From Fedora Project Wiki

m (moved System Administration Study Guide to SysadminSG RHCSA Study Guide: Separating the RHCSA and RHCE guides so we can have more focused study sessions, if desired.)
(initial data)
Line 1: Line 1:
 
The Fedora Project is in constant need for administrators with better skills.  In a yet-to-be-named initiative, the Fedora Project wishes to help as many contributors as possible improve their basic system administration skills.  This study guide is to help those pursuing additional goals, including higher-pay, certifications and more.
 
The Fedora Project is in constant need for administrators with better skills.  In a yet-to-be-named initiative, the Fedora Project wishes to help as many contributors as possible improve their basic system administration skills.  This study guide is to help those pursuing additional goals, including higher-pay, certifications and more.
  
The study guide as it stands is intended to be printed by those who wish to study common tasks performed by many system administrators.  This study guide is based upon the Red Hat Certified System Administrator and Red Hat Certified Engineer Exam preparation guides.  Other useful study components will be added here.  Community contributions are always welcome.
+
The study guide is intended to be printed by those who wish to study common tasks performed by many system administrators.  This study guide is based upon the [https://www.redhat.com/certification/rhcsa/objectives/ Red Hat Certified System Administrator Exam Objectives].  Other useful study components will be added here.  Community contributions are always welcome.
  
* [https://www.redhat.com/certification/rhcsa/objectives/ RHCSA Exam Objectives]
+
=== Understand and Use Essential Tools ===
* [https://www.redhat.com/certification/rhce/objectives/ RHCE Exam Objectives]
 
  
== Local System Administration Tasks ==
+
Access a shell prompt and issue commands with correct syntax
  
Generally speaking, the items below are specific to a local machine and do not involve services or network components.  In many cases, however, these components are the groundwork for other areas of specialization in the Linux system administration world.
 
  
==='''Understand and Use Essential Tools'''===
 
  
* Access a shell prompt and issue commands with correct syntax
 
  
  
Line 24: Line 20:
  
  
 +
Use input-output redirection (>, >>, |, 2>, etc.)
  
  
* Use input-output redirection (>, >>, |, 2>, etc.)
 
  
  
Line 42: Line 38:
  
  
 +
Use grep and regular expressions to analyze text
  
  
* Use grep and regular expressions to analyze text
 
  
  
Line 57: Line 53:
  
  
 +
Access remote systems using ssh and VNC
  
  
  
  
* Access remote systems using ssh and VNC
 
  
  
Line 72: Line 68:
  
  
 +
Log in and switch users in multi-user runlevels
  
  
Line 78: Line 75:
  
  
* Log in and switch users in multi-user runlevels
 
  
  
Line 88: Line 84:
  
  
 +
Archive, compress, unpack and uncompress files using tar, star, gzip, and bzip2
  
  
Line 97: Line 94:
  
  
* Archive, compress, unpack and uncompress files using tar, star, gzip, and bzip2
 
  
  
Line 104: Line 100:
  
  
 +
Create and edit text files
  
  
Line 116: Line 113:
  
  
* Create and edit text files
 
  
  
  
 +
Create, delete, copy and move files and directories
  
  
Line 133: Line 130:
  
  
* Create, delete, copy and move files and directories
 
  
  
 +
Create hard and soft links
  
  
Line 150: Line 147:
  
  
* Create hard and soft links
 
  
 +
List, set and change standard ugo/rwx permissions
  
  
Line 167: Line 164:
  
  
 +
Locate, read and use system documentation including man, info, and files in /usr/share/doc .
  
  
* List, set and change standard ugo/rwx permissions
 
  
  
Line 184: Line 181:
  
  
 +
=== Operate Running Systems ===
  
* Locate, read and use system documentation including man, info, and files in /usr/share/doc .
+
Boot, reboot, and shut down a system normally
     
 
  
  
Line 201: Line 198:
  
  
==='''Operate Running Systems'''===
+
Boot systems into different runlevels manually
  
* Boot, reboot, and shut down a system normally
 
  
  
Line 218: Line 214:
  
  
 +
Use single-user mode to gain access to a system
  
* Boot systems into different runlevels manually
 
  
  
Line 234: Line 230:
  
