rm a* >> delete all files starting with “a”

rmdir >> delete directories (only if empty directory), if not empty: rm -r >> delete

mv f1 f1.txt >> rename file

find / -name passwd >> search for a file name

find . -user root >> search within the current working directory for a file with a specific user

Command example: find / -name passwd -exec cp {} /mnt/copy \;

cp -r >> copy the directory as well with files

pipes: send an output of a command as the input to the other "|"

 count files in a specific directory: ls /etc | wc

 see first 10 entries in a directory: ls -al | head

last 10: ls -al | tail

If you want to save the output of the command to a file (this is called a redirection):

>> There are 2 kinds of outputs (standard & error)

standard output:

ls > file.txt (this will override the file)

ls >> file.txt (if I want to append, not override)

error:

save an error to file example: ls filex 2> file2.txt

to append to file: ls filex 2>> file2.txt

Note: change permissions (chmod) will change "existing" permission for files & directories.

Note: if I want to change the default permission that is being granted with file creation: umask (the
opposite > 0 > is on):

0: read, write, and execute, 1: read and write, 2: read and execute, 3: read only, 4: write and execute, 5:
write only, 6: execute only, 7: no permissions [umask 000 >> grant all permissions]
tar command

“-“ >> can be omitted, “c” >> for archive, “v” >> list the processed fils, “f” >> specify the files

 Example of archiving newFile & oldFile: tar cvf cmp.tar newFile oldFile

 To view the file "ls" won't work and I need to use tar again with "tf" to view, for example:

tar tf cmp.tar

 Moreover; "xf" for extract: tar xf cmp.tar

Directory archive:

tar cvf /mnt/etc.tar /etc >> Creating archive file for etc dir within the mnt dir and name it etc.tar

Compression:

bzip2 ((-j)), xz ((-J)), gzip ((-z)), auto compress: ((-a))

Example: tar cvfz cmp.tar.gz newFile oldFile

Q1: give the user owner all permissions: chmod 7whatever Dir

Q2: compressed archive of /etc name as /root/com.gz: tar cvfz /root/com.gz /etc

Note: if you don't remember the symbol of the archive type just use "a" and it will convert it as per the
specified file extension (gz) >> gzip, example: tar cvfa /root/com.gz /etc

Q3: find lines containing the word root & copy them into a file named /mnt/pass:

grep "root" /etc/passwd > /mnt/pass

Usage of “yum”:

1. Install packages >> yum install packagename, example: yum install httpd

2. update kernel >> yum update kernel

Configure Repositories

Question: Configure the repositories http://xyz.server.com/baseos & http://xyz.server.com/appstream :

1. You need to create entries within the below file for both of them:

/etc/yum.repos.d/local.repo

2. Add entries for each one of them as follows:

name=baseOS

baseurl=http://xyz.server.com/baseos

gpgcheck=0

enabled=1

Tuned: a profile-based system for static and dynamic tuning of system settings.

By default, tuned will not dynamically adjust system settings, to modify manually use tuned-adm
command-line tool.

Important commands: (( yum install tuned ))

 tuned-adm list >> list all profiles

 tuned-adm active >> show active profiles
 tuned-adm profile <profile_name> >> select or change the active profile
 tuned-adm recommend >> what is the recommended profile for the system
 tuned-adm off >> turn it off

In the exam, they can give us a profile to set up or ask to set up a recommended profile so I will need to
check the recommended one and then set it:

 tuned-adm recommend
 tuned-adm profile
 NTP (network time protocol): sync my system with any time server and it uses "chrony" service and
"chronyd" daemon to sync the system with the required server.

1. install chrony service: yum install chrony

2. nano /etc/chrony.conf :

 there's pool something iburst (comment it)

 then add the following (server <given ip or Web address> iburst)

3. any change will require restarting the service to take effect so to restart:

systemctl restart chronyd

4. chrony sources -v

5. timedatectl (to validate if NTP is active), if not:

timedatectl set-ntp true (enable or disable NTP syn for automatic time adjustment)

systemctl: whenever we download any package we need to start or enable that particular service in
which systemctl gives us control.

