Vous êtes sur la page 1sur 12

A reader of my blog who shall be named C.D. sent me his RHCSA study notes. C.D.

will be taking
the EX200 exam here in a few days, and thus didnt officially join the 2012 Red Hat Study Buddy
group, however he wanted to share his rapid-fire study guide for others to benefit from.
The study notes are in capsule form and follow C.D.s understanding of the Ex200 objectives. They
can be a good guide for anyone looking to evaluate their own readiness for the official exam.
Please understand that these notes were compiled by an individual in preparation for taking the
RHCSA exam. This is simply a study guide that attempts to provide answers and information based
on the exam objectives provided on Red Hats website. This information does not provide specific
information about what is or what is not on the RHCSA exam. This is not a brain dump or some
other form of cheat sheet.

Behold, the notes:


1) Understand and use essential tools
Access a shell prompt and issue commands with correct syntax
CTRL-ALT-F1: From system console, switch to GUI.
CTRL-ALT-F[2-6]: From system console, switch to a terminal.
Applications -> System Tools -> Terminal: From GUI, access a terminal.
Use input-output redirection
cmd > file: Redirect stdout of cmd to file.
cmd 2> file: Redirect stderr of cmd to file.
cmd >> file: Append stdout of cmd to file.
cmd 2>> file: Append stderr of cmd to file.
cmd &> file: Redirect stdout and stderr to file.
cmd < file: Redirect contents of file to stdin of cmd.
cmd1 | cmd2: Redirect stdout of cmd1 to stdin of cmd2.
cmd1 |& cmd2: Redirect stderr of cmd1 to cmd2.
Use grep and regular expressions to analyze text
grep string file: Display lines in file that contain string.
grep -v string file: Display lines in file that do not contain string.
grep -i string file: Case in sensitivedsearch.
egrep: Grep with extended regular expressions.
fgrep: Grep without regular expressions.
Some simple RegEx rules. (A complete understanding of Regular Expressions is beyond the
scope of this document.)
^string': Search for lines beginning with string.
[a-zA-Z]': Search for any line containing a letter.

[^a-zA-Z]': Search for any line not containing a letter.


[0-9]': Search for any line containing a number.
[^0-9]': Search for any line not containing a number.
[0-9][0-9]': Search for any line containing at least two numbers in a row.
Access remote system using ssh and VNC
ssh user@host: Login to host as user via SSH.
vncviewer host:display: Connect to display on host via VNC.
ssh -L port:host:port user@host: Connect to display on host via VNC over SSH.
Log in and switch users in multiuser runlevels
su -: Switch to root user and load root users profile.
su user: Switch to user and load users profile.
su -c command': Run command as root user.
su -c command user: Run command as user.
Archive, compress, unpack, and uncompress files
gzip file: Compress file using gzip.
bzip2 file: compress file using bzip2.
gzip -d file.gz: Decompress file using gzip.
bzip2 -d file.bz2: Decompress file using bzip2.
tar cvf file.tar /dir: Create archive file.tar of contents of dir.
tar cvfz file.tar.gz /dir: Archive with gzip compression.
tar cvfj file.tar.bz2 /dir: Archive with bzip2 compression.
tar xvf file.tar /dir: Extract archive file.tar into dir.
tar xvfz file.tar.gz /dir: Extract gzip compressed archive.
tar xvfj file.tar.bz2 /dir: Extract bzip2 compressed archive.
star -xattr -H=exustar -c -f=file.star /dir/: Archive with SELinux.
star -x -f=file.star: Extract archive with SELinux.
star -xz -f=file.star.gz: Extract gzip compressed archive with SELinux.
star -xj -f=file.star.bz2: Extract bzip2 compressed archive with SELinux.
Create and edit text files
>file: Create file with no content.
vi file: Edit content of file.
Create, delete, copy, and move files and directories
>file: Create file with no content.
rm file: Delete file.
cp file1 file2: Copy file1 to file2.

mv file1 file2: Move file1 to file2.


