A reader of my blog who shall be named C.D. sent me his RHCSA study notes. C.D.will be taking the EX200 exam here in a few days, and thus didn’t officially join the 2012 Red Hat Study Buddy group, however he wanted to share his rapid-fire study guide for others to benefit from. The study notes are in capsule form and follow C.D.’s understanding of the Ex200 objectives. They can be a good guide for anyone looking to evaluate their own readiness for the official exam. Please understand that these notes were compiled by an individual in preparation for taking the RHCSA exam. This is simply a study guide that attempts to provide answers and information based on the ‘exam objectives’ provided on Red Hat’s website. This information does not provide specific information about what is or what is not on the RHCSA exam. This is not a “brain dump” or some other form of cheat sheet. Behold, the notes: 1) Understand and use essential tools Access a shell prompt and issue commands with correct syntax CTRL-ALT-F1: From system console, switch to GUI. CTRL-ALT-F[2-6]: From system console, switch to a terminal. Applications -> System Tools -> Terminal: From GUI, access a terminal. Use input-output redirection cmd > file: Redirect stdout of cmd to file. cmd 2> file: Redirect stderr of cmd to file. cmd >> file: Append stdout of cmd to file. cmd 2>> file: Append stderr of cmd to file. cmd &> file: Redirect stdout and stderr to file. cmd < file: Redirect contents of file to stdin of cmd. cmd1 | cmd2: Redirect stdout of cmd1 to stdin of cmd2. cmd1 |& cmd2: Redirect stderr of cmd1 to cmd2. Use grep and regular expressions to analyze text grep string file: Display lines in file that contain string. grep -v string file: Display lines in file that do not contain string. grep -i string file: Case in sensitivedsearch. egrep: Grep with extended regular expressions. fgrep: Grep without regular expressions. Some simple RegEx rules. (A complete understanding of Regular Expressions is beyond the scope of this document.) ‘^string': Search for lines beginning with string. ‘[a-zA-Z]': Search for any line containing a letter. su -c ‘command’ user: Run command as user.tar. su – user: Switch to user and load user’s profile.tar /dir: Create archive file. and move files and directories >file: Create file with no content. tar cvfz file. Archive.bz2: Extract bzip2 compressed archive with SELinux.tar. compress. tar cvf file. star -x -f=file.tar of contents of dir.star /dir/: Archive with SELinux. cp file1 file2: Copy file1 to file2. tar cvfj file. tar xvfz file.gz /dir: Archive with gzip compression. Access remote system using ssh and VNC ssh user@host: Login to host as user via SSH. su -c ‘command': Run command as root user.gz: Decompress file using gzip. copy. bzip2 file: compress file using bzip2.tar.bz2 /dir: Extract bzip2 compressed archive. bzip2 -d file. ‘[^0-9]': Search for any line not containing a number.tar. rm file: Delete file. Log in and switch users in multiuser runlevels su -: Switch to root user and load root user’s profile. vi file: Edit content of file. and uncompress files gzip file: Compress file using gzip. ‘[0-9][0-9]': Search for any line containing at least two numbers in a row. tar xvfj file.tar into dir. tar xvf file. ‘[0-9]': Search for any line containing a number.star.star: Extract archive with SELinux. ‘[^a-zA-Z]': Search for any line not containing a letter. Create. Create and edit text files >file: Create file with no content. . vncviewer host:display: Connect to display on host via VNC. star -xz -f=file.tar /dir: Extract archive file. ssh -L port:host:port user@host: Connect to display on host via VNC over SSH.star. gzip -d file. star -xattr -H=exustar -c -f=file. delete.gz /dir: Extract gzip compressed archive.bz2 /dir: Archive with bzip2 compression.bz2: Decompress file using bzip2. star -xj -f=file.gz: Extract gzip compressed archive with SELinux. unpack. chmod permissions file: Changes permissions of file. chown user. Create hard and soft links Hard-links creates a second copy of the file with identical inode. and change standard ugo/rwx permissions ls -l: List files and include information about permissions. Each number is made by adding together the numbers of following permissions: 4 = read. Soft-links creates a redirect to the original file. rmdir /dir: Delete an empty directory. mv /dir1 /dir2: Move directory dir1 to dir2. chown -R user /dir: Recursively changes owner of directory and contents. chgrp -R group /dir: Recursively changes group owner of directory and contents. 