Red Hat Admininstration
# RHEL developer login and download RHEL
# command # run as "root" or administrator
$ command $ run as normal user
tty # terminal console tty1, tty2, etc
ctl+alt+F2 tty2
tty1 is the default GUI login terminal, any other tty will be virtual terminal/console
ssh root@servera # ssh to servera
# ssh public and private key
ctl+d # logout
bastion # router, such as Vyos
vim .ssh/known_hosts # ssh key store
ctl+alt+(up/down arrow) # to access different terminal
date +%r
file zcat # check the file zcat
wc zcat # count the file, number of line and words
head zcat # first 10 lines
tail zcat
tail -n 20 zcat # last 20 line of file zcat
#********* managng files
pwd # list where you're in the directory, path
bin, sbin # binary directory, symbolic link
sbin # system binary, used only by root
bin # used by the user
cd /usr # unix system resources (usr) - contains installed software programs and libraries
there are bin and sbin under /usr
dev # devices
etc # extended text configuration file, where to configure ssh - persistent, system-specific configuration data
home # user home directory
run # runtime data, will be delete / empty when reboot
var #
/root # root user home directroy
tree -d | less # list the directory tree
/var # dynamic data, such as for databases and websites
/tmp # tempoary directory, 10 days will be deleted
/var/tmp # 30 days will be deleted
/usr/bin # contains regular commands and utilities
/run # contains non-persistent process runtime data
# ************** absolute paths and relative paths
absolute path - full path
. current directory
.. parent directory of my current directory
~ change to current user's home directory or "cd" even simpler
- cd - # change to my previous directory
touch <file> # create new file
ls -R # list current directory and it sub-directory
# ************ managng file
mkdir -p dir1/dir2/dir3
ls -R dir1/ # list the directory structure
cp -r /use/share/doc/unzip/ . # copy directory to the current directory
rm unzip/bug # remove/delete file
rm -i unzip/readm
rmdir unzip # remove directory
rmdir -r projects # tree -d unzip # to see the diretory tree
rm -r projects/ # it will delete all files and directory !!!!
mv file1 file2 # rename file or directory
mv dir1 /tmp/dir2 # move dir1 to /tmp/dir2
#******* links between files
Index node (inode) # how are files identified
- permissions, ownership, date & time stamps, paths to date on file system (except file name, is managed by something else)
ls -li <filename> # -li to life inode
1 # link count is "1"
ln file1 file2 # file2 point to file1
ls -li file1 file2 # it shows both file1 and file2 has same inode, they are the same file, it show "2" as link count
**** this is hard link
if delete file1, file2 still valid
cat file1 file2 # show content of file1 and file2
# soft link - symbolic link
ln -s file3 file4 # file4 is the softlink of file3, and file3 and file4 have different inode
ls -li file3 file4
Note: file4 has different inode, therefore, it can have its own permission
if file4 deleted, then soft link is broken
We can only create link with directory using soft link
ls * # list every file
ls ?file # list single character and file, such as 1file ? single character
ls [ace]* # any file begin with a, or c, or e
ls [^ace]* ls [!ace]* # any file not starts with a, c or e
ls [[:alpha:]]* # begin with alph
ls [[:digit:]]*
ls ~ # ~ login user home directory
ls [[:alnum:]]* # alph or digit
ls [[:punct:]]*
# shell expansion
touch {Sun,Mon,Tues,Wednes}day.log or echo {Sun,Mon,Tues,Wednes}day.log
it will create the files:
Sunday.log Monday.log Tuesday.log Wednesday.log
mkdir RHEL{6,7,8}
it creates RHEL6 RHEL7 RHEL8 directories
touch son{1..5}.mp3
touch file{a,b}_{1..5}.avi
# varilable
SOMETHING=value
echo $SOMETHING # return value refer as $<variable_name>
# set boundary of variable
FIRST=User1
LAST=Name
echo ${FIRST}_${LAST} # return User1_Name
# command substituion $(xxxx)
echo "Today is $(date + %A)"
Today is Monday # return value
# "" double quote allows expansion, '' single quote does NOT allow expansion
echo "Hello ${USER}, on $(hostname) at $(date +%F), you are running $(python3 -V)"
Hello student, on workstation.lab.com at 2021-12-25, you are running Python 3.6.8
\$ \ prevent escape the next character
#********** managing files from command line
mv ~/my_dir* . # move login user home directory my_dir* to the current directory
cd cd ~ # same, change to login user home directory
#*********** getting help
man man
man ls # (1) section 1
man -k cron
