RHCSA Class Notes
Here are some notes from a recent RHCSA class.
Boot process
- RHEL 6 uses upstart instead of init. Upstart is setup to call the init scripts. Upstart
Networking
- disable NetworkManager and edit /etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcfg-* by hand.
- for i in NetworkManager; do service $i stop; chkconfig $i off; done
Cron
- Time statements are OR’ed together, NOT AND’ed together. So Sunday, January 2 would be January 2 OR Sunday. To get around that, you’ll need to script out the day of the week.
Disk Encryption
- LUKS - Linux Unified Key Setup
- Create a new LUKS encrypted device:
- cryptsetup luksFormat
- Establish access to the device:
- cryptsetup luksOpen
- /dev/mapper/
- cryptsetup luksOpen
- Create the filesystem:
- mkfs -t ext4 /dev/mapper/
- Mount the filesystem:
- mount /dev/mapper/
- Make filesystem persistant:
- vim /etc/fstab
- /dev/mapper/cryptomount ext4 defaults 1 2
- vim /etc/fstab
- Removing access to an encrypted device:
- Umount the filesystem, if mounted:
- umount /mnt
- cryptsetup luksClose mapname
- Umount the filesystem, if mounted:
- To make LUKS devices available at boot time (persistance):
- /etc/crypttab
- [keyfile] [options]
- /etc/crypttab
- To create a keyfile:
- dd if=/dev/urandom of=/etc/keyfile bs=1k count=4
- cryptsetup luksAddKey
- chmod 400 /etc/keyfile
- To test LUKS functionality for persistance:
- umount /cryptfs
- cryptsetup luksClose mapname
- #> bash
- #> . /etc/init.d/functions
- #> init_crypto 1
- #> mount -a
- #> ls /cryptfs
- Create a new LUKS encrypted device:
SELinux
- Every process or object has a SELinux context:
- identity:role:domain/type
- The SELinux policy controls:
- What identities can use which roles
- What roles can enter which domains
- What domains can access which types
- To change the context of a file, you can use the chcon command:
- chcon -R –reference=/var/www/html
- To restore the default labeling from the policy and apply the contexts to file:
- restorecon -R
- To change the SELinux mode during boot, you can pass the ‘enforcing=0’ option to the kernel in GRUB.
- Tools:
- sestatus
-
setenforce getenforce - policycoreutils
- setroubleshoot
- system-config-selinux <- part of policycoreutils-gui in RHEL.
-
setsebool getsebool - chcon
- restorecon
Kernel Tuning
- Kernel documentation package: kernel-doc
- yum -y install kernel-doc
- /usr/share/doc/kernel-doc-2.6.32/Documentation/sysctl
- sysctl -a
- displays all current values
- sysctl -w
- sets a value
- sysctl -p
- reads the /etc/sysctl.conf and loads the values into the kernel
- /etc/sysctl.conf
- File location to make changes persistent
- sysctl -w » /etc/sysctl.conf
LVM
- Create a Volume
- pvcreate /dev/sda4
- vgcreate VolGroup01 /dev/sda4
- -s flag will allow you to change the physical extent size. Default is 4MB and can be changed in increments of power of 2.
-
lvcreate -n Volname01 [ -L 10G -l +100%FREE -l +50 {# of extents} ] VolGroup01
- Resizing a volume
- vgextend
-
lvextend { -l <+extents> -L <+size> } - resize2fs
-
lvresize -r {-l <+extents> -L <+size> } - ‘-r’ - Resize logical volume and filesystem at the sametime.
-
-
lvreduce -r { -l -L }
- Snapshots
- create snapshots
-
lvcreate -s { -l -L } -n
-
- remove snapshots
- lvremove -f
- You will need space available in the volume group of your logical volume to be able to create a snapshot. A snapshot logical volume does not need to be the same size of the logical volume, but will need to be large enough to contain the data of the logical volume.
- You can grow the file system while it is mounted, but before shrinking it must first be unmounted.
- create snapshots
NFS
- showmount -e server1
- Confirm that services are running on the machine.
- rpcinfo -p server1
- See shared filesystems.
Apache
- Documentation Package:
- httpd-manual
- Documentation Location:
- http://localhost/manual
Autofs
- Mounting NFS Home directories:
- vi /etc/auto.master
- /home/nfs /etc/auto.nfs
- vi /etc/auto.nfs
-
- server:/home/nfs/&
-
- vi /etc/auto.master