API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 29th, 2018
153
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.73 KB | None | 0 0
raw download clone embed print report
  1. Accessing the command line:
  2. ---------------------------
  3. - Virtual-consoles (ctrl+alt+F1-6)
  4. - Terminal
  5. - Shell --> bash
  6. - cmd options arguments
  7. - Useful bash features:
  8. - history (!x , !string, ctrl-r, up/down arrow keys)
  9. - TAB completion
  10. - alt+. (repeat last argument)
  11.  
  12. SSH
  13. ---
  14. - SSH server
  15. - sshd
  16. - Port 22 (TCP)
  17. - ssh client:
  18. - ssh user@host --> interactive ssh
  19. - ssh user@host "CMD" --> non-interactive ssh
  20. - Authentication:
  21. 1. Password Authentication
  22. 2. key-based Authentication
  23. ssh-keygen --> generate your own public/private keys
  24. ssh-copy-id --> copy your public key over
  25.  
  26.  
  27. Managing Files
  28. --------------
  29. - Root directory: /
  30. - Absolute path always starts with /
  31. - Relative path depends on your current directory
  32. - cd, ls [-al] , pwd, touch ,
  33. - mv , cp [-r] , mkdir [-p] , rmdir, rm [-rf]
  34.  
  35. - Hard links (ln) , Symbolic Links (ln -s)
  36. ln [-s] EXISTING_FILE SHORTCUT_NAME
  37.  
  38.  
  39. User and group management
  40. -------------------------
  41. - /etc/passwd, /etc/group, /etc/shadow
  42.  
  43. - useradd, usermod, userdel [-r]
  44. - groupadd, groupmod [-n name] [-g gid] , groupdel
  45.  
  46. - Primary group vs Supplementary group
  47.  
  48. - Password aging:
  49. /etc/login.defs (login defaults)
  50. /etc/default/useradd (defaults for the useradd command)
  51.  
  52. chage -l USER
  53. -m, -M , -W, -E , -I , -d 0
  54.  
  55. - Special shell: /sbin/nologin
  56.  
  57.  
  58. CENTRALIZED USERS MANAGEMENT
  59. -----------------------------
  60. - Centralize user account and authentication
  61. - authconfig-gtk, sssd, krb5-workstation
  62. - ldap for user info + kerberos for authentication
  63. - LDAP:
  64. 1. FQDN ldap server
  65. 2. BASE DN
  66. 3. CA cert (for tls encryption)
  67. - KERBEROS:
  68. 1. KDC
  69. 2. REALM
  70. 3. ADMIN servers
  71. (or dns could be used to auto detect settings
  72. if configured)
  73. - ipa-client-install (yum install ipa-client)
  74.  
  75.  
  76. File permissions
  77. ----------------
  78. - Basic permissions: r , w , x
  79. - Special permissions: suid, sgid, sticky bit
  80. - chown, chgrp, chmod
  81. - chmod --> symbolic way + numerical way
  82. - if BIG X is used, it only applies to subdirectories and existing files that
  83. have ANY execute bit
  84. (useful for recursions)
  85. - umask determines the default permission (mode) of a file/dir
  86. (General guide: files are always 666 by default and subtracted by the umask
  87. directories are always 777 by default and subtracted by the umask)
  88. - To globally set the umask:
  89. /etc/profile
  90. /etc/bashrc
  91. - To set umask per user:
  92. ~/.bashrc
  93.  
  94.  
  95.  
  96. ACL
  97. ---
  98. - To overcome basic permission limitations
  99. - more than one user
  100. - more than one group
  101. - Three types of entries:
  102. - normal acl entries
  103. - default acl entries (only applies to dir)
  104. - files/subdir inherit the default acl
  105. - mask (does not affect original user owner and others)
  106. - setfacl -m ACL_SPEC FILE|DIR
  107. - setfacl -x ACL_SPEC FILE|DIR
  108. - ACL_SPEC examples:
  109. u:john:rx
  110. g::rwx
  111. g:sales:rw
  112. o::-
  113.  
  114.  
  115. SELINUX
  116. -------
  117. - 3 modes: enforcing,permissive,disabled
  118. - /etc/selinux/config
  119. - getenforce
  120. - setenforce 0|1 (will not survive a reboot)
  121. - yum install selinux-policy-devel
  122. mandb
  123. man -k _selinux
  124. - yum install setroubleshoot-server
  125. /var/log/messages
  126. sealert -l UUID
  127. - restorecon -vFR DIR
  128. - man semanage-fcontext
  129. -> we can add custom rules to the file context
  130. - getsebool -a
  131. setsebool [-P] BOOLEAN on|off -> Remember -P for persistency!
  132.  
