0% found this document useful (0 votes)
237 views14 pages

LiveLessons RHCSA

This document provides an overview of managing users, permissions, networking, processes, software and virtual machines on Red Hat Enterprise Linux 7. Key points include how to add/modify users and groups, set file permissions using ACLs, configure networking using ip commands, NetworkManager and files in /etc/sysconfig/network-scripts, manage running processes and priorities using commands like ps, nice, renice, kill, manage software packages with yum and rpm, and work with KVM virtual machines using libvirt/virsh and virt-manager.

Uploaded by

moskyt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
237 views14 pages

LiveLessons RHCSA

This document provides an overview of managing users, permissions, networking, processes, software and virtual machines on Red Hat Enterprise Linux 7. Key points include how to add/modify users and groups, set file permissions using ACLs, configure networking using ip commands, NetworkManager and files in /etc/sysconfig/network-scripts, manage running processes and priorities using commands like ps, nice, renice, kill, manage software packages with yum and rpm, and work with KVM virtual machines using libvirt/virsh and virt-manager.

Uploaded by

moskyt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

RHCSA 7

(LiveLessons)

man ­k time | grep 1


find / which / whereis / locate (updatedb)
tar xvf archiv.tar ­C /cesta/pre/rozbalenie
tar xvf etc.tar ­C / etc/passwd ­ restore only passwd file
df ­T ­ show FS types
man 7 glob ­ globbing

ssh­copy­id server ­ transfer public key to the server

!!​
in /etc/shadow means that user has no password set or is locked

usermod ­aG account laura ­ add laura to the account group, without
removing her from other groups

/etc/login.defs ­ definitions for creating of the users


/etc/default/useradd ­ default settings for user creation
/etc/skel/ ­ copies it’s content to the user home dir

chage ­ like passwd (change user’s pass expire inf)


chage ­l user ­ show parameters of the user’s account

passwd ­x 90 user ­ expire user’s password after 90 days


chage ­M 90 user ­ expire user’s password after 90 days

7. LDAP CLIENT setup


ldd /bin/login ­ list libraries for the executable program
/lib/libpam.so.0 ­ library for authentifications
/etc/pam.d/ ­ dir with authent. modules
/etc/pam.d/login ­ how to handle login process
/etc/pam.d/system­auth
pam_unix.so ­ local host authent.
pam_ldap.so ­ ldap authentication

authconfig(authconfig­gui, authconfig­tui) ­ setup authentification


yum install nscd nss­pam­ldapd pam_ldap ­ needed to use ldap

AUTOMOUNT
yum install autofs ­y
/etc/auto.master
1
AUTOMOUNT with Samba
# cat /etc/auto.master
/home/guests /etc/auto.guests

# cat /etc/auto.guests
* ­fstype=cifs,username=ldapusers,password=password\
://server.rhatcertification.com/data/&

* means all directories under /home/guests


& means the accessed dirctory

AUTOMOUNT with NFS


# cat /etc/auto.guests
* ­rw nfsserver:/home/guests

NFS configure
# yum install nfs­utils
create​/etc/exports ­> /data ­rw *(rw,no_root_squash)
# mkdir /data
# systemctl start nfs
# systemctl status ­l nfs
# showmount ­e localhost

nslcd ­ Naming service LDAP client daemon


systemctl status nslcd
/etc/nsswitch.conf
/etc/pam.d/login
/etc/pam.d/system­auth
/etc/nslcd.conf ­ config file for LDAP client

8. Managing Permissions
chown / chgrp / chmod

ACL ­ Access Control Lists


­ needs to be set in ­ /etc/fstab ​ or​systemd
­ tune2fs ​ for ext FS
­​in XFS it is default
df ­T ­ show FS type
tune2fs ­l /dev/sda1 |grep Default ­ default mount options (if supports acl)

setfacl / getfacl
setfacl ­m g:sales:rx /data/account
setfacl ­R ­m g:sales:rx /data/account ­ recursive

