RHCSA

Question 1

enable ssh access for root on both servers.

Answer 1

vi /etc/ssh/sshd_config

Change the following line (should be line 40):
PermitRootLogin yes

systemctl restart sshd

Question 2

Ensure network services start at boot.

Answer 2

systemctl status NetworkManager

Check to see that it’s enabled and running. If not, then run
systemctl enable --now NetworkManager

Question 3

Set the target as multi-user and make sure it boots into that automatically. Reboot to confirm.

Answer 3

systemctl set-default multi-user
systemctl reboot

Question 4

Configure the network interfaces and hostnames

Answer 4

nmcli con show

Output shows enp0s8 as unconfigured
~~~
nmcli con mod enp0s8 ipv4.method manual ipv4.addresses “192.168.55.71/24” ipv4.gateway “192.168.55.1” ipv4.dns “8.8.8.8” ipv6.method manual ipv6.addresses “2002:fe60:def0::55/64”
nmcli con down enp0s8
nmcli con up enp0s8
nmcli general hostname rhcsa9-server1
~~~
Check to make sure everything is good
nmcli con show enp0s8

Question 5

Enable key-based ssh authentication for root on both servers.

Answer 5

On server1:
~~~
ssh-keygen
ssh-copy-id root@192.168.55.72
scp /root/.ssh/* root@192.168.55.72:/root/.ssh
~~~
On server2:
ssh-copy-id root@192.168.55.71

Question 6

Set the password on all of the newly created users to dbapass

Answer 6

for user in manny moe jack marcia jan cindy; do echo "dbapass" | passwd --stdin $user; done

Question 7

Create sudo command alias for MESSAGES with the command /bin/tail -f /var/log/messages

Answer 7

visudo

MESSAGES
Cmnd_Alias MESSAGES = /bin/tail -f /var/log/messages

Question 8

Find all files larger than 3MB in the /etc directory on server1 and copy them to /largefiles

Answer 8

mkdir /largefiles
find /etc -type f -size +3M -exec cp {} /largefiles \; 2>/dev/null
ls -al /largefiles/

Question 9

Put SELinux on server2 in permissive mode.

Answer 9

vi /etc/selinux/config

Change the following line:
SELINUX=permissive

Question 10

create swap partition and mount it persitently

Answer 10

fdisk /dev/sdb
n
p
[enter]
\+1G
t # change type
2 # partition 2
swap
w

free -m 
mkswap /dev/sdb2
vim /etc/fstab
/dev/sdb2 swap swap defaults 0 0
swapon -va
free -m

Question 11

Find all files that have the SUID permission set, and write the result to the file /root/suidfiles

Answer 11

find / -type f -perm /4000 > /root/suidfiles

Question 12

special permissions

Answer 12

**SUID 4 u+s ** User executes file with permissions of file owner.

SGID 2 g+s User executes file with permissions of group owner. Files created in directory get the same group owner.

**Sticky bit 1 +t **No meaning. Prevents users from deleting files from other users.

Question 13

Logical Volume Management

Answer 13

• pvs - List physical volumes
• pvcreate - Create physical volume
• vgs - List volume groups
• vgcreate - Create volume group
• lvs - List logical volumes
• lvcreate - Create logical volume
  
  • lvcreate -l 100%FREE -n database1 db_storage creates a logical volume called database1 under the volume group db_storage

Question 14

Creating LVM Logical Volumes

Answer 14

• first have to convert physical devices, such as disks or partitions, into physical volumes (PVs)
• create the volume group (VG) and assign PVs to it
• create the logical volume (LV) itself

Question 15

Add a 10-GiB disk to your virtual machine. On this disk, create a Stratis pool and volume. Use the name stratisvol for the volume, and mount it persistently on the directory /stratis.

Answer 15

1. dnf install stratisd stratis-cli to install all the required packages.
2. Type systemctl enable --now stratisd to enable the Stratis daemon.
3. Type stratis pool create mypool /dev/sdc to add the entire disk /dev/sdc to the storage pool.
4. Type stratis pool list to verify successful creation of the pool.
5. Type stratis fs create mypool stratis1 to create the first Stratis file system. Note that you don’t have to specify a file system size.
6. Type stratis fs list to verify the creation of the file system.
7. Type mkdir /stratis to create a mount point for the Stratis file system.
8. Type stratis fs list to find the Stratis volume UUID.
9. Add the following line to /etc/fstab to enable the volume to be mounted automatically. Make sure to use the UUID name that is used by your Stratis file system.
   UUID=xxx /stratis xfs defaults,x-systemd.requires=stratisd.service 0 0
10. Type mount -a to mount the Stratis volume. Use the mount command to verify that this procedure worked successfully.

