Try   HackMD

RHCSA 2.0 Speed Run

1. Set/Reset root password, Network, Hostname

  • Password: tianyun
  • Hostname: serverX.example.com
  • Network
    • IP address: 172.25.X.11/24
    • IP gateway: 172.25.X.254
    • DNS: 172.25.254.254
  1. Press e to edit grub menu
    • Change linux16 ... ro to linux16 rw rd.break enforcing=0




chroot /sysroot
echo tianyun | passwd --stdin root
exit # Ctrl+D
exit # Ctrl+D
  1. Open terminal







restorecon /etc/shadow
hostnamectl set-hostname server6.example.com
nmcli connection modify "System eth0"\
  ipv4.method manual\
  ipv4.addresses 172.25.6.11/24\ 172.25.6.254\
  ipv4.dns 172.25.254.254
systemctl restart network

2. Set SELinux to enforcing

  • vim /etc/selinux/config
    • selinux=enforcing

3. Set default yum repository

  • http://content.example.com/rhel7.0/x86_64/dvd
    • vim /etc/yum.repos.d/DVD.repo





[base]
name = base
baseurl = http://content.example.com/rhel7.0/x86_64/dvd
enabled = 1
gpgcheck = 0
  • check: yum repolist

4. Configure logical volume loans and file system size to 300M






lvresize --size 300M /dev/finance/loans
xfs_growfs /mnt/loans # for XFS file system
resize2fs /dev/finance/loans # for ext2/ext3/ext4 file system
lvs # check
df -h /mnt/loans # check

5. Users, groups, supplementary groups, default shell

  • Group adminuser
  • Users natasha, harry belong to adminuser
  • User sarah has no login shell
  • All users' password is tianyun





groupadd adminuser
useradd --groups adminuser natasha
useradd --groups adminuser harry
useradd --shell /sbin/nologin sarah
for user in natasha harry sarah; do echo tianyun | passwd --stdin $user; done

6. Set files, directories permission, ACL permission

  • Copy /etc/fstab to /var/tmp/fstab
  • User and group are root
  • No one can execute
  • User natasha can read and write
  • User harry has no permission
  • Other user can read







cp /etc/fstab /var/tmp/fstab
chown root:root /var/tmp/fstab
chmod a-x /var/tmp/fstab
setfacl --modify user:natasha:rw /var/tmp/fstab
setfacl --modify user:harry:0 /var/tmp/fstab
chmod o+r /var/tmp/fstab
getfacl /var/tmp/fstab # check

7. Configure user's cron

  • User natasha execute /bin/echo hello at 14:20 everyday
    • cron -u natasha -e
      • 20 14 * * * /bin/echo hello

8. Configure directory permission

  • Create shared directory /home/admins belongs to group adminuser
  • Group adminuser can read, write, and execute
  • Other users have no permission
  • All files created in /home/admins will belongs to group adminuser automatically








mkdir /home/admins
chgrp adminuser /home/admins
chmod g=rwx /home/admins
chmod o-rwx /home/admins
chmod g+s /home/admins
# or `chmod g=rwx,o-rwx,g+s /home/admins`
ls /home/admins # check
vdir /home/admins # check

9. Upgrade kernel and guarantee that grub boot it by default

  • yum repository: http://content.example.com/rhel7.0/x86_64/errata
    • vim /etc/yum.repos.d/kernel.repo





[kernel]
name = kernel
baseurl = http://content.example.com/rhel7.0/x86_64/errata
enabled = 1
gpgcheck = 0
  • install kernel: yum install kernel

10. Use LDAP to authenticate local users

  • LDAP server: classroom.example.com
  • LDAP base DN: dc=example,dc=com
  • Root CA: http://classroom.example.com/pub/example-ca.crt










yum install sssd
authconfig --enableldap | grep ldap # for tip
authconfig --enableldap\
  --enableldapauth\
  --ldapserver=ldap://classroom.example.com\
  --ldapbasedn="dc=example,dc=com"\
  --enableldaptls\
  --ldaploadcacert=http://classroom.example.com/pub/example-ca.crt\
  --update
id ldapuser6 # check

11. Configure NTP service

  • NTP server: classroom.example.com





yum install chrony
vim /etc/chrony.conf
>>server classroom.example.com iburst
systemctl start chronyd # ^start^restart if chrony was installed by system
systemctl enable chronyd

12. Configure LDAP user authentication with autofs mount directory automatically









yum install autofs
vim /etc/auto.master
>>/home/guests /etc/auto.home
vim /etc/auto.home
>>* -fstype=auto classroom.example.com:/home/guests/&
systemctl start autofs
systemctl enable autofs
su - ldapuser6 # check

13. Create user jack, uid is 2000

  • useradd --uid 2000 jack

14. Create a new 512M swap, swap on when booting








fdisk /dev/vdb # create a 512M partition
mkswap /dev/vdb? # ? is partition number for the 512M partition
vim /etc/fstab
>>/dev/vdb? swap swap defaults 0 0
swapon -a # swapon using /etc/fstab
swapon -s # check swap
free # check swap

15. Find all files belong to alice. And copy the files to /findfiles



mkdir /findfiles
find -user alice -type f -exec cp {} /findfiles/ \;`

16. Find all lines contain seismic in /usr/share/dict/words. And copy the output to /root/filelists orderly.

  • grep seismic /usr/share/dict/words > /root/filelist

17. Archive and compress /etc to /root/backup.tar.bz2. Use bzip2 compression method.

  • tar cjf /root/backup.tar.bz2 /etc

18. Create logical volume database belongs to volume group datastore. Size of logical volume is 10 physical extent. Physical extent size of volume is 16M. Format database with ext4. Mount to /mnt/database when booting.











fdisk /dev/vdb # create a partition > 10 * 16M
pvcreate /dev/vdb? # initalize the partition for LVM
vgcreate --physicalextentsize 16M datastore /dev/vdb?
lvcreate --extent 10 --name database datastore
mkfs.ext4 /dev/datastore/database
mkdir /mnt/database
vim /etc/fstab
>>/dev/datastore/database /mnt/database ext4 defaults 0 0
mount -a # mount using /etc/fstab
mount | grep database # check
Last changed by 
Mark Zhang
0
346

Read more

Hyper-V

Hyper-V Note

Nov 30, 2024
Windows Note

Direct Download Links Windows Server 2016 ZH-CHS EN-US FR DE IT JA RU

Jul 28, 2022
IT General Knowledge

[ToC] Newline Character Classic Mac OS: \r Unix-like: \n Windows: \r\n IP Public Network vs Private Network

Nov 2, 2021
RHCSA 2.0

Jun 26, 2019
Read more from Mark Zhang
Published on HackMD