From Fedora Project Wiki

(adding local system admin tasks)
 
(24 intermediate revisions by 4 users not shown)
Line 1: Line 1:
= Why the System Administration Study Guide? =
+
This is the RHCSA Study Guide for the [[System Administration Study Group]].
  
The Fedora Project is in constant need for administrators with better skills.  In a yet-to-be-named initiative, the Fedora Project wishes to help as many contributors as possible improve their basic system administration skills.  This study guide is to help those pursuing additional goals, including higher-pay, certifications and more.
+
The study guide is intended to be printed by those who wish to study common tasks performed by many system administrators.  This study guide is based upon the [https://www.redhat.com/certification/rhcsa/objectives/ Red Hat Certified System Administrator Exam Objectives].  Other useful study components will be added here.  Community contributions are always welcome.
  
The study guide as it stands is intended to be printed by those who wish to study common tasks performed by many system administrators.  This study guide is based upon the Red Hat Certified System Administrator and Red Hat Certified Engineer Exam preparation guides.  Other useful study components will be added here.  Community contributions are always welcome.
+
=== Understand and Use Essential Tools ===
  
== Local System Administration Tasks ==
+
==== Access a shell prompt and issue commands with correct syntax ====
  
Generally speaking, the items below are specific to a local machine and do not involve services or network components.  In many cases, however, these components are the groundwork for other areas of specialization in the Linux system administration world.
 
  
==='''Understand and Use Essential Tools'''===
+
Access to shell can be done by logging in at boot, or if a graphical desktop environment (X) is used, access can be gained by opening gnome-terminal, konsole, or Terminal.  Alternatively, using Alt-Ctrl+fX (F1-F6) will gain access to a virtual teletype terminal.  The default shell environment is bash, though sh, zsh, and csh are also available.
  
* Access a shell prompt and issue commands with correct syntax
+
==== Use input-output redirection (>, >>, |, 2>) ====
   
 
  
  
 +
The Linux command prompt allows the user access to a great variety of useful tools.  Furthermore, the shells support advanced ways in which the information generated by the tools can be used further.  By using pipes and redirects, the user can take the output from a program (for example: cat) and send that information to a file or another program.  The following are some basic tools:
  
 +
> (example: cat filename1 filename2 > filename.txt)  This puts all the output of the program into a file.  If the filename specified does not exist, it will be created.  If the filename does exist, it will be completely overwritten, providing the user has permissions to do so.
  
 +
>> (example: cat filename 1 filename2 >> filename.txt)  This basically does the same thing as > except that instead of overwritting files, it amends the file by adding to any existing content. It appends the output to the end of the specified file.
  
 +
| (example: dmesg | tail | fpaste)  Instead of sending the output to a file, the user can send the output to another program.  In this example, the user effectively runs dmesg,  the output is then sent to tail to truncate it to the last 5 lines, which is then sent to the fpaste program which will then send the output to a pastebin.
  
  
 +
2> (example: foo 2>file.txt )  To understand this, you must understand that there are essentially two outputs for programs.  Standard output is basically what you see on the screen .  Standard error contains errors that occur when the program runs that do not get sent to standard output (represented by "2").  In this example, standard error alone is getting sent to a file. This may be useful for debugging purposes.
  
 +
2>&1, &> (example: ls > dirlist.txt 2>&1 or: ls &>dirlist.txt )  This is also functionally the same as &> and >&, though 2>&1 is more compatible.  This is similar to the above example of 2> except that instead of piping standard error alone, this will send the output of both standard output and standard error to a file.  This is useful for debugging and logging purposes.  This will create the specified output file if it doesn't exist and completely overwrite it if it does exist, providing the user has such permissions.
  
 +
&>>, >> 2>&1 (example ls &>>dirlist.txt or: ls >> dirlist.txt 2>&1 )  This also will send the output to a file, but in the case the file exists, it will append the output of both standard output and standard error to the end of the file rather than overwriting it.
  
 +
==== Use grep and regular expressions to analyze text ====
  
 +
The grep utility can be used to search for text in a file or files.  For example, to look for your own username in the /etc/passwd file, use the following:
  
 +
grep $USER /etc/passwd
  
 +
You can also use grep to exclude lines from a file.  To do this, the -v flag is used.
  
