IST-191 Test 2
What is Stratis in RHEL9?
- A next-generation storage management solution that dynamically manages volumes as file systems are created and sized. - Stratis works with RHEL storage drivers and supports advanced features from LVM, XFS, and device mapper. - Stratis file systems do not have fixed sizes and use metadata to recognize managed pools, volumes, and file systems. - Stratis simplifies storage configuration, making disk space management easier for system administrators.
Two reasons why LVM is a good idea for Linux SysAdmins:
- It allows dynamic resizing of storage without downtime. - It simplifies data migration if a disk starts to fail.
What are the five reasons to partition a hard drive?
- Limit available space to applications or users. - Allow multibooting of different OS from the same disk. - Separate operating system and program files from other users. - Create a separate area for OS virtual memory swapping. - Limit disk space usage to improve the performance of diagnostic tools and backup imaging.
The complete range of nice levels:
-20 to 19
What file configures SELinux on a RHEL9 server?
/etc/selinux/config
What is parted?
A command used to create, delete, resize, and manage disk partitions.
Define ext4:
A file system known for its performance and reliability.
Define UUID:
A hexadecimal number used as a unique identifier for devices and partitions.
Define process scheduler.
A mechanism that rapidly switches between processes on a single core, creating the illusion of multiple processes running simultaneously.
What is SELinux context?
A name used by SELinux policy to determine whether a process can access a file, directory, or port.
What are nice levels in RHEL?
A priority level assigned to a process, ranging from -20 (highest priority) to 19 (lowest priority). Lower nice levels mean higher priority.
What is a tuning profile?
A set of predefined rules that configure system performance based on workload requirements.
Define VG (Volume Group):
A storage pool made up of one or more physical volumes.
Why do operating systems have to schedule processes?
Because not everything can run at once, process scheduling prevents chaos and ensures smooth system operation.
Explain GPT partitioning schemes
Built into UEFI, supports up to 128 partitions, uses 64-bit logical block addresses, better for large hard drives, and includes redundancy and error checking.
What does the chcon command do?
Changes the SELinux context on a file (it will not survive a reboot). chcon -t httpd_sys_content_t /virtual
Explain renice commands
Changes the niceness value of an existing process. renice -n 19 2740
Define udevadm settle:
Command that waits for the system to detect a new partition and create associated files in /dev.
Define swapon:
Command to activate a formatted swap space.
Define vgextend:
Command to add a new physical volume to a volume group.
Define mkfs:
Command to apply a specified file system to a block device.
Define mkswap:
Command to apply a swap signature to a device.
Define vgdisplay:
Command to confirm the additional physical extents available in the volume group.
Define lvcreate:
Command to create a new logical volume from available physical extents in a volume group.
Define vgcreate:
Command to create a volume group from one or more physical volumes.
Define lvdisplay:
Command to display information about logical volumes.
Define pvdisplay:
Command to display information about physical volumes.
Define pvcreate:
Command to divide a physical volume into physical extents of fixed size.
Define resize2fs:
Command to expand a file system to occupy the extended logical volume.
Define lvextend:
Command to extend the logical volume to a new size.
Define blkid:
Command to locate and print block device attributes.
Define mount:
Command to manually attach a device to a directory location.
Define pvmove:
Command to move data from one physical volume's extents to another within the same volume group.
Define lvremove:
Command to remove a logical volume no longer needed.
Define vgreduce:
Command to remove a physical volume from a volume group.
Define pvremove:
Command to remove a physical volume no longer needed.
Define vgremove:
Command to remove a volume group no longer needed.
Define lsblk:
Command to scan and list block devices, showing UUID.
Define dump:
Command used to back up a file system.
Define LV (Logical Volume):
Created from physical extents in a volume group and provides storage for the operating system, applications, and users.
Define xfs:
Default file system type in RHEL known for its scalability and performance.
What is the third mode in SELinux and what does it do?
Disabled: Turns SELinux off completely.
Data tier
Focuses on flexibility and integrity.
Cache tier
Focuses on improving performance, using block devices with high input/output per second.
What does the semodule -i mypol.pp command do?
Installs the custom policy (mypol).
What happens in SELinux Permissive mode?
It behaves like enforcing mode but allows rule violations, useful for testing.
What does the grep httpd /var/log/audit/audit.log | audit2allow -M mypol command do?
It builds a small modification (module) for the SELinux targeted policy with your custom change.
What is the benefit of installing the setroubleshoot-server package on a RHEL9 server?
It provides detailed reports and possible solutions, making troubleshooting easier.
What does the getenforce command do?
It shows the current SELinux mode.
What does the _t at the end of an SELinux context mean?
It tells you what type of content the file path is for.
What does the semanage boolean -l -C command do?
Lists booleans where the current state differs from the default state.
What does the semanage fcontext -l command do?
Lists default SELinux file contexts.
What is LVM?
Logical Volume Management (LVM) makes it easier to manage disk space dynamically.
Define xfs_growfs:
Mount point command to expand the file system to occupy the extended logical volume.
In the top command output, what are the PR and NI columns?
NI column: Represents the nice value, starts at 0. PR column: Represents the priority level, starts at 20.
Who can make a process "more greedy" (less nice) on a Linux server?
Only the root user can decrease niceness (i.e., assign lower nice values).
