EXTRAS

Question 1

mount an ISo

Answer 1

mount -o loop media.iso /media

Question 2

Set same SELinux context for a directory

Answer 2

chcon -R –reference=/var/www/html/ /var/www/html/inst

Question 3

FTP and http file location

Answer 3

vsftp server is /var/ftp/pub

HTML is /var/www/html

Question 4

example setting up a VSFTP server and upload DVD installation

Answer 4

#yum install vsftpd
#service vsftpd start
test that you can connect to ftp://127.0.0.1
#chkconfig vsftp on
# mkdir /var/ftp/pub/inst   -> create directory to copy files
#mount -ro loop download.iso /media   -> use iso or DVD
#mount /dev/cdrom /media    -> mount dvd
# cp -ar /media/. /var/ftp/pub/inst
#chcon -R -t public_content_t /var/ftp/   -recursively set SELinux context
#service vsftpd restart

Question 5

add/remove software tool is located

Answer 5

System -> administration -> add/Remove Software

Question 6

List of packages needed for virtualization

Answer 6

qemu-kvm - the main kvm package
python-virtinst - command line tools and libraries for creating VMS
virt-manager - GUI VM administration tool
virt-top - command for VM statistics
virt-viewer - GUI connection to configure VMs
libvirt - c language toolkit with the libvirtd service
libvirt-client - c language toolkit for VM client

Question 7

check if the right VM modules are located

Answer 7

#lsmod | grep kvm
output should return either kvm-intel or kvm-adm
if the output is different or no output run this command to add:
#modprobe kvm

Question 8

virt-install

Answer 8

You can also use the virt-install --prompt command to set virtual machines, just enter information as asked such as RAM, CPU, and so forth
# virt-install --prompt

Question 9

virt-install to install a VM with a kickstart file

Answer 9

The virt-install –prompt command can be used to install from a kickstart. Example
# virt-install -n outside1.example.org -r 768 –dis \
path=/var/lib/libvirt/images/outsider1.example.org.img \
-l ftp://192.168.122.1/pub/inst \
-x “ks=ftp://192.168.122.1/pub/ks1.cfg”

Question 10

switches for the virt-install command

Answer 10

• n (–name) sets the name of a VM
• r (–ram) configures the amount of RAM in MB
• -disk defins the virtual disk
• l (–location) specifies the directory or URL wit hthe installation files
• x (–extra-args=) includes extra data, such as the url of a kickstart file.

Question 11

virt-clone –prompt

Answer 11

the virt-clone –prompt command can be used t oclone an existing VM. Make sure the system to be cloned is shutdown.

Question 12

Tools of interest for administrative purposes

Answer 12

• telnet and nmap to verify remove access to open ports
• mutt as an email client to verify the functionality of an email server
• elinks as a web browser to make sure web services are accessible
• lftp to access ftp servers with command completion

#telnet localhost 21
# nmap localhost
#mutt -f pop://username@host
  you can also use the mail command as:
$mail Michael
subject: test
cc: marth@example.com
$mail -s 'host file' < /etc/hosts root@localhost
$elinks http://127.0.0.1/inst
$lftp ftp.example.org -u frany

Question 13

lftp standard commands

Answer 13

cd - changes the current working directory at the remote host
ls - list files at the remote host
get - retrieve one file from the remote host
mget - retrieve a group of files from the remote host
put - uploads one file from your computer to remote host
mput - uploads a group of files to remote host
pwd - list current working directory to the remote host
quit - ends the FTP session
!ls - list files on your host computer in the current directory
!cd - change the local host directory fur upload/download
!pwd - list current working directory on local host computer

Question 14

The Alias command examples

Answer 14

some alias command examples:
#alias cp='cp -i'
#alias l.='ls -d .* --color-=auto'
#alias ll='ls -l --color=auto'
#alias rm='rm -i'
#alias rm ='mv -t ~/.trash'

Question 15

the locate command database

Answer 15

the locate command database is normally updated only once each day base on this cron /etc/cron.daily/mlocate.cron (might have to manually run)

