RHCSA
what is sticky bit
0+t only the user that creates the file and root can delete files with int the divroty an example is /tmp
setuguid
4 and g+s directoy : inhert the permissions form direcoty not the person who created file: setgid set on an executable file, commands run as the group that owns that file not as the user that ran the command . for example locat command
u+s (SUID) effects on file
File executes as the user that owns the file, not the user that ran the file.
how to find the process owned by user
pgrep -l -u ali
what is the diference between restart and reload
reload does not change process ID
verify the boot grubby
grubby --default-index
find grub to boot in a different kernel
grubby --info=ALL
set grubby to index 5
grubby --set-default-index=5
how to test the DNS name resolution
host classroom.example.com
how to change th hostname
hostnamectl set-hostname host.example hostnamectl status
how to find the content - if semanage command not found
ls -dZ /lab-content /var/www/html - yum install policycoreutils-python-utils
display seliunx context SELINUX how to check it on files SELINUX how to check it on directory how to copy the context also when moving a file
ls -lZ ls -lZ cp -a *when you move the file it will take its all context with him. but if you cp the file it will inhert context from it new folder.
how to activate swap
lsblk ----> to check whats you have parted /dev/vdb print -----> to check the partition parted /dev/vdb mkpart swap1 linux-swap 2000MB 2512M udevadm settle mkswap /dev/vdb2 echo "UUID swap swap defaults 0 0" >> /etc/fstab echo "UUID swap swap pri=20 0 0" >> /etc/fstab --> only if you need more than 1 swap swapon /dev/vdb2 swapon -a swapon --show systemctl daemon-reload
how to discover UUID of the filesystem
lsblk -fp /dev/sdb
how to unmount the FS if stuck
some times you are inside the same mount point - this is also one reason umount /mnt/data lsof /mnt/data once identified the process you can kill it
Troubleshooting ports
ss -ta ss -la
delete the user with its personal data
userdell -r <username>
how to change the Group Membership from the Command Line of user. make a main group. add a suplimentory group to a user
usermod -g group1 user01 usermod -aG <group> <user>
howto set user nologin no shell
usermod -s /sbin/nologin user03
volume group command
vgcreate <>vgname> /dev/sdc /dev/sdb
you system is going to use as a router for two networks , one network is 192.168.0.0/24 and anoher network is 192.168.1.0/24.both network IP address has asinged . how will you forward the packets form one network to another network?
vi /proc/sys/net
how to change the target runtim
systemctl isolate multi-user.target
how to send syslog message manually
logger -p local7.notice "LOG ENTRY CREATED ON HOST"
configure rsyslog to log all messages with the debug priotity or higher to the new file name /var/log/message-debug
*.debug /var/log/messages-debug write above mentioned in the file /etc/rsyslog.d/debug.conf logger -p user.debug "Debug test" systemctl restart rsyslog tail /var/log/messages-debug --------------------------------------------------Exercise 13-2 Changing rsyslog.conf Rules 1. By default, the Apache service does not log through rsyslog but keeps its own logging. You are going to change that. To start, type yum install -y httpd to install the Apache service. 2. After installing the Apache service, open its configuration file /etc/http/conf/ httpd.conf and add the following line to it: ErrorLog syslog:local1 3. Type systemctl restart httpd. 4. Create a line in the rsyslog.conf file that will send all messages that it receives for facility local1 (which is now used by the httpd service) to the file /var/log/ httpd-error.log. To do this, include the following line: local1.error /var/log/httpd-error.log 5. Tell rsyslogd to reload its configuration, by using systemctl restart rsyslog. 6. All Apache error messages will now be written to the httpd-error.log file. 7. From the Firefox browser, go to http://localhost. As no index.html page exists yet, this will be written to the error log. 8. Create a snap-in file that logs debug messages to a specific file as well. To do this, type echo "*.debug /var/log/messages-debug"> /etc/rsyslog.d/ debug.conf. 9. Again, restart rsyslogd using systemctl restart rsyslog. 10. Use the command tail -f /var/log/messages-debug to open a trace on the newly created file. 11. Type logger -p daemon.debug "Daemon Debug Message". You'll see the debug message passing by. 12. Press Ctrl-C to close the debug log file.