2
setfacl ­m d:g:sales:rx /data/account ­ setting a default acl, which will be
inherited by newly created items under directory
­ ak chceme zmenit aktualne aj defaultne prava je potrebne spustit obidva commandy ​ ­m​
aj
­m d

9. NETWORKING

Network device naming:


­ BIOS naming ­ embedded NICs (​em[1­N]​
)
p<port_number>s<slot_number>​
­ PCI cards (​ )
­ Udev Naming: classical ​
ethX ​naming
­ Physical Naming: same as bios naming
­ Logical naming: ​
<vlan>​ and ​
<alias>

IP command
­ changes made with ip command will be active only untill the reboot !!!
ip help
ip addr help
ip link show, ip l
ip addr show, ip a
ip addr add dev ens33 10.0.0.10/24
ip route show, ip r
ip route add 20.0.0.0/8 via 192.168.4.141
ip ­s link ­ show network statistics

Network configuration files


/etc/sysconfig/network­scripts/ ­ config files for NICs
/etc/sysconfig/network­scripts/ifcfg­ens33
/etc/hostname ­ new in RHEL 7
/etc/resolv.conf ­ don’t change manually, generated by NetworkManager

Network Manager Utilities


­ makes permanent changes to the config.
nmcli
nmcli connection show
nmcli con add con­name testing ifname ens33 type ethernet ip4
10.0.0.15/24
nmcli conn down ens33
nmcli conn up testing

nmtui ­ network manager text user interface


systemctl restart NetworkManager
Routing
ip route show, ip r ­ show routes

3
ip route add 10.0.1.0/24 via 192.168.4.3 ­ add route(temporary)

/etc/sysconfig/network­scripts/ifcfg­ens33 ­ change gateway there


# nmcli con down ens33; nmcli con up ens33

DNS
/etc/sysconfig/network­scripts/ifcfg­ens33 ­ change DNS there

Network analysis tools


hostname / ping / traceroute / dig / nmap / netstat
netstat ­i ­ packet info for network cards
netstat ­tulpen ­ listening ports

Network troubleshooting
ip addr show, ip a ­ check IP addresses
ip route show, ip r ­ check routing (default route)
cat /etc/resolv.conf ­ check DNS
ping ­c1 10.0.2.1 ­ ping default route
ping ­c1 8.8.8.8 ­ ping DNS
ping ­f 192.168.4.2 ­ ping flood, bandwith test
traceroute 8.8.8.8
host ldap.rhatcertification.com ­ returns IP address
dig ldap.rhatcertification.com ­ to check if DNS works
ip ­s link ­ link statistics, check for errors

10. Process management


ps fax ­ show process tree
free ­m ­ memory in MB
uptime / w ­ load in 1, 5, 15 minutes (number of runnable processes)
killall dd ­ kill all processes with name dd
pkill dd
­ to use kill from the ​
top ​
command press “​ k​

yum install psmisc


­ installs following utilities: ​
fuser / killall / pstree / peekfd

Process priority
nice ­n 10 dd if=/dev/zero of=/dev/null ­ run command with lower priority
renice ­n ­10 5699 ­ increase of the priority of running job (pid 2699)
r​
­ for renice the “​” can be used in ​
top ​command
­ nice, renice values can be from ­20 (highest priority) to 19 (lowest priority)

4
11. Manage software

YUM
yum repolist ­ show available repositories
/etc/yum.repos.d/ ­ dir with repositories config files

/etc/yum.repos.d/myrepo.repo ­ create your own repository


[myrepo]
name=myrepo
baseurl=file:///repo
gpgcheck=0
createrepo /repo ­ create repo indexes

yum search something


yum install something
yum list all ­ list all available packages
yum list installed ­ show installed packages
yum whatprovides */semanage ­ search for files within packages
yum provides killall
yum remove package
yum remove ­y package
yum localinstall package ­ install package which is not in repository

