My notes on RedHat Certified System Administrator (RHCSA) EX200V8 Exam
Below are my notes on RHCSA EX200V8 exam objectives that I researched and collected from multi online sources when I was preparing to take my EX200V8 . it may help you get an idea of what is waiting for you .
Understand and use essential tools
Access a shell prompt and issue commands with correct syntax
# system has 6 virtual console we can switch between them using ctrl + alt + f1 to f6. you can also use chvt 2 to change to virtual console number 2
# tty1 is for gui if installed and the other are for terminal based consoles.
# ctrl + a => go to the start of the command line
# ctrl + e => go to the end of the command line
# ctrl + r => search history backward
# ctrl + l => clear screen
# !3 => runs 3rd command from history list
# ^foo^bar => replace foo with bar in last command
# everything in .bash_logout file will executed on logout
# everything in .bash_profile file will be executed on login
# to enter into login shell through su
su -
Use input-output redirection (>, >>, |, 2>, etc.)
# we have three channels 1 for STDOUT, 2 for STDERR, 3 for STDIN
# we can redirect channel 2 to 1 using this trick
find /etc/ -name 'passwd' > /dev/null 2>&1
find /etc/ -name 'passwd' &> /dev/null
# to read multi lines use
cat <<EOF
Test
Multi-line sentence
EOF
# this means we are redirecting error output to standard output where we can to send it somewhere else later on.
notfoundcommand 2>&1
Use grep and regular expressions to analyze text
# * => match 0 or more of Any character
# ? => match only 1 character
# [A-D] => match from A to D
# [^A-D] => don't match any char with A B C D
# this will grep all lines that start with #
grep '^#' /etc/ssh/sshd_config
# this will grep all lines that end with .
grep '.$' /etc/ssh/sshd_config
Access remote systems using SSH
# run command on remote system directly
ssh root@192.168.0.1 host
Log in and switch users in multiuser targets
# we can switch from terminal to GUI using this command
systemctl set-default graphical.target
systemctl isolate graphical.target
# we can switch back to terminal based console
systemctl set-default multi-user.target
systemctl isolate multi-user.target
Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2
# list tar contents
tar -tf archive.tar
# list differences between tar and current directory files
tar -dvf archive.tar
# tar with gzip
tar -cvzf archive.tar.gz directory1 file1
# tar with bzip2
tar -cvjf archive.tar.bz2 directory1 file1
# extract files
tar -xvf archive.tar
# using star to extract you can have safer approach by not overwriting files which is newer than archive
star -x -f=archive.tar
Create and edit text files
# Command mode tips
# to copy full line navigate to needed line and press yy and press p to paste it
# to cut full line navigate to needed line and press dd and press p to paste it.
# to cut 3 lines press 3 then dd.
# type line number and press G goes to that line. while pressing G directly goes to bottom line.
# u to undo.
# :%s/word/hello/g replaces word with hello in whole file.
# !ls /etc/ execute ls on /etc/ folder while still in vi .
# ZZ saves and exit
# :wq saves and quit
Create, delete, copy, and move files and directories
# delete file
rm /path/to/file
# delete folder
rm -r /path/to/folder
# this remove 3 files
rm -rf {file1,file2,file3}
# copy file
cp /path/to/source /path/to/destination
# copy folder
cp -r /path/to/source/folder /path/to/destination/folder
# this copy 3 files to /home user
cp {file1,file2,file3} /home/user
# move file/folder
mv /source/of/file/or/folder /destination/of/new/file/or/folder
# to rename file/folder
mv old/file/or/folder/name new/file/or/folder/name
# this move 3 files to /home user
mv {file1,file2,file3} /home/user
# this create 3 files
touch {file1,file2,file3}
Create hard and soft links
# you can create soft links to files/folder
ln -s /source/of/file/or/folder /destination/of/file/or/folder
# if you remove the source file the create soft link will be invalid
# you can create hard link to files only
ln /source/of/file /destination/of/folder
# hard link will increase number of links pointed to that file inode. which means that if the original file is removed the hard link will be the new original file
List, set, and change standard ugo/rwx permissions
# Symbolic to numerical fast conversation
# consider this basic permissions
-rw-|rw-|r--|.
