Professional Documents
Culture Documents
RHCE "Cheat Sheet": RHCE and RHCT Exam Preparation Guide RH302
RHCE "Cheat Sheet": RHCE and RHCT Exam Preparation Guide RH302
This document attempts to provide answers to all study points on the RHCE and RHCT Exam
Preparation Guide in a single-page (and thus, printable) format. This is not a brain dump or an
attempt to cheat the RH302 exam in any way. These are just my self-study notes. Use them at your
own risk.
Note: Study points last updated on 2009-08-11. This list may become out of date without notice
(especially after I pass the test ).
updated by Dino Conti on 2010-06-25
Table of Contents
RHCE "Cheat Sheet"............................................................................................................................1
Testing Environment with Sun VirtualBox......................................................................................4
Prerequisite skills for RHCT and RHCE.........................................................................................4
use standard command line tools (e.g., ls, cp, mv, rm, tail, cat, etc.) to create, remove, view,
and investigate files and directories............................................................................................4
use grep, sed, and awk to process text streams and files.............................................................4
use a terminal-based text editor, such as vim or nano, to modify text files................................4
use input/output redirection........................................................................................................4
understand basic principles of TCP/IP networking, including IP addresses, netmasks, and
gateways for IPv4 and IPv6........................................................................................................5
use su to switch user accounts.....................................................................................................5
use passwd to set passwords.......................................................................................................5
use tar, gzip, and bzip2................................................................................................................5
configure an email client on Red Hat Enterprise Linux..............................................................5
use text and/or graphical browser to access HTTP/HTTPS URLs.............................................5
use lftp to access FTP URLs.......................................................................................................5
HELP in RHEL5.........................................................................................................................5
RHCT skills.....................................................................................................................................6
Troubleshooting and System Maintenance.................................................................................6
boot systems into different run levels for troubleshooting and system maintenance.............6
diagnose and correct misconfigured networking....................................................................6
diagnose and correct hostname resolution problems..............................................................6
configure the X Window System and a desktop environment...............................................6
add new partitions, filesystems, and swap to existing systems..............................................7
partitions............................................................................................................................7
filesystems.........................................................................................................................7
swap...................................................................................................................................8
use standard command-line tools to analyze problems and configure system.......................8
Installation and Configuration....................................................................................................8
perform network OS installation............................................................................................8
implement a custom partitioning scheme...............................................................................8
configure printing...................................................................................................................8
configure the scheduling of tasks using cron and at...............................................................9
cron....................................................................................................................................9
at/batch...............................................................................................................................9
attach system to a network directory service, such as NIS or LDAP...................................10
configure autofs....................................................................................................................10
add and manage users, groups, quotas, and File Access Control Lists................................10
users......................................................................................................................................11
groups...................................................................................................................................11
quotas...............................................................................................................................11
Access Control Lists........................................................................................................12
configure filesystem permissions for collaboration.............................................................12
install and update packages using rpm.................................................................................12
properly update the kernel package......................................................................................13
configure the system to update/install packages from remote repositories using yum or pup
..............................................................................................................................................13
create yum repository from installation DVD.................................................................13
modify the system bootloader..............................................................................................14
implement software RAID at install-time and run-time.......................................................14
use /proc/sys and sysctl to modify and set kernel run-time parameters...............................14
use scripting to automate system maintenance tasks............................................................15
configure NTP for time synchronization with a higher-stratum server................................15
RHCE skills...................................................................................................................................15
Troubleshooting and System Maintenance...............................................................................15
use the rescue environment provided by first installation CD.............................................15
diagnose and correct boot failures arising from bootloader, module, and filesystem errors15
grub errors........................................................................................................................16
kernel errors.....................................................................................................................16
diagnose and correct problems with network services (see Installation and Configuration
below for a list of these services).........................................................................................16
add, remove, and resize logical volumes..............................................................................17
diagnose and correct networking services problems where SELinux contexts are interfering
with proper operation...........................................................................................................17
Installation and Configuration..................................................................................................18
HTTP/HTTPS.......................................................................................................................19
install...............................................................................................................................19
selinux..............................................................................................................................19
start at boot......................................................................................................................19
basic config......................................................................................................................19
host-based security...........................................................................................................20
user-based security...........................................................................................................20
verify service functionality..............................................................................................20
SMB......................................................................................................................................20
install...............................................................................................................................20
selinux..............................................................................................................................21
start at boot......................................................................................................................21
