Red Hat RHSCA

Configure a system to run a default configuration FTP server.

# yum -y install vsftpd # service vsftpd start # chkconfig vsftpd on

Configure a system to use an existing LDAP directory service for user and group information.

...

Mount, unmount, and use LUKS-encrypted file systems.

LUKS filesystems need to be "opened" before they can be mounted once opened it can be mounted with a command such as: #mount /dev/mapper/LUKS /home/luks_mount

Install and update software packages from Red Hat Network, a remote repository, or from the local file system.

Use yum to update and install packages.

Create hard and soft links.

Soft link: # ln -s /test/target /test/softlink Hard link: # ln /test/target /test/hardlink

Use grep and regular expressions to analyze text.

cat foobar.txt | grep text

Create, delete, and modify local user accounts.

useradd <usrname> usermod -a -G <groupname> <username> //add's user to a group

List, set, and change standard ugo/rwx permissions.

# chmod ugo+rwx file.test //Ads read write execute privileges to file # chmod ugo-rwx file.test //Removes read write execute privileges to file # chmod 755 file.test //Ads permissions based on octal format

Use boolean settings to modify system SELinux settings.

# getsebool -a //lists all SELinux boolean settings # setsebool -p <boolean>=1 //turns on SELinux boolean setting Example: #setsebool -P samba_run_unconfined=1 settings can also be toggled with # togglesebool <sebool> SELinux booleans can also be configured with the system-config-selinux

List and identify SELinux file and process context.

# ls -Z //lists SELinux context for directories # ps -ef -Z //lists SELinux context for processes # id -Z //List SELinux contexts for users # cp -Z <user:role:type> // directory copy SELinux context for files. If not specified the file inherits the contex for the destination directory

Locate, read, and use system documentation including man, info, and files in /usr/share/doc.

# man <command # info <command> navigate to /usr/share/doc to find additional documentation Note: Red Hat may use applications during the exam that are not included in Red Hat Enterprise Linux for the purpose of evaluating candidate's abilities to meet this objective.

Create and edit text files.

# nano TEXTFILE # vi TEXTFILE

Restore default file contexts.

# restorecon <filename>

Diagnose and address routine SELinux policy violations.

# sealert -a /var/log/audit/audit.log

Start, stop, and check the status of network services.

# service <name of service> start //example: service httpd start # service <name of service> stop # service <name of service> restart # service <name of service> status # checkconfig <name of service> on //turns on service at boot # checkconfig <name of service> off //turns off services at boot

Create and manage Access Control Lists (ACLs).

# setfacl -m u:boss:rwx /home/bonus_payouts.txt //add the user boss to the file # setfacl -x u:boss /home/bonus_payouts.txt //remove the user boss from the file # setfacl -b /home/bouns_payouts.txt //removes the acl settings from the file # getfacl /home/bonus_payouts.txt // lists the acl settings for the directory

Access remote systems using ssh and VNC.

# ssh 192.168.1.100 -l USERNAME # vncviewer 192.168.1.100

Extend existing unencrypted ext4-formatted logical volumes.

# vgextend VG01 /dev/sdb1 //adds partition to volume group VG01 # lvextend -L +5g /dev/VG01/LV01 //adds 5gigs to logical volume LV01 # resize2fs -p /dev/VG01/LV01 //resizes the filesystem

Start and stop virtual machines.

# virsh start REDHATVM # virsh shutdown REDHATVM (Attempts a "graceful system shutdown) # virsh destroy REDHATVM (Equivalent to turning off the system with the power button unsaved data may be lost with this option.

Access a virtual machine's console.

# virt-viewer REDHATVM

Configure a physical machine to host virtual guests.

# yum -y groupinstall Virtualization # yum -y groupinstall "Virtualization Client"

Configure a system to run a default configuration HTTP server.

# yum -y install httpd # service httpd start # chkconfig httpd on

Configure systems to mount ext4, LUKS-encrypted, and network file systems automatically.

/etc/fstab entries /dev/mapper/LUKS ext4 defaults 1 2 /dev/sda1 /home ext4 defaults 1 2 //192.168.1.70/Share /home/win_mount cifs guest,_netdev 0 0 192.168.1.67:/home /home/nfs_local nfs defaults 0 0

Boot systems into different runlevels manually.

1) Boot your system and press any key within the allotted amount of time to get to the "Grub" bootloader screen. 2) Select your boot "OS" and press "a" to edit the boot command 3) Add the number of the runlevel you would like to use at the end of the command to boot to that runlevel Example: ro root=/dev/mapper/vg_centosvm-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD quiet SYSFONT=latarcyrheb-sun16 rhgb crashkernel=auto rd_LVM_LV=vg_centosvm/lv_swap KEYBOARDTYPE=pc KEYTABLE=us rd_LVM_LV=vg_centosvm/lv_root rd_NO_DM 1 The "1" at the end of the boot string will boot the system to runlevel 1

Use input-output redirection (>, >>, |, 2>, etc.).

