I just spent the last several weeks studying for my RHCE.
It was a long process, I learned a lot, but most importantly, I achieved my RHCSA and my RHCE.
So in the interest of sharing knowledge, I would like to share my notes.
While I did use these notes to pass, I do not in any claim that they are complete or completely correct.
If you find something in here that isn't correct, let me know and I will make the appropriate adjustment.
If you find this useful, drop me a note and let me know.
Here is the method I used to study:
I went to Red Hat's website, found here:
http://www.redhat.com/training/courses/ex300/examobjective and here:
http://www.redhat.com/training/courses/ex200/examobjective.
I made a list of all of the objectives in a text document, and then under each objective I listed out all of the steps needed to complete each objective.
So, here is what I have, and I do hope that you find it useful.
RHCE Study NotesSystem Configuration and Management chkconfig service on service service start/stop/restart system-config-firewall backup config files before editing chcon -t folder_context /path getsebool -a | grep nfs setsebool -P bool_ean • Route IP traffic and create static routes • /etc/sysconfig/network-scripts/route-eth? default 192.168.0.1 dev eth0 10.10.10.0/24 via 192.168.0.1 dev eth0 172.16.1.0/24 via 192.168.0.1 dev eth0 • or you can use this format ADDRESS0=10.10.10.0 NETMASK0=255.255.255.0 GATEWAY0=192.168.0.1 ADDRESS1=172.16.1.0 NETMASK1=255.255.255.0 GATEWAY1=192.168.0.1 • Use iptables to implement packet filtering and configure network address translation (NAT) • chkconfig iptables on • service iptables start • system-config-firewall • /etc/sysconfig/iptables [backup this file before modifying] • Use /proc/sys and sysctl to modify and set kernel run-time parameters • echo value > /proc/file • echo 1 > /proc/sys/net/ipv4/ip_forward • nano /proc/sys/net/ipv4/ip_forward • make changes go into effect = sysctl -p [recommend backing up /etc/sysctl.conf before modifying] • Configure system to authenticate using Kerberos • system-config-authentication from within gui authconfig-tui in cli • Configure a system as an iSCSI initiator that persistently mounts an iSCSI target yum install iscsi-initator-utils • iscsiadm -m discovery -t st -p 172.26.0.1 • chkconfig iscsi on • service iscsi start iscsiadm -m node -T iqn.2012.01.com.example.server1:iscsi -p 172.26.0.1 iscsiadm -m node -T iqn.2012.01.com.example.server1:iscsi -p 172.26.0.1 -l to make a static iscsi connection modify /etc/iscsi/initiatorname.iscs you are then free to fdisk, format, mount and use the newly discovered "sd" devices [add _netdev_ to any iSCSI or NFS partitions if being added to /etc/fstab, to prevent maintenance mode from halting on you] • Produce and deliver reports on system utilization (processor, memory, disk, and network) top iostat free mem ethtool dstat tcpdump sar • Use shell scripting to automate system maintenance tasks #!/bin/bash full/path/to/command create cron job using script you just created putting in variables into crontab such as “MAILTO=” or “PATH=” simplifies things. • Configure a system to log to a remote system /etc/rsyslog.conf *.* 172.26.0.1:514 • Configure a system to accept logging from a remote system /etc/rsyslog.conf uncomment the 2 following lines $ModLoad imtcp.so $InputTCPServerRun 514 open up port 514 tcp in iptables Network Services Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below: • Install the packages needed to provide the service • Configure SELinux to support the service • Configure the service to start when the system is booted • Configure the service for basic operation • Configure host-based and user-based security for the service RHCE candidates should also be capable of meeting the following objectives associated with specific services: HTTP/HTTPS • Configure a virtual host yum groupinstall web-server -y chkconfig httpd on service httpd start open up proper ports for iptables nano -w /etc/httpd/conf/httpd.conf