lvcreate difference between -l and -L
-L option which expects size in bytes,megabytes,gigabytes. -l which expects size as number of physical extends
change the password lenght overall system
/etc/security/pwquality.conf --> here you can change the passwd lenght and other stuff related with passwd
troubleshooting selinux
1 - less /var/log/messages ( copy the sealert) 2- sealert -l uid .. 3- auserach -m AVC -ts recent
tmpfile managining. ---------------------- 1- what is the location main default tmpfile where system handles 2- where is the location of admin tmpfile 3-what name and what to write to delete in the /run/rhsa -how to run clean
1- /usr/lib/tmpfiles.d/tmp.conf ---> for the example 2-/etc/tmpfiles.d ---> you creat your file mytmp.conf 3- (i)echo "d /run/rhsa 0700 root root 30s" /etc/tmpfiles.d/mytmp.conf 3-(ii) systemd-tmpfiles --create /etc/tmpfiles/mytmp.conf 2- systemd-tmpfiles --clean /etc/tmpfiles.d/mytemp.conf | systemd-tmpfiles --create /etc/tmpfile.d/mytemp.conf
1- force user to change the password on the next login 2- display the information about user 3- expire account on 2-2-2020 4-command to expire the account and lock the command in same command. 5- asign no login shell 6- change the password policy for the consultant account to require a new pass every 15 days 7-Set the passwords to expire 180 days from the current date for all users. Use administrative rights to edit the configuration file. 8- The chown command can also be used to change group ownership of a file by preceding the group name with a colon (:). For example, the following command changes the group test_dir to admins: 9-The chown command can also be used to change both owner and group at the same time 10- how to unlock the user
1- chage -d 0 user01 2- chage -l user01 3- i- # date -d "+45 days" +%F ii # chage -E 2020-10-01 user01 4- chage -L -e 2019-0-05 user01 5- usermod -s /sbin/nologin user01 6- chage -M 15 consultant 7-Set PASS_MAX_DAYS to 180in/etc/login.defs. Use administrative rights when opening the file with the text editor. You can use the sudo vim /etc/login.defs command to perform this step. 8-chown :admins test_dir 9-chown visitor:guests test_dir #chown owner.group filename 10- usermod -U <username>
configure rsyslog - configured to have the rsyslog service write messages related to authentication and security issues to the
1- create a file /etc/rsyslog.d/auth-errors.conf authpriv.alert /var/log/auth-errors 2- systemctl restart rsyslog 3- logger -p authpriv.alert "logging test"
configure a new log file which stores all the messages related to authenticaton failure
1- create a file in /etc/rsyslog.d/auth-errors.conf authepriv.alert /var/log/auth-errors systemctl restart rsyslog 3- logger -p authpriv.alert "I LOVEU" file to have the all the configureation /etc/tbtab you will see rysylog.conf
find command: find path search option action 1- search a file 2- search the files names started with *usb 3-find files smaller than 1MB in size in the root user's home directory 4-find the files larger than +40M 5-find the file in root with the ownership set to user and owning group set to any group other than 6- to search for directories by the ame src n /usr at a maximum of two subdirectory 7- find the file in the /etc directory that were modified -mtime more than the +sign 2000 dats ago 8- find files in the /var/log directoru that have been modified (-mmin int eh past 100min
1- find . -name file01 -print 2-fine /dev -name *usb 3- find ~ -size -1M 4- find / -size +40M 5- find / daemon -not -group user1 6- find /usr -maxdepth 2 -type d -name src 7- find /etc -mtime +2000 8-find files in the /var/log -mmin -100
Resetting the Root Password
1- interupt the boot with any key add at the linux line rd.break and then control+X 2- mount -o remount,rw /sysroot 3- chroot /sysroot 4-passwd root 5-touch /.autorelabel 6-exit twice time
You will add a non-standard network port 8010 to the SELINUX policy datavase for the httpd service and confirm the addition. you will then reove the port form the policy and verify the deletion.
