Which User we will do the tasks?

======================================================
NETWORK CONFIGURATIONS
Question
-------------
• NETWORK CONFIGURATIONS. Configure the system using the following details.IP
address of machine : 172.25.250.10Subnet Mask : 255.255.255.0Gateway :
172.25.250.254Name Server : 172.25.250.254Host Name : servera.lab.example.com

========================================================

Check Both Machines are available over IP

Create a folder for my backup_Conf

IP Setup

nmcli connection show - get the ID

nmcli connection modify ens32 ipv4.addresses 192.168.44.121/24 ipv4.gateway

192.168.44.1 ipv4.dns 192.168.44.100 ipv4.method manual connection.autoconnect yes

nmcli connection up ens32 ---> Check the connectivity.

Setting Hostname--> hostnamectl set-hostname servera.lab.example.com

Verify Command --> cat /etc/hostname (or) hostnamectl

=======================================================
YUM Repository - Server A as repo
=======================================================
Question
-------------
:- Configure yum client by using the Yum baseurl paths
http://content.example.com/rhel8.0/x86_64/dvd/BaseOS and
http://content.example.com/rhel8.0/x86_64/dvd/AppStream

cd /etc/yum.repos.d/

vim server.repo

[server]
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
NB--> if file path location where the CD/DVD contenets are copied to /rpms folder:-
"baseurl=file:///rpms/BaseOS"
enabled=1
gpgcheck=0
name=rhel8.0

[server1]
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream
NB--> if file path location where the CD/DVD contenets are copied to /rpms folder:-
"baseurl=file:///rpms/AppStrem"
enabled=1
gpgcheck=0
name=rhel8.0.1

esc
:wq

Verify Command-->yum repolist

=======================================================
CREATE USERS
Question
-------------
Create a group named "admingroup".Create a user natasha who have admingroup as
supplementary group.Create a user harry whoe have admingroup as supplementary
group.Create User sarah should not have access to interactive shell and she should
not be a member of "admingroup" group.Set the password of above three users as
'wakennym'.
=======================================================

useradd natasha
passwd wakennym
passwd natasha-->wakennym-wakennym
useradd harry
passwd harry-->wakennym-wakennym
useradd sarah
passwd sarah-->wakennym-wakennym

groupadd admingroup

usermod -aG admingroup natasha

usermod -aG admingroup harry
usermod -s /sbin/nologin sarah

=======================================================

COPY FILE.
-----------------
Copy the file /etc/fstab to /var/tmp/fstab and configure the ACL as mention
following..
The file is owned to the user root.
The file belongs to the group root.
The file should not be executable by anyone.
The user natasha sholud able to read and write to the file.
The user harry can neither read nor write to the file.
Other users(future or current) should be able to read the file.
=======================================================

cp /etc/fstab /var/tmp/fstab
setfacl -m u:natasha:rw- /var/tmp/fstab (Read and Write permission to natasha)
setfacl -m u:harry:--- /var/tmp/fstab (no permission to harry)
setfacl -m g:testgroup1:rwx /var/tmp/fstab (Read and Write Executable permission to
group testgroup1)
setfacl -m o:r-- /var/tmp/fstab (Others are having only read permission)

--> Verify the action

getfacl /var/tmp/fstab

=======================================================
COLLABRATIVE DIRECTORY.
-------------------------------------------
Create a directory "/home/admins" with the following characteristics.
Group ownership of "/home/admin" should go to "admingroup".
The directory should have read,write and access permission for all the members of
"admingroup" group but not to any other users.(It is noted that the "root" has full
access to all files present in the system).
Files created under "/home/admins" should get the same group ownership is set to
the "admingroup" group.

