RHCSA EX200

Red Hat Certified System Administrator

Duration: 4Hrs Total Questions: 20 Full Marks: 300 Passing Marks: 210

Important Informations

You have to configure servera.lab.example.com and serverb.lab.example.com with the following requirements. Your Domain name: - lab.example.com Your Network: - 172.25.250.0/255.255.255.0 Hostname: - servera.lab.example.com and serverb.lab.example.com Your root user password for serverb.lab.example.com is redhat The servera.lab.example.com ip address is 172.25.250.10

Example Practice Questions

Configure the network

Assign Hostname and Ip address for your virtual machine. Hostname serverb.lab.example.com IP Address 172.25.250.11 Netmask 255.255.255.0 Gateway 172.25.250.254 Nameserver 172.25.250.254


#From console of serverb.lab.example.com
hostnamectl set-hostname serverb.lab.example.com #Sets FQDN
hostname #To verify hostname
nmcli connection #Shows all connection interfaces
nmcli connection modify "wired_connection_name" ipv4.addresses 172.25.250.11/24 ipv4.gateway 172.25.250.254 ipv4.dns 172.25.250.254 ipv4.method static
#Don't forget the netmask /24 means 255.255.255.0
nmcli connection up "wired_connection_name"
ping 172.25.250.11 #To verify if everything is correct
reboot

Create a repository

http://classroom.example.com/content/rhel8.0/x86_64/dvd/AppStream http://classroom.example.com/content/rhel8.0/x86_64/dvd/BaseOS


#Use SSH and [email protected]
vi /etc/yum.repos.d/new.repo #Extension is always repo
[1]
name=app
baseurl=http://classroom.example.com/content/rhel8.0/x86_64/dvd/AppStream
enable=1
gpgcheck=0
[2]
name=base
baseurl=http://classroom.example.com/content/rhel8.0/x86_64/dvd/BaseOS
enable=1
gpgcheck=0

yum clean all #Cleans all cache repos
yum repolist all #Shows all the repo list
yum install vim -y #Verify

Configure the Selinux

Your webcontent has been configured in port 82 at the /var/www/html directory. (Don't alter or remove any files in this directory) Make the content accessible.


semanage port -l | grep http #Check if port is used by any service
semanage port -a -t http_port_t -p tcp 82 #Add service to port
firewall-cmd --permanent --add-port=82/tcp #Add entry to firewall
firewall-cmd --reload #Reloads the firewall for changes to apply
firewall-cmd --list-all #Lists the firewall allows
yum install httpd -y #Install Apache
# Insert the below content
systemctl start httpd #Start the apache service
systemctl enable httpd # Enable the apache service

vim /etc/httpd/conf/httpd.conf #Open apache conf file
#Add a webpage as virtual host
<virtualhost 172.25.250.11:82>
servername serverb.lab.example.com
documentRoot /var/www/html
</virtualhost>
:wq #Saves the file in vim

httpd -t #Checks for syntax errors in config file
systemctl restart httpd #Restart the apache services
ls /var/www/html #Check files for webserver root directory
curl http://172.25.250.11:82/filename #verify

Create the following users, groups and group memberships

a) A group named admin. b) A user harry who belongs to admin as a secondary group. c) A user natasha who belongs to admin as a secondary group. d) A user sarah who does not have access to an interactive shell on the system and who is not member of admin. e) The users harry, natasha, sarah should all have password of password.


groupadd admin # Create group
useradd harry -G admin #User create with group
useradd -G admin natasha #User create with group
useradd -s /sbin/nologin sarah # User create with no shell access
passwd --stdin harry #Create password for harry
id harry #Verify
cat /etc/groups #Verify

Create a collaborative directory /common/admin with the following characteristics

a) Group ownership of /common/admin is admin. b) The directory should be readable, writable and accessible to members of admin, but not to any other user. (It is understood that root has access to all files and directories on the system.) c) Files created in /common/admin automatically have group ownership set to the admin group.


mkdir -p /common/admin #Create the directory
chgrp admin /common/admin #Change ownership to admin
chmod 770 /common/admin # Change permission
chmod g+s /common/admin #Future permission to group
ls -ld /common/admin #verify
su harry #login with harry as he is admin
#create a file inside the folder and verify
logout

Check here to learn https://www.redhat.com/sysadmin/suid-sgid-sticky-bit

Configure autofs to automount the home directories of production5 domain users.

a) servera.lab.example.com (172.25.250.10) NFS -exports /home-directories to your system. b) production5 home directory is servera.lab.example.com:/home-directories/production5 c) production5 home directory should be automounted locally mapped to /localhome in your system. d) The home directories must be writable by their users. e) While you are able to log in as any of the users production1 through production30, the only home directory that is accessible from your system is production5.


