REDHAT (RHCSA) sysadmin I, II cheatsheet 


Accessing the Command line

# - root user

$ - regular user

whoami - shows which user has been login

date - shows date

passwd - change user password

file - shows file type

cat - concatenate - create and view files

head. - shows first 10 lines of a file -n set number of line

tail. - shows last 10 lines of a file

wc - counts line, word and characters of a file

-l lines -w words -c characters

history - shows the commands history

!! - most recent command

—help

/usr : installed software, shared libraries

/usr/bin: User commands.
/usr/sbin: System administration commands.
/usr/local: Locally customized software.
/etc : configuration files specific to the system
/var : Files that dynamically change, such as databases, cache directories, log files,
/run : Runtime data for processes started since the last boot. includes process ID files and lock files
/home : Home directories are where regular users store their personal data and configuration files.
/root : Home directory for the administrative superuser, root.
/tmp : A world-writable space for temporary files.
/boot : Files needed in order to start the boot process.
/dev : Contains special device files that are used by the system to access hardware.

Absolute path : An absolute path is a fully qualified name, specifying the files exact location in the
file system hierarchy. It begins at the root (/) directory and specifies each subdirectory that must be
traversed to reach the specific file.

Relative Path : A path name with anything other than a forward slash as the first character is a
relative path name.
Navigating Path
pwd - print working directory
cd - check directory
ls - list the contents
-l : long list format, -a : hidden files, -R : recursive, -h : human readable
cd ~ - check home directory
cd .. - one directory back
touch - create files
mkdir - create directory
cp - copy file
cp -r : copy directory
mv - move file , rename
rm - remove files
rm -r - remove directory containing files
rmdir - remove directory without files

hard links : pointing a new file name to a existing file

ln newfile.txt /home/user/documents/oldfile.txt
- only regular files
- only files on same file system

soft link ( symbolic link) : connecting new name for a existing file (shortcuts)
ln -s newfile.txt /home/user/documents/oldfile.txt

- all the files

- different file system

man - manuals
pinfo - print info

> file - redirect stdout to overwrite a file

>> file - redirect stdout to append to a file
2> file - redirect stderr to overwrite a file
2> /dev/null. - discard stderr error messages by redirecting to /dev/null
&>file - redirect stdout and stderr to overwrite the same file
&>> file - redirect stdout and stderr to append to the same file

pipeline : is a sequence of one or more commands separated by the pipe character (|). A
pipe connects the standard output of the first command to the standard input of the next
command.
ls -l /usr/bin | less ls -l | we -l

ls -l | tee file | less

Editing file with VIM

Vim has several modes of operation:

- command mode
- extended command mode
- edit mode

- visual mode

i - insert
y - copy
p - past
u - undo

x - delete

:wq - save and quit

:q! - quit discarding all file changes since the last write.

assigning variable

VARIABLENAME=value

echo $VARIABLENAME

/etc/profile - system environment variables and path

/etc/bashrc - system wide function and aliases

~/.bash_profile - user specific environment and startup programs

Local users and groups

there are three types of users account:

- Super User: administration, root or UID 0

- System User: daemons or services

- Regular User: account which used for day to day work

id - shows info about current login user

/etc/passwd - info about local users
/etc/group - info about local groups

su - to switch users
sudo - to get access to certain admin power
useradd - create users

usermod - modify users

-c, —comment : add comments to users
-g, —gid : specify primary group for users
-G, —groups : specify supplementary group for users
-a, —append : used with -G to add supplementary group for users
-d, —home : specify particular home directory for users
-m, —move: to move users home directory to particular directory
-s, —shell: to specify shell login for users
-L, —lock: lock the account
-U, —unlock: unlock the account

userdel - to remove users

userdel -r to remove users with all the files

groupadd - create group

groupadd -g - to specify a particular gid for group
groupdel - delete group

password aging

chage -m 0 -M 90 -W 7 -I 14 user03

chage -E 2019-08-05 user03

accessing files

most specific permission of the files:

- User permission

- Group permission

- Other permission

permission on files:

- r - read

- w - write

- x - execute

dr-xr-x---. 3 root root

the first character of long list is :

