IT training RH124 RHEL7

- - - - - - - - - - - - - - - - - - Red Hat System - Administration I Student Workbook - - - - RH124-RHEL7-en-1-20140606 MAN-RH124SKE-R2 Comprehensive, hands-on training that solves real world problems Red Hat System Administration I Student Workbook © 2014 Red Hat, I n c R H 24- R H EL 7-en-1-201406 - - - - - - - - - - - - - - - - - - - - - - RED HAT SYSTEM ADMINISTRATION I - RH124 Red Hat Enterprise Linux RH124 Red Hat System Administration I Edition - Authors: Susan Lauber, Philip Sweany , Rudolf Kastl, George Hacker Editor: Steven Bonneville Copyright© - 2014 Red Hat Inc The contents of this course and all its modules and related materials, including handouts to audience members, are Copyright© - 2014 Red Hat, Inc - No part of this publication may be stored in a retrieval system, transmitted or reproduced in any way, including, but not limited to, photocopy, photograph, magnetic, electronic or other - record, without the prior written permission of Red Hat, Inc This instructional program, including all material provided herein, is supplied without any guarantees from Red Hat Inc Red Hat, Inc assumes no liability for damages or legal action - arising from the use or misuse of contents or details contained herein If you believe Red Hat training materials are being used, copied, or otherwise improperly distributed please e-mail training@redhat.com or phone toll-free (USA) or - +1(866) 626-2994 +1(919)754-3700 Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, Hibernate, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat Inc., registered in the United States and other countries Linux® is the registered trademark of Linus Torvalds in the United States and other countries Java® is a registered trademark of Oracle and/or its affiliates - - XFS® is a registered trademark of Silicon Graphics International Corp or its subsidiaries in the United States and/or other countries - The OpenStack® Word Mark and OpenStack Logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission We are not - affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community - All other trademarks are the property of their respective owners C o n t r i buto rs: Rob Locke, Bowe Stri c k l a n d , Scott M c B r i e n , Wa n d e r Boesse n ko o l , Fo rrest Tay l o r - Reviewers: M i c h a e l P h i l l i ps, D a v i d B u c k n e l l , A a ro n H i c ks, J a y R a m s u rr u n - - - - - - D o c u m e n t C o nve n t i o n s ix N otes a n d Wa r n i n g s i x - I ntro d u c t i o n - - - - - 27 The L i n u x F i l e System H i e rchy 28 Practice: File Syste m H i e rchy 31 Locat i n g Fi l es by N a m e 34 Practice: Locat i n g F i l e s and D i rectories 39 M a n a g i n g F i l es U s i n g C o m m a n d - L i n e Too l s 41 Pract ice: Co m m a n d- L i n e F i l e M a n a g e m e n t 46 M a tc h i n g F i l e N a mes U s i n g Pat h N a m e E x p a n s i o n 49 Pract ice: Pat h N a m e E x p a n s i o n 52 Lab: M a n a g i n g F i l es with S h e l l Expa n s i o n 54 M a n a g i n g F i l es Fro m t h e C o m m a n d L i n e Gett i n g He l p in R e d Hat E nt e r p r i s e L i n u x - - - - - 61 Rea d i n g Docu m e ntation U s i n g m a n C o m m a n d 62 Practice: U s i n g t h e m a n C o m m a n d 65 Rea d i n g Docu m e ntation U s i n g pi nfo C o m m a n d 67 Practice: U s i n g the p i nto Co m m a n d 69 Rea d i n g D o c u m e ntation in /u s r/s h a re/d o c 71 Practice: V i ew i n g Package D o c u m e n t at i o n 73 Gett i n g H e l p Fro m Red Hat 74 P ractice: C rea t i n g a n d View i n g a n SoS R e p o rt 79 L a b : V i ew i n g and Printing Help Doc u m e nt a t i o n 81 Creat i n g, V i e w i n g, a n d E d i t i n g Text F i l e s 87 Red i re c t i n g O u t p u t to a F i l e or Pro g r a m 88 Practice: 1/0 Red i rection and P i pe l i n es 93 E d i t i n g Text F i l es from t h e S h e l l Pro m p t P ractice: E d it i n g F i l es with V i m 98 Editing Text F i l es with a G p h i ca l Editor 100 Practice: Copy i n g Text Between W i n d ows 03 L a b : C reat i n g , V i e w i n g , a n d E d i t i n g Text F i l es - - Access i n g t h e C o m m a n d L i n e U s i n g t h e Loca l Conso l e P ractice: Loca l C o n s o l e Access Ter m s Access i n g t h e C o m m a n d L i n e U s i n g t h e D e s ktop P ractice: The G N O M E Desktop Envi ro n m e n t Exe c u t i n g Com m a n d s U s i n g t h e Ba s h S h e l l P ractice: Bash C o m m a n d s a n d Keyb o a rd S h o rtcuts L a b : Acces s i n g t h e Com m a n d L i n e 2 Acces s i n g t h e C o m m a nd L i n e - - xi R e d H a t Syst e m A d m i n istra t i o n I x i O r i e n t a t i o n to t h e C l assroom E n v i ro n m e n t x i i I nternati o n a l i z a t i o n x i i i 113 U sers a n d G r o u p s 114 Practice: U s e r a n d G ro u p Concepts 1 G a i n i n g S u p e r u s e r Access 1 P ractice: R u n n i n g C o m m a n d s a s root 2 M a n a g i n g L o c a l U s e r Accou nts M a n a g i n g Loca l L i n u x Us e rs a n d Gro u p s - - - - R H 24- R H E L7 -en -1-20140606 v - - R H 24 Practice: C reat i n g U s e rs U s i n g Co m m a n d - l i n e Too l s M a n a g i n g Loca l G ro u p Acco u nts Practice: M a n a g i n g G r o u p s U s i n g Co m m a n d - l i n e Too l s M a n a g i