yum install autofs #Install autofs
systemctl start autofs #Start the service
systemctl enable autofs # Enable service at system reboot
getent passwd production5 # Shows user home directory info

vim /etc/auto.misc #Edit autofs conf
production5    -rw,soft,intr servera.lab.example.com:/home/production5
:wq

systemctl restart autofs #Restart autofs after conf change
su production5 #Login as the user
#Create a file inside the home directory of production5
logout

Set a Cron job for harry on 12.30 at noon print /bin/echo on "hello".


crontab -eu harry #Open crontab to edit
30 12 * * * /bin/echo "hello"

cat /etc/crontab #Check for the changes in crontab
crontab -lu harry #verify

Check here to learn more https://linuxize.com/post/scheduling-cron-jobs-with-crontab/

Configure Acl permission

a) The file /var/tmp/fstab is owned by root user. b) The file /var/tmp/fstab is belongs to the group root. c) The file /var/tmp/fstab is should not be executable by anyone. d) The user harry is able to read and write by /var/tmp/fstab. e) The user natasha can neither read nor write /var/tmp/fstab. f) All other users (current / future) have the ability to read /var/tmp/fstab.


setfacl -m u:harry:rw /var/tmp/fstab #Set ACL for harry
setfacl -m u:natasha:--- /var/tmp/fstab #Set facl for natasha
getfacl /var/tmp/fstab  /var/tmp/fstab #Verify

Check here to learn https://www.redhat.com/sysadmin/linux-access-control-lists#:~:text=This type of situation is,for other users or groups.

Configure the NTP

Configure your system so that it is an NTP client of classroom.example.com


vim /etc/chrony.conf #Open NTP configuration
#Remove the other default server
server classroom.example.com iburst #Add this line

systemctl restart chronyd.service #Restart the server
chronyd sources #verify

Locate the Files

Find a string "home" in /etc/passwd and searching string as been stored in /root/search.txt


find / -user sarah -type f -exec cp{} /root/find.user \;
ls -al /root/find.user #verify

Find the string

Find a string "home" in /etc/passwd and searching string as been stored in /root/search.txt


grep "home" /etc/passwd > /root/search.txt

Create a user account

Create a new user with UID 1326 and user name as alies.


useradd -u 1326 alies

Create an archieve file

Backup the /var/tmp as /root/test.tar.gz


tar -zcvf /root/test.tar.gz /var/tmp
#If file ext is gz=z and bz2=j

Set the Permission

a) All new creating files for user natasha as -r-------- as default permission. b) All new creating directories for user natasha as dr-x------ as default permission.


su - natasha #change the user in shell
umask #check current umask

vim .bash_profile #Open bash conf
umask 277 #Set custom umask

source .bash_profile #Source new conf
mkdir folder1 #Test1
touch file1.txt #Test2
logout

Check here to learn https://unix.stackexchange.com/questions/84676/how-is-umask-calculated-in-linux

Password Expire Date

The password for all new users in serverb.lab.example.com should expires after 20 days.


vim /etc/login.defs  #Open configuration file
PASS_MAX_DAYS 20     # Number is in days

Assign Sudo Privilege

Assign the Sudo Privilege for Group "admin" and Group members can administrate without any password.


vim /etc/sudoers  #Open the config file
#for user 
admin ALL=(ALL) NOPASSWD:ALL
#For Groups
%admin ALL=(ALL) NOPASSWD:ALL
#Save with
:wq!

To know more about the syntax of the setting file check here https://serversforhackers.com/c/sudo-and-sudoers-configuration

Login Text Message

Configure the application RHCSA as an alice user, When login it will show the message


su - alice  # Change user to alice

vim .bash_profile  #Open bash profile
RHCSA="Welcome to Redhat"
export RHCSA #Export the variable to use
echo $RHCSA  #This will echo at the time of login

source .bash_profile #Apply the bash profile changes
logout 
su -alice #After login you will get the text

Create the script file

a) Create a mysearch script to locate file under /usr/share having size less than 1M. b) After executing the mysearch script file and listed(searched) files has to be copied under /root/myfiles.


mkdir /root/myfiles
vim mysearch
#! /bin/bash
find /usr/share -type f -size -1M -exec cp{} /root/myfiles \; #Find the files
 
chmod +x mysearch #Give execution permission to script
sh mysearch # Run the script

For permissions use -perm /4000 u+s setuid 4000 and g+s setgid 2000

Password Break

Break the password for servera.lab.example.com. Assign root user password as northate.


