├── Resources ├── RHCSA_7_Prep.pdf ├── RHCSA_7_Advanced.pdf └── vi_vim_cheatshet.pdf ├── 05-Maintain_systems ├── 20-System_bootloader.md ├── 07-Boot_in_specific_target.md ├── 11-Automatic_boot_VM.md ├── 09-Configure_KVM.md ├── 19-Update_kernel.md ├── 16-Managing_repo.md ├── 06-Services.md ├── 17-Local_repo.md ├── 12-Configure_Network_Service.md ├── 15-RPM_repo.md ├── 08-Kickstart.md ├── 01-Networking-troubles.md ├── 03-Hostname-resolution.md ├── 18-GPG_key.md ├── 10-Install_vms.md ├── 14-Yum_repo.md ├── 13-System_timers.md ├── 02-NetworkManager.md └── 04-Schedule_tasks.md ├── 01-Essential_tools ├── 03-patterns.txt ├── 07-create_and_edit_textfiles.md ├── 02-Input-output-redirections.md ├── 01-Shell_prompt.md ├── 05-Log_and_switch_users.md ├── 08-create_delete_copy.md ├── 04-ssh.md ├── 09-create_hard_and_soft_links.md ├── 06-compression.md ├── 11-umask_permissions.md ├── 13-finding_files.md ├── 03-Regular_Expressions.md ├── 12-System-documentation.md └── 10-set_permissions.md ├── 07-Security ├── 04-SELinux_Modes.md ├── 08-Diagnose_SELinux.md ├── 02-SSH_Key_based.md ├── 01-Configure_firewall.md ├── 07-Boolean_settings_SELinux.md ├── 05-SELinux_Files.md ├── 06-Restore_SELinux.md └── 03-SELinux.md ├── 04-Create_and_cofigure_filesystem ├── 04-Set_GID.md ├── 06-Diagnose_file_permissions.md ├── 02-CIFS_NTFS_filesystems.md ├── 03-Extend_LVM.md ├── 05-Access_control_list.md └── 01-Create_mount_filesystems.md ├── 02-Operate_runing_system ├── 07-Process_p4.md ├── 01-Boot_reboot_and_shutdown.md ├── 03-Interrupt_boot_process.md ├── 05-Process_p2.md ├── 02-Boot_systems.md ├── 08-System_logs.md ├── 06-Process_p3.md └── 04-Process_p1.md ├── 06-Manage_users_and_groups ├── 02-User_password.md ├── 03-Groups.md ├── 04-Set_GID.md ├── 05-Authentication_service.md └── 01-Manage_users.md ├── 03-Configure_storage ├── 04-New_partitions.md ├── 03-Mount_filesystems_at_boot.md ├── 01-Create_partitions.md └── 02-LVM.md └── README.md /Resources/RHCSA_7_Prep.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ivanmorenoj/RHCSA-Notes/HEAD/Resources/RHCSA_7_Prep.pdf -------------------------------------------------------------------------------- /Resources/RHCSA_7_Advanced.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ivanmorenoj/RHCSA-Notes/HEAD/Resources/RHCSA_7_Advanced.pdf -------------------------------------------------------------------------------- /Resources/vi_vim_cheatshet.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ivanmorenoj/RHCSA-Notes/HEAD/Resources/vi_vim_cheatshet.pdf -------------------------------------------------------------------------------- /05-Maintain_systems/20-System_bootloader.md: -------------------------------------------------------------------------------- 1 | # Modifying the System Bootloader 2 | 3 | ```sh 4 | # list available kernels 5 | yum list kernel 6 | 7 | # set default kernel 8 | grub2-set-default 1 # 0 is the most recent version 9 | ``` -------------------------------------------------------------------------------- /01-Essential_tools/03-patterns.txt: -------------------------------------------------------------------------------- 1 | hello linux academy 2 | linuxacademy hello world 3 | hello world linuxacademy 4 | 5 | linuxacademy 6 | linuxacademy linuxacademy 7 | #linuxacademy 8 | LinuxAcademy 9 | aaaaaaaaaaa 10 | a{1,} 11 | 123123 12 | lionuxacademy 13 | -------------------------------------------------------------------------------- /05-Maintain_systems/07-Boot_in_specific_target.md: -------------------------------------------------------------------------------- 1 | # Configure Systems to Boot into a Specific Target Automatically 2 | 3 | ```sh 4 | # get default target 5 | systemctl get-default 6 | 7 | # set default target 8 | systemctl set-default graphical.target 9 | ``` 10 | -------------------------------------------------------------------------------- /07-Security/04-SELinux_Modes.md: -------------------------------------------------------------------------------- 1 | # Set Enforcing and Permissive Modes for SELinux 2 | 3 | ```sh 4 | # get the current satate of selinux 5 | getenforce 6 | 7 | # set permissive mode 8 | setenforce 0 9 | 10 | # set enforce mode 11 | setenforce 1 12 | 13 | # see config file 14 | nano /etc/selinux/config 15 | ``` -------------------------------------------------------------------------------- /05-Maintain_systems/11-Automatic_boot_VM.md: -------------------------------------------------------------------------------- 1 | # Configure Systems to Launch Virtual Machines at Boot 2 | 3 | ## From Command line 4 | ```sh 5 | # enable libvirtd 6 | systemctl enable --now libvirtd 7 | 8 | # enter in virsh 9 | virsh 10 | 11 | # list all vm's 12 | list --all 13 | 14 | # configure autostart 15 | autostart vm-name 16 | ``` -------------------------------------------------------------------------------- /07-Security/08-Diagnose_SELinux.md: -------------------------------------------------------------------------------- 1 | # Diagnose and Address Routine SELinux Policy Violations 2 | 3 | ```sh 4 | # install tool to see troubleshoot 5 | yum install setroubleshoot-server 6 | 7 | # turn off homedirs bool 8 | setsebool httpd_enable_homedirs off 9 | 10 | # audit se log file 11 | sealert -a /var/log/audit/audit.log 12 | ``` 13 | -------------------------------------------------------------------------------- /05-Maintain_systems/09-Configure_KVM.md: -------------------------------------------------------------------------------- 1 | # Configure a Physical Machine to Host Virtual Guests 2 | 3 | 4 | ```sh 5 | # install dependencies 6 | yum install virt-manager qemu-kvm qemu-img 7 | yum install libvirt libvirt-python python-virtinst libvirt-client 8 | 9 | # enable libvirt 10 | systemctl enable --now libvirtd 11 | 12 | # manage vm's 13 | virsh 14 | ``` 15 | 16 | -------------------------------------------------------------------------------- /04-Create_and_cofigure_filesystem/04-Set_GID.md: -------------------------------------------------------------------------------- 1 | # Create and Configure Set-GID Directories for Collaboration 2 | 3 | ## set permissions 4 | ```sh 5 | # set g-id to directory 6 | chmod g+s dir 7 | 8 | # add group grp 9 | groupadd grp 10 | 11 | # change group owner 12 | chown :grp dir 13 | 14 | # create a file to see file permissions 15 | touch dir/file 16 | ``` 17 | 18 | 19 | -------------------------------------------------------------------------------- /07-Security/02-SSH_Key_based.md: -------------------------------------------------------------------------------- 1 | # Configure Key-Based Authentication for SSH 2 | 3 | ```sh 4 | # generate ssh keys 5 | ssh-keygen 6 | 7 | # keys are stored in /home/user/.ssh/ 8 | 9 | # copy pub key to remote host 10 | ssh-copy-id -i /path/to/public/key user@remotehost 11 | 12 | # start ssh agent 13 | ssh-agent bash 14 | 15 | # set password for key 16 | ssh-add /path/to/public/key 17 | ``` -------------------------------------------------------------------------------- /05-Maintain_systems/19-Update_kernel.md: -------------------------------------------------------------------------------- 1 | # Update the Kernel Package Appropriately to Ensure a Bootable System 2 | 3 | ```sh 4 | # see kernel version 5 | uname -r 6 | 7 | # list kernel 8 | yum list kernel 9 | 10 | # download kernel 11 | yumdownloader kernel 12 | 13 | # install linux-firmware 14 | yum install linux-firmware 15 | 16 | # install kernel from rpm 17 | rpm -ivh kernel-new-version.rpm 18 | ``` 19 | -------------------------------------------------------------------------------- /05-Maintain_systems/16-Managing_repo.md: -------------------------------------------------------------------------------- 1 | # Managing Repositories 2 | 3 | ```sh 4 | # repo configuration files 5 | /etc/yum.repos.d 6 | 7 | # see enabled repo list 8 | yum repolist 9 | 10 | # see all repolist 11 | yum repolist all 12 | 13 | # add repos 14 | yum-config-manager --add-repo=[URL] 15 | 16 | # disable repo 17 | yum-config-manager --disable [repo_id] 18 | 19 | # enable repo 20 | yum-config-manager --enable [repo_id] 21 | # 22 | ``` 23 | -------------------------------------------------------------------------------- /02-Operate_runing_system/07-Process_p4.md: -------------------------------------------------------------------------------- 1 | # Adjust Process Priority and Kill Processes - Part 4 2 | 3 | ## the top program 4 | top is a utility that display Linux processes 5 | ```sh 6 | # execute top 2 times 7 | top -n 2 8 | 9 | # set update time every 2 seconds 10 | top -d 2 11 | 12 | # inside of top 13 | # increase niceness of process press 'r' key 14 | # kill process with 'k' key 15 | 16 | # load average is calculate divided by number of cores 17 | ``` 18 | 19 | 20 | -------------------------------------------------------------------------------- /05-Maintain_systems/06-Services.md: -------------------------------------------------------------------------------- 1 | # Start and Stop Services and Configure Services to Start Automatically at Boot 2 | 3 | ```sh 4 | # see status 5 | systemctl status httpd 6 | 7 | # start service 8 | systemctl start httpd 9 | 10 | # see if is enable 11 | systemctl is-enable httpd 12 | 13 | # enable service 14 | systemctl enable httpd 15 | 16 | # see if service is dependenci of specific target 17 | systemctl list-dependencies multi-user.target | grep httpd 18 | ``` 19 | 20 | -------------------------------------------------------------------------------- /05-Maintain_systems/17-Local_repo.md: -------------------------------------------------------------------------------- 1 | # Configuring a Local Repository 2 | 3 | ```sh 4 | # mount rhel dvd 5 | mount -o loop rhel-iso.iso /repos/local 6 | 7 | # disable rhel repos 8 | # create a local repo 9 | nano /etc/yum.repos.d/local-repo.repo 10 | 11 | # write this 12 | [local-repo] 13 | name=Red Hat Linux Local Repo 14 | baseurl=file:///repos/local 15 | enabled=1 16 | gpgcheck=0 17 | 18 | # test 19 | yum search emacs 20 | 21 | # install from local repo 22 | yum install emacs 23 | ``` 24 | -------------------------------------------------------------------------------- /01-Essential_tools/07-create_and_edit_textfiles.md: -------------------------------------------------------------------------------- 1 | # Create and edit text files 2 | 3 | ## nano editor 4 | ```sh 5 | # create file 6 | nano file 7 | 8 | # edit file 9 | nano /etc/passwd 10 | ``` 11 | 12 | ## vi and vim 13 | ```sh 14 | # vim is vi improved 15 | 16 | # create file 17 | vi file # by default enter in command mode 18 | 19 | # use hjkl for navigate 20 | # :q! quit unsaved changes 21 | # :wq quit saving changes 22 | # :!ls execute a command and return to editor 23 | 24 | # use vimtutor for more 25 | ``` -------------------------------------------------------------------------------- /04-Create_and_cofigure_filesystem/06-Diagnose_file_permissions.md: -------------------------------------------------------------------------------- 1 | # Diagnose and Correct File Permission Problems 2 | 3 | 1. Check sticky bit if you cannot delete a file 4 | 2. Update ACL on a file or directory MASK 5 | 3. Check group acl 6 | 4. Is a best practice to use X capital in recursively comman 7 | 5. **cp** does NOT preserve ACL rules 8 | 6. **mv** command does preserve ACL rules 9 | 7. set-GID to inheritance group permissions in new file 10 | 8. Default ACL permissions are for inheritance 11 | 12 | 13 | -------------------------------------------------------------------------------- /06-Manage_users_and_groups/02-User_password.md: -------------------------------------------------------------------------------- 1 | # Change Passwords and Adjust Password Aging for Local User Accounts 2 | 3 | ```sh 4 | # password file stored 5 | /etc/shadow 6 | 7 | # user file 8 | /etc/passwd 9 | 10 | # see password expiration 11 | chage -l user 12 | 13 | # set account expire day 14 | chage -E 2020-06-05 15 | 16 | # set password expire in 90 days 17 | chage -M 90 user 18 | 19 | # remove expire day for account 20 | chage -M -1 user 21 | 22 | # set inactivity number of days 23 | chage -I 5 user1 24 | ``` 25 | -------------------------------------------------------------------------------- /05-Maintain_systems/12-Configure_Network_Service.md: -------------------------------------------------------------------------------- 1 | # Configure Network Services to Start Automatically at Boot 2 | 3 | ```sh 4 | # see service 5 | systemctl status network 6 | 7 | # see units for network 8 | systemctl list-units | grep network.target 9 | 10 | # see dependencies for multi-user target 11 | systemctl list-dependencies multi-user.target 12 | 13 | # see network script 14 | cat /etc/sysconfig/network-scripts/ifcfg-eth0 15 | 16 | # set suto connect from NetworkManager 17 | nmcli con mod "eth0" connection.autoconnect yes 18 | ``` 19 | 20 | -------------------------------------------------------------------------------- /05-Maintain_systems/15-RPM_repo.md: -------------------------------------------------------------------------------- 1 | # Install and Update Software Packages from Red Hat Network, RPM REPO 2 | 3 | ```sh 4 | # download rpm package 5 | yumdownloader nano 6 | 7 | # install from rpm 8 | rpm -ivh nano-2.9.8-1.el8.x86_64.rpm 9 | 10 | # list all packages 11 | rpm -qa 12 | 13 | # list specific packages 14 | rpm -qa nano 15 | 16 | # list files of specific package 17 | rpm -ql nano 18 | 19 | # documentation 20 | rpm -qd nano 21 | 22 | # remove package 23 | rpm -e nano 24 | 25 | # use localinstall 26 | yum localinstall nano-2.9.8-1.el8.x86_64.rpm 27 | ``` 28 | 29 | 30 | -------------------------------------------------------------------------------- /02-Operate_runing_system/01-Boot_reboot_and_shutdown.md: -------------------------------------------------------------------------------- 1 | # Boot, Reboot and Shutdown a System 2 | 3 | ## systemd is a software suite that provides an array of system components for Linux operating systems. 4 | 5 | ## Reboot system 6 | ```sh 7 | # reboot with systemd 8 | systemctl reboot 9 | ``` 10 | 11 | ## Shutdown system 12 | ```sh 13 | # use shutdown to reboot in 5 minutes 14 | shutdown -r +5 15 | 16 | # shutdown inmmediately 17 | shutdown now 18 | 19 | # stop all services with systemctl 20 | systemctl halt 21 | 22 | # power off with systemctl 23 | systemctl poweroff 24 | ``` 25 | 26 | 27 | -------------------------------------------------------------------------------- /05-Maintain_systems/08-Kickstart.md: -------------------------------------------------------------------------------- 1 | # Install Red Hat Enterprise Linux Automatically Using Kickstart 2 | 3 | PXE Server contain all information about new installation 4 | ```sh 5 | # anakonta-ks.cfg is the configuration file 6 | 7 | # install GUI configuration 8 | yum install system-config-kickstart 9 | 10 | # launch GUI an modify parameters 11 | system-config-kickstart 12 | 13 | # find documentation for pykickstart 14 | rpm -qd pykickstart 15 | 16 | # open kickstart-docs.txt to see configurations 17 | 18 | # to test kickstart 19 | # put ks.cfg in a pxe server 20 | # install from PXE server in KVM 21 | ``` -------------------------------------------------------------------------------- /06-Manage_users_and_groups/03-Groups.md: -------------------------------------------------------------------------------- 1 | # Create, Delete, and Modify Local Groups and Group Memberships 2 | 3 | ```sh 4 | # goup file 5 | /etc/group 6 | 7 | # get groups of specific user 8 | getent group user 9 | 10 | # create a group 11 | groupadd grpname 12 | 13 | # change primary group 14 | usermd -g grpname user 15 | 16 | # add suplementary group to user 17 | usermod -aG grpname user 18 | 19 | # change group 20 | newgrp grpaname - 21 | 22 | # change group name 23 | groupmod -n newname oldname 24 | 25 | # change group id 26 | groupmod -g 1010 oldname 27 | 28 | # delete group 29 | groupdel grpname 30 | ``` -------------------------------------------------------------------------------- /02-Operate_runing_system/03-Interrupt_boot_process.md: -------------------------------------------------------------------------------- 1 | # Interrupt the Boot Process to Gain Access to a System 2 | 3 | ## rescue root passwd 4 | 5 | 1. reboot machine 