1- list the ports for the httpd service " semanage port -l | grep ^http_port 2- Add port 8010 witht the -type (-t) http_port_t and protocol -p tcp to the polciy " semanage port -at http_port_t -p tcp 8010 " 3-confirm the addition " semanage port -l | grep $http_port 4-delete the port " semanage port -d -p tcp 8010
make partion and mount it under /mnt/data
1- lsblk --fs /dev/vdb 2- parted /dev/vdb print 3- parted /dev/vdb mklabel msdos ----> for GPT put GPT/MBR =msdos 4-parted /dev/vdb mkpart primary xfs 2048s 1001MB 5-udevadm settle 6- lsblk --fs /dev/vdb ------ blkid 7- echo "UUID=e3db1abe-6d96-4faa-a213-b96a6f85dcc1 /archive xfs defaults 0 0" >>/etc/fstab 8- mount -a 9- sdsystemctl reboot
add ip configure in all steps
1- nmcli con show --active * nmcli dev show 2-nmcli con show 3-nmcli con add con-name "Linux-addr" ifname ens3 --type ethernet ipv4.method manual ipv4.address <IP> ipv4.gateway 4-nmcli con mod "static-addr" ipv4.dns 5-nmcli con show 6- nmcli con show --active 7-nmcli con mod "Wired conneciton 1" connection.autoconnect no 7-nmcli con up "static-addre- con-name" 7-nmcli con mod "Wired conneciton 1" connection.autoconnect no * nmcli con mod "static-ens3" ipv4.ignore-auto-dns yes *nmcli con mod "lab" +ipv4.addresses 10.0.1.1/24
Two processes on serverb are consuming a high percentage of CPU usage. Adjust each process's nice level to 10 to allow more CPU time for other processes. 1-take out the biggest consumers 2-identify the currrent nice lvevel for each of the top two CPU consumers. 3-renice to 10
1- ps aux --sort=pcpu 2-ps -o pid,pcpu,nice,comm $(pgrep sha1sum;pgrep md5sum) 3-renice -n 10 pid1 pid2
Fix the mount point problem
1- reboot and e and systemd.unit=emergency.target 2-give root pass 3-mount --> check ro on mount point 4-mount -o remount,rw / 5- mount -a ---> u will get error that mount does not exists 6-clean the /etc/fstab 7-systemctl daemon-reload
1- how to check which default target target is ... 2- swith to the multi-user target ( without rebooting) 3- boot automatically into the multi-user target 4- set the target to graphical target 5-list all the target
1- systemctl get-default 2- systemctl isolate multi-user.target 3-systemctl set-default multi-user.target 4- systemctl set-default graphical.target 5-systemctl list-units --type=target --all
1- display the status of the chronyd 2- check the chrond ps 3-sshd service is enabled to start 4-active the sshd 5-list the enabled or disabled status of all service units
1- sytemctl status chronyd 2- ps --p 680 3-systemctl is-enabled sshd 4-systemctl is-active sshd 5-sytemctl list-unit-files --type=service
1- how to zip a directory 2- how to tar the folder 3- how to uncompress .tar file 4-by bzip2 compress the file anme testfile 5-unzip bzip2 file
1- tar -zcvf archive.tar.gz /folder 2- tar -cvf archive.tar.gz /foler 3- tar -xvf archine.tar.gz 4- bzip2 testfile 5- bzip2 -d
you have a ext4 file system of 350M reduce to 250M
1- umount the filesystem - 2 reduce the FS "resize2fs /dev/mapper/VGLV01 250M " 3- lvreduce -L 250M /dev/mapper/VGLV01 250M 3- mount /dev/mapper/VGLV01 /shrink
download and install a new kernel
1- uname -r 2-rpm -qa | grep kernel 3-dnf install /tmp/kernel* -y 4-dnf list installed kernel* * /boot/grub2/grubenv has an entry with the svaed entry
shrink the ext4 filesystem
1- unmount 2- e2fsck -f /dev/mapper/XXX 3-resize2fs /dev/mapper/XXXX 50M 4-lvreduce -l 50M /dev/mapper/XXX 5-mount -a
Extending the Logical volumes
1- vgdisplay ---> to check what is the status 2-parted -s /dev/vdb mkpart primary 2500MiB 600MiB 3-udevadm settle 4-pvcreate /dev/vdb3 ( partition 3 is newly added one) 5-vgextend servera_01_vg /dev/vdb3 6-lvextend -L 700M /dev/sererva_01_vg/servera_01_lv 8- xfs_growfs /data
virtual machine activity : 1- how to list the vm 2- stop start the vm 3- check the information about the vm, storage and other information.
