Scribd
Upload
1K views

RHCSA 9 Notes

The document discusses various Linux system administration tasks including managing repositories, users, file permissions, logical volume management, performance tuning, job scheduling, and basic shell scripting. Some key points: - It describes how to add/disable Yum repositories, create users and groups, set file permissions using octal and symbolic notations, and manage access control lists. - For LVM, it explains how to create physical volumes, volume groups, logical volumes, and file systems on top of logical volumes. - It also covers configuring scheduled jobs using cron, anacron, and systemd timers, as well as tuning the system using tuned profiles. - Finally, it provides examples of basic shell

Uploaded by

Wilson Llivichuzhca
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
1K views

RHCSA 9 Notes

The document discusses various Linux system administration tasks including managing repositories, users, file permissions, logical volume management, performance tuning, job scheduling, and basic shell scripting. Some key points: - It describes how to add/disable Yum repositories, create users and groups, set file permissions using octal and symbolic notations, and manage access control lists. - For LVM, it explains how to create physical volumes, volume groups, logical volumes, and file systems on top of logical volumes. - It also covers configuring scheduled jobs using cron, anacron, and systemd timers, as well as tuning the system using tuned profiles. - Finally, it provides examples of basic shell

Uploaded by

Wilson Llivichuzhca
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

REPOSITORIES

File: /etc/yum.repos.d/
See enabled repositories
#dnf repolist enabled
Disable all repositories
#dnf config-manager –disable <repoID>
Create Yum repositories with the dnf config-manager command.
#dnf config-manager –add-repo=”http://rhatcert.com/repo”
Check repo was added: #dnf repolist enabled

USERS
File: /etc/passwd | /etc/shadow | /etc/group | /etc/gshadow | /etc/login.defs
Create users:
#useradd bob
The following configuration variables in /etc/login.defs change the behavior of this tool:
CREATE_HOME; PASS_MAX_DAYS (number) maximum number of days a password may be used.
To change the expiration of a password after X days, edit:
#vi /etc/shadow
To change home dicretory of a users edit:
#vi /etc/passwd
Create groups:
#vi groupadd trainers
#vi usermod -aG trainers bob

FILE ACCESS
r=4; w=2; x=1; rwx=7; rx=5 | Default for d = 0777 (drwxrwxrwx) | Default for f = 0666 (-rw-rw-rw-)
umask = 0002 clears the write bit for other users | 0077 clears all the group and other permissions of newly created files

Special permission Effect on files Effect on directories

u+s (suid) File executes as the user that owns No effect


the file, not the user that ran the file.
g+s (sgid) File executes as the group that owns Files newly created in the directory have their group owner set to
the file. match the group owner of the directory.
o+t (sticky) No effect. Users with write access to the directory can only remove files that
they own; they cannot remove or force saves to files owned by
other users.
To create a shared folder where regular users can read-write-delete their files but cannot delete others files and a HEAD user can
delete any file:
#mkdir /groups/trainers
#chown bill:trainers /groups/trainers
#chmod g+s /groups/trainers
#chmod o+t /groups/trainers

Add read access only to a group other than the group owner of a folder/File | to verify the file acl was added
#setfacl -m g:consultants:rx /groups/trainers
#getfacl /group/trainers

LOGICAL VOLUMES MANAGEMENT LVM


File: /etc/fstab
Check device of physical HD
#lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sr0 11:0 1 1024M 0 rom
nvme0n1 259:0 0 20G 0 disk
├─nvme0n1p1 259:1 0 1G 0 part /boot
└─nvme0n1p2 259:2 0 19G 0 part
├─rhel-root 253:0 0 17G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
nvme0n2 259:3 0 5G 0 disk

Check where is mounted


#fdisk -l

Create partition and label it as Linux LVM


#fdisk /dev/nvme0n2
:n | :p | :1 | :default | :default | :type | :8e (for Linux LVM type) | :w

Create physical volume and verify


#pvcreate /dev/nvme0n2p1  note p1 as partition 1
#pvdisplay

Create Volume Group and verify


#vgcreate <vgfiles> /dev/nvme0n2p1
#vgdisplay

Create Logical Volume named lvfiles in vgfiles group, allocate 100% of free space
#lvcreate -n <lvfiles> -l 100%FREE <vgfiles>

