LiveLessons RHCSA
LiveLessons RHCSA
(LiveLessons)
!!
in /etc/shadow means that user has no password set or is locked
usermod aG account laura add laura to the account group, without
removing her from other groups
AUTOMOUNT
yum install autofs y
/etc/auto.master
1
AUTOMOUNT with Samba
# cat /etc/auto.master
/home/guests /etc/auto.guests
# cat /etc/auto.guests
* fstype=cifs,username=ldapusers,password=password\
://server.rhatcertification.com/data/&
NFS configure
# yum install nfsutils
create/etc/exports > /data rw *(rw,no_root_squash)
# mkdir /data
# systemctl start nfs
# systemctl status l nfs
# showmount e localhost
8. Managing Permissions
chown / chgrp / chmod
setfacl / getfacl
setfacl m g:sales:rx /data/account
setfacl R m g:sales:rx /data/account recursive
2
setfacl m d:g:sales:rx /data/account setting a default acl, which will be
inherited by newly created items under directory
ak chceme zmenit aktualne aj defaultne prava je potrebne spustit obidva commandy m
aj
m d
9. NETWORKING
IP command
changes made with ip command will be active only untill the reboot !!!
ip help
ip addr help
ip link show, ip l
ip addr show, ip a
ip addr add dev ens33 10.0.0.10/24
ip route show, ip r
ip route add 20.0.0.0/8 via 192.168.4.141
ip s link show network statistics
3
ip route add 10.0.1.0/24 via 192.168.4.3 add route(temporary)
DNS
/etc/sysconfig/networkscripts/ifcfgens33 change DNS there
Network troubleshooting
ip addr show, ip a check IP addresses
ip route show, ip r check routing (default route)
cat /etc/resolv.conf check DNS
ping c1 10.0.2.1 ping default route
ping c1 8.8.8.8 ping DNS
ping f 192.168.4.2 ping flood, bandwith test
traceroute 8.8.8.8
host ldap.rhatcertification.com returns IP address
dig ldap.rhatcertification.com to check if DNS works
ip s link link statistics, check for errors
Process priority
nice n 10 dd if=/dev/zero of=/dev/null run command with lower priority
renice n 10 5699 increase of the priority of running job (pid 2699)
r
for renice the “” can be used in
top command
nice, renice values can be from 20 (highest priority) to 19 (lowest priority)
4
11. Manage software
YUM
yum repolist show available repositories
/etc/yum.repos.d/ dir with repositories config files
RPM
rpm qf /sbin/chronyd find to which package the file belongs
rpm ql chrony show everything what is in the package
rpm qc chrony query configuration files of the package
rpm qd chrony show documentation
rpm qa lists all packages installed on the system
rpm q scripts httpd shows installation scripts of the package
rpm qpl something.rpm query rpm file instead of repository
rpm qp scripts something.rpm
repoquery ql yptools query packages in repository
5
special network device, virtual bridge
virbr0 (ip link show)
Managing virtualisation
virsh
virsh list show running VM
virsh list all show all VM
virsh destroy name shut down VM
virsh start name start VM
/etc/libvirt/ config files for virt.
/etc/libvirt/quemu conf. files of VM
virsh edit name edit config of the VM name
networking
virbr0 virtual bridge
vnet0 virtual network card
virtmanager
graphic tool for VM management
Ctrl + Alt + L exit from the VM
14. Logging
Services can use three ways of logging information:
direct write to a file (/somewhere/my.log)
through systemctl >
journald (new in RHEL7)
through rsyslogd >
/var/log/
...
