SELINUX

Config file Path - /etc/selinux/config

Three Mods
1) Enforcing- Enforced to be on
2) Permissive- Shows warning
3) Disabled- Turned off
#changes applies after reboot only.

sestatus-Command

To check the current status of selinux

getenforce - command

To check the status only

setenforce 0 - command

The change status to permissive temporarily

setenforce 1 - command

The change status to enforcing temporarily

ls -Z - command to check the file selinux status

chcon - command

To change the selinux permission of a file

chcon -t (type) file/directory
eg:chcon -t httpd_sys_content_t /tmp/f1

restorecon - command

To restore the previous state of the file/directory

restorecon -Rv file/directory
Eg: restorecon -Rv /tmp/file1

semanage fcontext -l -command

To see the available context in the machine

semanage fcontext -a -t httpd_sys_content_t ‘/directory(/.*)?’

After this, restorecon command is mandatory to save

Restorecon -RFvv /directory
To give the same permission as parent for all the childs
getsebool -a command

To see the boolean based selinux permissions

setsebool <name> 0/1

To set the boolean permission

FIREWALL
Firewall-cmd

firewall-cmd –list-all

To list the allowed services and other info

firewall-cmd --permanent --add-service=service_name

firewall-cmd --permanent --remove-service=service_name
firewall-cmd --reload
firewall-cmd --list-all
firewall-cmd --get-services
firewall-cmd --permanent --add-port
firewall-cmd --permanent --remove-port
firewall-cmd --permanent --add-protocol
firewall-cmd --permanent --remove-protocol

RPM

RPM install

rpm -options to install an rpm

i install
v verbose
h hash
U update
force
e to uninstall
ql to see the contents of the package (after install)
qlp same as above (before install)
qi to see the information of the rpm(after install)
qip same as above (before install)
 qf find the rpm of a file
qc to find the config files of a rpm
qcp same as above (before install)
qd to find the documents files of a rpm
qdp same as above (before install)
nodeps to avoid dependencies
test to check the installation process

YUM
yum
Repo file path = /etc/yum.repos.d/filename.repo
Repo code

[Name (Appstream)]
name=name(appstream)
baseurl=location(file:///dvd/AppStream)
enabled=0 or 1
gpgcheck=0 or 1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-rellease

yum repolist all = to see the available repositories

yum makecache
yum clean all
yum install package-name
yum remove package-name
yum reinstall package-name
yum info package-name
yum search package-name
yum provides file-name = to see the rpm of a file
yum localinstall rpm-package path = to install rpm out of repos
localupdate
localinfo
yum grouplist
groupinfo group-name
groupinstall
update
remove
yum history
info ID
undo ID
redo ID
 NFS

Config file- /etc/exports

File content
Filename destination(rw,sync)
Eg /file/f1 serverb(rw,sync)
Service nfs-server.service
Services to be added in firewall (nfs,mountd,rpc-bind)
exportfs -v = to see the files shared
exportfs -r = to refresh
mount host:/file /dir (client side) temp mount
/etc/fstab
Code
Serverfile client_dir type defaults 00
Eg servera:/f1 /dir1 nfs defaults 00
showmount -e server = to see the files shared

VI

Vi commands
(i | insert) to insert
yy copy line
cc cut line
p paste line
dd delete line
yw cw dw copy cut delete a word
gg to move the cursor to first line
shift g to move the cursor to last line
:line_number to move the cursor to a specific line
:set nu to turn on line number
:set nonu to turn off line number
o to place a new line below the cursor
Shift o to place a new line above the cursor
u undo
ctrl r to redo
/word to search a word
n next search element
Shift n previous search element
:%s/word1/word2 replace word1 by word2
:w write the file changes
:q quite the file
:x write and quite
! override
 crontab
Crontab - demo file /etc/crontab
crontab -e edit
-l list
-r remove
-u to a specific user
To deny a user from cron enter user in /etc/cron.deny

LVM
fdisk -l to list the available disk
fdisk /dev/file to edit
n new partition
p print the partition
t edit the partition type
w write the changes to the disk
m help
partprobe - inform the OS of partition table changes
vgcreate — Create a volume group
-s size of pe
pvcreate — Create a physical volume group
vgdisplay vgname- to see the info
lvcreate -l size name_source -n name(destination) to create a logical volume
Eg: lvcreate -L 2G vg0 -n lv1
-L in bites
-l in pe
mkfs.partition_type dev - to change partition type
lvextend -l size dev
Eg: lvextend -L 4G lv1
resize2fs dev
Eg: resize2fs /dev/vg0/lv1
xfs_growfs dev for xfs file system

Or
-r in lvextend
lvreduce -l size dev -r
Eg: lvreduce -L 1G lv1 -r

vgextend vg_name source

Eg: vgextend vg0 /dev/sdd
Before this source must be created as pv
pvs physical volume status
lvs logical volume status
vgs volume group status
pvdisplay dev
lvdisplay dev