Question 16

Create a configuration that allows user laura to run all administrative commands using sudo

Answer 16

sudo visudo -f /etc/sudoers.d/laura
	laura ALL=(ALL) ALL

Question 17

Create a directory with the name /users and ensure it contains the subdirectories linda and anna. Export this directory by using an NFS server

Answer 17

dnf install -y nfs-utils
mkdir -p /users/{linda,anna}
chown -R nfsnobody:nfsnobody /users
chmod -R 755 /users
man exports and search EXAMPLE
vim /etc/exports
	/users *(rw,sync,no_root_squash)
systemctl enable --now nfs-server
firewall-cmd --add-service nfs --permanent
firewall-cmd --add-service rpc-bind --permanent
firewall-cmd --add-service mountd --permanent
firewall-cmd --reload
firewall-cmd --list-all
showmount -e localhost # verify the export

Question 18

create user craig with no login shell

Answer 18

useradd craig -s /sbin/nologin

Question 19

/var/fstab
user natasha should have read and write access

group Mac shoud have no access

Answer 19

setfacl -m u:natasha:rw- /var/fstab
setfacl -m g:Mac:--- /var/fstab
getfacl /var/fstab

Question 20

get default boot target
CLI-only boot environment

Answer 20

systemctl get-default
multi-user.target

Question 21

break into machine

Answer 21

e to get grub menu
init=/bin/bash at end of line
mount -o remount,rw /
passwd root
touch /.autorelabel
exec /usr/lib/systemd/systemd

Question 22

generate ssh key and copy to another server

Answer 22

ssh-keygen
ssh-copy-id user@server

Question 23

Documentation Commands

Answer 23

mandb # update man
man
man -k
info
/usr/share/doc

Question 24

Logging

Answer 24

/var/log/messages
journalctl
mkdir /var/log/journal to set up persistent journal logging
journalctl --flush to flush the files from /run/log/journal to /var/log/journal

Question 25

Tuning Profiles

Answer 25

tuned-adm is the tuned manager
apply profiles… use –help
configure dynamic tuning in /etc/tuned/tuned-main.conf

Question 26

Repo Management

Answer 26

find config values in man dnf.conf
- If you can’t remember man dnf.conf, first to man -k dnf, and it will show you all of the listings matching dnf. Go into man dnf.conf and then do G to go to the end. Page up a couple times and you’ll see all of the repo options to drop into .repo files.
- auto-add a repo with dnf config-manager --add-repo URL
- After the auto-add, you can go and modify the .repo file created

vi /etc/yum.repos.d/local.repo
~~~
[BaseOS]
name=BaseOS
enabled=1
baseurl=http://192.168.55.47/repo/BaseOS/
gpgcheck=0

[AppStream]
name=AppStream
enabled=1
baseurl=http://192.168.55.47/repo/AppStream/
gpgcheck=0
~~~

Question 27

Network Management

Answer 27

    nmcli con show
    nmcli con show <name>
    nmcli con mod <name> <properties>
    nmcli con up|down|reload <name>

Question 28

Managing Superuser Access

Answer 28

Run visudo to edit the /etc/sudoers file. DO NOT EDIT /etc/sudoers directly
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum, /usr/bin/dnf says the SOFTWARE alias can run those commands
%dba_admin ALL=SOFTWARE, SERVICES, PROCESSES says the dba_admin group can run commands from those aliases
The file is pretty well-commented… Easy enough to figure out what to do

Question 29

Time, timezone, NTP, hostname

Answer 29

    timedatectl
    /etc/chrony.conf
    hostnamectl
    nmcli general hostname <hostname>

Question 30

Configure autofs to automatically mount individual users’ home directories from /export/home on server1 to /mnt/autofs_home/<user_name>.</user_name>

