Repos Flashcards
(200 cards)
1
Q
Steps to add a repo
A
- Create a .repo file in /etc/yum.repos.d with:
dnf config-manager --add-repo="file:///repo/AppStream" - Edit the newly created file AppStream.repo in /etc/yum.repos.d
- Set gpgcheck=0
- Verify availability of the repo with:
dnf repolist
2
Q
Steps to reset a lost root password
A
- Boot to the grub menu
- Press āeā
- On the line that loads the kernel add
init=/bin/bashas a boot argument - Ctrl-x to boot with this option
mount -o remount,rwpasswd- touch /.autorelabel
exec /usr/lib/systemd/systemdreboot
3
Q
Command to install bash tab completion
A
dnf install bash-completion
4
Q
Search man pages for string
A
man -k string
5
Q
Update the mandb
A
sudo mandb
6
Q
Two user local bash scripts
A
-
~/.bash_profile- Executed for all login shells -
~/.bashrc- Executed for all non-login interactive shells
7
Q
Tar create .tar archive
A
tar -cvf /output/path.tar /path/to/archive
8
Q
Extract tar archive
A
tar -xvf /path/to/archive.tar
9
Q
Display overview of all mounted devices
A
mount
10
Q
Display available disk space on all mounted file systems
A
df -Th
11
Q
Mount all file systems specified in /etc/fstab
A
mount -a
12
Q
List files in order of last modified
A
ls -lat
13
Q
Create a new user account
A
useradd example.user
14
Q
Add a user to a supplemental group
A
usermod -aG example.group example.user
15
Q
Add a new group
A
groupadd example.group
16
Q
Delete a user and their home dir
A
userdel -r example.user
17
Q
Delete a group
A
groupdel example.group
18
Q
Remove a user from a group
A
gpasswd -d example.user example.group
19
Q
Get a list of all users
A
cat /etc/passwd
20
Q
Get a list of all groups
A
cat /etc/group
21
Q
File that contains default user properties
A
/etc/login.defs
22
Q
Change password expiration and user disablement policies
A
chage example.user
23
Q
Visudo line to allow user to change passwords except for root
A
example.user ALL=/usr/bin/passwd, !/usr/bin/passwd root
24
Q
Repair the sudo configuration assuming you broke it
A
pkexec visudo
25
Directory containing default shell scripts for new users
`/etc/skel`
26
List users of a specific group
`groupmems -g example.group -l`
27
List the primary group for a user
`groups example.user`
28
Set the sticky bit on a directory
`chmod +T ./dir/`
29
If the sticky bit is set who can delete files in the directory?
1. Root
2. Owner of the file
3. Owner of the directory
30
Sticky bit letter
1. Lowercase t - both sticky and others execute are set
2. Uppercase T - only sticky bit is set
31
Set the setuid bit on an executable file
`chmod u+s myfile`
32
Setuid bit letter
1. Lowercase s - setuid bit is set and user owner execute bit is set
2. Uppercase S - only setuid bit is set
33
Set the setguid bit on a file or directory
`chmod g+s myfile`
34
Setguid letter
1. Lowercase s - both setguid and group execute bit are set
2. Uppercase S - only the setuid bit is set
35
Look for package that contains a file
`dnf whatprovides */name`
36
List all installed packages
`dnf list installed`
37
List package groups
`dnf group list`
38
Install a package group
`dnf group install name`
39
Search for a string that occurs in package name, summary or description
`dnf search all string`
40
Display info about a package
`dnf info name`
41
View dnf history
`dnf history`
42
Stop a job temporarily so it can be managed
Ctrl-z
43
Continue job that has just been frozen using ctrl-z in the background
`bg`
44
Bring last job moved to the background to the foreground
`fg`
45
Show jobs currently running from this shell
`jobs`
46
List all running processes and associated user
`ps aux`
47
Show parent child relationship between processes
`ps fax`
48
Niceness value meaning and range
-20 to 19, lower = higher priority
49
Run a job with a specific priority of 5
`nice -n 5 ls`
50
Change the priority of a running process
`renice -n 10 -p 1234`
51
List all available man page entries for a command
`man -f passwd`
52
Install the man pages
`dnf install man-pages`
53
List signal names
`kill -l`
54
Find zombie processes
`ps aux | grep defunct`
55
Change the tuned profile
1. `dnf install tuned`
2. `systemctl enable --now tuned`
3. `tuned-adm active` to get the current profile in use
4. `tuned-adm list` to list available profiles
5. `tuned-adm recommend` to show a recommended profile