=======================================================

mkdir /home/admins
chown :admingroup /home/admins
setfacl -m g:admingroup:rwx /home/admins
setfacl -m u:root:--- /home/admins
setfacl -m o:--- /home/admins
chown -R :admingroup /home/admins/
chmod g+s /home/admins

notes:- setfacl -d -m u::rwX,g::rwX,o::0 /var/grpdir

=======================================================
CONFIGURE NTP.
--------------------
Configure your machine to be a NTP client of classroom.example.com
=======================================================

timedatectl

system status chronyd

--> Verify Current Setup

vim /etc/chrony.conf

server classroom.example.com iburst

esc + :wq

systemctl restart chronyd

systemctl enable chronyd

# firewall-cmd --permanent --add-service=ntp
# firewall-cmd --reload

timedatectl

=======================================================
•CRON JOB.
-----------------
The user natasha must configure a cron job that runs at every 2 minutes and execute
the job "logger "EX200 EXAM IS ON PROGRESS".
=======================================================
note:- [a] – Minute [b] – Hour [c] – Day [d] – Month [e] – Day of the Week

crontab -e -u natasha
*/2 * * * * /usr/bin/logger "EXAM IS IN PROGRESS"

=======================================================
•Hard Link and Soft Link.
----------------------
Hard Link
ln logsfileSJ.txt /root/folder1/newhardlink.txt

to check the inode number --> ls -li logfileSJ.txt /root/folder1/newhardlink.txt

( inode ID will be same)
SoftLink

ln -s newfile1.txt secondfile.txt ( Ls -li ( Inode id will be different, parent

file deleted the link also is not available)

=======================================================

=======================================================
•Main Paths for configuration
----------------------

/etc/passwd
/etc/shadow
/etc/group
/bin/bash
/dev/null
/bin/bash
/sbin/nologin
/etc/sudoers
/etc/profile & etc/bashrc --> umask value
cat /etc/bashrc--> for Umask default value setup
cat /etc/profile
/etc/selinux/config

=======================================================
Sudo Permission ( Wheel Group )

=======================================================
To enable full sudo access for the user user01, you could create
/etc/sudoers.d/user01
with the following content:
user01 ALL=(ALL) ALL
To enable full sudo access for the group group01, you could create
/etc/sudoers.d/group01
with the following content:
%group01 ALL=(ALL) ALL

example:-
echo "%admin ALL=(ALL) ALL" >> /etc/sudoers.d/admin

=========================================================
USER Removal
=========================================================
• The userdel username command removes the details of username from /etc/passwd,
but
leaves the user's home directory intact.
• The userdel -r username command removes the details of username from /etc/passwd
and also deletes the user's home directory.

--> Please add the details here

=========================================================
Group Operations
=========================================================
groupmod -n group0022 group02 --->the -n option specifies a new name for the group
groupmod -g 20000 group0022 --> -g option specifies a new GID.
groupdel group0022 -->command removes groups group0022
usermod -g group01 user02 --> change user02 primary group to group01
usermod -aG group01 user03 --> command adds user03 to a supplementary group.

=======================================================
CHAGE Command
=====================================================
--> please get from note.

=======================================================
CHMOD Command
=====================================================
chmod WhoWhatWhich file|directory
• Who is u, g, o, a (for user, group, other, all)
• What is +, -, = (for add, remove, set exactly)
• Which is r, w, x (for read, write, execute)

chmod -R g+rwX demodir --> change permission of demo directory for group
recursively ( read write and execute)
chmod a+x file2 --> Setting executable permission for ( user & group&Other users)
chmod go-rw file1--> removes the read and write permission for the gropu and other
user permissions

1. Start with 0.
2. If the read permission should be present for this access level, add 4.
3. If the write permission should be present, add 2.
4. If the execute permission should be present, add 1.

=======================================================
CHOWN Command
=====================================================
chown student test_file --> ownership of the test_file file to the student
chown -R sijo softhardlink/ -->user ownership of the folder and the contents are
changed to user sijo
chown -R :ictsupport softhardlink/ --> group ownership of the folder and the
contents are changed to group ictsupport
chown visitor:guests test_dir --> changing the user and group ownership
accordingly

=======================================================
•Special Permission.
----------------------

=======================================================

u+s (suid) File executes as the user that owns the file, not the user that ran the
file. No effect.
g+s (sgid) File executes as the group that owns the file.
Files newly created in the directory have their group owner set to
match the group owner of the directory.
o+t (sticky) No effect. Users with write access to the directory can only remove
files that they own; they cannot remove or
force saves to files owned by other users.