_ is regular file

d is directory

l is soft link



changing file permission

chmod WhoWhatWhich file/directory

Who is u, g, o, a (for user, group, other, all) 


What is +, -, = (for add, remove, set exactly) 

Which is r, w, x (for read, write, execute) 


changing file permission with number

chmod ### file/directory 


start with 0

if read permission add 4

if write permission add 2

if execute permission add 1

which = 7

the same do for User, group and other

chmod 777 simplefile

chown user simplefile change user ownership

chown :admins simplefile change group ownership

chown user:group sample file change user and group ownership at once

linux process

ps - list current process

-a all, -u uncontrolled, -x with

tty

sleep 1000 & - run a job in the background for 1000 sec

jobs - list the bash tracking process

fg %# - bring the background job in the foreground

bg%#

controlling process using signals

signal short
definition purpose
number name
Used to report termination of the controlling process of a
1 HUP Hungup
terminal
2 INT keyboard interrupt Causes program termination. (Ctrl+C)

Similar to SIGINT, but also produces a process dump at

3 QUIT Keyboard quit
termination. (Ctrl+\).

Causes abrupt program termination. Cannot be blocked,

9 KILL kill,unblockable
ignored, or handled

Causes program termination. Unlike SIGKILL, can be

15 term terminate blocked, ignored, or handled. The “polite” way to ask a
program to terminate;
18 CONT continue Sent to a process to resume, if stopped.
19 STOP stop, unblock able Suspends the process. Cannot be blocked or handled.

20 STTP Keyboard stop Unlike SIGSTOP, can be blocked, ignored, or handled.

suspend - CTRL + Z

terminate - CTRL + C

kill -l - list all the signals with kill command

kill -# job number. -to send signal by number

pkill -send signal to more jobs

w -list current users and running process

uptime - shows uptime and load average

lscpu - shows info about CPU

controlling services and daemons

systemd uses units to manage different types of objects

service unit has .service extension

socket unit has .socket extension

path unit has .path extension

systemctl - shows all units status

systemctl -shows all types of objects that systemd manage

systemctl list-units —type=service

systemctl status service name - shows status of services

systemctl is-active service name - shows is this service active

systemctl is-failed service name

systemctl start service name

systemctl stop service name

systemctl restart service name

systemctl reload service name

systemctl list-dependencies service name

systemctl mask service name. -completely stop the services both manually and at the boot

systemctl unmask service name

systemctl enable service name

systemctl disable service name

SSH

SSH protocol enables systems to communicates in encrypted manner

ssh user@hostname

ssh-keygen - create a key for authentication

-f - to specify passkey

ssh-copy-id -i .ssh/passkey user@hostname to copy passkey to remote host

ssh-agent -provide passphrase in authentication

/etc/ssh/ssh_config

Analyzing and storing logs

/var/log/

/var/log/messages - most syslog messages are logged here

/var/log/secure - syslog messages related to security and authentication

/var/log/maillog - syslog messages related to mail server

/var/log/corn - syslog message related to scheduled job execution

/var/log/boot.log - non-syslog console messages related to system startup

syslog priorities

0 emerg system is unusable

1 alert action must be taken immediately

2 crit critical condition

3 err non-critical error condition

4 warning warning condition

5 notice Norma but significant event

6 info information event

7 debug Debugging level message

logrotate - /var/log/. files deletion

tail -f /var/log/secure - shows continues log

vim /etc/rsyslog.d/debug.conf => *.debug /var/log/messages-debug

logger -p user.debug “this is debug test” - send manually log messages

journalctl
shows details and extra information about log events

shows notice and warning in bold and errors in red

journalctl -n 5

journalctl -f

journalctl -p err

journalctl —since today, yesterday, tomorrow “-1 hour”

journalctl —until

journalctl -o verbose

store system journal permanently

by default it save log in /run/log/journal it means it will be removed after every reboot

but you can change it to save permanently by changing configuration in /etc/systemd/

journald.conf

change store from auto to persistent

timedatectl

shows time and date info

timedatectl list-timezones

timedatectl set-timezones Asia/Kabul

tzselect -auto select timezones

timedatectl set-time YYYY-MM-DD HH:MM:SS

timedatectl set-ntp true/false

chronyd
sync RTC hardware clock with NTP





managing networks
ethernet -en

wlan -wl

wwan -ww

ip link show -list all the network interfaces

ip addr show - shows all the ip address

ip -s addr show - shows the status of specific interface

ip route - shows routing info

tracepath - shows the path and hops how packets travel

ss / netstat - shows socket statistics

-n shows number instead of name for interface and port

-t shows TCP sockets

-u shows UDP sockets

-l shows only listening sockets

-a shows all sockets

-p shows the process using the sockets

Network Manager
a daemon that monitor and manage network setting and save config file at