-421|421|421|.
# you need to imagine every 3 bits --- and replace it with 421 if one of those bits has r,w,x then sum the 421 of those bits and you get the number of that permission so for above example
-rw-|rw-|r--|.
-421|421|421|.
-6|6|4 <-- that is our numerical permission
# Special permissions
# there are 3 special permissions we can set on file and they are
chmod u+s,g+s,o+t file
# user setuid means the program will always execute as the owner of file (for example sudo will always runs as root because it has u+s), sgid on folders means all files in folder will inherit the group of that folder and if sgid is set on file it will be executed as that group, there is also o+t which means it a stick bit if set on folders or files it prevent users from deleting that if they don't own it (because delete don't require write permission) .
# you can set special permissions numerically by imagining these 3 bits
-rwS|rws|r-t|.
-4|2|1
-7674 <- that is our numerical permissions along with special bits
# please notice that if S is capital it means it has no execute permission if s is small it means it has execute permission .
# default permissions are based on umask to find out how is that calculated consider default permissions for file 0666 and for folders 0777. now if our umask is 0022 then we substract the umask from the default values above. we will get 0644 for files and 0755 for folders and those are default permissions .
Locate, read, and use system documentation including man, info, and files in /usr/share/doc
# update man db after you install new 3rd party program using
mandb
# display all available man sections to specific command
whatis crontab | man -f crontab
# display all available man sections and related docs to specific word
apropos corntab | man -k crontab
# new modern man alternative
info | pinfo
Create simple shell scripts
Conditionally execute code (use of: if, test, [], etc.)
# test if file exits
if [ -f '/etc/passwd' ]; then
echo 'yes it exists'
fi
# check if program exited without errors
if [ $? -eq 0 ]; then
echo 'program exited without errors';
fi
# or you can run command directly and get its exit code
if ! grep $USER /etc/passwd; then
echo "your use is not managed locally";
fi
# or you can use test
Use Looping constructs (for, etc.) to process file, command line input
# create a loop from files in directory
for i in `ls /home/user`;do
# print content of files to stdout
cat $i;
done
Process script inputs ($1, $2, etc.)
# if you run script like this
./script.sh foo bar
# then you can use $1 for foo and $2 for bar inside your shell script
Processing output of shell commands within a script
# type a command then loop through its output or check its output with if statement .
Processing shell command exit codes
# default none-error exit code is 0, you can change that by specifying
exit 1;
exit 255;
# you can inquire on exit code using this var
echo $?
Operate running systems
Boot, reboot, and shut down a system normally
# boot from power button
# to shutdown
systemctl poweroff
# to reboot
systemctl reboot
Boot systems into different targets manually
# we can switch to different target using isolate
# GUI
systemctl isolate graphical.target
# CLI
systemctl isolate multi-user.target
# Rescue mode
systemctl isolate rescue.target
Interrupt the boot process in order to gain access to a system
# on boot menu press e to grub
# edit command starting with linux before last line and press ctrl + e for the end of line and add rd.break
# press ctrl + x to boot
# once booted up check mount command you will see that your root disk is mounted on /sysroot with read-only mode execute this
mount -o remount,rw /sysroot
# chroot it
chroot /sysroot
# then change password
passwd root
# once done ask selinux to relabel filesystem by
touch /.autorelabel
# then exit from chroot
# then exit from rd.break
Identify CPU/memory intensive processes and kill processes
# use top/htop
# or ps aux to find a process doing nasty stuff
# to kill process
kill -9 PID
Adjust process scheduling