# (1) section 1
(5) section, about configuration
(8) for administrator
man 5 crontab # go to section 5 of contab, contab configuration
man iscsiadm
/example # /<searh_word>
ctl+shit+c ctrl+shift+v cut paste
export LESS='-X' # do not clear screen, when search in man # useful
/example then type "n" for next match
?discover search for "discover"
#******* how to use man page
gedit + manual # gedit + it will access the last line
man 1 su man su # same output, if no "num" than it will go to the highest number "1"
ls /usr/share/man # all man page store
whatis whereis
whereis passwd
man -k zip # show differnt man page about zip
man -k boot
bootparam
man -k ext4
tune2fs # command used by root or administrator, daemon
#**** read info documentation p info
pininfo # different than man page
d # very top table shows shortcut
u # up (back)
/search # search
press Enter
q quit
n next
pinfo coreutil
rm -- -foo # delete the file "-foo"
man -t passwd > passwd.ps # postscript file
file passwd.ps
less passwd.ps
man -k postscript viewer
evince
evince
-w
evicne -w passwd.ps
evince passwd.ps
evince -i 3 passwd.ps
lp passwd.ps -P 2-3
pinfo evince
firefox /usr/share/doc # open the file in firefox
# ************** redirect input, output, std error
0 stdin (keyboard)
chanel 1 stdout
channel 2 stderr
3+ filename
echo "today is $(date +%A)" # command subscibtion)
echo "today is $(date +%A)" > file1
echo "today is $(date +%A)" >> file2 # redirect output
cat catch* >> collection_file
ls /shoe # get error
ls /shoe /boot 2> errors.log # 2 (error) redirect to errors.log
The success will be sent to default 1 (screen)
ls /rav /var # error ls /rav
ls /rav /var 2>> errors.log # append to errors.log
ls /rav /var > output.log 2> errors.log # 1 redirect to output.log, 2 error to errors.log
ls /rav /var >> output.log 2>> errors.log # appending
ls /rav /var > combine.log 2>&1 ls /rav /var &> combine2.log # same - error and stdout to the same file
ls /rav /var &>> combine3.log # append
find / -iname passwd # detail search
find / -iname passwd 2> /dev/null # send error to /dev/null black hole
mail -s "test" root # send email to root user, waiting for input
mail -s "test" root < file1 # send email to root, content from file "file1"
wc -l /etc/ansible/ansible.cfg
grep ^[^#] /etc/ansible/ansible.cfg | wc -l # count line count exclude comment line
find / -iname passwd 2> /dev/null | tee find_results # tee - output and send the output to file
find / -iname passwd 2> /dev/null | tee -a find_results # -a append
#***************** editing text file from shell prompt
vim
i insert
v visual
: extended command
v visual mode
yy
p copy
4p copy 4 line
cw change word
dw delete word
x delete when in command mode
ls -l > visaul_demo
v visual mode
d to highligh and delete
u undo
shift v
vimtutor
#************** change shell variable
FIRST=Test
echo $FIRST
set #
set | less
env | less # env vs set
env only change child environment
set change shell
env EDITOR=nano crontable -e
crontable -e
export EDITOR=vim # all future program will use the variable
export -n EDITOR # unset
history # history size
cat .bash_history
vi .bashrc
export HISTFIlESIZE =2000 # set history file size to 2000 entry
export HISTTIMEFORMAT="%F %T " # then restart the shell to take effect
# vi command
shift v # visual mode to be able to highlight
v character only visual
x delete
ctrl v visual block (right arrow to hightlight)
dd
shif v hightligh
filename_$(date +%s).txt command subtitiong
# ********** managing users and groups
whoami
id # list the detail of the current login user id, group id, etc
vi /etc/passwd #
grep student /etc/passwd
student:x:1000:1000:student User:/home/student:/bin/bash
x password
1000 id
1000 gid
/home/student home drive
/biin/bash shell
grep student /etc/shadow # password hash
grep student /etc/group
student:x:1000
x password
1000 gid
wheel:x:10:student
grep student /etc/groupshadow
group # list the current user group membership
#**** gain superuser access
root group id "0"
su # switch user
echo $PATH # verify PATH variable, it shows as student
su - # start login shell as root
echo $PATH # it shows as root
su - user1 # switch to login as user1
ctrl+v # logout
sudo grep student /etc/shadow
visudo # view sudeor file
sudo !! # run the previous command
sudo -i # compare with "sudo -" request as root login shell without password
ctrl v # exit root login shell
ls -l /etc/sudoers.d # allow configuration file for sudoer, there are files for the users
sudo cat /etc/sudoers.d/user1
cp /etc/motd /etc/motdOLD
sudo !!
