Commands Flashcards

Question 1

Q

Which command enables one to show all available NFS mounts on ‘server1’?

Answer

A

showmount -e server1

The ‘-e’ option specifies that the command show the servers export list.

Question 2

Q

Which command can be used to show all available disk space on mounted devices?

Answer

A

df -hT

Just ‘df’ works but the ‘-h’ option formats the output in a human readable form and the ‘-T’ option shows which file system type is used on the different mounts.

Question 3

Q

Which command gives an overview of all mounted devices?

Question 4

Q

Which command would list all files/directories (including hidden ones) along with their permissions inside a given directory?

Question 5

Q

Which command would copy the contents of the ‘/etc’ directory (including other directories) to the ‘/tmp’ directory?

Answer

A

cp -R /etc /tmp

The -R option stands for recursive and allows subdirectories to be copied as well.

Question 6

Q

Which command would move the ‘myFile’ file to the
‘/tmp’ directory?

Answer

A

mv myFile /tmp

Question 7

Q

Which command would enable one to rename ‘myFile’ to ‘myNewFile’ ?

Answer

A

mv myFile myNewFile

Question 8

Q

Which command would create a symbolic link to the ‘/etc/passwd’ file in the current directory?

Answer

A

ln -s /etc/passwd .

Question 9

Q

Which command would create a new archive named ‘archive.tar’ in the directory ‘/root’, containing the contents of the entire ‘/etc’ directory?

Answer

A

tar -cvf /root/archive.tar /etc

The ‘-v’ option can be omitted as it simply lists the verbose output during execution.
The ‘-f’ option is used to specify the name of the archive file. It can often be omitted.

Question 10

Q

How would one add a single file named ‘singleFile’ to the already existing ‘archive.tar’ file?

Answer

A

tar -rvf archive.tar singleFile

The ‘-r’ option appends files to an existing archive.

Question 11

Q

Which command lists the contents of a tar archive ‘archive.tar’ without actually extracting it?

Answer

A

tar -tvf archive.tar

Question 12

Q

Which command would extract the contents of the ‘/root/archive.tar’ file and move the contents to the ‘/tmp’ directory?

Answer

A

tar -xvf /root/archive.tar -C /tmp

Extracting also works like this for compressed archives as tar will automatically recognize compressed content and then decompress it during extraction.

The ‘-C’ option stands for ‘change directory and tells tar to change the directory to where the command output will be placed.

Question 13

Q

Which command would create a compressed archive ‘archive.tar’ of everything within the ‘/etc’ directory and place that compressed archive in the ‘/home’ directory?

Answer

A

tar -czvf /home/archive.tar.gz /etc
tar -cjvf /home/archive.tar.bz2 /etc
tar -cJvf /home/archive.tar.xz /etc

All three of the above options work. The ‘-z’ option compresses with gzip. The ‘-j’ option compresses via bzip2 and the ‘-J’ option compresses via xz.

Question 14

Q

Which command would enable one to set the system time to 4:24 P.M. ?

Answer

A

date -s 16:24

Normally, ‘date’ retrieves the current time setting but the ‘-s’ option allows one to set the time.

Question 15

Q

Which command sets the hardware time from the system clock?

Answer

A

hwclock –systohc
hwclock -w

Question 16

Q

Which command shows epoch time as human-readable time?

Answer

A

date -d ‘@nnnnnnnn’

‘nnnnnnnn’ is the number of seconds since midnight on January 1st, 1970.

The ‘-d’ option specifies that the ‘date’ command will take a string specifying a time rather than just displaying the current time.

Question 17

Q

Which command enables you to use NTP time on your server?

Answer

A

timedatectl set-ntp 1

Question 18

Q

Which configuration file contains the list of NTP servers to be used?

Answer

A

/etc/chrony.conf

Question 19

Q

Which command displays information about the current time sources that ‘chronyd’ is currently accessing?

Answer

A

chronyc sources

Question 20

Q

Which commands would you use to display only line number 5 from the file ‘/etc/passwd’?

Answer

A

head -n 5 /etc/passwd | tail -n 1

Question 21

Q

Which command filters out just the first field from the file ‘/etc/passwd’?

Answer

A

cut -d : -f 1 /etc/passwd

The ‘-d’ option specifies the delimiter used in the file. The ‘-f’ option specifies which field to retrieve.

Question 22

Q

Which extended regular expression will match all files/subdirectories (including ‘/etc’) within the ‘/etc’ directory?

Answer

A

grep -rE ‘/etc(/.*)?’

The ‘.’ matches any single character.
The ‘*’ matches zero to an infinite number of the preceding character.
The ‘?’ matches zero or one of the preceding character.
The ‘-r’ option specifies to search files in the current directory and all subdirectories.

Question 23

Q

Which regular expression will match lines that do not begin with a ‘#’ in the file ‘/etc/services’?

Answer

A

grep -v ‘^#’ /etc/services

The ‘-v’ option shows lines that do not match the regular expression.

Question 24

Q

Which grep command enables you to see ‘text’ as well as ‘TEXT’ in a file named ‘/home/user/files’?

Answer

A

grep -i ‘text’ /home/user/files

The ‘-i’ option makes the regex case insensitive.

Question 25

Q

Which command enables you to replace all occurrences of the word user with the word users in ~/samplefile?

Answer

A

sed -i ‘s/user/users/g’ ~/samplefile

The ‘-i’ option for sed stands for ‘in-place’ which specifies that the command should edit the file rather than simply outputting the results.

If the ‘g’ at the end of the command is omitted, only the first occurrence of ‘user’ would be replaced.

Question 26

Q

Which command will install the appropriate tools for working with containers in RHEL 9?

Answer

A

sudo dnf install container-tools

Question 27

Q

Which command will list both currently running containers and ones that are now inactive?

Answer

A

podman ps -a

If you want to list the root containers, you must use ‘sudo podman ps’

Question 28

Q

Which command would run nginx in a container in the background?

Answer

A

podman run -d nginx

The ‘-d’ option stands for detached mode. This essentially runs it like a background daemon.

Question 29

Q

Which command will run an nginx container in interactive TTY mode, along with the ‘/bin/sh’ command?

Answer

A

podman run -it nginx /bin/sh

The ‘-i’ option stands for interactive while the ‘-t’ option gives access to the container TTY. Adding ‘/bin/sh’ to the end tells the container to run the ‘/bin/sh’ command rather than the default command. ‘/bin/sh’ may be the only shell available as containers are minimal environments.

Question 30

Q

What are the two common ways to exit interactive mode in a container?

Answer

A

You could type ‘exit’ into the terminal. This could stop the whole container depending on the primary container command.
You could use ‘Ctrl-P, Ctrl-Q’ to detach. This approach ensures that in all cases the container continues running in the background in detached mode.

Question 31

Q

How could you reconnect to a shell running within a container named ‘mybusybox’ ?

Answer

A

podman attach mybusybox

This would re-enter the shell running inside the ‘mybusybox’ container.

Question 32

Q

Which file specifies the container registries to be used?

Answer

A

‘/etc/containers/registries.conf’ or the user-specific file ‘~/.config/containers/registries.conf’

Question 33

Q

Which commands will easily show which container registries are currently being used?

