RHEL Installation & Firewall Flashcards

1
Q

What is the program for installing RHEL?

A

anaconda

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do you generate the kickstart file

A

1) Use the form at access.redhat.com/labs/kickstartconfig
2) Install a RHEL and collect the anaconda-ks.cfg file in root home

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do you validate an anaconda file

A

ksvalidator filename.cfg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Install ksvalidator

A

dnf install pykickstart

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do you install virtualization on RHEL?

A

dnf group install “Virtualization Host”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do you install cockit?

A
dnf install -y cockpit-machines
systemctl enable --now cockpit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the firewall solution on rhel 9?

A

firewalld

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Determine default firewalld zone

A
firewall-cmd --get-default-zone
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Display config of the current active zone

A
firewalld-cmd --list-all
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Add http service to current zone

A

firewall-cmd –add-service http

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Where are the standard stock zone files stored?

A

/usr/lib/firewalld/zones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Add http service to current zone permanently

A

firewall-cmd –add-service http –permanent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Write all the rules that are in memory to permanent

A
firewall-cmd --runtime-to-permanent
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Display config of the firewall zone called block

A
firewall-cmd --list-all --zone block
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Add a source to a zone

A
firewall-cmd --add-source  172.160.10.30 --zone block --permanent
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

if a packet does not have a match for a zone, how is it handled?

A

It is handled by the default zone

17
Q

What are elements of a zone

A

target
interfaces
ports
sources
forward
protocols
source-ports
services
rich rules
forward ports

18
Q

How do I cause firewalld to consider a new service i just created

A
firewall-cmd --reload
19
Q

remove a service from the current zone

A

firewall-cmd –remove-service http –permanent

20
Q

Find out which interfaces and ports are associated with sshd process

A
netstat -plnt | grep sshd
21
Q

You changed sshd to use port 23 but it doesn’t work. why?

A

it does not have the appropriate selinux context.

22
Q

Find the port section of the sshd daemon in selinux db?

A

semalance port -l | grep ssh

23
Q

ssh is mapped to port 22, telnet is mapped to port 23. how do you get ssh to use port 23?

A

you do a port context modification so that ssh uses port 23 instead of port 22

24
Q

Change ssh port context to use port 23 instead of port 22

A
semanage port -m -t ssh_port_t -p tcp 23
25
You want to run apache on port 82. what do you do?
1) Change config to use port 82 2) Start the server 3) Check status: systemctl status httpd 4) Notice error: could not bind bind to address 0.0.0.0:82 5) Check logs: sealert -a /var/log/audit/audit.log 6) Execute recommendation: semanage port -a -t http_port_t -p tcp 82 7) firewall-cmd --add-port 82/tcp --permanent
26
Find example of config in semanage db that uses http protocol
semanage port -l | grep http
27
Open port 82 for apache in firewalld
```firewall-cmd --add-port 82/tcp --permanent```
28
Where do you get RHEL binaries from
access.redhat.com
29
What is a kickstart file
a file that allows anakonda to install rhel in a non-interactive way
30
How do you secure the grub?
in kickstart file, supply a GRUB password
31
After installation, where can i find the configuration that was used to install rhel?
/root/anakonda-ks.cfg
32
How do you manage your vms on rhel
use virt cmd line tool or the web console
33
How do you validate that you have all the prerequisites to run vms
virt-host-validate
34
Provision a virtual machine
virt-install
35
netfilter
framework for network traffic operations such as packet filtering, network address translation, and port translation
36
nftables
1) replacement for iptables 2) packet classification framework 3) uses netfilter for rules enforcement
37
Advantages of nftables
1) Usability 2) Efficient rule set 3) iptables required a rule for each protocol, but nftables rules can apply to both IPv4 and IPv6 simultaneously 4) iptables required using different tools, such as iptables, ip6tables, arptables, and ebtables, for each protocol
38
Firewalld mapping process
source IP -> network Interface -> default zone
39
runtime vs permanent vs reload
1) if you run a cmd with --runtime, you must run --permanent later 2) if you run it with --permanent, you must run --reload