6 | 2. interrupt grub process typing any key 7 | 3. press 'e' to edit the kernel that you wanto to init 8 | 4. locate 'linux16' line and add at the end of the line 'rd.break' anpress Ctrl-x 9 | 5. the sysroot is mounted as only read filesystem, remount with rw filesystem 10 | 6. mount -o remount,rw /sysroot 11 | 7. chroot /sysroot 12 | 8. type passwd command and change password 13 | 9. touch /.autorelabel 14 | 10. exit 15 | 16 | 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /06-Manage_users_and_groups/04-Set_GID.md: -------------------------------------------------------------------------------- 1 | # Using set-GID On Directories 2 | 3 | ```sh 4 | # Example of congiguration with GID 5 | 6 | mkdir groups 7 | 8 | cd groups 9 | 10 | mkdir galactica 11 | 12 | groupadd galactica 13 | 14 | chown :galactica galactica 15 | 16 | useradd vipper 17 | passwd vipper 18 | 19 | usermod -aG galactica vipper 20 | 21 | chmod g+w galactica 22 | 23 | # access as vipper user 24 | cd galactica 25 | 26 | touch file 27 | 28 | ls -l 29 | 30 | # as root user 31 | chmod g+s galactica 32 | 33 | # as vipper user 34 | cd galactica 35 | 36 | touch file2 37 | 38 | ls -l 39 | 40 | # see diferent files permissions 41 | ``` -------------------------------------------------------------------------------- /05-Maintain_systems/01-Networking-troubles.md: -------------------------------------------------------------------------------- 1 | # Configure Networking and Hostname Resolution Statically or Dynamically: Troubles 2 | 3 | ## Network commands 4 | ```sh 5 | # show ip address 6 | ip addr show 7 | 8 | # show ip address of specific interface 9 | ip addr show eth0 10 | 11 | # show statics information 12 | ip -s -h link show eth0 13 | 14 | # ping to specific ip address 15 | ping -c5 google.com 16 | 17 | # follow hops to ip adrress 18 | tracepath google.com 19 | traceroute google.com 20 | 21 | # see listening ports and stablish connections 22 | netstat 23 | ss 24 | 25 | # see all tcp sockets 26 | ss -at 27 | 28 | # see open ports 29 | ss -tan 30 | ``` 31 | 32 | -------------------------------------------------------------------------------- /02-Operate_runing_system/05-Process_p2.md: -------------------------------------------------------------------------------- 1 | # Adjust Process Priority and Kill Processes - Part 2 2 | 3 | ## start a process and send to background 4 | ```sh 5 | # & is used to send program to background 6 | (while true: do echo -n "Program" >> ~/output.log; sleep 1; done) & 7 | 8 | # see current subprocess in terminal 9 | jobs 10 | 11 | # send SIGSTOP signal to job 1 12 | kill -SIGSTOP %1 13 | 14 | # send SIGCONT signal to job 1 15 | kill -SIGCONT %1 16 | ``` 17 | 18 | ## ps command examples 19 | ```sh 20 | # list all sshd 21 | ps aux | grep sshd 22 | 23 | # see process with user-defined format 24 | ps axo pid,comm,nice 25 | 26 | # form more examples 27 | man ps 28 | ``` 29 | -------------------------------------------------------------------------------- /05-Maintain_systems/03-Hostname-resolution.md: -------------------------------------------------------------------------------- 1 | # Network/Hostname Resolution Statically or Dynamically: Hostname Configuration 2 | 3 | ## DNS resolution 4 | ```sh 5 | # local host resolution file 6 | /etc/hosts 7 | 8 | # nameserver resolution file 9 | /etc/resolv.conf 10 | 11 | # system resolve file 12 | /etc/nsswitch.conf 13 | 14 | # see current hostname 15 | hostname 16 | 17 | # change hostname via hostnamectl tool 18 | hostnamectl set-hostname mydomain.com 19 | 20 | # status of hostname 21 | hostnamectl status 22 | 23 | # change dns server via NetworkMAnager 24 | nmcli con modify "System eth0" ipv4.dns 8.8.8. 25 | 26 | # get host address 27 | getent hosts google.com 28 | ``` 29 | 30 | -------------------------------------------------------------------------------- /05-Maintain_systems/18-GPG_key.md: -------------------------------------------------------------------------------- 1 | # Configuring a Local Repository: Configure the GPG Key 2 | 3 | ```sh 4 | # add repository rhel 7 5 | yum-config-manager --add-repo http://dl.fedoraproject.org/pub/epel/7/x86_64 6 | 7 | # copy link of GPG key in https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 8 | # go to rpm-gpg 9 | cd /etc/pki/rpm-gpg/ 10 | 11 | # download gpg key 12 | wget https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 13 | 14 | # copy full path of gpg key 15 | # /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 16 | 17 | # go to yum.repos.d and edit fedora yum repo 18 | # add the next lines 19 | gpgcheck=1 20 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 21 | # save and exit 22 | ``` 23 | -------------------------------------------------------------------------------- /02-Operate_runing_system/02-Boot_systems.md: -------------------------------------------------------------------------------- 1 | # Boot Systems into Different Targets Manually 2 | 3 | ## list unit configuration 4 | ```sh 5 | # list availabe unit types 6 | systemctl -t help 7 | 8 | # list units filtering by target 9 | systemctl list-units --type=target 10 | 11 | # see dependencies of target unit file 12 | systemctl list-dependencies multi-user.target 13 | 14 | # get default target 15 | systemctl get-default 16 | 17 | # some common targets are 18 | multi-user.target, graphical.target, emergency.target, recue.target 19 | 20 | # navigate into targets 21 | systemctl isolate multi-user.target 22 | 23 | # set default target 24 | systemctl set-default multi-user.target 25 | ``` 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /05-Maintain_systems/10-Install_vms.md: -------------------------------------------------------------------------------- 1 | # Install Red Hat Enterprise Linux Systems as Virtual Guests 2 | 3 | ## Install operating system with GUI 4 | 1. Select iso image 5 | 2. Select Memory and CPU 6 | 3. Select HDD 7 | 4. Set name 8 | 5. Start, select hard drive, timezone, etc 9 | 6. Set root and user passwords 10 | 7. Wait until finish and reboot 11 | 8. Access as root and bring up networl with NetworkManager 12 | 13 | ```sh 14 | # see connections 15 | nmcli con show 16 | 17 | # bring up 18 | nmcli con up ens3 19 | 20 | # check internet connection 21 | ping google.com 22 | 23 | # check ip address 24 | ip a show ens3 25 | 26 | # auto connect on boot 27 | nmcli con mod "ens3" connection.autoconnect yes 28 | ``` 29 | -------------------------------------------------------------------------------- /03-Configure_storage/04-New_partitions.md: -------------------------------------------------------------------------------- 1 | # Add New Partitions and Logical Volumes and Swap to a System Non-Destructively 2 | 3 | ## Add swap space 4 | ```sh 5 | # se current memory/swap 6 | free -h 7 | 8 | # create lvm partition for swap 9 | pvcreate /dev/sdXX 10 | vgcreate vgName /dev/sdXX 11 | lvcreare -n swap -L 2G vgName 12 | 13 | # create swap signature 14 | mkswap /dev/vgName/swap 15 | 16 | # activate swap 17 | swapon /dev/vgName/swap 18 | 19 | # desactivate swap 20 | swapoff /dev/vgName/swap 21 | 22 | # add swap to /etc/fstab file 23 | /dev/vgName/swap swap swap 0,0 24 | 25 | # mount swap from fstab 26 | swapon -a 27 | 28 | # see swap status 29 | swapon -s 30 | ``` 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /06-Manage_users_and_groups/05-Authentication_service.md: -------------------------------------------------------------------------------- 1 | # Configure a System to Use an Existing Authentication Service for User and Group 2 | 3 | ```sh 4 | # install used packages 5 | yum install -y realmd 6 | 7 | # discover 8 | realm discover ad.linuxacademy.com 9 | 10 | # install required packages 11 | yum install oddjob oddjob-mkhomedir sssd adcli samba-common 12 | 13 | # join to domain 14 | realm join ad.linuxacademy.com 15 | 16 | # check 17 | realm discover ad.linuxacademy.com 18 | 19 | # uncomment an set to yes Kuberos options 20 | nano /etc/ssh/sshd_config 21 | 22 | # restart sshd 23 | systemctl restart sshd 24 | 25 | # login 26 | ssh -l test@ad.linuxacademy.com [ip_address] 27 | 28 | # use GUI 29 | authconfig-gtk 30 | ``` -------------------------------------------------------------------------------- /03-Configure_storage/03-Mount_filesystems_at_boot.md: -------------------------------------------------------------------------------- 1 | # Configure Systems to Mount File Systems at Boot by UUID or Label 2 | 3 | ## create a label on filesystem 4 | 5 | ```sh 6 | # create a label on xfs filesystem 7 | xfs_admin -L labelName /dev/sdXX 8 | 9 | # create a label with tune2fs for ext4 fs 10 | tune2fs -L labelName /dev/sdXX 11 | 12 | # make persistent mount points 13 | # open /etc/fstab 14 | nano /etc/fstab 15 | 16 | # see mount options in fstab and mount man pages 17 | man fstab 18 | man mount 19 | 20 | # to mount, specify UUID=[UUID] LABEL=[LABEL] or device 21 | # example 22 | UUID=[UUID] / ext4 rw,relatime 1 1 23 | LABEL=[LABEL] /mnt/data xfs rw,relatime 0 2 24 | /dev/sdXX /mnt/data1 ext4 defaults 0 2 25 | 26 | # mount all fstab file 27 | mount -a 28 | ``` 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /05-Maintain_systems/14-Yum_repo.md: -------------------------------------------------------------------------------- 1 | # Install and Update Software Packages from Red Hat Network, YUM REPO 2 | 3 | ```sh 4 | # check update 5 | yum check-update 6 | 7 | # update all packages 8 | yum update 9 | 10 | # update specific package 11 | yum update httpd 12 | 13 | # search packages by name 14 | yum search apache 15 | 16 | # search all packages and descriptions 17 | yum search all apache 18 | 19 | # see information 20 | yum info httpd 21 | 22 | # install packages 23 | yum install httpd 24 | 25 | # see installed packages 26 | yum list installed 27 | 28 | # see specific installed package 29 | yum list installed httpd 30 | 31 | # see what package create a file 32 | yum provides /var/www 33 | yum whatprovides /var/www 34 | 35 | # remove a package 36 | yum remove httpd 37 | 38 | # clean cache 39 | yum clean all 40 | ``` -------------------------------------------------------------------------------- /01-Essential_tools/02-Input-output-redirections.md: -------------------------------------------------------------------------------- 1 | # Input/Output Redirection 2 | 3 | ## Redirec standard output [1] (override the file if it exist) 4 | ```sh 5 | cat /etc/issue > somefile.txt 6 | ``` 7 | 8 | ## Append contend 9 | ```sh 10 | cat /etc/issue >> somefile.txt 11 | ``` 12 | 13 | ## Redirect standard error [2] (redirect error to file) 14 | ```sh 15 | bad_command 2> badcommand.txt 16 | ``` 17 | 18 | ## Redirect both stdout and stderr to file 19 | ```sh 20 | command &> badcommand.txt 21 | ``` 22 | 23 | ## Redirect stderr[2] to stdout[1] 24 | ```sh 25 | command 2>&1 | grep "command" 26 | ``` 27 | 28 | ## Pipes (redirect stdout of one command to stdin of another command) 29 | ```sh 30 | ls /etc | grep system 31 | ``` 32 | 33 | ## Append stderr [2] to file 34 | ```sh 35 | ls -fy >> logfile.log 2>&1 36 | ``` 37 | 38 | 39 | -------------------------------------------------------------------------------- /05-Maintain_systems/13-System_timers.md: -------------------------------------------------------------------------------- 1 | # Configure a System to Use Time Services 2 | 3 | ```sh 4 | # information about time 5 | timedatectl 6 | 7 | # disable ntp 8 | timedatectl set-ntp false 9 | 10 | # list timezones 11 | timedatectl list-timezones 12 | 13 | # select timezone 14 | tzselect 15 | 16 | # set timezone 17 | timedatectl set-timezone America/Mexico_city 18 | 19 | # set current time 20 | timedatectl set-time 12:00:00 21 | 22 | # chronyd is a daemon for synchronisation of the system clock 23 | # see status 24 | systemctl status chronyd 25 | 26 | # see chrony sources 27 | chronyc sources -v 28 | 29 | # see more information about time syncronization 30 | chronyc tracking 31 | 32 | # see chrony config file 33 | nano /etc/chrony.conf 34 | 35 | # restart chrony to see changes if you change pool of server 36 | systemctl restart chronyd 37 | ``` 38 | 39 | 40 | -------------------------------------------------------------------------------- /01-Essential_tools/01-Shell_prompt.md: -------------------------------------------------------------------------------- 1 | # Basics commands 2 | 3 | ## man - an interface to the system reference manuals 4 | ```sh 5 | SYNOPSIS 6 | man [man options] [[section] page ...] ... 7 | man -k [apropos options] regexp ... 8 | man -K [man options] [section] term ... 9 | man -f [whatis options] page ... 10 | man -l [man options] file ... 11 | man -w|-W [man options] page ... 12 | ``` 13 | 14 | ## ls - list directory contents 15 | ```sh 16 | SYNOPSIS 17 | ls [OPTION]... [FILE]... 18 | ``` 19 | 20 | ## mv - move (rename) files 21 | ```sh 22 | SYNOPSIS 23 | mv [OPTION]... [-T] SOURCE DEST 24 | mv [OPTION]... SOURCE... DIRECTORY 25 | mv [OPTION]... -t DIRECTORY SOURCE... 26 | ``` 27 | 28 | ## date - print or set the system date and time 29 | ```sh 30 | SYNOPSIS 31 | date [OPTION]... [+FORMAT] 32 | date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]] 33 | ``` 34 | 35 | -------------------------------------------------------------------------------- /04-Create_and_cofigure_filesystem/02-CIFS_NTFS_filesystems.md: -------------------------------------------------------------------------------- 1 | # Mount and Unmount CIFS and NFS Network File Systems 2 | 3 | ## Preparing the sneario 4 | ```sh 5 | # install samba-cliente ntfs cifs 6 | yum -y install samba-client cifs-utils nfs-utils 7 | ``` 8 | 9 | ## Acces to samba share 10 | ```sh 11 | # access to samba server 12 | smbclient -L [IP_ADDRESS_SERVER] 13 | 14 | # mount sambashare 15 | mount -t cifs -o username=username,password=pass //[IP_ADDRESS]/sambashare /mnt/sambashare 16 | 17 | # see active mounts 18 | df -h 19 | 20 | # mount ntfs share 21 | mount -t ntfs [IP_ADDRES]:/sambashare /mnt/ntfsshare 22 | 23 | # make mount persistent 24 | # edit /etc/fstab 25 | # for cifs 26 | //[IP_ADDRESS]/sambashare /mnt/sambashare cifs username=username,password=passs 0 0 27 | # for ntfs 28 | [IP_ADDRESS]:/ntfsshare /mnt/ntfsshare ntfs defaults 0 0 29 | 30 | #test fstab file 31 | mount -a 32 | ``` 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /07-Security/01-Configure_firewall.md: -------------------------------------------------------------------------------- 1 | # Configure Firewall Settings Using Available Firewall Utilities. 2 | 3 | ```sh 4 | # install packages 5 | yum install firewall-config 6 | 7 | # start firewall 8 | systemctl enable --now firewalld 9 | 10 | # get zones 11 | firewall-cmd --get-zones 12 | 13 | # get default zone 14 | firewall-cmd --get-default-zone 15 | 16 | # list all 17 | firewall-cmd --list-all 18 | 19 | # list all for zone 20 | firewall-cmd --zone=home --list-all 21 | 22 | # add ip range to zone 23 | firewall-cmd --zone=home --add-source=192.168.10.0/24 24 | 25 | # make changes permanent 26 | firewall-cmd --zone=home --add-source=192.168.10.0/24 --permanent 27 | 28 | # reload to see changes 29 | firewall-cmd --reload 30 | 31 | # add service 32 | firewall-cmd --zone=public --add-port=80/tcp --permanent 33 | 34 | # GUI based 35 | firewall-config 36 | 37 | # deny all connections 38 | firewall-cmd --panic-on 39 | ``` -------------------------------------------------------------------------------- /01-Essential_tools/05-Log_and_switch_users.md: -------------------------------------------------------------------------------- 1 | # Logs and switch users in multiuser targets 2 | 3 | ## Changing user with **su** 4 | ```sh 5 | # change to user 'user' 6 | su user 7 | ``` 8 | ## bash profile, history, logout, bashrc files 9 | ```sh 10 | # bash profile is a customization scrip for login shell, it execute when you login in a shell 11 | ~/.bash_profile 12 | 13 | # bash logout execute when you logout from bash 14 | ~/.bash_logout 15 | 16 | # bash history contains all command typed in this shell 17 | ~/.bash_history 18 | 19 | # bashrc is loaded any time that we log into a user shell 20 | ~/.bashrc 21 | ``` 22 | 23 | ## change user with login shell 24 | ```sh 25 | # to force to use login shell in root user 26 | su - [user] 27 | su -l [user] 28 | su --login [user] 29 | ``` 