Important paths Flashcards
Set a users account to expire now and prompt to change on next login
Passwd -e user
Chage -M 0 user
Create 5 T vdo drive
Format xfs the mount permanently to /data
First make sure it installed
Yum install know-kvdo vod
vod create —name =vdo1 —device /dev/sdg1 —vdoLogicalSize=5T
Mkfs.xfs -K /dev/mapper/vdo1
vi /etc/fstab
/dev/mapper/vdo1 /data xfs x-systemd.requires =vdo.service 0 0
Change root password if you don’t know it can’t login
Edit grub rd.break
Ctrl + x
Mount -o remount,two /sysroot
Chroot /sysroot
Passwd
Touch /.autorelabel
Exit exit
Add group owner to every file and directory in directory /dirname and make sure no one in group is able to delete files created in folder
Chmod g+s /dirname
Chmod + t /dirname
Give stacy rw acl permissions on a secure file or directory
Give another group acl rwx permission on directory
Setfacl -m u:stacy:rw file name
Setfacl -m d:u:stacy:rw /dirname
Setfacl -m d:g:group:rwx /dirname
Set time zone and ntp service make sure it’s running
configure chrony to user time.google.com server
Timedatectl set-default “America/New_York”
Timedatectl set-ntp true
Systemctl status chronyd
first downlownd and install chrony
then edit the file
/etc/chrony.conf
pool iburst
enter the address they give you
pool time.google.com iburst
make sure its running
systemctl start chronyd
systemctl enable chronyd — makes it persistent
systemctl status chronyd
or
systemctl enable chronyd –now
chronyc sources – will list all the sources in your pool
Set default boot to multiuser
Systemctl set-default multi-user. Target
Edit grub to boot on scilenced
Vi/etc/default/grub
Grub2-mkconfig -o /boot/grub2/grub.cfg
Reboot
Change selinux to enforcing permanently
Find / - name selinux
/etc/selinux/config
Change to enforcing
Reboot
Sestatus
Create an archive
Tar -cvf new.tar file name to backup
Tar -cvzf new.tar.gz file name to backup
Set a static connection with your settings recieved from dhcp
Nmcli c add con-name static ifname device name enps03 ip4 192.178.1.99/24 gw4 192.168.1.1 autoconnect true type Ethernet
Nmcli con mod static ipv4.dns 8.8.8.8
Nmcli con up static
Ping gw
Ping Google
Create a new user with uid 1099 and another user mike with no login
User add -u 1099 rick
User add -s /sbin/no login Mike
setup autofs /autofs/nfsshare for 192.168.1.65:/home/automount
yum install autofs -y
check nfs shares
showmount -e 192.168.1.65
mkdir -p /autofs/nfsshare
# vi /etc/auto.master /autofs /etc/auto.julien -timeout=120 Or # vi /etc/auto.master.d/julien.autofs /autofs /etc/auto.julien -timeout=120
# vi /etc/auto.julien nfsshare -fstype=nfs4,rw,sync 192.168.1.65:/home/automount
systemctl start autofs
systemctl enable autofs
systemctl status autofs
ll /autofs/nfsshare
cd /autofs/nfsshare
create a thin provisioned 5T drive and mount to data directory
# yum install -y vdo kmod-kvdo # systemctl enable --now vdo
vdo create –name=vdo1 –device=/dev/sdb –vdoLogicalSize=5T
mkfs.xfs -K /dev/mapper/vdo1 # mkdir /data # vi /etc/fstab #/dev/mapper/vdo1 /data xfs x-systemd.requires=vdo.service 0 0 # mount -a
reboot
Setup tuned to the recommended settings
Yum install tuned
Systemctl enable tuned —now
Tuned-adm recommended
tuned-adm profile virtual-guest
tuned-admin active
Install semanage
and add 8761/tcp for apache (http)
Dnf provides semanage to get package name
Dnf install pkg name
install semanage
to find which package you need for a program or command
dnf provides semanage – will show me the pkg name to install
then install
dnf install pkgname
used to manage the policy internally
semanage port -l | grep http shows you all protocals and ports for http the selinux allows
semanage port -a -t http_port_port_t 8761/tcp - would add port 8761 to an approved port
semanage port -a -t http_port_port_t -p 8761/tcp
Semange port manage port policy -a append -t http_port_port_t selinux label -p 8761/tcp is the port and protocal to apply policy to
semanage port -l list all of the lables and ports that has been granted access
semanage fcontext -l
#less/var/log/messages will show permission issues with selinux eg appach cannot access port check selinux #sealert -l
reduce fs to 1G on lv
1)df -h
2)unmount -umount
3)e2fsck -f /dev/mapper/vg-lv - to check fs of lv
4) resisize2fs /dev/mapper/vg-lv 1G
5)lvreduce -L 1G /dev/mapper/vg-lv
6) mount -a
7 df -h
where is the pe size set
on the volume group vgcreate -s 16M
the pe is set on the LV lvcreate -l 50
how to calculate lv size given the Physical extent size 16M and the applied pe is 75
dnf install bc
echo 75*16 | bc