* Use input-output redirection (>, >>, |, 2>, etc.)
+
grep -v root /etc/passwd
  
 +
Also, -i makes searches case insensitive.
  
 +
grep -i avc /var/log/audit/audit.log
  
 +
When run as just grep, grep supports basic regular expressions.  When run as egrep, grep runs as though the -E flag was used, which means to support extended regular expressions.  If run as fgrep, grep acts as though the -F flag was used, which turns off regular expressions and searches only simple strings.
  
 +
egrep '\<[0-9]\>' /etc/passwd
 +
fgrep ':1:' /etc/passwd
  
 +
==== Access remote systems using ssh and VNC ====
  
 +
Remote systems can be accessed by a variety of different methods, including ssh, vnc, freenx, telnet, and rdp.  ssh and vnc are the most commonly used methods for accessing Linux systems remotely.
  
 +
SSH - The ssh command can be used to access a remote server that has sshd running.  The most basic syntax is ssh <hostname> or ssh <IP>.  A user can be specified by ssh user@host.  If a graphical interface is available at the remote machine, -X or -Y may be used to run graphical programs (recommended only for use over high bandwidth or LAN connections).  ssh keys may be used to further increase the security.  For more information on the features and syntax, please read the ssh manual (man ssh).
  
 +
VNC - Virtual Network Computing (vnc) uses a different protocol than ssh and is primarily meant for graphical remote access.  Because this protocol works by sending compressed images, it is recommended more for high bandwidth or LAN connections.  VNC should be run within a graphical environment.  The two clients which are primarily used are the Tiger VNC Viewer (vncviewer) and vino.
  
 +
In both cases, you should ensure that your firewall allows the necessary client connections for ssh (22) and vnc (5900-590X).
  
 +
==== Log in and switch users in multi-user runlevels ====
  
 +
By default, the default multiple user environments in Fedora (and RHEL) are levels 3, 4, and 5 (the default run level is set in /etc/inittab ).  Once logged in, the shell environment (bash, by default) is loaded. 
  
 +
To switch users, the su (basic syntax: su user) command may be used.  When changing users, to ensure that the user profile is updated to the target user's profile, the - character should follow su (example: su - user or su -l user).  su or su - without a user specified will default to root.
  
 +
To end a user session and return to the previously logged in user session, simply run the 'exit' command.
  
 +
Alternatively, it is possible to run specific commands as another user.  This can be doe with su -c.  sudo is another option for this and may be configured to run specific commands as superuser (example sudo command).  Use the visudo command to configure sudo.
  
 +
Specific commands may also be set up to be run under the permissions of another user or group.  This is done by setuid or setgid.
  
 +
==== Archive, compress, unpack and uncompress files using tar, star, gzip, and bzip2 ====
  
* Use grep and regular expressions to analyze text
 
  
  
Line 60: Line 85:
  
  
 +
==== Create and edit text files ====
  
 +
Text files may be easily created and edited from the Linux command line as well as graphically.
  
* Access remote systems using ssh and VNC
+
To simply create a file with no content, the touch command may be used for this.  To create and edit files, a text editor such as vi (vim), emacs, or nano.  Nano is the most friendly for new users and is pretty self explanatory, but vim and emacs are more popular among admins.  To learn more about vim, try vimtutor.  To explore emacs, open emacs and type Ctrl-H and then 'T' or visit the [http://www.gnu.org/software/emacs/tour/ Emacs guided tour page].
  
 +
Graphically, there are an array of editing tools available.  Most desktop environments contain basic text editors, such as gedit and kwrite up to advanced word processors such as libreoffice-writer, abiword, and koffice.
  
 +
As explained above, redirects may also be used to create and add data to files (example: echo 'I just created this file!' > mynewfile.txt ).  Please see the > and >> redirects above for more information on how to do this.
  
 +
Lastly, basic text files (excluding .doc and .odf) created in Linux may not be formatted correctly for viewing in Windows and vice versa.  Before opening a basic text (.txt) created in Windows Notepad, you may need to run dos2unix on the file, and conversely, you might need to run unix2dos on a file before opening it in Notepad, though Wordpad in Windows is capable of reading basic text files created in Linux.
  
 +
==== Delete, copy and move files and directories ====
  
 +
Once files have been created, it is then possible to rename, move, copy, and delete these files.  These files are organized into folders called directories.
  