n g U s e r Passwords Pra c t i ce: M a n a g i n g U s e r Pa ssword Aging Lab: M a n a g i n g Loca l L i n u x Users and G ro u ps C o n t ro l l i n g Access to F i l es w it h L i n u x F i l e Syst e m Pe r m i s s i o n s L i n u x F i l e Syste m Pe r m i s s i o n s Practice: I nterpret i n g F i l e a n d D i rectory Pe r m i s s i o n s M a n a g i n g F i l e Syst e m Perm i s s i o n s from the C o m m a n d L i n e Practice: M a n a g i n g F i l e Secu rity f r o m t h e C o m m a n d L i n e M a n a g i n g Defa u l t P e r m i s s i o n s a n d F i l e Access Practice: Contro l l i n g N e w F i l e Pe r m i s s i o n s a n d O w n e rs h i p Lab: C o n t ro l l i n g Access to Fi l es with L i n u x F i l e Syst e m Permissions M o n itori n g a n d M a n a g i n g L i n u x Processes Processes Pra c t i ce: Processes Contro l l i n g J o b s Practice: B a c kg ro u n d and Fo re g ro u n d Processes K i l l i n g Processes Practice: K i l l i n g P rocesses M o n i t o r i n g P rocess Activity Practice: M o n i t o r i n g P rocess Activity Lab: M o n it o r i n g a n d M a na g i n g L i n u x Processes C o n t ro l l i n g S e rv i c e s a n d D a e m o n s C o nfi g u r i n g a n d S ec u r i n g O p e n S S H S e r v i c e I d e n t ify i n g Auto m a t ica l l y Started System Processes Practice: I d e ntify t h e S t a t u s o f sys t emd U n its Contro l l i n g Syst e m Services Practice: Using sys t emc t l to M a n a g e S e rvices Lab: Contro l l i n g S e rvices a n d Daemons 10 128 130 132 134 137 139 143 144 148 150 53 155 59 61 165 166 170 172 175 177 81 83 87 189 195 196 200 202 205 07 211 Access i n g t h e R e m ote C o m m a n d L i n e w i t h S S H 212 Practice: Access i n g t h e Remote Co m m a n d Line Conf i g u r i n g S S H Key-based A u t h e ntication 217 Pra c t i ce: U s i n g SSH Key-based A u t h e n t i c a t i o n 219 Custo m i z i n g SSH Service Config u t i o n 2 Prac t i ce: Rest r i c t i n g S S H Log i n s 2 Lab: Confi g u ri n g a n d S e c u r i n g O p e n S S H Service 2 A n a l yz i n g a n d Sto r i n g L o g s System Log Arch itect u re Practice: Syste m Log g i n g C o m p o n e nts Rev i ew i n g Sys log F i l es Practice: F i n d i n g Log Entries Review i n g syst e m d J o u r n a l Entries Practice: F i n d i n g Eve nts With j o u rn a l ct l Prese rvi n g the syst e m d J o u r n a l Practice: Confi g u re a Persistent syste md J o u r n a l M a i n ta i n i n g Acc u rate T i m e Prac t i ce: Adj u s t i n g System Time 229 230 232 234 238 239 242 243 245 246 250 - - - - - - - - - - - - - - - - - vi R H 24- R H E L7 - e n -1-20140606 - - - - L a b : A n a l y z i n g a n d Sto r i n g Logs 252 - 11 257 N etwo r k i n g Concepts 258 Practice: Netwo r k i n g C o n ce pts 263 Va l id a t i n g N etwo r k Confi g u t i o n 266 Practice: Exa m i n i n g N etwork Config u rati o n 269 Config u ri n g N etwo r k i n g w i t h nmcli 271 Practice: Config u r i n g Netwo r k i n g with nmcli 276 E d i t i n g N etwo rk Config u t i o n F i l es 279 Practice: E d i t i n g N etwo r k Confi g u t i o n F i l es 280 Config u ri n g H ost N a mes and N a me Reso l ut i o n 282 Practice: Config u r i n g Host N a m es and N a m e Reso l ut i o n L a b : M a n a g i n g Red Hat E n t e r p rise L i n u x N etwo r k i n g 8 M a n a g i n g R e d H a t E nt e r p r i s e L i n u x N etwo r k i n g - - - 12 A r c h i v i n g a n d C o py i n g F i l e s Between Syst e m s 13 I n sta l l i n g a n d Upd a t i n g S oftware Pa c ka g e s 14 Acces s i n g Li n u x F i l e Syste m s 15 Us i n g V i r t u a l ized Syste m s - - - - - - - - - - M a n a g i n g C o m p ressed t a r A rc h ives Practice: Backing Up and Restor i n g F i l es Fro m a t a r A r c h ive Copy i n g F i l es Between Syst e m s S e c u re l y Practice: Copy i n g F i l es Over the N etwo r k W i t h s c p S y n c h ro n i z i n g Fi l es Betwee n Syste m s S e c u re l y Practice: Sy n c h ro n i z i n g Two D i recto ries S e c u re l y With r sync Lab: A rc h i v i n g and Copy i n g F i l es Betwee n Systems Atta c h i n g Syste m s to S u b s c r i p t i o n s for Software U pdates Practice: Red H a t S u bs c r i p t i o n M a n a g e m e n t R P M Softwa re Pa ckages and Yu m Practice: R P M Softwa re Pa c k a g e s M a n a g i n g Softwa re U p d ates w i t h yum Practice: Insta l l i n g a n d U pd a t i n g Softwa re with y um E n a b l i n g yum Softwa re Repositories Practice: E n a b l i n g S oftwa re Repositories E xa m i n i ng R P M Package F i l es Practice: Wo r k i n g with R P M Package F i l es L a b : I nsta l l i ng a n d U pd a t i n g S oftwa re Packages I d e ntifying F i l e Syste m s a n d Devices Practice: I d e ntifyi n g F i l e Syst e m s a n d Devices M o u nt i n g a n d U n m o u n t i n g F i l e Syste ms Practice: M o u n t i n g and U n m o u nt i n g File Syste m s M a k i n g L i n ks Betwee n F i l e s Practice: Making L i n ks Betwee n F i l e s Loca t i n g F i l es o n the Syste m Practice: Locat i n g F i l es o n the System Lab: Acces s i n g L i n u x F i l e Systems M a n a g i n g a Loca l V i rt u a l i z a t i o n H ost Practice: M a n a g i n g a Loca l V i r t u a l izatio n H ost I n sta l l i n g a New V i rt