What does the sealert -l 613ca624-248d-48a2-a7d9-d28f5bbe2763 command do?
Produces a report for the specified incident number.
What does the restorecon command do?
Restores the SELinux context based on the file location (relabeling). restorecon -v /virtual
Explain multitasking?
Running multiple processes simultaneously where the system divides attention between the different tasks.
What happens in SELinux Enforcing mode?
SELinux is on and functioning according to the policy.
Explain nice commands
Sets the initial niceness of a new process. nice -n 15 sleep 60 & p
Define physical extent:
Small chunks of data that serve as the smallest storage blocks on a physical volume (PV).
Define print:
Subcommand to display the partition table.
Define mklabel:
Subcommand to wipe the existing partition table and set it up for reuse.
Explain MBR partitioning schemes
Supports 4 primary partitions (max 15 partitions), uses 32-bit partition size, and supports up to 2 tebibytes. The 4th partition holds extended partitions.
What are SELinux booleans?
Switches that modify the SELinux policy behavior by enabling or disabling specific rules.
Define TiB:
Tebibytes, powers of 2, about 10% more than 2 terabytes.
Define mount point:
The directory location where a file system is mounted.
What variables must be set in the SELinux configuration file?
The type (defines the policy) and the SELINUX= (set to enforcing, permissive, or disabled).
What is the equivalent to SELinux in the Microsoft Windows operating system?
There is no equivalent in the Microsoft world.
What is the primary goal of SELinux?
To protect user data from system services that have been compromised.
Define UEFI:
Unified Extensible Firmware Interface, commonly used for booting computer hardware.
Who can make a process "more nice" on a Linux server?
Unprivileged users can only increase niceness on their own processes.
Define PV (Physical Volume):
Used to register physical devices for use in volume groups.
What are the four contexts of SELinux labels? Which one does RHEL9 use?
User, role, type, and sensitivity. RHEL9 uses the type context.
Define fsck:
Utility that checks and repairs inconsistencies in the file system.
Explain the tuning profile - balanced
a compromise between power saving and performance
Explain the tuning profile - oracle
a profile optimized for oracle databases
What is Field 4 in an /etc/fstab entry?
comma-separated list of options
Explain the tuning profile - desktop
derived from balanced profile and provides a faster response for interactive applications, improving the user experience
Explain the tuning profile - network-latency
derived from latency-performance profile and enables additional network tuning parameters to provide low network latency
Explain the tuning profile - network-throughput
derived from the throughput-performance profile and adds specific network tuning parameters to maximize network throughput
What is Field 6 in an /etc/fstab entry?
determines if fsck should run at boot to verify file systems
What is Field 2 in an /etc/fstab entry?
directory mount point
What is Field 3 in an /etc/fstab entry?
file system type
What command shows all booleans on a RHEL9 server?
getsebool -a
These kinds of processes attempt to keep CPU usage to themselves:
greedy processes
What is dynamic tuning?
it adjusts settings based on runtime behavior in order to best fit a systems needs.
What is static tuning?
it applies predefined settings without adjustment
What is the tuned daemon in RHEL?
it applies tuning adjustments both statically and dynamically using profiles to optimize system performance.
What does the command tuned-adm recommend do?
it recommends a tuning profile for the system based on various system characteristics.
What file system type is used to create a swap partition on a GPT system using parted?
linux-swap
These kinds of processes easily give up their CPU resources for others:
nice processes
Explain the tuning profile - latency-performance
optimized for low latency at the expense of power consumption
What two packages must be installed on RHEL9 for the semanage and restorecon commands?
policycoreutils policycoreutils-python-utils
What are the two categories of tuning profiles?
power saving performance boosting
Can renice processes belonging to other users:
root user
What does SE stand for in SELinux?
security enhanced
What is the command to change SELinux to Permissive mode?
setenforce 0
What is the swap pri setting and how do you set it?
sets the swap space priority in the /etc/fstab
What is Field 1 in an /etc/fstab entry?
specifies the device
Stratis command to take a snapshot:
stratis filesystem snapshot pool1 filesystem1 snapshot1
Stratis command to add storage to an existing pool:
stratis pool add-data pool1 /dev/vdc
Stratis command to create a pool:
stratis pool create pool1 /dev/vdb
What SELinux boolean command allows users to have the document root for Apache in their home directories?
sudo setsebool -P httpd_enable_homedirs on
What SELinux policy does RHEL9 use?
targeted policy
What is the option generally used by ls, ps, mkdir, and cp to display or change SELinux context?
the -Z option
What technique does Linux use to schedule processes?
time-slicing
Write the command to show a list of all available and used tuning profiles on a RHEL server.
tuned-adm list
Write the command to activate the powersave tuning profile
tuned-adm profile powersave
Explain the tuning profile - virtual-host
tunes system performance for hosting virtual machines
Explain the tuning profile - virtual-guest
tunes system performance for when it is running as a guest virtual machine
Explain the tuning profile - throughput-performance
tunes the system for maximum throughput (data transfer rates)
How much swap space should be configured when installing RHEL9 on a virtual machine with 2GB of RAM?
twice the ram (4GB)
Cannot assign negative nice levels:
unprivileged user
What is Field 5 in an /etc/fstab entry?
used by the dump command to back up the device
