01_01 Understanding and Using Essential Tools
1. Access Remote Systems Using SSH
Basic SSH Commands
ssh username@hostname # Basic SSH connection
ssh -p 2222 username@hostname # Connect to specific port
ssh-keygen # Generate SSH key pair
ssh-copy-id username@hostname # Copy SSH key to remote host
2. File Management and Navigation
Essential File Commands
ls -la # List all files with details
pwd # Print working directory
cd /path/to/directory # Change directory
find / -name filename # Search for files
locate filename # Quick file search (requires updatedb)
File Permissions
chmod 755 filename # Change permissions
chown user:group filename # Change ownership
3. Text Processing Tools
grep, sed, and awk
grep pattern filename # Search for pattern
grep -r pattern directory # Recursive search
sed 's/old/new/g' file # Replace text
awk '{print $1}' file # Process text by columns
4. Archive Management
tar Commands
tar -czf archive.tar.gz files/ # Create gzip archive
tar -xzf archive.tar.gz # Extract gzip archive
tar -cjf archive.tar.bz2 files/ # Create bzip2 archive
tar -xjf archive.tar.bz2 # Extract bzip2 archive
5. Process Management
Process Commands
ps aux # List all processes
top # Dynamic process viewer
kill PID # Kill process by ID
killall processname # Kill process by name
6. Network Tools
Basic Networking
ip addr # Show IP addresses
ip route # Show routing table
ping hostname # Test connectivity
traceroute hostname # Trace packet route
7. System Information
System Commands
uname -a # System information
free -h # Memory usage
df -h # Disk usage
du -sh directory # Directory size
8. Package Management
DNF Commands (RHEL 8)
dnf install package # Install package
dnf remove package # Remove package
dnf update # Update system
dnf search keyword # Search for package
9. Log Analysis
Log Commands
journalctl # View systemd logs
tail -f /var/log/messages # Follow system logs
grep ERROR /var/log/* # Search errors in logs
Practice Tasks
- Set up SSH key-based authentication
- Find all files modified in last 24 hours
- Create and extract compressed archives
- Monitor system resources
- Install and configure required packages
Verification Steps
- Confirm SSH connectivity
- Verify file permissions
- Test archive creation/extraction
- Check system monitoring tools
- Validate package installations
Remember: Practice these commands regularly in a test environment before the exam.
01_02 Operating Running Systems
1. System Boot Management
Boot Process Commands
systemctl reboot # Reboot system
systemctl poweroff # Shutdown system
systemctl rescue # Enter rescue mode
grub2-mkconfig # Update GRUB configuration
2. System Target Management
Target Operations
systemctl get-default # View default target
systemctl set-default graphical.target # Set graphical target
systemctl isolate multi-user.target # Switch to multi-user
systemctl list-units --type=target # List all targets
3. Process Control
Service Management
systemctl start service_name # Start service
systemctl stop service_name # Stop service
systemctl restart service_name # Restart service
systemctl status service_name # Check service status
systemctl enable service_name # Enable at boot
systemctl disable service_name # Disable at boot
4. Storage Operations
Storage Commands
lsblk # List block devices
mount /dev/sdb1 /mnt # Mount filesystem
umount /mnt # Unmount filesystem
blkid # Show block device info
df -h # Show disk usage
SWAP Management
swapon --show # Show swap spaces
mkswap /dev/sdb2 # Create swap
swapon /dev/sdb2 # Enable swap
swapoff /dev/sdb2 # Disable swap
5. System Monitoring
Resource Monitoring
top # Process viewer
free -h # Memory usage
vmstat # Virtual memory stats
iostat # I/O statistics
Log Monitoring
journalctl # View system logs
journalctl -u service_name # Service specific logs
journalctl -f # Follow new entries
6. Network Configuration
Network Management
nmcli device show # Show all devices
