RHCSA

Created: January 02, 2020

Chapter 1 - 2

Virtualisation

lsmod grep kvm # check if kvm is enabled
svm or vmx should be listed in /proc/cpuinfo if virtualization is enabled in the BIOS.
modprobe kvm_intel or modprobe kvm_amd to load kvm if the machine is virtualization-capable and svm/vmx is enabled
virsh can be used to start, shutdown, list, edit config, list capabilities of and autostart (on host power on) VMs.

Kickstart

Kickstart Config RHEL labs was not giving a complete config. Copying anacodna-ks.cfg from /root in an installed RHEL system was better.

Accessing Servers Remotely

scp can be used to push a file to a remote computer. To do this, name the local file first and the host second.
```
scp example.md james@192.168.1.132:/home/james
# push example.md to /home/james of the specified host
```
sftp
ssh -X user@host can be used to forward graphical applications on the target machine to the local machine.

Tools to Verify Connectivity

Telnet and nmap verify remote access to ports.
mutt to as an email client to verify the functionality of an email server
Cert book suggests elinks as a text-based web browser, however, that is not available on RHEL 8 (nor any other text-based web browser it seems.)
lftp to access ftp servers.

Telnet

telnet [HOST] 21

[HOST] can be localhost. i.e. telnet can be used to check if ports are open on the local machine.
Responds “Connected to localhost” if the port is open.
Otherwise responds “Connection refused”.
Some services, such as Postfix, are configured to only accept connections from localhost. Therefore, using telnet locally might be preferable.

Nmap

nmap [HOST]

[HOST] can be localhost.
Outputs open ports.

Mail

To mail someone:

MAIL [USER]

lftp - a better FTP client

Chapter 3

Virtual Terminals

There are three virtual terminals available by default.
They correspond to the virtual devices /dev/tty1, /dev/tty2, etc.
The quantity can be increased by changing the NAutoVTs variable in /etc/systemd/logind.conf.

Text Streams and Command Redirection

The are three basic data streams. Data goes on, data comes out, and errors are sent in a different direction.
There is standard input (stdin), standard output (stdout) and standard error (stderr).
Normally, input comes from the keyboard, whereas standard out and errors go to the screen.

Redirecting Input

database < datafile # stream datafile into database

Redirecting Errors

program 2> err-list # redirects errors to err-list

To discard errors:

program 2> /dev/null

Redirecting Both Standard Output and Errors

program &> output-and-error

Environment PATHs

echo $PATH

The order of output is the order the directories are searched.
Programs can exist in multiple PATH directories.
The PATH for individual users can be customised via ~/.bash_profiles or ~/.profile.
The global PATH script is /etc/profile.
Custom settings can be added to /etc/profile.d.

ls

-h: human readable file sizes
-t: sort by modification time
-i: inode numbers
-r: reverse order
-R: recursive
-d: list directories, not their contents

cp

-a: recursive and preserves timestamps

ln

By default, ln created a hard link.
Hard links are directory entries that point to the same inode.
They must be created within the same filesystem.
You could delete a hard-linked file in on directory and it would still exist in the other direct (files are only deleted when the number of dentry records pointing to them hit -0, which is tracked by a counter per file).
-s: create a soft (symbolic) link.
A soft link is just a redirect.
If the file the link is pointing to is deleted, it has nowhere to go.

rm

-i: prompt before every removal

mkdir/rmdir

-p: can be used to create a series of directories. Let’s say there is no directory “all”:
```
mkdir -p all/these/directories/are/created
```
rmdir also has the same -p switch, however, rmdir only works on empty directories.

du

Estimate file sizes.
```
du [DIRECTORY/FILE]
```
-s: summarise; totals for a directory rather than each item listed
-h: human readable
-a: list files and directories. By default, only directories are listed.

less and more

? can be used to search backwards through a file, like / can be used to search forwards.

head and tail

By default, head looks at the first 10 lines of a file and tail looks a the last 10 lines.
-n X: specify the number of lines in head/tail.
-f: follow output as the file grows. Especially useful for monitoring error output in real time.

sort

By default, sorts in alphabetical order by the first character in each line.
Not case sensitive by default.

grep

-E or egrep: extended regex support. Without this option, it will be necessary to escape sequences like {3}.
-v: invert the matching logic.
-i: case insensitive.

regex

Metacharacter	Description
.	Any character except \n
[]	Any character or range of characters in the square brackets
?	Match the preceding element zero or one times
+	Match the preceding element one or more times
*	Match the preceding element zero or more times
^	Start of line
$	End of line
\d	Digit
\D	Not digit
\s	Whitespace
\S	Not whitespace
(a\|b)	a or b
[^abc]	Not a, b or c
(…)	Group
\n	New line
\r	Carriage return
\t	Tab
\v	Vertical tab
{3}	Exactly three
{3,}	Three or more
{3,5}	Three to five

wc

-w: word count

sed

sed ‘s/Find/Replace’ [FILE] > [NEW_FILE] # replaces the first occurrence
sed ‘s/Find/Replace/g’ [FILE] > [NEW_FILE] # replaces all instances. g = global