Checking:

systemctl status <service>, systemctl is-active <service>, systemctl is-enabled <service>

Enabling/Disabling: systemctl start <service>, systemctl stop <service>

systemctl enable <service>, systemctl disable <service>

Note: enable means the automatic start-up upon system boot up (make sure it is always enabled in the
exam).

chmod relative method:

who: u (user), g (group), o (other)

what: + (grant permission), - (take permission)

which: r (read), w(write), x (execute)

User & Groups

Q1: create user harsh & make a new group as the secondary group:

 groupadd newgroup
check: cat /etc/group
 useradd harsh -G newgroup
check: cat /etc/passwd, cat /etc/group

Q2: create user nitin, do not add to newgroup, nitin should have no login shell:

 useradd nitin -s /sbin/nologin

 assign password: passwd nitin & enter the password
 adding groups with duplicate GID: groupadd -o newgrup -g 2000

ACL

Q1: copy file /etc/fstab to /var/fstab: cp /etc/fstab /var/fstab

Q2: change its user to the root user:

 check owner: ls -l
 change owner: chown root /var/fstab

Q3: User natasha should have read & write access to that file:

 check if user exist: /etc/passwd

 ACL (change for a particular user): setfacl -m u:natasha:rw- /var/fstab
check: getfacl var/fstab

Q4: Group mac should have no access:

 setfacl -m g:mac:--- /var/fstab

Note: check if a file has ACL: there will be (+) next to the permission when using ls -l command
Sticky Bit , SetGID and SetUID

(s): whenever a new file or subdir is created, it will "inherit" the group (g) ownership of the parent
directory if the "setGID" bit is set

The SetUID bit enforces user ownership of an executable file. When it is set, the file will execute with the
file owner's user ID, not the person running it (chmod u+s)

The SetGID bit enforces group ownership of files and directories. When it is set, any file or directory
created in a directory will get the directory's group ownership, not the user's. When it is set on a file, the
file will always be executed as its owning group rather than as the user (chmod g+s)

The sticky bit, also referred to as the "restricted deletion flag," can be set on a directory to prevent
anyone except the directory's owner from deleting a file in that directory (chmod o+t)

The sticky bit can be set in numerical mode by adding its value to those of the other permissions. If you
have an object with a value of 755 and you want to set the sticky bit, add 1000 (chmod 1755)

Q1: Create a directory /linux & make group owner to be MAC:

 mkdir /linux
 ls -ld /linux
 chgrp Mac /linux

Q2: All existing files within linux the group owner is Mac: (user recursive)

 chgrp -R Mac /linux

 or chown -R :Mac /linux

Note: The chown command allows you to change the user and/or group ownership of a given file,
directory, or symbolic link.

 Command example: chown [OPTIONS] USER[:GROUP] FILE(s)

Q3: All future files within linux the group owner is Mac:

 chmod g+s /linux

Q4: Ensure that no user other than the user owner can delete the content within directory:

 chmod +t /linux

Extras

a: is a shortcut to assign permissions to all users.

The command (chmod a+rwx) is equivalent to (chmod ugo+rwx)

-R: recursive

-v (verbose) argument, so chmod will report what it is doing

Disk Partitioning

1. create partition Par1 of size 1Gb:

 to check: lsblk or /dev

 then: fdisk /dev/vda ("m" for help) ("n" to add partition)
 after adding the partition we need to (write table to disk and exit) using "w"
 must save using partprobe: partprobe /dev/vda

2. mount partition at /newdisk with the format xfs:

 create mount point: mkdir /newdisk

 format the disk: mkfs.xfs /dev/vda4
 mount it on the "/etc/fstab" file to be permanent: nano /etc/fstab
 /dev/vda4 [TAB] /newdisk [TAB] xfs [TAB] defaults [TAB] 0 [TAB] 0
 then use "mount -a" command to verify (if no errors > all good)
 Swap Space Management:

Q1: Add a swap partition of size 750Mb, do not delete the existing swap.

1. Check the swap: "free -m"

2. Creating partition:
 fdisk /dev/vda
 "n"
 then the "Last Sector": "+750M"

3. change the type:

 "t"
 "L" to list all codes and then look for the number of [Linux swap] number
 (enter the number) "82" for example
 "w"
 partprobe /dev/vda

4. format it:
 mkswap /dev/vda5
 nano /etc/fstab
 /dev/vda5 [TAB] swap [TAB] swap [TAB] defaults [TAB] 0 [TAB] 0

5. Then use "swapon -a" command to verify (if no errors > all good):
 "free -m" to check

Logical Volume Management (LVM)

Convert physical devices (disk partitions, fulldisk, raid) >> Into physical volumes (PV) >> Convert all of
them into a one volume group (VG) >> Create logical volume (LV)

Q1: create LV named LV1 of size 8GB?