nmcli con show # Show connections
nmcli con add # Add connection
nmcli con mod # Modify connection
nmcli con up/down # Enable/disable connection
Practice Tasks
- Change default system target
- Configure and manage services
- Mount/unmount filesystems
- Monitor system resources
- Configure network interfaces
Verification Checklist
- System boots to correct target
- Services start automatically
- Filesystems mount correctly
- System resources monitored
- Network connections active
01_03 Configuring Local Storage
1. Basic Storage Concepts
List Block Devices
lsblk # List all block devices
fdisk -l # Show disk information
parted -l # Display partition layout
2. Disk Partitioning
Using fdisk
fdisk /dev/sdb # Start fdisk utility
# Common fdisk commands:
# n - new partition
# p - print partition table
# w - write changes
# d - delete partition
# t - change partition type
Using parted
parted /dev/sdb # Start parted utility
mklabel gpt # Create GPT label
mkpart primary 1MiB 1GiB # Create partition
3. LVM Configuration
Physical Volumes
pvcreate /dev/sdb1 # Create PV
pvdisplay # Show PV info
pvs # Brief PV info
Volume Groups
vgcreate vg_name /dev/sdb1 # Create VG
vgextend vg_name /dev/sdc1 # Extend VG
vgdisplay # Show VG info
vgs # Brief VG info
Logical Volumes
lvcreate -L 10G -n lv_name vg_name # Create LV
lvextend -L +5G /dev/vg_name/lv_name # Extend LV
lvdisplay # Show LV info
lvs # Brief LV info
4. Filesystem Operations
Creating Filesystems
mkfs.xfs /dev/vg_name/lv_name # Create XFS
mkfs.ext4 /dev/vg_name/lv_name # Create ext4
Mounting
mount /dev/vg_name/lv_name /mnt # Mount filesystem
echo "/dev/vg_name/lv_name /mnt xfs defaults 0 0" >> /etc/fstab # Persistent mount
5. RAID Configuration
Software RAID
mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb1 /dev/sdc1 # Create RAID1
mdadm --detail /dev/md0 # Show RAID info
cat /proc/mdstat # RAID status
6. Storage Monitoring
Monitoring Commands
df -h # Disk usage
du -sh /path # Directory size
iostat # I/O statistics
Practice Scenarios
- Create a 1GB partition and format with XFS
parted /dev/sdb mklabel gpt
parted /dev/sdb mkpart primary 1MiB 1GiB
mkfs.xfs /dev/sdb1
mkdir /mnt/data
mount /dev/sdb1 /mnt/data
- Setup LVM with two disks
pvcreate /dev/sdb /dev/sdc
vgcreate vg_data /dev/sdb
vgextend vg_data /dev/sdc
lvcreate -L 2G -n lv_apps vg_data
mkfs.xfs /dev/vg_data/lv_apps
Verification Steps
- Check partition table with
fdisk -l - Verify LVM setup with
pvs,vgs,lvs - Test filesystem mounting
- Verify RAID status if configured
- Monitor storage usage
01_04 Create and Configure File Systems
1. File System Types Overview
Supported File Systems
- XFS (Default in RHEL)
- Ext4
- VFAT
- NFS
- CIFS
2. Creating File Systems
XFS File System
mkfs.xfs /dev/vda1 # Create XFS
xfs_admin -L "DataDisk" /dev/vda1 # Label XFS
xfs_repair /dev/vda1 # Check/repair XFS
Ext4 File System
mkfs.ext4 /dev/vda2 # Create Ext4
e2label /dev/vda2 "BackupDisk" # Label Ext4
fsck.ext4 /dev/vda2 # Check Ext4
3. Mounting File Systems
Manual Mounting
mount /dev/vda1 /mnt/data # Mount filesystem
umount /mnt/data # Unmount
mount -a # Mount all in fstab
Persistent Mounting (/etc/fstab)
# Device MountPoint FStype Options Dump Pass
/dev/vda1 /mnt/data xfs defaults 0 0
UUID=1234-5678 /mnt/backup ext4 defaults 0 2
4. Access Control
Basic Permissions
chmod 755 /mnt/data # Set permissions
chown user:group /mnt/data # Change ownership
ACL Management
setfacl -m u:user:rwx /mnt/data # Set ACL
getfacl /mnt/data # View ACLs
setfacl -b /mnt/data # Remove all ACLs
5. Quota Management
Enable Quotas
# Add usrquota,grpquota to fstab options
/dev/vda1 /mnt/data xfs defaults,usrquota,grpquota 0 0
Set Quotas
xfs_quota -x -c 'limit bsoft=100m bhard=120m user1' /mnt/data
xfs_quota -x -c 'report' /mnt/data # View quotas
6. SELinux Context
Context Management
ls -Z /mnt/data # View context
semanage fcontext -a -t public_content_t "/mnt/data(/.*)?"