sudo rm /etc/motdOLD
useradd --help
man useradd
useradd -- tab tab (tab completion)
id 0 - 200 root and system account
201 - 999
1000 - normal user
useradd kano
id kano
# user with next available user id
userdel kano # delete user
Note: but the user home still exit
need to delete the uesr home, otherwise the new user will be using the deleted uesr home (userid, gid)
solution:
userdel -r user2 # Important: -r to delete user home
usermod -c "Operator One" operator1 # change description
getent passwd user1 # obtain the entry for user "user1"
#********* managing local group
group student # show user group membership
groupadd --help
grep devops /etc/group
usermod -a -G devops student # apend, secondary (supermentry group)
groups student
It shows it has devops
id student
it shows it has devops gid
groupadd dbadmins
usermod -g dbadmins student # change primary group to "dbadmins"
usermod -g student student # change back
usermod -G dbadmins student # it will remove whell supplemntry group, need to use "-a"
usermod -aG dbadmins,devops,student
groupadd -g 30000 operators
groupadd admin # it will have gid 30001
echo "%admin ALL=(ALL) ALL" > /etc/sudoers.d/admin # create sudoers drop in file
#*********** Managing user password
/etc/shadow # password shadow file
$6 1st field sha512
$xxx 2nd user salt
$xx 3rd user pwd harsh
:xxxx num days since 1970
:1 min 1 day before password allow change
:26
:4
:3
:18047 last password expire since Jan 1, 1970
chage -m 1 -M 26 -W 4 -I 3 -e 2019-05-31 user1
-m min # min days password can be changed
-M max
-W warning
-I grays period
-E # -E -1 never expired
chage -l user1 # show user password information "l" for large
chage -E $(date -d +180days +%Y-%m-%d) user2 # set user password change in 180 days)
man usermod # lock user account
-L lock
-U unlock
usermod -L user1
-U user1
vi /etc/login.defs # configuration file
PASS_MAX_DAYS 9999
# in situation, you create a user account that user without login shell, such as proxy server
useradd user2 -s /sbin/nologin
grep user2 /etc/passwd
usermod -s /sbin/nologin user3 # change user to remove login shell
# the user can use system resources, but just can't login to system shell
chage -d 0 user3 # set password expire, user need to change password when next login
chage -E yyyy-mm-dd user1 # set the user acount expire date at exact date
sudo groupadd -g 40000 consultants
echo "%consultants ALL=(ALL) ALL" | sudo tee /etc/sudoers.d/consultants
#**************** control access to file
r w x
----------
owning user
owning group (the primary group)
other
- normal file
d directory
l link
rwx owning user
rwx owning group
rwx other
ugo (u g o)
processing process
1. are you the owning user, if yes, then stop processing
2. If not, are you a member of the owning group,
3. if not, process "other"
# **************** managing file system permission from command line
chmod # change permission
chown # change ownership
ls -ld /<dir> # ld long list directory
chown :<required_group> /<directory> # change owner of dir to requierd group
chown <required_user> /<dir> # change ownership to required_user
chmod -R a=rX /<dir1> # Verify X permission
Note: will give every one executable on the directory, but NOT for the files
chmod -R a=rx /dir1 # rx lowercase x will give everyone executable for the directory and the files
chmod g+w /dir add write permission to the group
chmod 770 /dir set permission 770 for dir
#********** managing default permission and file access
standard permissions: ugo rwx 421
sticky bit -> directory
o + t # only the owner of the file can delete the file
chmod o+t /dir
chmod o-t /dir # remove sticky bit
chmod 1770 /dir
chmod 0770 /dir # remove sticky bit
ls -ld /dir
drwxrwxr--T # T sticky bit
# set Grid directory or file # good for co-operation / calabration
g+s 2
g-s # remove
chmod 3770 /dir1
chmod g+s /dir1 # set any file created in the dir1 will have the same owning group as the directory owning group
ls -ls /dir1
# sticky bit for file
chown :group1 /usr/bin/tac
chmod g+s /usr/bin/tac
chmod g-s /usr/bin/tac
# set uid -> only on files
sticky bit 1 1ugo
set grid 2 (gid) 2ugo
set uid 4 4ugo
-------
7
chmod 000 /usr/bin/tac
chown :root /usr/bin/tac
chmod u+s /usr/bin/tac
chmod u-s /usr/bin/tac
chmod 4755 /usr/bin/tac
# ** default permission
777 dirs
666 files
# umask
0022 # when set (defualt)
then 777
0022 (-
-----
0755 becomes new default permission