6. `tuned-adm profile name` to change the profile
56
List all units of type service
`systemctl list-unit-files -t service`
57
Reload unit config files after changes
`systemctl daemon-reload`
58
Edit a unit file with an override drop-in
`systemctl edit example.service`
59
Get the default target
`systemctl get-default`
60
Switch to a different target
`systemctl isolate name.target`
61
List the dependencies that a unit has
`systemctl list-dependencies name`
62
Systemd service requires keyword meaning
If this unit loads, units listed here will load also. If one of the other units is deactivated, this unit will also be deactivated
63
Systems service requisite keyword meaning
If the units listed here are not already loaded, this unit will fail
64
Systemd service wants keyword meaning
The unit wants to loaf the units that are listed here, but it will not fail of any of the listed units fail
65
Systemd service before keyword meaning
This unit will start before the units specified here
66
Systemd service after keyword meaning
This unit will start after the units specified here
67
Check a calendar format for systemd timers
`systemd-analyze calendar *-*-* *:*:*`
68
Manpage with crontab format
`man 5 crontab`
69
Crontab meaning 0 */2 2 12 5
Every two hours on the hour on DEC 2 and every Friday in December
70
Create a cronjob for a specific user
`crontab -e -u user`
71
How should you add system cronjobs on rhel 9?
1. Copy the file `/etc/crontab` to `/etc/cron.d` and edit it.
2. Alternatively add scripts to `/etc/cron.whatever` these scripts are executed by anacron
72
List scheduled at jobs
`atq`
73
Remove a scheduled at job
1. `atq`, get the number n
2. `atrm n`
74
Schedule a job with at
1. at 15:30
2. logger hello world!
3. Ctrl-d
75
Get help with at job time formats
`/usr/share/doc/at/timespec`
76
What files does rsyslogd write to
Files in `/var/log` directory
77
Logging options on RHEL9
1. Systemd journal which writes to a binary format
2. Rsyslogd which writes to files in `/var/log`
3. auditd which provides in-depth trace of what specific services, processes, or users have been doing
78
/var/log/messages
Most commonly used log file, generic log where most messages are written to
79
/var/log/dmesg
Kernel log messages
80
/var/log/secure
Authentication-related messages
81
/var/log/boot.log
Messages related to boot
82
/var/log/audit/audit.log
Audit message, SELinux writes to this file
83
/var/log/maillog
Mail related messages
84
/var/log/httpd
Log files written DIRECTLY (not through rsyslog) by apache
85
Display a live feed of the system journal
`journalctl -f`
86
Show kernel related journal messages only
`journalctl --dmesg`
87
Show journal messages since yesterday
`journalctl --since yesterday`
88
Show journal messages with error level priority
`journalctl -p err`
89
File location of the systemd journal
`/run/log/journal`
90
Make the journal persistent between reboots
1. Edit `/etc/systemd/journald.conf`
2. Set `Storage=persistent`
3. systemctl restart systemd-journal-flush
4. This will automatically create /var/log/journal directory
91
rsyslog configuration file
`/etc/rsyslog.conf`
92
Log rotate configuration file
`/etc/logrotate.conf`
93
Obtain current redhat release version
`cat /etc/redhat-release`
94
Emergency.target explanation
Minimal number of units started, just enough to fix system
95
rescue.target explanation
Starts all units required to get a fully operational system but no non-essential units
96
Change the default systemd target to graphical
`systemctl set-default graphical.target`
97
Grub config files
1. `/etc/default/grub` - Contains settings that grub will use when generating config
2. Files in `/etc/grub.d` - You typically don't have to modify these filess
3. /boot/grub2/grub.cfg - The generated config, if the system is booted in BIOS, don't edit this
4. /boot/efi/EFI/redhat/grub.cfg - The generated config, if the system is booted in UEFI, don't edit this
98
If you want to see boot messages what options should you remove from
GRUB_CMDLINE_LINUX in /etc/default/grub
rhgb, quiet
99
Man page to find grub kernel boot arguments
`man 7 bootparam`
100
Command to generate the grub config file
1. For bios: grub2-mkconfig -o /boot/grub2/grub.cfg
2. For UEFI: grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
101
Does grub automatically add kernels to the menu?