mkdir /dir: Create directory dir.
mkdir -p /dir1/dir2/dir3: Create a series of directories.
rmdir /dir: Delete an empty directory.
rmdir -p /dir1/dir2/dir3: Delete a series of empty directories.
rm -r /dir: Recursively delete a directory and its contents.
mv /dir1 /dir2: Move directory dir1 to dir2.
Create hard and soft links
Hard-links creates a second copy of the file with identical inode.
Soft-links creates a redirect to the original file.
ln file1 file2: Creates files2 as a hard-link of file1.
ln -s file1 file2: Creates file2 as a soft-link of file1.
List, set, and change standard ugo/rwx permissions
ls -l: List files and include information about permissions.
chown user file: Changes owner of file to user.
chown -R user /dir: Recursively changes owner of directory and contents.
chown user.group file: Changes owner of file to user and group.
chown -R user.group /dir: Recursively changes owner of directory and contents.
chgrp group file: Changes group owner of file to group.
chgrp -R group /dir: Recursively changes group owner of directory and contents.
chmod permissions file: Changes permissions of file.
chmod -R permissions /dir: Recursively changes permissions of directory and contents.
umask: Displays current umask.
umask mask: Sets umask to mask.
With chmod or umask, the permissions or mask are a three digit number.
The first digit is for owner, the second is for group, the third for all others.
Each number is made by adding together the numbers of following permissions: 4 = read, 2
= write, 1 = execute.
chmod ### sets thos permissions
ex: chmod 640 is read and write for owner, read for group, no access for all others.
umask ### are the permissions subtracted from the default permissions (666) of a newly
created file.
ex: umask 002 means news files are created with the permissions 664.
Locate, read, and use system documentation
man topic: Displays manual page for topic.
man # topic: Displays manual page for topic within numbered category.
whatis topic: Lists manual pages with topic in title.

apropos topic: Lists manual pages relating to topic.


/etc/cron.daily/makewhatis.cron: Regenerates manual page database.
info topic: Display info page about topic.
/usr/share/info: Location of all available info pages.
/usr/share/doc: Location of more advanced package specific documentation.

2) Operate running systems


Boot, reboot, and shut down a system normally
reboot: Reboot the system immediately.
shutdown -h now: Shutdown the system immediately.
Boot systems into different runlevels manually
runlevel: Displays the current runlevel.
init #: Changes to specified runlevel.
At GRUB menu, press e or a to edit/append boot kernel options.
Append a runlevel # to end of GRUB options to boot into that runlevel.
Runlevel 0: Halt
Runlevel 1: Single-user mode
Runlevel 2: Multi-user mode, limited services
Runlevel 3: Multi-user mode, networking
Runlevel 4: Undefined
Runlevel 5: Multi-user mode, X11
Runlevel 6: Reboot
Use single-user mode to gain access to a system
At GRUB menu, press e or a to edit/append boot kernel options.
Append single to end of GRUB options to boot into single user mode.
Append init=/bin/sh to end of GRUB options to not load init files.
Identify, adjust priority, and kill processes.
ps -u user: List all processes running as user.
ps -aux: List all running processes.
ps -axl: List all running processes and parent process information.
nice -n # command: Run command at specified priority level.
renice # PID: Changes priority level of process to specified priority level.
renice # -u user: Changes priority level of all of users processes to specified priority level.
The default process priority level is 0.
The highest process priority level is -20.
The lowest process priority level is 19.
kill PID: Sends a signal to specified process.

killall process: Sends a signal to all running processes of that name.


The default signal sent to processes is SIGTERM.
Other signals can be sent by adding the flag -SIGNAL.
1: SIGHUP
2: SIGINT
3: SIGQUIT
6: SIGABRT
9: SIGKILL
14: SIGALRM
15: SIGTERM (default)
top: Lists all running processes in an interactive environment.
Locate and interpret system log files
/var/log: Location of system log files.
lastlog: Outputs information about most recent login of each user based on information in
/var/log/lastlog
utmpdump btmp: Outputs information about failed login attempts based on information in
/var/log/btmp
utmpdump wtmp: Outputs information about logins based on information in /var/log/wtmp
Access a virtual machines console
virt-manager: GUI program for controlling virtual machines.
virsh list all: Lists all virtual machines.
virt-viewer server: Display graphical console forvirtual server.
Start and stop virtual machines
virt-manager: GUI program for controlling virtual machines.
virsh start name: Starts a virtual machine.
virsh destroy name: Shutdown a virtual machine.
virsh list all: Lists all virtual machines.
Start, stop, and check the status of network services
service name start: Starts network service.
service name stop: Stops network service.
service name restart: Restarts network service.
service name reload: Reloads the configuration files for network service.
service name status: Displays status of network service.

