10_rhcsa Ex200 - Study Guide (Joaoubaldo)

If there are images in this attachment, they will not be displayed. Download th e original attachment RHCSA Exam Objectives (as of 30/03/2011) Understand and Use Essential Tools ACCESS A SHELL PROMPT AND ISSUE COMMANDS WITH CORRECT SYNTAX Use /bin/sh -or- /bin/bash USE INPUT-OUTPUT REDIRECTION (>, >>, |, 2>, ETC.) stdout to file (>) stderr to file (2>) append to file (>>) stderr to stdout (2>&1) ex. iptables -L -n -v -x >> /tmp/ipt.out 2>&1 * redirect stdin and stdout to /tm p/ipt.out USE GREP AND REGULAR EXPRESSIONS TO ANALYZE TEXT grep expr -or- egrep expr ex. tail -f /var/log/messages | egrep *(kernel|error)* * only show lines contain ing kernel or error strings ex. cat /etc/httpd/conf/httpd.conf | grep -v *^#* * omit lines starting with # c haracter ACCESS REMOTE SYSTEMS USING SSH AND VNC SSH: ssh user@host VNC: vncviewer host:display vncviewer host::port LOG IN AND SWITCH USERS IN MULTI-USER RUNLEVELS su * user ARCHIVE, COMPRESS, UNPACK AND UNCOMPRESS FILES USING TAR, STAR, GZIP, AND BZIP2 Compress: tar cfz archive.tar.gz infile1 infile2 ex. tar cfz /tmp/httpd_conf.tar.gz /etc/httpd Uncompress: tar xfz archive.tar.gz The rest of the commands are similar. Use *help and read their man page CREATE AND EDIT TEXT FILES vim file -or- nano file CREATE, DELETE, COPY AND MOVE FILES AND DIRECTORIES Create/touch: touch file ex. touch /tmp/i_was_here Move/rename: mv srcfile dstfile ex. mv /home/john/httpd.conf /etc/httpd/conf/httpd.conf Remove: rm file ex. rm /home/john/httpd.conf.old Copy: cp srcfile dstfile ex. cp httpd.conf httpd.conf.backup

CREATE HARD AND SOFT LINKS Soft link: ln -s srcfile dstlink ex. ln -s /mnt/data/docs /home/john/Desktop/documents * soft link from /mnt/data /docs to Desktop Hard link: ln srcfile dstlink LIST, SET AND CHANGE STANDARD UGO/RWX PERMISSIONS List: ls -l Change: chmod mode file ex. chmod u=rwx,g=rx,o=rx myscript.sh chmod 755 myscript.sh (755 is equivalent to u=rwx,g=rx,o=rx) LOCATE, READ AND USE SYSTEM DOCUMENTATION INCLUDING MAN, INFO, AND FILES IN /USR/SHARE/DOC apropos keyword whatis keyword man -k keyword man command info command fgrep -Ri keyword /usr/share/doc/package Red Hat may use applications during the exam that are not included in RHEL for t he purpose of evaluating candidate*s abilities to meet this objective. Operate Running Systems BOOT, REBOOT, AND SHUT DOWN A SYSTEM NORMALLY reboot shutdown -h now BOOT SYSTEMS INTO DIFFERENT RUNLEVELS MANUALLY append 1 up to 5 to kernel boot options (press e in grub menu to edit a line) USE SINGLE-USER MODE TO GAIN ACCESS TO A SYSTEM append 1 to kernel boot options (press e in grub menu to edit a line) IDENTIFY CPU/MEMORY INTENSIVE PROCESSES, ADJUST PROCESS PRIORITY WITH RENICE, AND KILL PROCESSES Identify: top (use shift-f to select sort column) Adjust priority: renice -20|0|20 pid Kill: kill -9 pid -or- killall -9 name -or- pkill -f expr LOCATE AND INTERPRET SYSTEM LOG FILES Look for logs in /var/log/. /var/log/messages file is an important system log! ACCESS A VIRTUAL MACHINE*S CONSOLE virt-manager OR virt-viewer OR: 1. virsh vncdisplay domain 2. vncviewer localhost:display START AND STOP VIRTUAL MACHINES virt-manager OR:

