RHCSA

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

what is sticky bit

0+t only the user that creates the file and root can delete files with int the divroty an example is /tmp

setuguid

4 and g+s directoy : inhert the permissions form direcoty not the person who created file: setgid set on an executable file, commands run as the group that owns that file not as the user that ran the command . for example locat command

u+s (SUID) effects on file

File executes as the user that owns the file, not the user that ran the file.

how to find the process owned by user

pgrep -l -u ali

what is the diference between restart and reload

reload does not change process ID

verify the boot grubby

grubby --default-index

find grub to boot in a different kernel

grubby --info=ALL

set grubby to index 5

grubby --set-default-index=5

how to test the DNS name resolution

host classroom.example.com

how to change th hostname

hostnamectl set-hostname host.example hostnamectl status

how to find the content - if semanage command not found

ls -dZ /lab-content /var/www/html - yum install policycoreutils-python-utils

display seliunx context SELINUX how to check it on files SELINUX how to check it on directory how to copy the context also when moving a file

ls -lZ ls -lZ cp -a *when you move the file it will take its all context with him. but if you cp the file it will inhert context from it new folder.

how to activate swap

lsblk ----> to check whats you have parted /dev/vdb print -----> to check the partition parted /dev/vdb mkpart swap1 linux-swap 2000MB 2512M udevadm settle mkswap /dev/vdb2 echo "UUID swap swap defaults 0 0" >> /etc/fstab echo "UUID swap swap pri=20 0 0" >> /etc/fstab --> only if you need more than 1 swap swapon /dev/vdb2 swapon -a swapon --show systemctl daemon-reload

how to discover UUID of the filesystem

lsblk -fp /dev/sdb

how to unmount the FS if stuck

some times you are inside the same mount point - this is also one reason umount /mnt/data lsof /mnt/data once identified the process you can kill it

Troubleshooting ports

ss -ta ss -la

delete the user with its personal data

userdell -r <username>

how to change the Group Membership from the Command Line of user. make a main group. add a suplimentory group to a user

usermod -g group1 user01 usermod -aG <group> <user>

howto set user nologin no shell

usermod -s /sbin/nologin user03

volume group command

vgcreate <>vgname> /dev/sdc /dev/sdb

you system is going to use as a router for two networks , one network is 192.168.0.0/24 and anoher network is 192.168.1.0/24.both network IP address has asinged . how will you forward the packets form one network to another network?

vi /proc/sys/net

how to change the target runtim

systemctl isolate multi-user.target

how to send syslog message manually

logger -p local7.notice "LOG ENTRY CREATED ON HOST"

configure rsyslog to log all messages with the debug priotity or higher to the new file name /var/log/message-debug

*.debug /var/log/messages-debug write above mentioned in the file /etc/rsyslog.d/debug.conf logger -p user.debug "Debug test" systemctl restart rsyslog tail /var/log/messages-debug --------------------------------------------------Exercise 13-2 Changing rsyslog.conf Rules 1. By default, the Apache service does not log through rsyslog but keeps its own logging. You are going to change that. To start, type yum install -y httpd to install the Apache service. 2. After installing the Apache service, open its configuration file /etc/http/conf/ httpd.conf and add the following line to it: ErrorLog syslog:local1 3. Type systemctl restart httpd. 4. Create a line in the rsyslog.conf file that will send all messages that it receives for facility local1 (which is now used by the httpd service) to the file /var/log/ httpd-error.log. To do this, include the following line: local1.error /var/log/httpd-error.log 5. Tell rsyslogd to reload its configuration, by using systemctl restart rsyslog. 6. All Apache error messages will now be written to the httpd-error.log file. 7. From the Firefox browser, go to http://localhost. As no index.html page exists yet, this will be written to the error log. 8. Create a snap-in file that logs debug messages to a specific file as well. To do this, type echo "*.debug /var/log/messages-debug"> /etc/rsyslog.d/ debug.conf. 9. Again, restart rsyslogd using systemctl restart rsyslog. 10. Use the command tail -f /var/log/messages-debug to open a trace on the newly created file. 11. Type logger -p daemon.debug "Daemon Debug Message". You'll see the debug message passing by. 12. Press Ctrl-C to close the debug log file.