1- virsh list --all 2-virsh start centos7.0 3- virsh edit centos7.0
tuning: 1- install tuned 2- enable tuned 3- list all the profiles 4- active tuning profile to the balanced profile 5- confirm which profile has been activated 6- deactivate tuned daemon
1- yum install tuned ( you can confirm tuned is intalled yum list tuned 2- systemctl is-enabled tuned 3- tuned-adm list OR tuned-adm active 4-tuned-adm profile balanced 5- tuned-adm profile_info 6-tuned-adm off
install and configure VDO verify that vdo1 has deduplication and commpression formate vdo1.volume with the xfs Create three copies of the same file named /root/install.img on the vdo1 volume. Compare the statistics of the volume to verify the data deduplication and compression happening on the volume. The preceding output may vary on your system.. View the initial statistics and status of the volume using the vdostats command.
1- yum install vdo kmod-kvdo 2-vdo create --name=vdo1 --device=.dev.vdd --vdoLogicalSize-50G vdo list 3-vdo status --name=vdo1 | grep Deduplication vdo status --name=vdo1 | grep Compression 4-mkfs.xfs -K /dev/mapper/vdo1 [for ext mkfs.ext -E /dev/mapper/vdo 5-udevadm settle mkdir /mnt./vdo1 mount /dev/mapper/vdo1 /mnt/.vdo1 vdostats --human-readable UUID=ef8c...39b1 /labvdovol xfs defaults,x-systemd.requires=vdo.service 0 0 ---------o stop deduplication on a VDO volume, use the following command: # vdo disableDeduplication --name=my_vdo This stops the associated UDS index and informs the VDO volume that deduplication is no longer active. To restart deduplication on a VDO volume, use the following command: # vdo enableDeduplication --name=my_vdo This restarts the associated UDS index and informs the VDO volume that deduplication is active again.
1- where you need to create a file if you want to add into yum repo 2-create a file in your memory for repo (yum)
1-/etc/yum.repos.d 2- [rh-updates] name=ABC baseurl=http://abc.com enabled=1 gpgcheck=0
how to modifying the groups 1- modify the name of the group 2- modify the guid 3-how to delete the group 4-Create the operators supplementary group with the GID of 30000.
1-groupmod -n group0022 group02 2-groupmod -g 20000 group0022 3-groupmod -d groupname 4-groupadd -g 300000 operators
1- view hisotry of failed user login attempt 2-report recent user login attmepts
1-lastb 2-lastlog
1- how to initialize the newly create partition with swapspace 2- activate swap 3- off the swap 4-confirm the swap space 5-swapon thorught /etc/fstab
1-mkswap /dev/sdb2 2-swapon /dev/vdb2 3-swapoff /dev/vdb2 4-swapon --show 5-swapon -a
make a selinux context on /physical folder and all its underlying files
1-semanage fcontext -l --> make sure that files are having correct file context followed by restorecon 1*- ls -ldZ /var/www /physical to check what is the context 2* - semanage fcontext -a -t httpd_sys_content_t '/physical(/.*)?' 3- restorecon -RFvv /physical/ ls -ldZ ls -Z /physical ---> to check the file
NTP + More 1- time: how to set the time 2- confgirue the ch.... service .turn the time synchronization 3- check the time is synchronizing 4- how to activate the ntp 5- what is the service name chrony 6- set the time
1-tzselect OR timedatectl list-timezones | grep Jamica 2-edit /etc/chrony.conf >>> in order to set ntp server server class.com ibrust 2-timedatectl set-ntp yes 2-timedatectl 3-chronyc sources -v 4-timedatectl set-ntp yes 5-chronydtimdatectl 6- timedatectl set-time HH:MM:SS
1. stratis install and enable 2.create pool stratispool1 on /dev/vdb 3.verify it 4.expand the stratispool1 list 5- add persistently in fstab