Create File System on new logical volume of type ext4


#mkfs.ext4 /dev/vgfiles/lvfiles

Mount volume on folder /files and make mount persistent. Reboot to verify is persistent
#mkdir /files
#mount /dev/vgfiles/lvfiles /files
#df -hT (to get the files system and type to add to /etc/fstab)
#vi /etc/fstab add line: /dev/mapper/vgfiles-lvfiles /files ext4 defaults 00

PERFORMANCE TUNING
Check if tuned is installed, if it’s running, make it enabled and change profile to bets throughput
#rpm -qa | grep tunned
#systemctl status tunned
#systemctl enabled tuned
#systemctl start tuned
#tuned-adm list
#tuned-adm profile network-throughput
#tuned-adm active

JOB SCHEDULING
Files: /etc/crontab | files in folder /etc/cron.d/ | /etc/cron.hourly/| /etc/cron.daily/ | /etc/
cron.weekly/ | /etc/cron.monthly/
One time for user at, atq #echo "date >> /home/student/myjob.txt" | at now +3min
Periodic tasks for Users #crontab -e ADD to file */2 * * * Mon-Fri /usr/bin/date >> ~/my_first_cron_job.txt

For recurring system Jobs:


Always place crontab file on /etc/crond/ folder to avoid overwriting

The /etc/anacrontab file ensures that scheduled jobs always run and are not skipped accidentally because the system
was turned off or hibernated.
System timers located: /usr/lib/systemd/system/sysstat-collect.timer
To modify copy timers to /etc/systemd/system/sysstat-collect.timer
To reload timer #systemctl daemon-reload
To enable timer #systemctl enable --now sysstat-collect.timer
Timer that triggers temporary file clean up systemd-tmpfiles-clean.timer

Diagram

Create a scheduled job to run at the top of every hour and send a message “hello” to the system-logging mechanism
#crontab -e
ADD LINE TO FILE AND SAVE: 59 * * * * logger -p user.notice "hello"

MAKE system journal PERSISTENT


#mkdir /var/log/journal
#vim /etc/system/journal.conf
EDIT LINE: Storage=persistent
#systemctl restart systemd-journald
#reboot

MAKE THE INSTALL DISK THE DEFAULT REPO


File: /etc/yum.repos.d/redhat.repo | /mnt/disk/media.repo |
Mount the media disc
#mount /dev/sr0 /mnt/disk
Copy repo file from media to /etc/yum.repos.d/redhat.repo
#cp /mnt/disk/media.repo /etc/yum.repos.d/redhat.repo
Edit redhat.repo and make it look like:
root@server4 ~]# cat /etc/yum.repos.d/redhat.repo
[InstallMedia]
name=Red Hat Enterprise Linux 9.1.0
mediaid=None
metadata_expire=-1
gpgcheck=1
cost=500
enabled = 1
baseurl = file:///mnt/disk/BaseOS/
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[InstallMedia-AppStream]
name=Red Hat Enterprise Linux 9.1.0 Apps
mediaid=None
metadata_expire=-1
gpgcheck=1
cost=500
enabled = 1
baseurl = file:///mnt/disk/AppStream/
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

Clean and check repo works


#dnf clean all
#dnf update

EDIT SYSTEM CLEAN UP /tmp FILES


Files: /usr/lib/tmpfiles.d/*.conf | /run/tmpfiles.d/*.conf |/etc/tmpfiles.d/*.conf
Check current timer of systemd-tmpfiles-clean.timer
#systemctl cat systemd-tmpfiles-clean.timer

Change configuration file to run every hour


#vi /usr/lib/systemd/system/systemd-tmpfiles-clean.timer
Change line : [Timer] -> OnUnitActiveSec=1h

Ensure system loads new configuration


#systemctl daemon-reload

Activate the new timer and verify if change took effect


#systemctl enable --now systemd-tmpfiles-clean.timer
#systemctl cat system-tmpfiles-clean.timer

Using stratis add a 3G disk to volume named myvol and ensure it is mounted persistently and automatically when
booting.
Ensure stratis is installed
#rpm -qa | grep stratis
Install stratis
#dnf install stratis
#dnf install stratis-cli

Enabled ans start stratisd service


#systemctl enable stratisd
#systemctl start stratisd

Check the HD is added, create stratis pool and extend the pool
#lsblk
#stratis pool create <myvol> </dev/nvme0n2>
#stratis pool add-data <myvol> </dev/nvm0n3>
#stratis pool list

Create new file system and verify


#stratis filesystem create <pool-name> <file-system-name>
#stratis filesystem list