RPM
rpm ­qf /sbin/chronyd ­ find to which package the file belongs
rpm ­ql chrony ­ show everything what is in the package
rpm ­qc chrony ­ query configuration files of the package
rpm ­qd chrony ­ show documentation
rpm ­qa ­ lists all packages installed on the system
rpm ­q ­­scripts httpd ­ shows installation scripts of the package
rpm ­qpl something.rpm ­ query rpm file instead of repository
rpm ­qp ­­scripts something.rpm
repoquery ­ql yp­tools ­ query packages in repository

12. Virtual machines


KVM
­ requirements
egrep ‘vmx|svm’ /proc/cpuinfo​
­ CPU compatibility (​ )
­ 64bit kernel arch​
(​ )
­​kvm, kvm­intel ­ linux kernel modules lsmod|grep kvm​
(​ )
­​libvirtd ­ manages virtualization systemctl status libvirtd​
(​ )
­​virt­manager ­ graphic tool
­​virsh ­ virtualization shell
­​virt­install ­ virt. install interface

5
­ special network device, virtual bridge ­ ​
virbr0 (ip link show)

Managing virtualisation
­ virsh
­ virsh list ­ show running VM
­ virsh list ­­all ­ show all VM
­ virsh destroy name ­ shut down VM
­ virsh start name ­ start VM
/etc/libvirt/ ­ config files for virt.
/etc/libvirt/quemu ­ conf. files of VM
virsh edit name ­ edit config of the VM name
­ networking
­ virbr0 ­ virtual bridge
­ vnet0 ­ virtual network card

virt­manager
­ graphic tool for VM management
­ Ctrl + Alt + L ­ exit from the VM

13. Scheduling tasks


/etc/crontab ­ crontab config file
crontab ­e ­ edit crontab
/etc/cron.daily | .monthly | .weekly | .hourly
­ shell scripts to run daily, monthly, weekly, hourly
/etc/cron.d/ ­ additional crontabs which are executed
/var/spool/cron/ ­ location of the users’ crontabs (created with ­e)

systemctl status atd ­l ­ shows status of the at daemon


/var/spool/at/ ­ at scripts
at
atq ­ at queue
atrm ­ remove at jobs

14. Logging
Services can use three ways of logging information:
­ direct write to a file (/somewhere/my.log)
­ through ​systemctl ​ ­>​​
​ journald ​ (new in RHEL7)
­ through ​rsyslogd ​ ­> ​
​ /var/log/​
​ ...

journald
­ information about the system’s start processes
­ written in binary file
systemctl status​
­ systemctl gets information from journald (​ )

6
journalctl ­ shows journald logs
journalctl ­b ­ shows boot information
journalctl ­xb
journalctl ­­since=yesterday ­ logs from yesterday
journalctl ­u sshd ­ logs for specific service (systemd unit)
journalctl ­u sshd ­o verbose ­ detailed information
journalctl _COMM=su ­ logs for specific command

rsyslogd
/var/log/secure | /var/log/messages | /var/log/cron

Log rotation
­ it runs as a cron job in ​
/etc/cron.daily/logrotate
/etc/logrotate.conf ­ config file for log rotation
/etc/logrotate.d/ ­ config files for the specific applications

15. Storage management


Managing partitions
cat /proc/partitions ­ to show all available partitions on the system
fdisk ­l
partprobe /dev/sdb ­ inform the OS of partition table changes
partprobe
Creating FS
mkfs.xfs ­L myfs /dev/sdb1 ­ create xfs FS on /dev/sdb1, with label myfs
mkfs.btrfs | mkfs.ext4 | mkfs.vfat
mount | mount ­a | umount
Mounting
mount /dev/sdb1 /mnt
mount LABEL=myfs /mnt
blkid ­ shows UUID of the devices
mount UUID=1cc1eaf­0… /mnt
/etc/fstab
xfs_admin ­L mynewfs /dev/sdb1 ­ change label for xfs FS

LUKS encryption
cryptsetup luksFormat /dev/sdb2 ­ creates encrypted partition
cryptsetup luksOpen /dev/sdb2 secret ­ opens encrypted partition, name it secret
­ creates new device ​
/dev/mapper/secret
mkfs.ext4 /dev/mapper/secret
mount /dev/mapper/secret /secret
umount /secret
cryptsetup luksClose /dev/mapper/secret