Answer

A

podman info | grep -A 10 registries

‘podman info’ shows general Podman related system information. One could then pipe the output of that command into grep and search for the lines following the ‘registries’ string.

Question 34

Q

Which command will allow you to access the ‘registry.access.redhat.com’ registry?

Answer

A

podman login registry.access.redhat.com

Some container registries require that you authenticate before pulling container images.

Question 35

Q

Which command would search all container registries currently being used for ‘mariadb’ ?

Answer

A

podman search mariadb

Question 36

Q

Which command allows you to inspect container images before pulling them to your machine?

Answer

A

skopeo

‘podman inspect’ only works on images that are already pulled.

Question 37

Q

Which command lists the container images that are locally available? (already pulled)

Answer

A

podman images

Question 38

Q

Which command would allow you to see the command that a container image named ‘docker.io/library/nginx’ will run by default when it is started as a container?

Answer

A

podman inspect docker.io/library/nginx | grep -A 10 Cmd

The ‘Cmd’ section of the inspect output shows the list of default commands to be executed.

Question 39

Q

Which command prints the kernel release for the system?

Answer

A

uname -r

The ‘-r’ option specifies kernel release information.

Question 40

Q

Suppose you have a container running nginx named ‘mynginx’ and you want to get its kernel release. Which set of commands would accomplish that?

Answer

A

podman exec mynginx uname -r

‘podman exec’ executes a command in a running container.

Question 41

Q

How would you run an nginx container named ‘mynginx’ and make it accessible on host port 8080?

Answer

A

podman run –name mynginx -d -p 8080:80 nginx

The ‘-p’ option allows one to specify port mapping.
The host firewall must also be updated to allow traffic through TCP port 8080.

Question 42

Q

How could you find instructions on how to correctly run a specific container named ‘examplecontainer’ ?

Answer

A

podman inspect examplecontainer | grep -A 10 usage

The ‘usage’ section can sometimes include instructions for how to run the container. ‘podman logs examplecontainer’ could also include log information in case of a container failure.

Question 43

Q

How could you run the ‘mysql’ container with the ‘MYSQL_ROOT_PASSWORD’ environment variable set to ‘password’ ?

Answer

A

podman run -d -e MYSQL_ROOT_PASSWORD=password mysql

The ‘-e’ option allows one to specify an environment variable. Multiple ‘-e’ options can be used in sequence.

Question 44

Q

What two things must be prepared before a host directory can be accessed from within a container?

Answer

A

The host directory must be writable for the user account that runs the container.
The appropriate SELinux context label must be set to container_file_t.

Question 45

Q

Which commands would first create the directory ‘/opt/dbfiles’ and then allow others to write to that directory?

Answer

A

mkdir /opt/dbfiles; chmod o+w /opt/dbfiles

The ‘o+w’ part gives write permissions to everyone who isn’t the user owner or the group owner.

Question 46

Q

Which command would run a ‘mariadb’ container with the ‘MYSQL_ROOT_PASSWORD’ environment variable set to ‘password’ and also mount the ‘user/dbfiles’ directory from the host machine to the ‘/var/lib/mysql’ directory from inside the container?

Answer

A

podman run -d –name mymariadb -v user/dbfiles:/var/lib/mysql:Z -e MYSQL_ROOT_PASSWORD=password mariadb

The ‘-v’ option stands for volume and is used to bind a mount volume into the container. Adding the ‘Z’ option to the end of the volume mount string is necessary to ensure that the correct SELinux labels are set.

Keep in mind, the user who is running the container must be the owner of the host directory that is being mounted.

Question 47

Q

Which command makes Systemd services enabled for the user ‘student’ start running at system start rather than user log-in?

Answer

A

loginctl enable-linger student

Linger also ensures that the services will continue running after the user logs out.

Question 48

Q

Suppose you want to create a Systemd unit file that will start a container. Which directory must be created to store this Systemd unit file?

Answer

A

~/.config/systemd/user

Question 49

Q

Suppose you want to create a Systemd unit file that will start a container. Which command should be used to create a Systemd unit file based on a container named ‘mydb’ ?

Answer

A

podman generate systemd –name mydb –files –new

The ‘–files’ option specifies that a ‘.service’ file should be generated. The ‘–new’ option specifies that a new container should be created when the Systemd unit is started and that it should be deleted when stopped.

This ‘.service’ unit file should be generated inside the ~/.config/systemd/user directory. It should also be performed via an SSH session as the relevant user.

Question 50

Q

Once a Systemd unit file for a container named ‘mydb’ has been created, what two commands should be performed to ensure that it is detected and starts on reboot?

Answer

A

systemctl –user daemon-reload
systemctl –user enable container-mydb.service

The ‘daemon-reload’ option ensures that Systemd detects the changes. After a reboot, the ‘ps faux’ command should show that the ‘mydb’ container is running successfully.

Question 51

Q

Which command switches to the ‘tty4’ virtual terminal?

Question 52

Q

Which command would allow one to securely connect to remote host ‘server2’ as user ‘linda’ with graphical applications support?

Answer

A

ssh -Y linda@server2

The ‘-Y’ option enables support for graphical applications to be used via SSH.

Question 53

Q

Which file can be edited to create a systemwide configuration that permits ‘X forwarding’, which is starting graphical applications through an SSH session.

Answer

A

Edit the ‘/etc/ssh/ssh_config’ file to include the following line:

    ForwardX11 yes

Question 54

Q

Which command can remotely copy all of the ‘/etc’ directory and its contents from server2 to the ‘/tmp’ directory on the local machine.

Answer

A

scp -r server2:/etc/ /tmp

‘scp’ copies files between hosts on a network via SSH. The ‘-r’ option recursively copies entire directories.

Question 55

Q

How could one open an SFTP prompt as user ‘student’ on ‘server2’ ? Then, how would one upload the ‘/etc/hosts’ file to ‘server2’ ?

Answer

A

sftp student@server2
put /etc/hosts

In an ‘sftp’ prompt, ‘put’ is used to upload files to the remote server. ‘get’ would be used to download a file to the current directory on the local machine. ‘lcd’ and ‘lpwd’ are used to run the ‘cd’ and ‘pwd’ commands back on the local machine.

Question 56

Q

What would the procedure be for configuring key-based login as the root user via SSH between server1 and server2?

Answer

A

Run ‘ssh-keygen’ as the root user and accept the defaults.
Run ‘ssh-copy-id server2’ as root to copy the public key to server2.

Now, ‘ssh server2’ should automatically connect to server2 as root without asking for the password. Make sure you are logged in as ‘root’ on ‘server1’ for this process.

Question 57

Q

Which command will display information about a user, including the UID and GIDs for all groups to which the user belongs?

Question 58

Q

Which command would give the user ‘lisa’ access to all sudo privileges?

Answer

A

usermod -aG wheel lisa

All members of the group ‘wheel’ have full sudo privileges. This command adds lisa to the group wheel. The ‘-a’ option stands for append and ‘-G’ specifies a group.

Question 59

Q

Which file contains configuration details for sudo privileges?

Answer

A

/etc/sudoers

Drop-in configuration files can also be added to the ‘/etc/sudoers.d’ directory.