restorecon -Rv /mnt/data # Restore context
Practice Scenarios
- Create and Mount XFS File System
# Create partition
fdisk /dev/vdb
# Create filesystem
mkfs.xfs /dev/vdb1
# Create mount point
mkdir /data
# Add to fstab
echo "/dev/vdb1 /data xfs defaults 0 0" >> /etc/fstab
# Mount
mount -a
- Configure ACLs and Quotas
# Enable ACLs
mount -o acl /dev/vdb1 /data
# Set ACL
setfacl -m u:john:rwx /data
# Enable quota
xfs_quota -x -c 'limit bsoft=500m bhard=600m john' /data
Verification Checklist
- Check mount status:
mount | grep /data - Verify permissions:
ls -la /data - Test ACLs:
getfacl /data - Check quotas:
xfs_quota -x -c 'report' /data - Verify SELinux:
ls -Z /data
01_05 Deploy, Configure and Maintain Systems
1. System Installation
Installation Methods
# Boot options
linux inst.ks=http://server/kickstart.cfg # Kickstart installation
linux inst.vlm=http://server/vol1 # Install from network
2. Package Management
DNF Commands
dnf repolist # List repositories
dnf install package_name # Install package
dnf group install "group" # Install package group
dnf remove package_name # Remove package
dnf update # Update system
dnf history # View DNF history
3. Repository Management
Configure Repositories
# /etc/yum.repos.d/example.repo
[example]
name=Example Repository
baseurl=http://mirror.example.com/repo
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
4. System Updates
Update Management
dnf check-update # Check available updates
dnf update-minimal # Security updates only
dnf download package_name # Download without installing
dnf clean all # Clean cache
5. Kickstart Automation
Basic Kickstart File
# /root/anaconda-ks.cfg
install
cdrom
lang en_US.UTF-8
keyboard us
network --bootproto=dhcp
rootpw --iscrypted $1$xyz$ABC123
firewall --enabled
selinux --enforcing
timezone America/New_York
bootloader --location=mbr
text
skipx
zerombr
clearpart --all --initlabel
autopart
reboot
%packages
@core
%end
6. System Maintenance
Scheduled Tasks
# Crontab configuration
0 2 * * * /usr/sbin/dnf -y update > /var/log/dnf-update.log
Log Rotation
# /etc/logrotate.d/custom
/var/log/custom.log {
weekly
rotate 4
compress
missingok
notifempty
}
7. Backup and Recovery
System Backup
tar -czf /backup/system-$(date +%F).tar.gz /etc /home
rsync -av /source/ /destination/
Practice Examples
- Configure Custom Repository
cat << EOF > /etc/yum.repos.d/local.repo
[local]
name=Local Repo
baseurl=file:///mnt/repo
enabled=1
gpgcheck=0
EOF
dnf clean all
dnf repolist- Create Automated Update Script
#!/bin/bash
# /usr/local/sbin/system-update.sh
dnf -y check-update
if [ $? -eq 100 ]; then
dnf -y update
needs-restarting -r
fi
Verification Checklist
- Repository configuration
- Package installation/removal
- System update status
- Kickstart file syntax
- Backup completion
- Log rotation setup
01_06 Managing Users and Groups
1. User Management
Basic User Commands
useradd username # Create user
usermod -c "Comment" username # Modify user
userdel -r username # Delete user & home
passwd username # Set password
chage -l username # View password info
User Configuration Files
# /etc/passwd format
username:x:UID:GID:comment:home_dir:shell
# /etc/shadow format
username:encrypted_password:lastchange:min:max:warn:inactive:expire:reserved
2. Group Management
Group Commands
groupadd groupname # Create group
groupmod -n newname oldname # Rename group
groupdel groupname # Delete group
gpasswd -a user group # Add user to group
gpasswd -d user group # Remove from group