/etc/crypttab ­ list of encrypted partitions that will be luksOpen on boot

7
secret /dev/sdb2 none
/etc/fstab
/dev/mapper/secret /secret ext4 defaults 12
systemctl reboot

16. LVM
Creating Logical Volumes
­ first setup partition type to Linux LVM (8e) in fdisk
pvcreate /dev/sdb3 ­ create physical volume in LVM
vgcreate vgmyvg /dev/sdb3 ­ create volume group
vgs ­ show volume groups
lvcreate ­n lvmylv ­L 196M vgmyvg ­ create logical volume
lvs ­ show logical volumes
mkfs.ext4 /dev/vgmyvg/lvmylv ­ create filesystem
mount /dev/vgmyvg/lvmylv /mnt
(mount /dev/mapper/vgmyvg­lvmylv /mnt)

kernel ­> device mapper ­> ​VM


L
­> multipath
­> LUKS
­> Raid
­> VirtualFS ­> ext4
­> xfs

Device mapper
/dev/dm­0, dm­1, ... ­ volumes
/dev/mapper/vg­lv ­ links to volumes provided by device mapper
/dev/vg/lv ­ links provided by the lvm subsystem

Growing LV
vgextend vgmyvg /dev/sdb5 ­ add new partiton into the VG
lvextend ­l +100%FREE ­r /dev/vgmyvg/lvmylv
­ add all available space in VG to the LV and resize filesystem (with ​
­r​
option)

Shrinking LV
­ XFS cannot be shrunk !
­ FS has to be unmounted first
e2fsck ­f /dev/vgmyvg/lvmylv ­ check the FS
resize2fs /dev/vgmyvg/lvmylv 100M ­ reduce the FS size (ext2,3,4 type)
lvreduce ­L 102400K /dev/vgmyvg/lvmylv ­ reduce LV
lvreduce ­L 50M ­r /dev/vgmyvg/lvmylv ­ reduce FS and LV in 1 step (­r)

8
17. Kernel
new HW ­> udev ­> kernel (loads module)
Kernel modules
udev ­ automatically loads modules that are necessary
udevadm monitor ­ trap all udev and kernel events
lsmod ­ list of the currently loaded modules
modprobe module ­ load kernel module
modprobe ­r module ­ remove kernel module
modinfo module ­ information about module; shows available parameters
/etc/modprobe.d/ ­ config dir for modprobe
man 5 modprobe.d
cat /etc/modprobe.d/cdrom.conf
options cdrom lockdoor=0
/sys/module/ ­ info about kernel modules and their parameters

­ example:
cat /etc/modprobe.d/iwlwifi_led.conf
options iwlwifi led_mode=1
modprobe iwlwifi
cat /sys/module/iwlwifi/parameters/led_mode
1

/proc/sys/ ­ info about the interfaces the kernel is offering


/proc/sys/kernel ­ core kernel parameters
/proc/sys/net/ ­ network parameters
echo 0 > /proc/sys/net/ipv4/ip_forward
/proc/sys/vm/ ­ memory optimization
echo 60 > /proc/sys/vm/swapiness
Sysctl tuning
sysctl ­a ­ all tunables that are set
/etc/sysctl.conf ­ config file for sysctl (deprecated in RHEL7)
/etc/sysctl.d/ ­ config files dir for sysctl
cat /etc/sysctl.d/50­ipforward.conf
net.ipv4.ip_forward = 1
Updating kernel
yum update kernel
rpm ­Uvh kernel ­ manual update from downloaded rpm file

18. Kickstart
­ kickstart file ­ on USB
­ on server (ftp)
­ kickstart files ­​anaconda­ks.cfg
­​initial­setup­ks.cfg
yum install system­config­kickstart ­y ­ install kickstart utility