u a l M a c h i n e P r a c t i c e : I nsta l l i n g a New V i rt u a l M a c h i n e C h a pter Test: U s i n g V i rt u a l i z e d Systems 291 292 297 298 300 301 304 306 311 312 318 320 323 325 332 336 339 341 345 347 351 352 355 357 360 362 364 365 372 37 379 380 386 388 397 399 - - - R H 24- R H E L7-en-1-20140606 vii - - R H 24 - 16 403 Red H a t System A d m i n istra t i o n I C o m p re h e n s ive Review 404 L a b : C o m p re h e n s i ve Review 408 C o m p re h e n s ive Review - - - - - - - - - - - - - - - - viii RH124 - R H E L7-en-1-20140606 - - - Document Conventions N otes a n d Wa r n i n g s Note " N otes" a re t i ps, s h o rtcuts or a l te r n a t ive a p p roaches to t h e t a s k at h a n d I g n o r i n g a note s h o u l d have no neg ative c o n seq u e n ces, but you m i g h t m i s s o u t o n a t r i c k t h a t m a kes yo u r l ife e a s i e r ' Important " I m porta n t " boxes deta i l t h i n g s t h a t a re e a s i l y m i ssed: confi g u t i o n c h a n g e s t h a t o n l y a p p l y to t h e c u rrent sess i o n , o r s e r v i c e s t h a t need resta rt i n g befo re a n u pdate w i l l a p p l y I g n o r i n g a box l a b e l e d " I m porta n t " w i l l n ot cause data loss, but m a y cause i r r i t a t i o n a n d f r u st t i o n Warning " Wa r n i n g s " s h o u l d n ot be i g n o red I g n o r i n g wa r n i n g s w i l l most l i k e l y c a u s e data l oss R References " Refere n ces" d e s c r i b e w here to f i n d exte r n a l d o c u m entation re l eva n t to a s u bject R H 24- R H E L -en -1 -20140606 ix - - C h a pter C o m p re h e n s ive Review - Sol ution I n t h i s l a b , you w i l l practice a n d d e m o n st rate your k n o w l e d g e a n d s k i l ls Outcomes: C o m p l ete t h e fo l l ow i n g ta s ks and s u ccessf u l l y g d e the serverX system with lab sal - r eview g r ad e as user root on serverX - - - Before you begin Reset t h e serverX m a c h i ne - Run t h e lab sal - r eview s e t u p a s u s e r root o n s e rverX U s e B a s h c o m m a n d s to c o m p l ete t h e fol l o w i n g t a s ks o n the se rve rX m a c h i n e : • D i s p l ay t h e first l i nes of t h e / u s r/bin/c lean - binary - files f i l e a n d s e n d t h e o u t p u t to t h e /home / s t u d e n t / head t ail t x t f i l e • 1 D i s p l a y t h e l a st n i n e l i n e s of t h e / u s r / bin/clean - binary - files f i l e a n d a d d t h e output to t h e / home/ s t ud e n t / headt ail t x t f i l e D i s p l a y t h e f i rst l i nes o f t h e / u s r/bin/c lean - binary - files f i l e a n d s e n d t h e co m m a n d o u t p u t to t h e / home/s t u d e n t /headt ail t x t f i l e [student@serverX � ! ! - ] $ head - n 12 / u s r / bin/clean - binary - files >/home/ s t u d e n t / - - - - headt ail txt - 1.2 D i s p l ay t h e l a st n i n e l i nes of the / u s r /bin/clean - binary - files file and add the co m m a n d output to the /home / s t u d e n t /head t ail t x t f i l e I [student@serverX i headt ail txt - - ] $ t ail - n /us r/bin/clean - binary - files >>/home/ s t u d e n t / I - Te n new L i n u x syst e m s req u i re c h a n g e doc u m e nt a t i o n fi l es C a r ry out t h e fo l l ow i n g t a s ks o n serverX to c reate t h e m : • • • • - C reate the em pty f i l e s with the f i l e name sys t em_c h an g e s - mac h i n e Y - mon t h_Z txt i n the / home / s t u d e n t d i rectory o n the se rve r X m a c h i n e a s user st u d e n t R e p l a c e Y w i t h t h e m a c h i n e n u m be r a n d re p l ace z with t h e m o n t h s jan, feb, a n d mar C reate t h e /home/ s t u d e n t /syschanges d i rectory w i t h t h e s u b d i rectories j an, feb, and mar - Sort all n ewly created fi l es by m o n t h i nto t h e corres p o n d i n g s u b d i recto ry Remove a l l newly c reated f i l es related to m a c h i n e a n d 0, because t h e h a rd wa re h a s been re p l aced p e r m a n e nt l y C reate a tota l of 30 f i l es w i t h n a mes syst em_chan g e s - machine Y- mon t h_Z t x t Re p l a ce Y w i t h t h e m a c h i n e n u m be r a n d re p l a ce Z w i t h t h e m o n t h s jan, feb, a n d mar r [student@serverx - - - - ] $ t o u c h -student/system_changes - machine { 10} mont h_{ j an , feb , ma r } tx t - 412 R H1 24- R H E L7-en-1-20140606 - - - - Solution - 2.2 C reate t h e /home/ s t u d e n t /syschanges d i rectory with t h e s u b d i rectories j an, feb, and mar j [student@serverx -]$ m k d i r - - p /home/student/syschange s / { j an , feb , mar} I - � 2.3 S o rt a l l n e w l y c reated f i l es by m o n t h i nto t h e corres p o n d i n g s u b d i recto ry [ student@serverx -]$ [student@serverX -]$ syschanges/feb/ [student@serverX -]$ - � mv - s t u d e n t / system changes - machine * j an xt /home/ s t udent/ syschanges/j an/ - syschanges/mar/ - mv -student/system_changes - machin e * feb txt /home/student/ mv - s t u d e n t / system_change s - machine *mar txt /home/student/ II I j' l 2.4 R e m ove a l l n ewly created f i l es re l ated to m a c h i n e a n d [student@serverx -]$ - - ·�� ' rm - f /home / s t udent/syschanges/ * /sys t em_change s machine{ , 10} * txt Use the man pages to research how to t u r n off t h e use of c o l o rs in the output