  133. Processes
  134. ---------
  135. - Sending signals to processes
  136. kill -l -> list signals
  137. - best to send signals by name rather than by number
  138. - SIGTERM (15) , SIGKILL(9)
  139. - kill PID...
  140. - killall CMD
  141. - pkill [COMMAND_PATTERN]
  142. pkill -u USER
  143. pkill -t TERMINAL
  144. pkill -u john gedit -> terminate all gedit processes for john
  145. Use pgprep -l PATTERN to determine which process pkill will
  146. send signal to
  147. - top
  148. P - sort by CPU
  149. M - sort by memory
  150. h - help
  151. k - kill
  152. q quit
  153.  
  154.  
  155. Process priorities:
  156. -------------------
  157. - can be affected by the NICE value
  158. - (higher priority) -20 --> +19 (lower priority)
  159. <-------increase priority (root) --------
  160.  
  161. -------decrease priority (normal users) -->
  162.  
  163. - nice -n NICEVALUE CMD
  164. - renice -n NICEVALUE PID
  165. - top can also renice proceses:
  166. short-cut --> r
  167.  
  168. Software
  169. --------
  170. - yum list | search | install | info | remove | update PKGNAME...
  171. - yum help
  172.  
  173. YUM REPO file rule!
  174. ------------------
  175. - File should be in /etc/yum.repos.d/
  176. - file should have extension of .repo
  177. - contents of file:
  178. [repoid] <--- no spaces, unique, NOT "main"
  179. name=UPTOYOU
  180. baseurl=URL_TO_REPO
  181. gpgcheck=0|1 <-- Signature check ?
  182. enabled=0|1 <-- enabled or not ?
  183.  
  184. Partitions and File Systems
  185. ---------------------------
  186. - 2 partitioning schemes - MBR and GPT
  187. MBR GPT
  188. --- ---
  189. - fdisk - gdisk
  190. - Primary,extended,Logical - N/A
  191. - Need extended partition to have - N/A
  192. more than 4
  193. - Max 2 TB per partition - Max 8 ZiB per partition
  194.  
  195. - For an existing disk that has been partitioned, DON'T simply convert
  196. the partitiong scheme (even though gdisk will offer to convert MBR to
  197. GPT for you)
  198.  
  199. File system Swap
  200. ------------ ------
  201. 1. Create partition 1. Create partition
  202. - id: 83/8300 - id: 82/8200
  203. 2. cat /proc/partitions 2. - SAME -
  204. - if not visible
  205. partprobe
  206. 3. Format with a filesystem 3. Format as swap
  207. mkfs -t FSTYPE DEVICE mkswap DEVICE
  208. (ext4,xfs,vfat,...)
  209. 4. Create a mount point 4. - N/A -
  210. mkdir DIRECTORY
  211. 5. Update /etc/fstab 5. - SAME with slightly diff settings -
  212. 6. mount -a ; df -h 6. swapon -a ; swapon -s
  213.  
  214.  
  215. Services
  216. --------
  217. - systemd is new in RHEL7
  218. - systemctl status|start|stop|restart UNIT
  219. - systemctl enable|disable|mask|unmask UNIT
  220. - enable means service will start at BOOT TIME
  221. - masking means the service cannot be start EITHER and BOOT TIME OR MANUALLY
  222.  
  223.  
  224. Boot process
  225. ------------
  226. - systemd replaces systemV
  227. - no more run levels
  228. - instead we have targets
  229. - systemd uses units
  230. - units have types
  231. autofs.service
  232. cupds.socket
  233. etc...
  234. - A target is a set of units grouped together
  235. to achieve a system state
  236.  
  237. - When we boot up the system a default target is used
  238. to setup the system
  239. graphical.target (with GUI)
  240. multi-user.target (NO GUI)
  241. - To manually switch between targets:
  242. systemctl isolate graphical.target
  243. systemctl isolate multi-user.target
  244.  
  245. - You can set/get the default target:
  246. systemctl get-default
  247. systemctl set-default TARGET
  248.  
  249. - Targets can be set by passing in kernel argument at the bootloader menu
  250. - systemd.unit=TARGET
  251. - e.g. systemd.unit=rescue.target OR systemd.unit=emergency.target
  252.  
  253. - Use rd.break when trying to reset root password:
  254. 1. Interupt GRUB at boot time
  255. 2. e to edit
  256. 3. Pass in rd.break, then ctrl-x
  257. 4. mount -o remount,rw /sysroot
  258. 5. chroot /sysroot
  259. 6. passwd
  260. 7. touch /.autorelabel
  261. 8. exit ; exit
  262.  
  263. - grub2-mkconfig regenerates the /boot/grub2/grub.cfg file
  264. based on settings in /etc/default/grub and /etc/grub.d/
  265.  
  266.  
  267.  