Setting Special Permissions

• Symbolically: setuid = u+s; setgid = g+s; sticky = o+t
• Numerically (fourth preceding digit): setuid = 4; setgid = 2; sticky = 1

chmod g+s directory --> Add the setgid bit on directory

chmod 2770 directory --> Set the setgid bit and add read/write/execute permissions
for user and group, with no access
for others, on directory

umask

umask 007

vi command for permanent set

vi ~/.bash
below "# User specific aliases and functions"
umask <value>

vi ~/.bashrc
cat /etc/bashrc
cat /etc/profile

=======================================================
•SE Linux.
----------------------
Enforcing
Permissive
Disabled

semanage port -l
ps axZ
ps -ZC httpd

List all port definitions

# semanage port -l
Allow Apache to listen on tcp port 81
# semanage port -a -t http_port_t -p tcp 81
Allow sshd to listen on tcp port 8991
# semanage port -a -t ssh_port_t -p tcp 8991

restart the service

--> To Change the SE Linux mode

getenforce --> Will show the existing SE Linux Mode

setenforce permissive/enforcing changes to the selection.

/etc/selinux/config , can set the SE Linux mode persistently.

ls -Z /var/www/html/index.html --> Shows the SE linux Contenet of a File.

-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/
index.html

ls -Zd /var/www/html/ --> Shows the SE Linux xontent of the folder.

chcon -t httpd_sys_content_t /virtual --> changing the SE linux content of the

file to "httpd_sys_content_t"
restorecon ---> Changes to default SELinux content.

systemctl enable --now httpd

Question
Open a web browser on workstation and try to view http://servera/index.html.
You will get an error message that says you do not have permission to access the
file.
6. To permit access to the index.html file on servera, SELinux must be configured.
Define
an SELinux file context rule that sets the context type to httpd_sys_content_t for
the
/custom directory and all the files below it.

semanage fcontext -a -t httpd_sys_content_t '/custom(/.*)?'

if need to change the content back

restorecon -Rv /custom
chmod 711
setsebool -P httpd_enable_homedirs on

=======================================================
Tuning Profile
=======================================================
tuned-adm

tuned-adm list --> provides the list of available profiles

tuned-admin active --> shows the currently active profile.

tuned-adm profile <available profile from tuned-adm list command> --> sets that
profile.

ps axo pid,comm,nice,cls --sort=-nice

renice -n 19 3521 --> 3521 (process ID) old priority 15, new priority 19

ps u $(pgrep sha1sum)

for i in $(seq 1 3); do sha1sum /dev/zero & done

ps aux --sort=pcpu

=======================================================
YUM

=======================================================

List installed and available packages by name --- yum list [NAME-PATTERN]
List installed and available groups --- yum group list
Search for a package by keyword --- yum search KEYWORD
Show details of a package --- yum info PACKAGENAME
Install a package --- yum install PACKAGENAME
Install a package group --- yum group install GROUPNAME
Update all packages --- yum update
Remove a package --- yum remove PACKAGENAME
Display transaction history --- yum history

=======================================================
Mounting
=======================================================
lsblk -f ( Shows the UUID also)

mount UUID="46f543fd-78c9-4526-a857-244811be2d88" /mnt/data

umount /mnt/data --> unmounts

Parted

parted /dev/vdb help mkpart

parted /dev/vdb mkpart primary xfs 2048s 1000MB

parted /dev/sdb

mklabel ( msdos/gpt)

mkpart ( crate partition)

select the file systems --> parted /dev/vdb help mkpart --> commands shows the
available file systems can be parted.

quit

udevadm settle -->This command waits for the system to detect the new
partition and to create the associated device file under the /dev directory

mkfs.xfs /dev/sdb1 --> I selected the filesystem as xfs.

fstab entry

UUID=39a90ab4-0bde-4306-9bf5-7c86e1d3d9a9 /root/parteddiskmount xfs defaults 0 0

command to execute as single command

parted /dev/vdb mkpart myswap linux-swap 1001MB 1501MB

=======================================================
SWAP space Creation with parted
=======================================================

parted /dev/sdb
mkpart ( crate partition)
quit

mkswap /dev/sdb2

get the UUID lsblk -f

fstab entry
UUID=ffde66ff-197f-47c8-87e9-2cd9168bfc0e swap swap defaults 0 0

we can set priority

UUID=39e2667a-9458-42fe-9665-c5c854605881 swap swap pri=4 0 0

UUID=fbd7fa60-b781-44a8-961b-37ac3ef572bf swap swap pri=10 0 0

swapon /dev/vdb2

swapon

=======================================================
•SYSTEMCTL
----------------------
systemctl list-units --type=service
systemctl status sshd.service