/etc/sysconfig/network-scripts

a device is network interface

a connection is collection of settling that can configure for device

nmcli

nmcli dev status

nmcli con show

nmcli con add con-name eno2 type ethernet ifname eno2 \

ipv4 192.168.56.11/24 gw4 192.168.56.254

nmcli con up static-ens3

nmcli dev dis ens3

nmcli con mod

nmcli con show device_name

nmcli con del device_name

nmcli con show —active

Hostname

hostnamectl -shows info about hostname

hostnamectl set-hostname [email protected]

Archiving and transforming files

Tar

-c —create

-x —extract

-t —list

-v —verbose

-f —file=

-z —gzip

-j —bzip2

-J —xz

scp

scp /root/doc user@host:path

sftp

sftp user@host

mkdir , rmdir , ls , cd , put , get , exit

rsync

rsync file user@hosts:path

-n -dry run

-v -verbose

-a -archive

-r -recursive

-l -links , soft links

-D - device files

Installing and updating software

rpm

rpm -qa -list all rpm packages installed

rpm -q name -shows software info

rpm -qd - shows documentation

rpm -qc - shows configuration file

yum
yum list

yum help

yum group list

yum info

yum install

yum remove

yum update

yum search

yum history

yum module list

yum module info perl

yum module install perl

yum module install perl:5.6

Accessing linux file system

SATA/PATA,SAS,USB /dev/sda, /dev/sdb

virtual machine storage /dev/vda, /dev/vdb

NVMs storage (SSD) /dev/nvme0 /dev/nvme1

SD/MMC storage /dev/mmcblk0. /dev/mmcblk1

df -H. -shows file system and mount devices

du -H -shows disk usage report of a directory

lsblk -fp -shows details of block device on system

mount: you can with UUID and with path /dev/….

mount /dev/…. /mnt/data

umount /mnt/data

lsof -shows opened files

The locate command searches a pregenerated index for file names or file paths and returns the
results instantly.

updatedb


locate passwd

locate -i passwd. - case-insensitive

locate -n 5 passwd

The find command searches for files in real time by crawling through the file-system hierarchy. 

find / -name ssd_config

find / -name ‘*.txt’

find / -iname ‘*pass*’

find -user username

find -user root -group mail

find -uid 1001

find -size +10M

WEB console
systemctl enable —now cockpit.socket

firewall-cmd —add-service=cockpit —permanent

firewall-cmd —reload

https://servarname:9090

scheduling task
at,atd -schedule a task with at in RHEL

atq , at -l. - list pending tasks

at timeing

now +5mins

teatime tomorrow (teatime= 16:00)

noon +4days

5pm august 3 2021

watch atq -monitor at jobs

crontab -schedule a task

crontab -l -list the jobs

crontab -r - remove

crontab -e -edit

crontab file order

minutes, hours, day of month, month , day of week , command

* -always, 0 - 6 = Sunday - Saturday

0 9 2 2 * /usr/local/bin/yearly_backup

system wide crontab

/etc/crontab

/etc/cron.d

/etc/cron.hourly

/etc/cron.daily

/etc/cron.weekly

/etc/cron.monthly

Tuning system performance

Static tuning configures predefined kernel parameters in profiles that tuned applies at
runtime.

dynamic tuning, the tuned daemon monitors system activity and adjusts settings depending on
runtime behavior changes. Dynamic tuning is continuously adjusting tuning to fit the current
workload, starting with the initial settings declared in the chosen tuning profile.

yum install tuned

systemctl enable —now tuned

tuned profiles
Power saving profiles

performance-boosting profiles

Low latency for storage and network

High throughput for storage and network

Virtual machine performance

Virtualization host performance

tuned profile distributed with RHEL 8

Tuned profile propose

Ideal for systems that require a compromise between power saving and
balanced
performance.
Derived from the balanced profile. Provides faster response of
desktop
interactive applications.
throughput performance Tunes the system for maximum throughput.