# in linux we can set priorities to currently running processes, its nice and its ranging from -20 (highest priority) to 20 (lowest priority) while 0 is default priority we can set nice for processes from root using a few tools like
top (use r to renice PID)
nice -n -10 "command args"
# you can also renice a specific group or user using
renice -n -10 -g group
renice -n -10 -u user
Manage tuning profiles
# you can use tuned-adm to find out recommended profile for system performance
# memorize tuned-adm and use its help
Locate and interpret system log files and journals
# system log everything here through rsyslog
/var/log/messages
Preserve system journals
# to make journalctl logs persistent on server disk you need to create /var/log/journal and execute
journalctl --flush
Start, stop, and check the status of network services
systemctl start NetworkManager
systemctl stop NetworkManager
systecmtl status NetworkManager
Securely transfer files between systems
# we can copy files from local to remote host and vice versa using
scp /home/files root@192.168.0.1:/home/files
Configure local storage
List, create, delete partitions on MBR and GPT disks
fdisk -l
gdisk -l
Create and remove physical volumes
fdisk /dev/sda
# follow onscreen help using m command
gdisk /dev/sda
# follow onscreen help using ? command
Assign physical volumes to volume groups
pvcreate /dev/sda /dev/sdb
vgcreate VolumeGroup /dev/sda /dev/sdb
Create and delete logical volumes
# Create logical volume
lvcreate -n lv01 -L20G VolumeGroup
# rmeove logical volume
lvremove /dev/VolumeGroup/lv01
Configure systems to mount file systems at boot by universally unique ID (UUID) or label
# use blkid --output=uuid, copy that and add it to fstab
UUID=uuid-here /mountpoiunt fstype defaults 0 0
Add new partitions and logical volumes, and swap to a system non-destructively
# create new partition through fdisk/gdisk
# let the system re-read your partition table
partprobe /dev/sdb
# create LVM vg
vgcreate /dev/sdb1
# create swap lv
lvcreate -n swap -L4G vg
# make swap partition
mkdswap /dev/vg/swap
# run the swap
swapon /dev/vg/swap
# make it persistent in /etc/fstab
UUID=UUID-HERE none swap defaults 0 0
Create and configure file systems
Create, mount, unmount, and use vfat, ext4, and xfs file systems
fdisk /dev/sdb
# follow on screen help to create partitions
partprobe /dev/sdb
mkfs.vfat /dev/sdb1
mkfs.ext4 /dev/sdb2
mkfs.xfs /dev/sdb3
blkid --output=uuid /dev/{sdb1|sdb2|sdb3}
# add those uuids to /etc/fstab
# you can mount those partitions using mount
# then you can cat /etc/mtab to get a ready to use line in fstab
Mount and unmount network file systems using NFS
# for nfs we need nfs-utils
showmount -e hostname
# to mount nfs
mount hostname:/folder /mnt/folder
# to make it persistent edit /etc/fstab add
hostname:/folder /mnt/folder nfs defaults,bg 0 0
# for cifs we need cifs-utils for mounting and smbclient for debugging
# discover samba as anonymous with
smbclient -L hostname -N
# with credentials
smbclient -L hostname -U samba -W domain
# create /root/credentials.smb file and add
username=user
domain=domain
password=password
mount //hostname/folder /mnt -o credentials=/root/credentials.smb
# to make /etc/fstab
//hostname/folder /mnt cifs defaults,bg,credentials=/root/credentials.smb 0 0
AutoFS mounter
# let's assume we want to put a specific user homes on nfs server and want our client server watch those home directories and mount nfs for each user logining in
# first let's make our /nfshomes
mkdir /nfshomes
# create /etc/auto.master.d/nfshomes.autofs and add
/nfshomes /etc/auto.nfshomes
# then create /etc/auto.nfshomes and add
* -rw,sync hostname:/nfs-folder/&
# restart autofs
systemctl autofs restart
# then try to add user with custom home folder in /nfshomes
useradd -M -d /nfshomes/user1 user1
Extend existing logical volumes
# add the new drive
pvcreate /dev/sdc
# extend volume group
vgextend VolumeGroup /dev/sdc
# extend logical volume
lveresize /dev/VolumeGroup/lv01 -L+4G
Create and configure set-GID directories for collaboration
# in Linux we have a special permission called SGID which can be used on folders and that will inherit the group owner to all files added to that folder