lvcreate difference between -l and -L

-L option which expects size in bytes,megabytes,gigabytes. -l which expects size as number of physical extends

change the password lenght overall system

/etc/security/pwquality.conf --> here you can change the passwd lenght and other stuff related with passwd

troubleshooting selinux

1 - less /var/log/messages ( copy the sealert) 2- sealert -l uid .. 3- auserach -m AVC -ts recent

tmpfile managining. ---------------------- 1- what is the location main default tmpfile where system handles 2- where is the location of admin tmpfile 3-what name and what to write to delete in the /run/rhsa -how to run clean

1- /usr/lib/tmpfiles.d/tmp.conf ---> for the example 2-/etc/tmpfiles.d ---> you creat your file mytmp.conf 3- (i)echo "d /run/rhsa 0700 root root 30s" /etc/tmpfiles.d/mytmp.conf 3-(ii) systemd-tmpfiles --create /etc/tmpfiles/mytmp.conf 2- systemd-tmpfiles --clean /etc/tmpfiles.d/mytemp.conf | systemd-tmpfiles --create /etc/tmpfile.d/mytemp.conf

1- force user to change the password on the next login 2- display the information about user 3- expire account on 2-2-2020 4-command to expire the account and lock the command in same command. 5- asign no login shell 6- change the password policy for the consultant account to require a new pass every 15 days 7-Set the passwords to expire 180 days from the current date for all users. Use administrative rights to edit the configuration file. 8- The chown command can also be used to change group ownership of a file by preceding the group name with a colon (:). For example, the following command changes the group test_dir to admins: 9-The chown command can also be used to change both owner and group at the same time 10- how to unlock the user

1- chage -d 0 user01 2- chage -l user01 3- i- # date -d "+45 days" +%F ii # chage -E 2020-10-01 user01 4- chage -L -e 2019-0-05 user01 5- usermod -s /sbin/nologin user01 6- chage -M 15 consultant 7-Set PASS_MAX_DAYS to 180in/etc/login.defs. Use administrative rights when opening the file with the text editor. You can use the sudo vim /etc/login.defs command to perform this step. 8-chown :admins test_dir 9-chown visitor:guests test_dir #chown owner.group filename 10- usermod -U <username>

configure rsyslog - configured to have the rsyslog service write messages related to authentication and security issues to the

1- create a file /etc/rsyslog.d/auth-errors.conf authpriv.alert /var/log/auth-errors 2- systemctl restart rsyslog 3- logger -p authpriv.alert "logging test"

configure a new log file which stores all the messages related to authenticaton failure

1- create a file in /etc/rsyslog.d/auth-errors.conf authepriv.alert /var/log/auth-errors systemctl restart rsyslog 3- logger -p authpriv.alert "I LOVEU" file to have the all the configureation /etc/tbtab you will see rysylog.conf

find command: find path search option action 1- search a file 2- search the files names started with *usb 3-find files smaller than 1MB in size in the root user's home directory 4-find the files larger than +40M 5-find the file in root with the ownership set to user and owning group set to any group other than 6- to search for directories by the ame src n /usr at a maximum of two subdirectory 7- find the file in the /etc directory that were modified -mtime more than the +sign 2000 dats ago 8- find files in the /var/log directoru that have been modified (-mmin int eh past 100min

1- find . -name file01 -print 2-fine /dev -name *usb 3- find ~ -size -1M 4- find / -size +40M 5- find / daemon -not -group user1 6- find /usr -maxdepth 2 -type d -name src 7- find /etc -mtime +2000 8-find files in the /var/log -mmin -100

Resetting the Root Password

1- interupt the boot with any key add at the linux line rd.break and then control+X 2- mount -o remount,rw /sysroot 3- chroot /sysroot 4-passwd root 5-touch /.autorelabel 6-exit twice time

You will add a non-standard network port 8010 to the SELINUX policy datavase for the httpd service and confirm the addition. you will then reove the port form the policy and verify the deletion.