Ideal for server systems that require low latency at the expense of
latency performance
power consumption.
It enables additional network tuning parameters to provide low network
network latency
latency
powersave Tunes the system for maximum power saving.
Optimized for Oracle database loads based on the throughput-
oracle
performance profile.
Tunes the system for maximum performance if it runs on a virtual
virtual guest
machine.
Tunes the system for maximum performance if it acts as a host for
virtual host
virtual machines.

tuned-adm active -shows current active tuned profile

tuned-adm list -list RHEL available profiles

tuned-adm profile <profilename>. -change tuned profile

tuned-adm recommend

tuned-adm off - turned off the tuned

nice/renice

-20 __________20 nice -n 12 PID

Access control list

getfacl -display ACLs info

setfacl -add,remove, modify ACLs

setfacl -m u:zamir:rx filename

setfacl -m g:groupname: rx filename

setfacl -m o: : - - filename

getfacl file-A | setfacl —set-file= -file-B

setfacl -m m: : r file - setting explicit ACL mask

setfacl -x u:name g:name file -deleting ACLs

Managing SELinux
SELinux consists of sets of policies, defined by the application developers, that declare
exactly what actions and accesses are proper and allowed for each binary executable,
configuration file, and data file used by an application. 


SELinux three mode:

• Enforcing: SELinux is enforcing access control rules.

• Permissive: SELinux is active but instead of enforcing access control rules, it

records warnings of rules that have been violated.

• Disabled: SELinux is turned off entirely 


SELinux context

SELIinux labels

ls -Z /home -shows info about selinux

ps axZ

ps -ZC httpd

getenforce - shows details about selinux daemon

setenforce 1 | 0 -setting selinux enable and disable

cp -a -copy selinux context

changing selinux context

chcon -t httpd_sys_content_t /virtual -change virtual dir context

restorecon -v /virtual - restorecon

semanage fcontext -display info and can change selinux context

-a —add

-d —delete

-l —list

 selinux booleans
SELinux booleans are switches that change the behavior of the SELinux policy. SELinux
booleans are rules that can be enabled or disabled

getsebool -a -shows info about on / off

setsebool package name on/off

-P -make persistent changes

semanage boolean -l -C - list booleans in which the current state differs from
the default state

SELinux troubleshooting

- Before thinking of making any adjustments, consider that SELinux may be doing its job
correctly by prohibiting the attempted access.

- The most common SELinux issue is an incorrect file context.

- Another remedy for overly restrictive access could be the adjustment of a Boolean.

- It is possible that the SELinux policy has a bug that prevents a legitimate access. 


sealert -l id number from /var/log/message -shows extra info about selinux error

managing storage 


MBR - master boot record - 1982 -BIOS

- 2TIB

- 32 bit

-15 partitions

GPT - UEFI

- 64bit

-128 partitions

- 8 millions TIB

3 steps to create a partition

- create

- format file system

- mount

_______________________50GiB________________________________

primary(p) logical\ extended(e)

1MiB 2 GiB 2 GiB

0 - 2048 sec
10 GiB 5 GiB 2 GiB
1 MiB

-create

fdisk /dev/sdb

m -help

p -info

n -new partition

F - info about remaining storage

d -delete a partition

w -write table into disk and exit

q -quit without saving

fdisk -l, -list attach storages

lsblk - shows info about attach storages

udevadm settle - wait for the system to detect the new partition device

-format file system

mkfs.xfs /dev/sdb1

mkfs.ext4 /dev/sdb2

-mount
mount /dev/sdb1 /mnt

umount /dev/sdb1

umount /mnt

persistently mount

edit /etc/fstab

vim /etc/fstab

device name mount point, format options disk check disk sync
UUID=7a20315d-ed8b-4e75-a5b6-24ff9e1f9838. /dbdata xfs defaults 0 0

mount -a

swap

A swap space is an area of a disk under the control of the Linux kernel memory
management subsystem. The kernel uses swap space to supplement the system RAM by holding
inactive pages of memory.