# for file
0077 umask, then new file permission 0700 (-rwx------) file1
# the system's default umask value for Bash shell user are defined in configuration file
/etc/profile
/etc/bashrc
User can override the system defaults in the .bash_profile and .bashrc file in their home directories
echo "umask 007" >> ~/.bashrc
cat ~/.bashrc # verify
#*** Reading
# Overrides default umask configuration
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]: then # id -gn = id -un <---- if gid=uid
umask 007
else
umask 022
fi
$ id -gn # verify output
$ id -un # verify output
#*********** Monitoring and managing linux process
ps # show running process
TTY
pts/1 terminal 1 - sudo tty
ps -ef
PPID # parent pid
TTY
top # top running process
q quit
h health
State comment
------------------------------
T a process in stopped or suspended state
Z a process that has released all its resources except its PID (zombie state)
S a process is in sleep state
# ******** control jobs
ps & # place command/process as background process
jobs
fg %<job-id> # bring the job to fore ground
bg %<job-id> # place the job in background
# create a log for all the output while at shell
mkdir /home/student/bin
vi /home/student/bin/control # create a file "control" to log all the output
cat /tmp/control
#! /bin/bash
while true; do
echo -n "$@ " >> ~/control_outfile # write all output to control file
sleep 1
done
chmod +x /home/student/bin/control
control testing
bg %<job-id>
ctrl + z # terminate the job
ctrl + c # stop the job
ps jT # show job as stopped or Terminated
#******* terminate process
ps # show running process
ps -ef | grep <process name>
kill -l # different kill singal
15 SIGTERM # clean kill
9 SIGKILL # terminate
19 SGSTOP # stop
18 SIGCONT # continue
1 SIGHUP # tell process to stop reading configure file from memory, and load / read the configuration file (updated)
kill -19 <pid>
kill <pid> # using default 15
whatis pkill
ps -ef | grep <process name>
pkill <process name> # multiple process
killall <process name>
w # show who is login to the computer
echo "testing" > /dev/pts/<id> # it will send the "message" to the current running terminal of the user
pkill -t tty2 # it will kill the entire tty2 terminal / kill the user session <----- similar to reset session
pkill -t pts/2 # administatively managing user login session
pstree | less # show process tree
ctrl+shift+t # moving between different terminals
#************** monitoring load average
verify system resource running average over time (5 seconds by default)
1 5 15 minutes (lscpu - load average)
uptime # load average
lscpu # verify num logical cpu
top # realtime, load average
k # kill the process
k then type <pid>, or press ENTER to select the default, and then press ENTER again to select 15
h # show key command
q # quit
m # memory
p # process
t task
#************ controlling services and daemon
systemd
systemctl
systemd (1)
service daemon
target
device
socket
systemctl
# shows load, active
systemctl list-unit # show different unit file
slice
target
timer
q # quit
systemctl list-unit --type=target
ls -l /usr/lib/systemd/system # where all the file locate
show all unit that systemd manages <---------- do not make change using vi or manaully
systemctl status sshd
$ ^status^stop # replace the previous command "statu" with "stop"
systemctl is-active sshd.service # tab completion
systemctl disable sshd # this will disable sshd service, it will not run on system restart
systemctl enable sshd # enable it, so it will run when system restart
systemctl list-units --type=service # type service
systemctl list-units --type=socket
systemctl list-unit is-enable --type=service
systemctl list-unit is-active --type=service
# ************ controlling system service
systemctl reload sshd #
systemctl list-dependencies sshd --reverse
systemctl status sendmail
Main PID # pay attention to Main PID
systemclt mask sendmail # if two daemons using the same port
# prevent start
systemctl unmask sendmail (unmask)
systemctl reload sshd
#******************** configure and secure SSH
~/.ssh.known_hosts # fingerprint data store in remote computer
ls /etc/ssh/*key* # show all fingerprint on the server
# verify strict host checking
vi .ssh/config
Host *
IdentityFile ~/.ssh/lab_rsa
StricthostKeyChecking yes <------- could change to "no"
#*************** accessing the remote host from command line
ctrl+d exit/log in ssh session