basic config......................................................................................................................21
host-based security...........................................................................................................22
user-based security...........................................................................................................22
verify service functionality..............................................................................................22
NFS.......................................................................................................................................23
install...............................................................................................................................23
start at boot......................................................................................................................23
basic config......................................................................................................................23
host-based security...........................................................................................................23
user-based security...........................................................................................................23
verify service functionality..............................................................................................23
FTP.......................................................................................................................................24
install...............................................................................................................................24
selinux..............................................................................................................................24
start at boot......................................................................................................................24
basic config......................................................................................................................24
host-based security...........................................................................................................24
user-based security...........................................................................................................24
verify service functionality..............................................................................................24
Web proxy............................................................................................................................24
install...............................................................................................................................24
selinux..............................................................................................................................24
start at boot......................................................................................................................25
host-based security...........................................................................................................25
parental control with blocklist.........................................................................................25
user-based security...........................................................................................................25
verify service functionality..............................................................................................25
SMTP....................................................................................................................................26
to enable masquerading in sendmail................................................................................26
install...............................................................................................................................27
start at boot......................................................................................................................27
basic config......................................................................................................................27
host-based security...........................................................................................................28
user-based security...........................................................................................................28
verify service functionality..............................................................................................28
IMAP, IMAPS, and POP3....................................................................................................28
install...............................................................................................................................28
start at boot......................................................................................................................28
basic config......................................................................................................................28
create custom ssl cert: .....................................................................................................28
host-based security...........................................................................................................28
user-based security...........................................................................................................29
verify service functionality..............................................................................................29
SSH.......................................................................................................................................29
install...............................................................................................................................29
start at boot......................................................................................................................29
Generate Public / Private key pair...................................................................................29
user-based security...........................................................................................................29
host-based security...........................................................................................................29
verify service functionality..............................................................................................29
DNS (caching name server, slave name server)...................................................................30
install...............................................................................................................................30
start at boot......................................................................................................................30
basic config......................................................................................................................30
host-based security...........................................................................................................31
user-based security...........................................................................................................31
verify service functionality..............................................................................................31
NTP......................................................................................................................................31
install...............................................................................................................................31
start at boot......................................................................................................................31
host-based security...........................................................................................................31
user-based security...........................................................................................................31
verify service functionality..............................................................................................31
configure hands-free installation using Kickstart.................................................................32
use standard command line tools (e.g., ls, cp, mv, rm, tail, cat, etc.) to create,
remove, view, and investigate files and directories
use grep, sed, and awk to process text streams and files
use a terminal-based text editor, such as vim or nano, to modify text files
use input/output redirection
operator
description
>
redirect STDOUT to a file
2>
redirect STDERR to a file
&>
redirect all output to a file
2>&1
redirect all output to a pipe
use to append instead of overwrite
HELP in RHEL5
man <command>
man -k <command>
makewhatis
command --info
/usr/share/doc/<service or package>
installed documentation
/usr/share/doc/Deployment-Guide
Apache Documentation
RHCT skills
Troubleshooting and System Maintenance
RHCTs should be able to:
boot systems into different run levels for troubleshooting and system maintenance
append the desired runlevel to grub's kernel line:
1-5 runs appropriate rc and init scripts
single only runs rc.sysinit
emergency skips all rc and init scripts
diagnose and correct misconfigured networking
1.
2.
3.
4.
5.
6.
7.
8.
9.
check /etc/sysconfig/network
check /etc/sysconfig/network-scripts/ifcfg-<interface>
service network restart
chkconfig network on
ifconfig
ping <localhost ip>
netstat -r
ping <default gateway>
ping 4.2.2.2
check /etc/nsswitch.conf
check /etc/resolv.conf
check /etc/hosts
dig @<dns server> google.com
service xfs on
chkconfig xfs on
x environment config:
/etc/sysconfig/desktop
/etc/X11/xinit/xinitrc
/etc/X11/xinit/Xclients
~/.xinitrc
~./Xclients
manage partitions:
fdisk <device>
n
m
p
t
d
w
q
partprobe
new partition
menu
print partition table
toggle partition type
delete partition
write changes to disk
quit
make kernel aware of new partitions
filesystems
make filesystems:
mkfs.<ext2|ext3>
label filesystems:
e2label <partition> <label>
blkid
/test
ext3
defaults
swap
system-config-printer
http://localhost:631
1.