ServerName station1.example.com:80 NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin webmaster@station1.example.com DocumentRoot /var/www/html ServerName station1.example.com # Default web server </VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@station1.com DocumentRoot /www/docs/station1 ServerName station1.com # Virtual web server </VirtualHost> mkdir -p /www/docs/station1 chcon -R --reference /var/www/html /www service httpd restart • Configure private directories find this section in httpd.conf <Directory "/var/www/html/chapter"> </Directory> below the section - add this section to it <Directory "/var/www/html/chapter"> AuthType Basic AuthName "Password Protected Test" AuthUserFile /etc/httpd/testpass Require user testuser </Directory> save and exit create a user to test useradd testuser then add the httpd password htpasswd -c /etc/httpd/testpass testuser restart httpd test with httpd -t or httpd -S connect with a browser to test tip: su – to the apache user to test if the daemon can get into directories • Deploy a basic CGI application in /etc/httpd/conf/httpd.conf make sure cgi_module is loaded should be enabled by default modify <Directory> container for cgi add the 2 lines Options ExecCGI AddHandler cgi-script .pl create basic cgi script hello.pl #!/usr/bin/perl print "Content-type; text/html\n\n"; print "hello, world!"; chmod 755 hello.pl works for bash scripts too… not sure if you knew. I call it, my “LAMB” server. connect from browser elinks station1.example.com/cgi-bin/hello.pl • Configure group-managed content similar to above objective, only for a group instead of a specific user ***************************************** DNS • Configure a caching-only name server yum install bind bind-chroot chkconfig named on service named start iptables rules for port 53 • Configure a caching-only name server to forward DNS queries modify /etc/named.conf lines listen-on port 53 { 127.0.0.1; 172.26.0.201; }; allow-query { localhost; 172.26.0.0/24; }; forward only; forwarders { 172.26.0.1; }; FTP • Configure anonymous-only download yum install vsftpd chkconfig vsftpd on iptables rules for port 21 nano /etc/vsftpd/vsftpd.conf comment out local_enable=yes setsebool -P allow_ftpd_full_access NFS • Provide network shares to specific clients yum groupinstall nfs-file-server chkconfig nfs on nano /etc/sysconfig/nfs RQUOTAD_PORT=4000 LOCKD_TCPPORT=4001 LOCKD_UDPPORT=4001 MOUNTD_PORT=4002 STATD_PORT=4003 config iptables rules for nfs4 ports 111/tcp/udp 2049/udp nano -w /etc/exports /share *(rw,sync) exportfs to show nfs exports setsebool -P nfs_export_all_rw on • Provide network shares suitable for group collaboration *************need assistance with this one*********************** SMB • Provide network shares to specific clients yum groupinstall cifs-file-server -y chkconfig smb on iptables rules for samba service smb start nano -w /etc/samba/smb.conf setsebool -P samba_export_all_rw on chcon -t samba_share_t /path use the examples at the bottom of the config file to set up the shares smbclient and testparm • Provide network shares suitable for group collaboration same as above - except set permissions for a group SMTP • Configure a mail transfer agent (MTA) to accept inbound email from other systems yum install postfix chkconfig postfix on service postfix start nano -w /etc/postfix/main.cf adjust the following lines myhostname = station1.example.com mydomain = example.