Skill week 2

`dnf` (Dandified YUM) is a package manager for RPM-based Linux distributions,

including Fedora, CentOS, and Red Hat Enterprise Linux (RHEL). It is the next-
generation version of the YUM (Yellowdog Updater, Modified) package manager. dnf
was developed to address various limitations and performance issues found in YUM,
offering improvements in speed, usability, and dependency resolution.
Key Features and Capabilities of dnf
1. Dependency Resolution: dnf automatically handles package dependencies,
ensuring that all required libraries and packages are installed along with the main
package. It uses the libsolv library, which provides faster and more accurate
dependency resolution compared to YUM.
2. Modular Design: dnf has a modular architecture, allowing for easier addition of
plugins and extensions. This modularity makes it more adaptable and easier to
maintain.
3. Improved Performance: dnf generally offers better performance, especially in
terms of memory usage and processing speed, compared to YUM. It also provides
a more efficient way to manage and handle metadata.
4. Backward Compatibility: While dnf aims to replace YUM, it maintains backward
compatibility with most YUM commands and options, making it easier for users to
transition.
5. Enhanced Output: The output from dnf commands is clearer and more
informative, providing users with better insights into what actions are being
performed.
6. Extensibility: dnf supports plugins, allowing users to extend its functionality.
Common plugins include tools for downloading packages without installing them,
managing repos, and debugging.
Common dnf Commands
• Install a Package:
sudo dnf install <package_name>
• Update a Package:
sudo dnf update <package_name>
• Remove a Package:
sudo dnf remove <package_name>
• Upgrade the System:
sudo dnf upgrade
• List Available Packages:
dnf list available
• Search for a Package:
dnf search <keyword>
• Display Package Information:
dnf info <package_name>
• Download a Package (using a plugin):
sudo dnf download <package_name>
• Manage Repositories:
dnf repolist
dnf is a powerful and versatile package manager that simplifies the installation,
update, and removal of software packages on RPM-based Linux systems. Its
improved performance, better dependency management, and modular design make
it a preferred choice over the older YUM package manager.
In-Lab
1. Describe the steps and provide the command to install the httpd package
from the Red Hat Network using dnf.

To install the httpd package from the Red Hat Network (or any other configured
repository) using the dnf package manager:

Install the package: Use the dnf command to install the httpd package.

Command:
$ sudo dnf install httpd

2. How would you update the httpd package to the latest version available in the
configured remote repository using dnf? Provide the command.

To update the httpd package to the latest version available in the configured
remote repository, you can use the following command:
 Command:

$ sudo dnf update httpd

This command checks for updates to the httpd package and installs the latest
version if available.

3. You have downloaded an RPM package named example.rpm to your

/home/user/ directory. Describe the steps and provide the command to
install this package using dnf.
If you have an RPM package, such as example.rpm, downloaded to your
/home/user/ directory, you can install it using dnf with the following steps:
1. Navigate to the directory containing the RPM file (optional): You can navigate to
the directory where the RPM file is located, but it's not necessary if you provide the
full path to the file in the command.
2. Install the package using dnf: Use the dnf command with the full path to the RPM
file.
Command:
$ sudo dnf install /home/user/example.rpm
This command installs the RPM package from the specified location on your local file
system.
Let's consider an example RPM package called vim-enhanced, which provides the
Vim text editor with additional features.
To download the vim-enhanced RPM package, you can use the dnf or yum command
with the download plugin, which allows you to download a package without installing
it.
Here’s an example of how to download the vim-enhanced RPM package using dnf
with the download plugin:
$ sudo dnf install dnf-plugins-core -y
$ sudo dnf download vim-enhanced
2. Control the Boot Process by resetting the root password on a system, recover
from a misconfiguration, and set the default boot target.
• On the serverb machine, reset the password to redhat for the root user. Locate the
icon for the serverb machine console as appropriate for your classroom environment,
then open the console.
• In the boot-loader menu, select the default kernel boot-loader entry. The system
fails to boot because a start job does not complete successfully. Fix the issue from
the console of the serverb machine.
• Change the default systemd target on the serverb machine for the system to
automatically start a graphical interface when it boots. No graphical interface is
installed on the serverb machine. Only set the default target for this exercise and do
not install the packages

Solution:
Refer Book-2 RH-134 Chapter-8 page no: 251

Skill week 3
Securing a Linux system with firewalld involves configuring various firewall rules and
settings. firewalld is a dynamic firewall management tool that provides a front-end to
iptables and nftables. It uses the concept of zones to define the trust level of network
connections.
1. Checking Firewalld Status
To check whether firewalld is active and running:
$ sudo systemctl status firewalld
To start firewalld if it's not running:
$ sudo systemctl start firewalld
2. Listing Available Zones
Zones define the level of trust for network connections. To list all available zones:
$ sudo firewall-cmd --get-zones
3. Creating a Custom Zone
You can create a custom zone to define specific firewall rules:
$ sudo firewall-cmd --permanent --new-zone=myzone
Replace myzone with your desired zone name. The --permanent flag ensures the
changes persist across reboots.
4. Configuring the Custom Zone by Adding a Service
To allow a service, like httpd (web server), in the custom zone:
sudo firewall-cmd --zone=myzone --add-service=http --permanent
Replace myzone with the name of your custom zone. This command allows HTTP
traffic.
5. Opening a Port
To open a specific port, such as port 8080, in the custom zone:
$ sudo firewall-cmd --zone=myzone --add-port=8080/tcp --permanent
This command opens TCP port 8080.
6. Setting the Default Zone
To set the default zone, which applies to all network interfaces not explicitly
assigned to a different zone:
$ sudo firewall-cmd --set-default-zone=myzone
7. Assigning Interfaces to a Zone
To assign a specific network interface (e.g., eth0) to a custom zone:
sudo firewall-cmd --zone=myzone --change-interface=eth0 --permanent
This command moves the eth0 interface to the myzone zone.
8. Restricting Access by Blocking a Specific IP and Allowing Specific IPs Only
To block a specific IP address (e.g., 192.168.1.100):
$ sudo firewall-cmd --zone=myzone --add-rich-rule="rule family='ipv4' source
address='192.168.1.100' reject" --permanent
To allow only specific IP addresses (e.g., 192.168.1.101 and 192.168.1.102) and
block all others:
$ sudo firewall-cmd --zone=myzone --add-rich-rule="rule family='ipv4' source
address='192.168.1.101' accept" --permanent
$ sudo firewall-cmd --zone=myzone --add-rich-rule="rule family='ipv4' source
address='192.168.1.102' accept" --permanent
$ sudo firewall-cmd --zone=myzone --add-rich-rule="rule family='ipv4' reject" --
permanent
9. Listing All Active Rules and Zones
To list all active zones:
$ sudo firewall-cmd --get-active-zones
To list all rules in a specific zone:
$ sudo firewall-cmd --zone=myzone --list-all
Replace myzone with the name of your zone to see the rules and settings for that
zone.
Applying Changes
After making changes with the --permanent flag, reload firewalld to apply them:
$ sudo firewall-cmd --reload
This reloads the firewall configuration, making the permanent changes effective
immediately.
These commands and steps help secure your Linux system by managing network
traffic and restricting access based on your defined rules.