 +
mkdir - Directories can be created using mkdir.  If you intend to make a into one that also hasn't been created yet, use the -p option.  For instance, if you want to create the path ./directory1/directory2 where directory1 may or may not yet exist, mkdir -p directory1/directory2 will create both if directory1 doesn't exist.
  
 +
rmdir - To delete an ''empty'' directory, rmdir may be used.  If the directory is not empty, see rm below.
  
 +
mv - Both renaming and moving files and folders may be doe by the mv command.  To simply change the name, the basic syntax is mv oldname newname.  To move the file to another place (and also optionally change the name), you must specify a new.  For example:  mv file ./directory/
  
 +
cp - Files may be copied from one directory to another (or in the same with a new name) using cp (example: cp file ./directory ).  The difference between this action and mv is that it leaves the original file intact.  Using cp -R, the user may also copy entire directories and their contents to a new location.
  
 +
rm - To delete files, use rm.  Be careful when using this because rm cannot be undone without considerable effort.  There is no undel equivalent in Linux.  To remove entire directories, including those containing files, rm -r may be used to recursively delete them.
  
 +
User/Group permissions can affect the ability to do any of these things.
  
 +
==== Create hard and soft links ====
  
  
  
  
* Log in and switch users in multi-user runlevels
 
  
  
Line 91: Line 129:
  
  
 +
==== List, set and change standard ugo/rwx permissions ====
  
  
Line 98: Line 137:
  
  
* Archive, compress, unpack and uncompress files using tar, star, gzip, and bzip2
 
  
  
Line 107: Line 145:
  
  
 +
==== Locate, read and use system documentation including man, info, and files in /usr/share/doc . ====
  
 +
=== Operate Running Systems ===
  
 +
Boot, reboot, and shut down a system normally
  
  
Line 117: Line 158:
  
  
* Create and edit text files
 
  
  
Line 124: Line 164:
  
  
 +
Boot systems into different runlevels manually
  
  
Line 134: Line 175:
  
  
* Create, delete, copy and move files and directories
 
  
  
Line 140: Line 180:
  
  
 +
Use single-user mode to gain access to a system
  
  
Line 151: Line 192:
  
  
* Create hard and soft links
 
  
  
  
  
 +
Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes
  
  
Line 170: Line 211:
  
  
* List, set and change standard ugo/rwx permissions
 
  
  
 +
Locate and interpret system log files
  
  
Line 186: Line 227:
  
  
* Locate, read and use system documentation including man, info, and files in /usr/share/doc .
 
     
 
  
  
 +
Access a virtual machine's console
  
  
Line 202: Line 242:
  
  
==='''Operate Running Systems'''===
 
  
* Boot, reboot, and shut down a system normally
 
  
  
Line 210: Line 248:
  
  
 +
Start and stop virtual machines
  
  
Line 220: Line 259:
  
  
* Boot systems into different runlevels manually
 
  
  
Line 226: Line 264:
  
  
 +
Start, stop and check the status of network services
  
  
Line 237: Line 276:
  
  
* Use single-user mode to gain access to a system
 
  
  
  
  
 +
=== Configure Local Storage ===
  
 +
List, create, delete and set partition type for primary, extended, and logical partitions
  
  
Line 254: Line 294:
  
  
* Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes
 
  
  
  
  
 +
Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes
  
  
Line 272: Line 312:
  
  
* Locate and interpret system log files
 
  
  
 +
Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot
  
  
Line 289: Line 329:
  
  
* Access a virtual machine's console
 
  
  
 +
Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label
  
  
Line 307: Line 347:
  
  
* Start and stop virtual machines
+
Add new partitions, logical volumes and swap to a system non-destructively
  
  
Line 323: Line 363:
  
  
 +
=== Create and Configure File Systems ===
  
* Start, stop and check the status of network services
+
Create, mount, unmount and use ext2, ext3 and ext4 file systems
  
  
Line 340: Line 381:
  
  
 +
Mount, unmount and use LUKS-encrypted file systems
  
  
==='''Configure Local Storage'''===
 
  
* List, create, delete and set partition type for primary, extended, and logical partitions
 
  
  
Line 357: Line 397:
  
  
 +
Mount and unmount CIFS and NFS network file systems
  
  
Line 362: Line 403:
  