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = 172.26.0.0/24, 127.0.0.0/8 check syntaxt with postfix check service postfix restart iptables rules for smtp = port 25 • Configure an MTA to forward (relay) email through a smart host /etc/postfix/main.cf change this directive relayhost = outsider1.example.com SSH • Configure key-based authentication ssh-keygen - follow prompts ssh-copy-id 172.26.0.1 • Configure additional options described in documentation nano -w /etc/ssh/sshd_config ************************************************************************** RHCSA OBjectives Understand and Use Essential Tools • Access a shell prompt and issue commands with correct syntax ls, mv, cp • Use input-output redirection (>, >>, |, 2>, etc.) cat file1 >> file2 cat file1 | les • Use grep and regular expressions to analyze text cat file1 | grep -i string one of my favorites: grep –v for inverse selection • Access remote systems using ssh and VNC ssh user@172.26.0.1 • Log in and switch users in multi-user runlevels su - init 3 init 5 /etc/inittab for default run level • Archive, compress, unpack and uncompress files using tar, star, gzip, and bzip2 gzip big.jpg gzip -d big.jpg.gz bzip2 big.jpg bzip2 -d big.jpg.bz2 tar czvf home.tar.gz /home tar xzvf home.tar.gz /home • Create and edit text files touch file1 nano file1 vi file1 • Create, delete, copy and move files and directories mkdir test rmdir test rm -rf test mv file1 /path/test/ pushd and popd, useful for scripting (or hunting around directories like a mad man) • Create hard and soft links ln file1 file2 ln -s file1 file2 • List, set and change standard ugo/rwx permissions chown chmod • Locate, read and use system documentation including man, info, and files in /usr/share/doc . [Note: Red Hat may use applications during the exam that are not included in Red Hat Enterprise Linux for the purpose of evaluating candidate's abilities to meet this objective.] man command man 5 command rpm –qd, -qc, -qi these get me out of binds a lot Operate Running Systems • Boot, reboot, and shut down a system normally shutdown -h now reboot shutdown -r now • Boot systems into different runlevels manually modify grub kernel string - S 1 3 at end of line • Use single-user mode to gain access to a system modify grub kernel line during boot = add S to end of line • Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes top ps nice • Locate and interpret system log files /var/log/messages • Access a virtual machine's console virt-manager • Start and stop virtual machines virsh list all virsh start "vm" virsh destroy "vm" • Start, stop and check the status of network services Configure Local Storage service service stop/start/restart • List, create, delete and set partition type for primary, extended, and logical partitions fdisk parted • Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes pvcreate/pvdisplay/pvremove/pvextend lvcreate/lvdisplay/lvextend/lvremove vgcreate/vgdisplay/vgextend/vgremove • Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot create a partition dd if=/dev/urandom of=/dev/sdb1 cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1 cryptsetup luksOpen /dev/sdb1 opt_data make sure encrypted partition exists ls -l /dev/mapper | grep opt_data format the new filesystem mkfs.ext4 /dev/mapper/opt_data create mount point and mount newly formatted filesystem mkdir /opt/opt_data mount /dev/mapper/opt_data /opt/opt_data nano /etc/crypttab --> add the following line opt_data /dev/sdb1 none add the following line to /etc/fstab /dev/mapper/opt_data /opt/opt_data ext4 defaults 1 2 restore selinux contexts restorecon -v -R /opt/opt_data reboot and use the following commands to test cryptsetup luksDump /dev/sdb1 • Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label dumpe2fs /dev/mapper/opt_data | grep -i uuid /etc/fstab UUID=uuid of drive • Add new partitions, logical volumes and swap to a system non-destructively Create and Configure File Systems fdisk mkswap swapon • Create, mount, unmount and use ext2, ext3 and ext4 file systems fdisk mkfs.ext? mount /dev/sd? /mnt/point umount /mnt/point • Mount, unmount and use LUKS-encrypted file systems mount, umount • Mount and unmount CIFS and NFS network file systems mount -t cifs //server1.example.com/share /mnt/point • Configure systems to mount ext4, LUKS-encrypted and network file systems automatically add appropriate mount info to /etc/fstab • Extend existing unencrypted ext4-formatted logical volumes cryptsetup resize /dev/mapper/opt_data • Create and configure set-GID directories