#********** configure ssh key-based authentication
public key: encrypt data
private key: decrypt data
public key in remote server, the private key in your workstation # enable ssh access
# ssh to server1
ssh-keygen
Enter file in which to save the key (/home/student/.ssh/id_rsa): /home/student/.ssh/custom_key
Enter passphrase: # can press enter to not use passphrase
It will then create two files:
custom_key
custom_key.pub # pub key
The key finger print is:
SHA256: xxxxxxxxxxx
# Then, install the public key to serverb
ssh-copy-id -i .ssh/custom_key.pub serverb # copy pub key to serverb
When ssh to serverb
ssh -i .ssh/custom_key serverb
it will prompt for passphrase for key:
Note: This is not totally transparent
could use ssh agent
ssh-add
ssh-add .ssh/custom_key # minimize to enter passphrase every time
ssh-keygen -f ./ssh/key2 # generate a new key file "key2"
#************ customize openssh service
vi /etc/ssh/sshd_config # daemon config
PermitRootLogin no # yes -> not
systemctl reload sshd
getent passwd <user> # verify the user login
# allow member of group to ssh
groupadd sshusers
usermod -aG sshuers student
vi /etc/ssh/sshd_config
AllowGroups sshusers
# ************ Analyzing and storing logs
journal collects logs
journalctl # not persistent by default
systemd (important process0
journald
rsyslog (facility and priority) such as authpriv.notice
/var/log (facility and priority)
# logs
/var/log/messages # most syslog message, exception of those related to authentication, mail, schedule jobs and debuggign
/var/logs/secure # syslog related to security and authentications
/var/log/maillog # syslog message related to the mail server
/var/log/cron # syslog message related to the scheduled jobs
/var/log/boot.log # stores console messages related to system startup
rsyslog service sorts and organizes syslog message into files in /var/log
/etc/rsyslog.conf # rsyslog configuration file
local6.* -> /var/log/sshd.log # for example
Note: not good to change the main configuration file, use the drop in file, it follows the same syntax as the main configure file, and you own it
# create a sshd log
vi /etc/rsyslog.d/99-sshd.conf # 00 - xx, othe
local6.* /var/log/sshd.log
systemctl restart rsyslog.service
man rsyslog.conf
logger -p local6.warn this is a warning message # general a test message
ls -l /var/log/sshd.log
tail -f /var/log/sshd.log # open the file and keep refresh
ctl+c # terminate
# log rotate, it is process or cron job, not a daemon
ls -l /etc/logrotate.conf
ls -l /etc/logrotate.d/ # drop in file # most configuration file be done in drop in file
echo '*.debug /var/log/messages-debug' >> /etc/rsyslog.d/debug.conf
systemctl restart rsyslog
#************** reviewing system journal --- monitoring agent
systemd-journald
journalctl # not persistent, on reboot, it will be overwrite
/<search>
journalctl -r # reverse the display output, newest first
q quit
jurnalctl -u sshd.service # showing unit "sshd.service"
jurnalctl -u sshd.service -r # revese order
jurnalctl -u sshd.service -r --since today
jurnalctl -u sshd.service -r --since "2019-04-14 09:00:00" --until "2019-04-14 10:00:00"
jurnalctl -u sshd.service -r --since "2019-04-14 09:00:00" --until "2019-04-14 10:00:00" -p warning # facility - warning
jurnalctl -u sshd.service -r --since -10min
jurnalctl -u sshd.service -r --since today -p warning
debug -> info -> notice -> warn -> err -> crit -> alert -> emerg # priority order
jurnalctl -p warning # show only warning message # facility upward from warning
jurnalctl -n 40 # last 40 output
jurnalctl -o verbose # output verbose
jurnalctl status sshd
jurnalctl _SYSTEMD_UNIT=sshd.service _PID=737 # for advanced troubleshooting
man journalctl
journalctl _PID=1 # show all message with pid=1
journalctl _UID=80 (uid)
#******** preserving the system journal
/var/log/journal # create this directory
Note: Once create, journal will automatically save entry here
It has log rotate, it run once a month
vi /etc/systemd/journald.conf #
journalctl | grep -E 'Runtime|system journal'
systemctl restart systemd-journald
journalctl -b 1 # previous 1 boot
journalctl -b -1 # only interest in the previous boot
journalctl -f # similar to "tail -f"
ls -l /run/log
sudo grep -A1 Journal /etc/systemd/journald.conf # show only 1 line after find "Journal"
systemctl restart systemd-journald
#********************** maintain accurate time
time sync is important!!