  
* Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes
 
  
  
Line 373: Line 413:
  
  
 +
Configure systems to mount ext4, LUKS-encrypted and network file systems automatically
  
  
Line 381: Line 422:
  
  
* Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot
 
  
  
Line 389: Line 429:
  
  
 +
Extend existing unencrypted ext4-formatted logical volumes
  
  
Line 399: Line 440:
  
  
* Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label
 
  
  
Line 407: Line 447:
  
  
 +
Create and configure set-GID directories for collaboration
  
  
Line 417: Line 458:
  
  
* Add new partitions, logical volumes and swap to a system non-destructively
 
  
  
Line 423: Line 463:
  
  
 +
Create and manage Access Control Lists (ACLs)
  
  
Line 435: Line 476:
  
  
==='''Create and Configure File Systems'''===
 
  
* Create, mount, unmount and use ext2, ext3 and ext4 file systems
 
  
  
  
 +
Diagnose and correct file permission problems
  
  
Line 456: Line 496:
  
  
* Mount, unmount and use LUKS-encrypted file systems
+
=== Deploy, Configure and Maintain Systems ===
  
 +
Configure networking and hostname resolution statically or dynamically
  
  
Line 473: Line 514:
  
  
* Mount and unmount CIFS and NFS network file systems
+
Schedule tasks using cron
  
  
Line 489: Line 530:
  
  
 +
Configure systems to boot into a specific runlevel automatically
  
  
* Configure systems to mount ext4, LUKS-encrypted and network file systems automatically
 
  
  
Line 505: Line 546:
  
  
 +
Install Red Hat Enterprise Linux automatically using Kickstart
  
  
  
* Extend existing unencrypted ext4-formatted logical volumes
 
  
  
Line 522: Line 563:
  
  
 +
Configure a physical machine to host virtual guests
  
  
  
  
* Create and configure set-GID directories for collaboration
 
  
  
Line 539: Line 580:
  
  
 +
Install Red Hat Enterprise Linux systems as virtual guests
  
  
Line 544: Line 586:
  
  
* Create and manage Access Control Lists (ACLs)
 
  
  
Line 557: Line 598:
  
  
 +
Configure systems to launch virtual machines at boot
  
  
Line 564: Line 606:
  
  
* Diagnose and correct file permission problems
 
  
  
Line 574: Line 615:
  
  
 +
Configure network services to start automatically at boot
  
  
Line 583: Line 625:
  
  
==='''Deploy, Configure and Maintain Systems'''===
 
  
* Configure networking and hostname resolution statically or dynamically
 
  
  
Line 591: Line 631:
  
  
 +
Configure a system to run a default configuration HTTP server
  
  
Line 603: Line 644:
  
  
* Schedule tasks using cron
 
  
  
  
 +
Configure a system to run a default configuration FTP server
  
  
Line 621: Line 662:
  
  
* Configure systems to boot into a specific runlevel automatically
 
  
 +
Install and update software packages from a remote repository, or from the local filesystem
  
  
Line 638: Line 679:
  
  
 +
Update the kernel package appropriately to ensure a bootable system
  
  
* Install automatically using Kickstart
 
  
  
Line 654: Line 695:
  
  
 +
Modify the system bootloader
  
  
Line 660: Line 702:
  
  
* Configure a physical machine to host virtual guests
 
  
  
Line 670: Line 711:
  
  
 
+
Configure a system to run a default configuration NTP server and synchronize time using other NTP peers
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Install systems as virtual guests
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure systems to launch virtual machines at boot
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure network services to start automatically at boot
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a system to run a default configuration HTTP server
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a system to run a default configuration FTP server
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Install and update software packages from a remote repository, or from the local filesystem
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Update the kernel package appropriately to ensure a bootable system
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Modify the system bootloader
 
 
 
 
 
 
 
  
  
Line 845: Line 729:
 
=== Manage Users and Groups ===
 
=== Manage Users and Groups ===
  
* Create, delete, and modify local user accounts
+
Create, delete, and modify local user accounts
  
  
Line 861: Line 745:
  
  
 +
Change passwords and adjust password aging for local user accounts
  
  
Line 866: Line 751:
  
  
* Change passwords and adjust password aging for local user accounts
 
  
  
Line 877: Line 761:
  
