RHCSA 2.0 Speed Run === # 1. Set/Reset root password, Network, Hostname - Password: `tianyun` - Hostname: `serverX.example.com` - Network - IP address: `172.25.X.11/24` - IP gateway: `172.25.X.254` - DNS: `172.25.254.254` 1. Press `e` to edit grub menu - Change `linux16 ... ro` to `linux16 rw rd.break enforcing=0` ```bash= chroot /sysroot echo tianyun | passwd --stdin root exit # Ctrl+D exit # Ctrl+D ``` 2. Open terminal ```bash= restorecon /etc/shadow hostnamectl set-hostname server6.example.com nmcli connection modify "System eth0"\ ipv4.method manual\ ipv4.addresses 172.25.6.11/24\ 172.25.6.254\ ipv4.dns 172.25.254.254 systemctl restart network ``` # 2. Set SELinux to enforcing - `vim /etc/selinux/config` - `selinux=enforcing` # 3. Set default yum repository - `http://content.example.com/rhel7.0/x86_64/dvd` - `vim /etc/yum.repos.d/DVD.repo` ```bash= [base] name = base baseurl = http://content.example.com/rhel7.0/x86_64/dvd enabled = 1 gpgcheck = 0 ``` - check: `yum repolist` # 4. Configure logical volume ==loans== and file system size to 300M ```bash= lvresize --size 300M /dev/finance/loans xfs_growfs /mnt/loans # for XFS file system resize2fs /dev/finance/loans # for ext2/ext3/ext4 file system lvs # check df -h /mnt/loans # check ``` # 5. Users, groups, supplementary groups, default shell - Group `adminuser` - Users `natasha`, `harry` belong to `adminuser` - User `sarah` has no login shell - All users' password is `tianyun` ```bash= groupadd adminuser useradd --groups adminuser natasha useradd --groups adminuser harry useradd --shell /sbin/nologin sarah for user in natasha harry sarah; do echo tianyun | passwd --stdin $user; done ``` # 6. Set files, directories permission, ACL permission - Copy `/etc/fstab` to `/var/tmp/fstab` - User and group are `root` - No one can execute - User `natasha` can read and write - User `harry` has no permission - Other user can read ```bash= cp /etc/fstab /var/tmp/fstab chown root:root /var/tmp/fstab chmod a-x /var/tmp/fstab setfacl --modify user:natasha:rw /var/tmp/fstab setfacl --modify user:harry:0 /var/tmp/fstab chmod o+r /var/tmp/fstab getfacl /var/tmp/fstab # check ``` # 7. Configure user's cron - User `natasha` execute `/bin/echo hello` at 14:20 everyday - `cron -u natasha -e` - `20 14 * * * /bin/echo hello` # 8. Configure directory permission - Create shared directory `/home/admins` belongs to group `adminuser` - Group `adminuser` can read, write, and execute - Other users have no permission - All files created in `/home/admins` will belongs to group `adminuser` automatically ```bash= mkdir /home/admins chgrp adminuser /home/admins chmod g=rwx /home/admins chmod o-rwx /home/admins chmod g+s /home/admins # or `chmod g=rwx,o-rwx,g+s /home/admins` ls /home/admins # check vdir /home/admins # check ``` # 9. Upgrade kernel and guarantee that grub boot it by default - yum repository: `http://content.example.com/rhel7.0/x86_64/errata` - `vim /etc/yum.repos.d/kernel.repo` ```bash= [kernel] name = kernel baseurl = http://content.example.com/rhel7.0/x86_64/errata enabled = 1 gpgcheck = 0 ``` - install kernel: `yum install kernel` # 10. Use LDAP to authenticate local users - LDAP server: `classroom.example.com` - LDAP base DN: `dc=example,dc=com` - Root CA: `http://classroom.example.com/pub/example-ca.crt` ```bash= yum install sssd authconfig --enableldap | grep ldap # for tip authconfig --enableldap\ --enableldapauth\ --ldapserver=ldap://classroom.example.com\ --ldapbasedn="dc=example,dc=com"\ --enableldaptls\ --ldaploadcacert=http://classroom.example.com/pub/example-ca.crt\ --update id ldapuser6 # check ``` # 11. Configure NTP service - NTP server: `classroom.example.com` ```bash= yum install chrony vim /etc/chrony.conf >>server classroom.example.com iburst systemctl start chronyd # ^start^restart if chrony was installed by system systemctl enable chronyd ``` # 12. Configure LDAP user authentication with `autofs` mount directory automatically ```bash= yum install autofs vim /etc/auto.master >>/home/guests /etc/auto.home vim /etc/auto.home >>* -fstype=auto classroom.example.com:/home/guests/& systemctl start autofs systemctl enable autofs su - ldapuser6 # check ``` # 13. Create user `jack`, uid is 2000 - `useradd --uid 2000 jack` # 14. Create a new 512M swap, swap on when booting ```bash= fdisk /dev/vdb # create a 512M partition mkswap /dev/vdb? # ? is partition number for the 512M partition vim /etc/fstab >>/dev/vdb? swap swap defaults 0 0 swapon -a # swapon using /etc/fstab swapon -s # check swap free # check swap ``` # 15. Find all files belong to `alice`. And copy the files to `/findfiles` ```bash= mkdir /findfiles find -user alice -type f -exec cp {} /findfiles/ \;` ``` # 16. Find all lines contain `seismic` in `/usr/share/dict/words`. And copy the output to `/root/filelists` orderly. - `grep seismic /usr/share/dict/words > /root/filelist` # 17. Archive and compress `/etc` to `/root/backup.tar.bz2`. Use `bzip2` compression method. - `tar cjf /root/backup.tar.bz2 /etc` # 18. Create logical volume `database` belongs to volume group `datastore`. Size of logical volume is `10` physical extent. Physical extent size of volume is `16M`. Format `database` with `ext4`. Mount to `/mnt/database` when booting. ```bash= fdisk /dev/vdb # create a partition > 10 * 16M pvcreate /dev/vdb? # initalize the partition for LVM vgcreate --physicalextentsize 16M datastore /dev/vdb? lvcreate --extent 10 --name database datastore mkfs.ext4 /dev/datastore/database mkdir /mnt/database vim /etc/fstab >>/dev/datastore/database /mnt/database ext4 defaults 0 0 mount -a # mount using /etc/fstab mount | grep database # check ```