journald
information about the system’s start processes
written in binary file
systemctl status
systemctl gets information from journald ( )
6
journalctl shows journald logs
journalctl b shows boot information
journalctl xb
journalctl since=yesterday logs from yesterday
journalctl u sshd logs for specific service (systemd unit)
journalctl u sshd o verbose detailed information
journalctl _COMM=su logs for specific command
rsyslogd
/var/log/secure | /var/log/messages | /var/log/cron
Log rotation
it runs as a cron job in
/etc/cron.daily/logrotate
/etc/logrotate.conf config file for log rotation
/etc/logrotate.d/ config files for the specific applications
LUKS encryption
cryptsetup luksFormat /dev/sdb2 creates encrypted partition
cryptsetup luksOpen /dev/sdb2 secret opens encrypted partition, name it secret
creates new device
/dev/mapper/secret
mkfs.ext4 /dev/mapper/secret
mount /dev/mapper/secret /secret
umount /secret
cryptsetup luksClose /dev/mapper/secret
7
secret /dev/sdb2 none
/etc/fstab
/dev/mapper/secret /secret ext4 defaults 12
systemctl reboot
16. LVM
Creating Logical Volumes
first setup partition type to Linux LVM (8e) in fdisk
pvcreate /dev/sdb3 create physical volume in LVM
vgcreate vgmyvg /dev/sdb3 create volume group
vgs show volume groups
lvcreate n lvmylv L 196M vgmyvg create logical volume
lvs show logical volumes
mkfs.ext4 /dev/vgmyvg/lvmylv create filesystem
mount /dev/vgmyvg/lvmylv /mnt
(mount /dev/mapper/vgmyvglvmylv /mnt)
Device mapper
/dev/dm0, dm1, ... volumes
/dev/mapper/vglv links to volumes provided by device mapper
/dev/vg/lv links provided by the lvm subsystem
Growing LV
vgextend vgmyvg /dev/sdb5 add new partiton into the VG
lvextend l +100%FREE r /dev/vgmyvg/lvmylv
add all available space in VG to the LV and resize filesystem (with
r
option)
Shrinking LV
XFS cannot be shrunk !
FS has to be unmounted first
e2fsck f /dev/vgmyvg/lvmylv check the FS
resize2fs /dev/vgmyvg/lvmylv 100M reduce the FS size (ext2,3,4 type)
lvreduce L 102400K /dev/vgmyvg/lvmylv reduce LV
lvreduce L 50M r /dev/vgmyvg/lvmylv reduce FS and LV in 1 step (r)
8
17. Kernel
new HW > udev > kernel (loads module)
Kernel modules
udev automatically loads modules that are necessary
udevadm monitor trap all udev and kernel events
lsmod list of the currently loaded modules
modprobe module load kernel module
modprobe r module remove kernel module
modinfo module information about module; shows available parameters
/etc/modprobe.d/ config dir for modprobe
man 5 modprobe.d
cat /etc/modprobe.d/cdrom.conf
options cdrom lockdoor=0
/sys/module/ info about kernel modules and their parameters
example:
cat /etc/modprobe.d/iwlwifi_led.conf
options iwlwifi led_mode=1
modprobe iwlwifi
cat /sys/module/iwlwifi/parameters/led_mode
1
18. Kickstart
kickstart file on USB
on server (ftp)
kickstart files anacondaks.cfg
initialsetupks.cfg
yum install systemconfigkickstart y install kickstart utility
9
systemconfigkickstart run GUI for kickstart
During the installation add
ks=
option to the boot options.
ks=ftp://myserver/dir/anacondaks.cfg
Grub2
/etc/default/grub main config file for grub
/etc/grub.d additional config.
grub2mkconfig update the boot loader from config. files
POST > MBR (grub is loading) > Press Escto access boot menu >
Enter boot options at the end of the line starts with
linux16 (systemd.unit =
emergency.target)
Systemd
kernel starts systemd and it starts everything else (services, mounts, automount, …)
uses unit files ( the replacement for init scripts)
/usr/lib/systemd/ default scripts for systemd
/etc/systemd/ users’ scripts used by systemd
/usr/lib/systemd/system/ default systemd services, targets
/etc/systemd/system/ user defined systemd services, targets
systemctl command for managing services
systemctl status | stop | start | disable | enable service
Targets the collection of services
multiuser.target runs on boot (without GUI)
graphical.target runs on boot (with GUI)
Wants what should be run on specific target (symbolic links for services)
symb. links are created|deleted using systemctl disable|enable command
/usr/lib/systemd/system/default.target default target on boot
Systemd Targets
define the state that system enters
equivalent to runlevels:
10
poweroff.target shutdown
rescue.target troubleshooting
multiuser.target normal mode without GUI
graphical.target GUI
reboot.target
emergency.target more minimal that rescue.target
WantedBy
every service knows by which target it is wanted ( option)
Requires, Conflicts, After
order between targets is defined in targets ( options)
systemctl listunits type=target which targets are running
systemctl isolate rescue.target switch to the minimal mode
From Grub enter boot option(systemd.unit = rescue.target)
Automount in Systemd
to use automount the mount file must exists with the same name !