3) Configure local storage


List, create, delete, and set partition type for primary, extended, and logical partitions

fdisk: Deprecated utility for manipulating primary, extended, and logical partitions.
parted: Current utility for manipulating primary, extended, and logical partitions.
The fdisk and parted commands are interactive and have their own built-in help files.
Consult man pages for further options.
Create and remove physical volumes, assign physical volumes to volume groups, and create
and delete logical volumes
pvcreate /dev/hd: Create physical volume from device.
pvremove /dev/hd: Remove physical volume from an LVM.
vgextend volumegroup /dev/hd: Create volume group with physical volume or add physical
volume to existing volume group.
vgreduce volumegroup /dev/hd: Remove physical volume from volume group.
lvcreate -L size volumegroup: Create a new logical volume from volume group.
lvdisplay volumegroup: Display information about volume group.
lvremove /dev/volumegroup/volume: Remove a logical volume from volume group.
Create and configure LUKS-encrypted partitions and logical volumes to prompt for password
and mount a decrypted files system at boot
dd if=/dev/urandom of=/dev/hd bs=1M: Fill physical volume with random data.
cryptsetup luksFormat /dev/hd: LUKS-encrypt physical volume.
cryptsetup luksOpen /dev/hd label: Label LUKS-encrypted physical volume.
mkfs.ext4 /dev/mapper/label: Format labelled LUKS-encrypted physical volume.
/etc/crypttab: Configuration file for LUKS-encrypted volumes.
/etc/fstab: Configuration file for volumes mounted by system.
mount: Displays all volumes currently mounted on system.
mount -a: Mount all volumes defined in /etc/fstab
fstab entries are space delimited: device mountpoint fstype options dump fsck
fstab example: /dev/sda1 / ext4 defaults,acl 1 1
cryptab entries are space delimited: label device
cryptab example: cryptvolume /dev/sdb1
Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label
blkid: Find the UUID of a device.
e2label /dev/mapper/volume label: Label a volume.
umount /dev/hd: Unmount a device.
/etc/fstab: Configuration files for volumes mounted by system.
fstab entries are space delimited: device mountpoint fstype options dump fsck
fstab example: /dev/sda1 / ext4 defaults,acl 1 1
Add new partitions and logical volumes, and swap to a system non-destructively
The fdisk and parted commands are interactive and have their own built-in help files.

Consult man pages for further options.


pvcreate /dev/hd physicalvolume: Create a physical volume from device.
vgcreate volumegroup /dev/hd: Create a volume group from a physical volume.
lvcreate -L size -n logicalvolume logicalvolumegroup: Create a logical volume of size in
volume group.
swapon -s: Displays swap devices currently on system.
swapon -v /dev/hd: Add swap device to system.

4) Create and configure file systems


Create, mount, unmount, and use ext2, ext3, and ext4 file systems
mkfs.ext# /dev/hd: Format device as ext# File System.
mount -o rw -t ext# /dev/hd /mountpoint: Mounts device of ext# format in Read/Write mode
to mount point.
umount /dev/hd: Unmounts device.
Mount, unmount, and use LUKS-encrypted file systems
Mounting a LUKS-encrypted file system is identical to mounting a regular file system,
except you will be prompted for a passphrase.
Mount and unmount CIFS and NFS network file systems
mount -t cifs //servername/dir /mountpoint verbose -o user=username: Mounts a CIFS
filesystem to mount point.
mount -o rw -t nfs servername:/dir /mountpoint: Mounts a NFS filesystem to mount point.
umount /mountpoint: Unmounts a mountpoint.
Configure systems to mount ext4, LUKS-encrypted, and network file systems automatically
blkid: Find the UUID of a device.
/etc/crypttab: Configuration file for LUKS-encrypted volumes.
/etc/fstab: Configuration file for volumes mounted by system.
mount: Displays all volumes currently mounted on system.
mount -a: Mount all volumes defined in /etc/fstab
fstab entries are space delimited: device mountpoint fstype options dump fsck
fstab example: /dev/sda1 / ext4 defaults,acl 1 1
cryptab entries are space delimited: label device
cryptab example: cryptvolume /dev/sdb1
Extend existing unencrypted ext4-formatted logical volumes
lvdisplay: Displays infomration about logical volumes on system.
lvextend -L +size /dev/volumegroup/volume: Extends logical volume by size.
lvextend -L size /dev/volumegroup/volume: Extends logical volume to size.
Create and configure set-GID directories for collaboration

chmod g+s: Changes a directory to be set-GID.