  
 +
Create, delete and modify local groups and group memberships
  
  
Line 886: Line 771:
  
  
* Create, delete and modify local groups and group memberships
 
  
  
Line 893: Line 777:
  
  
 
+
Configure a system to use an existing LDAP directory service for user and group information
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a system to use an existing LDAP directory service for user and group information
 
 
 
 
 
 
 
  
  
Line 927: Line 795:
 
=== Manage Security ===
 
=== Manage Security ===
  
* Configure firewall settings using system-config-firewall or iptables
+
Configure firewall settings using system-config-firewall or iptables
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Set enforcing and permissive modes for SELinux
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* List and identify SELinux file and process context
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Restore default file contexts
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Use boolean settings to modify system SELinux settings
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Diagnose and address routine SELinux policy violations
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
==='''System Configuration and Management'''===
 
 
 
 
 
 
 
* Route IP traffic and create static routes
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Use iptables to implement packet filtering and configure network address translation (NAT)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Use /proc/sys and sysctl to modify and set kernel run-time parameters
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure system to authenticate using Kerberos
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Build a simple RPM that packages a single file
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a system as an iSCSI initiator that persistently mounts an iSCSI target
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Produce and deliver reports on system utilization (processor, memory, disk, and network)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Use shell scripting to automate system maintenance tasks
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a system to log to a remote system
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a system to accept logging from a remote system
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
==='''Network Services'''===
 
 
 
* Install the packages needed to provide the service
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure SELinux to support the service
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure the service to start when the system is booted
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure the service for basic operation
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure host-based and user-based security for the service
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
===HTTP/HTTPS===
 
 
 
* Configure a virtual host
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure private directories
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Deploy a basic CGI application
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure group-managed content
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
==='''DNS'''===
 
 
 
* Configure a caching-only name server
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a caching-only name server to forward DNS queries
 
   
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
==='''FTP'''===
 
 
 
* Configure anonymous-only download
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
==='''NFS'''===
 
 
 
* Provide network shares to specific clients
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Provide network shares suitable for group collaboration
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
==='''SMB'''===
 
 
 
* Provide network shares to specific clients
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Provide network shares suitable for group collaboration
 
 
 
 
 
  
  
Line 1,510: Line 810:
  
  
==='''SMTP'''===
 
  
* Configure a mail transfer agent (MTA) to accept inbound email from other systems
 
  
 +
Set enforcing and permissive modes for SELinux
  
  
Line 1,529: Line 828:
  
  
* Configure an MTA to forward (relay) email through a smart host
+
List and identify SELinux file and process context
  
  
Line 1,545: Line 844:
  
  
==='''SSH'''===
+
Restore default file contexts
  
* Configure key-based authentication
 
  
  
Line 1,563: Line 861:
  
  
==='''NTP'''===
 
  
* Synchronize time using other NTP peers
+
Use boolean settings to modify system SELinux settings
  
  
Line 1,583: Line 880:
  
  
<br>
+
Diagnose and address routine SELinux policy violations

Latest revision as of 07:50, 26 August 2012

This is the RHCSA Study Guide for the System Administration Study Group.

The study guide is intended to be printed by those who wish to study common tasks performed by many system administrators. This study guide is based upon the Red Hat Certified System Administrator Exam Objectives. Other useful study components will be added here. Community contributions are always welcome.

Understand and Use Essential Tools

Access a shell prompt and issue commands with correct syntax

Access to shell can be done by logging in at boot, or if a graphical desktop environment (X) is used, access can be gained by opening gnome-terminal, konsole, or Terminal. Alternatively, using Alt-Ctrl+fX (F1-F6) will gain access to a virtual teletype terminal. The default shell environment is bash, though sh, zsh, and csh are also available.

Use input-output redirection (>, >>, |, 2>)

The Linux command prompt allows the user access to a great variety of useful tools. Furthermore, the shells support advanced ways in which the information generated by the tools can be used further. By using pipes and redirects, the user can take the output from a program (for example: cat) and send that information to a file or another program. The following are some basic tools:

> (example: cat filename1 filename2 > filename.txt) This puts all the output of the program into a file. If the filename specified does not exist, it will be created. If the filename does exist, it will be completely overwritten, providing the user has permissions to do so.