2 = write. whatis topic: Lists manual pages with topic in title. Locate. chown user file: Changes owner of file to user. ex: umask 002 means news files are created with the permissions 664.group file: Changes owner of file to user and group. ln file1 file2: Creates files2 as a hard-link of file1. With chmod or umask. the second is for group. the third for all others. . read for group. The first digit is for owner. rm -r /dir: Recursively delete a directory and it’s contents. man # topic: Displays manual page for topic within numbered category. 1 = execute. ln -s file1 file2: Creates file2 as a soft-link of file1. chown -R user. read. rmdir -p /dir1/dir2/dir3: Delete a series of empty directories. umask: Displays current umask. set. and use system documentation man topic: Displays manual page for topic.group /dir: Recursively changes owner of directory and contents. chgrp group file: Changes group owner of file to group. mv file1 file2: Move file1 to file2. umask mask: Sets umask to mask. the permissions or mask are a three digit number. mkdir /dir: Create directory dir. umask ### are the permissions subtracted from the default permissions (666) of a newly created file. chmod -R permissions /dir: Recursively changes permissions of directory and contents. List. no access for all others. chmod ### sets thos permissions ex: chmod 640 is read and write for owner. mkdir -p /dir1/dir2/dir3: Create a series of directories. ps -u user: List all processes running as user. reboot. and shut down a system normally reboot: Reboot the system immediately. X11 Runlevel 6: Reboot Use single-user mode to gain access to a system At GRUB menu. ps -aux: List all running processes. kill PID: Sends a signal to specified process. init #: Changes to specified runlevel. nice -n # command: Run command at specified priority level. press “e” or “a” to edit/append boot kernel options. /etc/cron. /usr/share/info: Location of all available info pages. limited services Runlevel 3: Multi-user mode. The highest process priority level is -20. and kill processes. The lowest process priority level is 19. 2) Operate running systems Boot. /usr/share/doc: Location of more advanced package specific documentation.cron: Regenerates manual page database. shutdown -h now: Shutdown the system immediately. Boot systems into different runlevels manually runlevel: Displays the current runlevel. Identify.daily/makewhatis. info topic: Display info page about topic. . adjust priority. Runlevel 0: Halt Runlevel 1: Single-user mode Runlevel 2: Multi-user mode. apropos topic: Lists manual pages relating to topic. renice # PID: Changes priority level of process to specified priority level. networking Runlevel 4: Undefined Runlevel 5: Multi-user mode. ps -axl: List all running processes and parent process information. press “e” or “a” to edit/append boot kernel options. renice # -u user: Changes priority level of all of user’s processes to specified priority level. The default process priority level is 0. Append init=/bin/sh to end of GRUB options to not load init files. At GRUB menu. Append a runlevel # to end of GRUB options to boot into that runlevel. Append single to end of GRUB options to boot into single user mode. Start and stop virtual machines virt-manager: GUI program for controlling virtual machines. extended. lastlog: Outputs information about most recent login of each user based on information in /var/log/lastlog utmpdump btmp: Outputs information about failed login attempts based on information in /var/log/btmp utmpdump wtmp: Outputs information about logins based on information in /var/log/wtmp Access a virtual machine’s console virt-manager: GUI program for controlling virtual machines. and check the status of network services service name start: Starts network service. and logical partitions . virsh list –all: Lists all virtual machines. delete. service name reload: Reloads the configuration files for network service. 3) Configure local storage List. Locate and interpret system log files /var/log: Location of system log files. create. service name restart: Restarts network service. and set partition type for primary. Other signals can be sent by adding the flag -SIGNAL. stop. killall process: Sends a signal to all running processes of that name. virsh start name: Starts a virtual machine. service name status: Displays status of network service. The default signal sent to processes is SIGTERM. virt-viewer server: Display graphical console forvirtual server. virsh destroy name: Shutdown a virtual machine. 