1- list the ports for the httpd service " semanage port -l | grep ^http_port 2- Add port 8010 witht the -type (-t) http_port_t and protocol -p tcp to the polciy " semanage port -at http_port_t -p tcp 8010 " 3-confirm the addition " semanage port -l | grep $http_port 4-delete the port " semanage port -d -p tcp 8010

make partion and mount it under /mnt/data

1- lsblk --fs /dev/vdb 2- parted /dev/vdb print 3- parted /dev/vdb mklabel msdos ----> for GPT put GPT/MBR =msdos 4-parted /dev/vdb mkpart primary xfs 2048s 1001MB 5-udevadm settle 6- lsblk --fs /dev/vdb ------ blkid 7- echo "UUID=e3db1abe-6d96-4faa-a213-b96a6f85dcc1 /archive xfs defaults 0 0" >>/etc/fstab 8- mount -a 9- sdsystemctl reboot

add ip configure in all steps

1- nmcli con show --active * nmcli dev show 2-nmcli con show 3-nmcli con add con-name "Linux-addr" ifname ens3 --type ethernet ipv4.method manual ipv4.address <IP> ipv4.gateway 4-nmcli con mod "static-addr" ipv4.dns 5-nmcli con show 6- nmcli con show --active 7-nmcli con mod "Wired conneciton 1" connection.autoconnect no 7-nmcli con up "static-addre- con-name" 7-nmcli con mod "Wired conneciton 1" connection.autoconnect no * nmcli con mod "static-ens3" ipv4.ignore-auto-dns yes *nmcli con mod "lab" +ipv4.addresses 10.0.1.1/24

Two processes on serverb are consuming a high percentage of CPU usage. Adjust each process's nice level to 10 to allow more CPU time for other processes. 1-take out the biggest consumers 2-identify the currrent nice lvevel for each of the top two CPU consumers. 3-renice to 10

1- ps aux --sort=pcpu 2-ps -o pid,pcpu,nice,comm $(pgrep sha1sum;pgrep md5sum) 3-renice -n 10 pid1 pid2

Fix the mount point problem

1- reboot and e and systemd.unit=emergency.target 2-give root pass 3-mount --> check ro on mount point 4-mount -o remount,rw / 5- mount -a ---> u will get error that mount does not exists 6-clean the /etc/fstab 7-systemctl daemon-reload

1- how to check which default target target is ... 2- swith to the multi-user target ( without rebooting) 3- boot automatically into the multi-user target 4- set the target to graphical target 5-list all the target

1- systemctl get-default 2- systemctl isolate multi-user.target 3-systemctl set-default multi-user.target 4- systemctl set-default graphical.target 5-systemctl list-units --type=target --all

1- display the status of the chronyd 2- check the chrond ps 3-sshd service is enabled to start 4-active the sshd 5-list the enabled or disabled status of all service units

1- sytemctl status chronyd 2- ps --p 680 3-systemctl is-enabled sshd 4-systemctl is-active sshd 5-sytemctl list-unit-files --type=service

1- how to zip a directory 2- how to tar the folder 3- how to uncompress .tar file 4-by bzip2 compress the file anme testfile 5-unzip bzip2 file

1- tar -zcvf archive.tar.gz /folder 2- tar -cvf archive.tar.gz /foler 3- tar -xvf archine.tar.gz 4- bzip2 testfile 5- bzip2 -d

you have a ext4 file system of 350M reduce to 250M

1- umount the filesystem - 2 reduce the FS "resize2fs /dev/mapper/VGLV01 250M " 3- lvreduce -L 250M /dev/mapper/VGLV01 250M 3- mount /dev/mapper/VGLV01 /shrink

download and install a new kernel

1- uname -r 2-rpm -qa | grep kernel 3-dnf install /tmp/kernel* -y 4-dnf list installed kernel* * /boot/grub2/grubenv has an entry with the svaed entry

shrink the ext4 filesystem

1- unmount 2- e2fsck -f /dev/mapper/XXX 3-resize2fs /dev/mapper/XXXX 50M 4-lvreduce -l 50M /dev/mapper/XXX 5-mount -a

Extending the Logical volumes

1- vgdisplay ---> to check what is the status 2-parted -s /dev/vdb mkpart primary 2500MiB 600MiB 3-udevadm settle 4-pvcreate /dev/vdb3 ( partition 3 is newly added one) 5-vgextend servera_01_vg /dev/vdb3 6-lvextend -L 700M /dev/sererva_01_vg/servera_01_lv 8- xfs_growfs /data

virtual machine activity : 1- how to list the vm 2- stop start the vm 3- check the information about the vm, storage and other information.

