You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
### Generate an SSH key
ssh-keygen
### Copy SSH key to another host
ssh-copy-id user@host
### Access rh support
redhat-support-tool
### Generate SOS Report -> /var/tmp/sosreport-*.tar.xz
sosreport
File System Navigation
### Copy, move, remove(directory), make directory, touch a file
cp, mv, rm(dir), mkdir, touch
### List files(directories)
ls (-d)
### Link Files|Directories
ln [-s] TARGET LINK_NAME
Users and Groups
### Info about current logged in user
id
### Local user information
/etc/passwd
username:password:UID:GID:GECOS:/home/dir:shell
### Group info
/etc/group
groupname:password:GID:list,of,users
### Switch user (temporarily elevate)
su(do)
### User add|modify|remove
user(add|mod|del)
### Set passwords
passwd
### Group add|modify|remove
group(add|mod|del)
### User password data (account aging)
/etc/shadow
name:password:lastchange:minage:maxage:warning:inactive:expire:blank
### Password aging
chage
### Shadow password config
/etc/login.defs
### Disable login
/sbin/nologin
### LDAP Config
### server
yum -y install authconfig-gtk sssd krb5-workstation
### client
yum -y ipa-client && ipa-client-install
/etc/openldap/ldap.conf
### Kerberos
/etc/krb5.conf
### System security services daemon (sssd)
/etc/sssd/sssd.conf
### Check ldap
getent passwd ldapuserX
Combined Users Lab
### newly created users should change password every 30days
sed -i 's/^PASS_MAX_DAYS.*$/PASS_MAX_DAYS 30/' /etc/login.defs
### Create consultants with GID 900
groupadd -g 900 consultants
### Add sspade bboop dtracy to consultants (password = default)
### Expire accounts in 90 days
for u in sspade bboop dtracy; do
useradd -G consultants $u
echo 'default' | passwd --stdin $u
chage -E $(date +%Y-%m-%d -d +90days) $u
done
### bboop should change password every 15 days
chage -M 15 bboop
### Change password on first login
for u in sspade bboop dtracy; do
chage -d 0 $u
done
### Install ipa-client
yum -y install ipa-client
### Configure ipa-client
ipa-client-install --domain=server7.example.com --no-ntp --mkhomedir
### Display|Set SELinux contexts
ps,ls,cp,mkdir -Z
### Get|Set SELinux Mode
(get|set)enforce
### Manage context
semanage fcontext -a -t httpd_sys_content_t '/custom(/.*)?'
+++
restorecon -Rv file|dir
### Get|Set SELinux Booleans
(get|set)sebool
### List
semanage -l
### Get info about selinux failures
tail /var/log/audit/audit.log /var/log/messages
sealert -l ##SELinux alert##
Process Management
### Send signal to process(es)
kill(all), pkill
### Find processes
pgrep, top, w
### How long has system been running
uptime
### Change priority of process
(re)nice
### Overview of existing partitions with a file system
blkid
### (un)Mount a file system
(u)mount /dev/vdb1 /mnt/placeholder
### Manage partitions
fdisk /dev/vdb + partprobe /dev/vdb
### Create filesystem
mkfs.(xfs,ext4) /dev/vdb1
### Make swap space
mkswap
### Persistent mount fs
/etc/fstab
### Swap (activate|show)
swapon [-a|-s] ++ swapoff
Service Management
### Manage system services
systemctl (status|enable|disable|start|stop|mask) service
### Targets
systemctl get-default
systemctl set-default graphical|multi-user.target
### Boot Time systemd
^linux16.*systemd.unit=rescue|emergency.target$
### Grub
/etc/default/grub
grub2-mkconfig > /boot/grub2/grub.cfg
Recover root password
reboot
Interrupt boot loader
Move cursor to entry that needs to be booted
Press e to edit entry
Move cursor to linux16 line
Append rd.break (remember only one console)
Remount /sysroot as read-write mount -o remount,rw /sysroot
Chroot jail chroot /sysroot
Change password passwd root
Force SELinux relabel touch /.autorelabel
Exit
Network Configuration
ip (addr|link|route) show
ping
traceroute access.redhat.com
ss (replaces netstat)
### All files are in /etc/sysconfig/network-scripts
nmcli con (add|mod|show)
nmcli reload
nmcli con up <con_name>
### hostname configuration
/etc/hosts
hostname(ctl)
### Add dns
/etc/resolv.conf
nmcli con mod ID ipv4.dns IP
### Test DNS Server
host HOSTNAME
Lab: Managing RHEL Networking
Create a new connection with a static network connection (name=lab, ip=172.25.7.10/24, gateway=172.25.7.254, dns=172.25.254.254)
nmcli con add \
type ethernet \
ifname eth0 \
con-name lab \
ip4 172.25.7.10/24 \
gw4 172.25.7.254
nmcli con mod "lab" ipv4.dns 172.25.254.254
Autostart connection, other connections should not start
nmcli con mod "lab" connection.autoconnect yes
nmcli con mod "System eth0" connection.autoconnect no
Add an address 10.0.7.1/24
nmcli con mod "lab" +ipv4.addresses 10.0.7.1/24
Configure host 10.0.7.1/24 can be referenced as "private"
echo "10.0.7.1 private" >> /etc/hosts
System Logging and NTP
### Configure rsyslog to loga all debug messages to /var/log/messages-debug
echo "*.debug /var/log/messages-debug" >/etc/rsyslog.d/debug.conf
systemctl restart rsyslog
logger -p local7.debug "Debug log entry created on server7"
tail /var/log/messages-debug
### Show the full system journal
journalctl
### Persistent journal
mkdir /var/log/journal
chown root:systemd-journal /var/log/journal
chmod 2755 /var/log/journal
killall -USR1 systemd-journald
### Time
tzselect
timedatectl set-timezone <TIMEZONE>
systemctl restart chronyd