Untitled

RED HAT CERTFIED SYSTEM ADMINISTRATOR V 7  EXAM NOTES


IMPORTANT THINGS

mount -o remount,rw |  fix corrupted partitioning

awk '/bash/ {print $0}' /etc/passwd > bash.txt  | takes any line containing bash and put them in file bash.txt

cd /root
wget "http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm"
rpm -ivh epel-release-7-0.2.noarch.rpm
yum repolist all
yum install ntfs-3g


VLC MEdia Player

Installation (copy/paste) for EL7: rpm -Uvh http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm && rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm
yum yum install vlc

-----------------------------------------------------------------
NETWORKING /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.122.10
NETMASK=255.255.255.0
GATEWAY=192.168.122.1
DNS1=8.8.8.8
DNS2-8.8.4.4
ONBOOT=YES

-----------------------------------------------------------------------


Disable FIREWALLD AND IPTABLES-SAVE
================================================================================
systemctl disable firewalld
systemctl stop firewalld
systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables

iptables-save > /etc/sysconfig/iptables


		TO have script start at boot
==================================================================================

vi /etc/rc.d/rc.local
tar -cvzf /root/backup.sh /home/bigtymer37/


			VNC Cent OS 6
===============================================================================


yum install tigervnc vinagre tigervnc-server

/etc/sysconfig/vncserver

VNCSERVERS="1:username 2:username"
VNCSERVERARGS[2]="-geometry 800x600 -no listen tcp -localhost"

systemctl enable firewalld
systemctl start vnc-servers
firewall-cmd --permanent --zone=public --add-server vnc-server

           Cent-OS 7

yum install tigervnc-server
cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:2.service
vi /etc/systemd/system/vncserver@:2.service

edit

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c ‘/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :’
ExecStart=/sbin/runuser -l bigtymer37 -c “/usr/bin/vncserver %i -geometry 1280×1024″
PIDFile=/home/bigtymer37/.vnc/%H%i.pid
ExecStop=/bin/sh -c ‘/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :’

[Install]
WantedBy=multi-user.target


su bigtymer37 ---------------------- ver importannt

vncserver    ------------create password

systemctl enable firewalld
systemctl start firewalld
firewall-cmd --permanent --zone=public --add-port=5902/tcp
systemctl restart firewalld

systemctl start vncserver@:2.service
systemctl enable vncserver@:2.service

from client compueter

vinagre 192.168.122.12
vncviewer 192.168.122.12

XFS REDUCE AND GROW


pvcreate /dev/sda
vgcreate -s 1M cent /dev/sda
vgdisplay   --- check total extents
lvcreate -n data -l 255 cent
mkfs.xfs /dev/mapper/cent-data
mkdir /cent
mount /dev/mapper/cent-data /cent
lvextend --size +50M -r /dev/mapper/cent-data    ----- TO GROW XFS LOGICAL VOLUME MUST BE MOUNTED BUT NOT ON EXT4 !!!!!!!
xfs_growfs /cent
lvreduce --size -50M -r /dev/mapper/cent-data    ------- -r allows file system to grow / reduce aswell as logical volume   CAN NOT SHRINK XFS FILESYSTEM ONLY EXT file systems

==============================================================================

Add extra SWAP SPACE
pvcreate /dev/sda
vgcreate extra /dev/sda
lvcreate -n swap -l 205 extra
mkswap /dev/mapper/extra-swap
vi /etc/fstab
/dev/mapper/extra-swap	swap	swap	defaults	0 0
swapon -va
free -m
==============================================================================
Virtualization

yum groupinstall Virtualization*

images stored in /var/lib/libvirt/images

yum install qemu-kvm python-virtinst virt-manager virt-top virt-viewer libvirt libvirt-client

virt-install --prompt | run install from cmd

virt-install -n cent7-server -r 2048 --disk \path=/var/lib/libvirt/images/cent7-server.img,size=15 \-l http://192.168.0.15/cent \-x ks=http://192.168.0.15/cent/ks.cfg


virsh list --all

virsh destroy centos.img | shuts down vm then delete image from /var/lib/libvirt/images/

virsh autostart (domain name) | starts on boot up
virsh autostart --disable (domain name) | disables at bootup
virt-viewer (domain name)  access virtual machine gui