2.
3.
4.
crontab format:
<minute> <hour> <day of month> <month> <day of week> <command>
24
13
/home/user/script
1.
2.
3.
4.
# add jobs
at now + 1 hour
at> <command>
at 09:00 2009-07-23
at> <command>
batch
at> <command>
# list jobs
atq
remove jobs
atrm <job>
system-config-authentication
authconfig-tui
configure autofs
make sure the autofs service is running:
service autofs start
chkconfig autofs on
create /etc/auto.test:
blah example.com:/pub/something
*
example:/home/&
add and manage users, groups, quotas, and File Access Control Lists
redhat user/group config tool:
system-config-users
users
/etc/passwd file format:
username:password:uid:gid:gecos:homedir:shell
userdel <user>
pwck
quotas
enable/disable quotas
quotaon <device>
quotaoff <device>
edit quotas
edquota -u <user>
edquota -g <group>
check/report quotas
quota <user>
repquota -aug
remount device:
mount -o remount,acl <mount point>
manage acls:
# set acls
setfacl -m [d:]u:<user>:<r|w|x|-> <file>
setfacl -m [d:]g:<group>:<r|w|x|-> <file>
setfacl -m u:user:--- /shared/to/secret-file
# get acls
getfacl <file>
# remove acls
setfacl -x u:<user> <file>
setfacl -x g:<user> <file>
setfacl --remove-all <file>
setfacl --remove-default <file>
# update
rpm -Uvh <package>.rpm
# freshen
rpm -Fvh <package>.rpm
# remove
rpm -e <package>
# query by file name
rpm -qf <full path to file>
# verify a file
rpm -Vf > <full path of file>
# verify status of all packages
rpm -Va > /tmp/rpmverify
rpm -qi package
while inside the rescue environment, use the root option to specify the real location of your root
file system (e.g. root=/mnt/sysimage).
properly update the kernel package
1. always do an install (i.e. rpm -ivh <kernel package>) rather than an update
2. check /boot/grub/grub.conf for proper configuration
configure the system to update/install packages from remote repositories using yum or pup
yum config goes in /etc/yum.repos.d/
[id]
name=my repo
baseurl=http://example.com/centos/
enabled=1
[rhel-cd]
name=Red Hat Enterprise Linux $releasever - $basearch - Debug
baseurl=file:/mnt/cdrom/Server/
#baseurl=file:///media/RHEL_5.4\ i386\ DVD/Server/
enabled=1
gpgcheck=0
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
yum search nmap
system-config-packages
during installation )
stop array:
mdadm --stop /dev/md0
sysctl -p
config is in /etc/ntp.conf
synchronization configuration example:
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
apply changes:
service ntpd restart
chkconfig ntpd on
verify changes:
ntpq -p
RHCE skills
Troubleshooting and System Maintenance
RHCEs must demonstrate the RHCT skills listed above, and should be able to:
use the rescue environment provided by first installation CD
linux rescue
diagnose and correct boot failures arising from bootloader, module, and filesystem errors
check in order:
1.
2.
3.
4.
5.
6.
mbr
/boot/grub/grub.conf
/etc/fstab
/etc/inittab
/etc/rc.d/rc.sysinit
/etc/rc.d/rc*.d
7. /etc/rc.d/init.d/*
8. /etc/rc.d/rc.local
grub errors
in general, use the last line before the error message to see where grub error'd out
to find correct value for root option, type find /grub/stage1 at the grub command line (
remember that all file names in grub.conf are relative to the root option)
check for missing files in kernel and/or initrd lines
kernel errors
missing/corrupt initrd file results in: kernel panic - not syncing: vfs: unable to mount root
fs on unknown-block
invalid root parameter for kernel results in: setuproot: error mounting /proc: No such file
or directory
reinstall grub to mbr:
grub-install <device>
or
grub
grub> find /grub/stage1
grub> root (hd0,0)
grub> setup (hd0)
grub> quit
to password protect grub :
grub-md5-crypt
copy and paste this into /boot/grub/grub.conf ( 2 options protect editing of GRUB during boot or
protect selection of kernel image for testing )
recreate initrd:
mkinitrd <filename> <kernel version>
diagnose and correct problems with network services (see Installation and Configuration
below for a list of these services)
see what's listening on what port:
netstat -ntaupe
lvm vgs
lvm pvs
lvm vgsan
lvm pvscan
lvm lvscan
mkdir /mnt/sysimage
mount /dev/VolGroup00/LogVol00 /mnt/sysimage
mount /dev/sda1 /mnt/sysimage/boot
HTTP/HTTPS
install
yum install httpd mod_ssl httpd-manual
selinux
start at boot
chkconfig httpd on
basic config
a single virtual host cannot span multiple ports (i.e. 80 and 443). two separate
VirtualHost *:<port> sections are needed to do this.