1- virsh list --all 2-virsh start centos7.0 3- virsh edit centos7.0

tuning: 1- install tuned 2- enable tuned 3- list all the profiles 4- active tuning profile to the balanced profile 5- confirm which profile has been activated 6- deactivate tuned daemon

1- yum install tuned ( you can confirm tuned is intalled yum list tuned 2- systemctl is-enabled tuned 3- tuned-adm list OR tuned-adm active 4-tuned-adm profile balanced 5- tuned-adm profile_info 6-tuned-adm off

install and configure VDO verify that vdo1 has deduplication and commpression formate vdo1.volume with the xfs Create three copies of the same file named /root/install.img on the vdo1 volume. Compare the statistics of the volume to verify the data deduplication and compression happening on the volume. The preceding output may vary on your system.. View the initial statistics and status of the volume using the vdostats command.

1- yum install vdo kmod-kvdo 2-vdo create --name=vdo1 --device=.dev.vdd --vdoLogicalSize-50G vdo list 3-vdo status --name=vdo1 | grep Deduplication vdo status --name=vdo1 | grep Compression 4-mkfs.xfs -K /dev/mapper/vdo1 [for ext mkfs.ext -E /dev/mapper/vdo 5-udevadm settle mkdir /mnt./vdo1 mount /dev/mapper/vdo1 /mnt/.vdo1 vdostats --human-readable UUID=ef8c...39b1 /labvdovol xfs defaults,x-systemd.requires=vdo.service 0 0 ---------o stop deduplication on a VDO volume, use the following command: # vdo disableDeduplication --name=my_vdo This stops the associated UDS index and informs the VDO volume that deduplication is no longer active. To restart deduplication on a VDO volume, use the following command: # vdo enableDeduplication --name=my_vdo This restarts the associated UDS index and informs the VDO volume that deduplication is active again.

1- where you need to create a file if you want to add into yum repo 2-create a file in your memory for repo (yum)

1-/etc/yum.repos.d 2- [rh-updates] name=ABC baseurl=http://abc.com enabled=1 gpgcheck=0

how to modifying the groups 1- modify the name of the group 2- modify the guid 3-how to delete the group 4-Create the operators supplementary group with the GID of 30000.

1-groupmod -n group0022 group02 2-groupmod -g 20000 group0022 3-groupmod -d groupname 4-groupadd -g 300000 operators

1- view hisotry of failed user login attempt 2-report recent user login attmepts

1-lastb 2-lastlog

1- how to initialize the newly create partition with swapspace 2- activate swap 3- off the swap 4-confirm the swap space 5-swapon thorught /etc/fstab

1-mkswap /dev/sdb2 2-swapon /dev/vdb2 3-swapoff /dev/vdb2 4-swapon --show 5-swapon -a

make a selinux context on /physical folder and all its underlying files

1-semanage fcontext -l --> make sure that files are having correct file context followed by restorecon 1*- ls -ldZ /var/www /physical to check what is the context 2* - semanage fcontext -a -t httpd_sys_content_t '/physical(/.*)?' 3- restorecon -RFvv /physical/ ls -ldZ ls -Z /physical ---> to check the file

NTP + More 1- time: how to set the time 2- confgirue the ch.... service .turn the time synchronization 3- check the time is synchronizing 4- how to activate the ntp 5- what is the service name chrony 6- set the time

1-tzselect OR timedatectl list-timezones | grep Jamica 2-edit /etc/chrony.conf >>> in order to set ntp server server class.com ibrust 2-timedatectl set-ntp yes 2-timedatectl 3-chronyc sources -v 4-timedatectl set-ntp yes 5-chronydtimdatectl 6- timedatectl set-time HH:MM:SS

1. stratis install and enable 2.create pool stratispool1 on /dev/vdb 3.verify it 4.expand the stratispool1 list 5- add persistently in fstab