Question 16

Specialized variations on the vi command:

Answer 16

vipw  - edit /etc/passwd
vigw - edit /etc/group
visudo - etdit /etc/sudoers
vipw -s - edit /etc/shadow
vigr -s - edit /etc/gshadow

Question 17

arp command

Answer 17

The arp command displays a table of hardware and IP addresses on the local computer. ARP can help detect problem such as duplicate addresses on the network

Question 18

displaying routing table

Answer 18

#netstat -r  -> displays routing table, similar to route
#route -n  -> similar to #netstat -rn

Question 19

get dhcp info

Answer 19

dhclient eth0

Question 20

two tools that can be used to configure network devices:

Answer 20

System-config-network -GUI
nm-connection-edit - GUI command line
System-preferences-network connections

Question 21

check DNS server

Answer 21

if in doubt about whether the DNS server is operational:
#dig @192.168.122.1 mheducation.com

Question 22

default umask

Answer 22

The default umask is driven by the /etc/bashrc file

Question 23

remount a file system

Answer 23

mount -o remount /home

Question 24

common ports

Answer 24

21 - FTP
22 - secure shell (SSH)
23 - telnet
25 - SMTP
53 - DNS
80 - http
88 - kerberos
110 - pop
139 - netbios
143 - IMAP
443 - https
993 - IMAP over SSL
2049 - NFS4
995 - POP over SSL
69 - TFTP
139 & 445 as well as UDP 137 & 138 - SAMBA

Question 25

diagnose error when running semanage login -l

Answer 25

#yum whatprovides /usr/sbin/semanage
#yum -y install policycoreutils-python

Question 26

options for SELinux user roles

Answer 26

• guest_u no GUI, no networking, no access to the SU or sudo command
• xguest_u GUI, networking only via the firefox web browser
• user_u GUI and networking available
• staff_u GUI, networking, and the sudo command available
• unconfined_u Full system access

Question 27

tools to search /var/log/audit

Answer 27

#ausearch -m avc -c sudo
#sealert -a /var/log/audit/audit.log

Question 28

other facl command

Answer 28

#getfacl file | setfacl --set-file = - file2  -> copy acl from file1 to file2
#getfacl --access dir | setfacl -d -M-dir  -> copy the access acl into the default ACL

Question 29

GRUB common errors

Answer 29

error 15: file not found - the partition was mounted; the kernel was not found on that partition. Cause: root(hdx,y) directive does not point to the partition with /boot directory
ERROR 17: cannot mount selected partition: the partition is not formatted to a filesystem with files. Cause: the root(hdx,y) directive points to a partition formatted to a system such as linux swap
ERRO 22: no such partition: there is no partition specified by the root (hdx,y) directive.

Question 30

list commands at group command line

Answer 30

To see a list of commands at the GRUB command line, press the tab key at the grub > prompt.
To find the grub.conf file (find the /boot directory)
grub > find /grub/grub.conf
Another way to find the /boot directory
grub > root
to confirm the location of grub.conf, run the cat command:
grub > cat (hd0,0) /grub/grub.conf

Question 31

to see the files installed with a package

Answer 31

rpm -ql upstart

Question 32

runlevel control commands

Answer 32

halt -> moves to runlevel 0
init -> manages the current runlevel(different from init daemon)
initctl -> controls the init daemon
poweroff -> moves to runlevel 0
runlevel -> list current and previous runlevel
telinit -> manages the current runlevel

Question 33

parameters in /etc/sysconfig/init

Answer 33

The parameters in the /etc/sysconfig/init specify how the system looks and feels during the boot process

Question 34

virtual consoles

Answer 34

virtual consoles are configured in files /etc/sysconfig/init and the /etc/init directory.

Question 35

System-config-services

Answer 35

Can also be used to start/stop services at boot. It’s a gui tool.