self-signed ssl cert:
cd /etc/pki/tls/certs
rm localhost.crt
make testcert.pem
edit /etc/httpd/conf.d/ssl.conf
change following lines to point to new certificate :
SSLCertificateFile /etc/pki/tls/certs/dino.pem
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/certs/dino.pem
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
host-based security
firewall config:
protocol ports
tcp
80, 443
hosts are allowed by default and must be explicitly denied:
<Directory /var/www/html>
Order deny,allow
Deny from 192.168.0.0/255.255.255.0
Deny from badguys.example.com
</Directory>
user-based security
test http/https:
elinks <http|https>://<hostname>/[path]
SMB
install
yum install samba samba-client
selinux
start at boot
chkconfig smb on
basic config
set workgroup/domain:
workgroup = <workgroup>
security modes:
# connections check local pwdb (default)
security = user
# member server on a domain, uses pwdb on a dc
security = domain
workgroup = EXAMPLE
# member server on an ad domain using kerberos, uses pwdb on a dc
security = ads
realm = EXAMPLE.COM
password server = kerberos.example.com
# used when samba was not capable of being a domain member server (DO NOT USE)
security = server
encrypt passwords = yes
password server = <netbios name of dc>
# each share requires a password (DO NOT USE)
security = share
share options:
[<share name>]
# path for share
path = <path>
# share is visible
browseable = <yes|no>
# rw enabled
writeable = <yes|no>
# this is a shared printer
printable = <yes|no>
# all users connecting to this share use <group> as their primary group
group = <group name>
join domain:
net rpc join -U root
mount -t cifs 192.168.0.200:shared-folder /mnt/share -o user=<user>
fstab example:
//<hostname>/<share> <mountpoint>
0 0
cifs
user=<username>,pass=<password>
mount.cifs and umount.cifs need to be chmod'ed u+s in order to be used by non-root users
host-based security
firewall config:
protocol ports
tcp
139, 445
udp
137, 138
hosts allow/deny can be used per-server or per-share:
hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24
hosts deny = 0.0.0.0/0
user-based security
account maintenance:
# add account (local linux account must exist first, or be translated via
/etc/samba/smbusers):
smbpasswd -a <username>
# enable/disable account:
smbpasswd -e <username>
smbpasswd -d <username>
# remove account:
smbpasswd -x <username>
list shares:
smbclient -L <hostname> -U <username>
browse shares:
smbclient //<hostname>/<share> -U <username>
NFS
install
yum install portmap nfs-utils
start at boot
chkconfig
chkconfig
chkconfig
chkconfig
portmap on
nfs on
nfslock on
netfs on
basic config
format of /etc/exports:
<mountpoint> <host>(<options>) [<host>(<options>) ...]
