RHCSA Part 1 Sander Van Vugt

Click
to edit Master title style
Red Hat Certified System

Administrator (RHCSA)
Crash Course
Agenda
Red Hat Certified System Administrator (RHCSA) Crash Course, Part 1, Day 1
Click to edit Master title style
•  Installing CentOS 7.x in a virtual machine
•  Linux basics
•  Managing users, groups and permissions
•  Managing Software
•  Managing Networking
•  Managing Partitions
•  Managing File Systems
•  Managing LVM Logical Volumes
•  Managing KVM Virtual Machines
•  Setting up External Authentication
•  Configuring Remote Mounts
•  Configuring Autofs
•  Managing the Boot Procedure
•  Troubleshooting Linux
•  Configuring SELinux
•  Managing Firewalld
Warning
•  The contents of this course are to be used in addition
to other study materials
•  For a complete list of all topics, consult the RHCSA
objectives as published by Red Hat®

Crash Course, Part 1
Installing CentOS
Installing CentOS
•  RHEL or CentOS?
•  Minimal requirements
•  1 GB of RAM
•  20 GB disk with some unpartitioned disk space

Linux Basics
Connecting to Linux
•  Console mode is common on servers
•  Graphical mode is convenient for new users
•  SSH is common in datacenters
Root or not
•  Root is the almighty and unlimited user account
•  Avoid logging in as root at all times
•  If root access is required, use su
•  If administrator access on specific tasks is needed,
configure and use sudo
•  visudo will help you doing that
Exploring the File System
•  Directories on Linux are standardized
•  man hier contains the description of what is where
•  Try to respect the default directory structures
•  /usr/local
•  /home
•  /tmp
Common FS Management Utilities
•  cd: change directory
•  pwd: print current directory
•  ls: list files and their properties
•  cp: copy files
•  rm: remove files
•  mv: move files
Understanding Links
•  A link is a pointer to something else
•  Hard link points to an inode
•  inodes are the entrypoints to all file system
administration
•  Symbolic links point to a file name
•  Cross-device is allowed
•  Can point to a directory also
Getting help
•  man contains extensive usage information about
commands and configuration files and more
•  Use man -k to search the mandb on keywords
•  Use mandb to update the mandb
•  command --help shows a short overview of available
options
Finding Files
•  find is used to find files based on any criteria
•  find / -name "host"
•  find / -size +1G
•  find / -user linda -exec ls -l {}\;
•  find / -perm /4000
•  and many more
Filtering Information
•  grep is the universal filtering utility
•  grep root *
•  ps aux | grep http
Editing Files
•  Many editors are available, but there's only one editor:
vi
•  vim is an improved version of vi, offering some
additional options to make it easier to use
•  view is a read-only version of vi
•  Don't bother using anything else, many other
commands depend on vi also
Working with vi
•  vi has a command mode and an input mode
•  Get from command mode to input mode using i, o, a
•  Get from input mode to command mode using Esc
•  Useful commands
•  :wq! or ZZ write changes and quit
•  u: undo last modification
•  dd: delete a line
•  /something: search for something
•  n: repeat next search
•  x: delete one character

Managing Users and Groups
Why users are important
•  A user is an entity that is used on Linux to grant access
to specific resources
•  Every system has multiple system users
•  Some systems have people users as well
Understanding Group Membership
•  Any Linux user must be a member of at least one group
•  This group is used to set group ownership when
creating new files
•  Users may be member of secondary groups as well
•  Secondary group membership determines which
resources may be accessed
Exploring /etc/passwd and /etc/shadow
•  /etc/passwd is used to store user accounts and their
main properties
•  /etc/shadow is used to store hashes of encrypted
passwords and additional password properties
•  /etc/groups is used to store groups and their
properties
•  Secondary group membership is administered through /
etc/groups
•  Primary group membership is administered through /
etc/passwd
Setting New User Defaults
•  New user defaults are stored in two locations
•  /etc/defaults/useradd
•  /etc/login.defs
•  Alternatively, use useradd to set defaults for new users
•  /etc/skel is the skeleton directory, it's contents is
copied to the user home directory when a new user is
created
Managing Groups
•  groupadd
•  groupmod
•  groupdel
Managing Users
•  useradd
•  usermod
•  userdel
Managing Passwords
•  Users can change their own passwords using passwd
•  Root can change any users password using passwd
•  The passwd command also offers options to set default
password related properties
•  Or use it to lock/unlock user accounts
•  chage can be used to show and change password
properties