  268. Networking
  269. ----------
  270. - DHCP or static (manual)
  271. - If static:
  272. IP address
  273. Netmask (CIDR)
  274. DNS
  275. Default gateway
  276.  
  277. - If using NetworkManager daemon: --> nmcli command to manage
  278.  
  279. nmcli
  280. -> use TAB (auto-complete to help)
  281. -> connection and device
  282. -> connections have names and must be associated with
  283. an interface (device)
  284. -> Do we want the connection to auto start at boot time?
  285. connection.autoconnect yes|no
  286.  
  287. -> ipv4 settings:
  288. ipv4.method --> dhcp or manual
  289. ipv4.addresses --> IP address,subnet and def. gateway
  290. "192.168.9.10/24 192.168.0.1"
  291. ipv4.dns --> DNS servers
  292.  
  293. - When displaying connection settings:
  294. lowercase properties means what is configured
  295. UPPERCASE properties means runtime configuration
  296.  
  297. - We can also edit the config file:
  298. /etc/sysconfig/network-scripts/
  299. ifcfg-DEVICE OR ifcfg-CONNAME
  300.  
  301. nmcli connection reload --> inform NM that there are changes
  302. nmcli connection down CONNAME
  303. nmcli connection up CONNAME
  304.  
  305. - hostnamectl set-hostname HOSTNAME
  306.  
  307.  
  308.  
  309. Logging and Time
  310. ----------------
  311. - Two services handle logging:
  312. - rsyslog
  313. /var/log/
  314. - systemd-journald (new in RHEL7)
  315. /run/log/journal - non-persistent
  316. /var/log/journal - if made persistent
  317.  
  318. - journalctl
  319. - journalctl -p PRIORITY
  320. - journalctl --since DATE --until DATE
  321. - journalctl -b
  322. -> only show messages during last boot (if journal is persistent)
  323.  
  324. - timedatectl (new RHEL7)
  325. set-time
  326. set-timezone
  327. list-timezones
  328. set-ntp
  329. ...
  330. - /etc/chrony.conf (Diff RHEL6 , /etc/ntp.conf)
  331. server NTP_SERVER iburst
  332.  
  333. systemctl restart chronyd.service (in RHEL6 service ntpd restart)
  334. timedatectl set-ntp true
  335.  
  336.  
  337. LVM
  338. ---
  339. - Provides the ability to group multiple storage as ONE
  340. - Each storage is formatted as a PV and then grouped together as a VG
  341. - PE is the smallest unit/chunk in a VG. Specified when the VG is created
  342. with -s
  343. - LV and VG can be extended or reduced (hence flexible)
  344. - pvs,vgs,lvs
  345. - pvdisplay,vgdisplay,lvdisplay
  346. - pvcreate , vgcreate , lvcreate
  347. - vgextend, pvmove , vgreduce
  348. - lvextend
  349. - resize2fs , xfs_growfs
  350.  
  351.  
  352. Cron, systemd-tmpfile
  353. --------------------------
  354. - cron for recurring jobs
  355. - cron
  356. - user cron --> crontab -e
  357. - system cron --> /etc/crontab , /etc/cron.d/
  358. - anacron
  359. - executed hourly by cron (/etc/cron.hourly/0anacron)
  360. - /etc/anacrontab
  361. - controls /etc/cron.{daily,weekly,monthly)
  362. - Benefit: missed jobs will be executed
  363. - Con: Cannot control exact time the job is run
  364.  
  365.  
  366. - systemd-tmpfiles --clean --remove
  367. -> executed once at boot time
  368. -> creates or delete files based on configuration
  369. - systemd-tmpfiles --clean
  370. -> purges files based on aging
  371. -> executes once a day
  372. - /etc/tmpfiles.d/
  373. --OVERRRIDES--
  374. /run/tmpfiles.d
  375. --OVERRRIDES--
  376. /usr/lib/tmpfiles.d
  377.  
  378. - e.g.
  379. cat /etc/tmpfiles.d/test.conf
  380. d /testing 1777 root root 1d -
  381.  
  382. cat /usr/lib/tmpfiles.d/test.conf
  383. d /testing 1777 root root 20d -
  384.  
  385. ==> files in /testing age will be 1d and not 20d
  386.  
  387.  
  388.  
  389. Access NFS
  390. ----------
  391. - Package required: nfs_utils
  392. - 5 security mechanisms:
  393. sec=none|sys|krb5|krb5i|krb5p
  394. - If using krb5 stuff, needs:
  395. - Client must be authenticated with the same
  396. central authentication server as the nfs server
  397. - Client should enable and start nfs-secure service
  398. - Client needs a /etc/krb5.keytab file issued from the
  399. kerberos administrator
  400. - Manual mount:
  401. mount -o sec=SEC_TYPE,sync NFS_SERVER:SHARE_PATH MOUNT_POINT
  402. - Mount at boot time:
  403. /etc/fstab
  404. NFS_SERVER:SHARE_PATH MOUNT_POINT nfs sec=SEC_TYPE,sync 0 0
  405. - Mount on demand:
  406. yum install autofs
  407. systemctl enable autofs
  408. systemctl start autofs
  409.  