1-yum isntall -y stratisd stratis-cli 2-stratis pool create stratispool1 /dev/vdb 3-stratis pool list 4- stratis pool add-data stratispool1 /dev/vdc 5-stratis blockdev list stratispool1 6-stratis filesystem create stratispool1 stratis-filesystem1 7-mkdir /stratisvol 8-mount /stratis/stratispool1/stratis-filesystem1 /stratisvol 9-echo "Hello World!" > /stratisvol/file1 10-dd if=/dev/urandom of=/stratisvol/file2 bs=1M count=2048 11-stratis filesystem snapshot stratispool1 stratis-filesystem1 stratis-filesystem1-snap 12- rm /stratisvol/file1 13-mkdir /stratisvol-snap 14-mount /stratis/stratispool1/stratis-filesystem1-snap \ /stratisvol-snap 15- cat /stratisvol-snap/file1 16-umount /stratisvol-snap 17-umount /stratisvol 18- stratis filesystem destroy stratispool1 stratis-filesystem1-snap 19-stratis filesystem destroy stratispool1 stratis-filesystem1 ----- UUID=a1f0b64a-4ebb-4d4e-9543-b1d79f600283 /fs1 xfs defaults,x-systemd.requires=stratisd.service 0 0 -- [root@server2 ~]# lsblk --out=UUID /stratis/stratispool/stratisfs lsblk: option '--out=UUID' is ambiguous; possibilities: '--output' '--output-all' Try 'lsblk --help' for more information. [root@server2 ~]# lsblk --output=UUID /stratis/stratispool/stratisfs UUID 986735d8-90b4-45b9-a648-1550ae96fb87 [root@server2

List available modules and streams. Look for the httpd module. Use the yum install command to install the httpd module with the 2.4 stream and the common profile.

1. yum module list 2. yum module install httpd:2.4/common

Vim 1- how to set the line numbers 2- how to copy paste the line

:set num go to the line and yy and go to the new line and do p

Automount two senarios ... 1 nfsdata mount automaticall 2- mount /users/user1 /user/user2 automatically. both are presented from master nfs server.

AUTOMOUNT 2 stpes ======= /etc/auto.master first you nee to edit the master confighuratin file (/etc/auto.master) in this file you identify the mount point from the master remote server ( for instance, /nfsdata )next on the same line you identify the name of the secondary frile, as all further configuration happens in this secondary file. the line create could looks as follow /nfsdata /etc/auto.nfsdata in the secondary file you put the name of the subdirectory that will be created in the mount point directory as a relative filename. for instance you start the line with files , to mount /nfsdata/files . after the name of he subdirectory you specify NFS mount option , as well as serer and share name to access the NFS share. Files -rw server2:/nfsdata LAB1 configuring direct and indeirect maps to mount NFS shares --------------------------------------- 1- install autofs yum install -y autofs 2-check the remote NFS master server is providing the mountpoints showmount -e server2.example.com 3- create a mapping file in /etec/auto.master /nfsdata /etc/auto.nfsdata 4- create aa file /etc/auto.nfsdata files 192.168.55.150:/data the system will create the automatically files folder and nfsdata the system will create /nfsdata automatically on the system. you need to do cd /nfsdata/files ------- mount the user directory from nfs server in /etc/export file you have entery of /users in users you have already user1 and user2 directory you have already /users exported 1- go to /etc/auto.master and add /users /etc/auto.users 2- go to the /etc/auto.users * -rw server2:/users/& systemctl autofs restart cd /users/user1 ---> to check if it is working or not ------------------------------------------------------

Selecting a different boot target at the boot time

Boot or reboot the system. 2. Interrupt the boot loader menu countdown by pressing any key (except Enter which would initiate a normal boot). 3. Move the cursor to the kernel entry that you want to start. 4. Press e to edit the current entry. 5. Move the cursor to the line that starts with linux. This is the kernel command line. 6. Append systemd.unit=target.target. For example, systemd.unit=emergency.target. 7. Press Ctrl+x to boot with these changes.

g+s (sgid

Effects on file : File executes as the group that owns the file. Files newly created in the directory have their group owner set to match the group owner of the directory.