Managing Permissions
Understanding Basic Linux Permissions
•  read (4)
•  open files
•  list contents of directories
•  write (2)
•  modify files
•  add or delete files from directories
•  execute (1)
•  run files
•  Access directories using cd
Understanding Ownership
•  File access is based on ownership
•  All files have user, group and others
•  Show user and group and the file permissions using ls -l
Managing Basic Permissions
•  chown is used to set ownership
•  chgrp is used to set group ownership
•  chmod is used to set permissions
•  Absolute mode: chmod 770 myfile
•  Relative mode: chmod +x myscript, chmod u+w,o-rx
myfile
Understanding Advanced Linux Permissions
•  set user ID (SUID) (4)
•  On files: run an executable file with the permissions of
the file owner
•  set group ID (SGID) (2)
•  On files: run files with permissions of group owner
•  On directories: set directory group owner as group
owner of all files in that directory
•  sticky bit (1)
•  On directories: only delete files if you're owner of the file
or owner of the directory containing the files
Managing Advanced Linux Permissions
•  Absolute mode: use chmod with 4 digits, of which the
first digit sets special permissions
•  Relative mode
•  chmod u+s sets SUID
•  chmod g+s sets SGID
•  chmod +t sets sticky bit
Understanding Access Control Lists
•  In Linux, every directory or file can have one user owner and one
group owner only
•  In some cases a more sophisticated solution for granting
permissions is required
•  Access Control Lists (ACLs) take care of this
•  Typically, ACLs are applied on shared group directories, or to grant
selective additional access to a directory or file
•  Important to remember: when setting ACLs on directories, you'll
need to set two
•  A recursive current ACL to take care of existing files and directories
•  A default ACL to take care of any file that will be created in the futur
Managing Access Control Lists
•  Use getfacl to show current ACL settings
•  Use setfacl to set new ACLs
•  setfacl -R -m g:sales:rx /files/account
•  setfacl -m d:g:sales:rx /files/account
•  Best practice: set ALCs immediately after taking care of
basic permissions to ensure they are properly applied
to new files
Day 1 Final Lab, Part 1
•  Create the following groups: students and profs
•  Set passwords for all new users to expire after 90 days. 3 days
before expiration the user should get an expiration warning
•  Create the following users: linda, lisa, anna and anouk
•  Make linda and lisa a member of the group students and anna and
anouk a member of the group profs
•  Create the directories /data/profs and /data students
•  Members of the groups profs and students should have full access
to their directories, no one else should have access
•  Members of the groups profs should have read access to all files
in /data/students
•  Users should only be allowed to remove files they have created
themselves
•  User anna is head master and should have permissions to delete all
files in /data
•  Users should be able to write to all files created by group members
without changing the group ownership

Managing Software
Managing Repositories
•  A repository is an installation source that contains RPM packages
that can easily be installed using the yum utility
•  By working with repositories, a requested package can easily be
installed, including all of its dependencies
•  Access to repositories is defined through configuration files in /etc/
yum.repos.d
•  Make sure you know how to do this on the exam!
Working with yum
•  yum was created to be intuitive
•  yum search searches for packages based on package
name or description
•  yum install is used to install packages
•  yum remove is used to remove packages
•  yum provides */filename is very useful and search for
packages containing a specific file
Using rpm to perform queries
•  rpm is the legacy tool for managing packages
•  It still is useful, but for querying packages
•  rpm -qa lists all installed packages
•  rpm -qf /some/filename shows to which package a file
belongs
•  rpm -q[p]l packagename lists package contents
•  rpm -q[p]c packagename lists configuration files
•  rpm -q[p]d packagename lists documentation