create a partition

mkswap /dev/sdb2

udevadm settle

swapon /dev/sdb2

free -h -shows swap space info

swapon —show

Activating Swap Space Persistently

edit /etc/fstab

vim /etc/fstab

UUID=39e2667a-9458-42fe-9665-c5c854605881 swap swap defaults 0 0

Logical volumes management (LVM)


Physical devices 

Physical devices are the storage devices used to save data stored in a logical volume. These are
block devices and could be disk partitions, whole disks, RAID arrays, or SAN disks. A device must
be initialized as an LVM physical volume in order to be used with LVM. The entire device will be
used as a physical volume.

Physical volumes (PVs) 


You must initialize a device as a physical volume before using it in an LVM system. LVM tools
segment physical volumes into physical extents (PEs), which are small chunks of data that act as
the smallest storage block on a physical volume. 


Volume groups (VGs) 


Volume groups are storage pools made up of one or more physical volumes. This is the functional
equivalent of a whole disk in basic storage. A PV can only be allocated to a single VG. A VG can
consist of unused space and any number of logical volumes. 


Logical volumes (LVs) 


Logical volumes are created from free physical extents in a volume group and provide the
"storage" device used by
applications, users, and the
operating system. 


first make partition on

disk

convert them into PV

pvcreate /dev/sdd1 /dev/sdd2 /dev/sdc1

pvdisplay /dev/sdd1. /dev…. -shows info about PV

pvremove /dev/sdd1 /dev/… -remove Pls

combine them into a VG

vgcreate <VG name> /dev/sdd1 /dev/sdd2 /dev/sdc1

vgdisplay <VG name> -shows info about VG

vgremove <VG name> -remove vg

create logical volumes

lvcreate -n <LV Name> -L <LV size> mlv

lvdisplay <lv name> /dev/myvg/mylv -shows info about LV

create file system

mkfs.xfs /dev/myvg/mylv

mount

mount /dev/myvg/mylv /mnt

Extending and reducing volumes group

first add new hard disk and then make PV

then extend VG

vgextend myvg /dev/sdb1

vgreduce myvg /dev/sdb1

Extending logical volumes

lvextend -L +5G /dev/myvg/mylv

lvextend -l +50%FREE -add 50% of free space in VG to LV

resize2fs /dev/myvg/mylv. -for ext4

xfs_growfs /mountpoint -for xfs

reducing LV

- umount

- clean/scan e2fsck -f /dev/myvg/mylv1

- format resize2fs /dev/myvg/mylv1 8G

-reduce lvreduce —size -2G /dev/myvg/mylv1

-mount

Advanced storage features

Stratis

Stratis runs as a service that manages pools of physical storage devices, and
transparently creates and manages volumes for the file systems being created.

Stratis file systems do not have fixed sizes

and no longer preallocate unused block
space. known as thin provisioning Stratis
uses stored metadata to recognize
managed pools, volumes, and file systems.
to manage thin provisioning you need to
install

stratis-cli

stratisd

yum install stratis-cli stratisd

systemctl enable —now stratisd

stratis pool create pool1 /dev/sde

stratis pool list

stratis pool add-data pool1 /dev/sdf -adding more block device

stratis pool blockdev list pool1

stratis filesystem create pool1 filesystem1

stratis filesystem list

mount stratis/pool1/filesystem1 /mnt

df -hT

lsblk —output=UUID /stratis/pool1/filesystem1 -shows UUID

stratis filesystem snapshot pool1 filesystem1 snapshot1 -take time point back up

VDO

VDO is a Linux device mapper driver that reduces disk


space usage on block devices, and minimizes the replication of data, saving disk space and even
increasing data throughput. VDO includes two kernel modules: the kvdo module to transparently
control data compression, and the uds module for deduplication.

VDO applies three phases to data

- Zero-Block Elimination filters out data blocks that contain only zeroes (0) and
records the information of those blocks only in the metadata. The nonzero data
blocks are then passed to the next phase of processing.

