Redhat Cert Guide - RHCSA

-UGO, User, Group,Other

-umask - defines the permission for the creation of files and directories
-read r 4
write w 2
execute x 1
-chmod 666 - (4+2)=6
virt-clone
-To clone a vm use:
ex: virt-clone --prompt
-Shutdown the VM to be cloned first before trying to clone it.
SELinux
-Security Enhanced Linux (SELinux)
-Three different modes:(Enforcing/Permissive/Disabled)
-sestatus:determine what the current status of the system is
-The file_contexts file is located :/etc/selinux/targeted/contexts/files/file_contexts
-A . after the last permission indicates SELinux configuration
-Developed by the U.S. National Security Agency
-Three different contexts of (Subjects, objects, Actions)
regex
-[] matches anything inside the brackets - - matches a range - ^ find lines that
only begin with a given string - $ find lines that only end with a given string - .
find any character in its position - () combines multiple patterns - | finds left or
right values and good when combined with ()
cut
-divides string or a line
uniq
-List all unique lines in a file or a command output
Installation
-Client01, has 384mb of ram -Registering with Redhat not necessary -eth01 dhcp
setup -eth02 static setup -Allow the ssh service -SELinux select "enforcing"
-Create user01 account with strong password -After installation is complete login
and "su -" to root -Root's home directory should exist three log files anacondaks.cfg, install.log, install.log.syslog -anaconda-ks.cfg , kickstart setup file
-install.log, list of packages installed -install.log.syslog, list of messages during
the installation process
System Initialization
-1:BIOS, Basic Input/Output System -2:POST, Power On Self Test -3:Peripherials
are loaded -4:BIOS looks for the boot device and passes control to it. -5:Boot
device has the MBR, master boot record which starts the sytem via the
bootloader -6:GRUB, grand unified bootloader loades the kernel that is labeled
default -7:The kernel starts the init process which starts the whole system

The Boot Process

-GRUB bootloader, (GRand Unified Boatlader) -Capable of multboot of different
kernels and Operating systems -Once GRUB loads the kernel it passes control to
the kernel -Kernel initializes and configures the computer\'s hardware -Boot
process logs are in the /var/log/dmesg file -Once the drivers are in place the
kernel calls the /sbin/init process or program -The command \"lsmod\" used to
help troubleshoot hardware problems -Rhel6 uses \"Upstart\" for the boot
sequence for quicker time -Rhel5 uses the SysV init scripts -Init program is the
first process the kernel starts or calls -The init program reads the /etc/inittab to
determine what needs to start and when -The inittab file describes the initial
runlevel and the system initialization script (/etc/rc.d/rc.sysinit) -The rc.sysinit
script runs to setup the environment after the inittab file is read and passes the
runlevel to rc.sysinit -rc.sysinit runs all the scripts in the folder for the runlevel
passed to it from rc.sysinit in the /etc/rc.d/rc#.d folder
Upstart
-Its event based instead of sequential like sysVinit
-Console Services and displays and runlevel at start
Grub
-GRand Unified Bootloader
-Grub Stage1 is the code that resides in the Master Boot Record(MBR) looking for
the active partition to boot -Grub Stage1.5 is the loading of the loader to identfy
the File system type -Grub Stage2 is is called and trys to load the kernel into
memory. This is the stage where the boot menu for Grub presents various
options for booting
Virtualization Types
-Application-Level:wine
-Platform-Level:Virtualbox, Vmware
-Paravirtualization: Similar to Platform-level but uses few resources and has
specialized kernel (Xen)
*KVM replaces Xen and calleda Hypervisor
PXE
-Pre-boot eXecution Environment
UEFI
Unified Extensible Framework Interface
-A software interface between the operating system and the platform firmware
dd
-Disk Druid
Hard Disks
-Limited to 4
-Extend the last primary
-Logical partitions after extended partition
RAID
-Redundant Array of Independent Disks
rhn_register