Group Configuration
# /etc/group format
groupname:x:GID:user_list
3. Password Policies
Password Settings
# /etc/login.defs
PASS_MAX_DAYS 90
PASS_MIN_DAYS 7
PASS_MIN_LEN 8
PASS_WARN_AGE 7
Password Aging
chage -M 90 username # Max password age
chage -m 7 username # Min password age
chage -W 7 username # Warning days
chage -E 2024-12-31 user # Account expiry
4. User Privileges
Sudo Configuration
# /etc/sudoers
username ALL=(ALL) ALL # Full sudo access
%wheel ALL=(ALL) ALL # Group sudo access
Special Permissions
chmod u+s /path/file # Set SUID
chmod g+s /path/file # Set SGID
chmod +t /path/dir # Set sticky bit
5. Practice Examples
- Create User with Specific Requirements
# Create user with custom settings
useradd -m -d /home/john -s /bin/bash -c "John Doe" -G wheel john
passwd john
chage -M 90 -m 7 -W 7 john
- Configure Group Access
# Create project group and add users
groupadd project
usermod -aG project user1
usermod -aG project user2
chmod 2770 /proj # SGID for group sharing
chown :project /proj
Verification Checklist
- User creation:
id username - Group membership:
groups username - Password policy:
chage -l username - Sudo access:
sudo -l -U username - Directory permissions:
ls -ld /path
Common Tasks
- Lock/Unlock Account
usermod -L username # Lock account
usermod -U username # Unlock account
- Set Default Values
useradd -D # View defaults
useradd -D -s /bin/bash # Change default shell
- Mass User Creation
# users.txt format: username:password
while IFS=: read user pass; do
useradd -m "$user"
echo "$pass" | passwd --stdin "$user"
done < users.txt01_07 Managing Security
1. SELinux Management
SELinux Commands
getenforce # Check SELinux mode
setenforce 1 # Set enforcing mode
semanage fcontext -l # List contexts
semanage port -l # List port labels
restorecon -Rv /path # Restore contexts
SELinux Configuration
# /etc/selinux/config
SELINUX=enforcing
SELINUXTYPE=targeted
2. Firewall Management
firewall-cmd Commands
firewall-cmd --state # Check status
firewall-cmd --get-default-zone # Show default zone
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reload # Apply changes
firewall-cmd --list-all # Show all rules
3. SSH Security
SSH Configuration
# /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
Protocol 2
X11Forwarding no
MaxAuthTries 3
4. System Hardening
Password Policy
# /etc/security/pwquality.conf
minlen = 12
minclass = 4
dcredit = -1
ucredit = -1
lcredit = -1
ocredit = -1
System Audit
# /etc/audit/rules.d/audit.rules
-w /etc/passwd -p wa -k identity
-w /etc/sudoers -p wa -k sudo_changes
5. Practice Examples
- Configure Basic Firewall
# Setup web server firewall
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
- SELinux for Web Server
# Configure Apache context
semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
restorecon -Rv /web
setsebool -P httpd_can_network_connect on
Verification Steps
- SELinux Status
sestatus
ls -Z /web
getsebool -a | grep httpd
- Firewall Rules
firewall-cmd --list-all
ss -tulpn
- SSH Security
sshd -t # Test configuration
systemctl restart sshd
Security Best Practices
- Regular Updates
dnf update --security
needs-restarting -r
- Service Hardening
systemctl mask telnet
systemctl disable rpcbind
lsof -i # Check open ports
- Monitor Security Logs
tail -f /var/log/secure
aureport --auth # Authentication reports
ausearch -k sudo_changes # Audit log searchDiscover more from Altgr Blog
Subscribe to get the latest posts sent to your email.