30 | 31 | ## Global profile customisation script 32 | ```sh 33 | # global profile, execute for all users 34 | /etc/profile 35 | 36 | # profile daemons 37 | /etc/profile.d/ 38 | 39 | ``` 40 | -------------------------------------------------------------------------------- /06-Manage_users_and_groups/01-Manage_users.md: -------------------------------------------------------------------------------- 1 | # Create, Delete, and Modify Local User Accounts 2 | 3 | ```sh 4 | # see id of specific user 5 | id 6 | 7 | # root user have id=0 8 | # system users id=1-200 9 | # System users that use system processes but don't own files on the system id=201-999 10 | # 11 | 12 | # /etc/passwd have all content about users 13 | 14 | # see groups of user 15 | groups user 16 | 17 | # default options for useradd 18 | /etc/login.defs 19 | /etc/defaults/useradd 20 | 21 | # create a user 22 | useradd user 23 | 24 | # don't create home directory 25 | useradd -M user 26 | 27 | # set password 28 | passwd user 29 | 30 | # modify user account 31 | usermod --help 32 | 33 | # lock user 34 | usermod -L user 35 | 36 | # unlock user 37 | usermod -U user 38 | 39 | # change user id 40 | usermod -u 1010 user 41 | 42 | # add user to group 43 | usermod -G wheel user 44 | 45 | # delete user 46 | userdel user 47 | 48 | # delete user and home directory 49 | userdel -r user 50 | ``` 51 | -------------------------------------------------------------------------------- /01-Essential_tools/08-create_delete_copy.md: -------------------------------------------------------------------------------- 1 | # Create, delete, copy and move files and directories 2 | 3 | ## touch command 4 | ```sh 5 | # create files 6 | touch {file1, file2, file3} 7 | 8 | # also is used to change modification time on file 9 | touch existingfile 10 | ``` 11 | 12 | ## create directories 13 | ```sh 14 | # create a directory 15 | mkdir {dir1,dir2,dir3} 16 | 17 | # create multiple directories in the path 18 | mkdir -p dir1/dir2/dir3 19 | ``` 20 | 21 | ## tree command 22 | ```sh 23 | # see all directories in tree 24 | tree [parent_directory] 25 | ``` 26 | 27 | # delete directory 28 | ```sh 29 | # delete an empty directory 30 | rmdir directory 31 | 32 | # delete an non empty directory 33 | rm -rf directory 34 | ``` 35 | 36 | # mv command 37 | ```sh 38 | # move files or directory 39 | mv file destination 40 | 41 | # rename file or directory 42 | mv file renamedfile 43 | ``` 44 | 45 | # cp command 46 | ```sh 47 | # copy file 48 | cp file destination 49 | 50 | # copy directory 51 | cp -r directory destination 52 | ``` 53 | -------------------------------------------------------------------------------- /01-Essential_tools/04-ssh.md: -------------------------------------------------------------------------------- 1 | # Access remote system using ssh 2 | 3 | ## Usage 4 | ```sh 5 | ssh user@remoteHost 6 | ``` 7 | 8 | ## SSH config file 9 | ```sh 10 | nano /etc/ssh/sshd_config 11 | ``` 12 | 13 | ## SSH service 14 | ```sh 15 | # init, stop, enable, disable and see the status with systemctl 16 | systemctl status,start,stop,enable,disable sshd 17 | 18 | # Logs in reverse mode 19 | journalctl -u sshd -r 20 | ``` 21 | 22 | ## Execute remote command 23 | ```sh 24 | ssh user@remoteHost ls 25 | ``` 26 | 27 | ## Copy files through ssh with scp 28 | ```sh 29 | # copy file from local to remote over ssh 30 | scp file user@remoteHost:~/ 31 | 32 | #copy file from remote to local 33 | scp user@remoteHost:~/file ~/ 34 | ``` 35 | 36 | ## ftp through ssh 37 | ```sh 38 | # init ftp session over ssh, it means that is an encrypted connection 39 | sftp user@remoteHost 40 | 41 | # it works with regular file commands 42 | sftp> ls,cp,mv,mkdir, etc 43 | 44 | # download files 45 | sftp> get file 46 | 47 | # upload files 48 | sftp> put localfile 49 | ``` 50 | -------------------------------------------------------------------------------- /05-Maintain_systems/02-NetworkManager.md: -------------------------------------------------------------------------------- 1 | # Networking and Hostname Resolution Statically or Dynamically: Network Manager 2 | 3 | ## NetwokManager 4 | ```sh 5 | # see devices 6 | ls /sys/class/net 7 | nmcli dev status # network manager 8 | nmtui # text based gui 9 | 10 | # show all connections 11 | nmcli con show 12 | 13 | # show active connections 14 | nmcli con show --active 15 | 16 | # all connections are saved in this directory 17 | /ect/sysconfig/network-scripts 18 | 19 | # add new connection, by default takes dhcp 20 | nmcli con add con-name "mycon" autoconnect yes type ethernet ifname eth1 21 | 22 | # add new connection with static ip address 23 | nmcli con add con-name "mycon-static" autoconnect yes type ethernet ifname eth1 ip4 [ip_address] gw4 [gateway_ip_address] 24 | 25 | # modify network to autoconnect 26 | nmcli con mod "mycon" conne 27 | 28 | # bring down connection 29 | nmcli con down "mycon-static" 30 | 31 | # delete connection 32 | nmcli con del "mycon" 33 | 34 | # bring up connection 35 | nmcli con up "mycon" connection.autoconnect yes 36 | 37 | # see routes 38 | ip route show 39 | ``` 40 | 41 | -------------------------------------------------------------------------------- /01-Essential_tools/09-create_hard_and_soft_links.md: -------------------------------------------------------------------------------- 1 | # Create hard and soft links 2 | 3 | ## Linux have 2 types of links: symbolic and hard 4 | 