Registering you copy of the software if a valid subscription is available

Iptables
-/etc/sysconfig/iptables: location of the config file
Ex: -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
sysctl.conf
-Ex: net.ipv4.ip_forward=1
-Ex:/proc/sys/net/ipv4/ip_forward
-To update changes use: sysctl -p
Web Server
-location of Apache html files:/var/www/html
-Configuration files: /etc/httpd/conf/httpd.conf
Chcon
-Change file SELinux security context
--reference=/var/www/html applies the security context from this directory
- chcon -R -t public_content_t /var/ftp/ applies the the type of public_content_t
to the directory
vsftp
-/var/ftp/pub location of files
-/etc/vsftp location of the configuration files -use the lftp command to connect
virtualization
-virt-v2v convert Xen or Vmware format. -Check loaded modules ex:lsmod |grep
kvm -Check for svm or vmx in ex: /proc/cpuinfo -Install module ex:modprobe kvm
Virtual Images
-The location is : /var/lib/libvirt/images
-The image XML files: /etc/libvirt/qemu
-Changes to the XML file isn't used until:
/etc/init.d/libvirtd is reloaded or restarted
QEMU
quick emulator
Hypervisor Network Interfaces
-Bridge is the binding of a physical and a virtual interface
-Bond is when two or more interface are connect to form one interface
-Ethernet is a virtual interface as a bridge
-Vlan is the connection of a real or virtual interface to a VM system
virt-manager
-This is the command line version to open the virtual machine manager or
VMM/Hypervisor
virt-install
-The option that is similar to vmm is
:virt-install --prompt

virsh
-To stop a vm using the following:
ex:virsh destroy <vm name>
-List all configured VMs: ex:virsh autostart <vm name>
ex: virsh list --all
-To autostart the vm :
remove a vm
-Stop the vm : virsh destroy <vm name>
-Remove the XML: rm /etc/libvirt/qemu/<name>.xml
-Remove image: rm /var/lib/libvirt/images/<name>.img
-Restart libvirtd : /etc/init.d/libvirtd restart
install vm with kickstart
-virt-install -n server3.example.com -r 2048 --disk
path=/var/lib/libvirt/images/server3.example.com,size=8 -l
ftp://192.168.122.1/pub/inst -x "ks=ftp://192.168.122.1/pub/ks.cfg"
Kickstart
-Template is the anaconda-ks.cfg file located in /root directory
-Another way to config kickstart is
ex:system-config-kickstart
-At boot you can TAB and add the ks= option at the end of the vmlinuz line
POP
-Post Office Protocal
Default Shell
-Changes to individual shells is made in :
ex:/etc/passwd file
Command Line Consoles
-start-ttys.conf is located in :
ex: /etc/init directory
Data Streams
-Standard Input (Stdin)
-Standard Output (Stdout)
-Standard Error (Stderr): 2>
Ln
-Hard link is a copy if on the same partition, identical inode numbers
-Soft link is a redirect to the original file
rm alias
-Another possible alias for rm
ex: rm='mv -t ~/.Trash'
wildcards
-Also known as globbing
mlocate.cron

-This locate script updates only once a day if put in the daily crontab.
Less
-This command is different from more or cat in that it can read gziped files
sed
-Stream EDitor that allows you to search and replace items
awk
-Used to identify lines and print them out
vipw
-vi for passwd file
vigr
-vi for group file
-/usr/share/doc
whatis
-Used to indicate the location of files and man pages types
CIDR
-Classless Inter Domain Routing notation
ex:192.168.122.1/24
ping6
-Must specify the Interface:
ex: ping6 -I eth0
ifup
-This command brings up an interface:
ex ifup eth0
ifdown
-This command brings down an interface
ex: ifdown eth0
arp
-Address Resolution Protocol. This table has the Hardware information and IP
Addresses
-Used to find duplicate IP Addresses on the network
dhclient
-assigns the ip address to the interface, sets up the routing for that interface and
adds the ip address of the DNS server to the resolv.conf file
nm-connection-editor
-Starts the network connection GUI

nsswitch.conf
-Name Server Switch file is a database of search priorities ex: hosts: files dns;
Says to search /etc/hosts file first and then DNS for the resolution