1: SIGHUP 2: SIGINT 3: SIGQUIT 6: SIGABRT 9: SIGKILL 14: SIGALRM 15: SIGTERM (default) top: Lists all running processes in an interactive environment. virsh list –all: Lists all virtual machines. service name stop: Stops network service. Start. and swap to a system non-destructively The fdisk and parted commands are interactive and have their own built-in help files. umount /dev/hd: Unmount a device.ext4 /dev/mapper/label: Format labelled LUKS-encrypted physical volume.acl 1 1 cryptab entries are space delimited: label device cryptab example: cryptvolume /dev/sdb1 Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label blkid: Find the UUID of a device. mkfs. extended. Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted files system at boot dd if=/dev/urandom of=/dev/hd bs=1M: Fill physical volume with random data. lvremove /dev/volumegroup/volume: Remove a logical volume from volume group. extended. fstab entries are space delimited: device mountpoint fstype options dump fsck fstab example: /dev/sda1 / ext4 defaults. lvcreate -L size volumegroup: Create a new logical volume from volume group.acl 1 1 Add new partitions and logical volumes. mount -a: Mount all volumes defined in /etc/fstab fstab entries are space delimited: device mountpoint fstype options dump fsck fstab example: /dev/sda1 / ext4 defaults. and logical partitions. pvremove /dev/hd: Remove physical volume from an LVM. cryptsetup luksOpen /dev/hd label: Label LUKS-encrypted physical volume. mount: Displays all volumes currently mounted on system. /etc/fstab: Configuration file for volumes mounted by system. fdisk: Deprecated utility for manipulating primary. e2label /dev/mapper/volume label: Label a volume. assign physical volumes to volume groups. . Consult man pages for further options. The fdisk and parted commands are interactive and have their own built-in help files. and logical partitions. and create and delete logical volumes pvcreate /dev/hd: Create physical volume from device. vgreduce volumegroup /dev/hd: Remove physical volume from volume group. /etc/crypttab: Configuration file for LUKS-encrypted volumes. /etc/fstab: Configuration files for volumes mounted by system. lvdisplay volumegroup: Display information about volume group. Create and remove physical volumes. cryptsetup luksFormat /dev/hd: LUKS-encrypt physical volume. parted: Current utility for manipulating primary. vgextend volumegroup /dev/hd: Create volume group with physical volume or add physical volume to existing volume group. Mount. mount -o rw -t ext# /dev/hd /mountpoint: Mount’s device of ext# format in Read/Write mode to mount point. LUKS-encrypted.acl 1 1 cryptab entries are space delimited: label device cryptab example: cryptvolume /dev/sdb1 Extend existing unencrypted ext4-formatted logical volumes lvdisplay: Displays infomration about logical volumes on system. lvextend -L size /dev/volumegroup/volume: Extends logical volume to size. swapon -s: Displays swap devices currently on system.ext# /dev/hd: Format device as ext# File System. lvcreate -L size -n logicalvolume logicalvolumegroup: Create a logical volume of size in volume group.Consult man pages for further options. Configure systems to mount ext4. and use LUKS-encrypted file systems Mounting a LUKS-encrypted file system is identical to mounting a regular file system. vgcreate volumegroup /dev/hd: Create a volume group from a physical volume. Create and configure set-GID directories for collaboration . Mount and unmount CIFS and NFS network file systems mount -t cifs //servername/dir /mountpoint –verbose -o user=username: Mounts a CIFS filesystem to mount point. umount /dev/hd: Unmounts device. and ext4 file systems mkfs. unmount. mount: Displays all volumes currently mounted on system. and network file systems automatically blkid: Find the UUID of a device. and use ext2. umount /mountpoint: Unmounts a mountpoint. unmount. ext3. 