Changing the Default Text Editor

For the current user:

export EDITOR=/bin/nano

For all users:

echo 'export EDITOR=/bin/nano' >> /etc/environment

Reading Documentation

/usr/share/doc
–help or -h
man -k or apropos
man [COMMAND]
info [COMMAND] and ls /usr/share/info to list what is available
Use whatis [COMMAND] to find man pages
/etc/cron.daily/man-db.cron # a script to update the man cache for newly installed applications
pinfo is a prettier version of info with a UI similar to Lynx

IPv4

IP Address Classes

Note: this is somewhat legacy but some parts, such as class E, are still relevant.

Class	IP Range	Note
A	1.1.1.0 - 127.255.255.255	Allows networks up to 16,777,214 hosts
B	128.0.0.0 - 191.255.255.255	Allows networks up to 65,534 hosts
C	192.0.0.0 - 223.255.255.255	Allows networks up to 254 computers
D	224.0.0.0 - 239.255.255.255	Reserved for multicasts
E	240.0.0.0 - 255.255.255.255	Reserved for experimental use

IPv4 addresses are 32 bits.
Each decimal octet represents 8 bits.
Common private network ranges are defined in RFC 1918.
10.0.0.0 - 10.255.255.255, 172.168.16.0 - 172.168.31.255 and 192.168.0.0 - 192.168.1255.255 are the private IP address ranges.
Network addresses 127.0.0.0 through 127.255.255.255 are used for loopback communication on a localhost.

Networking and Routing

An IP address has two parts, a network prefix and a host identifier.
To determine the network and host part, IP addresses are associated with a subnet masks (also known as a netmask or prefix).
A subnet mask is a 32-bit number made up of a sequence of binary ones followed by zeros.
A subnet mask can be represented in the same dot-decimal notation used by IPv4 addresses. For example, 255.255.255.0 is equivalent to 24 binary ones and 8 zeros.
An alternative notation is Classless Inter-Domain Routing (CIDR). The CIDR equivalent to 255.255.255.0 is /24.
To determine the network portion of an IP address, you use a logical AND between the IP address and netmask. For example, given a netmask of /24 and an IP address 102.168.122.50, the first three bytes represent the network portion and the last byte represents the host portion.
Three key IP addresses define a network: the network address, the broadcast address and the subnet mask.
The network address is always the first IP address in the range.
The broadcast address is always the last IP address in the same range.
A host with multiple network interface that forwards traffic across different networks is called a router.
A gateway is a junction between the local network and other networks.

Networking Tools and Commands

The default name of network interfaces is now enoX and emX, rather than ethX. ethX is a fallback.
enpXsY and pXpY is the modern name for PCI slots.
ifconfig, arp, netstat and route are now legacy commands. Replacements:

Obsolete Command	Replacement	Description
ifconfig	ip addr ip a ip -s link	Shows the link status and IP address information for all network interfaces
ifconfig eth0 192.168.122.150 netmask 255.255.255.0	ip addr add 192.168.122.150/24 dev eth0	Assign an IP address and netmask to the eth0 interface
arp	ip neigh	Show the ARP table
route netstat -r	ip route	Displays the routing table
netstat -tulpna	ss -tupna	Shows all listening and non-listening sockets, along with the program to which they belong

traceroute has an -n flag that displays IP addresses as opposed to hostnames.
It’s important to test the integrity of TCP/IP locally by pinging 127.0.0.1
traceroute can require root privileges, tracepath is a similar utility that doesn’t require root privileges.
traceroute used UDP, which can be blocked by firewalls along the path. In which case, the -I (for ICMP) and -T (for TCP) switches can be used.

ip

link (l) - Display and modify network interfaces.
address (a) - Display and modify IP Addresses.
route (r) - Display and alter the routing table.
neigh (n) - Display and manipulate neighbor objects (ARP table).
ip address show eth0 # show the current configuration of the first Ethernet network adaptor.

Configure a Network Adaptor with ip

ip addr add 192.168.122.150/24 dev eth0

Some ip command options:

Command	Description
ip link set dev [DEVICE] up	Activates the specified interface.
ip link set dev [DEVICE] down	Deactivates the specified interface.
ip addr flush dev [DEVICE]	Removes all IP addresses from the specified interface.
ip link set dev [DEVICE] txqlen [N]	Changes the length of the transmit queue for the specified interface.
ip link set dev [DEVICE] mtu [N]	Sets that maximum transmission unit as N, in bytes.
ip link set dev [DEVICE] promisc on	Activates promiscuous mode. This allows the network adaptor to read all packets received, not just the packets addresses to the host. Can be used to analyse the network for problems or to try to decipher messages between other hosts.
ip link set dev [DEVICE] promisc off	Deactivates promiscuous mode

Changes listed thus far will not persist through a reboot – that depends on the configuration files in /etc/sysconfig/network-scripts. Any changes made by the ip command are temporary by definition.