SNAPSHOTS of VMS

virsh snapshot-create-as cent-server snap1-C-S "snap1 description" --diskspec vda,file=/var/lib/libvirt/images/cent-server.qcow2 --disk-only --atomic
Domain snapshot snap1-C-S created

virsh snapshot-create cent-server

virsh snapshot-create cent-server | create snapshot

virsh snapshot-list cent-server   | list snapshot

virsh snapshot-revert cent-server   ******  | revert snapshot Make sure VM is off when you revert


virsh snapshot-delete cent-server ****** | delete snapshot

cd /var/lib/libvirt/images/    | REMOVE VM
rm ****.img
cd /etc/libvirt/qemu/
rm ****.xml

virt-clone --prompt   |    to clone VM

ADDING STORAGE

dd if=/dev/zero of=/var/lib/libvirt/images/sdb1.img bs=1M seek=512 count=0

-------------------------------------------------
nfs

vi /etc/exports

/nfs 192.168.122.167(rw,async)
exportfs

FROM OTHER MACHINE

mount -t nfs 192.168.122.10:/nfs /nfs

AUTOMOUNTER!!! important DO NOT HAVE DIRECTORY CREATED BEFORE ADDING TO AUTO.NFS
vi  /etc/auto.master

/nfs 	/etc/auto.nfs

:wq!

vi /etc/auto.nfs

home	-fstype=nfs,rw,sync 192.168.122.10:/hello

service autofs restart

cd /nfs/home


SMB
============================================================

yum install cifs-utils

yum install samba-client

Edit the /etc/fstab file and add the following line:

smbserver:/shared /mnt cifs rw,username=user01,password=user01 0 0


AUTOMOUNT CIFS

vi /etc/auto.master

/cifs	/etc/auto.cifs

wq!

vi /etc/auto.cifs
winbox	-fstype,rw,noperm,user=user01,pass=user01	192.168.122.12:/hello

:wq!

service autofs restart

cd /cifs/winbox


------------------------------------------------------------

FORMATING A DRIVE

Make sure drive is unmounted

df to check mounted drives

fdisk /dev/sdb

n to select partition

p to select primary partition

enter select beggining of drive

enter select end of drive

t

83 for linux  82 for swap

w to save


mkfs.ext4 /dev/sdb

partprobe /dev/sdb

fsck -t ext4 /dev/sdb check filesystem

mount /dev/sdb /sdb1

======================================================

Logical volumes

# Useful LVM commands
# pvdisplay - Displays currently configured PVs.
# pvchk - Checks the integrity of a physical volume.
# pvs - Lists configured PVs and the associated VGs.
# pvmove - Moves PVs in a VG from the specified partition to free locations
  on other partitions; prerequisite is to disable the PE.
# vgcfgbackup - Backs up and restores the configuration files associated with LVM
# vgchange - Similar to pvchange, allows you to activate or deactivate a VG. For
# vgck - Checks the integrity of a volume group.
# vgcreate - Creates a VG, from two or more configured PVs: for example,
# vgdisplay - Displays characteristics of currently configured VGs.
# vgextend - if you�ve create  a new PV vgextend vg00 /dev/sda11 adds the
  space from /dev/sda11 to vg00.
# vgrename - Allows renaming of LVs.
# vgs - Displays basic information on configured VGs.
# vgscan - Scans and displays basic information on configured VGs.
# lvcreate - Creates a new LV in an existing VG.
# lvdisplay - Displays currently configured LVs.
# lvextend - Adds space to an LV: the lvextend -L6G /dev/volume01/lv01
  command extends lv01 to 6GB, assuming space is available.
# lvrename - Renames an LV.
# lvresize - Resizes an LV; can be done by -L for size. For example, lvresize -L
  6GB volume01/lvl01 changes the size of lvl01 to 6GB.
# lvs - Lists all configured LVs.

# Don't setup a LVM vol for the /boot dir. Linux can't read from it on boot.

pvcreate /dev/sdb /dev/sdc
vgcreate cent -s 8M /dev/sdb /dev/sdc | -s add physeical extent
lvcreate -n data -l 50 vol-group | -l specifies logical extent size
mkdir /cent-data
mkfs.ext4 /dev/mapper/cent-data
mount /dev/mapper/cent-data /cent-data
partprobe /dev/mapper/cent-data
fsck -t ext4 /dev/mapper/cent-data
blkid
add UUID to fstab or auto.master and auto.cent-data
=====================================================================================