4) Create and configure file systems Create. /etc/fstab: Configuration file for volumes mounted by system. mount. pvcreate /dev/hd physicalvolume: Create a physical volume from device. mount -a: Mount all volumes defined in /etc/fstab fstab entries are space delimited: device mountpoint fstype options dump fsck fstab example: /dev/sda1 / ext4 defaults. /etc/crypttab: Configuration file for LUKS-encrypted volumes. swapon -v /dev/hd: Add swap device to system. except you will be prompted for a passphrase. lvextend -L +size /dev/volumegroup/volume: Extends logical volume by size. mount -o rw -t nfs servername:/dir /mountpoint: Mounts a NFS filesystem to mount point. or division math involving the range. crontab -e: Edits crontab for current user. The command will be triggered whenever all conditions match. Diagnose and correct file permission problems ls -l: Display file permissions. Schedule tasks using cron crontab -l: Displays crontab for current user. /etc/sysconfig/network-scripts: Configuration files for interface specific networking settings. Add ‘acl’ to options in /etc/fstab and remount filesystem if this option is not already set. applying any new options.conf: Configuration file for resolving hosts. setfacl -m A:C:L file: Sets the Access Control Lists (ACLs) set on a file. example: 0 3 1 1-12/2 * command. mount -o remount /mountpoint: Remounts a mountpoint that is in use. something within the range. /ets/sysconfig/network: Configuration file for system networking settings. /etc/hosts: Local lookup table for statically defined hosts. will run command at 3:00am on the first day of every other month. 1: Minute (0-59) 2: Hour (0-23) 3: Day of Month (1-31) 4: Month (1-12) 5: Day of Week (0-6. configure. /etc/resolv. Cron entries require six space delimited options. /etc/fstab: Configuration file for volumes mounted by system. getfacl file: Displays the Access Control Lists (ACLs) set on a file. a comma separated list involving the range. and maintain systems Configure networking and hostname resolution statically or dynamically setup: Command line system for configuring networking related options. chmod g+s: Changes a directory to be set-GID. . starting at Sunday) 6: Command to be executed. Configure systems to boot into a specific runlevel automatically /etc/inittab: Edit to make runlevel changes permanent. Create and manage Access Control Lists (ACLs) Filesystem must support Access Control Lists. Each option can either be a *. 5) Deploy. virsh autostart –disable name: Disabled virtual machines from starting at boot.cfg’ is your best bet short of memorizing all options. Configure a system to run a default configuration HTTP server yum -y install httpd && chkconfig httpd on && service httpd start: Install and start httpd. yum -y install qemu* virt* libvirt* python-virtinst: Installs all packages related to hosting KVMs. ks=nfs:server/ks.cfg: Use a kickstart file on an FTP server.cfg: Use a kickstart file on the local disk. Running ‘system-config-kickstart /root/anaconda-ks. ks=http://server/ks. Configure a physical machine to support virtual guests yum -y install libvirt libvirt-client python-virtinst qemu-kvm virt-manager virt-top virtviewer: Install packages needed for hosting KVMs. . modprobe kvm: Adds kernel module for hosting KVMs. Install Red Hat Enterprise Linux systems as virtual guests virt-manager: GUI program for controlling virtual machines. and set to start on boot. Configure systems to launch virtual machines at boot virsh autostart name: Configures virtual machine to start at boot. For a bare metal kickstart enter GRUB an add the following line: ks=hd:sdba1/ks. chkconfig service on: Configures network service to start at boot. ks=ftp://server/ks. virsh list –all: Lists all virtual machines. /root/anaconda-ks. chkconfig –level # service off: Disables network service from starting in specified runlevels. For virtual machines add an option to virt-install similar to baremetal kickstart options: ex: -x “ks=KICKSTARTOPTION ksdevice=ETHERNETDEVICE ip=IPADDRESS netmask=NETMASK gateway=GATEWAY” There are numerous kickstart options available.Install Red Hat Enterprise Linux automatically using Kickstart system-config-kickstart: GUI for creating kickstart files.cfg: Use a kicksart file on the cdrom. chkconfig service off: Disables network service from starting at boot.cfg: Use a kickstart file on a web server. Configure network services to start automatically at boot chkconfig –list: Lists all installed network services.cfg: Use a kickstart file on an NFS server. ks-cdrom:/ks. /var/www/html: Location of files served by HTTP server. chkconfig –level # service on: Configures network service to start in specified runlevels.cfg: Kickstart file for running system at time of creation. -f #: Changes the number of days after password expiration that user’s account is disabled. usermod options: -d /dir: Changes the user’s home directory. -g GID: Changes the user’s main group. usermod options user: Modifty a user.repos. using iptables. and modify local user accounts useradd user: Adds user to system. Install and update software packages from Red Hat Network. userdel user: Deletes user from system. ‘man httpd_selinux’ for more various options. using iptables. /etc/yum. or from the local file system rhn_register: Register system with Red Hat Network. -e YYYY-MM-DD: Changes the expiration date of user’s account. yum install kernel: Installs a new kernel from a yum repository. /var/ftp: Location of files served by FTP Server.rpm: Installs RPM package from local file system. SELinux: Make sure SELinux contexts are correct for all files server. 