9
system­config­kickstart ­ run GUI for kickstart
During the installation add ​
ks= ​
option to the boot options.
ks=ftp://myserver/dir/anaconda­ks.cfg

19. Boot procedure


Boot process
post ­> boot device ­> grub 2 ­> kernel & initrd ­> root fs ­>
systemd ­ logging
­ mounts
­ services
­ login shell

Grub2
/etc/default/grub ­ main config file for grub
/etc/grub.d ­ additional config.
grub2­mkconfig ­ update the boot loader from config. files

POST ­> MBR ​ (grub is loading)​ ­> ​ Press ​ Esc​to access boot menu​ ­>
Enter boot options at the end of the line starts with ​
linux16 (systemd.unit =
emergency.target)

To make permanent modifications:


­ write to​/etc/default/grup ​ or ​
/etc/grub.d/
­ apply modifications (run ​
grub2­mkconfig​)

Systemd
­ kernel starts systemd and it starts everything else (services, mounts, automount, …)
­ uses unit files ( the replacement for init scripts)
/usr/lib/systemd/ ­ default scripts for systemd
/etc/systemd/ ­ users’ scripts used by systemd
/usr/lib/systemd/system/ ­ default systemd services, targets
/etc/systemd/system/ ­ user defined systemd services, targets
systemctl ­ command for managing services
systemctl status | stop | start | disable | enable service
Targets​ ­ the collection of services
multi­user.target ­ runs on boot (without GUI)
graphical.target ­ runs on boot (with GUI)
Wants ­ what should be run on specific target (symbolic links for services)
­ symb. links are created|deleted using systemctl disable|enable command
/usr/lib/systemd/system/default.target ­ default target on boot

Systemd Targets
­ define the state that system enters
­ equivalent to runlevels:

10
poweroff.target ­ shutdown
rescue.target ­ troubleshooting
multiuser.target ­ normal mode without GUI
graphical.target ­ GUI
reboot.target
emergency.target ­ more minimal that rescue.target
WantedBy​
­ every service knows by which target it is wanted (​ option)
Requires, Conflicts, After ​
­ order between targets is defined in targets (​ options)
systemctl list­units ­­type=target ­ which targets are running
systemctl isolate rescue.target ­ switch to the minimal mode
From Grub ­ enter boot option​(systemd.unit = rescue.target)

Mounting FS with Systemd


/usr/lib/systemd/system/*.mount
/etc/systemd/*.mount
­ mount file must have the same name like mount dir ! ​
(/test/dir ­> test­dir.mount)
­ add new mount in systemd:
cat /etc/systemd/system/lvdisk.mount
[Unit]
Description = My mountpoint
[Mount]
What = /dev/vgdisk/lvdisk
Where = /lvdisk
Type = xfs
[Install]
WantedBy = multi­user.target
systemctl start lvdisk.mount
systemctl enable lvdisk.mount

Automount in Systemd
­ to use automount the mount file must exists with the same name !
systemctl disable lvdisk.mount ; systemctl stop lvdisk.mount
cat lvdisk.automount
[Unit]
Description = Automount FS
[Automount]
Where = /lvdisk
[Install]
WantedBy = multi­user.target
systemctl enable lvdisk.automount ; systemctl start lvdisk.automount

20. Troubleshooting
Grub
grub2­* ­ utilities to work with grub

11
grub2­mkconfig ­o /boot/grub2/grub.cfg
­ save grub config that you applied during boot

Reset root password


­ in grub menu define parameter ​
rd.break ​
(at the end of the line starting with ​
linux16​
)
mount ­o remount,rw /sysroot
chroot /sysroot
echo newpassword | passwd ­­stdin root
touch / .autorelabel
exit
exit

21. HTTP
rpm ­qf `which httpd`
yum install httpd
rpm ­qc httpd
/etc/sysconfig/httpd
/etc/httpd/
/etc/httpd/conf/httpd.conf ­ main config file
systemctl start httpd ; systemctl enable httpd
yum install elinks ­ text browser