Question 36

ifconfig

Answer 36

Any changes made with the ifconfig command is temporary

Question 37

examples for the route command

Answer 37

#route add default gw 192.168.122.1  > adding a default route
#route add default gw 0.0.0.0
#route add -net 192.168.0 netmask 255.255.255.0 dev eth1
-----> sets up a route to the noted network/subnet mask combination through the second ethernet device

Question 38

Netstat

Answer 38

Netstat can do a lot more such as identifying open services on the local system
#netstat atnp

Question 39

adding an arp entry

Answer 39

arp -s buggy 00.00.00.cf.a1.33

Question 40

delete an arp entry

Answer 40

arp -d buggy

Question 41

/etc/sysconfig/network directives

Answer 41

**NETWORKING - > can be yes or no, to configure or not configure networking
NETWORKING_IPV6 -> can be yes or no for ipv6
NSDOMAIN -> set the name of NIS domain, if connected to a NIS network
**HOSTNAME -> set the hostname of the local computer (can be set by the DHCP server)
GATEWAY -> set the IP address for the gateway(can be set by the DHCP server)
GATEWAYDEV - > sets the network device, such as eth0, that this computer uses to reach a gateway. there’s no need fo rthis directive if there is only one network card.

Question 42

using the GUI network manager configuration tool

Answer 42

You may need to first install the associated package:
#yum install NetworkManager-gnome
you can start GUI network connections tool
#nm-connection-editor

Question 43

Creating a swap partition example using fdisk

Answer 43

#fdisk /dev/sdb
command (m for help): n
p
partition number(1-4): 1
first sector default:...
last sector:200MB
command(m for help): p
command(m for help): t
HEX code (type L to list codes): 82
command(m for help): w

when done follow by
#mkswap /dev/sdb1
#swapon /dev/sdb1

Question 44

set a partition to a different type in parted

Answer 44

(parted)set
partition number? 1
flag to Invert? lvm
new state? [on]/off on

Question 45

to see the swap space currently configured

Answer 45

run the command:
#cat /proc/swaps

Question 46

checking a partition

Answer 46

#umount /var
#fsck -t ext4 /dev/sda7
#mount /dev/sda7 /var

Question 47

disk utility GUI

Answer 47

One graphical tool that you can use for storage management is the disk utility, which is available from the gnome-disk-utility package. To access from the command line
#palimpsest

Question 48

empty partition

Answer 48

For parted for a new empty partition, you need to create a label. You will get this message “unrecognized disk label” error; run first the mklabel command

(parted) mklabel msdos
(parted) mkpart

Question 49

formatting partitions

Answer 49

-remember: for these command below, you need the appropriate partition
#mkfs.cramfs - create a compressed ROM filesystem
#mkfs.ext2 - formats a volume to the ext2 fs
#mkfs.ext3 - formats a volume to the ext3 fs
#mkfs.ext4 - formats a volume to the text4 fs
#mkfs.msdos -> or mkfs.vfat, or mkdosfs microsoft vfat, not bootable
#mkfs.exfs - formats a volume to the xfs fs
#mkswap - format a volume to the linux swap file system

Question 50

Physical volume Management commands

Answer 50

pvchange - changes attributes of a PV: the pvchange -x /dev/sda10 command disables the use of PEs from the /dev/sda10 partition
pvck - checks the integrity of a physical volume
pvcreate - initializes a disk or partition as a PV; the partition should be flagged with the LVM file type
pvdisplay - displays currently configured PVs
pvmove - moves PVs in a VG from the specified partition to free locations on other partitions; prerequisite to disabling a PE. one example: pvmove /dev/sdda10
pvremove : removes a give PV from a list of recognized volume: for example, pvremove /dev/sda0
pvresize - change the amount of a partition allocated to a PV. If you’ve expanded partition /dev/sda10, pvresize /devsda10 takes advantage of the additional space. Alternatively, pvresize –set physical volumesize 100M /dev/sda10 reduces the amount of PVs taken from that partition to the noted space
PVS - list configured PVs and the associated VGs, if so assigned
PVscan - similar to PVS with more details