Question 60

Q

Which command allows you to safely edit the sudo privileges?

Question 61

Q

Which line should be added to ‘/etc/sudoers’ to allow user ‘lisa’ to add new users and change their passwords but not for the root account?

Answer

A

lisa ALL=/usr/bin/useradd, /usr/bin/passwd, ! /usr/bin/passwd root

Question 62

Q

How could one extend the lifetime of the token that is given for sudo commands to 4 hours?

Answer

A

Add the following line to ‘/etc/sudoers’

‘Defaults timestamp_timeout=240’

Question 63

Q

What is the best way to use pipes with sudo privileges? How could we use this method for reading the contents of ‘/etc/passwd’ and searching for the root user?

Answer

A

sudo sh -c “cat /etc/passwd | grep root”

This allows everything in quotes to be executed as root.

Question 64

Q

Which file stores passwords for user accounts along with other password details?

Answer

A

/etc/shadow

The second field (delimited by colons) stores the hashed password. If the field begins with an ‘!’ then login for the account is currently disabled.

Answer 60

A

userdel -r lisa

The ‘-r’ option removes the user’s home directory.

Answer 61

A

useradd -m -u 1201 -G sales,ops linda

The ‘-m’ option creates the home directory. This overrides the ‘CREATE_HOME’ line in ‘/etc/login.defs’

The ‘-u’ option allows for a custom UID to be used. And the ‘-G’ option allows for additional groups to be specified.

Answer 62

A

/etc/skel

Answer 63

A

usermod caroline -s /sbin/nologin

The ‘-s’ option specifies the login shell for the user account.

Answer 64

A

passwd -n 30 -w 3 -x 90 linda

The ‘-n’ option specifies the minimum usage period. The ‘-w’ option specifies the number of days before the expiration date that a warning be sent out while ‘-x’ specifies the actual expiration date.

Answer 65

A

chage -E 2025-12-31 bob

The ‘-E’ option specifies the account expiration date.

Answer 66

A

chage anna

This will interactively prompt you for each change to be made.

Answer 67

A

‘/etc/profile’ is used for default settings for all users when starting a login shell

‘/etc/bashrc’ is used to define defaults for all users when starting a subshell

’~/.profile’ or ‘~/.bash_profile’ specifies settings for one user applied when starting a login shell

’~/.bashrc’ specifies settings for one user applied when starting a subshell

These four files are read in the order they are listed upon login.

Answer 68

A

Add the following line to ‘/home/lisa/.bashrc’

‘export EDITOR=/usr/bin/vim’

Answer 69

A

/etc/group

Answer 70

A

lid -g sales

The ‘-g’ option specifies that a group will be the argument. If used without the ‘-g’ option, ‘lid’ will list groups to which the invoking user belongs.

Answer 71

A

gpasswd -d linda students

The ‘gpasswd’ command allows one to administer the ‘/etc/group’ and ‘/etc/gshadow’ files. The ‘-d’ option stands for delete and allows one to specify a user to be removed from a group.

Answer 72

A

find / -user bob

This searches everything within the directory ‘/’ for files that are owned by user ‘bob’

The ‘find’ command can also use ‘-group’ to search for files owned by a specific group.

Answer 73

A

chown -R linda /files

The ‘-R’ option tells the command to recursively set the permissions for everything within the directory as well as the directory itself.

Answer 74

A

chown -R :artists /photos
chgrp -R artists /photos

The syntax for specifying users/groups with chown is:
‘chown user:group file’

Answer 75

A

groups

The first group in the list output is the current primary group for the user.

‘sudo lid “username” ‘ also works.

Answer 76

A

newgrp sales

This will open a new shell, in which the new temporary primary group is set to ‘sales’ until the user logs out or uses the ‘exit’ command.

Answer 77

A

Read: 4
Write: 2
Execute: 1

Answer 78

A

chmod 755 /somefile

This uses ‘chmod’ in absolute mode which replaces all current permissions with the ones given as an argument.

Answer 79

A

chmod g+w,o-r /home/somefile

This uses ‘chmod’ in relative mode when permissions can be added/subtracted from the already existing configuration.

Answer 80

A

chmod -R a+X ~/files

The ‘a’ stands for all three permission groups. The ‘-R’ option recursively applies permissions to everything within the directory given. Lastly, the uppercase ‘X’ only sets execute permissions on the subdirectories rather than both the directories and the files.

Answer 81

A

chmod u+s /usr/bin/action

’s’ means both execute and SUID are set while an uppercase ‘S’ would mean only SUID is set.

Answer 82

A

chmod g+s /accounting

’s’ means both SGID and execute are set while an uppercase ‘S’ would mean only SGID is set.

If just SGID is set on a file, then users would execute that file as the group owner.

Answer 83

A

chmod +T /accounting

This is known as the sticky bit. This prevents users from deleting files from other users.

Answer 84

A

umask

The ‘umask’ is subtracted from the maximum permissions of 666 for a file and 777 for a directory.

Answer 85

A

Create the ‘/etc/profile.d/umask.sh’ file.
Add the line ‘umask 022’ and save the changes.
On next login, the umask should be set to 022 for everyone.

A user-specific umask can be defined in the ‘~/.profile’ or ‘~/.bash_profile’ file.

Answer 86

A

chattr +s /somefile

The ‘+s’ attribute overwrites the blocks where the file was stored with 0s after the file has been deleted. This makes sure that recovery of the file is not possible after it has been deleted.

Attributes set via ‘chattr’ do their work regardless of the user who accesses the file.

Answer 87

A

chattr +i /root/myfile

This attribute can be removed with ‘chattr -i’

Answer 88

A

subscription-manager register

This will prompt for the name of your Red Hat user account as well as your password, and after you enter these, your RHEL server will be registered.

Answer 89

A

subscription-manager attach –auto

Answer 90

A

‘/etc/yum.repos.d’

Answer 91

A

[label]
name=
baseurl=
enabled=
gpgcheck=

Answer 92

A

dnf config-manager –add-repo=file:///repo/BaseOS

Since the repository is installed locally, the ‘file://’ URI must be used. Ensure that the ‘gpgcheck’ parameter in the generated repository file is set to 0 to prevent dnf from doing GPG checks on incoming packages.

Answer 93

A

dnf search “keyword”
dnf search all “keyword”

The ‘dnf search all’ version of the command also searches through the large package descriptions in addition to the names/summaries.

Answer 94

A

dnf whatprovides */Containerfile
dnf provides */Containerfile
dnf wp */Containerfile

All three of these commands provide the same output. The ‘*’ is used because these commands only look for full pathnames.

Answer 95

A

dnf info nmap

Answer 96

A

dnf list installed

Answer 97

A

dnf update kernel

Unlike other ‘dnf update’ commands, updating the kernel will still keep the old version of the kernel around. During the boot process, you can choose which kernel version to use.

Answer 98

A

dnf group info “Container Management”

Answer 99

A

dnf group list hidden

‘dnf group list’ only shows environment groups and not all subgroups.

Answer 100

A

dnf history undo 2

When using ‘dnf history’ all dnf commands that were used by the user are listed. ‘dnf history undo’ then allows users to undo these actions.