>> (example: cat filename 1 filename2 >> filename.txt) This basically does the same thing as > except that instead of overwritting files, it amends the file by adding to any existing content. It appends the output to the end of the specified file.

| (example: dmesg | tail | fpaste) Instead of sending the output to a file, the user can send the output to another program. In this example, the user effectively runs dmesg, the output is then sent to tail to truncate it to the last 5 lines, which is then sent to the fpaste program which will then send the output to a pastebin.


2> (example: foo 2>file.txt ) To understand this, you must understand that there are essentially two outputs for programs. Standard output is basically what you see on the screen . Standard error contains errors that occur when the program runs that do not get sent to standard output (represented by "2"). In this example, standard error alone is getting sent to a file. This may be useful for debugging purposes.

2>&1, &> (example: ls > dirlist.txt 2>&1 or: ls &>dirlist.txt ) This is also functionally the same as &> and >&, though 2>&1 is more compatible. This is similar to the above example of 2> except that instead of piping standard error alone, this will send the output of both standard output and standard error to a file. This is useful for debugging and logging purposes. This will create the specified output file if it doesn't exist and completely overwrite it if it does exist, providing the user has such permissions.

&>>, >> 2>&1 (example ls &>>dirlist.txt or: ls >> dirlist.txt 2>&1 ) This also will send the output to a file, but in the case the file exists, it will append the output of both standard output and standard error to the end of the file rather than overwriting it.

Use grep and regular expressions to analyze text

The grep utility can be used to search for text in a file or files. For example, to look for your own username in the /etc/passwd file, use the following:

grep $USER /etc/passwd

You can also use grep to exclude lines from a file. To do this, the -v flag is used.

grep -v root /etc/passwd

Also, -i makes searches case insensitive.

grep -i avc /var/log/audit/audit.log

When run as just grep, grep supports basic regular expressions. When run as egrep, grep runs as though the -E flag was used, which means to support extended regular expressions. If run as fgrep, grep acts as though the -F flag was used, which turns off regular expressions and searches only simple strings.

egrep '\<[0-9]\>' /etc/passwd
fgrep ':1:' /etc/passwd

Access remote systems using ssh and VNC

Remote systems can be accessed by a variety of different methods, including ssh, vnc, freenx, telnet, and rdp. ssh and vnc are the most commonly used methods for accessing Linux systems remotely.

SSH - The ssh command can be used to access a remote server that has sshd running. The most basic syntax is ssh <hostname> or ssh <IP>. A user can be specified by ssh user@host. If a graphical interface is available at the remote machine, -X or -Y may be used to run graphical programs (recommended only for use over high bandwidth or LAN connections). ssh keys may be used to further increase the security. For more information on the features and syntax, please read the ssh manual (man ssh).

VNC - Virtual Network Computing (vnc) uses a different protocol than ssh and is primarily meant for graphical remote access. Because this protocol works by sending compressed images, it is recommended more for high bandwidth or LAN connections. VNC should be run within a graphical environment. The two clients which are primarily used are the Tiger VNC Viewer (vncviewer) and vino.

In both cases, you should ensure that your firewall allows the necessary client connections for ssh (22) and vnc (5900-590X).

Log in and switch users in multi-user runlevels

By default, the default multiple user environments in Fedora (and RHEL) are levels 3, 4, and 5 (the default run level is set in /etc/inittab ). Once logged in, the shell environment (bash, by default) is loaded.

To switch users, the su (basic syntax: su user) command may be used. When changing users, to ensure that the user profile is updated to the target user's profile, the - character should follow su (example: su - user or su -l user). su or su - without a user specified will default to root.

To end a user session and return to the previously logged in user session, simply run the 'exit' command.

Alternatively, it is possible to run specific commands as another user. This can be doe with su -c. sudo is another option for this and may be configured to run specific commands as superuser (example sudo command). Use the visudo command to configure sudo.

Specific commands may also be set up to be run under the permissions of another user or group. This is done by setuid or setgid.

Archive, compress, unpack and uncompress files using tar, star, gzip, and bzip2

Create and edit text files

Text files may be easily created and edited from the Linux command line as well as graphically.

To simply create a file with no content, the touch command may be used for this. To create and edit files, a text editor such as vi (vim), emacs, or nano. Nano is the most friendly for new users and is pretty self explanatory, but vim and emacs are more popular among admins. To learn more about vim, try vimtutor. To explore emacs, open emacs and type Ctrl-H and then 'T' or visit the Emacs guided tour page.