# you can add sgid uding this
chown :team /path/to/folder
chmod 770 /path/to/folder
chmod g+s /path/to/folder
# this will let all users in that specific group to access remove contents in that folder.
Configure disk compression
yum install vdo kmod-kvdo
vdo create --name=vdodev --device=/dev/sda --vdoLogicalSize=512000
mkfs.xfs /dev/mapper/vdo
mount /dev/mapper/vdo /mnt/vdo
# edit fstab
UUID=some-uuid-here /mnt/vdo xfs defaults,x-systemd.requires=vdo.service 0 0
Manage layered storage
# using stratisd
yum install stratisd stratis-cli
# create pool from our available devices
stratis pool create mypool /dev/sda /dev/sdc
# create filesystem on our stratis pool
stratis filesystem create mypool data
# mount it
mount /statis/mypool/data /mnt/stratis
# make it persistent in /etc/fstab
# use lsblk to find uuid
lsblk --output=uuid /stratis/mypool/fs
# copy out put of this command
cat /etc/mtab | grep mnt\/stratis
# replace device with above uuid and add this to /etc/fstab
UUID=9b6d188a92b146de9c9be2da777dc8a4 /mnt xfs defaults,x-systemd.requires=stratisd.service 0 0
# you can create new snapshot
stratis filesystem snapshot mypool data data-snapshot
# then mount it
mount /stratis/mypool/data-snapshot /mnt/stratis-snapshot
Deploy, configure, and maintain systems
Schedule tasks using at and cron
# you can cat /etc/crontab to get a nice clarficiation of every field in crontab
# edit crons
crontab -e
# edit crontab of specific user
crontab -e -u user
# you can create bash files in /etc/cron.hourly or daily or monthly.
# you can create special crontab config files in /etc/cron.d but you will need to specifiy user before command field
# you can man at for more information on how to use it
Start and stop services and configure services to start automatically at boot
# to start a service
systemctl start service
# to stop a service
systemctl stop service
# to reload a service
systemctl reload service
# to check service status
systemctl status service
# to start service on boot
systemctl enable sshd.service
# to list units
systemctl list-units
Configure systems to boot into a specific target automatically
# to set default target
# if you want set GUI as default
systemctl set-default grpahical.target
# if you want to set CLI as default
systemctl set-default multi-user.target
Configure time service clients
# install chrony ntp server/client
yum install chrony ntpstat
# to list sources
chronyc sources
# to sync time with ntp server
chronyc makestep
# to add new ntp server edit /etc/chrony.conf
Install and update software packages from Red Hat Network, a remote repository, or from the local file system