Create and manage Access Control Lists (ACLs)
Filesystem must support Access Control Lists.
Add acl to options in /etc/fstab and remount filesystem if this option is not already set.
mount -o remount /mountpoint: Remounts a mountpoint that is in use, applying any new
options.
/etc/fstab: Configuration file for volumes mounted by system.
getfacl file: Displays the Access Control Lists (ACLs) set on a file.
setfacl -m A:C:L file: Sets the Access Control Lists (ACLs) set on a file.
Diagnose and correct file permission problems
ls -l: Display file permissions.

5) Deploy, configure, and maintain systems


Configure networking and hostname resolution statically or dynamically
setup: Command line system for configuring networking related options.
/etc/hosts: Local lookup table for statically defined hosts.
/etc/resolv.conf: Configuration file for resolving hosts.
/ets/sysconfig/network: Configuration file for system networking settings.
/etc/sysconfig/network-scripts: Configuration files for interface specific networking settings.
Schedule tasks using cron
crontab -l: Displays crontab for current user.
crontab -e: Edits crontab for current user.
Cron entries require six space delimited options.
Each option can either be a *, something within the range, a comma separated list involving
the range, or division math involving the range.
The command will be triggered whenever all conditions match.
1: Minute (0-59)
2: Hour (0-23)
3: Day of Month (1-31)
4: Month (1-12)
5: Day of Week (0-6, starting at Sunday)
6: Command to be executed.
example: 0 3 1 1-12/2 * command, will run command at 3:00am on the first day of every
other month.
Configure systems to boot into a specific runlevel automatically
/etc/inittab: Edit to make runlevel changes permanent.

Install Red Hat Enterprise Linux automatically using Kickstart


system-config-kickstart: GUI for creating kickstart files.
/root/anaconda-ks.cfg: Kickstart file for running system at time of creation.
For a bare metal kickstart enter GRUB an add the following line:
ks=hd:sdba1/ks.cfg: Use a kickstart file on the local disk.
ks-cdrom:/ks.cfg: Use a kicksart file on the cdrom.
ks=ftp://server/ks.cfg: Use a kickstart file on an FTP server.
ks=nfs:server/ks.cfg: Use a kickstart file on an NFS server.
ks=http://server/ks.cfg: Use a kickstart file on a web server.
For virtual machines add an option to virt-install similar to baremetal kickstart options:
ex: -x ks=KICKSTARTOPTION ksdevice=ETHERNETDEVICE ip=IPADDRESS
netmask=NETMASK gateway=GATEWAY
There are numerous kickstart options available. Running system-config-kickstart
/root/anaconda-ks.cfg is your best bet short of memorizing all options.
Configure a physical machine to support virtual guests
yum -y install libvirt libvirt-client python-virtinst qemu-kvm virt-manager virt-top virtviewer: Install packages needed for hosting KVMs.
yum -y install qemu* virt* libvirt* python-virtinst: Installs all packages related to hosting
KVMs.
modprobe kvm: Adds kernel module for hosting KVMs.
Install Red Hat Enterprise Linux systems as virtual guests
virt-manager: GUI program for controlling virtual machines.
virsh list all: Lists all virtual machines.
Configure systems to launch virtual machines at boot
virsh autostart name: Configures virtual machine to start at boot.
virsh autostart disable name: Disabled virtual machines from starting at boot.
Configure network services to start automatically at boot
chkconfig list: Lists all installed network services.
chkconfig service on: Configures network service to start at boot.
chkconfig level # service on: Configures network service to start in specified runlevels.
chkconfig service off: Disables network service from starting at boot.
chkconfig level # service off: Disables network service from starting in specified runlevels.
Configure a system to run a default configuration HTTP server
yum -y install httpd && chkconfig httpd on && service httpd start: Install and start httpd,
and set to start on boot.
/var/www/html: Location of files served by HTTP server.