timedatectl
timedatectl set-ntp true
timedatectl list-timezones
/<search>
timedatectl set-timezone <timezone>
timedatectl set-time <hh:mm> # only be able to set if NTP is not set
systemctl status chronyd.service # RHEL7 onward using chronyd
vi /etc/chrony.conf # configuration file
server x.x.x.x iburst # set ntp server
chronyc sources # verify sources
chronyc sources -v # verbose
tzselect # select the timezone
timedatectl list-timezone | grep -i Australia
#*************** manaing networking
nmcli # utilities
link-local address: fe80::/10
ip a # show ip address
ping6 # ping ipv6 address
ping6 <ipv6-address>%enp1s0 # ping ipv6 and the interface
cat /etc/hosts # dns hosts file
head /etc/services
cat /etc/resolv.conf # manage by NetworkManager
Quiz:
which number is the size, in bits, of an IPv6 address?
A: 128
Which address does not represent a valid IPv6 address:
F. 2001:db8::7::2 # there are two "::" adjacent
Which term allows one system to send traffic to a special IP address that is received by multiple systems?
A. Multicast
# *********** validating network configuration
ip address show
ip a s # ip address show
ip a #
ip a s enp1s0 # interface ip a s <interface name>
ip link show
ip link show <interface>
ip -s link show enp1s0 # show link statistics
tracepath # new command, traceroute <-- old command
ss -plunt # <----------------------------------------------------
ip link
ip r # show routing table
ping -c3 ip-address # c3 - count 3
tracepath www.google.com
ss -lt # listening tcp
#************ configure netowrk from command line
nmcli # netowrk manager daemon - network manager cli
tab completion
# show profile # more flexible and useful for cloud <----------------------
/etc/sysconfig/netowrk-scripts
nmcli #
nmcli connection show
nmcli con show
nmcli con show "W tab # show profile
show very detail information
nmcli tab
nmcli con tab tab
nmcli con mod "wired..." ipv4.dns 8.8.8.8
nmcli con show wire.. | grep ipv4.dns
nmcli con up wire... # need to bring it up again, to take effect of dns change
nmcli con mod "wired..." +ipv4.dns 8.8.8.8 # add multiple entries
nmcli con show --active # show the profile that are currently in used
nmcli dev status
nmcli dev show enpls0 # show interface
nmcli con mod <profile> connection.autoconnect no # set dhcp to no
# Add or remove IP address from the device, using ip address command
ip addr add 1.2.3.4/24 dev ens192
ip addr del 1.2.3.4/24 dev ens192
# *********** Edit network config file
ls -l /etc/sysconfig/network-scripts/ifcfg-* # where the network profile file locates
nmcli con reload # reload after change to read the configuration
nmcli con <profile> up # To take effect after reading the configuration file
sudi -i # open root shell
#*************** configure hostname and name resolution
hostname
hostnamectl status
hostnamectl set-hostname new-name # set new name
cat /etc/hosts # hosts name resolution
vi /etc/hosts # update the name resloution
grep hosts /etc/resolv.conf # show resolution order -> files dns myhostname
getent hosts <hostname to search>
nmcli con mod "<profile-name>" +ipv4.dns x.x.x.x +ipv4.dns-search x.b.c
nmcli con up <profile name> # up to take effect
cat /etc/hostname
sudo hostnamectl set-hostname x.x.x # set hostname -> it create /etc/hostname file
host classroom.example.com # similar to nslookup
getent hosts class <-------------- getend hosts
#************ managng networking
#*************** Archive and transfering files
tar
rsync
tar -cf etc.tar /etc # archive the /etc directroy
tar -tf etc.tar # to view the archive file
ls -lh etc.tar # show size
tar -xf etc.tar # it unzip
tar -czf etc-backup-$(date +F).tar.gz /etc # compress
tar -cjf etc-backup-$(date +F).tar.bz /etc
tar -cJf etc-backup-$(date +F).tar.xz /etc <----------- best compress
tar -cf etc-backup-$(date +F).tar /etc
ls etc*.tar* -lh # verify size
tar -xf etc-xxxx.xz # tar knows what compression methods to extract
tar -tf xxx.gz # test extract
#************* tranfer file between system securely
scp -r student@servera:/xf . # copy to current directory from servera /xf directory, -r recursive when copy directory
scp -r student@servera:/xf /tmp/backup # copy to /tmp/backup
ssh-keygen -N '' # no passphrase
ssh-copy-id servera
sftp student@servera # using sftp for file transfer, using ssh key without password
ls
mkdir backup
ls
lcd /etc
put hosts
# ************* sync file between systems securely
rsync # it is better than scop, make it your default file transfer
rysnc -Par servera:/xf . # transfer /xf from servera to current directory
# r - recursive
rysnc -Par servera:/xf . # when run again, it will only copy new / diff files
rysnc -Par servera:/<dir1> <dest-dir>
rysnc -a <filename> user1@server1:/<dir-path> # rsync a single file