Put the re l eva nt opt i o n of the ls co m m a n d i nto the text f i l e / home/ s t u d e n t /lscolo r t x t on serverX - 3.1 Look u p t h e re l eva nt o pt i o n i n the ls(1) m a n page to dete r m i n e how to p reve nt I s from p rovi d i n g co l o rfu l output W h a t i s the correct option? I - - [student@serverX -]$ man ls ls uses - - colo r =neve r to t u r n off co l o rs i n t h e c o m m a n d o u t p ut 3.2 C reate t h e text file /home / s t u d e n t /lscolo r txt with the ls option to turn off c o l o rfu l output [ student@serverX -]$ - - Copy the f i l e /home / s t u d e n t /vimfile txt to /home/ s t u d e n t /longlis t ing t x t o n serverX U s e t h e vim e d i t o r to c h a n g e t h e /home/ s t u d e n t / lon glis t i n g txt f i l e accord i n g to t h e fo l l ow i n g req u i re m e nts: • R e m ove the file owner co l u m n Do n ot re m ove a ny spaces • R e m ove the Docume n t s and P ic t u r e s rows • Save the f i l e w h e n done with e d it i n g - - - e c h o " - - color=neve r " >/home/st u d e n t /lscolo r txt 4.1 C o p y t h e f i l e / home / s t u d e n t /vimfile t x t t o / home/ s t u d e n t /longli s t in g t x t [ student@serverx -]$ cp /home/student/vimfile txt /home / s t udent /longlistin g t x t - - - R H 24- R H E L - en -1 -20140606 41 - - C h a pter Co m p re h e n s ive Review - 4.2 Edit the f i l e u s i n g V i m , to take a d v a n t a g e of visual mode I [ student@serverx - ] $ vim / home/s t u d e n t /longlisting t xt - I 4.3 R e m ove t h e owner c o l u m n from t h e f i l e - U s e t h e a r row keys to pos i t i o n t h e c u rs o r at t h e fi rst c h a cter of t h e g ro u p owner co l u m n Enter visual mode w i t h C t r l - v U s e t h e a r row keys to p o s i t i o n t h e c u rsor at t h e l a st c h a racter a n d row of t h e g ro u p o w n e r co l u m n D e l ete t h e s e l ec t i o n with x 4.4 R e m ove t h e Docume n t s and Pic t u r e s rows Th i s t i m e, enter v i s u a l m o d e with an u p p e rcase v, which a utomatica l ly s e l ects f u l l l i nes U s e the a r row keys to pos i t i o n the c u rsor at a ny c h a racter on the Docume n t s row E n t e r v i s u a l m o d e with a n u p p e rcase v T h e fu l l l i n e is s e l ected, a s s h o w n i n t h e screen s h ot D e l ete t h e s e l ection w i t h x Repeat for t h e Pic t u res row - - - - 4.5 S a ve t h e f i l e a n d exit the editor Press t h e "esc" key a n d enter ":wq " to w rite t h e f i l e a n d exit vim - C h a n g e confi g u t i o n a n d add new u s e rs a n d a new g ro u p accord i n g to t h e fo l l o w i n g req u i re m e n t s : • C h a n g e t h e defa u lt system sett i n g s for n ew l y c reated users to e n s u re t h e i r passwords a re c h a n g e d at l e a st every 60 d a ys • Create a new g ro u p n a med ins t r u c t o r s with a G I D of 30000 • Create t h ree new users : go rwell, r br a d b u ry, a n d dadams, with a pa sswo rd of f i r s t pw • • • • Add t h e new u s e rs to t h e s u p p l e m entary g r o u p inst r u c t o r s T h e p r i m a ry g r o u p shou l d re m a i n a s t h e u s e r private g ro u p - - - - Set t h e t h ree n e w l y c reated accou nts to ex p i re 60 days from today C h a n g e t h e pa ssword p o l icy for t h e go rwell a ccount to req u i re a n e w password every days Fo rce a l l t h ree newly c reated u sers to c h a n g e their pa ssword o n fi rst l o g i n 5.1 C h a n g e t h e d e fa u lt syste m sett i n g s fo r n e w l y c reated users t o e n s u re t h e i r pa sswords a re c h a n g e d a t l east every 60 d ays [student@serverx - ] $ [ student@serverx - ] $ Output omitted PASS_MAX_DAYS 60 PASS_MIN_DAYS PASS_MIN_LEN PASS_WARN_AGE Output omitted sudo vim /etc/login defs cat /etc/login defs - - - - - - 5.2 C reate a new g ro u p n a m e d i ns t r u ctors w i t h a G I D of 30000 - 414 R H 24- R H E L 7-en-1-20140606 - - - - S o l ut i o n - [student@serverX -]$ [student@serverX -]$ stapdev : x : 158 : pesign : x : 989 : tcpdump : x : 72 : slocate : x : 21 : instructors : x : 30000 : - - sudo g roupadd - g 30000 i n s t r uc t o r s t ail - /etc/group C reate t h re e n e w u se rs: go rwell, r b radbu ry, a n d dadams, with a password of f i r s t pw a n d a d d t h e m to t h e s u p p l e m e ntary g ro u p inst r u c t o r s T h e p ri m a ry g ro u p s h o u l d re m a i n a s t h e u s e r private g ro u p [student@serverx -]$ sudo user add - G in s t r u c t o r s go rwell [ student@serverX -]$ sudo useradd - G i n s t r u c t o r s rbradbury [student@serverX -]$ sudo user add - G i n s t r u c t o r s dadams [ student@serverX -]$ t ail -5 /etc/group slocate : x : 21 : instructors : x : 30000 : gorwell, rbradbury, dadams gorwell : x : 1001 : rbradbury : x : 1002 : dadams : x : 1003 : [student@serverX -]$ sudo pas swd go rwell Changing password for user gorwell New password : fi r s t pw BAD PASSWORD : The password is shorter than characters Retype new password : firstpw passwd : all authentication tokens updated successfully [student@serverx -]$ sudo pas swd r b radbu ry [student@serverX -]$ sudo pas swd dadams - - - - - - - 5.4 Dete r m i n e t h e date 60 d a ys i n t h e fut u re a n d set e a c h of t h e t h ree new u s e r acco u