semanage command not found which utils needs to install

SELinux contexts, install the policycoreutil package and the policycoreutil-python package if needed

what is the execute and read and write permission : numerical

execute =1 read = 4 write = 2

special permissions

Setting Special Permissions • Symbolically: setuid = u+s; setgid = g+s; sticky = o+t • Numerically (fourth preceding digit): setuid = 4; setgid = 2; sticky = 1ls

Setting Special Permissions

Symbolically: setuid = u+s; setgid = g+s; sticky = o+t Numerically (fourth preceding digit): setuid = 4; setgid = 2; sticky = 1 g-s --> to reomve Examples Add the setgid bit on directory: [user@host ~]# chmod g+s directory Set the setgid bit and add read/write/execute permissions for user and group, with no access for others, on directory: [user@host ~]# chmod 2770 directory

how to add the sudoers group and give access

To enable sudo access to the group named gourp01 echo /etc/sudoers.d/group01 >> %group01 ALL=(ALL) AL

change the letter in vi from a file

Type :%s/ox/OX/g.

enteries of swap space in /etc/fstab

UUID=af30cbb0-3866-466a-825a-58889a49ef33 swap swap defaults 0 0 UUID=39e2667a-9458-42fe-9665-c5c854605881 swap swap pri=4 0 0 UUID=fbd7fa60-b781-44a8-961b-37ac3ef572bf swap swap pri=10 0 0

On serverb configure a software repository to obtain updates. Name the repository as errata and configure the repository in the /etc/yum.repos.d/errata.repo file. It should access http://content.example.com/rhel8.0/x86_64/rhcsa-practice/errata. Do not check GPG signatures.

[errata] name=Red Hat Updates baseurl=http://content.example.com/rhel8.0/x86_64/rhcsa-practice/errata enabled=1 gpgcheck=0 /etcx/yum.repos.d/errata.repo

how to control the user access for at and corn

at.allow /at.denay/cron.allow/cron.deny just enter the username here per line.

configuring password ageing

chage command will do this: m=maximum, W warning, I inactivity

configure rsyslog to write specific logs to message to a new file

check systemctl status rsyslog 1- create a file /etc/rsyslog.d/debug.conf *debug /var/log/messages 2- systemctl restart rsyslog 3- send test message logger -p user.debug " WE ARE THE AVENGERS"

how to change the group ownership of the file

chgrp admingroup /data

Set the setgid bit and add read/write/execute permissions for user and group, with no access for others, on directory:

chmod 2770

Use the chmod command to set the group permission for the /home/techdocs directory. On the /home/techdocs directory, configure setgid (2), read/write/execute permissions (7) for the owner/user and group, and no permissions (0) for other users.

chmod 2770 /home/tecdocs

add a setgid bit on the directory

chmod g+s folder

Give the owner rx permissions deny rwx permission for group, others give write permission to the group give execute permission to everybody ok to combin like this with a comma

chmod u=rx file chmod go-rwx file chmod g+w file chmod a+x file1 file2 chmod g+rx,o+x file

how to add into sudoers user how to setup sudo for a user

echo /etc/sudoers.d/user01 >> user01 ALL=(ALL) ALL you can do like this....OR in the file user20 ALL=(ALL) NOPASSWD:ALL usermod -aG wheel user visudo --> %wheel ALL=(ALL) ALL

how to modify the prompt

export PS1="< $LOGNAME on $ (hostname) in \ $PWD"

find a file which are more than 100M

find / -type f -size +!00M

find files of user alex and redirect to the file name tt

find / -user alex -type f >> /home/alex/tt

find and copy files of harry to /opt/dir

find / -user harry -exec cp -rfp {} /opt/dir/ \;

find all the files which are related by user lind

find / -user linda

find out files owned by vagrant and copy them to directory /tmp

find / -user vagrant -exec cp -a {} /tmp/ \;

find all the files owned by vagrant and cpy to /tmp/vagrantfiles

find / -user vagrant -exec cp -a {} /tmp/vagrantfiles \;

find the file +10k

find /etc -size 10k -exec cp {} /tmp/findfiles \;