Graphically, there are an array of editing tools available. Most desktop environments contain basic text editors, such as gedit and kwrite up to advanced word processors such as libreoffice-writer, abiword, and koffice.

As explained above, redirects may also be used to create and add data to files (example: echo 'I just created this file!' > mynewfile.txt ). Please see the > and >> redirects above for more information on how to do this.

Lastly, basic text files (excluding .doc and .odf) created in Linux may not be formatted correctly for viewing in Windows and vice versa. Before opening a basic text (.txt) created in Windows Notepad, you may need to run dos2unix on the file, and conversely, you might need to run unix2dos on a file before opening it in Notepad, though Wordpad in Windows is capable of reading basic text files created in Linux.

Delete, copy and move files and directories

Once files have been created, it is then possible to rename, move, copy, and delete these files. These files are organized into folders called directories.

mkdir - Directories can be created using mkdir. If you intend to make a into one that also hasn't been created yet, use the -p option. For instance, if you want to create the path ./directory1/directory2 where directory1 may or may not yet exist, mkdir -p directory1/directory2 will create both if directory1 doesn't exist.

rmdir - To delete an empty directory, rmdir may be used. If the directory is not empty, see rm below.

mv - Both renaming and moving files and folders may be doe by the mv command. To simply change the name, the basic syntax is mv oldname newname. To move the file to another place (and also optionally change the name), you must specify a new. For example: mv file ./directory/

cp - Files may be copied from one directory to another (or in the same with a new name) using cp (example: cp file ./directory ). The difference between this action and mv is that it leaves the original file intact. Using cp -R, the user may also copy entire directories and their contents to a new location.

rm - To delete files, use rm. Be careful when using this because rm cannot be undone without considerable effort. There is no undel equivalent in Linux. To remove entire directories, including those containing files, rm -r may be used to recursively delete them.

User/Group permissions can affect the ability to do any of these things.

Create hard and soft links

List, set and change standard ugo/rwx permissions

Locate, read and use system documentation including man, info, and files in /usr/share/doc .

Operate Running Systems

Boot, reboot, and shut down a system normally








Boot systems into different runlevels manually








Use single-user mode to gain access to a system








Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes









Locate and interpret system log files








Access a virtual machine's console










Start and stop virtual machines








Start, stop and check the status of network services








Configure Local Storage

List, create, delete and set partition type for primary, extended, and logical partitions








Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes








Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot









Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label








Add new partitions, logical volumes and swap to a system non-destructively








Create and Configure File Systems

Create, mount, unmount and use ext2, ext3 and ext4 file systems








Mount, unmount and use LUKS-encrypted file systems








Mount and unmount CIFS and NFS network file systems








Configure systems to mount ext4, LUKS-encrypted and network file systems automatically








Extend existing unencrypted ext4-formatted logical volumes









Create and configure set-GID directories for collaboration








Create and manage Access Control Lists (ACLs)









Diagnose and correct file permission problems








Deploy, Configure and Maintain Systems

Configure networking and hostname resolution statically or dynamically








Schedule tasks using cron








Configure systems to boot into a specific runlevel automatically








Install Red Hat Enterprise Linux automatically using Kickstart









Configure a physical machine to host virtual guests









Install Red Hat Enterprise Linux systems as virtual guests









Configure systems to launch virtual machines at boot









Configure network services to start automatically at boot








Configure a system to run a default configuration HTTP server








Configure a system to run a default configuration FTP server








Install and update software packages from a remote repository, or from the local filesystem








Update the kernel package appropriately to ensure a bootable system








Modify the system bootloader








Configure a system to run a default configuration NTP server and synchronize time using other NTP peers








Manage Users and Groups

Create, delete, and modify local user accounts








Change passwords and adjust password aging for local user accounts








Create, delete and modify local groups and group memberships








Configure a system to use an existing LDAP directory service for user and group information








Manage Security

Configure firewall settings using system-config-firewall or iptables









Set enforcing and permissive modes for SELinux








List and identify SELinux file and process context








Restore default file contexts









Use boolean settings to modify system SELinux settings









Diagnose and address routine SELinux policy violations