Question 51

Volume group command

Answer 51

vgcfg backup - and vgcfg restore - backups up and restore the configuration file associated with LVMs, by default, they’re in /etc/lvm directory
vgchange - similar to pvchange, allows you to activate or deactivate a VG. for example, vgchange-a
vgck - checks the integrity of a volume group
vgconvert - supports conversions from LVM1 systems to LVM2. vgconvert - M2 volgroup00 converts volgroup00
vgcreate - creates a VG, from two or more configured PVs. for example vgcreate vgroup0 /dev/sda10 /dev/sda11 creates vgroup00 from PVs as defined on /dev/sda10 /dev/sda11
vgdisplay - displays characteristics of currently configured VGs
vgexport - and vgimport - exports & imports unused VGs from those available for LVs; the vgexport -a command exports all inactive VGs
vgextend - if you’ve created a new PV. vgextend vgroup00 /dev/sda11 adds the space from /dev/sda11 to vgroup00
vgmerge - if you have an unused vgroup01, you can merge it into vgroup00 with the following command. vgmerge vgroup00 vgroup01
vgmknodes - run this command if you have a problem with vg device files
vgreduce - the vgreduce vgroup00 /dev/sda11 command removes the /dev/sda11 PV from vgroup00, assuming sufficient free space is available
vgremove - removes a VG
vgrename - rename VGs
vgs - displays basic information on configured vgs
vgscan - scans and displays basic information on configured VGs
vgsplit - splits a volume gorup

Question 52

Logical volume commands

Answer 52

lvchange - similar to pvchange, changes the attributes of an LV. For example, lvchange -a n vgroup00/lvol00 command disables the use of the LV labeled lvol00
lvconvert - if there are sufficient available PVs, the lvconvert -ml vgroup00/lvol00 command mirrors the LV
lvcreate - creates a new LV in an existing VG. for example: lvcreate -l 200 volume01 -n lvol01 creates lvol01 from 200 extents in a VG named volume01
lvdisplay - displays currently configured LVs
lvextend - adds space to an LV. the lvextend -L 4G /dev/volume01/lvol01 command extends lvol01 to 4GB, assuming space is available
lvreduce: reduces the size of an LV; if there’s data in the reduced area, it is lost
lvremote - removes an active LV. the LVremove volume01/lvol01 command removes all lvol01 from
volume01
lvrename - renames an LV
lvresize - resizes an LV; can be done by -L for size. lvresize -L 4GB volume01/lvol01 changes the size of lvol01 to 4GB
lvs - lists all configured LVs
lvscan - scans for all active LVs

Question 53

LVM command installed(many exists, but only four are active)

Answer 53

LVM - brings you an LVM prompt to run other commands, type help to see a list
lvmconf - can modify the default settings in the related configuration file /etc/lvm/lvm.conf
lvmdiskscan - scans all available drives for LVM-configured partitions
lvmdump - sets up a configuration report in the root administrative user’s home directory(/root)

Question 54

To use the GUI logical volume management tool

Answer 54

yum install system-config-lvm

Question 55

Volume encryption with the linux unified key setup (LUKS)

Answer 55

LUKS works on a block level

LUKS-protected system requires either a passphrase or a keyfile

Question 56

encrypting a filesystem mounted on a specific directory

Answer 56

You need the dm_crypt module
#lsmod | grep dm_crypt
if you don't see an output regarding dm_crypt run:
#modprobe dm_crypt
You'll need to install the cryptsetup-luks RPM package
#yum install cryptsetup-luks

Question 57

Create a LUKS-based filesystem with cryptsetup

Answer 57

cryptsetup luksformat /dev/sda1 -> first create a passphrase

• once the partition is encrypted, it can’t be read. Before you can format it, it must be mapped
  First you need the UUID of the device. This command creates a UUID for the newly encrypted /dev/sda1 device:
  #cryptsetup luksUUID /dev/sda1 -> generates a UUID
  #cryptsetup luksopen /dev/sda uuid number
• the mapped device should now appear in the /dev/mapper directory
  (instead of using a UUID you can use a word like test, unless required in the exam)