LUKS ENCRYPTION
pvcreate /dev/sdb /dev/sdc
vgcreate cent -s 8M /dev/sdb /dev/sdc                        | -s add physeical extent
lvcreate -n data -l 50 vol-group                           | -l specifies logical extent size
lvcreate -n data -L 1G+ cent
cryptsetup luksFormat /dev/mapper/cent-data
cryptsetup LuksOpen /dev/mappert/cent-data crypt          | opens /dev/mapper/crypt
mkfs.ext4 /dev/mapper/crypt
partprobe /dev/mapper/crypt
fsck /dev/mapper/crypt
mount /dev/mapper/crypt /crypt
blkid
add to fstab
/dev/mapper/crypt	/crypt	ext4	defaults 1 1
add to crypttab
crypt	/dev/mapper/cent-data	none
=====================================================================================
HOW TO ADD KEY FILE TO LUKS
====================================================================================

dd if=/dev/urandom of=/root/crypt bs=1024 count=4    | create a keyfile with random bits of 4kb

chmod 0400 /root/keyfile | read only permission for root

sudo cryptsetup luksAddKey /dev/mapper/crypt /root/crypt |  adds keyfile

vi /etc/crypttab

crypt	/dev/mapper/cent-data	/root/crypt       | adds the keyfile in at the end


=======================================================================
RED HAT PACKAGE MANAGER

rpm -qp --requires filename looks for dependencies
rpm -qp --provides file name


==========================================================================
IPTABLES

iptables -L -nv --list | all rules

iptables -F | flushes table

iptables -P INPUT DROP
iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT;
iptables -I INPUT 2 -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 3 -m state --state ESTABLISHED, RELATED -j ACCEPT


iptables -P OUTPUT DROP
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
iptables -I OUTPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I OUTPUT 2 -p tcp --dport 80 -j ACCEPT
iptables -I OUTPUT 3 -p tcp --dport 22 -j ACCEPT
iptables -I OUTPUT 4 -p udp --dport 53 -j ACCEPT
iptables -I OUTPUT 5 -m state --state NEW,RELATED -j ACCEPT


TO BLOCK IPS
iptables -I INPUT 2 --source 210.0.0.0/8 DROP


CENT OS 7


systemctl enable iptables.service | starts iptables service on boot
systemctl enable ip6tables.service
systemctl enable nfs-server.service | starts nfs-server on boot
systemctl enable firewalld.server | starts firewalld on boot
systemctl stop firewalld.service
systemctl start iptables.service
systemctl start ip6tables.service

firewall-cmd --state    ----------Check Status
firewall-cmd --reload   -------------Reload rules without loosing state
firewall-cmd --get-zones ---------------- Shows zones
firewall-cmd --get-services ------------- shows services
firewall-cmd --list-all-zones ----------shows all zones with enabled service
firewall-cmd --get-services -------------shows a list of all enabled services
firewall-cmd --permanent --zone=public --add-service=nfs-server --------add nfs-server to firewall public zone
firewall-cmd --permanent --zone=public --add-service=rpc-bind   -----------add rpc-bind which is tcp wrapper for nfs
firewall-cmd --permanent --zone=public --add-service=http -------------------add web access in public zone
firewall-cmd --permanent --zone=public --remove-service=nfs-server ----removes nfs-server from public zone after restart
firewall-cmd --permanent --zone=public --change-interface=eth0   -change zone on interface
firewall-cmd --get-zone-of-interface=eth0 -- get zones on interface
firewall-cmd --zone=public --list-ports	- list ports open on zone
firewall-cmd --panic-on ---- block all traffic in emergency
firewall-cmd --panic-off ---- unblock all traffic
firewall-cmd --add-service=http ------------- add http in deafault zone
firwall-cmd --zone=public --list-all           -----list services on zone

DISABLE FIREWALLD ENABLE IPTABLES

yum -y  install iptables-services

systemctl mask firewalld
systemctl enable iptables
systemctl enable ip6tables
systemctl stop firewalld
systemctl disable firewalld
systemctl start iptbales
systemctl start ip6tables


==================================================================
SSH

ssh-keygen
scp /root/.ssh/id_rsa.pub 192.168.122.11:/root/.ssh/ ---from pc you want to automatically connect to server
cat id_rsa.pub >> authorized_keys                < do this on server
chmod 700 /root/.ssh                             <
chmod 644 /root/.ssh/authorized_keys             <


CRONTAB

crontab -e | edit roots crontab

crontab -l | show root crontab

crontab -u john -e  | edit johns crontab

crontab -u john -l  | list johns crontab

30 8 * * * 	tar -cvzf /root/backup.tar /home/bigtymer
* 9 * * *	mv /root/backup.tar /
30 9 * * *	tar -xvzf backup.tar

30 21 * * * echo "Hello World!" >> ~/helloworld.txt

minute  hour  day of month  day of week command

cat /var/spool/root

service crond restart

=====================================================================

RED HAT PACKAGE MANAGER


    Install and update software packages from Red Hat Network, a remote repository, or from the local file system.