- Deduplication eliminates redundant data blocks.

- Compression is the last phase. The kvdo kernel module compresses the data blocks using
LZ4 compression and groups them on 4 KB blocks. 




yum install vdo kmod-kvdo

vdo create —name=myvdo1 —device=/dev/sdf —vdoLogicalSize=50G

vdo list

vdo status —name=myvdo1

format

mkfs.xfs /dev/mapper/myvdo1

mount

vdostats —human-readable -shows info about vdo

Network Attach Storage (NFS)

install NFS server

yum install nfs-utils

configure

edit: vim /etc/exports

/folder1 client IP address - by default it share with read_only

/folder1 clientIP(rw, root_squash) -share without root permission

/folder1 clientIP(rw, no_root_squash) -share with root permission

/folder1 *(rw) -share to all the users

start the services

systemctl start nfs-server

mount it on the client node

mount serverIP:/folder1 /mountpoint

Autofs
The automounter is a service (autofs) that automatically mounts NFS shares "on-demand,"
and will automatically unmount NFS shares when they are no longer being used. 


yum install autofs

/etc/auto.master

/share /etc/auto.misc

/etc/auto.misc

work -rw,sync server:/share/work

/work -rw,sync server:/share/work -direct mount

* -rw,sync server:.share/& -indirect mount

Boot process

To access that root shell, follow these steps:

- Reboot the system.

- Interrupt the boot loader countdown by pressing any key, except Enter.

- Move the cursor to the kernel entry to boot.

- Press e to edit the selected entry.

- Move the cursor to the kernel command line (the line that starts with linux).

- Append rd.break. With that option, the system breaks just before the system hands control
from the initramfs to the actual system.

- Press Ctrl+x to boot with the changes. 


- switch_root:/# mount -o. remount,rw /sysroot

- switch_root:/# chroot /sysroot

- sh-4.4# passwd root

- sh-4.4# touch /.autorelabel

- Type exit twice. The first command exits the chroot jail, and the second command
exits the initramfs debug shell. 

Network Security
The Linux kernel includes netfilter, a framework for network traffic operations such as
packet filtering, network address translation and port translation.

The Linux kernel also includes nftables, a new filter and packet classification subsystem that has
enhanced portions of netfilter's code, but retaining the netfilter architecture such

as networking stack hooks, connection tracking system, and the logging facility. The advantages
of the nftables update is faster packet processing, faster ruleset updates, and simultaneous IPv4
and IPv6 processing from the same rules.


Introducing firewalld
Firewalld is a dynamic firewall manager, a front end to the nftables framework using the

nft command. Until the introduction of nftables, firewalld used the iptables command to configure
netfilter directly, as an improved alternative to the iptables service.


firewall-zones

Trusted, home, internal, work, public, external, dmz, block, drop

pre-define firewalld-services

ssh, dhcpv6-clients, pip-client, samba-client, mdns

you can interact with firewalld in three ways

- /etc/firewalld

- web console through cockpit

- firewall-cmd

firewall-cmd
—get-default-zone

—set-default-zone=zonename

—get-zones

—get-active-zone

—list-all

—list-all-zones

—list-all —zone=public

—add-service=servicename —zone=zonename —permanent

—remove-serice=servicename —zone=zonename —permanent

—add-port=portname/protocol —zone=zonename

—reload

SElinux port labeling

SELinux does more than just file and process labeling. Network traffic is also tightly enforced by the
SELinux policy. One of the methods that SELinux uses for controlling network traffic

is labeling network ports; for example, in the targeted policy, port 22/TCP has the label ssh_port_t
associated with it. The default HTTP ports, 80/TCP and 443/TCP, have the label http_port_t associated with
them.

If you decide to run a service on a nonstandard port, SELinux almost certainly will block the traffic. In this
case, you must update SELinux port labels

semanage port -l -list the all the ports with selinux label

semanage port -a -t gophar_port_t -p tcp 71 , a - add , t - type , p - protocol

semanage port -l -c -shows the change in ports labels

semanage port -d -t gopher_port_t -p tcp 71 ,d -delete

semanage port -m -t http_port_t -p tcp 71 , m -modify