Firewall: Open ports 80 for HTTP and 443 for HTTPS, using iptables.
SELinux: Make sure SELinux contexts are correct for all files server, man httpd_selinux
for more various options.
Configure a system to run a default configuration FTP server
yum -y install vsftpd && chkconfig vsftpd on && service vsftpd start: Install and start
vsftpd, and set to start on boot.
/var/ftp: Location of files served by FTP Server.
Firewall: Open ports 20 and 21 for FTPD, using iptables.
SELinux: Make sure SELinux contexts are correct for all files server, man ftpd_selinux for
more various options.
Install and update software packages from Red Hat Network, a remote repository, or from the
local file system
rhn_register: Register system with Red Hat Network.
yum install package: Install package from yum repository.
/etc/yum.repos.d: Directory containing information relating to yum repos.
rpm -Uvh package.rpm: Upgrades RPM package from local file system.
rpm -ivh package.rpm: Installs RPM package from local file system.
Update the kernel package appropriately to ensure a bootable system
Never update the kernel package, always install a new kernel.
rpm -ivh kernel.rpm: Installs a new kernel from an rpm package.
yum install kernel: Installs a new kernel from a yum repository.
Modify the system bootloader
/boot/grub/grub.conf: Configuration files for system boot loader.

6) Manage users and groups


Create, delete, and modify local user accounts
useradd user: Adds user to system.
userdel user: Deletes user from system.
usermod options user: Modifty a user.
usermod options:
-d /dir: Changes the users home directory.
-e YYYY-MM-DD: Changes the expiration date of users account.
-f #: Changes the number of days after password expiration that users account is
disabled, 0 for immediately, -1 for never.
-g GID: Changes the users main group.
-G GID: Comma separated list of additional groups that the user belongs to.
-l newuser: Changes the users login name to a new name.

-L: Locks the user account, preventing logins.


-s shell: Changes the users login shell.
-u UID: Changes the users UID.
-U: Unlocks the user account, allowing logins.
-Z seuser: Changes ther users SELInux user type.
Change passwords and adjust password aging for local user accounts
passwd: Change your password.
passwd user: Change users password.
chage user: Change users password aging.
Create, delete, and modify local group and group membership
groups user: List which groups a user belongs to.
groupadd group: Create group.
groupdel group: Delete group.
groupmod -n newgroup oldgroup: Change the name of a group.
groupmod -g GID group: Change the GID of a group.
groupmems -g group -a user: Add a user to group.
Configure a system to use an existing LDAP directory service for user and group information
yum -y install openldap-clients: Install the required OpenLDAP clients.
system-config-authentication: GUI for connecting system to existing LDAP directory
service.
It is possible to configure LDAP connections manually, but using system-configauthentication is your best option for the RHCSA exam.

7) Manage security
Configure firewall settings using system-config-firewall or iptables
system-config-firewall: GUI program for modifying firewall settings.
IPTables are complex when used from the command line. Using the system-config-firewall
or setup are your best options for the simple firewall configurations required for the
RHCSA exam.
Set enforcing and permissive modes for SELinux
getenforce: Display SELinux enforcing mode.
setenforce #: Toggle SELinux enforcing mode on or off.
/etc/selinux/config: Make permanent changes to SELinux enforcing mode.
List and identify SELinux file and process context
ls -lZ: List file permissions, with SELinux information.
ps -Zu user: List all processes running as user, with SELinux information.

ps -Zaux: List all running processes, with SELinux information.


ps -Zaxl: List all running processes and parent process information, with SELinux
information.
Restore default file contexts
semanage fcontext -a -t context /dir(/.*?): Sets the SELinux context of a directory and its
contents.
restorecon -F -R -v /dir: Recursively restores SELinux context of a directory and its
contents.
Use boolean settings to modify system SELinux settings
getsebool -a: Lists all SELinux boolean settings and current status.
setsebool -P boolean on: Sets SELinux boolean to on.
getsebool -P boolean off: Sets SELinux boolean to off.
togglesebool boolean: Toggles SELinux boolean on or off.
Diagnose and address routine SELinux policy violations
ausearch -m avc -c command: Search for SELinux policy violations associated with
command.
sealert -a /var/log/audit/audit.log: Detaild descriptions of SELinux policy violations found in
log.
/var/log/audit/audit.log: Log file containing information about SELinux policy violations.