AFTERMATH Flashcards
SETUP REPOFILE
[BaseOS]
name=BaseOS
baseurl=what they give
enabled=1
Configure nodes IPs first.
then, go to sshd_config file in BOTH nodes and un-hash PermitRootLogin and PublickeyAuthentication and PasswordAuthentication
for SELINUX question, consult semanage-fcontex and -port pages
Do systemctl status httpd to see what is going wrong
restart service
create user and remove shell access
give group or user access to add user in the server
harry ALL=(ALL) explain?
harry ALL=(ALL) NOPASSWD: ALL
-useradd -s /sbin/nologin user
use which useradd, go to visudo and add: %group ALL=(ALL) /usr/bin/passwd
can on all host run any command as any user
can do anything, on anyhost, with no passwd
do cronjob that runs every 1 minute and does a command as a david
export a directory (/netdir/netuser)
crontab -e -u david
*/1 * * * * whatever they provide
-download nfs-utils/autofs
-go to auto.master, add /netdir /etc/auto.misc
/etc/auto.misc= add username, rw, sync, and hostname: /path/to/user/on/server
-restart autofs, enable autofs, try to switch to user
create an access control list that gives rw to someone, no access to someone else
after changing ntp and restarting chronyd, type /etc/chrony.conf to verify change
setfacl -m u:user1:rw- /path/to/file
setfacl -m u:user2:— /path/to/file
find all files AND directories from user2, copy to /root/beer
MAY ASK THIS AS SCRIPT. (make .sh, chmod 755, run it)
start your scripts with #!/bin/bash
find / -user user2 -exec cp -rf {} /root/beer/ \;
make lvm x from volume group y. PE size= 8MB, LVM=50 extents, format=xfs, mount= /mnt/x. Persistent
user swapon -a after creating swaps
vgcreate -s 8M y /dev/sdc1
lvcreate -l 50 -n x /dev/y
mkfs.xfs /dev/y/x
make directory
get UUID, go to fstab, systemctl daemon-reload, mount -a, reboot
resize vo logical volume (300M) to 400M
INSTALL TUNED YOU DIRTY FUCKER
lvextend -r -l +100M /dev/vg/lv
OR
lvresize -r -l 400M /dev/vg/lv
configure and build rhcsa app for user 3 that prints “fuck off”
!/bin/bash
vim /usr/local/bin/rhcsa
echo “fuck off”
chmod 755 it. IMPORTANT!
THEN, vim /home/user3/.bash_profile and add the file BELOW fi
ssh as user3ssh
mkcreate container, name it monitor, create it as athena,
1.ssh athena@localhost
- wget <link></link>
- login into registry
- podman build -t monitor -f .
add a umask for a user
copy string ‘this’ from file.txt to this.txt. No empty lines allowed
open their .bashrc and add it there
grep ‘this’ /root/file.txt | grep -v ‘^$’ > /root/this.txt
deny a user a cronjob
passwords should expire after X days for all users
vim /etc/cron.deny, put in user name, try to see if workss
go to vim /etc/login.defs, create a user and verify this happens with chage -l username
grep something with no empty lines