Before removing delete entry in fstab

lvremove dev
pvremove dev
vgremove dev

Container
yum module install container-tools
podman login registry_location
podman login registry.lab.example.com -to login
Container naming conventions:
registry_name/user_name/image_name:tag
Eg: registry.access.redhat.com/ub8/ubi:latest
podman pull container_name - to download the container to local
podman images - to see the downloaded images
podman run container_name - to run a container
Eg: podman run -it registry.access.redhat.com/ub8/ubi:latest
-i indicates interactive
-t to allocate a terminal
-d to run in background
--name to assign a name to the container
--rm to run commands and stop the container
-e to pass a environment variable
-v to mount a volume
host_dir:container_dir:z
Container registries config file - /etc/containers/registries.conf
podman info
podman search container_name to search a container
podman inspect container_name to see the details of a container
podman rmi container_name to delete a container local
podman ps -a to see the all containers even offline
podman generate systemd --name myweb --files to generate the service file

SYSTEMCTL

systemctl is-active service_name(sn) - to see the service on or off

status sn
start -to start a service
stop - to stop a service
restart -to restart a service
reload - to reload the config files
reload -or-restart
mask - to prevent from start a service
unmask
is-enabled - to see the startup
enable to enable startup
disable to disable startup
list-units
--type=service to see the services
--all to see all including inactive
list-dependencies to see the dependency services
list-units-files to see the future conditions
isolate target - to switch targets
get-default -to see the default target
set-default target - set the default target

JOURNALCTL
journalctl - to see the logs
journalctl -n 5 last 5 lines of log
journalctl -f to follow for new upcoming logs
journalctl --since today for todays log
journalctl --since “(YYYY-MM-DD HH:MM:SS)” --untill “(YYYY-MM-DD HH:MM:SS)”
to see the log between specific time
journalctl _SYSTEMD_UNIT=service to see the log a service
journalctl _SYSTEMD_UNIT=service _PID=PID to see the logs of a service process
CONFIG FILE /etc/systemd/journald.conf
service systemd-journald
journalctl -b n(1,2.3…n) to see the logs before reboot

TIMEDATECTL
Ntp config file /etc/chrony.conf
server (server_name or IP) iburst
Service chronyd.service
chronyc sources -v to see the server details

STRATIS
Rpms required
stratisd
stratis-cli.noarch
stratis pool create pool_name dev to create a pool
list to see the available pools
blockdev list to see the available bloc devices
stratis pool add-data pool_name dev to add a additional storage to an existing pool
stratis filesystem create pool_name filesystem_name -to create a file system
stratis filesystem list - to see the available file system
Entry in fstab add these lines near defaults
x-systemd.requires=stratisd.service
stratis fielsystem snapshot pool_name fs_name snapshot_name
stratis filesystem destroy fs_name -to destroy a filesytem
stratis pool destroy pool_name -to destroy a pool

VDO
Rpms required
vdo kmod-kvdo
vdo create --name vdo_name --device dev --vdoLogicalSize size - to create a vdo
udevadm settle -to apply changes
mkfs.xfs -K /dev/mapper/vd_name to format the vdo
Entry in fstab add these lines near defaults
x-systemd.requires=vdo.service
vdo list - to list the available vdo
vdo status --name vdo_name - to see the status of a vdo
vdostats --human-readable to see the actual status of a vdo

PROCESS MANAGEMENT
Ps -a -to see the process running in that terminal
tty -to see the terminal number
/proc/ - process directory
ps -A to see the whole computer process
?- background process
ps -ef to see the more detailed list
pstree -to see the tree structured process list
ps -aux - to see in percentage
ps -eo pid,ppid,cmd,%cpu,%mem --sort=%mem | head -to sort
ps -eo pcpu,user,uid,args | sort -k 1 -r | head -n 10 - to sort
uptime - to see the system up time ,connected user,load values
top - to see the live stats
pgrep p_name -to see the process
kill -9 pid - to kill a process
9 to force
killall -9 p_name - to kill the process by name
jobs -to see the background jobs
fg job_id -to bring the job foreground
nice -n (-20 to +20) process -to assign a priority to a process
Eg: nice -n -20 sleep 200
Top level priority -20
Low level priority +20
Default priority 0
renice -n pri_no -p pid - to change the priority of a running process
Eg: renice -n 0 -p 5642
Tuned
Rpm required tuned
tuned-adm list -to see the available profiles
tuned-adm recommend -to recommend a profile
tuned-adm available -to see the current profile
tuned-adm profile profile_name -to set the profile

USER ADMINISTRATION
useradd user_name - to add a user
-d /dir - to change the default home directory
-s shell to change the default shell
-u to change the user id (ID)
-r to create system user id
-g for primary group
-G for secondary group
-a to add
-c for comment or contact details
-e for expiry
-M for no home directory

passwd user_name - to change the passwd for a user

-d to disable password
chown user_name.user_group /dir to change the ownership of a file or dir
usermod -d /dir user to change the home directory
-s shell to change the default shell
-u to change the user id (ID)
-r to create system user id
-g for primary group
-G for secondary group
-a for add
-l to change the login id
-c for comment or contact details
-e for expiry
-L for lock a user
-U to unlock a user
Echo $SHELL -to see the default shell
chsh -s shell user -to change the shell for a user
id user_name -to see the uid(user ID) and gid (Group ID)
groupadd group_name -to create a group
groupmod -n new_gname old_name -to change a group name
groupdel g_name - to delete a group name
chfn user_name-for comment or contact details
chage -E date u_name -for account expiry
-M days U_name for password expiry
-m for minimum no of time after changing the password to ch pass
-W days -for warning