for collaboration ???? • Create and manage Access Control Lists (ACLs) add "acl" to proper line in /etc/fstab getfacl setfacl • Diagnose and correct file permission problems chmod chown Deploy, Configure and Maintain Systems • Configure networking and hostname resolution statically or dynamically system-config-network /etc/resolve.conf /etc/sysconfig/network /etc/sysconfig/network-scripts/ifcfg-eth0 • Schedule tasks using cron crontab -e • Configure systems to boot into a specific runlevel automatically /etc/inittab • Install Red Hat Enterprise Linux automatically using Kickstart during boot up ks=floppy • Configure a physical machine to host virtual guests yum install python-virtinst libvirt virt-manager libvert-client • Install Red Hat Enterprise Linux systems as virtual guests virt-install –-name Client03 –-ram 512 –-disk path=/var/lib/libvirt/images/client03.img,size=8 –-network network=default –- cdrom /dev/cdrom • Configure systems to launch virtual machines at boot virsh autostart station.example.com • Configure network services to start automatically at boot chkconfig service on • Configure a system to run a default configuration HTTP server yum install @web-server • Configure a system to run a default configuration FTP server yum install vsftpd • Install and update software packages from Red Hat Network, a remote repository, or from the local filesystem yum install /etc/yum.repos.d/name.repo • Update the kernel package appropriately to ensure a bootable system rpm -U kernel.rpm yum install kernel • Modify the system bootloader grub-install nano /boot/grub/menu.lst • Configure a system to run a default configuration NTP server and synchronize time using other NTP peers chkconfig ntpd on service ntpd start nano -w /etc/ntp.conf add peer open up port in firewall port 123 tcp/udp Manage Users and Groups • Create, delete, and modify local user accounts useradd usermod userdel • Change passwords and adjust password aging for local user accounts passwd username chage • Create, delete and modify local groups and group memberships groupadd -G number name chgrp usermod -aG user group • Configure a system to use an existing LDAP directory service for user and group information authconfig-tui Manage Security • Configure firewall settings using system-config-firewall or iptables system-config-firewall nano -w /etc/sysconfig/iptables • Set enforcing and permissive modes for SELinux setenforce getenforce • List and identify SELinux file and process context ls -lZ /path • Restore default file contexts restorecon /path • Use boolean settings to modify system SELinux settings getsebool -a | grep nfs setsebool -P nfs_export_all_rw on • Diagnose and address routine SELinux policy violations tail /var/log/secure tail /var/log/messages RHCSA Study GuideRHCSA Exam Objectives Understand and Use Essential Tools Access a shell prompt and issue commands with correct syntax • Use /bin/sh -or- /bin/bash Use input-output redirection (>, >>, |, 2>, etc.) • stdout to file (>)• stderr to file (2>)• append to file (>>)• stderr to stdout (2>&1)• ex. iptables -L -n -v -x >> /tmp/ipt.out 2>&1 — redirect stdin and stdout to /tmp/ipt.out Use grep and regular expressions to analyze text • grep expr -or- egrep expr • ex. tail -f /var/log/messages | egrep ‘(kernel|error)’ — only show lines containing kernel or error strings• ex. cat /etc/httpd/conf/httpd.conf | grep -v ‘^#’ — omit lines starting with # character Access remote systems using ssh and VNC • SSH: • ssh user@host• VNC: • vncviewer host:display• vncviewer host::port Log in and switch users in multi-user runlevels • su – user Archive, compress, unpack and uncompress files using tar, star, gzip, and bzip2 • Compress: • tar cfz archive.tar.gz infile1 infile2• ex. tar cfz /tmp/httpd_conf.tar.gz /etc/httpd• Uncompress: • tar xfz archive.tar.gz• The rest of the commands are similar. Use –help and read their man page Create and edit text files • vim file -or- nano file Create, delete, copy and move files and directories • Create/touch: touch file • ex. touch /tmp/i_was_here• Move/rename: mv srcfile dstfile • ex. mv /home/john/httpd.conf /etc/httpd/conf/httpd.conf• Remove: rm file • ex. rm /home/john/httpd.conf.old• Copy: cp srcfile dstfile • ex. cp httpd.conf httpd.conf.backup Create hard and soft links • Soft link: ln -s srcfile dstlink • ex. ln -s /mnt/data/docs /home/john/Desktop/documents — soft link from /mnt/data/docs to Desktop• Hard link: ln srcfile dstlink List, set and change standard ugo/rwx permissions • List: ls -l• Change: chmod mode file • ex.