=======================================================

=======================================================
•
----------------------

=======================================================

=======================================================
•
----------------------

=======================================================

=======================================================
•
----------------------

=======================================================

=======================================================
•CREATE USER.
----------------------
Create a user "alex" with uid 3456 with password "wakennym".

=======================================================
Check whether User alex is available
--> cat /etc/passwd | grep alex

useradd -u 3456 alex

passwd alex

Verify , -->cat /etc/passwd | grep alex

If groupid
--> groupadd -g 5465 support

*************************************
????
• SELINUX DEBUGGING The system consists of a web server which serves the contents
in /var/www/htmlThe webserver serves output using the port 82,not the default
oneMake necessary configurations in your system for serving the content using the
port 82

•SWAP CREATION. Add the swap space with "512"MiB on your system.Don't remove the
existing swap.Your new swap should be mounted at booting time also.

•LV CRREATION. Create the "LVM" with the name "database" by using 50PE's from the
volume group "datastore".Consider the PE size as "16MB".Mount it on /mnt/database
with file system ext3.

•STRATIS CREATION Create a stratis volume on the disk which is not used for
partition purpose.Create the stratis filesystem "stratisfs" in the pool
"stratispool"Mount the volume under the directory "/stratisvolume".Put a copy of
the file in "/stratisvolume" which got from the link Create snapshot of "stratisfs"
named as "stratisnap"

•AUTOFS. The home directory of LDAP users are shared via NFS.The
classroom.example.com (172.25.254.254)shares home directory of ldapusers via
NFS.Mount /home/guests/ldapuserX to your system, where x is your foundation
number.The ldapuserX's home directory is at
classroom.example.com:/home/guests/ldapuserx.The ldapuserX's home directory should
be automounted locally beneath /home/guests as /home/guests/ldapuserX.The home
directories must be writable by their users.For remote logging to the ldapuser
using the password 'kerberos'

•LOCATE FILES. Locate the files of owner "iris" and copy to the location
/root/findresult directory.

•SEARCH WORDS. Find the string "squid" from /usr/share/dict/words file and copy the
lines in /root/lists.txt file.

•BACKUP FILES. Compression and archive for /usr/local folder as /root/backup.bz2

format.

serverb.lab.example.com configurations

•ROOT PASSWORD BREAKING Configure the root password of serverb.lab.example.com as

'wakennym'.

• CONFIGURE YUM. Configure yum client by using the Yum baseurl path Configure yum
client by using the Yum baseurl paths
http://content.example.com/rhel8.0/x86_64/dvd/BaseOS and
http://content.example.com/rhel8.0/x86_64/AppStream

• LVRESIZE. Resize the lvm size to 300MiB the location from "/dev/vg/vo" without
loosing any data.Size between 270MiB and 330MiB is permissible

•SWAP CREATION. Add the swap space with "512"MiB on your system.Don't remove the
existing swap.Your new swap should be mounted at booting time also.

============================================================================
•LV CRREATION.

Create the "LVM" with the name "database" by using 50PE's from the volume group
"datastore".Consider the PE size as "16MB".Mount it on /mnt/database with file
system ext3.

============================================================================

parted -s /dev/vdb mklabel gpt

parted -s /dev/vdb mkpart primary 1MiB 257MiB
parted -s /dev/vdb set 1 lvm on
parted -s /dev/vdb mkpart primary 258MiB 514MiB
parted -s /dev/vdb set 2 lvm on

udevadm settle
pvcreate /dev/sdc1 /dev/sdc2

vgcreate srv1vg1 /dev/sdc1 /dev/sdc2 -s 16M

vgdisplay srv1vg1 | grep PE

lvcreate -n srv1lv1 -l 50 srv1vg1 or lvcreate -n srv1lv1 -L 800M srv1vg1 (16PE

size X 50 PE= 800M)