1. virsh start domain 2. virsh shutdown domain START, STOP AND CHECK THE STATUS OF NETWORK SERVICES service service_name stop service service_name start service service_name status ex. service httpd stop * stop http server Configure Local Storage LIST, CREATE, DELETE AND SET PARTITION TYPE FOR PRIMARY, EXTENDED, AND LOGICAL PARTITIONS List: fdisk -l Modify: cfdisk device -or- fdisk device -or- parted CREATE AND REMOVE PHYSICAL VOLUMES, ASSIGN PHYSICAL VOLUMES TO VOLUME GROUPS, CREATE AND DELETE LOGICAL VOLUMES Physical volumes: pvcreate *help pvremove *help Volume groups: vgcreate *help vgremove *help Logical volumes: lvcreate *help lvremove *help CREATE AND CONFIGURE LUKS-ENCRYPTED PARTITIONS AND LOGICAL VOLUMES TO PROMPT FOR PASSWORD AND MOUNT A DECRYPTED FILE SYSTEM AT BOOT 1. cryptsetup luksFormat device 2. cryptsetup luksOpen device mappername 3. mkfs.fs mappername 4. edit /etc/crypttab: mappername device none 1. (/etc/crypttab: use UUID or LABEL for device) 5. edit /etc/fstab: /dev/mapper/mappername /mpoint (*) CONFIGURE SYSTEMS TO MOUNT FILE SYSTEMS AT BOOT BY UNIVERSALLY UNIQUE ID (UUID) OR LABEL Find a device*s UUID or LABEL: blkid device OR*ls -l /dev/disk/by-* | grep device Edit /etc/fstab: use LABEL=label or UUID=uuid to specify the device ADD NEW PARTITIONS, LOGICAL VOLUMES AND SWAP TO A SYSTEM NONDESTRUCTIVELY Create a partition: cfdisk device -or- fdisk device -or- parted Create a logical volume: lvcreate *help Add swap: 1. mkswap device 2. swapon device Create and Configure File Systems CREATE, MOUNT, UNMOUNT AND USE EXT2, EXT3 AND EXT4 FILE SYSTEMS Create: mkfs.extfs

Mount: mount device /mpoint Unmount: umount device MOUNT, UNMOUNT AND USE LUKS-ENCRYPTED FILE SYSTEMS 1. cryptsetup luksOpen device mappername 2. mount /dev/mapper/mappername /mpoint 3. umount /dev/mapper/mappername 4. cryptsetup luksClose mappername MOUNT AND UNMOUNT CIFS AND NFS NETWORK FILE SYSTEMS Mount: NFS: mount -t nfs host:/share /mpoint CIFS: mount -t cifs -o *username=,password=* //host/share /mpoint Unmount: umount /mpoint CONFIGURE SYSTEMS TO MOUNT EXT4, LUKS-ENCRYPTED AND NETWORK FILE SYSTEMS AUTOMATICALLY Configure /etc/auto.*: nfs: mpoint -rw,intr host:/remote/mpoint device: mpoint -fstype=fstype :device EXTEND EXISTING UNENCRYPTED EXT4-FORMATTED LOGICAL VOLUMES lvresize *help -or- lvextend *help ex. lvresize -L+1G lv * add 1G to lv CREATE AND CONFIGURE SET-GID DIRECTORIES FOR COLLABORATION 1. chmod g+s dir 2. create group shared_grp 3. chgrp shared_grp dir 4. Add users to shared_grp CREATE AND MANAGE ACCESS CONTROL LISTS (ACLS) View acl: getfacl file Modify: setfacl -m mode file ex. setfacl -m u:john:rw /home/anna/prv_file Remove: setfacl -x mode file DIAGNOSE AND CORRECT FILE PERMISSION PROBLEMS Diagnose: ls -laZ getfacl file check /var/log/audit/audit.log for selinux errors Fix: chmod mode file setfacl -m mode file Deploy, Configure and Maintain Systems CONFIGURE NETWORKING AND HOSTNAME RESOLUTION STATICALLY OR DYNAMICALLY Create static hostnames: /etc/hosts Configure dns servers: /etc/resolv.conf Manage resolution order: /etc/nsswitch.conf SCHEDULE TASKS USING CRON crontab -e OR edit /etc/cron.*/file: ex. vim /etc/cron.daily/mycron CONFIGURE SYSTEMS TO BOOT INTO A SPECIFIC RUNLEVEL AUTOMATICALLY