Question 58

find the UUID associated with a particular encrypted filesystem

Answer 58

#dumpe2fs /dev/mapper/test | grep UUID
You can also use the blkld command to get the UUID

Question 59

mounting a luks formatted filesystem

Answer 59

If the LUKS formatted filesystem /dev/mapper/test is to be mounted on the directory named /shared, you could add the following lines in /etc/cryptttab:
shared /dev/mapper/test   none
shared  UUID=uuidnumber none
-You can verify how partitions are actually mounted in the /etc/mtab
#cat /etc/mtab

Question 60

description of entries in /etc/fstab example

Answer 60

/dev/dsa1 (device)
/home (mount point)
ext4 (fs format)
defaults(mount option)
0 0 ( Dump value followed by FS check order)

Question 61

dump value

Answer 61

Either 0 or 1. A value of 1 means that data is automatically saved to disk by the dump command when you exit Linux

Question 62

filesystem check order

Answer 62

Determines the order that filesystems are checked by fsck command during the boot process. The root directory(/) should be set to 1, and other local filesystems should be set to 2. Removable filesystems such as those associated with CD/DVD devices should be set to 0, which means they are not checked during the Linux boot process

Question 63

Mount command and /etc/fstab options

Answer 63

async - data is read and written asynchronously
utime - the inode associated with each file is updated each time the file is accessed
auto - searches through /etc/filesystem for the appropriate format for the partition; normally associated with Floppy or removable media
defaults - uses default mount options rw,suid,dev,exec,auto,nouser,async
dev - permits access to character devices such as terminals or consoles and block devices such as drives
exec - allows binaries (compile programs) to be run on the File system
noatime - the inode associated with each file is not updated when accessed
noauto - requires explicit mounting common option for CD and floppy drives
nodev - devices on this Filesystem are not read or interpreted
noexec - binaries cannot be run on this filesystem
nosuid - disallows setuid or setgid permissions on this filesystem
nouser - only root users are allowed to mount the specified filesystem
remount - remounts a currently mounted filesystem also an option for the mount command
ro - mounts the filesystem as read-only
rw - mounts the filesystem as read/write
suid - allows setuid or setgid permissions on programs on this filesystem
sync - reads and writes are done at the same speed (synchronously) on this filesystem
user - allows non root users to mount this filesystem.

Question 64

List of virtual filesystems in /etc/fstab

Answer 64

tmpfs - a virtual memory filesystem that uses both RAM & swap space
devpts - filesystem relates to Pseudo - terminal devices
sysfs - filesystem provides dynamic info about system devices. Explore the associated /sys directory
proc - provides dynamically configurable options for changing the behavior of the kernel

Question 65

mount a cd/dvd

Answer 65

mount -t iso 9660 /dev/sr0 /mnt

Question 66

best option to mount nfs

Answer 66

#mount -t nfs server1:/pub share fsmount nfs
or add to /etc/fstab
server1:pub  /share  nfs  rsize=8192,wsize=8192,time=14,intr,udp  00

Question 67

option for mounting samba directories

Answer 67

in /etc/fstab
//server/pub /share cifs rw,username=user,password=passd, 0 0
or
//server/pub /share cifs rw,credentials/etc/secret 0 0
then your /etc/secrent content:
username=user
password = password

Question 68

automount

Answer 68

default automounter settings are configured in /etc/sysconfig/autofs

• the automount daemon also known as the automounter or autofs can automatically mount specific directories as needed.
• the relevant confguration files are auto.master, auto.misc, auto.net, and auto.smb, all in the /etc/ directory
• if you use the automounter, keep the /misc and /net directories free. you won’t even see the /misc and or /net directories unless you properly configure /etc/auto.master and the autofs daemon is running

Question 69

/etc/auto.master (content a series of comments with 3 default commands)

Answer 69

/misc /etc/auto.misc configuration file for this directory
/net -hosts -> allows you to specify the hosts to automount a network directory as specified in the /etc/auto.net
+auto.master
One example to mount
/shared /etc/auto.home

Question 70

yum-config-manager

Answer 70

To get the full list of yum configuration directives and their current values, run the following command
#yum-config-manager
This command requires the installation of the yum-util package.

