REPOSITORIES

File: /etc/[Link].d/
See enabled repositories
#dnf repolist enabled
Disable all repositories
#dnf config-manager –disable <repoID>
Create Yum repositories with the dnf config-manager command.
#dnf config-manager –add-repo=”[Link]
Check repo was added: #dnf repolist enabled

USERS
File: /etc/passwd | /etc/shadow | /etc/group | /etc/gshadow | /etc/[Link]
Create users:
#useradd bob
The following configuration variables in /etc/[Link] change the behavior of this tool:
CREATE_HOME; PASS_MAX_DAYS (number) maximum number of days a password may be used.
To change the expiration of a password after X days, edit:
#vi /etc/shadow
To change home dicretory of a users edit:
#vi /etc/passwd
Create groups:
#vi groupadd trainers
#vi usermod -aG trainers bob

FILE ACCESS
r=4; w=2; x=1; rwx=7; rx=5 | Default for d = 0777 (drwxrwxrwx) | Default for f = 0666 (-rw-rw-rw-)
umask = 0002 clears the write bit for other users | 0077 clears all the group and other permissions of newly created files

Special permission Effect on files Effect on directories

u+s (suid) File executes as the user that owns No effect

the file, not the user that ran the file.
g+s (sgid) File executes as the group that owns Files newly created in the directory have their group owner set to
the file. match the group owner of the directory.
o+t (sticky) No effect. Users with write access to the directory can only remove files that
they own; they cannot remove or force saves to files owned by
other users.
To create a shared folder where regular users can read-write-delete their files but cannot delete others files and a HEAD user can
delete any file:
#mkdir /groups/trainers
#chown bill:trainers /groups/trainers
#chmod g+s /groups/trainers
#chmod o+t /groups/trainers

Add read access only to a group other than the group owner of a folder/File | to verify the file acl was added
#setfacl -m g:consultants:rx /groups/trainers
#getfacl /group/trainers

LOGICAL VOLUMES MANAGEMENT LVM

File: /etc/fstab
Check device of physical HD
#lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sr0 11:0 1 1024M 0 rom
nvme0n1 259:0 0 20G 0 disk
├─nvme0n1p1 259:1 0 1G 0 part /boot
 └─nvme0n1p2 259:2 0 19G 0 part
├─rhel-root 253:0 0 17G 0 lvm /
└─rhel-swap 253:1 0 2G 0 lvm [SWAP]
nvme0n2 259:3 0 5G 0 disk

Check where is mounted

#fdisk -l

Create partition and label it as Linux LVM

#fdisk /dev/nvme0n2
:n | :p | :1 | :default | :default | :type | :8e (for Linux LVM type) | :w

Create physical volume and verify

#pvcreate /dev/nvme0n2p1  note p1 as partition 1
#pvdisplay

Create Volume Group and verify

#vgcreate <vgfiles> /dev/nvme0n2p1
#vgdisplay

Create Logical Volume named lvfiles in vgfiles group, allocate 100% of free space
#lvcreate -n <lvfiles> -l 100%FREE <vgfiles>

Create File System on new logical volume of type ext4

#mkfs.ext4 /dev/vgfiles/lvfiles

Mount volume on folder /files and make mount persistent. Reboot to verify is persistent
#mkdir /files
#mount /dev/vgfiles/lvfiles /files
#df -hT (to get the files system and type to add to /etc/fstab)
#vi /etc/fstab add line: /dev/mapper/vgfiles-lvfiles /files ext4 defaults 00

PERFORMANCE TUNING
Check if tuned is installed, if it’s running, make it enabled and change profile to bets throughput
#rpm -qa | grep tunned
#systemctl status tunned
#systemctl enabled tuned
#systemctl start tuned
#tuned-adm list
#tuned-adm profile network-throughput
#tuned-adm active