Answer 101

A

dnf repolist

Answer 102

A

dnf module list maven

Answer 103

A

dnf module info maven:8.1

Answer 104

A

dnf module enable maven:8.2

By default, a specific module stream is enabled. This is the module stream that will automatically be used when installing packages. This can be changed with the ‘dnf module enable’ command.

After switching streams, it is a good idea to execute ‘dnf distro-sync’ to ensure that all dependent packages that are not in the module itself are updated as well.

Answer 105

A

rpm -qf /bin/ls

The ‘-q’ option stands for query. This option tells the command to query the package database. The ‘-f’ option takes a filename as an argument and will find the specific RPM package a file belongs to.

Answer 106

A

rpm -qp –scripts httpd- 2.4.6-19.el7.centos.x86_64.rpm

The ‘-p’ option is used to query RPM packages instead of the local RPM package database. The ‘–scripts’ option uses the RPM database to show scripts that are used in the package.

When querying a package, you need to refer to the complete filename, including the version number and all other information. Additionally, the ‘rpm’ command can only perform this query on RPM packages on the local machine. (either they are already installed or downloaded)

Answer 107

A

dnf download zsh

The ‘yumdownloader’ command from the ‘yum-utils’ package used to be used instead.

Answer 108

A

repoquery

This command is included in the ‘dnf-utils’ RPM package.

Answer 109

A

ip a
ip a s
ip addr show

All three of the above commands will work. This command will list all network interfaces on the computer, along with some of their configuration details.

Answer 110

A

ip link set dev eno2 up

Every configuration change made with the ‘ip’ command is non-persistent.

Answer 111

A

ip -s link show

Answer 112

A

ip route show

Answer 113

A

ss -lt

The ‘ss’ command stands for socket statistics. The ‘-l’ option specifies that only ‘Listening’ ports should be listed while the ‘-t’ option specifies that only TCP ports should be shown.

Another useful option is the ‘-n’ option which tells the command not to resolve service names but instead show actual numeric port numbers. For example, normally ‘ssh’ would be listed but the ‘-n’ option would show 22 instead.

Answer 114

A

systemctl status NetworkManager

Answer 115

A

nmcli con show

Answer 116

A

nmcli con add con-name main-connection type ethernet ifname ens33 ipv4.method auto

The ‘nmcli’ connection has great command-line completion to help in composing these longer commands. Just make sure the ‘bash-completion’ package is installed.

Answer 117

A

nmcli con mod static-connection +ipv4.addresses 10.0.0.62/24

Answer 118

A

nmcli con mod static-connection ipv4.dns 8.8.8.8

Notice that while adding a network connection, you use ‘ip4’, but while modifying parameters for an existing connection, you often use ‘ipv4’ instead.

Answer 119

A

nmcli con up main-connection

Answer 120

A

nmtui

After editing the connection, you need to deactivate it and activate it again.

Answer 121

A

/etc/NetworkManager/system-connections

Older versions of RHEL used the ‘/etc/sysconfig/network-scripts’ directory. If the NetworkManager service finds legacy connection scripts in this directory, they will still be used.

Answer 122

A

hostnamectl set-hostname myhost.example.com

You can also edit the ‘/etc/hostname’ file.

Additionally, you can simply execute ‘hostnamectl hostname myhost.example.com’

Answer 123

A

/etc/hosts

Answer 124

A

192.168.20.12 server5.example.com

Answer 125

A

/etc/resolv.conf

Do not edit /etc/resolv.conf directly, as it will be overwritten the next time you restart NetworkManager.

Answer 126

A

getent hosts server2

This command searches in both /etc/hosts and DNS to resolve the host- name that has been specified.

Answer 127

A

&

For example: ‘sleep 3600 &’

Answer 128

A

fg

A specific job ID can be used to bring a specific command back to the foreground.

Answer 129

A

‘Ctrl-Z’
‘bg’

‘Ctrl-Z’ will temporarily stop a job so that it can be managed while ‘bg’ will continue the job that has just been frozen using ‘Ctrl-Z’ in the background.

Answer 130

A

The child process becomes a child of ‘systemd’

Answer 131

A

When listing all processes, the name of Kernel processes is in between [] brackets.

A system administrator cannot manage Kernel threads.

Answer 132

A

ps aux

If used without arguments, ‘ps’ will show only those processes that have been started by the current user.

Answer 133

A

ps aux | grep dd
renice -n 10 -p 1234 (assuming 1234 is the PID from step 1)

The first step will find the PID for the specific process. The second step will lower the priority of the command. Regular users can only decrease the priority of a running process.

Answer 134

A

nice -n 5 dd if=/dev/zero of=/dev/null &

Do not set process priority to –20; it risks blocking other processes from getting served.

Answer 135

A

top

Using ‘r’ within the ‘top’ command is another way to renice priority values for processes.

Answer 136

A

kill 1370
pkill dd

The ‘pkill’ command takes a process name rather than a PID.

When executed normally, the ‘kill’ command sends the ‘SIGTERM (15)’ signal to the process. If you wish to specify the ‘SIGKILL (9)’ signal, you could’ve executed ‘kill -9 1370’

Answer 137

A

killall dd

Answer 138

A

kill -SIGCHLD 2072

This will tell the parent process to remove its child processes. Now the zombie will get adopted by systemd, and after a few seconds it will be removed.

Answer 139

A

lscpu

‘lscpu’ will show various information about the CPU on the machine.

Answer 140

A

uptime

The load average is shown for the last 1, 5, and 15 minutes. The load average should not be higher than the number of CPU cores in your system.

Answer 141

A

systemctl status tuned

Answer 142

A

tuned-adm active

‘tuned-adm list’ will show the profiles that are available on the server.

Answer 143

A

tuned-adm profile throughput-performance

Answer 144

A

/usr/lib/systemd/system

You should never edit these files directly.

Answer 145

A

/etc/systemd/system

Answer 146

A

systemctl -t service
systemctl list-units -t service

Both of the above commands will work. The ‘-t’ option is used to specify the unit file type.

Answer 147

A

systemctl -t help

Answer 148

A

systemctl list-units -t service –all

Answer 149

A

systemctl list-dependencies vsftpd –reverse

Answer 150

A

Requires: If this unit loads, units listed here will load also. If one of the other units is deactivated, this unit will also be deactivated.

Requisite: If the unit listed here is not already loaded, this unit will fail.

Wants: This unit wants to load the units that are listed here, but it will not fail if any of the listed units fail.

Before: This unit will start before the unit specified with Before.

After: This unit will start after the unit specified with After.

Answer 151

A

Add the line ‘export EDITOR=”/usr/bin/vim”’ to the files ‘~/.bashrc’ and ‘ ~/.bash_profile’

’~/.bash_profile’ is executed for login shells.

The Systemd default editor can be set specifically by adding ‘export SYSTEMD_EDITOR=”/usr/bin/ vim”’ to the ‘~/.bashrc’ file.

Answer 152

A

/etc/systemd/system/sshd.service.d/override.conf

All settings that are applied in this file overwrite any existing settings in the service file in ‘/usr/lib/systemd/system’.