BIND
-Berkley Internet Name Domain
-Used for DNS servers
SUID
-Super User ID
-The "s"in the execute bit for the user owner permission is the sticky bit for SUID.
Allows other users to execute the command with the owners rights.
-setting SUID use numerical value = 4
SGID
-Super Group ID
-The "s" in the execute bit for the group owner is the sticky bit for SGID. Allows
other users to execute the command with the owners group rights.
-Setting SGID numerical value use =2
ACL
-Access Control List (ACL) -A (+) sign indicates ACLs but doesn't overide the
SELinux configurations
-Configure the filesystem with acl option
-Making a filesystem ACL friendly you would use:
ex:mount -o remount -o acl <filesystem> <mount point>
-Option (-m) modify the acls for a user ( -Can't deny access to a user to his own
home directory
Sticky bit others
-The "t" in the execute bit fro the user others permission is the sticky bit. Allows
others to copy files to a location and retain their ownership of the file
umask
read,write,execute
-r=4, w=2, and e=1
ugo permission
-u:user
-g:group
-o:other
lsattr
-Listing of the file attributes
chattr
-Change file attributes
setfacl
-setfacl -m u:<user>:--- <path/> : modifies acls for a user on a file
-setfacl -x u:<user> <path/> : removes acls for a user on a file
-setacl -b <path/filename> :removes all acls on a file
-setacl -m mask:--- <path/> : sets the mask for a file
restorecon
-Restores the default SELinux acl settings for a file:
ex: restorecon -F <location>

iptables
-iptables is chained based: condition a packet must meet and the action to take
- iptables -t tabletype -j
-tabletype: Filtering packets (Default setting), NAT or masquerading -action
direction:
1. -A: append a rule at the end of the chain
2. -D: Deletes a rule from a chain;specify by rule number or packet pattern
3. -L: List the current rules in the list
4. -F: Flushes all the rules in the list
-If -A or -D the following apply
-INPUT; All incoming packets are checked against rules in the chain
- OUTPUT; All outgoing packets are checked against rules in the chain
-FORWARD;All packets to other computers are checked against rules in the chain
-Packet Pattern
ex: -s ip_address;All Packets are checked for Source IP Address
ex: -d ip_address;All Packets are checked for Destination IP Address
-p protocol --dport destination port
ex: -p tcp --dport 80
-j what to do with packet
-Drop; No message sent to source computer
-Reject;Message sent to requesting computer
-Accept;Allowed followed by -A option
-Commit ends the rules
TCP/IP Ports
page23image6280 Port Description 21 FTP page23image10240 22 Secure Shell
(SSH) 23 Telnet page23image15008 25 Simple Mail Transfer Protocol (SMTP),
e.g., Postfix, sendmail 53 Domain Name Service servers page23image20096 80
Hypertext Transfer Protocol (HTTP) 88 Kerberos page23image24904 110 Post
Office Protocol, version 3 (POP3) 139 Network Basic Input/Output System
(NetBIOS) session service page23image30032 143 Internet Mail Access Protocol
(IMAP) page23image32976 443 HTTP, secure (HTTPS)
SELinux subject
-Subject is a process, a command in action.
SELinux object
-Object is a file
SELinux action
-Action is what might be done by the Subject to the Object
SELinux permissive
-Permissive logs every action but doesn't prevent action from taking place

SELINUX Directive
-Its location:
ex:/etc/selinux/config
SELinux Enforcing Mode

-There are two types of modes:

ex:targeted mode (Default) and mls mode
-MLS mode uses the Bell-La Padula model and is finer grained than Targeted.
Developed by DOD.
ex:Levels of c0 to c3 which is Top Secret. The max value is c1023
auditd
-Tracks all the violations in the audit.log
ex: /var/log/audit/audit.log
getenforce
-Tells the current status of SELinux for the system
ex:Enforcing/Permissive/Disabled
sestatus
-Summary of the status of SELinux
semanage
-Check the current user status
ex:semanage login -l
-Check the boolean values with description ex:semanage boolean -l
id
-Prints user information and group information
ex:id -Z
setenforce
-Enabling (Enforce, Permissive,Disabled) for SELinux
SELinux user roles
-system_u;system and configuration files -guest_u;No GUI, no networking, no su
or sudo access -xguest_u;GUI, networking for firefox browser -user_u;GUI and
networking -staff_u;GUI, networking, and sudo command -unconfined_u;Full
access
SELinux Booleans
-location for booleans

ex:/selinux/booleans

getsebool
-Command to read SELinux boolean value
setsebool
-Command to set SELinux boolean value to 1 or 0 -setsebool -P; will hold value
after a reboot of system
ps -eZ
-To see all the contexts for each process
ausearch
-Tool to help searching the audit.log file SELinux ex:ausearch -m avc -c
<common name>
-m Access Vector Cache (avc)
sealert