Yes, if it detects them
102
Grub /etc/default/grub settings: GRUB_DEFAULT
Default menu entry. The word 'saved' or title of the entry or a number that identifies the Nth entry in the generate menu starting from zero
103
Grub /etc/default/grub settings: GRUB_TIMEOUT
Boot the default entry this many seconds after the grub menu is displayed
104
Grub /etc/default/grub settings: GRUB_TERMINAL_OUTPUT
Sets the output device that grub will be displayed on
105
Grub /etc/default/grub settings: GRUB_CMDLINE_LINUX
Command-line arguments to add to menu entries for the Linux kernel
106
Grub /etc/default/grub settings: GRUB_DISABLE_RECOVERY
IF set to true, disable the generation of recovery mode menu entries
107
Grub linux boot parameter: rd.break
Stops the boot procedure while still in the initramfs stage, root file system will not be mounted on / yet, root password will be required
108
Grub linux boot parameter: init=/bin/bash
Specifies a shell should be started immediately after loading the kernel and initrd, provides earliest possible access to a running system, no root password required, file system will be mounted as read-only
109
Grub linux boot parameter: systemd.unit=anything.target
Will boot into the target specified e.g emergency.target, rescue.target
110
Troubleshooting: grub install broken
`grub2-install /path/to/device/to/install/on`
111
Troubleshooting: initramfs damaged
`dracut --force`
112
Troubleshooting: Give root password for maintenance
0. This error pertains to a file system issue, probably something with /etc/fstab
1. `journalctl -xb` and look for relevent messages
2. If the issue is file-system related: continue
3. `mount -o remount,rw /`
4. `vim /etc/fstab` and go to work
113
Config file for sshd daemon
`/etc/ssh/sshd_config`
114
Config file for default ssh client
`/etc/ssh/ssh_config` - This file will be overrided for a specific user if `~/.ssh/config` exists
115
Disable root login for SSH
1. Edit `/etc/ssh/sshd_config`
2. Change `PermitRootLogin no` optino
3. `systemctl restart sshd`
116
Only allow root to login to ssh via public/private key pair
1. Edit `/etc/ssh/sshd_config`
2. Change option `PermitRootLogin` to `prohibit-password`
3. `systemctl restart sshd`
117
Change the listening port for ssh to 5000
1. Edit `/etc/ssh/sshd_config`
2. Uncomment the port 22 line and change to 5000
3. `semanage port -l | grep 5000`
4. `semanage -a -t ssh_port_t -p tcp 5000`
5. Verify change with `semanage port -l | grep 5000`
6. firewall-cmd --add-port=5000/tcp --permanent
118
Allow only specific users to connect via ssh
1. Edit `/etc/ssh/sshd_config`
2. Add `AllowUsers` config option, e.g `AllowUsers = Jimmy, bob`
119
Command to get active firewall zones
`firewall-cmd --get-active-zones`
120
Command to get current default firewall zone
`firewall-cmd --get-default`
121
Command to get pre-defined firewall zones
`firewall-cmd --get-zones`
122
Get info about a specific zone
`firewall-cmd --info-zone=trusted`
123
Get all active zones and their info
`firewall-cmd --list-all`
124
Disable password logins and use certs only for ssh
1. Edit `/etc/ssh/sshd_config`
2. Change `PasswordAuthentication` option to `no`
3. `systemctl restart sshd`
125
Setting up SSH key-based login
1. `ssh-keygen`
2. `ssh-copy-id user@server`
3. Type in the password of the user
126
SELinux config file
`/etc/sysconfig/selinux`
127
Change SELinux enforcing mode persistently
1. edit `/etc/sysconfig/selinux`
2. Set `SELINUX` option to `enforcing` or `permissive`
128
Get a lot of information about SELinux on the machine
`sestatus -v`
129
If the output of getenforce shows Disabled
1. edit `/etc/default/grub`