Answer 153

A

systemctl show httpd.service

Answer 154

A

Use ‘systemctl edit httpd.service’ to edit the configuration.
Add a ‘[Service]’ section that includes the ‘Restart=always’ and ‘RestartSec=5s’ lines.
Enter ‘systemctl daemon-reload’ to ensure that Systemd picks up the new configuration.

Answer 155

A

‘[Unit]’ Describes the unit and defines dependencies.

‘[Service]’ Describes how to start and stop the service. Normally includes an ‘ExecStop’ or ‘ExecStart’ line.

‘[Install]’ Indicates in which target this unit has to be started.

Answer 156

A

logrotate.timer

The service unit defines how the service should be started, and the timer defines when it will be started. If you need a service to be started by a timer, you enable the timer, not the service.

Answer 157

A

OnCalendar “Describes when the timer should execute.”

AccuracySec “Indicates a time window within which the timer should execute.”

Persistent “As a modifier to ‘OnCalendar=daily’, it would specify that the last execution time should be stored on disk, so that the next time it executes is exactly one day later.”

Answer 158

A

/etc/cron.d
/etc/cron.hourly /etc/cron.daily /etc/cron.weekly
/var/spool/cron

Jobs in ‘/var/spool/cron’ are created via the ‘crontab -e’ command after logging in as that user or via the ‘crontab -e -u “username”’ command as root.

The jobs in the ‘hourly/daily/weekly/monthly’ directories will run automatically due to anacron.

Answer 159

A

/etc/cron.allow
/etc/cron.deny

If the cron.allow file exists, a user must be listed in it to be allowed to use cron. If the /etc/cron.deny file exists, a user must not be listed in it to be allowed to set up cron jobs. Both files should not exist on the same system at the same time.

Answer 160

A

Type ‘crontab -e’ to open a new file in ‘/var/spool/cron’
Add the line ‘0 2 * * 1-5 logger message from root’
Save the changes and exit the editor

Answer 161

A

Create a file with any name in ‘/etc/cron.hourly’
Add the line ‘logger Writing log at $(date)’
Save the changes and exit the editor
Add execute permissions to the file via ‘chmod +x’

If you fail to make it executable, it will not work.

Answer 162

A

atd

‘atd’ is the name of the service while the command used to actually schedule a job is ‘at’

Answer 163

A

Execute ‘at 15:00’
Type ‘logger this is a single scheduled message’
Press ‘Ctrl-D’ to finish scheduling the command

The ‘atq’ command will list all of the ‘atd’ jobs that are currently scheduled. ‘atrm’ can be used to cancel a scheduled ‘atd’ job.

Answer 164

A

Create the ‘logrotate.timer’ file in the ‘/etc/systemd/system’ directory and include the following:

[Unit]
Description=Daily rotation of log files Documentation=man:logrotate(8) man:logrotate.conf(5)

[Timer]
OnCalendar=daily
AccuracySec=1h
Persistent=true

[Install]
WantedBy=timers.target

Answer 165

A

tail -f /var/log/messages

Answer 166

A

/run/log/journal

This journal is cleared upon system reboot. To make the journal persistent between system restarts, you should create a directory ‘/var/log/journal’ and set the appropriate ownership settings.

Answer 167

A

dmesg
journalctl –dmesg

Answer 168

A

journalctl –since yesterday -p err

The ‘-p’ option allows for filtering of messages with a specific priority level.

Answer 169

A

/etc/systemd/journald.conf

Answer 170

A

Storage=auto “The journal will be written on disk if the directory ‘/var/log/journal’ exists.”

Storage=volatile “The journal will be stored only in the ‘/run/log/journal’ directory.”

Storage=persistent “The journal will be stored on disk in the directory ‘/var/log/journal’. This directory will be created automatically if it doesn’t exist.”

Storage=none “No data will be stored, but forwarding to other targets such as the kernel log buffer or syslog will still work.”

Answer 171

A

Open a root shell and type ‘mkdir /var/log/journal’
Before ‘systemd-journald’ can write the journal to this directory, you have to set ownership. Type ‘chown root:systemd-journal /var/log/journal’ followed by ‘chmod 2755 /var/log/journal’
Use ‘systemctl restart systemd-journald’ to reload the new ‘systemd- journald’ parameters.

‘systemctl restart systemd-journal-flush’ can also be used to ask the journal daemon to flush any log data stored in ‘/run/log/journal’ into ‘/var/log/journal’ if persistent storage is enabled.

Answer 172

A

/etc/rsyslog.conf
/etc/rsyslog.d

Answer 173

A

Create a file in ‘/etc/rsyslog.d/’ with the ‘.conf’ extension.
Add the following line ‘*.debug /var/log/messages-debug’ and save the file.
Restart ‘rsyslogd’ with ‘systemctl restart rsyslog’

‘rsyslog’ rules follow the structure ‘facility priority destination’

Answer 174

A

Open the file ‘/etc/httpd/conf/httpd.conf’ in an editor
Verify it contains the line ‘ErrorLog syslog:local1’
Open the file ‘/etc/rsyslog.conf’ in an editor
Ensure the file contains the line ‘local1.=error -/var/log/httpd-error.log’
Execute ‘systemctl restart rsyslog’

Using an equals sign in between the facility and priority ensures that only error messages will be logged rather than both errors and every priority above it.

Additionally, including a dash in front of the destination file tells ‘rsyslog’ to buffer the log messages before immediately committing them to the file for a more efficient write.

Answer 175

A

/etc/logrotate.conf

The ‘/etc/logrotate.d’ directory can also be used to configure logging for specific services.

Answer 176

A

‘fdisk’ can create both MBR and GPT partitions
‘gdisk’ can create GPT partitions

Answer 177

A

Execute ‘fdisk /dev/sdb’
Enter ‘n’ to create a new partition
Press ‘p’ to choose a primary partition rather than extended
For the last sector, type ‘+1G’ to make this a 1-GiB partition
Choose the partition type. Linux (83) is the default.
Enter ‘w’ to write the changes to the disk and exit ‘fdisk’

Answer 178

A

Execute ‘fdisk /dev/sdb’
Type ‘n’ to create a new partition
Enter ‘e’ to create an extended partition
Accept the default sectors for the extended partition (it should fill the rest of the device)
Press ‘n’ to create a logical partition within the extended partition
Accept the default first sector
For the last sector, enter ‘+1G’
Enter ‘w’ to write the changes and exit ‘fdisk’

An extended partition is used only for the purpose of creating logical partitions. You cannot create file systems directly on an extended partition.

Answer 179

A

Execute ‘gdisk /dev/sdc’
Type ‘n’ to create a new partition
Enter the number for the partition (usually best to accept default)
Specify the size by entering ‘+1G’
Specify the type of the partition (8300 is for a Linux filesystem)
Enter ‘w’ to write the changes and exit ‘gdisk’

Answer 180

A

mkfs.xfs /dev/sdc1

If you use ‘mkfs’ without any further specification of which file system you want to format, an Ext2 file system will be formatted.

Answer 181

A

xfs_admin -L XFSone /dev/sdb2

The ‘-L’ option is used to specify a label name.

Answer 182

A

tune2fs -L ext4one /dev/sdc2

The ‘-L’ option is used to specify a label name.