1-yum isntall -y stratisd stratis-cli 2-stratis pool create stratispool1 /dev/vdb 3-stratis pool list 4- stratis pool add-data stratispool1 /dev/vdc 5-stratis blockdev list stratispool1 6-stratis filesystem create stratispool1 stratis-filesystem1 7-mkdir /stratisvol 8-mount /stratis/stratispool1/stratis-filesystem1 /stratisvol 9-echo "Hello World!" > /stratisvol/file1 10-dd if=/dev/urandom of=/stratisvol/file2 bs=1M count=2048 11-stratis filesystem snapshot stratispool1 stratis-filesystem1 stratis-filesystem1-snap 12- rm /stratisvol/file1 13-mkdir /stratisvol-snap 14-mount /stratis/stratispool1/stratis-filesystem1-snap \ /stratisvol-snap 15- cat /stratisvol-snap/file1 16-umount /stratisvol-snap 17-umount /stratisvol 18- stratis filesystem destroy stratispool1 stratis-filesystem1-snap 19-stratis filesystem destroy stratispool1 stratis-filesystem1 ----- UUID=a1f0b64a-4ebb-4d4e-9543-b1d79f600283 /fs1 xfs defaults,x-systemd.requires=stratisd.service 0 0 -- [root@server2 ~]# lsblk --out=UUID /stratis/stratispool/stratisfs lsblk: option '--out=UUID' is ambiguous; possibilities: '--output' '--output-all' Try 'lsblk --help' for more information. [root@server2 ~]# lsblk --output=UUID /stratis/stratispool/stratisfs UUID 986735d8-90b4-45b9-a648-1550ae96fb87 [root@server2
List available modules and streams. Look for the httpd module. Use the yum install command to install the httpd module with the 2.4 stream and the common profile.
1. yum module list 2. yum module install httpd:2.4/common
Vim 1- how to set the line numbers 2- how to copy paste the line
:set num go to the line and yy and go to the new line and do p
Automount two senarios ... 1 nfsdata mount automaticall 2- mount /users/user1 /user/user2 automatically. both are presented from master nfs server.
AUTOMOUNT 2 stpes ======= /etc/auto.master first you nee to edit the master confighuratin file (/etc/auto.master) in this file you identify the mount point from the master remote server ( for instance, /nfsdata )next on the same line you identify the name of the secondary frile, as all further configuration happens in this secondary file. the line create could looks as follow /nfsdata /etc/auto.nfsdata in the secondary file you put the name of the subdirectory that will be created in the mount point directory as a relative filename. for instance you start the line with files , to mount /nfsdata/files . after the name of he subdirectory you specify NFS mount option , as well as serer and share name to access the NFS share. Files -rw server2:/nfsdata LAB1 configuring direct and indeirect maps to mount NFS shares --------------------------------------- 1- install autofs yum install -y autofs 2-check the remote NFS master server is providing the mountpoints showmount -e server2.example.com 3- create a mapping file in /etec/auto.master /nfsdata /etc/auto.nfsdata 4- create aa file /etc/auto.nfsdata files 192.168.55.150:/data the system will create the automatically files folder and nfsdata the system will create /nfsdata automatically on the system. you need to do cd /nfsdata/files ------- mount the user directory from nfs server in /etc/export file you have entery of /users in users you have already user1 and user2 directory you have already /users exported 1- go to /etc/auto.master and add /users /etc/auto.users 2- go to the /etc/auto.users * -rw server2:/users/& systemctl autofs restart cd /users/user1 ---> to check if it is working or not ------------------------------------------------------
Selecting a different boot target at the boot time
Boot or reboot the system. 2. Interrupt the boot loader menu countdown by pressing any key (except Enter which would initiate a normal boot). 3. Move the cursor to the kernel entry that you want to start. 4. Press e to edit the current entry. 5. Move the cursor to the line that starts with linux. This is the kernel command line. 6. Append systemd.unit=target.target. For example, systemd.unit=emergency.target. 7. Press Ctrl+x to boot with these changes.
g+s (sgid
Effects on file : File executes as the group that owns the file. Files newly created in the directory have their group owner set to match the group owner of the directory.