mkfs.xfs /dev/srv1vg1/srv1lv1

lsblk -f

mount temperoraly in /root/lvmount

mount /dev/srv1vg1/srv1lv1 lvmount

/dev/servera_01_vg/servera_01_lv /data xfs defaults 1 2

Extending and Reducing Volume Group

vgdisplay srv1vg1
parted /dev/sdc
parted -s /dev/sdc mkpart primary 2148MiB 3218MiB
parted -s /dev/sdc set 3 lvm on
pvcreate /dev/sdc3
vgextend srv1vg1 /dev/sdc3
vgdisplay
vgdisplay srv1vg1
lvdisplay /dev/srv1vg1/srv1lv1

lvdisplay /dev/srv1vg1/srv1lv1 |grep Size

lvextend -L +224M /dev/srv1vg1/srv1lv1
lvextend -l +1 /dev/srv1vg1/srv1lv1
lvdisplay /dev/srv1vg1/srv1lv1 |grep Size

lvextend -L +54 vg01/lvol10

Notes

lvextend -l 128 --> Resize the logical volume to exactly 128 extents in size.
lvextend -l +128 --> Add 128 extents to the current size of the logical volume.
lvextend -L 128M --> Resize the logical volume to exactly 128 MiB.
lvextend -L +128M --> Add 128 MiB to the current size of the logical volume.
lvextend -l +50%FREE --> Add 50 percent of the current free space in the VG to the
LV.

after the lvextend we need to grow the file system.

xfs_growfs /root/lvmount
resize2fs /dev/vg01/lv01 also can be used

============================================================================
•VDO

============================================================================
# yum install vdo kmod-kvdo

vdo create --name=vdo01 --device /dev/sdb --vdoLogicalSize=3G

vdo list

mkfs.xfs -K /dev/mapper/vdo01
udevadm settle

mkdir /mnt/vdo01
mount /dev/mapper/vdo01 /mnt/vdo01/
Mount the volume labvdo on /labvdovol with the XFS file system so that it persists
across reboots. Don't forget to use the x-systemd.requires=vdo.service mount
option in /etc/fstab

x-systemd.requires=vdo.service

UUID=ef8c...39b1 /labvdovol xfs defaults,x-systemd.requires=vdo.service 0 0

-->
The -K option in the preceding mkfs.xfs command prevents the unused blocks
in the file system from being discarded immediately which lets the command return
faster

•STRATIS CREATION Create a stratis volume on the disk which is not used for
partition purpose.Create the stratis filesystem "stratisfs" in the pool
"stratispool"Mount the volume under the directory "/stratisvolume".Put a copy of
the file in "/stratisvolume" which got from the link Create snapshot of "stratisfs"
named as "stratisnap"

systemctl status stratisd

systemctl enable stratisd
systemctl start stratisd

lsblk

41 stratis pool create stratispool /dev/sdb

42 stratis pool list
43 stratis blockdev list
44 stratis blockdev list stratispool
45 stratis filesystem create stratispool stratisfs
46 cd /stratis/stratispool/

48 stratis filesystem snapshot stratispool stratisfs stratisnap

49stratis filesystem list
50mkdir /stratisvolume
51ls /
52lsblk
53lsblk -lf
56 mount /stratis/stratispool/stratisfs /stratisvolume/
57 lsblk -lf
vi /etc/fstab

UUID=8f8de1f0-f11c-43f7-b969-d6da51b3cb62 /stratisvolume xfs defaults, x-

systemd.requires=stratisd.service 0 0
or
UUID=9b9d33fa-c873-4406-9072-83fde7567889 /stratisvolume xfs defaults 0 0

Deleting

# umount myfs1
# umount myfs1-experiment (if you created it)
# stratis fs destroy mypool myfs1
# stratis fs destroy mypool myfs1-experiment
# stratis pool destroy mypool

stratis pool add-data pool1 /dev/vdc --> add additional block devices to a pool.

•CONFIGURE TUNING Activate the tuning profile in your system which is recommended
by the system by default.

pass
network

Configure the network as follows:

The IP address of your system should be : 172.25.X.10
Subnet Mask : 255.255.255.0
Name Server: 172.25.254.254
Gateway: 172.25.X.254
Note : X is your foundation number.