  
 +
Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes
  
  
* Use single-user mode to gain access to a system
 
  
  
Line 251: Line 247:
  
  
 +
Locate and interpret system log files
  
  
* Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes
 
  
  
Line 267: Line 263:
  
  
 +
Access a virtual machine's console
  
  
  
  
* Locate and interpret system log files
 
  
  
Line 286: Line 282:
  
  
 +
Start and stop virtual machines
  
  
* Access a virtual machine's console
 
  
  
Line 302: Line 298:
  
  
 +
Start, stop and check the status of network services
  
  
  
  
* Start and stop virtual machines
 
  
  
Line 318: Line 314:
  
  
 +
=== Configure Local Storage ===
  
 +
List, create, delete and set partition type for primary, extended, and logical partitions
  
  
  
  
* Start, stop and check the status of network services
 
  
  
Line 335: Line 332:
  
  
 +
Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes
  
  
Line 341: Line 339:
  
  
==='''Configure Local Storage'''===
 
  
* List, create, delete and set partition type for primary, extended, and logical partitions
 
  
  
Line 352: Line 348:
  
  
 +
Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot
  
  
Line 361: Line 358:
  
  
* Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes
 
  
  
Line 369: Line 365:
  
  
 +
Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label
  
  
Line 380: Line 377:
  
  
* Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot
 
  
  
  
  
 +
Add new partitions, logical volumes and swap to a system non-destructively
  
  
Line 398: Line 395:
  
  
* Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label
 
  
  
 +
=== Create and Configure File Systems ===
  
 +
Create, mount, unmount and use ext2, ext3 and ext4 file systems
  
  
Line 416: Line 414:
  
  
* Add new partitions, logical volumes and swap to a system non-destructively
 
  
 +
Mount, unmount and use LUKS-encrypted file systems
  
  
Line 433: Line 431:
  
  
 +
Mount and unmount CIFS and NFS network file systems
  
==='''Create and Configure File Systems'''===
 
  
* Create, mount, unmount and use ext2, ext3 and ext4 file systems
 
  
  
Line 450: Line 447:
  
  
 +
Configure systems to mount ext4, LUKS-encrypted and network file systems automatically
  
  
Line 455: Line 453:
  
  
* Mount, unmount and use LUKS-encrypted file systems
 
  
  
Line 466: Line 463:
  
  
 +
Extend existing unencrypted ext4-formatted logical volumes
  
  
Line 472: Line 470:
  
  
* Mount and unmount CIFS and NFS network file systems
 
  
  
Line 484: Line 481:
  
  
 +
Create and configure set-GID directories for collaboration
  
  
Line 490: Line 488:
  
  
* Configure systems to mount ext4, LUKS-encrypted and network file systems automatically
 
  
  
Line 500: Line 497:
  
  
 +
Create and manage Access Control Lists (ACLs)
  
  
Line 507: Line 505:
  
  
* Extend existing unencrypted ext4-formatted logical volumes
 
  
  
Line 517: Line 514:
  
  
 +
Diagnose and correct file permission problems
  
  
Line 525: Line 523:
  
  
* Create and configure set-GID directories for collaboration
 
  
  
Line 533: Line 530:
  
  
 +
=== Deploy, Configure and Maintain Systems ===
  
 +
Configure networking and hostname resolution statically or dynamically
  
  
Line 543: Line 542:
  
  
* Create and manage Access Control Lists (ACLs)
 
  
  
Line 550: Line 548:
  
  
 +
Schedule tasks using cron
  
  
Line 563: Line 562:
  
  
* Diagnose and correct file permission problems
 
  
  
 +
Configure systems to boot into a specific runlevel automatically
  
  
Line 581: Line 580:
  
  
 +
Install Red Hat Enterprise Linux automatically using Kickstart
  
==='''Deploy, Configure and Maintain Systems'''===
 
  
* Configure networking and hostname resolution statically or dynamically
 
  
  
Line 599: Line 597:
  
  
 +
Configure a physical machine to host virtual guests
  
  
  
* Schedule tasks using cron
 
  
  
Line 616: Line 614:
  
  
 +
Install Red Hat Enterprise Linux systems as virtual guests
  
  
  