semanage command not found which utils needs to install
SELinux contexts, install the policycoreutil package and the policycoreutil-python package if needed
what is the execute and read and write permission : numerical
execute =1 read = 4 write = 2
special permissions
Setting Special Permissions • Symbolically: setuid = u+s; setgid = g+s; sticky = o+t • Numerically (fourth preceding digit): setuid = 4; setgid = 2; sticky = 1ls
Setting Special Permissions
Symbolically: setuid = u+s; setgid = g+s; sticky = o+t Numerically (fourth preceding digit): setuid = 4; setgid = 2; sticky = 1 g-s --> to reomve Examples Add the setgid bit on directory: [user@host ~]# chmod g+s directory Set the setgid bit and add read/write/execute permissions for user and group, with no access for others, on directory: [user@host ~]# chmod 2770 directory
how to add the sudoers group and give access
To enable sudo access to the group named gourp01 echo /etc/sudoers.d/group01 >> %group01 ALL=(ALL) AL
change the letter in vi from a file
Type :%s/ox/OX/g.
enteries of swap space in /etc/fstab
UUID=af30cbb0-3866-466a-825a-58889a49ef33 swap swap defaults 0 0 UUID=39e2667a-9458-42fe-9665-c5c854605881 swap swap pri=4 0 0 UUID=fbd7fa60-b781-44a8-961b-37ac3ef572bf swap swap pri=10 0 0
On serverb configure a software repository to obtain updates. Name the repository as errata and configure the repository in the /etc/yum.repos.d/errata.repo file. It should access http://content.example.com/rhel8.0/x86_64/rhcsa-practice/errata. Do not check GPG signatures.
[errata] name=Red Hat Updates baseurl=http://content.example.com/rhel8.0/x86_64/rhcsa-practice/errata enabled=1 gpgcheck=0 /etcx/yum.repos.d/errata.repo
how to control the user access for at and corn
at.allow /at.denay/cron.allow/cron.deny just enter the username here per line.
configuring password ageing
chage command will do this: m=maximum, W warning, I inactivity
configure rsyslog to write specific logs to message to a new file
check systemctl status rsyslog 1- create a file /etc/rsyslog.d/debug.conf *debug /var/log/messages 2- systemctl restart rsyslog 3- send test message logger -p user.debug " WE ARE THE AVENGERS"
how to change the group ownership of the file
chgrp admingroup /data
Set the setgid bit and add read/write/execute permissions for user and group, with no access for others, on directory:
chmod 2770
Use the chmod command to set the group permission for the /home/techdocs directory. On the /home/techdocs directory, configure setgid (2), read/write/execute permissions (7) for the owner/user and group, and no permissions (0) for other users.
chmod 2770 /home/tecdocs
add a setgid bit on the directory
chmod g+s folder
Give the owner rx permissions deny rwx permission for group, others give write permission to the group give execute permission to everybody ok to combin like this with a comma
chmod u=rx file chmod go-rwx file chmod g+w file chmod a+x file1 file2 chmod g+rx,o+x file
how to add into sudoers user how to setup sudo for a user
echo /etc/sudoers.d/user01 >> user01 ALL=(ALL) ALL you can do like this....OR in the file user20 ALL=(ALL) NOPASSWD:ALL usermod -aG wheel user visudo --> %wheel ALL=(ALL) ALL
how to modify the prompt
export PS1="< $LOGNAME on $ (hostname) in \ $PWD"
find a file which are more than 100M
find / -type f -size +!00M
find files of user alex and redirect to the file name tt
find / -user alex -type f >> /home/alex/tt
find and copy files of harry to /opt/dir
find / -user harry -exec cp -rfp {} /opt/dir/ \;
find all the files which are related by user lind
find / -user linda
find out files owned by vagrant and copy them to directory /tmp
find / -user vagrant -exec cp -a {} /tmp/ \;
find all the files owned by vagrant and cpy to /tmp/vagrantfiles
find / -user vagrant -exec cp -a {} /tmp/vagrantfiles \;
find the file +10k
find /etc -size 10k -exec cp {} /tmp/findfiles \;
find files which are older than 720 days and move them to the /root/oldfiles
find /etc/ -maxdepth 1 -mtime +720 > /root/oldfiles
how to check all the firewall how to check all the default services how to open the service into the firewall rules how to open the service into the firewall permanently how to install firewall-config -graphical