find files which are older than 720 days and move them to the /root/oldfiles

find /etc/ -maxdepth 1 -mtime +720 > /root/oldfiles

how to check all the firewall how to check all the default services how to open the service into the firewall rules how to open the service into the firewall permanently how to install firewall-config -graphical

firewall-cmd --list-all firewall-cmd --get-services firewall-cmd --add-service ftp --this will change runtime only firewall-cmd --add-service ftp --permanently firewall-cmd --list-all yum intall firewall-config

how to check seboolean how to set the seboolean permanently

getsebool -a | grep home OR getsebool -a setsebool -P httpd_enable_omedirs on

How to add a nameserver

go to /etc/resolve.conf

how to reserve the system journal storaing the system journal permanently

go to /etc/systemd/jounald.conf and uncomment the #Stroage and changed to Stroage=persistent systemctl restart systemd-journald now check in ls /var/log/journal here should be a file journalctl -b 2 --> second boot entry ournalctl -b ----> current system boot

how to remove a user from the group

gpasswd -d user group

how to remove user from group

gpasswd -d username groupname

how to create a group with the specific group. nomally it takes according to the /etc/login.defs

groupadd -g 10000 groupname groupadd -g <GUID> groupname

Access the boot loader by rebooting workstation again. From within the boot loader menu, boot into the rescue target.

interrupt > Linux > end > at end "systemd.unit=rescue.target

show link statistics how to check the routes trace path

ip -s link show ens3 ip route /ip -6 route tracepath access.redhat.com

how to add a chronyd into the firewall

itwill be the port firewall-cmd --zone-public --add-port=123/udp

display the last 10 enteries of journaltctl similar like tail -f do what journalctl do what journalctl understand user journalctl to list all the enteries from todaa last one hours how to check the warning Display all log events recorded in the past 10 minutes from the current time on servera use the unit and get the logs from jounalctl

journalctl -n 5 hournaltctl -f and control +C to get out debug, info, notice,warning, err, crit,alert and emerg journalctl --since today journalctl --since tomorrow /yesterday journalctl --since "2019-02-10 20:30:00" \ --until "2019-02-13 12:00:00" journalctl --since "-1 hour" journalctl -p warning journalctl --since "-10min" journalctl --since 9:00:00 _SYSTEMD_UNIT="sshd.service"

make a hard link ; named /abc/tt for file name /dev make a soft link : /home/tempdir for the file name /tmp

ln /dev /abc/tt ln -s /tmp /home/tempdir

change the kernal module cdrom and ext4

lsmod | less --> to check the online modinfo ext4 modprobe -r ext4 --------------------------- modprobe cdrom modprobe cdrom debug=1 modinfo cdrom

logical volume create command

lvcreate -n <name> -L 3G <name vgroup>

extend the partition

lvextend -L +200M /dev/RHCSA/pinehead

How to possible to set up sudo to allow a user to run commands as another user without entering their password:

make a file in /etc/sudoers directory. add a file of username ansible add ansible ALL=(ALL) NOPASSWD: ALL

on client command to mount smb

mount -t cifs //ip/share /mnt/smb -o username=xyz,password=bvr

mount local iso image on the system

mount -t iso9660 -o loop path/to/image.iso /mnt/iso /etc/fstab /root/CentOS-7-x86_64-NetInstall-2003.iso /mnt/cdrom iso9660 loop,ro,auto 0 0 mount /dev/sr0 /mnt/cdrom ---> first mount in vmware and then its in

on client command to mount nfs

mount -t nfs <ipaddressofthenfs.server>:/nfs /mnt/nfs

network attached storage with NFS nfsconf tool to configure /etc/nfs.conf to enable NFS client to work in version 4.X only and to ensurethat TCP mode is enabled and UDP mode is disabled

nfsconf --set nfsd udp n nfsconf --set nfsd vers2 n nfsconf --set nfsd vers3 n --- nfsconf --set nfsd tcp y nfsconf --set nfsd vers4 y nfsconf --set nfsd vers4.0 y nfsconf --set nfsd vers4.1 y mkdir /public mount -t nfs serverb.lab.example.com:/shares/public /public ls -l /public mount | grep public fstab entry serverb.lab.example.com:/shares/public /public nfs rw,sync 0 0 mount -a systemctl reboot ---------------------------------------------- OR sandar /etc/fstab 192.168.2.3:/nfs /mnt/nfs nfs _netdev 0 0

modify the ip address

nmcli

o+t (sticky)

no effect on files Users with write access to the directory can only remove files that they own; they cannot remove or force saves to files owned by other users.