Question 71

additional yum commands

Answer 71

#yum info samba  -> similar to #rpm -qi samba (query about samba
#yum erase package -> removes package
#yum whatprovides */*.repo
#yum grouplist  
#yum groupinfo "Remote desktop clients"
#yum group install groupPackage name
#yum group install "print server" -x paps -x gutenprint-cups -> exclude paps & gutenprint from being installed
#yum groupremove "Print Server"
#yum createrepo  -> helps you setup a local directory
#yum downloader cups
#yum-config-manager  -> can display all current settings for each repository as well as downloaded individual RPM packages
#yum downloader

Question 72

local access

Answer 72

local access is regulated in the /etc/security file

Question 73

to set a password for a group

Answer 73

gpasswd group

Question 74

configure a client as an LDAP client

Answer 74

you can edit /etc/openldap/ldap.conf and add
URL ldap:127.0.0.1
HOST tester.example.com
BASE dc=example,dc=com
TLS_CACERTDIR /etc/openldap/cacerts

Question 75

The name service switch file

Answer 75

/etc/nsswitch.conf, governs how a computer seachers for key files as password databases. It can be configured to look through LDAP and other server databases such as /etc/hosts
   hosts: files ldap dns
You can also add settings
passwd: files ldap
shadow: files ldap
group : files ldap

Question 76

VNC

Answer 76

vnc communication normally proceeds on port 5900, must be open to enable communication.
The gnome-base VNC server is known as vino. TigerVNC server, based on tightvnc server also exists

Question 77

Install vnc

Answer 77

yum install vinagre tigernc tigernc-server

once installed you can start the configuration proces in the /etc/sysconfig/vncservers file
- sample configuration directives
#VNCSERVERS=”2:myusername”
#VNCSERVERARGS[2]=”-geometry 800 X 600 -no listen tcp -localhost”

$vncserver:2 -geometry 640 x 400

Question 78

stop the vnc server

Answer 78

/etc/init.d/vncserver stop

Question 79

vnc gnome

Answer 79

you can use the vncviewer command to connect to a vnc server
#vncviewer 192.168.122.1  :2

To use the GNOME-based vino server, after it's installed
#vino-preferences

Question 80

password protect grub

Answer 80

First create an md5 passwd
#grub-md5-crypt
passwod:

Then edit /boot/grub/grub.conf under the timeout line in the main section enter
passwd –md5

Question 81

Setup NFS server and NFS partition

Answer 81

#yum install nfs-utils nfs-utils-lib
#chkconfig nfs on 
#service rpcbind start
#service nfs start

#mkdir /shareFiles
#vi /etc/exports
enter
/shareFiles           tester1(rw,sync,no_root_squash,no_subtree_check)
#exportfs -a

Question 82

Installing a Samba Server

Answer 82

yum install samba

add a user
#useradd visitor -s /sbin/nologin

set smb password
#smbpasswd -a visitor

make the directory to be shared
#mkdir /smbshare

change ownership directory
#chown -R visitor:root /smbshare

add this entry iinto /etc/samba/smb.conf
[smbshare]
comment = Share
path = /smbshare
writable = yes
valid users = shareuser

Start the smb service
#service smb start

add it at startup
#chkconfig --level 235 smb on

test that it works
#testparm

Question 83

setup ftp to only allow specific IPs

Answer 83

service vsftpd restart

#yum install -y vsftp*
#vi /etc/vsftpd/vsftpd.conf
verify that this is present or add:  tcp_wrappers=YES

In /etc/hosts.deny deny everyone for vsftpd :
vsftpd: ALL

Then, in /etc/hosts.allow add the authorized IPs :
vsftpd:192.168.0.39 192.168.0.50