  410. Indirect Map
  411. -------------
  412. NFS share server1:/shares/public
  413. Mount point /myshares/pub
  414. (indirect map needs a parent/child directory structure)
  415.  
  416. /etc/auto.master.d/myfile.autofs
  417. /myshares /etc/auto.myshares
  418.  
  419. /etc/auto.myshares
  420. pub -rw,sec=SEC_TYPE,sync server1:/shares/public
  421.  
  422. systemctl restart autofs
  423.  
  424. Direct Map
  425. ----------
  426. NFS share server1:/shares/public
  427. Mount point /pub
  428.  
  429. /etc/auto.master.d/myfile.autofs
  430. /- /etc/auto.pub
  431.  
  432. /etc/auto.pub
  433. /pub -rw,sec=SEC_TYPE,sync server1:/shares/public
  434.  
  435. systemctl restart autofs
  436.  
  437.  
  438. Accessing SMB
  439. -------------
  440. - Required package: cifs-utils
  441. - Optional : samba-client (gives you the smbclient command)
  442. - To identify the share:
  443. smbclient -L //server
  444. (list the shares)
  445.  
  446. - Ways to connect:
  447. - manual mount
  448. mount -t cifs -o user=USERNAME //server/sharename /MOUNT_POINT
  449.  
  450. - mount at boot time: /etc/fstab
  451. //server/sharename /mount_point cifs user=USER,password=123 0 0
  452. OR
  453. //server/sharename /mount_point cifs credentials=/root/myfile 0 0
  454.  
  455. WHERE /root/myfile -> FILE MODE MUST BE 600
  456. username=USER
  457. password=123
  458. domain=DOMAIN <-- optional
  459.  
  460. - via smbclient (similar to ftp client)
  461. smbclient -U USER //server/share
  462.  
  463. - Mount on demand (autofs)
  464. - install, start and enable autofs
  465.  
  466. INDIRECT MAP example
  467. --------------------
  468. /etc/auto.master.d/shares.autofs
  469. /shares /etc/auto.shares
  470. /etc/auto.shares
  471. pub -fstype=cifs,credentials=/root/myfile,rw ://server/public
  472.  
  473. DIRECT MAP example
  474. --------------------
  475. /etc/auto.master.d/shares-direct.autofs
  476. /- /etc/auto.shares
  477. /etc/auto.shares-direct
  478. /shares -fstype=cifs,credentials=/root/myfile,rw ://server/public
  479.  
  480.  
  481.  
  482. Firewall Chapter
  483. -----------------
  484. - Packet filtering handled by the kernel module netfilter
  485. - Managed through EITHER iptables service or firewalld
  486. - systemctl mask iptables.service
  487. -> ensures that iptables service does not get started (will disrupt firewalld)
  488. - firewalld
  489. -> firewall-config (GUI tool)
  490. -> firewall-cmd (command line)
  491. - if --zone not specified, use default zone
  492.  
  493. - For persistent changes:
  494. - Modify the PERMANENT settings (firewall-cmd .... --permanent )
  495. - Reload firewall ( firewall-cmd --reload )
  496. - A zone has a set of rules
  497. - A packet is associated with a zone:
  498. - depending on the interface it arrives on
  499. - depending on its source IP
  500. - if the above 2 items does ot match, the use the default zone rules
  501.  
  502.  
  503.  
  504. Kickstart
  505. ---------
  506. - To automate Red Hat Installations
  507. - Need a kickstart text file
  508. - use /root/anaconda-ks.cfg as a template
  509. - GUI: system-config-kickstart
  510. - File has 4 sections: command,packages,pre,post
  511. - ksvalidator can check the file syntax for errors
  512. - You can place your kickstart file in a
  513. - usb drive, cdrom, upload to a webserver/ftp server
  514. - Boot from DVD
  515. - Select the install option and press TAB
  516. - append: ks=http://server/myks.cfg
  517.  
  518.  
  519. Using Virtualized systems
  520. --------------------------
  521. - KVM is Red Hat's virtualization technology
  522. - KVM requires:
  523. 1. CPU that supports VT
  524. (/pro/cpuinfo --> vmx|svm)
  525.  
  526. 2. Enable VT at BIOS
  527. 3. Hypervisor must be 64-bit for Red Hat to support
  528. 4. Install neccessary software on Hypervisor
  529. yum grouplist hidden | grep -i virtual
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!