Answer 183

A

free -m

The ‘-m’ option is used to specify mebibytes.

Answer 184

A

Execute ‘fdisk /dev/sdd’ (also works with gdisk)
Enter ‘n’ to create a new partition and then specify the size to be ‘+1G’
Enter ‘t’ to change the type to either 82 (fdisk) or 8200 (gdisk)
Enter ‘w’ to write changes and exit
Use ‘mkswap /dev/sdd4’ to format the new partition as swap space
Use ‘swapon /dev/sdd4’ to switch on the newly allocated swap space
For the swap space to be mounted automatically, add the following to the ‘/etc/fstab’ file: ‘/dev/sdd4 none swap defaults 0 0’

Answer 185

A

blkid

This command often only works when executed as root.

Answer 186

A

findmnt –verify
mount -a

‘mount -a’ will mount all file systems that have a line in ‘/etc/fstab’ and are not currently mounted.

‘findmnt –verify’ will simply alert you if the syntax in ‘/etc/fstab’ is incorrect.

Answer 187

A

/dev/vda2 /data xfs defaults 0 0

Answer 188

A

Create the ‘/etc/systemd/system/exercise.mount’ file and add the following:

[Unit]
Before=local-fs.target

[Mount]
What=/dev/sdc1
Where=/exercise
Type=ext4

[Install]
WantedBy=multi-user.target

Answer 189

A

Physical volumes
Volume groups
Logical volumes

Answer 190

A

Create a new partition of type ‘lvm’ via ‘fdisk’ (8e) or ‘gdisk’ (8e00) and specify the size
Save the changes with ‘w’
Execute ‘pvcreate /dev/sda1’ to mark the new partition as an LVM physical volume

Answer 191

A

pvs

Using ‘pvdisplay’ on specific partitions can give more detailed information.

Answer 192

A

vgcreate vgdata /dev/sdb3

Answer 193

A

vgs

Using ‘vgdisplay’ on specific groups can give more detailed information.

Answer 194

A

lvcreate -n lvdata -L 5G vgdata

The ‘-n’ option is used to specify the name of the LVM logical volume while the ‘-L’ option is used to specify an absolute size.

The ‘-l’ option can be used for relative sizes. For example ‘-l 50%FREE’ would specify that half of the available space on the volume group should be used.

Answer 195

A

vgextend vgdata /dev/sdn1 /dev/sdv1

Answer 196

A

lvextend -r -L +20G /dev/vgdata/lvdata

The ‘-r’ option specifies that the filesystem should be resized along with the logical volume.

The ‘-l’ option can also be used to specify relative sizes.

The size of an XFS file system cannot be decreased; it can only be increased. If you need a file system that can be shrunk in size, use Ext4, not XFS.

Answer 197

A

pvmove /dev/sdd4 /dev/sdd3

This will move all of the extents used on ‘/dev/sdd4’ to ‘/dev/sdd3’

Answer 198

A

vgreduce vgdata /dev/sdd4

Answer 199

A

Install the Stratis software using ‘dnf’ by installing the ‘stratis-cli’ and ‘stratisd’ packages
Start and enable the user-space daemon, using ‘systemctl enable –now stratisd’

Answer 200

A

stratis pool create mypool /dev/sde

Answer 201

A

stratis pool add-data mypool /dev/vdb

Answer 202

A

stratis fs create mypool myfilesystem

Stratis only supports XFS filesystems.

Answer 203

A

stratis fs list

Answer 204

A

Execute ‘stratis fs list’ to find the Stratis volume UUID
Add the following line to /etc/fstab:

UUID=xxx /data xfs defaults,x-systemd.requires=stratisd.service 0 0

The UUID for the filesystem must be used when mounting Stratis filesystems. Additionally, the mount option ‘x-systemd.requires=stratisd.service’ must be included to ensure that Systemd waits to activate this device until the stratisd service is loaded.

Answer 205

A

stratis filesystem snapshot mypool mystratisfs mysnapshot

This snapshot could then manually be mounted (by name) and then accessed.

Answer 206

A

/etc/redhat- release

Answer 207

A

systemd-udevd

‘udevadm monitor’ can be executed to monitor events that are processed while activating new hardware devices.

Answer 208

A

modprobe vfat

‘modprobe -r’ can be used to unload a module along with its dependencies (if allowed)

Answer 209

A

dnf upgrade kernel

The kernel files for the last four kernels that you have installed on your server will be kept in the ‘/boot’ directory.

Answer 210

A

emergency.target
rescue.target
multi-user.target
graphical.target

Answer 211

A

systemctl –type=target

Answer 212

A

systemctl -t target –all

Answer 213

A

systemctl isolate rescue.target

After finishing in rescue mode, ‘systemctl isolate reboot.target’ can be used to restart the computer.

Answer 214

A

systemctl set-default graphical.target

‘systemctl get-default’ will display the current default target

To set the graphical.target as the default target, you need to make sure that the ‘server with gui’ RPM package group is already installed via ‘dnf’

Answer 215

A

/etc/default/grub

Additionally, the ‘/etc/grub.d’ directory contains complicated shellcode that can be used to further configure GRUB 2.

Answer 216

A

/boot/grub2/grub.cfg

Answer 217

A

/boot/efi/EFI/redhat/grub.cfg

Answer 218

A

‘rhgb’ and ‘quiet’

With these options enabled, you will not see any messages scrolling by during boot.

Answer 219

A

GRUB_TIMEOUT

For example ‘GRUB_TIMEOUT=10’ would make the server wait for 10 seconds on the GRUB 2 boot menu before continuing the boot procedure.

Answer 220

A

grub2-mkconfig -o /boot/grub2/grub.cfg

The ‘-o’ option is used to specify the file where the output should be sent to. On a UEFI machine, this file should be ‘/boot/efi/EFI/redhat/grub.cfg’

Answer 221

A

Enter ‘e’ to configure boot parameters for the kernel you wish to use
Find the line that starts with ‘linux $(root)/vmlinuz’
At the end of this line, add ‘systemd.unit=emergency.target’
Enter ‘Ctrl-X’ to to boot

Answer 222

A

Restart the server from the installation disk (for a VM, this is configured in VM boot settings)
Enter the ‘Troubleshooting’ menu
Select ‘Rescue a Red Hat Enterprise Linux System’
When prompted about finding an installed Linux system, press ‘1’ to continue
Type ‘chroot /mnt/sysimage’ to ensure that all path references to configuration files are correct
When finished, type ‘exit’ to quit the ‘chroot’ environment and then enter ‘reboot’ to restart the server

Answer 223

A

For a KVM virtual machine server, execute ‘grub2-install /dev/vda’

For a physical server or VMWare/Virtual Box server, execute ‘grub2-install /dev/sda’

Answer 224

A

Enter the rescue environment and execute the ‘dracut –force’ command.

During boot, you will know that you have a problem with the ‘initramfs’ because you’ll never see the root file system getting mounted on the root directory, nor will you see any Systemd units getting started.