#************** installing and update software package
1. register your server to satellite (or CDN)
2. Enable repository
3. lifecycle
4. download
subscription-manager status
subscription-manager register # register with redhat
subscription-manager attach --auto (pool pool-id)
or using activation key
subscription-manager repos --disable='*' --eanble='<repo-name>' # best practice
https://access.redhat.com/management
which task(s) can be performed with Red Hat subscription management tools?
a. Register a system
b. subscribe a system
c. enable repositories
d. review and track entitlements
e. all of the above <------------------ Answer
rpm # package management
ls -l *.rpm
file <rpmfile>.rpm # show detail of the rpm file
rpm -qa # show all the rpm installed
rpm -q <rpm-name> # query
rpm -qi <rpm-name>
rpm -ql dns-util # show file association
rpm -qc <name> # show configuratoin
rpm -qd <name>
rpm -q --scripts <name>
rpm -qpl <rpmfile> # listing of the files
rpm -qpc <rpmfile> # configuration file, scripts
rpm -qpd <rpmfile>
rpm -i <name>
# not able to check and fix dependencies
rpm -qf /etc/ssh/sshd_config
yumdownloader openssh-server
mkdir scratch
rm -rf scratch/*
rpm2cpio <rpmfile> | cpio -duim # rpm is archive file, how to extract them. To determine what file will be added, or modified
# verify the script. Important: ensure script included are safe!!!!
rpm -qpi <rpm-file>
rpm -qp <rpm-file> --scripts # query about any scripts
motd # message of day
rpm2cpio <rpmfile> | cpio -tv # test verbose
rpm2cpio <rpmfile> | cpio -idv # unpack the rpm file
rpm -ivh <rpmfile> # install, verbose, h - show progress
rpm -q <package> # not the rpm file, such as rpm -q sshd
#******************* install and updating with yum
yum is better than rpm
yum
yum search <package name> # yum search nmap, example
yum info nmap # can against your repo
repoquery -l nmap # against your repo
repoquery -l nmap | grep bin # verify any changes in bin
yum provides /etc/fstab # verify what provides the package, if package delete, then how to reinstall it
yum provides *bin/authconfig
yum install nmap # install, by default it will install the latest version
yum update nmap
yum remove namp # be careful, as it may uninstall dependencies, that other package may need <------------------------
yum group list # verify groups
yum group info "Development tools" # verify package groups
^info^install # replace the previous command "info" with "install"
yum tab completion
yum deplist # dependence list
yum has plug-in also, do more research
ls -l /var/log/dnf.rpm.log
yum history # verify yum change history
yum history undo <history-num> # undo history, such as re-install
su - # access root shell
yum search <package-name>
yum group info "<group name>"
yum group install "<group name>"
yum hisotry info <yum-hisotry-num>
#******************* enable yum software repo
yum-config-manager --add-repo 'http://<repo-url>'
vi /etc/yum.repos.d/<repo-url-file> # Verify the added repo file
# manually create repo file
vi /etc/yum.repos.d/errata.repo # need to have ".repo" extension
yum-config-manager --disable rht-updates
yum list rht-system # redhat training
yum install rht-system # it will install from the newly added repo
yum update # it will update all the installed packages
# ************** package module streams
BaseOS
AppStream - a module can have multiple streams, only one stream can be active at a time
yum module list
yum module list <module name>
yum module info <m name>
stream [d][a] # default, active
yum module info <m name>:<version>
yum module install perl
yum install @perl # same as install module
yum module remove <m name> # remove the module
yum module disable <current enable module name>
yum module enable perl:5.24 # example, <module name>:<version>
yum model list --installed # list installed module
yum info <module name>
yum module install <modulename>:<version>/<profile> # example, yum module install python36:3.6/default
# after install, the module will be enabled
yum localinstall -y <rpm file name> # install rpm
#******************** Access linux file systems
df -h # verify file system
/dev/vda1 # virtual disk, mounted on
df -h <mount point> # such as df -h /
blkid /dev/vda1 # block id
mount point is a directory, where storage are avaiable
blkid /dev/vda1 # uuid
# show uuid, and file type
findmnt # tree view of file system
lsblk # block device
ls -l /dev/vda # brw-rw---- # show output
du -sh # disk usage, summary
What is the name of the device file for the entire second virtio-blk disk attached to a virtual machine
Anwer: /dev/vdb
which command provides an overview of the file system mount points and the amount of free space available in SI units?