  
* Configure systems to boot into a specific runlevel automatically
 
  
  
Line 634: Line 632:
  
  
 +
Configure systems to launch virtual machines at boot
  
  
Line 639: Line 638:
  
  
* Install automatically using Kickstart
 
  
  
Line 651: Line 649:
  
  
 +
Configure network services to start automatically at boot
  
  
Line 659: Line 658:
  
  
* Configure a physical machine to host virtual guests
 
  
  
Line 667: Line 665:
  
  
 +
Configure a system to run a default configuration HTTP server
  
  
Line 679: Line 678:
  
  
* Install systems as virtual guests
 
  
  
  
 +
Configure a system to run a default configuration FTP server
  
  
Line 698: Line 697:
  
  
 +
Install and update software packages from a remote repository, or from the local filesystem
  
* Configure systems to launch virtual machines at boot
 
  
  
Line 714: Line 713:
  
  
 +
Update the kernel package appropriately to ensure a bootable system
  
  
Line 719: Line 719:
  
  
* Configure network services to start automatically at boot
 
  
  
Line 730: Line 729:
  
  
 +
Modify the system bootloader
  
  
Line 740: Line 740:
  
  
* Configure a system to run a default configuration HTTP server
 
  
  
Line 746: Line 745:
  
  
 
+
Configure a system to run a default configuration NTP server and synchronize time using other NTP peers
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a system to run a default configuration FTP server
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Install and update software packages from a remote repository, or from the local filesystem
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Update the kernel package appropriately to ensure a bootable system
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Modify the system bootloader
 
 
 
 
 
 
 
  
  
Line 844: Line 763:
 
=== Manage Users and Groups ===
 
=== Manage Users and Groups ===
  
* Create, delete, and modify local user accounts
+
Create, delete, and modify local user accounts
 
 
 
 
 
 
 
 
 
 
  
  
Line 865: Line 779:
  
  
* Change passwords and adjust password aging for local user accounts
+
Change passwords and adjust password aging for local user accounts
  
  
Line 881: Line 795:
  
  
 +
Create, delete and modify local groups and group memberships
  
  
  
  
* Create, delete and modify local groups and group memberships
 
  
  
Line 897: Line 811:
  
  
 
+
Configure a system to use an existing LDAP directory service for user and group information
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a system to use an existing LDAP directory service for user and group information
 
 
 
 
 
 
 
  
  
Line 926: Line 829:
 
=== Manage Security ===
 
=== Manage Security ===
  
* Configure firewall settings using system-config-firewall or iptables
+
Configure firewall settings using system-config-firewall or iptables
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Set enforcing and permissive modes for SELinux
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* List and identify SELinux file and process context
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Restore default file contexts
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Use boolean settings to modify system SELinux settings
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Diagnose and address routine SELinux policy violations
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
== Network, System Services and Security ==
 
 
 
The following study components focus on providing system(s) with services that other machines will consume.  This area of expertise involves focused security techniques, network configurations and knowledge of commonly accessed network services.
 
 
 
==='''System Configuration and Management'''===
 
 
 
 
 
 
 
* Route IP traffic and create static routes
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Use iptables to implement packet filtering and configure network address translation (NAT)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Use /proc/sys and sysctl to modify and set kernel run-time parameters
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure system to authenticate using Kerberos
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Build a simple RPM that packages a single file
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a system as an iSCSI initiator that persistently mounts an iSCSI target
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Produce and deliver reports on system utilization (processor, memory, disk, and network)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Use shell scripting to automate system maintenance tasks
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a system to log to a remote system
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a system to accept logging from a remote system
 
 
 
==='''Network Services'''===
 
 
 
* Install the packages needed to provide the service
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure SELinux to support the service
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure the service to start when the system is booted
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure the service for basic operation
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure host-based and user-based security for the service
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
===HTTP/HTTPS===
 
 
 
* Configure a virtual host
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure private directories
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Deploy a basic CGI application
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure group-managed content
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
==='''DNS'''===
 
 
 
* Configure a caching-only name server
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Configure a caching-only name server to forward DNS queries
 
   
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
==='''FTP'''===
 
 
 
* Configure anonymous-only download
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
==='''NFS'''===
 