1. physical devices to PV:

 pvcreate /dev/vda1
 pvcreate /dev/vda2
 pvcreate /dev/vda3
 use the command "pvs" to check PV

2. PV to VG

 vgcreate VG1 /dev/vda1 /dev/vda2

 use the command "vgs" to check VG

3. VG to LV

 lvcreate -L 8Gb -n LV1 VG1

 [lvcreate (-L size) (-n name) (volume group)]
 use the command "lvs" to check LV

4. mount it:

 mkdir /mountpoint
 nano /etc/fstab
 /dev/VG1/LV1 [TAB] /mountpoint [TAB] xfs [TAB] defaults [TAB] 0 [TAB] 0

5. format it:

 mkfs.xfs /dev/VG1/LV1
 "mount -a" to check

Q2: extend the LV1 by 2GB?

1. space is available (2GB+ is available when using vgs command):

 lvextend -r -L +2Gb /dev/VG1/LV1

 verify: (lvs)

2. space is unavailable (extend VG then extend LV):

 vgextend VG1 /dev/vd3

 verify: (vgs)
  lvextend -r -L +2Gb /dev/VG1/LV1
 verify: (lvs)

Deleting (in case of a mistake or something) (delete LV then VG then PV)

 edit the "/etc/fstab" file (comment the previous change)

 unmount /Lv
 lvchange -an /dev/VG1/LV1
 lvremove /dev/VG1/LV1
 vgremove VG1

Q3: create LV named LV2 with 10 extents where the size of each extent is 8MB.

 vgcreate -s 8MB VG1 /dev/vda3

 use command "vgdisplay" then check "PE" value for physical extend size
 lvcreate -l 10 -n LV2 /dev/VG1
 small "l" to specify number of extents
 now "lvs" to verify and the size of L2 should be 80M (8 x 10).

Stratis: (local storage management solution) (uses XFS file system)

Components of Stratis Volume: blockdev, pool and filesystem

 blockdev: block devices, partitions that we use for storage (minimum size required must be 1Gb)
 pool: (one or more block devices) size of pool = sum of block devices.
 filesystem: thin provisioned layer (no fix size, grows as the details added)

Q: create a file system from a Stratis Pool?

1. install stratis: yum install stratis-cli stratisd

2. start & enable:

 systemctl start stratisd

 systemctl enable stratisd

3. create stratis pool:

 stratis pool create pool1 /dev/vda3

 to verify: stratis pool list

[Extend a pool] stratis pool add-data pool1 /dev/vda4

4. create file system:

 stratis filesystem create pool1 fs1

 to verify: stratis filesystem list
o Note: no need to format (already xfs format) so the only thing needed is to mount them.
o Note: this time I will need to add the UUID
 mkdir /mountpoint1
 nano /etc/fstab
 UUID--- [TAB] /mountpoint1 [TAB] xfs [TAB] defaults,x-systemd.requires=stratisd.service [TAB] 0
[TAB] 0
 "mount -a" to check

Virtual data optimizer "VDO"

VDO provides inline data reduction for linux in the form of deduplication, compression & thin
provisioning. (remove duplicate copies of data and keep 1 copy)

Q: create a vdo named V1 of size 50Gb and mount it at /V1?

1. install packages: yum install vdo kmod-kvdo

2. create vdo:
 vdo create --name VDO1 --device=/dev/vda3 --vdoLogicalSize=50G
 list the vdo's: vdo list
 format it if needed: mkfs.xfs /dev/mapper/VDO1
 3. mount it:
 mkdir /vdo1
 nano /etc/fstab
 /dev/mapper/vdo1 [TAB] /vdo1 [TAB] auto [TAB] defaults,x-systemd.requires=vdo.service
[TAB] 0 [TAB] 0
 "mount -a" to check

Note: you can use "man vdo" to check the syntax on the manual page

Schedule future tasks using "crontab"

 corntab -e (edit)
 corntab -l (list content of cron tab file)
 corntab -r (delete command in cron tab file)

1. ensure the service is running on the system "service cron status" if not use the command "yum install
cron" to install it or "cron service start" to start it

2. corntab -e (edit)

3. syntax: Minutes (00-59), Hours(00-23), Day of Month (01-31), Month (01-12), Day of Week (0-7 : both
0 & 7 mean Sunday), Command

First: (*) don't care or always, example:

* * 14 Jan * tar cf etc.tar /etc

this will take backup of /etc directory every minute on 14 Jan every year

Second: Range (x-y) x & y inclusive, example:

* 5-14 14 1 * tar cf etc.tar /etc

this will take backup of /etc directory every minute between 5AM to 3PM on the 14th of Jan

Third: List (x,y), example:

* 5-14 * * Mon,Fri tar cf etc.tar /etc

this will take backup of /etc directory every minute between 5AMP to 3PM on every Monday and Friday
Forth: */x (interval of x), example:

*/3 * * * * tar cf etc.tar /etc

will execute the command every 3 minutes

Fifth: when "Day of Month" and "Day of Week" don't match with each other, example:

* * 15 * Tue tar cf etc.tar /etc

(15 is not Tuesday) so this will execute when either of the two field matches (on every 15th of every
month and every tuesday)

Q: send email with the word "linux" to the owner of the job every 3 minutes between 9AM and 4PM on
every Friday in June: */3 9-15 * 6 5 echo "Linux"

Reset/Recover Root Password

1. once the system runs use the arrow keys to select the default bootloader entry

2. press "e" to edit the selected item

3. go to the line starts with "Linux" and press [END] button on your keyboard to go to the end of line
after the word quiet then write "rd.break" then press "ctrl+x"

4. mount -o remount,rw /sysroot

chroot /sysroot

5. passwd (and now you will be able to change it)

6. touch /.autorelabel

then "enter" and "exit" twice and wait till the system reboot and login again.

Network Configuration

1. To view network info "ip addr show" then check the interface status to be up and you can check
the IPV4 address

2. "ping" >> check if the system can connect with the destination address or not
 3. "nmcli" command:
 Create new connection: "nmcli con add"
 Modify Existing Connection: "nmcli con mod"

Parameters: con-name, type, ifname, connection.autoconnect, ip4, gw4

 "nmcli con show" will show the connection

 "nmcli con show <interface>" will show the connection profile of the interface (parameters to be
edited)

Example of creating a connection:

 nmcli con add con-name Default type ethernet ifname eth0 ip4 192.168.1.2/24 gw4 192.168.1.1

After creation you can use "nmcli con show Default" to show the parameters and after that you can edit,
example:

 nmcli con mod Default connection.autoconnect yes ipv4.addresses 192.168.1.5/24 ipv4.dns

172.2.2.2

Note: for some info like the ones can't be added while creation.

Note: you can add multiple IP addresses: nmcli con mod Default +ipv4.addresses 192.168.1.6/24

 connection.autoconnect yes
 now to activate it:
 nmcli con up Default

Changing Hostname

use command "hostnamectl" or modify /etc/hostname

command example: hostnamectl set-hostname malnadi

Q: create a new connection named Net of Type Ethernet having interface named eth0, ip address:
200.0.0.12 mask 255.255.0.0, gateway 20.0.0.1, DNS 8.8.8.8 and activate it

 nmcli con add con-name Net type ethernet ifname eth0 ip4 200.0.0.12/16 gw 20.0.0.1
 nmcli con mod Net ipv4.dns 8.8.8.8
 nmcli con up Net
SELinux: which process can access what file

1. SELinux Modes: (Enforcing, Permissive, Disabled)

- check the mode: "getenforce" command

- change to permessive "setenforce 0", and to enforcing "setenforce 1"

- disable SELinux policy:

 nano /etc/sysconfig/selinux
 next to SELINUX= write "disabled"
 restart the system

2. SELinux Booleans

Q: ensure that httpd is able to access the user home directory

we will need to change boolean value from off to on (we need to know what boolean to enable)

 getsebool -a | grep "httpd"

 refer to it (httpd_enable_homedirs)
 setsebool -P httpd_enable_homedirs on (-P to persist on reboot)

3. SELinux port

Q: the system is not able to connect to httpd service at port 82, it should be accessible at port 82 and
should start at boot time

semanage port -a -t http_port_t -p tcp 82

4. SELinux Context

by default the httpd service or the "apache web server" is able to host the files within "/var/www/html"

lets say there's "index.html" within /var/www/html

curl localhost/index.html (will display the content of file because server is able to access it)
Question: ensure that the httpd service is able to access the host files from the /test directory:

1. mkdir /test

2. touch index2.html

 then we need to change the context of the test directory and its content, we can show context
using "ls -lZ /test" and we need it the same as "ls -lZ /var/www/html"

3. semanage fcontext -a -t httpd_sys_content_t "/test(.*)?"

4. restorecon -Rv /test

 now we need to change the directory that is accessible by default "/var/www/html":

5. nano /etc/httpd/conf/httpd.com

 scrol down to DocumentRoot and change its value to "/test" and the directory below it as well to
<Directory "/test">

6. restart the service: systemctl restart httpd

 now you can "curl localhost/index.html"

Containers

The use of postman to Pull a container, Run a container, Map the container to a local directory, Run the
container as a service

<<< Pull a container >>>

1. Install: yum install podman @container-tools

2. Login podman login registery.redhat.io

<the registery will be given in the exam>

3. download image <they will give a name of image to be downloaded>

 podman pull <the image given in question>

 podman pull docker.io/library/httpd
if not given I will search for the download link like this:

 podman search <the image I'm looking for>

 podman search httpd

4. check: podman images

Note: In case you want to delete image use command "podman rmi <imagename>"