host-based security
list exports:
showmount -e <host>
FTP
install
yum install vsftpd
selinux
start at boot
chkconfig vsftpd on
basic config
host-based security
user-based security
test ftp:
ftp <server>
Web proxy
install
yum install squid
selinux
allow squid to connect to the network (this is recommended, but was not needed in my testing):
setsebool -P squid_connect_any=1
start at boot
chkconfig squid on
host-based security
firewall config:
protocol ports
tcp
3128
Edit /etc/squid/squid.conf
visible_hostname www.quake.lan
allow access from local networks:
acl our_networks src 192.168.1.0/24 192.168.2.0/23
http_access allow our_networks
Install ncsa_auth
htpasswd /etc/squid/passwd username
Edit /etc/squid/squid.conf
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
verify service functionality
test proxy:
HTTP_PROXY=<server>:3128 elinks
SMTP
Using Sendmail
yum install sendmail sendmail-cf
edit /etc/mail/sendmail.mc
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
LOCAL_DOMAIN(`example.com')dnl
build new sendmail.cf :
make -C /etc/mail
edit /etc/mail/access
Connect:192.168.0
RELAY
edit /etc/mail/local-host-names
example.com
quake.lan
edit /etc/mail/virtualusertable
cikku@test.lan
admin@example.com
/etc/aliases
root:
admin
tony:
mark
edit /etc/mail/sendmail.mc
MASQUERADE_AS(`mydomain.com')dnl
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
MASQUERADE_DOMAIN(localhost)dnl
MASQUERADE_DOMAIN(localhost.localdomain)dnl
MASQUERADE_DOMAIN(mydomainalias.com)dnl
MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
rebuild sendmail.cf file ( make -C /etc/mail )
check mail passing through : /var/log/maillog
check /var/spool/mail to see mailboxes
install
yum install postfix
alternatives --config mta
service sendmail stop
start at boot
chkconfig postfix on
basic config
host-based security
test smtp:
telnet <server> 25
start at boot
chkconfig dovecot on
basic config
enable protocols:
protocols = imap imaps pop3 pop3s
mv /etc/pki/dovecot/certs/dovecot.pem /etc/pki/dovecot/certs/dovecot.pem.orig
mv /etc/pki/dovecot/private/dovecot.pem /etc/pki/dovecot/private/dovecot.pem.orig
cd /etc/pki/tls/certs/
make dovecot.pem
cp dovecot.pem /etc/pki/dovecot/certs/
cp dovecot.pem /etc/pki/dovecot/private/
host-based security
SSH
install
yum install openssh-server
start at boot
chkconfig sshd on
ssh-keygen -t rsa
ssh-keygen -p
user-based security
host-based security
start at boot
chkconfig named on
setup bind with system-config-bind
make sure there is no file /var/named/chroot/etc/named.conf
system-config-bind
this will ask to create new named.conf
Now start editing DNS Server options > right click on DNS Server > EDIT
add Forwarders > Ipv4 > 192.168.0.200
New > View > name: External > From ACL : any
to ACL : any
Once saved all other settings are migrated into the View.
Right click on DNS Server or View > Add Zone > Class : Internet
Origin Type : Forward
quake.lan
Zone Type : master
go on quake.lan > right click > Add > A,MX,CNAME,PTR records
check DNS resolution with dig or nslookup
open IPTABLES ports 53 UDP and TCP.
basic config
caching-only nameserver:
edit listen-on directives (comment out to listen on all interfaces)
edit allow-query directives (comment out allow queries from everyone)
edit match-clients and match-destinations directives to allow recursive queries from other
hosts
slave nameserver:
get slave example from /usr/share/doc/bind-*/sample/etc/named.conf
host-based security
firewall config:
protocol ports
tcp
53
udp
53
allow-query example:
allow-query { 192.168.0.0/16; localnets; };
user-based security
N/A
verify service functionality
test query:
dig @<server> <domain>
NTP
install
yum install ntp
start at boot
chkconfig ntpd on
host-based security
firewall config:
protocol ports
udp
123
allow other servers to sync with us:
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
user-based security
N/A
verify service functionality
show peers:
ntpq -p
NAT
inbound dnat:
iptables -t nat -A PREROUTING -p <tcp/udp> --dport <destination port> -j DNAT
--to-dest <private server>:<port>
outbound dnat:
iptables -t nat -A OUTPUT -p <tcp/udp> --dport <destination port> -j DNAT --todest <private server>:<port>
masquerading:
iptables -t nat -A POSTROUTING -o <outbound interface> -j MASQUERADE
snat:
iptables -t nat -A POSTROUTING -j SNAT --to-source <public server>:<port>
Setup RH Firewall with default settings using eth0 to Internet while eth1 to LAN.
vi /etc/sysct.conf and set
net.ipv4.ip_forward = 1
/usr/share/doc/pam-*/txts
module configuration
/etc/pam.d
/etc/security
<module interface> <control flag> <module name> <module arguments>
module
interface
description
requisite
sufficient
optional
include
pam_listfile.so example
Additional Notes
tcp_wrappers
file format:
<daemon list> : <client list> [except <client list>] [: <option>]
search order:
1. /etc/hosts.allow
2. /etc/hosts.deny
3. allow by default
searching stops on first match
Troubleshooting
unable to log in