Managing Networking
Understanding IPv4 Networking
•  The IPv4 address is used to uniquely identify a node on the local
network or on the Internet
•  Behind a NAT router, addresses from the private address range can
be used
•  10.0.0.0/8
•  172.16.0.0/12
•  192.168.0.0/16
•  The gateway defines how to contact nodes on other networks
•  DNS name resolution is required to translate host names to IP
addresses and vice versa
•  IPv6 is upcoming, but not an RHCSA objective
Managing Runtime Network Configurations
•  The ip command is used for managing runtime network
configurations
•  This is useful for testing before making a configuration
persistent
•  Everything you change using ip will be gone after a
reboot
•  ip addr add dev eth0 192.168.4.10/24
•  ip route add default via 192.168.4.2
•  DNS is configured through /etc/resolv.conf
Managing Persistent Networking
•  The NetworkManager service is used to manage network
configurations
•  The network service is used to manage network devices
•  Network configuration is stored in /etc/sysconfig/network-scripts/
ifcfg-*
•  nmcli is the recommended tool to create or change network
configurations
•  Make sure to install bash-completion.rpm
•  nmtui is the easy and accessible tool to create or change network
configurations
•  Do NOT use on RHEL versions before 7.2 (cat /etc/redhat-release)
Testing Networking
•  ip address show and ip link show display current
configuration
•  ping tests network connectivity
•  dig tests DNS server responsiveness

Managing Partitions
Understanding MBR and GPT
•  MBR is based on the MSDOS standard from the early
1980's
•  4 partitions can be stored in the MBR
•  to go beyond 4 partitions, use extended and logical
partitions
•  Use fdisk to manage MBR partitions
•  MBR has some limitations
•  Maximum addressable disk size is 2TB
•  No more than 15 partitions
Understanding MBR and GPT
•  GPT is the GUID partition tabel
•  It is mandatory on disks bigger than 2 TB
•  No more difference between primary, extended and
logical partitions
•  Maximum of 128 partitions
•  Use gdisk to manage GPT partitions
Understanding Disk Device Names
•  /dev/sda is the first SCSI device, /dev/sdb is the secind
SCSI device and so on
•  In KVM Virtual machines, you may find /dev/vda
instead
•  Partitions are numbered on their disk device; /dev/
sda1 is the first partition on /dev/sda
•  On MBR, /dev/sda5 is always the first logical partition
When to Use Partprobe
•  fdisk and gdisk write to the on-disk partition table
•  When this gets updated, the kernel partition table in /
proc/partitions does not always get updated
successfully
•  Use partprobe to push the changes to the kernel
partition table if while creating new partitions you'll get
an error

Managing File Systems
Understanding File System Choices
•  XFS is the default file system on RHEL 7
•  Ext4 is still available and supported
•  Btrfs has been offered as a tech preview, but will never
be fully implemented
•  For special purposes, other file systems do exist
Managing File Systems
•  mkfs is used to format a disk and put a file system on
top of it
Managing Labels and UUID
•  To make identification easier, labels and UUIDs can be
used
•  Particularly useful in SAN environments where disk
device names may change
•  After making a file system, every file system gets an
auto-generated UUID
•  Manually assigned labels can also be used
•  tune2fs -L is used to set labels on Ext4
•  xfs_label is used to assign labels to XFS file systems
Mounting File Systems
•  While mounting, you connect a disk device to a specific
directory
•  Use mount [-o options] /dev/sdb1 /mnt to mount a
disk device
Making Mounts Persistent through fstab
•  To make mounts persistent, put them in /etc/fstab
•  Six columns are used in /etc/fstab
•  device
•  mount point
•  file system type
•  mount options
•  dump option (set to 0)
•  fsck option (set to 0)
•  On your server, create a directory /repo and use yumdownloader to
copy all nmap RPMs into this directory
•  Configure this directory to be exposed as a repository for local
usage
•  Search for the RPM package containing the file sealert and make
sure it is installed
•  Query the RPM package you've just installed to list all related
configuration files
•  On the unpartitioned disk space on your computer, create a 1 GB
partition and format it with the Ext4 file system
•  Ensure that you keep disk space available to add more partitions
later
•  Set the label mydata on the partition you've just created
•  Configure your system to automatically mount this new partion on
the directory files while booting

RHCSA Part 1 Sander Van Vugt

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

RHCSA Part 1 Sander Van Vugt

Încărcat de

Drepturi de autor:

Formate disponibile

Click

to edit Master title style

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

S-ar putea să vă placă și