nts to expire o n that date [student@serverX -]$ d a t e - d "+60 day s " Mon April 11 : 49 : 24 EDT 2014 [student@serverx -]$ sudo chage - E 2014 - 04 - 05 [student@serverX -]$ sudo chage - E 2014 - 04 - [ student@serverX -]$ sudo chage - E 2014 - 04 - 05 - - - - - _J go rwell r b radbury dad ams 5.5 C h a n g e t h e pa ssword p o l icy for t h e go rwell acco u nt to req u i re a new password every days [student@serverX -]$ sudo chage -M 10 go rwell [student@serverX -]$ c hage go rwell Last password change Password expires Password inactive Account expires j Minimum number of days between password change I Maximum number of days between password change J Number of days of warning before password expires -1 · I [ student@serverX -]$ Feb 04, 2014 Feb 14, 2014 never April 05, 2014 10 5.6 Fo rce a l l t h re e n e w l y c reated users to c h a n g e t h e i r pa ssword on f i rst l o g i n - - - R H 24- R H E L7-en-1-20140606 sudo c hage - d go rwell 41 - ·- C h a pter 16 C o m p re h e n s ive Review [student@serverX [student@serverX ·- - ] $ sudo c h a g e - d a r b radb u r y - ] $ sudo chage - d a dadams - C reate t h e s h a red d i rectory / h ome/inst r u c t o r s on serverX accord i n g to t h e fo l l o w i n g req u i re m e nts: • • The d i rectory i s o wn ed by u s e r root a n d g ro u p i n st r u ctors Set permissions o n the /home/in s t r u c t o r s d i rectory so it h a s the G I D bit set o n the d i recto ry, the owner and g r o u p have f u l l rea d/w rite/execute permissions, and ot h e r users have read p e r m i s s i o n to t h e d i recto ry - 6.1 O p e n a term i n a l w i n dow a n d become root on serverX � udent@serverx Password : I [ root@serverx - - -]$ su - redhat -]# - 6.2 C reate t h e / home/ins t r uc t o r s d i recto ry [ root@serverX - - ] # mkdir /home/in s t r u c t o r s 6.3 C h a n g e g ro u p p e r m i s s i o n s o n the /home/in s t r u c t o r s d i rectory so it b e l o n g s to t h e g ro u p i n st r u ctors I [ root@serverX - ] # c hown : in s t r uc t o r s /home/in s t r u c t o r s 6.4 Set p e r m i s s i o n s o n the / home/in s t r u c t o r s d i rectory so it is a set G I D bit d i rectory (2), t h e owner (7 ) and g ro u p (7) h ave fu l l read/write/execute p e r m i s s i o n s , and o t h e r users h a v e r e a d p e r m i s s i o n ( ) to t h e d i recto ry I [ root@serverX � [ root@serverX - ] # ls - ld /home/ins t r u c t o r s drwxrwsr- - root instructors 1024 Dec : 38 /home/instructors Dete r m i n e t h e process u s i n g t h e m ost C P U resou rces o n s e rverX a n d t e r m i nate it 7.1 I n a ter m i n a l w i n d ow, r u n t h e top u t i l ity S i z e t h e w i n d ow as ta l l as poss i b l e To p s o rts a l l p rocesses b y C P U u t i l izat i o n The c p u h o g p rocess i s t h e o n e w i t h t h e h i g hest C P U u s a g e [ root@serverX - ] # top top 12 : 47 : 46 up : 02, users, load average : 67, 25, 73 Tasks : 361 total, running, 355 sleeping, stopped, zombie %Cpu ( s ) : 98 us, sy, ni, id , wa, hi, si, st KiB Mem : 2043424 total, 897112 used, 1146312 free, 1740 buffers used , 4079612 free 296276 cached Me KiB Swap : 4079612 total, PID USER TIME+ COMMAND PR NI VIRT RES SHR S %CPU %MEM 4019 root 76 20 4156 R 57 : 54 15 cpuhog - 41 - - - ] # chmod 2774 / h me/in s t r u c t o r s 6.5 Check t h a t the p e r m i s s i o n s were set p ro p e r l y - R H 24- R H E L7-en-1-20140606 - - - - - - - - - - - Solution 2492 student 20 1359500 168420 37492 s 16 8 : 55 58 gnome-shell 1938 root 20 189648 35972 7568 R : 29 66 Xorg 2761 student 20 620192 19688 12296 s 0 : 04 48 gnome-termi+ - - o u tpu t t runca ted 7.2 Exit the top d i s p l ay - Press q to q u it - 7.3 Te r m i n ate t h e c p u hog process u s i n g the com m a n d l i ne Confirm t h at t h e p rocesses no l o n g e r d i s p l ay i n top I [ root@serverx -]# - - Stop the c u r re n t l y r u n n i n g cups p r i n t i n g s e rvice o n serverX The s e rvice s h o u l d not get a utomatica l l y sta rted on syste m boot 8.1 Stop the cups service - [ student@serverX -]$ [student@serverx -]$ - I - [student@serverX -]$ [student@serverx -]$ sudo syst emc t l disable c u p s sudo s y s t e m c t l s t a t u s cups Confi g u re the s s h s e rvice o n serverX accord i n g to the fo l l o w i n g req u i re m e nts: • • - sudo systemc t l stop cups sudo syst emc t l s t a t u s c u p s 8.2 Confi g u re t h e c u p s service so that it does n ot sta rt a t system boot - - pkill cpuhog User student o n s e rve r X ca n l o g i n with a S S H p u b l i c key to the s t u d e nt acco u n t o n desktopX D i sa b l e s s h login for t h e root user and pa sswo rd-based SSH a ut h e nt i c a t i o n o n se rve rX 9.1 G e n e rate a S S H p u b l ic key o n serverX a s user stude nt I [student@serverx -]$ s s h - keygen 9.2 I n sta l l the SSH p u b l i c key g e n e rated p reviou s l y o n se rverX to the s t u d e n t acco u n t on d e s ktopX - - - - [student@serverx -]$ s s h - copy - id desktopX /usr/bin/ssh -copy-id : INFO : attempting to log in with the new key( s ) , to filter out any that are already installed /usr/bin/ssh-copy-id : INFO : key( s ) remain to be installed - - if you are prompted now it is to install the new keys student@desktopX ' s