> Directs output to a file or device (overwrites if the file exists Example # cat /etc/testdata.txt | grep fail > failures.txt < Directs input from the file or device >> Appends output or text to a file (creates if the file doesn't exist) | Redirects the output of one command to another

Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label.

Add the following line to the /etc/fstab UUID=6a235116-5447-4c68-b14a-644196d76902 /home ext4 defaults 1 2

Access a shell prompt and issue commands with correct syntax.

Applications | System Tools | Konsole

Configure systems to boot into a specific runlevel automatically.

Edit the /etc/inittab and specify the runlevel or exit the etc/grub.conf file

Use single-user mode to gain access to a system.

Boot the system to runlevel 1 as shown above to gain super user (root) access in run level 1

Configure systems to launch virtual machines at boot.

Configure this through the virt-manager or virt-viewer console or with the command # virsh autostart <VM Guest>

Create and configure set-GID directories for collaboration.

Create a directory to be shared by a group # mkdir /home/topsecret # chgrp -R security /home/topsecret //changes group owner of the folder to security # chmod 2755 /home/topsecret // Adds the GUID bit to the directory # chmod g+s /home/topsecret //Adds the GUID bit to the directory

Create, mount, unmount, and use ext2, ext3, and ext4 file systems

Create file systems # ext4: mkfs.ext4 /dev/sda1 # ext3: mkfs.ext3 /dev/sda1 # ext2: mkfs.ext2 /dev/sda1 # mkswap /dev/sda3 //makeswap partition Mount file system: # mount /dev/sda1 /mountpoint # mount -a //mounts all file systems in the /etc/fstab file Unmount file system: # umount /mountpoint

Create and remove physical volumes, assign physical volumes to volume groups, and create and delete logical volumes.

Create physical volume: # pvcreate -v /dev/sda1 /dev/sda2 Create volume group: # vgcreate -v -s 32 VG01 /dev/sda1 /dev/sda2 Create logical volume: # lvcreate -v 10g -n LV01 VG01 # lvcreate -v 15g -n LV02 VG01 Explanation: In order to create a logical volume the first thing that needs to be done is to format the partitions so they can be added to a volume group. This is done with the "pvcreate" command. The next step is to add the physical volumes to the volume group and that is done with the vgcreate command. The "-s 32" option define the physical extent size. The physical extent size determines the maximum size of the logical volume and the default physical extent size which 4mb. There are 65,536 physical extents available to a volume group with gives you a total size of 262,114mb or 256gb (4mb x 65,536 mb = 262,114mb) for the volume group. By setting the extent size to 32mb the maximum size of the volume group would be 2,097,152mb or approximately 2 terabytes (32mb x 65,536 = 2,097,152mb). Once the volume group has been defined the next step is to add the logical volumes to the volume group. The volumes created in the example above will be located in /dev/VG01/LV01 and /dev/VG01/LV02 these logical volumes can now be formatted with a file system, mounted and placed in the fstab so that they are mounted when the system boots. Format the Volumes # mkfs.ext4 /dev/VG01/LV01 # mkfs.ext4 /dev/VG01/LV02 Delete Volumes In order to remove the volumes you will need to run the following sequence of commands. # lvremove /dev/VG01/LV01 # lvremove /dev/VG01/LV02 # vgremove /dev/VG01 # pvremove /dev/sda1 /dev/sda2

Configure networking and hostname resolution statically or dynamically.

DHCP Configuration nano /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE="eth0" BOOTPROTO="dhcp" HWADDR="00:16:D4:39:5B:6F" NM_CONTROLLED="yes" ONBOOT="yes" Static IP DEVICE="eth0" IPADDR=192.168.1.100 NETMASK=255.255.255.0 HWADDR="00:16:D4:39:5B:6F" NM_CONTROLLED="yes" ONBOOT="yes" DNS1=192.168.1.254 /etc/sysconfig/network NETWORKING=yes HOSTNAME=RH_PC.com GATEWAY=192.168.1.254 # service network restart

Create, delete, copy, and move files and directories.

Delete file: # rm TESTFILE Copy file: # cp TESTFILE /home/testdir/ Move file # mv TESTFILE /home/testdir/TESTFILE.bak

Modify the system bootloader.

Edit the /etc/grub.conf file

Install Red Hat Enterprise Linux automatically using Kickstart.

Install a VM with kickstart # virt-install -n VMGUEST01 -r 2048 -vcpus=1 -l /home/RHINSTALL --disk path=/home/VM/VMGUEST01.img,size=50 -x "ks=/home/ks.cfg" Options -n Name of the VM Guest -r Amount of RAM in MB -vcpus Number of CPUs to be used -l location of the install files -disk d efine the location for the disk file and its size. The size is in GB -x location of the kickstart file This can also be done via virt-manager GUI

Update the kernel package appropriately to ensure a bootable system.