Redhat network updates (requires subscription)
rhn_register

Configuration of repositories other than the RHN is accomplished through text configuration files located in the directory:
/etc/yum.repos.d/
• A configuration file for each repository (or group of related repos) should
be created in /etc/yum.repos.d/
• The name of each repo config file should end in “.repo”.

Yum Repository Mandatory Configuration Items
Repository ID: Short name for identifying this repository in reports
[MyRepo]
Name: Longer description of this repository
name=My Custom Repository
Baseurl: Description of protocol and location needed to locate the repo files.
baseur=http://192.168.0.15/cent

Yum Repository Common Optional Configuration Items
gpgcheck: Defines whether yum should attempt to validate package signatures. “0″ = “off”, “1″ = “on”.
gpgcheck=1
gpgkey: Defines (via URL) where the keys for signature validation are located (typically file:///etc/pki/rpm-gpg/<key name>)
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled (Optional) Defines whether this repository should be currently active. “0″ = “off”, “1″ = “on”.
enabled=1


RPM Cheat Sheet
# rpm -i[v,h] name-ver-rel.arch.rpm : Installs a package
# rpm -U[v,h] name-ver-rel.arch.rpm : Upgrades a package if an older version was previously installed. Otherwise, simply installs the new version.
# rpm -F[v,h] name-ver-rel.arch.rpm : Upgrades a package if an older version is installed. Otherwise, does nothing — does not install new packages if no older version was installed.

Upgrading a Kernel
Always use #rpm -i …

Uninstalling
# rpm -e name[-ver][-rel]

RPM over a Network
# rpm -ivh ftp://{Host}/path/to/packagename-ver-rel.arch.rpm
# rpm -ivh http://{Host}/path/to/packagename-ver-rel.arch.rpm
And wildcard “globbing” is allowed:
# rpm -ivh http://{Host}/path/to/packagename*

rpm -qa lists all installed packages.
rpm -q pkg Reports the version of the package.
rpm -qf /path/file Reports which package provided the file.
rpm -qc pkg Lists all configuration files of the package.
rpm -qd pkg Lists all documentation of the package.
rpm -qi pkg Reports a description of the package.
rpm -ql pkg Lists all files contained in the package.
rpm -qR pkg Lists all dependencies.
rpm -q –scripts Lists the scripts that run when installing/removing.
rpm -q{c|d|i|l|R}p /path/to/packagename-ver-rel-arch.rpm Reports the same info as above, but pulls info from the .rpm file instead of the rpm database.
rpm -V (or –verify) Validate Package Signatures

Import GPG key, check sigs.
1. Import the Red Hat GPG public key (It can be found on the installation CD or in the /etc/pki/rpm-gpg/ directory):
# rpm –import /media/disk/RPM-GPG-KEY-redhat-release
or:
# rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
2. Check the signature of the package in question:
# rpm –checksig /path/to/package-ver-rel.arch.rpm

View a list of the packages originally installed on the system:
# less /root/install.log
View a list of the packages installed through yum:
# less /var/log/yum.log
Query the RPM database for the packages installed right now:
# rpm -qa

    Update the kernel package appropriately to ensure a bootable system.