The password for the root user should be 'redhat123'.

All systems in the example.com DNS domain are in the 172.25.254.0/255.255.255.0

subnet, and all systems in that subnet are in example.com. Unless otherwise
specified, any network services you are asked to implement should be accessible to
systems in example.com.

The hostname of your machine should be desktopX.example.com where X is your

foundation number.

QUESTIONS

CONFIGURE SELINUX.
Configure the selinux mode of your system as enforcing.

CONFIGURE YUM.
Configure your machine such that you are able to download exam softwares from
http://content.example.com/rhel7.0/x86_64/dvd/

CONFIGURE NTP.
Configure your machine to be a NTP client of classroom.example.com

CREATE USERS.
Create the following users:
Create a group sysadmin.
Create a user alice who has sysadmin as a supplementary group.
Create a user harry who also has sysadmin as his supplementary group.
Create a user joy who does not have an interactive shell.

LVM CRREATION.
Create a logical volume with 20 extents where one extend having the size of 16MiB.
The logical volume has the name of database and volume group have the name of
datastore.
The logical volume should be mounted under the directory /mnt/database with a file
system of ext3 and should be automatically available on reboot.

COPY FILE.
Copy the file /etc/passwd to /var/tmp/passwd.
The file should belong to the user root and group root.
The user alice should be able to read and write on the file.
The user harry should neither read nor write on the file.
All other users should have read permission on the file.

CREATE DIRECTORY.
Create a directory /mnt/data.
The user alice and harry should be able to collaberatively work on this directory.
The files and directories created within this directory should automatically belong
to the group sysadmin.
All members of the group should have read and write access.
All other users should not have any permissions.
Note: By default, root user will have read and write access on all files and
directories.

UPDATE KERNEL.
Update your kernel from http://content.example.com/rhel7.0/x86_64/errata/

CRON JOB.
Alice must set a job to run at 14:05 every day and the job is /bin/echo hi

CREATE USER.
Create a user ipsr with used id 3345.

SWAP PARTITION.
Create a swap partition of 256M and should be automatically available on reboot.

LOCATE FILES.
Find all files owned by the user root and group mail, copy the output files to
/root/findings.

SEARCH WORDS.
Display the matches for the words which begin with "ns" in the
/usr/share/dict/words and save the output to a file /home/student/locate.txt.

grep "ns*" /usr/share/dict/words >> /home/student/dict/words

AUTOFS.
The home directory of LDAP users are shared via NFS.
The classroom.example.com (172.25.254.254)shares home directory of ldapusers via
NFS.
Mount /home/guests/ldapuserX to your system, where x is your foundation number.
The ldapuserx's home directory is at classroom.example.com:/home/guests/ldapuserx.
The ldapuserx's home directory should be automounted locally beneath /home/guests.
The home directories must be writable by their users.

mkdir /home/guests/ldapuserX

mount -t nfs \ serverb.lab.example.com:/shares/direct/external

/home/guests/ldapuserX
echo "classroom.example.com:/home/guests/ldapuserx /local-share \ nfs rw,sync 0 0"
>> /etc/fstab

Firewall-CMD

firewall-cmd --get-zones

firewall-cmd --permanent --zone=internal --add-service=mysql

semanage port -a -t http_port_t -p tcp 81

firewall-cmd --get-default-zone
firewall-cmd --set-default-zone public
firewall-cmd --permanent --zone=public --list-all
firewall-cmd --permanent --zone=public --add-port=80/tcp
reload firewall-cmd

LVRESIZE.
Resize the logical volume 'm7_storage' to 900M which belongs to the volume group
'vgroup'.

BACKUP FILES.
Create an bzip2 archive /root/today_backup.tar.bz2 which stores the backup of
/etc .

ACCESS NETWORK USERS.

Bind your system to the LDAP server provided at classroom.example.com
The base DN is dc=example,dc=com.
You can download the TLS certificate from http://classroom.example.com/pub/example-
ca.crt
Use LDAP password for authentication and obtaining user information.
Log in as ldapuserX, (where X is your foundation number) with password 'password'.