0 for immediately. a remote repository. -l newuser: Changes the user’s login name to a new name. delete. rpm -ivh kernel.d: Directory containing information relating to yum repos.conf: Configuration files for system boot loader. and set to start on boot. Update the kernel package appropriately to ensure a bootable system Never update the kernel package. yum install package: Install package from yum repository. Firewall: Open ports 20 and 21 for FTPD. rpm -Uvh package. Firewall: Open ports 80 for HTTP and 443 for HTTPS. rpm -ivh package. .rpm: Installs a new kernel from an rpm package. SELinux: Make sure SELinux contexts are correct for all files server. always install a new kernel.rpm: Upgrades RPM package from local file system. Modify the system bootloader /boot/grub/grub. -1 for never. -G GID: Comma separated list of additional groups that the user belongs to. 6) Manage users and groups Create. ‘man ftpd_selinux’ for more various options. Configure a system to run a default configuration FTP server yum -y install vsftpd && chkconfig vsftpd on && service vsftpd start: Install and start vsftpd. . Set enforcing and permissive modes for SELinux getenforce: Display SELinux enforcing mode. groupmems -g group -a user: Add a user to group. system-config-authentication: GUI for connecting system to existing LDAP directory service. -U: Unlocks the user account. 7) Manage security Configure firewall settings using system-config-firewall or iptables system-config-firewall: GUI program for modifying firewall settings. Configure a system to use an existing LDAP directory service for user and group information yum -y install openldap-clients: Install the required OpenLDAP clients. /etc/selinux/config: Make permanent changes to SELinux enforcing mode. Create. -s shell: Changes the user’s login shell. with SELinux information. groupadd group: Create group. It is possible to configure LDAP connections manually. IPTables are complex when used from the command line. groupmod -g GID group: Change the GID of a group. -Z seuser: Changes ther user’s SELInux user type. and modify local group and group membership groups user: List which groups a user belongs to. but using system-configauthentication is your best option for the RHCSA exam. Change passwords and adjust password aging for local user accounts passwd: Change your password. passwd user: Change user’s password. with SELinux information. chage user: Change user’s password aging. delete. Using the ‘system-config-firewall’ or ‘setup’ are your best options for the simple firewall configurations required for the RHCSA exam. groupmod -n newgroup oldgroup: Change the name of a group. -u UID: Changes the user’s UID. groupdel group: Delete group. -L: Locks the user account. preventing logins. setenforce #: Toggle SELinux enforcing mode on or off. ps -Zu user: List all processes running as user. List and identify SELinux file and process context ls -lZ: List file permissions. allowing logins. Restore default file contexts semanage fcontext -a -t context “/dir(/. getsebool -P boolean off: Sets SELinux boolean to off. ps -Zaux: List all running processes. togglesebool boolean: Toggles SELinux boolean on or off. restorecon -F -R -v /dir: Recursively restores SELinux context of a directory and it’s contents. with SELinux information. Use boolean settings to modify system SELinux settings getsebool -a: Lists all SELinux boolean settings and current status. ps -Zaxl: List all running processes and parent process information. . /var/log/audit/audit. Diagnose and address routine SELinux policy violations ausearch -m avc -c command: Search for SELinux policy violations associated with command.*?)”: Sets the SELinux context of a directory and it’s contents. sealert -a /var/log/audit/audit.log: Log file containing information about SELinux policy violations. with SELinux information.log: Detaild descriptions of SELinux policy violations found in log. setsebool -P boolean on: Sets SELinux boolean to on.