rpm -ivh kernel_package_name


=============================================================
	SE LINUX
yum install policycoreutils-python x86_64

getsebool -a | grep httpd   find selinux booleans for apache web server server


semanage user -l | lists users


semanage boolean -l | grep httpd    <<<<<shows what each boolean does


send SE contents from one fold to another
chcon -R --reference=/var/www/html /var/www/html/files

setsebool -P nfs_export_all_rw=1   | allows nfs export shares to read,write


APACHE INSTALLATION SERVER
=============================================================
yum install httpd

mkdir /var/www/html/cent

mount -o loop cent.iso /var/www/html/cent1.iso /var/www/html/cent

mkdir /var/www/html/repo

cp -ar /var/www/html/cent/. /var/www/html/repo/

chcon -R --reference=/var/www/html /var/www/html/repo

service httpd restart

chkconfig httpd on


================================================================================


Yum   & REPOS


Yum install --downloadonly --downloaddir=/var/www/html/repo  kernel.x86_64
yum --add-repo repository epel6 ------------------add repo
yum-config-manager --disable repository epelxxxxxxxxxx            -------------- disable repo
yum-config-manager --enable repository   epelxxxxxxxxxxx--------------enable repo
yum clean all -----------------cleans up repo
yum repolist all ---------------- list all repos


CREATE REPO
mount -o loop cent7.iso /cent7
mkdir /var/www/html/cent7
cp -ar /cent7 /var/www/html/cent7
chcon -R --reference=var/www/html/ /var/www/html/cent7
cd /etc/yum.repos.d
vi cent7.repo
[centos7]
name=centos7
baseurl=file:///var/www/html/cent7/ or http://192.168.0.15/cent7
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

yum clean all
yum repolist all


=============================================================

KICKSTART

system-config-kickstart /root/anaconda.ks ---- open ks file in gui save to apache installation server.

virt-install -n cent7-server -r 3000 --disk path=/var/lib/libvirt/images/cent7-server.img,size=15 -l http://192.168.0.15/cent --vcpus=4 -x "ks=http://192.168.0.15/cent/ks.cfg"


=======================================================LDAP=================================================

TO SET UP LDAP SERVER

yum install -y openldap openldap-clients openldap-servers migrationtools

slappasswd -s redhat -n > /etc/openldap/passwd  ----------- add secret key

IMPORTANT

openssl req -new -x509 -nodes -out /etc/openldap/certs/cert.pem -keyout /etc/openldap/certs/priv.pem -days 365    ----------- creates certificate

Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:instructor.example.com
Email Address []:

cd /etc/openldap/certs
chown ldap:ldap *
chmod 600 priv.pem

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

# slaptest
53d61aab hdb_db_open: database "dc=my-domain,dc=com": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
53d61aab backend_startup_one (type=hdb, suffix="dc=my-domain,dc=com"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)

chown ldap:ldap /var/lib/ldap/*
systemctl enable slapd
systemctl start slapd
netstat -lt | grep ldap
cd /etc/openldap/schema
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f nis.ldif
Then, create the /etc/openldap/changes.ldif file and paste the following lines (replace password with the previously created password):

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: passwd # previously generated password

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/cert.pem

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/priv.pem

dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: -1

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=example,dc=com" read by * none

THEN MODIFY


ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/openldap/changes.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "cn=config"
modifying entry "cn=config"
modifying entry "cn=config"
modifying entry "olcDatabase={1}monitor,cn=config"

Create the /etc/openldap/base.ldif file and paste the following lines:

dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain

dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

Build the structure of the directory service:
ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f base.ldif

Create two users for testing:

mkdir /home/guests
useradd -d /home/guests/ldapuser01 ldapuser01
passwd ldapuser01

useradd -d /home/guests/ldapuser02 ldapuser02
passwd ldapuser02


cd /usr/share/migrationtools

Edit the migrate_common.ph file and replace in the following lines:

$DEFAULT_MAIL_DOMAIN = "example.com";
$DEFAULT_BASE = "dc=example,dc=com";


Create the current users in the directory service:

grep ":10[0-9][0-9]" /etc/passwd > passwd

./migrate_passwd.pl passwd users.ldif

ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f users.ldif

adding new entry "uid=ldapuser01,ou=People,dc=example,dc=com"

adding new entry "uid=ldapuser02,ou=People,dc=example,dc=com"

grep ":10[0-9][0-9]" /etc/group > group

./migrate_group.pl group groups.ldif

ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f groups.ldif

Test the configuration with the user called ldapuser01:

ldapsearch -x cn=ldapuser01 -b dc=example,dc=com
firewall-cmd --permanent --zone=public --add-service=ldap
firewall-cmd --permanent --zone=public --add-service=nfs

firewall-cmd --reload  -------------Reload the firewall configuration:
local4.* /var/log/ldap.log ---------Edit the /etc/rsyslog.conf file and add the following line
systemctl restart rsyslog
chmod 744 /home/guests/ldapuser*


===========================================================================================================