systemctl disable lvdisk.mount ; systemctl stop lvdisk.mount
cat lvdisk.automount
[Unit]
Description = Automount FS
[Automount]
Where = /lvdisk
[Install]
WantedBy = multiuser.target
systemctl enable lvdisk.automount ; systemctl start lvdisk.automount
20. Troubleshooting
Grub
grub2* utilities to work with grub
11
grub2mkconfig o /boot/grub2/grub.cfg
save grub config that you applied during boot
21. HTTP
rpm qf `which httpd`
yum install httpd
rpm qc httpd
/etc/sysconfig/httpd
/etc/httpd/
/etc/httpd/conf/httpd.conf main config file
systemctl start httpd ; systemctl enable httpd
yum install elinks text browser
22. SELinux
/etc/sysconfig/selinux controls the state (mode) of SELinux
SELinux modes:
disable disable SELinux (activated on boot)
enforcing secure policy
permissive just logging, no restrictions
getenforce show the current SELinux mode
setenforce Enforcing switch to enforcing mode
Context
ls Z displaying context on files(user:role:type)
ps zaux context of processes
netstat Ztulpen context of the network ports
When the file is moved it keeps his context settings, when it is copyed it will get new context from
the parent directory.
semanage manage context, in the policy
restorecon apply the policy to the object
12
semanage fcontext l list all contexts on the system
yum install policycoreutilsdevel to install sepolicy
sepolicy manpage a p /usr/share/man/man8 generate manpages
mandb
man k _selinux
SELinux logs
yum search setroubleshoot SELinux troubleshoot packages
systemctl status auditd daemon for logging
/var/log/audit/audit.log audit log file
grep AVC /var/log/audit/audit.log show SELinux messages
grep sealert /var/log/messages SELinux alerts in messages
sealert l 23d2323232… check the alert details
23. FIREWALL
netfilter in linux kernel
previous management tool = iptables
new default management utility =
firewalld
Firewalld
it works with the zones and services
systemctl status firewalld
firewallcmd getzones
firewallcmd getservices
firewallcmd getdefaultzone
firewallcmd getdefaultzone zonename
/usr/lib/firewalld/services/ system’s default services
/etc/firewalld/services/ dir for adding new services
firewallcmd zone=home addservice=highavailability
add service to the zone
firewallcmd permanent zone=home addservice=highavailability
add service to the zone permanently
systemctl restart firewalld
firewallcmd listall get configuration for the current default zone
13
24. FTP
vsftpd default ftp daemon in RHEL7
/etc/vsftpd/vsftpd.conf
/var/ftp DocumentRoot for ftp (home dir of the ftp user)
yum install y lftp ftp client
timedatectl listtimezones
timedatectl settimezone Europe/Bratislava
timedatectl settime 14:50 set time manually
26. VNC
Setup VNC server
yum y install tigervnc tigervncserver
useradd vncuser
passwd vncuser
cd /usr/lib/systemd/system/
cp [email protected] vncserver\@:1.service
vi vncserver\@\:1.service
replace
<USER>
with
vncuser
systemctl daemonreload reload configuration for systemd
su vncuser
vncpasswd
systemctl start vncserver\@\:1 do not use number 0 !!!
firewallcmd permanent addservice vncserver
firewallcmd reload
VNC client
vncviewer via user@remotehost localhost:1
vncviewer via vncuser@localhost localhost:1 test on localhost
www.rhatcertification.com
14