password : s t udent Number of key ( s ) added : Now try logging into the machine, with : "ssh ' student@desktopX ' " and check to make sure that only the key ( s ) you wanted were added - - - RH124- R H E L 7-en-1-20140606 417 - - C h a pter C o m p re h e n s i ve Review - 9.3 Log in, then c h a n g e to the root a ccou nt, o n the s e rverX v i rt u a l m a c h i n e I [student@desktopX -]$ - su - 9.4 C u s t o m i z e t h e s s h service o n s e rverX by d i s a b l i n g S S H c o n n e c t i o n s for t h e u s e r root a n d o n l y a l low key-based l o g i n S e t t h e n ecessa ry confi g u t i o n f i l e p a m eters i n / e t c / s s h / s s hd_config: PermitRootLogin no PasswordAuthentication no - - - 9.5 Restart t h e sshd service o n serverX [ root@serverx -] # sys t emc t l r e s t a r t s s h d - 9.6 O n a d iffe re nt term i n a l w i n dow o n desktopX, va l i date t h a t user root c a n n ot connect to serverX with t h e ssh co m m a n d I t s h o u l d fa i l beca use we d i s a b l e d root logins w i t h t h e s s h servi ce [ student@desktopX -]$ ssh root@serverX Password : redhat Permission denied, please try again Password : redhat Permission denied, please try again Password : redhat Permission denied ( publickey, gssapi- keyex, gssapi-with - mic, password ) Yo u r serverX m a c h i n e h a s been rel ocated to t h e B a h a mas T h e fo l l o w i n g c h a n g e s h ave to be m a d e o n the serverX m a c h i n e : • C h a n g e t h e t i m e zone on t h e serverX m a c h i n e to B a h a m a s a n d ve r i fy t h e t i m e z o n e has been c h a n g e d prope r l y - - - - - - 0.1 I d e ntify t h e correct t i m e z o n e for B a h a m a s on serverX [ root@serverx -]# t zselect Please identify a location so that time zone rules can be set correctly Please select a continent or ocean 1} Africa } Americas 3} Antarctica 4) Arctic Ocean ) Asia } Atlantic ocean ) Australia } Europe ) Indian Ocean 10} Pacific Ocean 11} none - I want to specify the time zone using the Posix TZ format #? Please select a country 28} Haiti 1} Anguilla 29 } Honduras } Antigua & Barbuda - - - - - - 41 R H 24- R H E L7-en-1-20140606 - - Sol ution - - - - - - - - - - - - - 30 ) Jamaica ) Argentina ) Aruba 31 ) Martinique ) Bahamas 32 ) Mexico ) Barbados 33 ) Montserrat ) Belize 34 ) Nicaragua ) Bolivia 35 ) Panama ) Brazil 36 ) Paraguay 10 ) Canada 37 ) Peru 11 ) Caribbean Netherlands 38 ) Puerto Rico 12 ) Cayman Islands 39 ) St Barthelemy 13 ) Chile 40 ) St Kitts & Nevis 14 ) Colombia 41 ) St Lucia 15 ) Costa Rica 42 ) St Maarten ( Dutch part ) 16 ) Cuba 43 ) St Martin ( French part ) 17 ) Curacao 44 ) St Pierre & Miquelon 18 ) Dominica 45 ) St Vincent 19 ) Dominican Republic 46 ) Suriname 20 ) Ecuador 47 ) Trinidad & Tobago 21 ) El Salvador 48 ) Turks & Caicos Is 22 ) French Guiana 49 ) United States 23 ) Greenland 50 ) Uruguay 24 ) Grenada 51 ) Venezuela 25 ) Guadeloupe 52 ) Virgin Islands (UK) 26 ) Guatemala 53 ) Virgin Islands (US) 27 ) Guyana #? The following information has been given : Bahamas Therefore TZ= ' America/Nassau ' will be used Local time is now : Fri Mar 09 : 38 : 50 EST 2014 Universal Time is now : Fri Mar 14 : 38 : 50 UTC 2014 Is the above information OK? ) Yes ) No #? You can make this change permanent for yourself by appending the line TZ= ' America/Nassau ' ; export TZ to the file ' profile ' in your home directory; then log out and log in again Here is that TZ value again, this time on standard output so that you can use the /usr/bin/tzselect command in shell scripts : America/Nassau - 0.2 C h a n g e t h e time z o n e to A m e rica/ N a s s a u o n serverX - - - - [ root@serverX -]# t imedatec t l set - timezone America/Nassau 0.3 Ve rify the t i m e zo n e has been properly set on serverX [ root@serverX -]# Local time : Universal time : RTC time : Timezone : NTP enabled : NTP synchronized : RTC in local TZ : Wed 2014-04-09 Wed 2014-04-09 Wed 2014-04-09 America/Nassau yes no no t imedatec t l 18 : 21 : 06 GEST 16 : 21 : 06 UTC 16 : 21 : 06 ( GEST, +0200 ) - - - R H 24- R H E L7-en-1-201 40606 419 - - C h a pte r C o m p re he n s ive Review I I I DST active : yes Last DST change : DST began at Sun 2014-03-30 01 : 59 : 59 CET Sun 2014-03-30 03 : 00 : 00 CEST Next DST change : DST ends ( the clock j umps one hour backwards ) at Sun 2014-10-26 02 : 59 : 59 CEST Sun 2014-10-26 02 : 00 : 00 CET - - - ' - �-� - � ��-� ' 11 12 Record t h e com m a n d to d i s p l a y a l l syst emd j o u r n a l e n t ries record e d between : : 0 a n d 9:15:00 i n t h e /home / s t u d e n t / systemd review t x t f i l e I [ root@serverX -]# echo " j ou rnalctl - - since : 05 : 00 - - u n t il : 15 : 00 " >/home / s t udent/ - - systemdreview txt Confi g u re r syslogd by a d d i n g a r u l e t o t h e n e w l y created config u t i o n f i l e / e t c / r syslog d/au t h - e r ro r s c o n f to l o g a l l secu rity a n d a u t h e ntication m e s s a g es t h a t get recorded i n t h e a ut h p r i v fac i l ity w i t h t h e p r i o rity a l ert a n d h i g h e r to t h e /var /log/au t h - e r ro r s fi l e a s we l l Test t h e n e w l y a d d e d log d i rective with t h e logge r command - - 2.1 Add t h e d i rective to log au t h p r iv ale r t sys log m e s s a g e s to t