Answer 30

### on both servers:
dnf install -y nfs-utils autofs
systemctl enable --now autofs
mkdir /mnt/autofs_home

vim /etc/auto.master
/mnt/autofs_home /etc/auto.home

vim /etc/auto.home
* server1:/export/home/&

systemctl restart autofs

server1 - setup nfs
~~~
man exports | grep EXAMPLE
vim /etc/exports
/exports/home *(rw,no_root_squash)
systemctl enable –now nfs-server
firewall-cmd –add-service=nfs –permanent
firewall-cmd –add-service=rpc-bind –permanent
firewall-cmd –add-service=mountd –permanent
firewall-cmd –reload
showmount -e localhost
~~~

Question 31

Set password policies to require a minimum of 8 characters and a maximum age of 60 days

Answer 31

vi /etc/login.defs

Change the following line (should be line 131)
PASS_MAX_DAYS   60

vi /etc/security/pwquality.conf

Uncomment or change the following line (should be line 11):
minlen = 8

Question 32

Set the password on all of the newly created users to dbapass

Answer 32

for user in manny moe jack marcia jan cindy; do echo "dbapass" | passwd --stdin $user; done

Question 33

Create sudo command alias for MESSAGES with the command /bin/tail -f /var/log/messages and enable craig privilege

Answer 33

~~~
visudo

Cmnd_Alias MESSAGES = /bin/tail -f /var/log/messages

craig ALL = MESSAGES

Question 34

Configure server to create files with 660 permissions by default

Answer 34

vi /etc/login.defs

UMASK 007

Question 35

create a tar w/gzip archive of /etc called etc_archive.tar.gz in the /archives directory

Answer 35

mkdir /archive
dnf install -y tar gzip
tar -czvf /archives/etc_archive.tar.gz /etc

Question 36

On server1 create a folder called /links, and under links create a file called file01. Create a soft link called file02 pointing to file01, and a hard link called file03 pointing to file01. Check your work.

Answer 36

mkdir /links
touch /links/file01
ln -s /links/file01 /links/file02
ln /links/file01 /links/file03
ls -lai /links

Question 37

Find all suid files and save the list to /root/suid.txt.

Answer 37

find / -type f -perm /u+s > /root/suid.txt

find / -type f -perm /4000 > root/duid.txt

Question 38

Find all files larger than 3MB in the /etc directory on server1 and copy them to /largefiles

Answer 38

mkdir /largefiles
find /etc -type f -size +3M -exec cp {} /largefiles \; 2>/dev/null
ls -al /largefiles/

Question 39

persistently mount /export/dba_files from the server 192.168.55.47 under /mnt/dba_files. Ensure manny is the user owner and dba_staff is the group owner. Ensure the groupID is applied to newly created files. Ensure users can only delete files they have created. Ensure only members of the dba_staff group can access the directory.

Answer 39

mkdir /mnt/dba_files
vi /etc/fstab

Add the following line to /etc/fstab:
192.168.55.47:/export/dba_files  /mnt/dba_files  nfs  defaults  0 0

Write and quit /etc/fstab, then check the mount:
mount -a

Set the permissions:
chown manny:dba_staff /mnt/dba_files
chmod 770 /mnt/dba_files
chmod g+s,+t /mnt/dba_files

Question 40

Create a job using at to write “This task was easy!” to /coolfiles/at_job.txt in 10 minutes

Answer 40

dnf install -y at
systemctl enable --now atd

at now + 10 minutes
mkdir /coolfiles
echo "This task was easy!" > /coolfiles/at_job.txt
#Ctrl-d to exit

Question 41

Create a job using cron to write “Wow! I’m going to pass this test!” every Tuesday at 3pm to /var/log/messages

Answer 41

crontab -e

0 15 * * 2 root echo "Wow! I'm going to pass this test!" >> /var/log/messages

Question 42

On server1, modify the bootloader with the following parameters:
~~~
Increase the timeout using GRUB_TIMEOUT=10
Add the following line: GRUB_TIMEOUT_STYLE=hidden
Add quiet to the end of the GRUB_CMDLINE_LINUX line
~~~

Answer 42

vi /etc/default/grub

Add or edit the following lines:
GRUB_TIMEOUT=10
GRUB_TIMEOUT_STYLE=hidden
GRUB_CMDLINE_LINUX  ### add quiet to the end

Write and quit the file

grub2-mkconfig -o /boot/grub2/grub.cfg

Reboot and watch the boot from the console to verify
systemctl reboot

Question 43

Configure NTP synchronization on server. Point them to us.pool.ntp.org

Answer 43

man -k chron # to find chrony.conf
vi /etc/chrony.conf

Edit the following line (should be line 3):
pool us.pool.ntp.org iburst

Write and quit, then restart the service:
systemctl restart chronyd

Check the logs to ensure time is being pulled from the new source:
journalctl -u chronyd

You should see a line similar to the following at the end:
Feb 14 09:00:48 rhcsa9-server1 chronyd[705]: Selected source 73.61.36.59 (us.pool.ntp.org)

Question 44

set a merged tuned profile using the the powersave and virtual-guest profiles.

Answer 44

dnf install -y tuned
systemctl enable --now tuned
tuned-adm profile powersave virtual-guest

Question 45

Write a script that finds all the files owned by new_user and have size greater than 30KB and less than 50KB and store them in /tmp/

Answer 45

# vim find_files.sh
	#!/bin/bash
	find / -type f -user new_user -size +30k -size -50k -exec cp {} /tmp/ \;
# chmod +x $_

Question 46

As a System Administrator you are responsible to take a backup of your /etc directory every night. Build a shell script to take a backup of the /etc/directory using the tar command. The backup script should be named as /root/backup.sh. Schedule this script to run at 11:00 PM every night – except Sundays.

Answer 46

# vim /root/backup.sh 
	#!/bin/bash 
	# you can add the file name with the date to keep all the changes 
	tar -cvf etc_backup.tar /etc/
# chmod +x /root/backup.sh
#/root/backup.sh
# crontab -e 
* 23 * * 1-6 /root/backup.sh

Question 47

Modify the GRUB timeout and make it 1 second instead of 5 seconds

Answer 47

On UEFI-based machine :

Any change to /etc/default/grub require rebuilding the grub.cfg
~~~
vim /etc/default/grub
GRUB_TIMEOUT=1
-
# On BIOS-based machine :
grub2-mkconfig -o /boot/grub2/grub.cfg

grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
~~~
reboot
To determine if the system is booted on BIOS or UEFI mode
dmesg | egrep -i "efi|bios"

Question 48

Create three users (Derek, Tom, and Kenny) that belong to the instructors group. Prevent Tom’s user from accessing a shell, and make his account expire 10 day from now

Answer 48

# groupadd instructors
# useradd Derek -G instructors
# useradd Tom -G instructors -s /sbin/nologin -e +10days
# useradd Kenny -G instructors

Question 49

a group name is ‘elite’, they have to give administrative permission without password

Answer 49

visudo
Add the new line
%elite ALL=(ALL) NOPASSWD: ALL
\:wq

Question 51

Copy the lines containing the word “root” in /etc/password and copy them into a file /mnt/pass

Answer 51

grep "root" /etc/passwd > /mnt/pass

Question 52

create user bob with UID 1234
* can only change passwordc
* cannot start an interactive shell

Answer 52

useradd bob -u 1234
* usermod -s /usr/bin/passwd bob
* usermod -s /sbin/nolgin bob

Question 53

configure ssh so root is allowed to connect and on port 2022

Answer 53

vim /etc/ssh/sshd_config
port 2022
PermitRootLogin yes

semanage port -l | grep ssh
semanage port -a -t ssh_port_t -p tcp 2022
firewall-cmd --add-port=2022/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
systemctl restart sshd

Question 55

Create a directory /users/ and in this directory create the directories user1 through user5 using one command.

Answer 55

mkdir -p /users/user{1..5}

Question 57

Configure a web server to use the nondefault document root /webfiles. In this directory, create a file index.html that has the contents hello world and then test that it works.

Answer 57

dnf install -y httpd
mkdir /webfiles
echo "hello world" > /webfiles/index.html
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/webfiles"
<Directory "/webfiles"> # change this in 2 places

find context type
semanage fcontext -l | grep httpd | grep '/var/www'
chcon -R -t httpd_sys_content_t /webfiles

curl http://localhost

Question 58

command-line arguments

Answer 58

$0 = Name of Script

$1 = First argument
$2 = Second argument
$3 = Third argument
...
$n = n argument

$# = Number of arguments provided
$@ = List of arguments provided

Question 59

SELinux troubleshoot

Answer 59

Install everything under keywords policycoreutils and setroubleshoot
dnf install -y policycore* setrouble*

check logs, will have more details now
grep httpd /var/log/messages