Answer 225

A

Enter the root password
Type ‘mount -o remount,rw /’ to make sure the root file system is mounted and writable
Analyze the ‘/etc/fstab’ file and fix it

Answer 226

A

Enter the GRUB 2 menu and press ‘e’ on the relevant kernel
Find the line that loads the kernel and add ‘init=/bin/bash’ to the end of it
Once the root shell is opened, type ‘mount -o remount,rw /’ to get read/write access to the root filesystem
Create a new root password with the ‘passwd’ command
Execute ‘touch /.autorelabel’ to create this file in the root directory. This file is necessary for SELinux to correctly set the security labels upon reboot.
Type ‘exec /usr/lib/systemd/systemd’ to replace ‘/bin/bash’ with ‘Systemd’ as the new PID 1.

‘exec’ must be used to start Systemd because ‘exec’ will replace the current process with the new process given, rather than starting the process as a child process to the current process.

Answer 227

A

!/bin/bash

This tells the subshell how to interpret the commands.

Answer 228

A

bash helloscript

Answer 229

A

$@

The ‘$@’ variable can be iterated over via a for loop in Bash:

for i in $@
do
echo $i
done

Answer 230

A

exit 0

This statement will tell the parent shell that the command executed successfully.

Answer 231

A

!/bin/bash

if [ -z $1 ]; then
echo enter a name
read NAME
else
NAME=$1
fi

echo you have entered the text $NAME
exit 0

‘$1’ refers to the first argument given to the command. The line ‘if [ -z $1 ];’ checks whether $1 is empty; if so, it means that no argument was provided when starting this script. Notice that when you’re writing the test command with the square brackets, it is essential to include one space after the opening bracket and one space before the closing bracket; without these spaces, the command will not work.

Answer 232

A

test -e myfile
[ -e myfile ]

Both of these syntaxes use the ‘test’ command.

Answer 233

A

[ -z $1 ] && echo no argument provided

‘&&’ is the logical AND and will execute the second part of the statement only if the first part is true. ‘||’ is a logical OR and will execute the second part of the statement only if the first part is not true.

Answer 234

A

!/bin/bash

for (( COUNTER=100; COUNTER > 0; COUNTER– )); do
echo $COUNTER
done

exit 0

Answer 235

A

!/bin/bash

for i in {100..105}; do
ping -c 1 192.168.122.$i >/dev/null || echo ping was not successful
done

exit 0

In the above script, the ‘echo’ command is only being executed when the ‘ping’ is not successful.

Answer 236

A

!/bin/bash

while ps aux | grep $1 | grep -v grep >/dev/null
do
sleep 5
done

clear
echo your process has stopped
exit 0

The pipe to ‘grep -v grep’ is used to exclude lines containing the ‘grep’ command from the result.

Answer 237

A

A ‘while’ loop will continue to execute as long as the condition is true. An ‘until’ loop lasts until the condition is true (or while a condition is false).

Answer 238

A

!/bin/bash

case $1 in
start)
echo You chose to start.
;;
stop)
echo You chose to stop.
;;
restart)
echo You chose to restart.
;;
*)
echo Invalid input.
;;
esac

exit 0

Answer 239

A

Open the file ‘/etc/ssh/sshd_config’ in an editor
Add the line ‘AllowUsers lisa matthew’ and save the changes

This will only allow the users ‘matthew’ and ‘lisa’ to connect to this server via SSH. Not even ‘root’ can remotely connect to this server with this setting (although ‘sudo -i’ and ‘su -‘ will both still work).

Answer 240

A

Open the file ‘/etc/ssh/sshd_config’ in an editor
Add the line ‘Port 2022’ and close the editor
Execute ‘semanage port -a -t ssh_port_t -p tcp 2022’ to apply the correct SELinux label to port 2022
Open the firewall for TCP port 2022 with the command ‘firewall-cmd –add-port=2022/tcp –permanent’
Execute ‘firewall-cmd –reload’ to reload the new firewall configuration to runtime
Restart ‘sshd’ via ‘systemctl restart sshd’

Answer 241

A

Ensure that the ‘UseDNS yes’ line is included in ‘/etc/ssh/sshd_config’

This will make the SSH server first perform a reverse DNS lookup on the IP address to find a hostname. The server will then perform a forward DNS lookup on that hostname to see if it matches the original IP address.

This option being set to ‘yes’ usually involves a significant performance penalty.

Answer 242

A

Ensure that the ‘MaxSessions’ line in ‘/etc/ssh/sshd_config’ is set to ‘MaxSessions 25’

Answer 243

A

On the server, open the ‘/etc/ssh/sshd_config’ file in an editor
Find the ‘ClientAliveInterval’ option and set it to 60
Find the ‘ClientAliveCountMax’ parameter and set it to 10
Save the changes and exit the file. Restart the sshd service.

There are also client-side counterparts to these options, named ‘ServerAliveInternal’ and ‘ServerAliveCountMax’

Answer 244

A

PasswordAuthentication no

Answer 245

A

Type ‘ssh-agent /bin/bash’ to start the agent for the current (Bash) shell
Type ‘ssh-add’ to add the passphrase for the current user’s private key (you’ll be prompted to enter the passphrase you set during key generation). The key is now cached.
Connect to the remote server. Notice that there is no longer a need to enter the passphrase

If you log out or close the shell, the ssh-agent will terminate, and the passphrase will be required again the next time you try to use the private key.

Answer 246

A

dnf group install “Basic Web Server”

Answer 247

A

dnf install curl

Answer 248

A

/etc/httpd/conf/httpd.conf

Answer 249

A

DocumentRoot

A common default ‘DocumentRoot’ for Apache is ‘DocumentRoot “/var/www/html”’. Apache will by default look for a file named ‘index.html’.

Answer 250

A

systemctl enable –now httpd

Answer 251

A

ServerRoot

By default, the ‘/etc/httpd’ directory is used for this purpose.

Answer 252

A

/etc/httpd/conf.d

Answer 253

A

Add lines to the ‘/etc/hosts’ file that make it possible to resolve the names of the virtual host you are going to create to the IP address of the virtual machine. It should look like this:

192.168.4.210 account.example.com account
192.168.4.210 sales.example.com sales

On the Apache server, open a root shell and add the following to the ‘/etc/httpd/conf/httpd.conf’ file:

<Directory /www/docs>
Require all granted
AllowOverride None
</Directory>

On the Apache server, open a root shell and create a configuration file with the name ‘account.example.com.conf’ in the ‘/etc/httpd/conf.d’ directory. Give this file the following content:

<VirtualHost *:80>
ServerAdmin webmaster@account.example.com
DocumentRoot /www/docs/account.example.com
ServerName account.example.com
ErrorLog logs/account.example.com-error_log
CustomLog logs/account.example.com-access_log common
</VirtualHost>

Close the configuration file, and from the root shell type ‘mkdir -p /www/docs/account.example.com’
Create a file with the name ‘index.html’ in the account document root.
Now back on the root shell, create the ‘/etc/httpd/conf.d/sales.example.com.conf’ and use the same format as the ‘account.example.com.conf’ file. Then create the ‘/www/docs/sales.example.com’ document root, and create a file
‘index.html’ in it.
For the purpose of this exercise only, switch off SELinux using ‘setenforce 0’
Restart the Apache web server with ‘systemctl restart httpd’

Answer 254

A

getenforce

The ‘sestatus -v’ command also works.