h e /var/log/au t h - e r ro r s f i l e i n t h e / e t c / r syslog d/au t h - e r ro r s c o n f confi g u ration f i l e I [ root@serverx -] # echo - " au t h p r iv ale r t /var/log/au t h - e r ro r s " >/etc/r syslog d/ I au t h - e r r o r s conf L_ - 2 Restart t h e r syslog service o n se rve rX j [ root@serverx -]# - syst emc t l r e s t a r t r syslog � �� -� �� -' M o n itor t h e n e w l y created l o g f i l e /va r/log/au t h - e r r o r s on serverX for c h a n g es i n a d iffe re nt t e r m i n a l w i n dow [ root@serverX -]# - t ail -f /var/log/au t h - e r r o r s 2.4 U s e logger to create a new l o g e ntry to /va r/log/au t h - e r ro r s o n serve r X I [ root@serverx -]# i I 13 - logger - p authp riv ale r t " Logging t e s t a u t h p riv ale r t " - 12.5 Ve rify t h e message sent to sys l o g with t h e logge r c o m m a nd a p pe a rs i n t h e /va r/log/au t h - e r ro r s fi l e o n serverX i n t h e t e r m i n a l r u n n i n g t ail - f /va r / log/au t h - e r r o r s I [ root@serverX -]# - - -� -, Feb 13 11 : 21 : 53 serverl root : Logging test authpriv alert - t ail - f /var/log/au t h - e r r o r s C reate a new stat i c n etwork c o n n ection using t h e sett i n g s i n the fo l l owi n g table B e s u re to re p l a c e t h e X w i t h the c o r rect n u m be r for yo u r systems - - 420 RH124- R H E L 7-en-1-20140606 - - - - Solution - - • Confi g u re t h e new n e ct i o n to b e a utomatica l l y sta rted • other c o n n e ct i o n s s h o u l d not start a utomat ica l l y • M o d ify t h e new connect i o n so t h a t it a l s o uses t h e a d d ress 0.0.X.1 /24 • Config u re t h e h o s t s f i l e so t h a t 0.0.X.1 c a n be refe re n ced as " my h ost " • S e t t h e host n a m e t o s e rverX.exa m p l e.com - - - - Pa m eter Sett i n g Connection name review IP a d d ress 172 25.X.11 /24 Gateway a d d ress 172.25.X.254 D N S a d d ress 172.25.254.254 - C reate a new static network c o n n e c t i o n u s i n g the sett i n g s in the ta b l e Be s u re to re p l a ce the X w i t h the correct n u m be r for yo u r syste ms - - - - L - � �m � · ·-1 - ] # nmcli a d d - n me revie ifn e e t h EI pe ethernet ip4 172 25 X 11/24 gw4 172 25 X 254 - ] # nmcli mod 11 review11 ipv4 d n s 172 25 254 254 [ root@serverx - - ��- - ��- - - 13.2 Confi g u re t h e new c o n n e c t i o n to be a utosta rted o t h e r c o n n e c t i o n s s h o u l d not start a utomatica l l y I i L_ _ - � r' �·root@serverX [ root@se rve rx [ root@serverX i [ root@serverx - � - - -�- - ] # nmcli mod " review" conne c t ion a u t oconnect yes - ]# nmcli mod " System e t h EI " conne c t ion autoconnect no - : 13.3 M o d ify t h e new connect i o n so that it a l so uses t h e a d d ress 0.0.X.1 /24 L - ] # nmcli mod " review" +ipv4 addresses 19 X 1/24 Or a l ternate l y : [ root@serverX [ root@serverx - - ] # e c h o " I PADDR1=10 El X " >> /etc/sysconfig/netwo r k - sc ripts/ ifcfg - review - - » /etc/sysconfig/netwo r k - sc ripts/ifcf g 3.4 Config u re t h e hos t s f i l e so t h a t 0.0.X.1 can be refe re nced as " myhost " i - - ] # echo " PREFIX1=24" review ! [ root@serverX - ] # echo " 10 El X myhos t " > > /etc/ho s t s 13.5 Set t h e host n a m e to serverX.exa m p l e.com - j [ root@serverx - ] # host namec t l set - hostname serverX example com - - - R H 24- R H E L7-en-1 -20140606 421 - - C h a pter C o m p re h e n s ive Review - 14 S y n c h r o n i z e the /etc d i rectory t re e o n serverX to the /configbac k u p d i rectory on serverX - 14.1 To be a b l e to c reate t h e ta rget d i rectory /configbac kup, switch to t h e root user acco u nt w i t h t h e s u com m a n d [student@serverX -]$ Password : redhat [ root@desktopX -]# - su 14.2 C reate t h e ta rget d i rectory f o r t h e confi g u t i o n f i l es o n serverX [ root@serverX -]# I - mkdir /configbac kup - 14.3 U s e the r sync c o m m a n d to sy n c h ro n i z e the /etc d i rectory t re e o n s e rverX to the /configsync d i rectory o n s e rverX Be a wa re that o n l y t h e root user ca n rea d a l l the content in the /etc d i rectory o n se rve rX I [ root@serverX -]# rsync - av /etc /configbackup - ! 15 C reate a n a rc h ive n a m e d / r oo t /config u r at ion - backu p - s e r ve r t a r gz w i t h t h e /config bac k u p d i rectory a s content - 5.1 Store t h e /configbac k u p d i rectory i n the / r oo t /config u r a t ion - bac k u p - se rve r t a r gz a rc h ive - zr �ot@serverx -]# tar czf / root/configu ration - backu p - se r v:��-g� /configbac kup I · I - � -� 16 To p repa re t h e a rc h ived d i rectory t ree for c o m pa rison with t h e c u r r e n t l y a ctive l y used confi g u ti o n f i l es o n s e rverX, extract t h e contents of t h e / root/config u r at ion - bac k u p - s e rve r t a r gz a rc h ive to t h e /tmp/configcompare/ d i rectory o n serverX - - 6.1 C o n n e ct to t h e serverX m a c h i n e as user root by using ssh [ root@desktopX - ] # Password : redhat [ root@serverx -]# - s s h root@serverX - 6.2 C reate t h e ta rget d i rectory / t mp/configcompa re/ w h e re t h e contents o f t h e / r oot /config u r a t ion - bac k u p - se rve r t a r gz arch ive w i l l g e t extracted l [ root@serverx -]# mkdir /tmp/configcompare - C h a n g