-Provides a detailed alert report from audit.log file

/var/log/audit/audit.log

ex:sealert -a

system-config-selinux
-Command to launch the GUI for configuration of SELinux rules
PATA
-Primary Advanced Technology Attachment (Pata)
SCSI
-/boot must be on scsi id0 or id1
single boot
-boots without running the /etc/rc?.d scripts
/init=/bin/sh
-Mounts only the top level directory / in read-only mode
UUID
-Universally Unique Identifier -128-bit number hex
rd_NO_LUKS
-disables the detection of volumes encrypted by Linux Unified Key Setup (LUKS)
system.
rd_NO_LVM
-disables detection of volumes configured with Logical Volume Manager
rd_NO_MD
-disables detection of software RAID use
rd_NO_DM
--disables detection of software RAID use
grub-md5-crypt
-used to password encrypt the Grub loader
from grub-md5-crypt> command

ex:password --md5 <copied value

grub-install
-installs the loader to the master boot record anywhere
runlevel
-N means no previous run level

ex:N 5

message bus connection

-Connects the files in the /etc/init to the system bus ex: /etc/init/init-systemdbus.conf -Connects the init process to the dbus server. Also, servers as a bridge
between the init and other configurations options in /etc/init directory
/etc/sysconfig/init
-Provides the look and feel during the boot up process
Plymouth Files
-Used to replace the Red Hat Graphical Boot screen or (RHGB)

Readahead Files
-Configuration of what files should be placed into memory at boot up to speed up
process -readahead-collector.conf -readahead.conf -readahead-disableservices.conf -/etc/sysconfig/readahead
Terminal Files
-prefdm.conf -start-ttys.conf -tty.conf -serial.conf -Located in /etc/init directory
Resource Control
-Three scripts that control what is started at different run levels
-rcS-sulogin.conf -rc.conf

-rcS.conf

ntsysv
-Command line GUI that shows what services are configured for what run level
ex: ntsysv --level 2345;show all services for these runlevels
DHCP
-Dynamic Host Configuration Protocol
clock
-/etc/sysconfig/clock has the timezone for the server
swap
-mkswap /dev/<location> -swapon /dev/<location> -cat /proc/swaps; see swap
space configured
palimpsest
-Command to start the Disk Utility
Journaling Filesystem
-Advantages: -faster to check at boot time -If a crash a log or journal is kept
for restoring the metadata for the lost files -Adding journaling by upgrade from
ext2 to ext3 ex: tune2fs -j /dev/<filesystem>
ext4 filesystem
-Advanages: -supports upto 1 exabyte -Nanosecond file timestamps
dumpe2fs
-Displays the filesystem attributes
FHS
-Filesystem Heirarchy Standard -Official way to organize files for unix and linux

LUKS
-Linux Unified Key Setup (LUKS)
-Block encryption -modprobe dm_crypt -cryptsetup luksFormat /dev/<partition>;
sets up a passphrase
-cryptsetup luksUUID /dev/<partition>;mapping of device to UUID
-cryptsetup luksOpen /dev/<partition> <location>;opening the partition
-mkfs.ext4 /dev/mapper/<parttion>;will change the UUID for the block device