Configure LDAP Client

yum install -y openldap-clients nss-pam-ldapd openldap-servers
scp /etc/openldap/certs 192.168.122.11:/etc/openldap/cacerts       --------------- FROM SERVER
authconfig-tui

Choose the following options:

- Cache Information
- Use LDAP
- Use MD5 Passwords
- Use Shadow Passwords
- Use LDAP Authentication
- Local authorization is sufficient
In the LDAP Settings, type:

Use TLS
ldap://instructor.example.com
dc=example,dc=com


NFS on LDAP
vi /etc/exports

/home/guests/ldapuser01	192.168.122.11(rw,sync,no_root_squash)
/home/guests/ldapuser02	192.168.122.11(rw,sync,no_root_squash)
service nfs restart
exportfs -v

vi /etc/auto.master
/home/guests /etc/auto.guests

vi /etc/auto.guests

*	-rw,nfs4 192.168.0.15:/home/guests/&


systemctl reload nfs
systemctl start iptables.service
systemctl start ip6tables.service
systemctl start firewalld.service
systemctl start autofs.service
systemctl start slapd.service
firewall-cmd --get-services
firewall-cmd --permanent --zone=public --add-service=ldap
firewall-cmd --permanent --zone=public --add-service=nfs
firewall-cmd --permanent --zone=public --add-service=ldaps
systemctl enable slapd.service
systemctl enable autofs.service
systemctl enable iptables.service
systemctl enable ip6tables.service
systemctl enable firewalld.service
==================================================================

Grub2

grub2-mkconfig -o /boot/grub2/grub.cfg

vi /usr/sbin/update-grub

#!/bin/bash
exec grub2-mkconfig -o /boot/grub2/grub.cfg   -----------makes script for update-grub

init 6

edit line "e" with vmlinuz put init=/bin/sh at end to enter single user mode with shell

passwd to update password

touch ./autorelabel

exec /sbin/init ----------------to reboot

How to add password to grub

vi /etc/grub.d/00_header

add at bottom of file
cat <<EOF
set superusers="bigtymer37"
password bigtymer37 passwordhere
EOF

update-grub or grub2-mkconfig -o /boot/grub2/grub.cfg

grub-mkpasswd-pbkdf2

vi /etc/grub.d/00header

add at bottom of file
cat <<EOF
set superusers="bigtymer37"
password_pbkdf2 bigtymer37 pbkdf2
EOF

grub2-mkconfig /boot/grub2/grub.cfg

==================================================================================================

SYSTEM D


systemctl enable iptables.service | starts iptables service on boot ---------------- enable on boot
systemctl enable ip6tables.service       -----------enable on boot
systemctl enable nfs-server.service | starts nfs-server on boot    -----------enables on boot
systemctl enable firewalld.server | enables on boot firewalld on boot
systemctl stop firewalld.service      ------------ stop service
systemctl start iptables.service               -------------starts service
systemctl start ip6tables.service------------- starts service
systemctl isolate runlevel6.target         ----------same as init 6 restart
systemctl isolate runlevel3.target        -------------same as init 3
systemctl isolate shutdown.target        ----------------- same as init 0
systemctl list-units --type target --all         -------------list all units that are currently loaded
systemctl list-units --type target --all    ----------- list all units regardless of state
systemctl set-default multi-user.target


             ACCESS CONTROL LISTS
======================================================================

getfacl /etc/hosts
setfacl -m u:bigtymer37:rw /etc/hosts
chmod 644 /etc/hosts


AT COMMAND

vi /root/backup.sh
tar -cvzf /root/backup-at.tar /home/bigtymer37

at -f /root/backup.sh Aug19,2014
at -f /root/backup.sh now + 15 minutes
at -f /root/backup.sh now + 7 days
at -f mycrontest.sh  10pm tomorrow   --- job 14 at Sun Jul  8 22:00:00 2007
at -f mycrontest.sh 2:00 tuesday      ---job 15 at Tue Jul 10 02:00:00 2007
at -f mycrontest.sh 2:00 july 11     -----job 16 at Wed Jul 11 02:00:00 2007
at -f mycrontest.sh 2:00 next week

atq
atrm (number of at id)


			NTP
===============================================================================

vi ntp.conf
systemctl enable ntpd
systemctl start ntpd
ntpq -q           -----------list synchronized time server
systemctl stop ntpd
ntpdate centos1.pool.org
systemctl ntpd start