• chmod u=rwx,g=rx,o=rx myscript.sh• chmod 755 myscript.sh• (755 is equivalent to u=rwx,g=rx,o=rx) Locate, read and use system documentation including man, info, and files in /usr/share/doc • apropos keyword• whatis keyword• man -k keyword• man command• info command• fgrep -Ri keyword /usr/share/doc/packageRed Hat may use applications during the exam that are not included in Red Hat Enterprise Linux for the purpose of evaluating candidate’s abilities to meet this objective. Operate Running SystemsBoot, reboot, and shut down a system normally • reboot• shutdown -h now Boot systems into different runlevels manually • append 1 up to 5 to kernel boot options (press e in grub menu to edit a line) Use single-user mode to gain access to a system • append 1 to kernel boot options (press e in grub menu to edit a line) Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes • Identify: top (use shift-f to select sort column)• Adjust priority: renice -20|0|20 pid• Kill: kill -9 pid -or- killall -9 name -or- pkill -f expr Locate and interpret system log files • Look for logs in /var/log/.• /var/log/messages file is an important system log! Access a virtual machine’s console • virt-manager• OR virt-viewer• OR: 1. virsh vncdisplay domain2. vncviewer localhost:display Start and stop virtual machines • virt-manager• OR: 1. virsh start domain2. virsh shutdown domain Start, stop and check the status of network services • service service_name stop• service service_name start• service service_name status• ex. service httpd stop – stop http server Configure Local StorageList, create, delete and set partition type for primary, extended, and logical partitions • List: fdisk -l• Modify: cfdisk device -or- fdisk device -or- parted Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes • Physical volumes: • pvcreate –help• pvremove –help• Volume groups: • vgcreate –help• vgremove –help• Logical volumes: • lvcreate –help• lvremove –help Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot 1. cryptsetup luksFormat device2. cryptsetup luksOpen device mappername3. mkfs.fs mappername4. edit /etc/crypttab: mappername device none 1. (/etc/crypttab: use UUID or LABEL for device)5. edit /etc/fstab: /dev/mapper/mappername /mpoint (…) Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label • Find a device’s UUID or LABEL: • blkid device• OR ls -l /dev/disk/by-* | grep device• Edit /etc/fstab: • use LABEL=label or UUID=uuid to specify the device Add new partitions, logical volumes and swap to a system non-destructively • Create a partition: • cfdisk device -or- fdisk device -or- parted• Create a logical volume: • lvcreate –help• Add swap: 1. mkswap device2. swapon device Create and Configure File SystemsCreate, mount, unmount and use ext2, ext3 and ext4 file systems • Create: mkfs.extfs• Mount: mount device /mpoint• Unmount: umount device Mount, unmount and use LUKS-encrypted file systems 1. cryptsetup luksOpen device mappername2. mount /dev/mapper/mappername /mpoint3. umount /dev/mapper/mappername4. cryptsetup luksClose mappername Mount and unmount CIFS and NFS network file systems • Mount: • NFS: mount -t nfs host:/share /mpoint• CIFS: mount -t cifs -o “username=,password=” //host/share /mpoint• Unmount: umount /mpoint Configure systems to mount ext4, LUKS-encrypted and network file systems automatically • Configure /etc/auto.