Random data filler

-dd if=/dev/urandom of=/dev/sda1
dumpe2fs
-list all the filesystem information
-Doesn't work with swap files have to use blkid instead
blkid
-Provides the UUID for each block device and its type
crypttab
-/etc/crypttab is where the mounting of LUKS devices are stored
name> <device name> none

ex:<directory

nfs mount
-mount -t nfs server.name.location.com:/<directory> /mountpoint
- server1:/pub /share nfs rsize=8192,wsize=8192,timeo=14,intr,udp 0 0
automount
-/etc/sysconfig/autofs;configuration of automounter
-/etc/auto.master
-/etc/auto.misc
-/etc/auto.net
-/etc/auto.smb
-/etc/auto.home;requre certain directives rom /etc/sysconfig/autofs
-DEFAULT_MAP_OBJECT_CLASS="automountMap"
-DEFAULT_ENTRY_OBJECT_CLASS="automount"
-DEFAULT_MAP_ATTRIBUTE="automountMapName"
-DEFAULT_ENTRY_ATTRIBUTE="automountKey"
-DEFAULT_VALUE_ATTRIBUTE="automountInformation"
RPM
-Redhat Package Manager (RPM)
kernel
-Installation of new kernel using yum side-by-side current kernel
-yum install kernel
YUM
-Originally developed for Yellow Dog Linux
-Yellow dog Updater Modified (YUM)
-yum-config-manager
-yum erase <package>; will uninstall and remove the dependencies from the
system
-yum clean all; if problems with yum
yum.conf
-keepcache=0;Means the system will be current
-exactarch=1;Makes sure the archetecture matches the actual processor type
from arch command
-installonly_limit=3;kernel package is installed not upgraded
refresh-packagekit.conf
-links yum to the packagekit. Provides the use of apt yum and
yumdownloader
-Installs a single or group of rpm packages
createrepo

-creates customized package location

gpk-update-viewer
-GUI frontend to the yum update command
gpk-application
-GUI for add and remove of packages
spacewalk
-A management tool to a group of redhat servers anywhere
Unix Accounts
-Three types:Administrator (root), user, service
www.dshield.org
-Check if your ip address is being used
utmpdump
-If remote login crack:
ex:utmpdump /var/log/wtmp|less
Shadow password suite
-/etc/passwd, /etc/group, /etc/shadow, and /etc/gshadow
four files come from /etc/login.defs
-/etc/passwd;
shadow

-Default values in the

-A ! before the passwd for a user is a sign the account is locked. To unlock the
account issue:
ex:usermod -U <username>
sg
-execute command from a different group account
securetty
-located in /etc/securetty this file controls the access of the root account to
specified consoles.
access.conf
-A file to control local access to the system
su
- su - gives full administrative privilegdes to the user
- su -c root access for one command
gpasswd
-sets up a passwd for a specific group
/etc/skel
-default scripts and files that are copied to new user directories when account is
created
LDAP
-Lightweight Directory Access Protocol; used for authentication of users
-www.freeipa.org; a simple version of a LDAP server

-The following packages or need for configuration:

-openldap-clients,openldap,nss-pam-ldapd -ldaps for secure connection
-Ports need for Ldap 636,389
-ldap.conf;(URI,BASE,TLS_CACERTDIR) required fields
-/etc/nsswitch.conf entry for ldap
VNC
-Virtual Networing Computing
-port range used is 5900-5909
-Tightvnc server is used for vnc
-Packages: vinagre, tigervnc, and tigervnc-server
-Configuration files /etc/sysconfig/vncservers
-Verification port is open on Firewall
telenet <server> 5900 ;expect RFB ###.### which is Remote Frame Buffer
response for a gui
vino-preferences
-starts the GUI for preferences to vino
-vino configuration file locate in home directory:
.gconf/desktop/gnome/remote_access
vinagre
-RemoteDesktop client
iostat
-CPU and Disk utilization report
gzip
-uses the lempel-Ziv algorithm, which is commonly used in microsoft's
compression algorithms
tar
-Doesn't store acessl control lists and SELinux attributes. Restorecon can be
used if put in the original directory
star
-works with SELinux attributes and access lists
ex:star -xattr -H=exustar -c -f=home.star /home/
-unpacking star files
ex: star -x -=home.star
anacron
-Helps working on systems while powered off
-/var/spool/cron; location for jobs by users to run
at
-starts jobs at a certain time
-atq; checks status of all at jobs
-atrm <#>; remove a job from the list
rsyslog
-syslog command
lastlog
-last login for a given user or all users

crontab
-crontab -e ; used to edit entries in the crontab
-crontab -l; listing crontab entries per user
gpk-prefs
-package update scheduler