RHEL Installation & Firewall Flashcards
What is the program for installing RHEL?
anaconda
How do you generate the kickstart file
1) Use the form at access.redhat.com/labs/kickstartconfig
2) Install a RHEL and collect the anaconda-ks.cfg file in root home
How do you validate an anaconda file
ksvalidator filename.cfg
Install ksvalidator
dnf install pykickstart
How do you install virtualization on RHEL?
dnf group install “Virtualization Host”
How do you install cockit?
dnf install -y cockpit-machines
systemctl enable --now cockpit
What is the firewall solution on rhel 9?
firewalld
Determine default firewalld zone
firewall-cmd --get-default-zone
Display config of the current active zone
firewalld-cmd --list-all
Add http service to current zone
firewall-cmd –add-service http
Where are the standard stock zone files stored?
/usr/lib/firewalld/zones
Add http service to current zone permanently
firewall-cmd –add-service http –permanent
Write all the rules that are in memory to permanent
firewall-cmd --runtime-to-permanent
Display config of the firewall zone called block
firewall-cmd --list-all --zone block
Add a source to a zone
firewall-cmd --add-source 172.160.10.30 --zone block --permanent
if a packet does not have a match for a zone, how is it handled?
It is handled by the default zone
What are elements of a zone
target
interfaces
ports
sources
forward
protocols
source-ports
services
rich rules
forward ports
How do I cause firewalld to consider a new service i just created
firewall-cmd --reload
remove a service from the current zone
firewall-cmd –remove-service http –permanent
Find out which interfaces and ports are associated with sshd process
netstat -plnt | grep sshd
You changed sshd to use port 23 but it doesn’t work. why?
it does not have the appropriate selinux context.
Find the port section of the sshd daemon in selinux db?
semalance port -l | grep ssh
ssh is mapped to port 22, telnet is mapped to port 23. how do you get ssh to use port 23?
you do a port context modification so that ssh uses port 23 instead of port 22
Change ssh port context to use port 23 instead of port 22
semanage port -m -t ssh_port_t -p tcp 23