*: • nfs: mpoint -rw,intr host:/remote/mpoint• device: mpoint -fstype=fstype :device Extend existing unencrypted ext4-formatted logical volumes • lvresize –help -or- lvextend –help • ex. lvresize -L+1G lv — add 1G to lv Create and configure set-GID directories for collaboration 1. chmod g+s dir2. create group shared_grp3. chgrp shared_grp dir4. Add users to shared_grp Create and manage Access Control Lists (ACLs) • View acl: getfacl file• Modify: setfacl -m mode file • ex. setfacl -m u:john:rw /home/anna/prv_file• Remove: setfacl -x mode file Diagnose and correct file permission problems • Diagnose: • ls -laZ• getfacl file• check /var/log/audit/audit.log for selinux errors• Fix: • chmod mode file• setfacl -m mode file Deploy, Configure and Maintain SystemsConfigure networking and hostname resolution statically or dynamically • Create static hostnames: /etc/hosts• Configure dns servers: /etc/resolv.conf• Manage resolution order: /etc/nsswitch.conf Schedule tasks using cron • crontab -e• OR edit /etc/cron.*/file: • ex. vim /etc/cron.daily/mycron Configure systems to boot into a specific runlevel automatically • Edit /etc/inittab and modify initdefault with values from 1..5 Install Red Hat Enterprise Linux automatically using Kickstart • Use kernel boot options: • linux ks=ftp/http://host/ks.cfg• linux ks=nfs:host:/ks.cfg• linux ks=cdrom:/dev/dir/ks.cfg• linux ks=hd:/dev/dir/ks.cfg• linux ks=file:/dev/dir/ks.cfg Configure a physical machine to host virtual guests • Use virt-manager Install Red Hat Enterprise Linux systems as virtual guests • Use virt-manager Configure systems to launch virtual machines at boot • Use virt-manager -or- virsh autostart domain Configure network services to start automatically at boot • Configure: chkconfig service on -or- ntsysv• View startup services: chkconfig –list Configure a system to run a default configuration HTTP server 1. yum install httpd2. service httpd start3. chkconfig httpd on4. update /etc/sysconfig/iptables (open port tcp 80) Configure a system to run a default configuration FTP server 1. yum install vsftpd2. service vsftpd start3. chkconfig vsftpd on4. update /etc/sysconfig/iptables (open port tcp 21) Install and update software packages from Red Hat Network, a remote repository, or from the local filesystem • yum search name• yum install package• yum update package Update the kernel package appropriately to ensure a bootable system • rpm -ivh new_kernel.rpm• OR yum install kernel Modify the system bootloader • Edit /boot/grub/grub.conf Manage Users and GroupsCreate, delete, and modify local user accounts • Add: useradd• Delete: userdel• Modify: usermod• View /etc/passwd Change passwords and adjust password aging for local user accounts • Change password: passwd user• Change aging: chage -E YYYY-MM-DD user Create, delete and modify local groups and group memberships • Add: groupadd• Delete: groupdel• Modify: groupmod• Memberships: edit /etc/group Configure a system to use an existing LDAP directory service for user and group information • Use system-config-authentication Manage SecurityConfigure firewall settings using system-config-firewall or iptables • Insert: iptables -t TABLE -I CHAIN …• Append: iptables -t TABLE -A CHAIN …• Delete: iptables -t TABLE -D CHAIN …• Flush table: iptables -t TABLE -F• Save persistent changes to /etc/sysconfig/iptables Set enforcing and permissive modes for SELinux • Persistent change: • /etc/selinux/config: • SELINUX=enforcing|permissiveCurrent session:• Non persistent change: • setenforce 1|0|enforcing|permissive View SELinux status: • Sestatus List and identify SELinux file and process context • ls -lZ• ps -efZ Restore default file contexts • restorecon -R file Use boolean settings to modify system SELinux settings • View booleans: • getsebool -a | grep keyword• OR semanage boolean -l | grep keyword• Change booleans: • setsebool -P boolean on|off Diagnose and address routine SELinux Policy violations • Diagnose: • /var/log/audit/audit.log• /var/log/messages• view service logs• sealert• Fix: • audit2allow• setsebool -P boolean on|off