2. Add `selinux=1` to the line that starts the linux kernel
3. grub2-mkconfig -o `/boot/grub2/grub.cfg` - assuming bios
4. `reboot`
130
What option can you pass to commands to get SElinux information
`-Z`
131
How to install semeanage
`dnf whatprovides */semanage`
132
What should you do once you get a repo on the machine stetup
1. `dnf install bash-completion`
2. `dnf whatprovides */semanage`
133
Change SELinux context type for an entire directory and its contents
1. `semanage fcontext -a -t httpd_sys_content "/mydir(/.*)?"`
2. `restorecon -R -v /mydir`
134
Man pages that contain good examples for semanage fcontext
1. `man semanage-fcontext`
2. `/example`
135
How do you find the right context type to use?
1. Look at the default environment
2. Or Try reading configuration files
3. Or `dnf install selinux-policy-doc`
4. `mandb`
5. `man -k name_selinux` to find man pagaes for specific server
136
How to apply all context defined in the policy to the file system
1. `restorecon -Rv /`
2. Or `touch /.autorelabel`
137
Do you need to run restorecon after making a port label change?
No
138
Get a list of SElinux booleans on the system
1. `getsebool -a`
2. Or `semanage boolean -l`
139
Change a SElinux boolean
`setsebool ftpd_anon_write on -P` - `-P` makes it permanent
140
What file does SELinux write messages to?
`/var/log/audit/audit.log`
141
View SELinux messages
`grep AVC /var/log/audit/audit.log`
142
How to get access to the sealert command?
1. `dnf install setroubleshoot-server`
2. `reboot`
143
How to use sealert?
1. `journalctl | grep sealert`
2. Run the command that it recomends
144
Get a list of firewall service names
`firewall-cmd --get-services`
145
Add a service to a zone
`firewall-cmd --zone=zonename --add-service=ftp`
146
Remove a service from a zone
`firewall-cmd d--zone=zonename --remove-service=ftp`
147
Make the current running firewall config permanent
`firewall-cmd --runtime-to-permanent`
148
List NFS shares that are available
1. If NFSv4 is in use: mount the root directory of the NFS server and you'll see the shares under the mount point
2. Or `showmount -e nfsserver` - This command might have issues with firewalls
149
Install packages needed to work with NFS shares
1. `dnf install nfs-utils`
2. `dnf install autofs`
150
How do you mount a remote file system with /etc/fstab
`servername:/share /nfs/mount/point nfs sync 0 0`
151
Mount a file system in /etc/fstab via UUID
UUID=be9d4278-55f8-42ef-bc6b-dbfa90e4cc8a / xfs defaults 0 0
152
Get UUIDs for devices
lsblk -o name,UUID
153
What are the two ways to mount nfs file shares
1. automount provided by either systemd or the autofs service
2. `/etc/fstab`
154
Where is the automount autofs service master config file?
`/etc/auto.master`
155
How do you mount an NFS share via automount provided by the autofs service?
1. Create a file `/etc/auto.sharename`
2. Edit the file and add `/mount/point -rw servername:/sharename`
3. Edit `/etc/auto.master`
4. Add line `/sharename /etc/auto.sharename`
5. `systemctl enable --now autofs`
156
Convert an epoch time to human time
`date --date '@142087251'`
157
Synchronize the current system time to the hardware clock
`hwclock --systohc`
158
Syncronize the current hardware time to the system clock
`hwclock --hctosys`
159
Set the system time
`timedatectl set-time TIME`
160
Set the current timezone
`timedatectl set-timezone ZONE`
161
List available timezones
`timedatectl list-timezone`
162
Get the current system time
`date`
163
Get the current hardware clock time
`hwclock`
164
Set the current system time
`date -s TIME`
165
If timedatectl does not work what do you do?