#Reboot the system and press e when grub comes up to edit grub
# Add rd.break at the last of the line started with Linux
#save and start the machine to enter maintainence mode
mount -o remount,rw /sysroot
chroot /sysroot
passwd --stdin root
#Enter the password
touch /.autorelabel
exit
exit
#Take ssh of that server with new password

This is only possible when you have the physical machine or access to the console of the machine

Create Repository File

http://classroom.example.com/content/rhel8.0/x86_64/dvd/AppStream http://classroom.example.com/content/rhel8.0/x86_64/dvd/BaseOS


vi /etc/yum.repos.d/new.repo #Extension is always repo
[1]
name=app
baseurl=http://classroom.example.com/content/rhel8.0/x86_64/dvd/AppStream
enable=1
gpgcheck=0
[2]
name=base
baseurl=http://classroom.example.com/content/rhel8.0/x86_64/dvd/BaseOS
enable=1
gpgcheck=0

yum clean all #Cleans all cache repos
yum repolist all #Shows all the repo list
yum install vim -y #Verify

Create a swap partition 512MB size


lsblk # Shows all devices
fdisk /dev/vdb #Open fdisk to configure device and partitions
n
p
Enter
Enter
+512M
t
L
82
p
w

udevadm settle on partprobe # Implies that you want to wait for all pending udev events to be completed before running the partprobe command
lsblk 
mkswap /dev/vdb1 #Format the partition as swap
blkid #Get the ID of attatched devices and partitions
vim /etc/fstab #Add entry to mount at boot
/dev/vdb1  swap swap defaults 0 0

free -h #Check total swap
swapon -a #mount the new swap
free -h #Verify the total swap

LVM and LVG

Create one logical volume named database and it should be on datastore volume group with size 50 extent and assign the filesystem as ext3. (i) The datastore volume group extend should be 8MiB. (ii) mount the logical volume under mount point /mnt/database.


fdisk /dev/vdb #Open to make partitions
n
p
Enter
Enter
+2G
t,2
8e
vgcreate -s 8M datastore /dev/vdb2 #Create the vg
lvcreate -l 50 -n database datastore #Create the lv within vg
lsblk #verify the configuration
mkfs.ext3 /dev/datastore/database #Format the logical volume
blkid
mkdir /mnt/database
vim /etc/fstab
/dev/datastore/database /mnt/database ext3 defaults 0 0 #Add to mount on boot

mount -a #Mount the partition
df -hT #See mounted disks

VDO

Create the vectra volume using the VDO with the logical size 50GB and mount under /test directory.


yum install vdo -y #Install vdo
systemctl start vdo #Start vdo service
systemctl enable vdo #Start vdo with system boot
vdo create --name=vectra --device=/dev/vdb --vdoLogicalSize=50G #Create vdo logical partition
vdo list  #Lists all vdo
mkfs.xfs /dev/mapper/vectra #Format the VDO in xfs(default if not mentioned format)
blkid
mkdir /test
vim /etc/fstab #Add in fstab to mount at system boot
/dev/mapper/vectra /test xfs defaults,x-systemd.requires=vdo.service 0 0

mount -a #Mount now
df -hT #See mounted disks

If this question fails you have to login as a maintainence user in Emergency Mode to fix it. Keep the below commands in mind.


#Login in console as root with password
mount -o remount,rw /
vim /etc/fstab
# Comment the vdo line and reboot

LV Extend

Resize the logical volume size of 100 extent on /mnt/database directory.


df -hT
lvextend -l 100 -r /dev/mapper/datastore-database # Size=100*VGSize=100*8MB
#If you want to directly use size use -L 600M

Tuned

Set the recommend tuned profile for your system


yum install tuned
systemctl start tuned
systemctl enable tuned
tuned-adm recommend
tuned-adm profile profile-name
tuned-adm active
tuned-adm list
systemctl restart tuned

Create the container as system startup service

a) Create the container name as logserver with the images rsyslog are stored in registry on paradise user b) The container should be configured as system startup services c) The container directory is container_journal should be created on paradise user

Configure the Container as persistent storage and create logs for container

a) Configure the container with the persistent storage that mounted on /var/log/journal to /home/paradise/container_journal b) The container directory contains all journal files

This 2 question is actually is a mixer of one. Follow as below.


sh root@serverc
id paradise
useradd paradise
passwd --stdin paradise
ssh paradise@serverc #Keep the root ssh session in another tab
mkdir ~/container_journal 

#Execute below in root tab
ls /var/log
vim /etc/systemd/journal.conf
storage=persistent

systemctl restart systemd_journald.service
ls /var/log/journal
cp /var/log/journal/<press Tab>/*.journal /home/paradise/container_journal/
ls /home/paradise/container_journal

#Execute in paradise user
podman login
podman search rsyslog #Take the rhel7/rsyslog(The 1st one)
podman pull registry.lab.example.com/rhel8/rsyslog #According the image it changes
podman images
podman run -d --name logserver -v /home/paradise/container_journal:/var/log/journal:Z registry.lab.example.com/rhel7/rsyslog #URL may vary according to image
podman ps
mkdir -p ~/.config/systemd/user
cd ~/.config/systemd/user
ls
podman generate systemd --name logserver --new --files
ls
podman stop logserver
podman run logserver
podman ps
systemctl --user daemon-reload
systemctl --user start container-logserver.service
systemctl --user enable container-logserver.service
podman ps

#Execute as root
loginctl show-user paradise #Check if linger=no is set
loginctl enable-linger paradise
loginctl show-user paradise

#Execute as paradise
podman ps