Install the new kernel side by side and edit the grub bootloader # yum -y install kernel //installs newest kernel and modifies grub to boot with new kernel

Install Red Hat Enterprise Linux systems as virtual guests.

Install virtual guests via the virt-manager console or via the virt-install command

List, create, delete, and set partition type for primary, extended, and logical partitions.

List partitions: # fdisk -l Delete: partitions 1) Open the drive with: # fdisk /dev/sda 2) Press "c" to turn off DOS-compatible mode and the "u" to display units in sectors. 3) Type n for a new partition. Each disk can have 4 primary partitions which are number 1-4. Partition 5 is the extended partition and partitions 6 - X are logical partitions. 4) Press "w" to write the changes to the disk or "q" to exit without saving changes.

Create, delete, and modify local groups and group memberships.

Manually edit the /etc/group file to add groups groupadd groupmod gpasswd

Mount and unmount CIFS and NFS network file systems.

Mount NFS Volume: # mount 192.168.1.67:/home /home/nfs_local Mount CFS Volume # mount -t cifs -o guest //192.168.1.70/Share /home/win_mount

Boot, reboot, and shut down a system normally.

Physically power on the system You can shutdown a system with the following commands Shutdown Commands # shutdown -h +<time delay in minutes> ex: shutdown -h +5 (Shuts down system in 5 min # shutdown -h now (shutdown immediately) # poweroff # init 0 (Switches to runlevel 0 which shutdown the system) # halt Reboots Commands # reboot # shutdown -r +<time delay in minutes> # shutdown -r now # init 6 //switches to runlevel 6 which reboots the system immediately

Log in and switch users in multiuser runlevels.

Switch user: # su <username> Switch to user to root: "# su -" or "# su root"

Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot.

The following procedure assumes that the dm_crypt module has been loaded. For a more detailed explanation please see # cryptsetup luksFormat /dev/sda1 //formats the drive and prompts you to create a passphrase # cryptsetup luksOpen /dev/sda1 luks01 //opens drive /dev/sda1 and maps it to /dev/mapper/luks01 # mkfs.ext4 /dev/mapper/luks01 //formats the volume with the ext4 file system. Now that the LUKS-encrypted volume has been created and formatted it can be added to the boot process. Create an "/etc/crypttab" file. Add the following line to the file and save it: luks01 /dev/sda1 the crypttab file will attempt to open the encrypted volume at boot and will prompt you for a password. If the file is successfully opened its mapped to /dev/mapper/luks01 next add the mapped volume to the fstab /dev/mapper/luks01 /LUKS ext4 defaults 1 2

Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2.

Uncompress tar: # tar -xvf file.tar Unpack zipped tarball: # tar -xzvf file.tar.gz Uncompress gzip: # gunzip file.gz Uncompress bzip2: # bunzip2 file.bz2 Uncompress star: # star -xv f=/tmp/file.star

Set enforcing and permissive modes for SELinux.

Use sestatus to determine if SELinux is in enforcing or permissive mode. This can be done by editing the /etc/sysconfig/selinux file or with the following commands # setenforce 1 //sets SELinux to run in enforcing mode # setenforce 0 //sets SELinux to run in permissive move#

Schedule tasks using cron

Username = tigerwoods # crontab -e sample entry default entries must edited with the "vi" editor */2 * * * * touch /home/tigerwoods/win_masters{1..10}.txt this entry creates the files "win_masters1.txt, win_masters2.txt through win_masters10.txt System crontab /etc/crontab The system crontab consists cron jobs for "system" processes. For example scripts that clean space from users home directories.

Locate and interpret system log files.

You can find the system logs in the /var/log directory. The logs can be viewed with text viwer commands such as cat, less and tail

Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes.

You can identify process with the following commands # ps aux # ps-ef # ps -u <username> // shows programs running for username # ps -o user,comm,pid,nice -u root //Gets the processes PID and Nice value for the root user top // Shows the stop processes that are using system resources You can kill processes with the following commands # kill -9 <process id> //hard close of the process # kill -15 <process id> //attempts to kill process gracefully # killall <process name> //kills the parent and all associated child processes Adjust process priorities # renice <priority number> <pid> nice priorities range from -19 to 20 with -19 being the hightest priority and -20 being the lowest.

Configure firewall settings using system-config-firewall or iptables.

You can open or close ports in the firewall by editing the /etc/sysconfig/iptables file

Add new partitions and logical volumes, and swap to a system non-destructively.

You need to be careful when editing the /etc/crypttab and /etc/fstab files. Errors could cause you to have boot problems which my cost valuable time to troubleshoot during the exam. Double check your work and make backup copies of the files in case you make a mistake.

Configure network services to start automatically at boot

chkconfig <service> on

Change passwords and adjust password aging for local user accounts.

passwd # chage -M 30 tigerwoods //sets the password to expire evert 30 days for user tigerwoods # chage -E "2012-05-31″ tigerwoods //sets the password to expire on 5/31/2012 for user tigerwoods