# to search for package
yum search package-name
# to install package
yum install package-name
# to install from rpm file
rpm -i package-file-name.rpm
Work with package module streams
# to list avialble package modules streams
yum module list php
# you can enable a specific stream and profile using
yum module enable php:7.4/devel
Modify the system bootloader
# to edit grub file
vi /etc/default/grub
# then
grub-mkdconfig > /etc/grub2-efi.cfg
Manage basic networking
Configure IPv4 and IPv6 addresses
# you can use nmtui for text based configuration tool
# or you can edit config files directly
vi /etc/sysconfig/network-scripts/ifcfg-eth0.conf
# to reload config
systemctl restart NetworkManager
Configure network services to start automatically at boot
systemctl enable NetworkManager.service
Restrict network access using firewall-cmd/firewall
firewalld-cmd --set-default-zone=block
Manage users and groups
Create, delete, and modify local user accounts
# create user
useradd username
# delete user
userdel -r username
# modify user
usermod username
Change passwords and adjust password aging for local user accounts
# change user password
passwd username
# modify password aging interactively
chage username
Create, delete, and modify local groups and group memberships
# to create new group
groupadd groupname
# to delete group
groupdel groupname
# to modify group
groupmod groupname
Configure superuser access
# install sudo
yum install sudo
# add your normal user to wheel group
useradd username -G wheel
# to gain superuser access just do
sudo command
Manage security
Configure firewall settings using firewall-cmd/firewalld
# to list all rules
firewall-cmd --list-all
# to change default zone
firewall-cmd --set-default-zone=block
# to whitelist service in current active zone
firewall-cmd --add-service=http
# to whitelist a specific port on tcp
firewall-cmd --add-port=8080/tcp
# to make all rules permanent
firewall-cmd --runtime-to-permanent
Create and use file access control lists
# this will give more detailed permissions
getfacl file
# Granting an additional user read/write/execute access
setfacl -m u:lisa:rwx g:lisa:rwx file
# You can set filter mask
setfacl -m m::rw file
# Removing a named group entry from a file's ACL
setfacl -x g:staff file
# removing all acls from file
setfacl -b file
# default acls are set on folders only, files will never get default acls .
setfacl -d u:lisa
Configure key-based authentication for SSH
# to generate ssh key pairs
ssh-keygen -t rsa
# install ssh public-key to remote system
ssh-copy-id root@192.168.0.1
Set enforcing and permissive modes for SELinux
# to set permissive mode temporarily
setenforce 0
# to set encoforcing mode temporarily
setenforce 1
# to change mode permanently
vi /etc/selinux/config
List and identify SELinux file and process context
# to lise selinux context use -Z in normal ls
ls -alZ
# to list processes contexts add Z to normal ps
ps auxZ
Restore default file contexts
restorecon /path/to/file
Use boolean settings to modify system SELinux settings
# to list available booleans
semanage boolean --list
# mix that with grep to get what available booleans
# to set specific boolean to on
semanage boolean -m zabbix_can_network --on
# to set specific boolean to off
semanage boolean -m zabbix_can_network --off
Diagnose and address routine SELinux policy violations
yum install setroubleshoot
# watch /var/log/messages and /var/log/audit/audit.log for any violations and possible fixes
Manage containers
Find and retrieve container images from a remote registry
# to install necessary tools to manage containers
yum module install container-tools
# to search for image
podman search ubi7
# to pull image
podman pull registry.access.redhat.com/ubi7/ubi
Inspect container images
skopeo inspect docker://registry.access.redhat.com/ubi7/ubi
Perform container management using commands such as podman and skopeo
# check manpages of both commands and act accordingly
Perform basic container management such as running, starting, stopping, and listing running containers
# to list available images
podman image list
# to run command from image
podman run ubi7/ubi cat /etc/redhat-release
# to run container and interact with it
podman run -it ubi7/ubi
# to run container in background
podman run -d ubi7/ubi
# to list running containers
podman ps
# to stop container
podman stop container-id
Run a service inside a container
# pull httpd image and run it
Configure a container to start automatically as a systemd service
# login as user
mkdir ~/web-data
echo "Test data" > ~/web-data/index.html
podman run -d --name web_server -p 8000:8000 -v ~/web-data:/var/www/html:Z registry.access.redhat.com/rhscl/httpd-24-rhel7
mkdir -p .config/systemd/user
podman generate systemd --name web_server --files --new
loginctl enable-linger
# remove created podman container
podman stop web_server
podman rm web_server
# enable container systemd service
systemctl --user enable container-web_server.service --now
# then reboot to verify everything .
Attach persistent storage to a container
# here is a scenario to run httpd container on port 8080 with mounted filesystem
podman search httpd
podman pull registry.access.redhat.com/rhscl/httpd-24-rhel7
mkdir ~/web-data
echo "Test data" > ~/web-data/index.html
podman run -d --name httpd-container -p 8080:8080 -v ~/web-data:/var/www/html:Z rhscl/httpd-24-rhel7
Comments
Post a Comment