JOB SCHEDULING
Files: /etc/crontab | files in folder /etc/cron.d/ | /etc/[Link]/| /etc/[Link]/ | /etc/
[Link]/ | /etc/[Link]/
One time for user at, atq #echo "date >> /home/student/[Link]" | at now +3min
Periodic tasks for Users #crontab -e ADD to file */2 * * * Mon-Fri /usr/bin/date >> ~/my_first_cron_job.txt

For recurring system Jobs:

Always place crontab file on /etc/crond/ folder to avoid overwriting

The /etc/anacrontab file ensures that scheduled jobs always run and are not skipped accidentally because the system
was turned off or hibernated.
System timers located: /usr/lib/systemd/system/[Link]
To modify copy timers to /etc/systemd/system/[Link]
To reload timer #systemctl daemon-reload
To enable timer #systemctl enable --now [Link]
Timer that triggers temporary file clean up [Link]

Diagram

Create a scheduled job to run at the top of every hour and send a message “hello” to the system-logging mechanism
#crontab -e
ADD LINE TO FILE AND SAVE: 59 * * * * logger -p [Link] "hello"

MAKE system journal PERSISTENT

#mkdir /var/log/journal
#vim /etc/system/[Link]
EDIT LINE: Storage=persistent
#systemctl restart systemd-journald
#reboot

MAKE THE INSTALL DISK THE DEFAULT REPO

File: /etc/[Link].d/[Link] | /mnt/disk/[Link] |
Mount the media disc
#mount /dev/sr0 /mnt/disk
Copy repo file from media to /etc/[Link].d/[Link]
#cp /mnt/disk/[Link] /etc/[Link].d/[Link]
Edit [Link] and make it look like:
root@server4 ~]# cat /etc/[Link].d/[Link]
[InstallMedia]
name=Red Hat Enterprise Linux 9.1.0
mediaid=None
metadata_expire=-1
gpgcheck=1
cost=500
enabled = 1
baseurl = [Link]
gpgkey = [Link]
[InstallMedia-AppStream]
name=Red Hat Enterprise Linux 9.1.0 Apps
mediaid=None
metadata_expire=-1
gpgcheck=1
 cost=500
enabled = 1
baseurl = [Link]
gpgkey = [Link]

Clean and check repo works

#dnf clean all
#dnf update

EDIT SYSTEM CLEAN UP /tmp FILES

Files: /usr/lib/tmpfiles.d/*.conf | /run/tmpfiles.d/*.conf |/etc/tmpfiles.d/*.conf
Check current timer of [Link]
#systemctl cat [Link]

Change configuration file to run every hour

#vi /usr/lib/systemd/system/[Link]
Change line : [Timer] -> OnUnitActiveSec=1h

Ensure system loads new configuration

#systemctl daemon-reload

Activate the new timer and verify if change took effect

#systemctl enable --now [Link]
#systemctl cat [Link]

Using stratis add a 3G disk to volume named myvol and ensure it is mounted persistently and automatically when
booting.
Ensure stratis is installed
#rpm -qa | grep stratis
Install stratis
#dnf install stratis
#dnf install stratis-cli

Enabled ans start stratisd service

#systemctl enable stratisd
#systemctl start stratisd

Check the HD is added, create stratis pool and extend the pool
#lsblk
#stratis pool create <myvol> </dev/nvme0n2>
#stratis pool add-data <myvol> </dev/nvm0n3>
#stratis pool list

Create new file system and verify

#stratis filesystem create <pool-name> <file-system-name>
#stratis filesystem list