 
 
* Provide network shares to specific clients
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Provide network shares suitable for group collaboration
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
==='''SMB'''===
 
 
 
* Provide network shares to specific clients
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
* Provide network shares suitable for group collaboration
 
 
 
 
 
  
  
Line 1,493: Line 844:
  
  
==='''SMTP'''===
 
  
* Configure a mail transfer agent (MTA) to accept inbound email from other systems
 
  
 +
Set enforcing and permissive modes for SELinux
  
  
Line 1,512: Line 862:
  
  
* Configure an MTA to forward (relay) email through a smart host
+
List and identify SELinux file and process context
  
  
Line 1,528: Line 878:
  
  
==='''SSH'''===
+
Restore default file contexts
  
* Configure key-based authentication
 
  
  
Line 1,546: Line 895:
  
  
==='''NTP'''===
 
  
* Synchronize time using other NTP peers
+
Use boolean settings to modify system SELinux settings
  
  
Line 1,566: Line 914:
  
  
<br>
+
Diagnose and address routine SELinux policy violations

Revision as of 19:52, 10 January 2012

The Fedora Project is in constant need for administrators with better skills. In a yet-to-be-named initiative, the Fedora Project wishes to help as many contributors as possible improve their basic system administration skills. This study guide is to help those pursuing additional goals, including higher-pay, certifications and more.

The study guide is intended to be printed by those who wish to study common tasks performed by many system administrators. This study guide is based upon the Red Hat Certified System Administrator Exam Objectives. Other useful study components will be added here. Community contributions are always welcome.

Understand and Use Essential Tools

Access a shell prompt and issue commands with correct syntax








Use input-output redirection (>, >>, |, 2>, etc.)









Use grep and regular expressions to analyze text








Access remote systems using ssh and VNC








Log in and switch users in multi-user runlevels








Archive, compress, unpack and uncompress files using tar, star, gzip, and bzip2








Create and edit text files








Create, delete, copy and move files and directories








Create hard and soft links








List, set and change standard ugo/rwx permissions








Locate, read and use system documentation including man, info, and files in /usr/share/doc .









Operate Running Systems

Boot, reboot, and shut down a system normally








Boot systems into different runlevels manually








Use single-user mode to gain access to a system








Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes









Locate and interpret system log files








Access a virtual machine's console










Start and stop virtual machines








Start, stop and check the status of network services








Configure Local Storage

List, create, delete and set partition type for primary, extended, and logical partitions








Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes








Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot









Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label








Add new partitions, logical volumes and swap to a system non-destructively








Create and Configure File Systems

Create, mount, unmount and use ext2, ext3 and ext4 file systems








Mount, unmount and use LUKS-encrypted file systems








Mount and unmount CIFS and NFS network file systems








Configure systems to mount ext4, LUKS-encrypted and network file systems automatically








Extend existing unencrypted ext4-formatted logical volumes









Create and configure set-GID directories for collaboration








Create and manage Access Control Lists (ACLs)









Diagnose and correct file permission problems








Deploy, Configure and Maintain Systems

Configure networking and hostname resolution statically or dynamically








Schedule tasks using cron








Configure systems to boot into a specific runlevel automatically








Install Red Hat Enterprise Linux automatically using Kickstart









Configure a physical machine to host virtual guests









Install Red Hat Enterprise Linux systems as virtual guests









Configure systems to launch virtual machines at boot









Configure network services to start automatically at boot








Configure a system to run a default configuration HTTP server








Configure a system to run a default configuration FTP server








Install and update software packages from a remote repository, or from the local filesystem








Update the kernel package appropriately to ensure a bootable system








Modify the system bootloader








Configure a system to run a default configuration NTP server and synchronize time using other NTP peers








Manage Users and Groups

Create, delete, and modify local user accounts








Change passwords and adjust password aging for local user accounts








Create, delete and modify local groups and group memberships








Configure a system to use an existing LDAP directory service for user and group information








Manage Security

Configure firewall settings using system-config-firewall or iptables









Set enforcing and permissive modes for SELinux








List and identify SELinux file and process context








Restore default file contexts









Use boolean settings to modify system SELinux settings









Diagnose and address routine SELinux policy violations