1. `dnf install chrony`
2. `systemctl enable chronyd --now`
166
Where is the chrony main configuration file?
`/etc/chrony.conf`
167
How do you configure the machine as an NTP client?
1. edit `/etc/chrony.conf`
2. `firewall-cmd --add-service ntp --permanent`
3. `firewall-cmd --reload`
4. `chronyc sources` - To verify results
168
What are rootless containers?
Containers started as a non-root user, can generate UID dynamically or be preconfigured to use a specific UID
169
Where is the container registry access config file?
`/etc/containers/registries.conf`
170
What package do you need to install to work with containers?
`dnf install container-tools`
171
Get a list of currently existing containers including ones that have stopped
`podman ps -a`
172
Start a container in detatched mode
`podman run --name=webserver -d nginx`
173
Get info about podman and which registries are in use
`podman info`
174
How do you search for a container image
`podman search`
175
Inspect a container image
1. `skopeo inspect nginx` - Works on local and non-local images
2. `podman inspect gnix` - Only works for local images
176
Remove a container
`podman rm nameorid`
177
Stop a running container
`podman stop nameorid`
178
Forcefully kill a running container
`podman kill nameorid`
179
Restart a currently running container
`podman restart nameorid`
180
How do you pass environment variables to a container when running it?
`podman run -d -e MYSQL_ROOT_PASSWORD=password -e MYSQL_USER=jim -p externalport:internalport mariadb`
181
How do you open a shell in a running container?
`podman exec -it containernameorid /bin/bash`
182
Run a command in a running container?
`podman exec nameorid cmd`
183
How do you run a root container?
`sudo podman run nginx`
184
Provide persistent storage to a container
`podman run -d ... -v /hostdir:/containerdir` - Permissions are important on the files
185
Detatch from the shell in the container and keep the container running
Ctrl-p, Ctrl-q
186
How do you delete a container image that is local to the machine?
`podman rmi name`
187
List container images
`podman images`
188
Where are container images stored?
`/var/lib/containers`
189
How do you run a command within the container namespace
`podman unshare cmd`
190
View the UID mapping for a running container
`podman unshare cat /proc/self/uid_map`
191
How to find the user that the container is running under
`podman inspect imagename`
192
How to set appropriate directory ownership on bind-mounted directory for rootless container
1. `podman inspect imagename` - And get the user id
2. `podman unshare chown nn:nn directoryname` - where nn is the uid from the first step, directoryname must be in the home directory
3. Verify with `podman unshare cat /proc/self/uid`
4. Verify the mapped user is owner on the host `ls -ld /directoryname`
193
Run a container with a bind mount and let podman handle the selinux assignment
`podman run -d --name mydb -v /home/student/mydb:/var/lib/mysql:Z quay.io/centos7/mariadb-103-centos7`
194
Enable Starting of systemd user services when the system starts up
`loginctl enable-linger user`
195
Create and enable a systemd service for a container (rootless)
0. Login as the user that should start the container, don't use root shell or sudo
1. Make sure your container has been created already
2. `mkdir -p ~/.config/systemd/user`
3. `cd ~/.config/systemd/user`
4. `podman generate systemd --name angry_shtern --files --new` - To create a unit file
5. Edit the generated file change `WantedBy=default.target`
6. `systemctl --user daemon-reload`
7. `systemctl --user enable --now container-angry_shtern.service`
196
List the top 5 cpu usage processes on the machine
`ps aux --sort=-pcpu | head -n 5`
197
List the top 5 memory using processes on the machine
`ps aux --sort=-rss | head -n 5`
198
Copy a file to a remove server via scp
`scp /etc/hosts server2:/tmp`
199
Copy an entire subdirectory subdirectory structure from a remote server via scp
`scp -r server2:/etc/ /tmp`
200
Copy a file from the remote server to your machine as root
`scp root@server2:/etc/passwd ~`