Mount volume, create snapshot and make it persistent

#mkdir /myvol
#mount </dev/stratis/myvol/myvolfs > /myvol
#stratis filesystem snapshot <poolname> <file system name> <snapshot name>
#echo "UUID=<from filesystem list> /myvol xfs defaults,[Link]=[Link] 0 0" >> /etc/fstab
BASIC SHELL SCRIPTING
Write a file that prompts for input if not input received, the checks if input is file or folder and prints long list properties
of each:
#!/bin/bash
ARG=$1
while [ ${#ARG} -eq 0 ] #while length of ARG is 0
do
echo "PLEASE ENTER ARGUMENT"
read ARG
done

if [ -e "$ARG" ] #if ARG exists

then
if [ -d "$ARG" ] #if ARG is a folder
then
echo "IT IS A FOLDER"
ls -ld "$ARG"
else
echo "IT IS A FILE"
ls -ltr "$ARG"
fi
else
echo "$ARG doesn't exist"
exit 6
fi

Find all files that have the SUID permission set and write results to file in home folder.
#find / -type f -perm -u+s -fprint /home/student/[Link]

Create user lisa and change the max password days to 30, also ensure she changes password at first login
#useradd lisa -K PASS_MAX_DAYS=30 OR
#useradd lisa THEN #chage -M 30 dbuser1
#chage -d 0 lisa

Allow lisa to change anyone’s password except root | sudoers line syntax User Host = (Runas) Command
Command dnf is the latest version of YUM dnf links to dnf-3

Channel 2 is the error channel

Channel 0 is the input channel
#!/usr/bin/bash
#
USR='student'
OUT='/home/student/output'
#
for SRV in servera serverb
do
ssh ${USR}@${SRV} "hostname -f" > ${OUT}-${SRV}
echo "#####" >> ${OUT}-${SRV}
ssh ${USR}@${SRV} "lscpu | grep '^CPU'" >> ${OUT}-${SRV}
echo "#####" >> ${OUT}-${SRV}
ssh ${USR}@${SRV} "grep -v '^$' /etc/selinux/config|grep -v '^#'" >> ${OUT}-${SRV}
echo "#####" >> ${OUT}-${SRV}
ssh ${USR}@${SRV} "sudo grep 'Failed password' /var/log/secure" >> ${OUT}-${SRV}
echo "#####" >> ${OUT}-${SRV}
done
Command r on top interface changes process priority. The lowest the value the more processor time the process
gets.

Find what package provides a program

dnf provides <seinfo>

Restore the file TYPE to the correct context

restorecon <filename-or folder>

firewall-cmd --list-all-zones
firewall-cmd –add-service=http
systemctl start httpd

SELinux commands
getenforce = See SELinux status
getenforce 0 = disable SELinux enforcement
getenforce 1 = enable SELinux enforcement
ls lZd /<directory> = shows file properties including SELinux file types

less /etc/selinux/targeted/contexts/files/file_contexts = shows what types are SELinux files

semanage fcontext -a -t httpd_sys_content_t ‘/virtual(/.*)?’ = permanently edits the context type of /virtual
folder and content
man semanage-fcontext = see examples to see types

Reset Root Password

Reboot OS
Interrupt countdown, select the Rescue kernel boot-loader and push “e” to edit it
Use the cursor keys to navigate to the line that starts with linux, Press end to go to end of the line
Add [Link] to the end of the line and press ctrl+x to reboot
After reboot press enter
#mount -o remount,rw /sysroot
#chroot /sysroot
#passwd root to change root password
Ensure SELinux relabels the system after reboot by issuing the command
#touch /.autorelabel
Type exit twice to reboot

Repair File System Issues when booting

Reboot OS
Interrupt countdown, select the Default boot-loader and push “e” to edit it
Use the cursor keys to navigate to the line that starts with linux, Press end to go to end of the line
Add [Link]=[Link] to the end of the line and press ctrl+x to reboot
The system reboots and asks for root password, enter root password
Mount devices mount, and check that the root folder / is mounted as rw, if not, remount it
#mount -o remount,rw /
#mount -a
Check if error ocurrs, if so, edit /etc/fstab and delete the device with issues
#vim /etc/fstab
Reload systemctl and mount all drives
#systemctl daemon-reload
#mount -a
#reboot now

Instructor email
Barbara Stamatakis
bstamata@[Link]
virtualtraining@[Link]