that says you do not have permission to access the
file.
6. To permit access to the index.html file on servera, SELinux must be configured.
Define
an SELinux file context rule that sets the context type to httpd_sys_content_t for
the
/custom directory and all the files below it.

semanage fcontext -a -t httpd_sys_content_t '/custom(/.*)?'

if need to change the content back

restorecon -Rv /custom

chmod 711
setsebool -P httpd_enable_homedirs on

Tuning Profile
=======================================================
tuned-adm

tuned-adm list --> provides the list of available profiles

tuned-admin active --> shows the currently active profile.

tuned-adm profile <available profile from tuned-adm list command> --> sets that
profile.

ps axo pid,comm,nice,cls --sort=-nice

renice -n 19 3521 --> 3521 (process ID) old priority 15, new priority 19

ps u $(pgrep sha1sum)

for i in $(seq 1 3); do sha1sum /dev/zero & done

ps aux --sort=pcpu

YUM

=======================================================

List installed and available packages by name --- yum list [NAME-PATTERN]
List installed and available groups --- yum group list
Search for a package by keyword --- yum search KEYWORD
Show details of a package --- yum info PACKAGENAME
Install a package --- yum install PACKAGENAME
Install a package group --- yum group install GROUPNAME
Update all packages --- yum update
Remove a package --- yum remove PACKAGENAME
Display transaction history --- yum history

Mounting
=======================================================
lsblk -f ( Shows the UUID also)

mount UUID="46f543fd-78c9-4526-a857-244811be2d88" /mnt/data

umount /mnt/data --> unmounts

Parted

parted /dev/vdb help mkpart

parted /dev/vdb mkpart primary xfs 2048s 1000MB

parted /dev/sdb

mklabel ( msdos/gpt)

mkpart ( crate partition)

select the file systems --> parted /dev/vdb help mkpart --> commands shows the
available file systems can be parted.

quit

udevadm settle -->This command waits for the system to detect the new
partition and to create the associated device file under the /dev directory

mkfs.xfs /dev/sdb1 --> I selected the filesystem as xfs.

fstab entry

UUID=39a90ab4-0bde-4306-9bf5-7c86e1d3d9a9 /root/parteddiskmount xfs defaults 0 0

command to execute as single command

parted /dev/vdb mkpart myswap linux-swap 1001MB 1501MB

SWAP space Creation with parted

=======================================================

parted /dev/sdb
mkpart ( crate partition)
quit

mkswap /dev/sdb2

get the UUID lsblk -f

fstab entry

UUID=ffde66ff-197f-47c8-87e9-2cd9168bfc0e swap swap defaults 0 0

we can set priority

UUID=39e2667a-9458-42fe-9665-c5c854605881 swap swap pri=4 0 0

UUID=fbd7fa60-b781-44a8-961b-37ac3ef572bf swap swap pri=10 0 0

swapon /dev/vdb2

swapon

•SYSTEMCTL
----------------------
systemctl list-units --type=service
systemctl status sshd.service

•LV CRREATION.

parted -s /dev/vdb mklabel gpt

parted -s /dev/vdb mkpart primary 1MiB 257MiB
parted -s /dev/vdb set 1 lvm on
parted -s /dev/vdb mkpart primary 258MiB 514MiB
parted -s /dev/vdb set 2 lvm on

udevadm settle
pvcreate /dev/sdc1 /dev/sdc2

vgcreate srv1vg1 /dev/sdc1 /dev/sdc2 -s 16M

vgdisplay srv1vg1 | grep PE

lvcreate -n srv1lv1 -l 50 srv1vg1 or lvcreate -n srv1lv1 -L 800M srv1vg1 (16PE

size X 50 PE= 800M)

mkfs.xfs /dev/srv1vg1/srv1lv1

lsblk -f

mount temperoraly in /root/lvmount

mount /dev/srv1vg1/srv1lv1 lvmount

/dev/servera_01_vg/servera_01_lv /data xfs defaults 1 2

Extending and Reducing Volume Group

vgdisplay srv1vg1
parted /dev/sdc
parted -s /dev/sdc mkpart primary 2148MiB 3218MiB
parted -s /dev/sdc set 3 lvm on
pvcreate /dev/sdc3
vgextend srv1vg1 /dev/sdc3
vgdisplay
vgdisplay srv1vg1
lvdisplay /dev/srv1vg1/srv1lv1

lvdisplay /dev/srv1vg1/srv1lv1 |grep Size

lvextend -L +224M /dev/srv1vg1/srv1lv1
lvextend -l +1 /dev/srv1vg1/srv1lv1
lvdisplay /dev/srv1vg1/srv1lv1 |grep Size

Notes
lvextend -l 128 --> Resize the logical volume to exactly 128 extents in size.
lvextend -l +128 --> Add 128 extents to the current size of the logical volume.
lvextend -L 128M --> Resize the logical volume to exactly 128 MiB.
lvextend -L +128M --> Add 128 MiB to the current size of the logical volume.
lvextend -l +50%FREE --> Add 50 percent of the current free space in the VG to the
LV.

after the lvextend we need to grow the file system.

xfs_growfs /root/lvmount
resize2fs /dev/vg01/lv01 also can be used

•STRATIS CREATION Create a stratis volume on the disk which is not used for
partition purpose.Create the stratis filesystem "stratisfs" in the pool
"stratispool"Mount the volume under the directory "/stratisvolume".Put a copy of
the file in "/stratisvolume" which got from the link Create snapshot of "stratisfs"
named as "stratisnap"

systemctl status stratisd

systemctl enable stratisd
systemctl start stratisd

lsblk

41 stratis pool create stratispool /dev/sdb

42 stratis pool list
43 stratis blockdev list
44 stratis blockdev list stratispool
45 stratis filesystem create stratispool stratisfs
46 cd /stratis/stratispool/

48 stratis filesystem snapshot stratispool stratisfs stratisnap

49stratis filesystem list
50mkdir /stratisvolume
51ls /
52lsblk
53lsblk -lf
56 mount /stratis/stratispool/stratisfs /stratisvolume/
57 lsblk -lf
vi /etc/fstab

UUID=8f8de1f0-f11c-43f7-b969-d6da51b3cb62 /stratisvolume xfs defaults, x-

systemd.requires=stratisd.service 0 0
or

UUID=9b9d33fa-c873-4406-9072-83fde7567889 /stratisvolume xfs defaults 0 0

Deleting

# umount myfs1
# umount myfs1-experiment (if you created it)
# stratis fs destroy mypool myfs1
# stratis fs destroy mypool myfs1-experiment
# stratis pool destroy mypool

stratis pool add-data pool1 /dev/vdc --> add additional block devices to a pool.