firewall-cmd --list-all firewall-cmd --get-services firewall-cmd --add-service ftp --this will change runtime only firewall-cmd --add-service ftp --permanently firewall-cmd --list-all yum intall firewall-config
how to check seboolean how to set the seboolean permanently
getsebool -a | grep home OR getsebool -a setsebool -P httpd_enable_omedirs on
How to add a nameserver
go to /etc/resolve.conf
how to reserve the system journal storaing the system journal permanently
go to /etc/systemd/jounald.conf and uncomment the #Stroage and changed to Stroage=persistent systemctl restart systemd-journald now check in ls /var/log/journal here should be a file journalctl -b 2 --> second boot entry ournalctl -b ----> current system boot
how to remove a user from the group
gpasswd -d user group
how to remove user from group
gpasswd -d username groupname
how to create a group with the specific group. nomally it takes according to the /etc/login.defs
groupadd -g 10000 groupname groupadd -g <GUID> groupname
Access the boot loader by rebooting workstation again. From within the boot loader menu, boot into the rescue target.
interrupt > Linux > end > at end "systemd.unit=rescue.target
show link statistics how to check the routes trace path
ip -s link show ens3 ip route /ip -6 route tracepath access.redhat.com
how to add a chronyd into the firewall
itwill be the port firewall-cmd --zone-public --add-port=123/udp
display the last 10 enteries of journaltctl similar like tail -f do what journalctl do what journalctl understand user journalctl to list all the enteries from todaa last one hours how to check the warning Display all log events recorded in the past 10 minutes from the current time on servera use the unit and get the logs from jounalctl
journalctl -n 5 hournaltctl -f and control +C to get out debug, info, notice,warning, err, crit,alert and emerg journalctl --since today journalctl --since tomorrow /yesterday journalctl --since "2019-02-10 20:30:00" \ --until "2019-02-13 12:00:00" journalctl --since "-1 hour" journalctl -p warning journalctl --since "-10min" journalctl --since 9:00:00 _SYSTEMD_UNIT="sshd.service"
make a hard link ; named /abc/tt for file name /dev make a soft link : /home/tempdir for the file name /tmp
ln /dev /abc/tt ln -s /tmp /home/tempdir
change the kernal module cdrom and ext4
lsmod | less --> to check the online modinfo ext4 modprobe -r ext4 --------------------------- modprobe cdrom modprobe cdrom debug=1 modinfo cdrom
logical volume create command
lvcreate -n <name> -L 3G <name vgroup>
extend the partition
lvextend -L +200M /dev/RHCSA/pinehead
How to possible to set up sudo to allow a user to run commands as another user without entering their password:
make a file in /etc/sudoers directory. add a file of username ansible add ansible ALL=(ALL) NOPASSWD: ALL
on client command to mount smb
mount -t cifs //ip/share /mnt/smb -o username=xyz,password=bvr
mount local iso image on the system
mount -t iso9660 -o loop path/to/image.iso /mnt/iso /etc/fstab /root/CentOS-7-x86_64-NetInstall-2003.iso /mnt/cdrom iso9660 loop,ro,auto 0 0 mount /dev/sr0 /mnt/cdrom ---> first mount in vmware and then its in
on client command to mount nfs
mount -t nfs <ipaddressofthenfs.server>:/nfs /mnt/nfs
network attached storage with NFS nfsconf tool to configure /etc/nfs.conf to enable NFS client to work in version 4.X only and to ensurethat TCP mode is enabled and UDP mode is disabled
nfsconf --set nfsd udp n nfsconf --set nfsd vers2 n nfsconf --set nfsd vers3 n --- nfsconf --set nfsd tcp y nfsconf --set nfsd vers4 y nfsconf --set nfsd vers4.0 y nfsconf --set nfsd vers4.1 y mkdir /public mount -t nfs serverb.lab.example.com:/shares/public /public ls -l /public mount | grep public fstab entry serverb.lab.example.com:/shares/public /public nfs rw,sync 0 0 mount -a systemctl reboot ---------------------------------------------- OR sandar /etc/fstab 192.168.2.3:/nfs /mnt/nfs nfs _netdev 0 0
modify the ip address
nmcli
o+t (sticky)
no effect on files Users with write access to the directory can only remove files that they own; they cannot remove or force saves to files owned by other users.