Answer 255

A

Add ‘selinux=0’ to the ‘/etc/default/grub’ file (to the line that starts the Linux kernel) and then write those changes with ‘grub2-mkconfig -o /boot/grub2/grub.cfg’

Answer 256

A

Add the line ‘SELINUX=enforcing’ or ‘SELINUX=permissive’ to the ‘/etc/sysconfig/selinux’ file.

In ‘permissive’ mode, SELinux will not deny any permissions but it will still log to the ‘/var/log/audit/audit.log’ file.

Answer 257

A

ls -aZ

The ‘-Z’ option shows context label settings. Many commands support the ‘-Z’ option, including ‘ss’ and ‘ps’

Answer 258

A

dnf whatprovides */semanage

Answer 259

A

User:Role:Type

Answer 260

A

semanage fcontext -a -t httpd_sys_content_t “/website(/.*)?”
restorecon -R -v /website

For the ‘semanage fcontext’ command, the ‘-a’ option is used to add a context type while the ‘-t’ option specifies that we are changing the context type rather than the user or role. For ‘restorecon’ the ‘-R’ option is used to relabel files/directories recursively while the ‘-v’ option specifies that the command should output the changes that are made.

Answer 261

A

dnf install selinux-policy-doc

Make sure to execute ‘mandb’ to update the man pages with the new SELinux content.

Answer 262

A

Execute ‘man -k _selinux | grep http’ to find the man pages that document SELinux settings for Apache.

You can also examine the default environment for clues. For example, you can use ‘ls -Z /var/www’ to look at the context type used for the default document root.

Answer 263

A

Execute ‘restorecon -Rv /’
Create the ‘/.autorelabel’ file and then reboot the system.

Answer 264

A

semanage port -a -t http_port_t -p tcp 82

The ‘-p’ option is used to specify the port when using the ‘semanage port’ command.

Answer 265

A

getsebool -a

‘grep’ can be used here to filter for specific services such as ‘http’ or ‘ftp’

Answer 266

A

setsebool -P ftpd_anon_write on

The ‘-P’ option specifies that the changes should be permanent rather than only applied to the runtime. ‘ftpd_anon_write’ is the specific Boolean that enables/disables anonymous writes for the FTP server.

Answer 267

A

/var/log/audit/audit.log

Answer 268

A

grep AVC /var/log/audit/audit.log

SELinux messages are logged with ‘type=AVC’ in the audit log.

Answer 269

A

dnf install setroubleshoot-server

Make sure to reboot the server after installing ‘sealert’ to ensure that all processes that are involved are restarted correctly.

Now, the next time an SELinux message is written to the audit log, an easier-to-understand message is written to the systemd journal.

Answer 270

A

journalctl | grep sealert

Running the command suggested by ‘sealert’ will query the SELinux event database and often give suggestions on how to fix the problem.

Answer 271

A

/usr/lib/firewalld/services

The ‘/etc/ firewalld/services’ directory stores custom service XML files.

Answer 272

A

firewall-cmd –get-services

When working with Firewalld, the right services need to be added to the right zones. Also, the firewall configuration can be enhanced with more specific settings if the zones are not robust enough.

Answer 273

A

firewall-cmd –get-default-zone

If an incoming packet does not belong to a specific zone, the packet is handled by the settings in the default zone.

‘firewall-cmd –get-zones’ will list all zones available to Firewalld.

Answer 274

A

firewall-cmd –list-services

Answer 275

A

firewall-cmd –list-all

Answer 276

A

firewall-cmd –reload

The ‘firewall-cmd –runtime-to-permanent’ command can be used to make the current runtime configuration the permanent configuration.

Answer 277

A

firewall-cmd –add-service=vnc-server –permanent

Answer 278

A

firewall-cmd –add-port=2020/tcp –permanent

Answer 279

A

/etc/exports

Answer 280

A

showmount -e datashare

The ‘showmount’ command may not work if the the ‘mountd’ and ‘rpc-bind’ services are not added to the NFS server firewall configuration.

Answer 281

A

dnf install nfs-utils

Make sure to also enable the NFS service with ‘systemctl enable –now nfs-server’

Answer 282

A

/nfsdata *(rw,no_root_squash)

In this line, the ‘*’ is used to specify that this export is available to all hosts. The ‘rw’ option gives read-write access to every remote host. Lastly, the ‘no_root_squash’ option allows root users to retain their root-level privileges on the NFS server.

Without the ‘no_root_squash’ option, if a remote user connects as the root user (uid 0), their access is mapped to the ‘nfsnobody’ user (usually with uid 65534) on the server.

Answer 283

A

firewall-cmd –add-service nfs –permanent
firewall-cmd –add-service rpc-bind –permanent
firewall-cmd –add-service mountd –permanent

Do not forget to reload the firewall with ‘firewall-cmd –reload’

Answer 284

A

mount server2.example.com:/ /mnt

In a root mount, you just mount the root directory of the NFS server, and under your local mount point you’ll only see the shares to which you have access.

Answer 285

A

Add the following line to the ‘/etc/fstab’ file:

server1:/nfsdata /datashare nfs sync 0 0

The third column contains the NFS file system type. The ‘sync’ option ensures that modified files are committed to the remote file system immediately and are not placed in write buffers first (which would increase the risk of data getting lost).

Answer 286

A

dnf install autofs

Answer 287

A

Ensure the ‘autofs’ RPM package is installed on ‘server1’
Ensure the ‘/nfsdata’ directory is currently being exported on ‘server2’
Type ‘vim /etc/auto.master’
Add the line ‘/nfsdata /etc/auto.nfsdata’ and exit the editor
Type ‘vim /etc/auto.nfsdata’
Add the line ‘files -rw server2:/nfsdata’ and close the editor
Run ‘systemctl enable –now autofs’

Answer 288

A

Add this line to ‘/etc/auto.master’:

/home /etc/auto.users

Then, add this line to ‘/etc/auto.users’:

-rw server2:/users/&

Restart the ‘autofs’ service with ‘systemctl restart autofs’

Answer 289

A

systemctl edit httpd.service

This will automatically create the ‘/etc/systemd/system/httpd.service.d/override.conf’ file.

Answer 290

A

/root/anaconda-ks.cfg

This is a Kickstart file.

Answer 291

A

grep -E “svm|vmx” /proc/cpuinfo

‘vmx’ is the virtualization extension used on Intel CPUs while ‘svm’ is the the extension used on AMD CPUs.

Answer 292

A

dnf group install “Virtualization Host”

Answer 293

A

virt-host-validate

Answer 294

A

https://localhost:9090

Answer 295

A

Execute ‘dnf install cockpit-machines’
Execute ‘systemctl enable –now cockpit.socket’

Answer 296

A

dnf install virt-install

Answer 297

A

virt-install –name testvm –memory 2048 –vcpus 2 –disk size 20 –os-type linux –cdrom /rhel9.iso

Answer 298

A

Simply omit the line that sets the root password from the Kickstart file.

Brainscape's Knowledge GenomeTM

Commands Flashcards

Brainscape's Knowledge Genome^TM