22. SELinux
/etc/sysconfig/selinux ­ controls the state (mode) of SELinux
SELinux modes:
­ disable ­ disable SELinux (activated on boot)
­ enforcing ­ secure policy
­ permissive ­ just logging, no restrictions
getenforce ­ show the current SELinux mode
setenforce Enforcing ­ switch to enforcing mode

Context
ls ­Z ­ displaying context on files(user:role:type)
ps zaux ­ context of processes
netstat ­Ztulpen ­ context of the network ports
When the file is moved it keeps his context settings, when it is copyed it will get new context from
the parent directory.
semanage ­ manage context, in the policy
restorecon ­ apply the policy to the object

Settings for apache DocumentRoot:


semanage fcontext ­a ­t httpd_sys_content_t “/web(/.*)?”
restorecon ­R ­v /web

12
semanage fcontext ­l ­ list all contexts on the system
yum install policycoreutils­devel ­ to install sepolicy
sepolicy manpage ­a ­p /usr/share/man/man8 ­ generate manpages
mandb
man ­k _selinux

chcon ­ changes context only for object and not in policy


­ do not use it, use ​
semanage ​ instead
Booleans
getsebool ­a ­ show SELinux booleans
setsebool ftp_home_dir on ­ set boolean to on (enable ftp home dir)
setsebool ­P ftp_home_dir on ­ make persistent change
semanage boolean ­l ­ show booleans’ description

SELinux logs
yum search setroubleshoot ­ SELinux troubleshoot packages
systemctl status auditd ­ daemon for logging
/var/log/audit/audit.log ­ audit log file
grep AVC /var/log/audit/audit.log ­ show SELinux messages
grep sealert /var/log/messages ­ SELinux alerts in messages
sealert ­l 23d2323232… ­ check the alert details

23. FIREWALL
­ netfilter in linux kernel
­ previous management tool = ​ iptables
­ new default management utility = ​
firewalld
Firewalld
­ it works with the zones and services
systemctl status firewalld
firewall­cmd ­­get­zones
firewall­cmd ­­get­services
firewall­cmd ­­get­default­zone
firewall­cmd ­­get­default­zone zonename
/usr/lib/firewalld/services/ ­ system’s default services
/etc/firewalld/services/ ­ dir for adding new services
firewall­cmd ­­zone=home ­­add­service=high­availability
­ add service to the zone
firewall­cmd ­­permanent ­­zone=home ­­add­service=high­availability
­ add service to the zone permanently
systemctl restart firewalld
firewall­cmd ­­list­all ­ get configuration for the current default zone

13
24. FTP
vsftpd ­ default ftp daemon in RHEL7
/etc/vsftpd/vsftpd.conf
/var/ftp ­ DocumentRoot for ftp (home dir of the ftp user)
yum install ­y lftp ­ ftp client

25. Time service


timedatectl status

timedatectl list­timezones
timedatectl set­timezone Europe/Bratislava
timedatectl set­time 14:50 ­ set time manually

­ configure automatic time synchro:


/etc/chrony.com ­ chrony config file
systemctl status chronyd.service
systemctl start chronyd
timedatectl set­ntp yes ­ enable ntp daemon chronyd

hwclock ­ show HW clock


hwclock ­­systohc ­ synchronize system time with HW time

26. VNC
Setup VNC server
yum ­y install tigervnc tigervnc­server
useradd vncuser
passwd vncuser
cd /usr/lib/systemd/system/
cp [email protected] vncserver\@:1.service
vi vncserver\@\:1.service
replace ​
<USER>​
with ​
vncuser
systemctl daemon­reload ­ reload configuration for systemd
su ­ vncuser
vncpasswd
systemctl start vncserver\@\:1 ­ do not use number 0 !!!
firewall­cmd ­­permanent ­­add­service vnc­server
firewall­cmd ­­reload

VNC client
vncviewer ­via user@remotehost localhost:1
vncviewer ­via vncuser@localhost localhost:1 ­ test on localhost

www.rhatcertification.com

14

You might also like