how to create lvm partition on /dev/sdb with MBR disk label
parted -s /dev/sdb mklabel msdos parted -s /dev/sdb mkpart primary 2048s 2G parted -s /dev/sdb set 1 lvm on --> 1 is partition numnber pvcreate /dev/sdb vgcreate RHCSA /dev/sdb lvcreate -n pinhead -L 100MB RHCSA
how to delete the partition
parted /dev/vdb print rm 1 q
command to check the process and all the informations
ps axo pid,comm,nice,cls --sort=-nice
how to check the process tree
pstree -p ali %2
create a volume group and set 8M as a extends . then device a volume group containing 50 extends on volume group lv share .
pvcreate /dev/sdb vgcreate -s 8M vg1 /dev/sdb lvcreate -n lvshare -l 50 vg1 mkfs.ext4 /dev/mapper/vg01... uuid= /mnt/ ext4 defaults 0 0 mount -a
how to run the sealert repo
sealert -a /var/log/audit/audit.log
selinux alert how to generate
sealert -a /var/log/audit/sudit.log
create a file context rule that sets the default type to ....
semanage fcontext -a -t httpd_sys_content_t '/lab-content(/.*)?' restorecon -R /lab-content/
how to delete the ACL enteries set
setfacl -x u:user200 acliuser1 setfacl -b acluser1 ----> deletes the ACLs
add ip nmcli
sudo nmcli con add con-name "static-addr" ifname enX \ type ethernet ipv4.method manual \ ipv4.address 172.25.250.10/24 ipv4.gateway 172.25.250.254
how to restart the network in redhat 8
sudo nmcli networking off sudo nmcli networking on dont run remotly
how to set the default target
systemctl get-default target systemctl set-default <emergency.target systemctl set-default multi-user.target
verifying the specific state of the service
systemctl is-active sshd.service
1- check the servic e is enabled after boot disable after the boot
systemctl is-enabled chronyd systemctl disable chronyd
verfiy whether a service unit is enabled to start automatically during th boot
systemctl is-enabled sshd.service
how to switch to the new target at runtime
systemctl isolate <embergency.target>
how to set the default target
systemctl lis
how to check the dependencies of the service unit
systemctl list-dependencies
how to list the dependencies
systemctl list-dependencies sshd.service
do display all the unitfiles services with the status
systemctl list-unit-files --type=service
to list the availbale loaded target units list the default target
systemctl list-units --type target systemctl get-default
how to check the that how many taget units targets set the new trget graphical check the current target
systemctl list-units --type target systemctl set-default graphical.target systemctl get-default systemctl set-default multi-user.target
List all service units installed on servera.
systemctl list-units --type=service
listing a service units installed on the server
systemctl list-units --type=service --all
List all socket units, active and inactive on servera
systemctl list-units --type=socket --all systemctl list-units --type=service systemctl list-units-files --type=service
list the enabled or disabled states of all service units
systemctl list-units -files --type=services
how to mask a service
systemctl mask sendmail.service systemctl unmask sendmail.service
how to boot server in emergency mode
systemd.unit=emergency.target
File execute as the user that owns the file , not the user that ran the file file executes as the group that owns the files users cannot remove the other files owned by other users.
u+s no affects on directory g+s on files. executes as the group that owns the files :Files newly created in the directory have their group owner set to match the group owner of the directory o+t files not affect : Users with write access to the directory can only remove files that they own; they cannot remove or force saves to files owned by other users.
sealert not installed
yum install setroubleshoot setools
install module python36
yum module list python36 yum list python36 yum module remove python36
add a new repo with commandline
yum-config-manager --add-repo "http://redhat.com" and dont forget to add the gpgcheck=0
which is the tile to change the umask
~/mk.bashrc