e to the ta rget d i rectory / t mp/configcompare/ o n s e rverX [ root@serverX -]# cd / t mp/configcompare [ root@serverX configcompare]# 422 R H1 24- R H E L7-en-1-20140606 - - - - S o l ut i o n - 6.4 Extract t h e contents of t h e / r oot/config u rat ion - bac ku p - serve r t a r gz a rc h ive to the / t mp/configcompa r e / d i rectory o n serverX ! I ! - 17 • - U s e s s h to execute t h e host name com m a n d o n d e s ktopX a s user st u d e n t S e n d t h e o u t p u t o f t h e h o s t name c o m m a n d to t h e / t m p / s c pfile t x t f i l e on d e s ktopX U s e s c p to copy t h e / t mp/sc pfile t x t f i l e from d e s ktopX to /home / s t u d e n t / sc pfile tx t 17.1 Use s s h to e x e c u t e t h e h o s t name c o m m a n d o n d e s ktopX a s u s e r st u d e nt S e n d t h e o u t p u t o f t h e h o s t name c o m m a n d to t h e / t mp / s c pfile t x t f i l e o n d e s ktopX - i I - i [ root@serverx - ] # s s h s t udent@desktopX ' ho s t name >/tmp/scpfile txt ' 17.2 Use scp to copy t h e / t mp/scpfile t x t f i l e from deskto p X to / home/ s t u d e n t / s c pfile txt o n the serverX m a c h i ne - I i - - t a r xzf /root /config - bac k u p - serve r t a r gz Perform t h e fo l l ow i n g tasks on t h e serverX m a c h i n e : • - [ root@serverX configcompare]# [ root@serverX - ] # scp root@desktopX : /tmp/sc pfile t xt /home/student/ 18 C reate t h e file / e t c /yum repos d/local u pdat es repo to e n a b l e t h e " U pdates" re pository fo u n d o n t h e content m a c h i ne I t s h o u l d a ccess content fo u n d a t the fo l l ow i n g U R L: http://conte nt.exa m p l e.com/rhel7.0/x 86_64/e r rata Do not c h e c k GPG s i g n a t u res C reate the f i l e / e t c /yum repos d/localupdat es repo with the fo l l ow i n g content: - [u � dates] Hat Updates I- name=Red baseurl=http : //content example com/rhel7 0/x86_64/errata enabled=l gpgcheck=0 - - - Confi g u re s e rverX to a d h e re to specific softwa re req u i re m ents: • The kernel package s h o u l d b e updated to t h e l atest vers i o n • The xsane - gimp package s h o u l d b e i n sta l l ed • The r h t - sys t em package s h o u l d be i n sta l l ed • Fo r secu rity rea sons, s e rverX should not h a ve t h e wvd ial package i n sta l l e d - - F I X M E: n e e d to w a i t f o r f i n a l bits i n c l u d i n g rea l a va i l a b l e e rrata packa g es - 9.1 U pdate t h e kernel package yum update kernel - 19.2 l nsta l l t h e xsane - gimp p a c kage - - - R H1 24- R H E L 7-en-1-20140606 423 - - C h a pter C o m p r e h e n s ive Review - yum i n s t all xsane - gimp 9.3 I n sta l l the r h t - sys t em package - yum i n s t all r h t - sys t e m 9.4 Fo r secu rity rea s o n s , s e r v e r X s h o u l d n ot h a ve t h e wvd ial p a c k a g e i n sta l l e d y u m r emove wvd ial - 20 G e n e rate a d i s k u s a g e report with t h e du com m a n d of t h e / u s r/share/fon t s d i rectory o n serverX a n d s a v e t h e res u l t i n t h e /home/ s t u d e n t / d u r e po r t t x t f i l e [ root@serverx - - - ] # du / u s r / s hare/fo n t s >/home/student/durepo r t txt - 21 I dentify a n d m o u n t a n ew l y a d d e d file syste m by U U I D o n t h e /mn t / d a t adump d i rectory o n se rve rX - 21.1 I d e ntify t h e n ew l y added file system with the blkid co m m a n d o n serverX [ root@serverx - ] # blkid /dev/vdal : UUID="46f543fd-78c9-4526- a857- 244811be2d88" TYPE="xfs" /dev/vdbl : UUID="a84f6842 -ecld-4f6d- b767- b9570f9fcdc0" TYPE="xfs" - - 21.2 C reate t h e m o u n t po i n t /mnt/datad u m p o n serverX [ root@serverX - - ] # m k d i r /mnt/datadump 21.3 M o u n t the f i l e syste m by U U I D on the /mn t / d a t ad u m p d i rectory of the s e rverX m a c h i n e [ root@serverX - ] # moun t UUID= " a84f6842 - ec ld - 4f6d - b767 - b9570f9fcdc0 " /mnt / - - datadump 22 C reate the soft l i n k / root /mydat aspace, w h i c h p o i n t s to the /mn t /datadump d i rectory o n serverX , [ root@serverx - - ] # ln -s /mn t/datadump / root /mydatas pace 23 Record the com m a n d to f i n d a l l soft l i n ks o n s e rverX t h a t have data as part of t h e i r n a m e i n t h e /home/ s t u d e n t /find t x t f i l e [root@serverx - - ] # echo " find I - type - name ' * d a t a * ' " >/home/ student/find tx t - - - - - 424 RH124- R H E L7-en-1-20140606 - - - - Sol ution - S u m m a ry - Red H a t Syste m A d m i n istra t i o n I Com p re h e n s ive Review Review c h a pte rs to va l i d ate knowledge leve l • Review p ractice exerci s es to va l idate s k i l l l eve l - - - - - - - - - - - - - - - - - - R H 24- R H E L7-e n-1-20140606 425 ... P ractice: E d it i n g F i l es with V i m 98 Editing Text F i l es with a G p h i ca l Editor ... SYSTEM ADMINISTRATION I - RH124 Red Hat Enterprise Linux RH124 Red Hat System Administration I Edition - Authors: Susan Lauber, Philip Sweany , Rudolf Kastl, George Hacker Editor: Steven Bonneville... - - Red Hat System - Administration I Student Workbook - - - - RH124- RHEL7- en-1-20140606 MAN-RH124SKE-R2 Comprehensive, hands-on training that solves real world problems Red Hat System Administration

IT training RH124 RHEL7

Thông tin tài liệu

Từ khóa liên quan

Tài liệu cùng người dùng

Tài liệu liên quan