Activate and Deactivate Network Adaptors

It’s possible to use the ip command activate and deactivate network adaptors, however, there are more intuitive scripts, that call the appropriate configuration file in /etc/sysconfig/network-scripts, that might be better suited to this task.
ip link set dev eth0 down
ip link set dev etho up
idown [INTERFACE]
ipup [INTERFACE]

ip as a Diagnostic Tool

The Address Resolution Protocol (ARP) associates the hardware address of a network interface (MAC) with an IP address.
The ip neigh command displays a table of hardware and IP addresses on the local computer.
A STALE entry may indicate that its ARP cache timeout has expired since a packet was least seen from the host.
If the ARP table is empty, no recent connections exist to other systems on the local network.

Routing Tables with ip route

The -r switch of ip, when used with route, looks to /etc/hosts and DNS servers to display hostnames rather than numeric IP addresses.

DHCP with dhclient

dhclient calls a DHCP server for an IP address (among other things):

# dhclient [INTERFACE]

Generally, the network options configured through a DHCP server include the IP address, the network mask, the gateway address and any IP addresses for DHCP servers for that network.
dhclient also adds the address of the DNS server to /etc/resolv.conf.

Display Network Connections with ss

ss replaces netstat.
ss can display listening and nonlistening TDP and UDP sockets.
-a: shows all netwrok sockets
-4: IPv4
-t: TCP
-u: UDP
-n: numeric format
-p: show PID of the process using the socket

Network Configuration and Troubleshooting

systemctl status NetworkManager
Network Manager monitors and manages network settings.
nmcli dev status
Key configuration files are located in /etc/sysconfig/network-scripts
nmtui # terminal UI
nm-connection-editor # GTK+ 3 GUI
Network manager can store different profiles, known as connections.
Show all configured connections in Network Manager:
```
nmcli con show
```

/etc/sysconfig/network

If the ip addr show command shows no output, that means all network devices are currently inactive.
The first thing to check is in /etc/sysconfig/network file.
On systems that are configured to retrieve addressing via DHCP, the file is usually empty.
/etc/sysconfig/network-scripts/ contains network config files that are now parsed via Network Manager. In RHEL 7 and earlier, this directory contained network configuration scripts.

Chapter 4

umask sets default file permissions.
The dot at the end of an ls -l permissions line specifies that the file has an SELinux security context.
The dot is replaced by a + if there are ACLs configured, however, that doesn’t override SELinux.

Special Permisssions

Special Permission	On an Executable File	On a Directory
SUID	When the file is executed, the effective user ID of the process is that of the file.	No effect.
SGID	When the file is executed, the effective group ID of the process is that of the file.	Gives files created in the directory the same group ownership as that of the directory.
Sticky bit	No effect.	Files in a directory can be renamed or removed only by their owners.

The SUID bit appears as an s in the space for the executable bit for a user owner of a file. It means the file can be executed by other users with the authority of the file owner.
The SGID bit appears as an s in the space for the group executable bit.
A sticky bit appears as a t in the space for other executable.
—s–s–t.
vi can be used to (for all intents and purposes) overwrite files with no write permissions sessions using the bang character (!). For example, w!

Commands to Change Permissions Ownership

chgrp is much like chown but for groups. Group ownership can be changed by the user that owns a file.
There is an equals operator for chmod that sets permissions, rather than adjusting. For example:
```
# chmod g=rw [FILE] # sets group permissions to rw, clearing x if it was set
```
To set special bits there is a 4^th^ bit at the start of the octal permissions. SUID = 4, SGID = 2 and sticky bit = 1.

Special File Attributes

lsattr lists current attributes.
chattr allows attributes to be changed.

Attribute	Description
append only (a)
no dump (d)	Disallows backups with the dump command.
extent format (e)	Set with the ext4 filesystem; an an attribute that may not be removed.
immutable (i)	Prevents deletion or any other kind of change to a file.

There are other attribute such as s (secure deletion), c (compressed) and u (undeletable) but they don’t work in the ext4 and XFS filesystems.

umask

Every time a new file is created, the default permissions are based on the value of umask.
Typing umask returns a four-digit octal number.
If a bit in umask is set, the corresponding bit will be DISABLED in any newly created files.
For example, a umask of 0245 results in newly created directories having 0532 octal permissions.
Files can no longer get executable permission through umask, so a umask of 000 will result in files with octal permissions of 666. This was done for security reasons.
The default umask is set in /etc/profile and /etc/bashrc.
An if statement is used to set different default umasks depending on UID.
The default umask for UIDs between 2 and 200 is 002.
UIDs above 200 have a default umask of 022.
root creates 644 files and 755 directories by default.
Users can override UID in ~/.bashrc and ~/.bash_profile.