<<< Run a container >>>

 podman images (to check the image ID)

 podman run -d --name web1 <image ID>
 check the container is running using "podman ps"
 podman run -d --name web2 -p 8080:80 <image ID>
 to verify: "curl localhost:8080"

Note: to stop an image use command "podman stop <container name>" and to remove the container
use "podman rm <container name>"

Note: you can also run it interactively using the below command and you will be in the apache server:

podman run -it <image ID> /bin/bash

Note: if you want to change the web page you gotta find the "index.html" file so "find / -name
index.html" and then cat, nano whatever.

<<< Map the container to a local directory >>>

 crete local directory & file: mkdir /web, touch /web/mypage.html

 podman run -d --name web4 -p 8080:80 -v /web:/usr/local/apache2/htdocs (path will be given
on question) <image ID>
 curl localhost:8080/mypage.html
<< Running Container as a service >>

podman generate systemd web5 > /etc/systemd/system/web5-container.service

 systemctl daemon-reload
 systemctl start web5-container
 systemctl enable web5-container

now the container web5 is running just like a service.

verify: systemctl status web5-container

Now if I have to do it for a particular user:

1. add and login as the user:

 useradd test
 passwd test
 ssh test@localhost

2.

podman pull docker.io/library/httpd

now you downloaded the httpd image for this particular user

3.

podman run -d --name New -p 8085:80 <image ID>

4. create the directory:

 mkdir -p ~/.config/systemd/user

5. generate the container within directory:

 podman generate systemd New > ~/.config/systemd/user/New-container.service

6. edit the file:

 nano ~/.config/systemd/user/New-container.service
 Edit the "WantedBy=" value to: WantedBy=default.service
now all options are the same but you will need to add "--user":

 systemctl --user daemon-reload

 systemctl --user start New-container
 systemctl --user enable New-container
 systemctl --user status New-container

Bash Scripting: useful to execute a set of commands in a repetitive manner.

writing a bash script > write a file, make it executable, run the file.

 nano script1.sh
 add the script
 chmod u+x script1
 ./script1

Note: you can use bash command to run the script without adding the execute permission "bash script1"

She - bang (can be written on top of the script file to tell the system which interpreter to use by default
to execute the script), for example:

 #!/bin/sh
 #!/bin/bash
 #!usr/bin/perl
 #!usr/bin/env python

Variables: label (placeholder for a value)

Note: whenever I want to use the value of the variable I need "$"

Note: variables are untyped (no need to specify a value type)

variable types:

1. local variable: visible only within code block or function.

2. environmental variables: affect the behavior of the shell and user interface.

3. Global Variable.
Environmental variables example:

 home directory: $HOME

 default shell: $SHELL

> To take the variable at run time from user:

 nano file
 echo "Enter name of file"
 read name
 touch $name
 echo "File Created"

Command Line Arguments

 $0 : name of the script

 $1, $2, $3 : Arugemnts
 $# : total nuber of arguments
 $* : value of all the arguments

Example:

 nano shell.sh
 touch $1 $2
 echo "files $* was created"
 echo "total arguments passed: $#"
 ./file file1 file2

<< if else >>

if [ condition ]

then

statement1

statement2

else

statement1

fi
Comparison Expression:

 Equal to: -eq

 Not Equal to: -ne
 greater than: -gt
 greater than or equal: -ge
 less than: -lt
 less than or equal: -le
 if expression is false: ! exp

comparison for string:

 if strings are equal: string = string (if you don't give space on either side of the equal to; this will
become assign to)
 if strings are not equal: string != string
 if string is null: -n string
 if string is not null: -z string

check a file:

 -d file true if file is a directory

 -e file true if file exists
 -f file true if file is a regular file
 -r file true if file is readable
 -s file true if file is has non-zero size
 -w file true if file is writable
 -x file true if file is executable
<<< the use of elif >>>

if [ condition ]

then

statement1

elif [ condition2 ]

then

statement1

else

statement1

fi

<< Logical comparison >>

 OR: ||
 AND: &&

example: if [ condition1 ] && [ condition2 ]

<<< for loops >>>

for variable in values

do

statement1

statement2

done
Notes: values will be assigned to the variable

Examples:

for x in 12 one john

do

touch $x

done

for((i=0;i<10;i++))

do

date

sleep1

done

for x in $*

do

touch $x

echo "$x file created"

done

using a counter:

count=0

for x in $*

do

if [ -f $x ]

then

count=$(($count+1))

fi

done

echo "Total files were: $count"