how to create lvm partition on /dev/sdb with MBR disk label

parted -s /dev/sdb mklabel msdos parted -s /dev/sdb mkpart primary 2048s 2G parted -s /dev/sdb set 1 lvm on --> 1 is partition numnber pvcreate /dev/sdb vgcreate RHCSA /dev/sdb lvcreate -n pinhead -L 100MB RHCSA

how to delete the partition

parted /dev/vdb print rm 1 q

command to check the process and all the informations

ps axo pid,comm,nice,cls --sort=-nice

how to check the process tree

pstree -p ali %2

create a volume group and set 8M as a extends . then device a volume group containing 50 extends on volume group lv share .

pvcreate /dev/sdb vgcreate -s 8M vg1 /dev/sdb lvcreate -n lvshare -l 50 vg1 mkfs.ext4 /dev/mapper/vg01... uuid= /mnt/ ext4 defaults 0 0 mount -a

how to run the sealert repo

sealert -a /var/log/audit/audit.log

selinux alert how to generate

sealert -a /var/log/audit/sudit.log

create a file context rule that sets the default type to ....

semanage fcontext -a -t httpd_sys_content_t '/lab-content(/.*)?' restorecon -R /lab-content/

how to delete the ACL enteries set

setfacl -x u:user200 acliuser1 setfacl -b acluser1 ----> deletes the ACLs

add ip nmcli

sudo nmcli con add con-name "static-addr" ifname enX \ type ethernet ipv4.method manual \ ipv4.address 172.25.250.10/24 ipv4.gateway 172.25.250.254

how to restart the network in redhat 8

sudo nmcli networking off sudo nmcli networking on dont run remotly

how to set the default target

systemctl get-default target systemctl set-default <emergency.target systemctl set-default multi-user.target

verifying the specific state of the service

systemctl is-active sshd.service

1- check the servic e is enabled after boot disable after the boot

systemctl is-enabled chronyd systemctl disable chronyd

verfiy whether a service unit is enabled to start automatically during th boot

systemctl is-enabled sshd.service

how to switch to the new target at runtime

systemctl isolate <embergency.target>

how to set the default target

systemctl lis

how to check the dependencies of the service unit

systemctl list-dependencies

how to list the dependencies

systemctl list-dependencies sshd.service

do display all the unitfiles services with the status

systemctl list-unit-files --type=service

to list the availbale loaded target units list the default target

systemctl list-units --type target systemctl get-default

how to check the that how many taget units targets set the new trget graphical check the current target

systemctl list-units --type target systemctl set-default graphical.target systemctl get-default systemctl set-default multi-user.target

List all service units installed on servera.

systemctl list-units --type=service

listing a service units installed on the server

systemctl list-units --type=service --all

List all socket units, active and inactive on servera

systemctl list-units --type=socket --all systemctl list-units --type=service systemctl list-units-files --type=service

list the enabled or disabled states of all service units

systemctl list-units -files --type=services

how to mask a service

systemctl mask sendmail.service systemctl unmask sendmail.service

how to boot server in emergency mode

systemd.unit=emergency.target

File execute as the user that owns the file , not the user that ran the file file executes as the group that owns the files users cannot remove the other files owned by other users.

u+s no affects on directory g+s on files. executes as the group that owns the files :Files newly created in the directory have their group owner set to match the group owner of the directory o+t files not affect : Users with write access to the directory can only remove files that they own; they cannot remove or force saves to files owned by other users.

sealert not installed

yum install setroubleshoot setools

install module python36

yum module list python36 yum list python36 yum module remove python36

add a new repo with commandline

yum-config-manager --add-repo "http://redhat.com" and dont forget to add the gpgcheck=0

which is the tile to change the umask

~/mk.bashrc


Ensembles d'études connexes

Ethics Ch 4,5,6, Ethics Final- Ch 7-10

View Set