Mount volume, create snapshot and make it persistent


#mkdir /myvol
#mount </dev/stratis/myvol/myvolfs > /myvol
#stratis filesystem snapshot <poolname> <file system name> <snapshot name>
#echo "UUID=<from filesystem list> /myvol xfs defaults,x-systemd.requires=stratisd.service 0 0" >> /etc/fstab
BASIC SHELL SCRIPTING
Write a file that prompts for input if not input received, the checks if input is file or folder and prints long list properties
of each:
#!/bin/bash
ARG=$1
while [ ${#ARG} -eq 0 ] #while length of ARG is 0
do
echo "PLEASE ENTER ARGUMENT"
read ARG
done

if [ -e "$ARG" ] #if ARG exists


then
if [ -d "$ARG" ] #if ARG is a folder
then
echo "IT IS A FOLDER"
ls -ld "$ARG"
else
echo "IT IS A FILE"
ls -ltr "$ARG"
fi
else
echo "$ARG doesn't exist"
exit 6
fi

Find all files that have the SUID permission set and write results to file in home folder.
#find / -type f -perm -u+s -fprint /home/student/SUDI-files.txt

Create user lisa and change the max password days to 30, also ensure she changes password at first login
#useradd lisa -K PASS_MAX_DAYS=30 OR
#useradd lisa THEN #chage -M 30 dbuser1
#chage -d 0 lisa

Allow lisa to change anyone’s password except root | sudoers line syntax User Host = (Runas) Command
Command dnf is the latest version of YUM dnf links to dnf-3

Channel 2 is the error channel


Channel 0 is the input channel
#!/usr/bin/bash
#
USR='student'
OUT='/home/student/output'
#
for SRV in servera serverb
do
ssh ${USR}@${SRV} "hostname -f" > ${OUT}-${SRV}
echo "#####" >> ${OUT}-${SRV}
ssh ${USR}@${SRV} "lscpu | grep '^CPU'" >> ${OUT}-${SRV}
echo "#####" >> ${OUT}-${SRV}
ssh ${USR}@${SRV} "grep -v '^$' /etc/selinux/config|grep -v '^#'" >> ${OUT}-${SRV}
echo "#####" >> ${OUT}-${SRV}
ssh ${USR}@${SRV} "sudo grep 'Failed password' /var/log/secure" >> ${OUT}-${SRV}
echo "#####" >> ${OUT}-${SRV}
done
Command r on top interface changes process priority. The lowest the value the more processor time the process
gets.

Find what package provides a program


dnf provides <seinfo>

Restore the file TYPE to the correct context


restorecon <filename-or folder>

firewall-cmd --list-all-zones
firewall-cmd –add-service=http
systemctl start httpd

SELinux commands
getenforce = See SELinux status
getenforce 0 = disable SELinux enforcement
getenforce 1 = enable SELinux enforcement
ls lZd /<directory> = shows file properties including SELinux file types

less /etc/selinux/targeted/contexts/files/file_contexts = shows what types are SELinux files


semanage fcontext -a -t httpd_sys_content_t ‘/virtual(/.*)?’ = permanently edits the context type of /virtual
folder and content
man semanage-fcontext = see examples to see types

Reset Root Password


Reboot OS
Interrupt countdown, select the Rescue kernel boot-loader and push “e” to edit it
Use the cursor keys to navigate to the line that starts with linux, Press end to go to end of the line
Add rd.break to the end of the line and press ctrl+x to reboot
After reboot press enter
#mount -o remount,rw /sysroot
#chroot /sysroot
#passwd root to change root password
Ensure SELinux relabels the system after reboot by issuing the command
#touch /.autorelabel
Type exit twice to reboot

Repair File System Issues when booting


Reboot OS
Interrupt countdown, select the Default boot-loader and push “e” to edit it
Use the cursor keys to navigate to the line that starts with linux, Press end to go to end of the line
Add systed.unit=emergency.target to the end of the line and press ctrl+x to reboot
The system reboots and asks for root password, enter root password
Mount devices mount, and check that the root folder / is mounted as rw, if not, remount it
#mount -o remount,rw /
#mount -a
Check if error ocurrs, if so, edit /etc/fstab and delete the device with issues
#vim /etc/fstab
Reload systemctl and mount all drives
#systemctl daemon-reload
#mount -a
#reboot now

Instructor email
Barbara Stamatakis
[email protected]
[email protected]

You might also like