answer: df -H # uppercase H
#********** mount and umount
lsblk
blkid /dev/vdb1
mount /dev/vdb1 /<where>
mount uuid="xxx" /<where?
mkdir -p /common/docs
mount uuid=xxx /common/docs # recommended
mount # show all the mounts
umount /common/docs # why it is busy
lsof /common/docs # list open file
kill -9 <pid> # output from lsof
ls -l /run/media/<login user>/<name>
# need to umount before remove the device
lsblk -fp /dev/vdb1 # verify mountpoint
umount /mnt/<mountpoint>
#**************** locating files on the system
find /dir -name <filename> # find /where -name <filename>
find / -name sshd_config 2>/dev/null
find / -iname sshd_config 2>/dev/null # case insentive
find / -iname "*.pdf"
find / -user <username> # grep <user> /etc/passwd
find / -user <username> -delete # delete all the file own by the required user
find / -type f -user <username> -size 10M # +10M -10M example
find /home -size +10M -exec ls -lh {} \; # exact size
find /home -size +10M -iname "*.mkv" # find file with extension
find /home -size +10M -iname "*.mkv" -exec rm -f {} \; # delete the files
find /home -size +10M -iname "*.mkv" -delete
find /home -type f -perm /111 # find file that have executiable in /home
find /home -type f -perm /111 -exec rm -i {} \; # inactive remove the executible files
find /home -mmin -60 # find file that have been modified in last 60 min
find /home -type f -mmin -60
find /home -type f -user <user> -mmin -60 # +60 more than 60 min
find / -iname "*string*"
# locate # fast than find, but it
updatedb # depends on update database <------- not as good as find, not flexible
locate <filename>
locate "*.string"
locate -i <filename> # insentive
find /var -user root -group mail # find file own by root, and owning group is "mail"
find /dev -type b | head # block file
#************** Analysing Servers
system enable --now cockpit.socket # tcp --> cockpit now renamed as Overview
firewall-cmd --add-service cockpit --permanent # reboot and reload, persistent
https://<server-fqdn>:9090/system
systemctl status cockpit
systemctl start cockpit
#************* getting help from Redhat
https://access.redhat.com
#**************** Red Hat insights
Hosted service in cloud
subscription-manager register --auto-attach
yum install -y insights-client | tail -4
insights-client --register
https://cloud.redhat.com/insights
- using ansible to remdiate the issue ansible course 294 (automation)
#*************** review
head 5 bin/<dir>/file > /tmp/file1
tial 3 bin/file >> /tmp/file1
top -b -n 1 | head # pass 1 for top and file process has highest usage
ech redhat | passwd --stdin dbuser1 # change dbuser1 password
chmod 3775 /home/student/dir
ssh-keygen -N '' -f .ssh/review3_key
grep -E '^PermitRootLogin|^PasswordAuthentication' /etc/ssh/sshd_config # search start with Per... Pass in file /etc/ssh/sshd_config
scp -i .ssh/review3_key /tmp/log.tar servera:/tmp # copy two files to /tmp in servera
nmcli -p device # show physical network adapter
ip a show ens192 # verify the network adapter ens192
nmcli dev status # verify device network status
find / -size 100c 2>/dev/null # find file with 100bytes in size