Edit /etc/inittab and modify initdefault with values from 1..5 INSTALL RED HAT ENTERPRISE LINUX AUTOMATICALLY USING KICKSTART Use kernel boot options: linux ks=ftp/http://host/ks.cfg linux ks=nfs:host:/ks.cfg linux ks=cdrom:/dev/dir/ks.cfg linux ks=hd:/dev/dir/ks.cfg linux ks=file:/dev/dir/ks.cfg CONFIGURE A PHYSICAL MACHINE TO HOST VIRTUAL GUESTS Use virt-manager INSTALL RED HAT ENTERPRISE LINUX SYSTEMS AS VIRTUAL GUESTS Use virt-manager CONFIGURE SYSTEMS TO LAUNCH VIRTUAL MACHINES AT BOOT Use virt-manager -or- virsh autostart domain CONFIGURE NETWORK SERVICES TO START AUTOMATICALLY AT BOOT Configure: chkconfig service on -or- ntsysv View startup services: chkconfig *list CONFIGURE A SYSTEM TO RUN A DEFAULT CONFIGURATION HTTP SERVER 1. yum install httpd 2. service httpd start 3. chkconfig httpd on 4. update /etc/sysconfig/iptables (open port tcp 80) CONFIGURE A SYSTEM TO RUN A DEFAULT CONFIGURATION FTP SERVER 1. yum install vsftpd 2. service vsftpd start 3. chkconfig vsftpd on 4. update /etc/sysconfig/iptables (open port tcp 21) INSTALL AND UPDATE SOFTWARE PACKAGES FROM RED HAT NETWORK, A REMOTE REPOSITORY, OR FROM THE LOCAL FILESYSTEM yum search name yum install package yum update package UPDATE THE KERNEL PACKAGE APPROPRIATELY TO ENSURE A BOOTABLE SYSTEM rpm -ivh new_kernel.rpm OR yum install kernel MODIFY THE SYSTEM BOOTLOADER Edit /boot/grub/grub.conf Manage Users and Groups CREATE, DELETE, AND MODIFY LOCAL USER ACCOUNTS Add: useradd Delete: userdel Modify: usermod View /etc/passwd CHANGE PASSWORDS AND ADJUST PASSWORD AGING FOR LOCAL USER ACCOUNTS Change password: passwd user Change aging: chage -E YYYY-MM-DD user

CREATE, DELETE AND MODIFY LOCAL GROUPS AND GROUP MEMBERSHIPS Add: groupadd Delete: groupdel Modify: groupmod Memberships: edit /etc/group CONFIGURE A SYSTEM TO USE AN EXISTING LDAP DIRECTORY SERVICE FOR USER AND GROUP INFORMATION Use*system-config-authentication Manage Security CONFIGURE FIREWALL SETTINGS USING SYSTEM-CONFIG-FIREWALL OR IPTABLES Insert: iptables -t TABLE -I CHAIN * Append: iptables -t TABLE -A CHAIN * Delete: iptables -t TABLE -D CHAIN * Flush table: iptables -t TABLE -F Save persistent changes to /etc/sysconfig/iptables SET ENFORCING AND PERMISSIVE MODES FOR SELINUX Persistent change: /etc/selinux/config: SELINUX=enforcing|permissiveCurrent session: Non persistent change: setenforce 1|0|enforcing|permissive VIEW SELINUX STATUS: Sestatus LIST AND IDENTIFY SELINUX FILE AND PROCESS CONTEXT ls -lZ ps -efZ RESTORE DEFAULT FILE CONTEXTS restorecon -R*file USE BOOLEAN SETTINGS TO MODIFY SYSTEM SELINUX SETTINGS View booleans: getsebool -a | grep keyword OR*semanage boolean -l | grep keyword Change booleans: setsebool -P boolean on|off DIAGNOSE AND ADDRESS ROUTINE SELINUX POLICY VIOLATIONS Diagnose: /var/log/audit/audit.log /var/log/messages view service logs sealert Fix: audit2allow setsebool -P boolean on|off