5 | ## crate link 6 | ```sh 7 | # a symbolic link refers to path, if source path change the symbolic link will be broken 8 | # a symbolik link have rwx permission for everyone, because this is just a symilink linking to another 9 | # so these permission do not matter instead the source permissions on our tarjet file is what the system reads when openinig the link 10 | # create symbolic link 11 | ln -s [source] [tarjet] 12 | 13 | # hard link 14 | # a hard link links into inode directly on the filesystem 15 | # the permissions are the same at the source file 16 | # hard links are linked directly to the inode source on the hard drive 17 | # if the source of target files is removed, the created link still exist 18 | # and the data is available on the inode untill all links to that node 19 | # are no longer available or no longer exist 20 | # All hard links linking to the same file will have the same date time 21 | # as well as permissions 22 | # create hard link 23 | ln [source] [tarjet] 24 | 25 | 26 | ``` -------------------------------------------------------------------------------- /03-Configure_storage/01-Create_partitions.md: -------------------------------------------------------------------------------- 1 | # List, Create and Delete Partitions on MBR and GPT Disks 2 | 3 | ## fdisk command 4 | 5 | ```sh 6 | # see disk partition 7 | fdisk /dev/sdX 8 | 9 | # add new partition with 'n' command 10 | # specify partition number 11 | # specify first sector, usually leave as is 12 | # specify last sector +size{K,M,G} 13 | # change the partition type with 't' 14 | # select partition 15 | # specify code of partition type (list with 'l') 16 | # white changes an exit with 'w' 17 | # press 'd' to delete partition, first you need to chosee a partition 18 | 19 | 20 | # create xfs filesystem 21 | mkfs -t xfs /dev/sdXX 22 | 23 | # see mounted partitions 24 | df -h 25 | 26 | # see available block storage devices tht are attached 27 | blkid 28 | 29 | # mount device 30 | mount /dev/sdXX /mnt/mountpoint 31 | 32 | # mount from uuid 33 | mount -U [uuid] /mnt/mountpoint 34 | 35 | # umount device 36 | umount /mnt/mountpoint 37 | 38 | # run partprobe to reload partition information 39 | partprobe 40 | ``` 41 | 42 | ## gdisk 43 | Is pretty much the same as fdisk 44 | 45 | ## GPT allow to create up to 128 primary partition 46 | -------------------------------------------------------------------------------- /01-Essential_tools/06-compression.md: -------------------------------------------------------------------------------- 1 | # Archive, Compress, Unpack and Uncompress files using tar, star, gzip and bzip2 2 | 3 | ## tar itself is not compressing, it create archive 4 | ```sh 5 | # create an archive 6 | tar -cvf archive.tar [FILE]... 7 | 8 | # see files inside an archive.tar 9 | tar -tf archive.tar 10 | 11 | # once is in tar format it can be compressed 12 | gzip archive.tar # output archive.tar.gz 13 | 14 | # compress and archive in one command 15 | tar -cvfz archive.tar.gz [FILE]... 16 | 17 | # uncompress archive step by step 18 | gzip -d archive.tar.gz 19 | tar -xvf archive.tar 20 | 21 | # uncompress in one command 22 | tar -xvfz archive.tar.gz 23 | 24 | # see the difference between files in tar and current directory 25 | tar -dvf archive.tar.gz 26 | 27 | # gzip command 28 | gzip -l file # see the compression ratio 29 | gzip -d file # uncompress 30 | ``` 31 | 32 | ## start utility 33 | ```sh 34 | # create archive 35 | star -c -f=archive.tar [FILE]... 36 | 37 | # extract archive, it doesn't override alredy existing files 38 | star -x -f=archive.tar 39 | 40 | # extract one file of archive 41 | star -x -f=archive.tar onefile 42 | ``` 43 | 44 | -------------------------------------------------------------------------------- /07-Security/07-Boolean_settings_SELinux.md: -------------------------------------------------------------------------------- 1 | # Use Boolean Settings to Modify System SELinux Settings 2 | 3 | ```sh 4 | # get all boolean settings 5 | getsebool -a 6 | semanage boolean -l 7 | 8 | # install httpd 9 | yum install httpd -y 10 | 11 | # change to public html 12 | sed -i 's/disabled/public_html/' /etc/httpd/conf.d/userdir.conf 13 | 14 | # restart httpd service 15 | systemctl restart httpd 16 | 17 | cd /home 18 | 19 | chmod 711 user 20 | 21 | cd user 22 | 23 | mkdir public_html 24 | 25 | echo "Test Page" > public_html/index.html 26 | 27 | chown user:user -R public_html 28 | chmod 755 -R public_html 29 | 30 | # check page 31 | curl -k localhost/~user 32 | 33 | # set selinux to permissive 34 | setenforce 0 35 | 36 | # set selinux to enforce 37 | setenforce 1 38 | 39 | # see selinux boolean 40 | semanage boolean -l | grep httpd_enable_homedirs 41 | # output: 42 | # httpd_enable_homedirs (off , off) Allow httpd to enable homedirs 43 | 44 | # set on to homedirs 45 | setsebool httpd_enable_homedirs on 46 | 47 | # check page 48 | curl -k localhost/~user 49 | 50 | # set boolean persistent 51 | setsebool -P httpd_enable_homedirs on 52 | ``` -------------------------------------------------------------------------------- /04-Create_and_cofigure_filesystem/03-Extend_LVM.md: -------------------------------------------------------------------------------- 1 | # Extend Existing Logical Volumes 2 | 3 | ## Create lvm volume 4 | ```sh 5 | # partitioning disk an change type to LVM 8e 6 | fdisk /dev/sdX 7 | 8 | # create a physical volume 9 | pvcreate /dev/sdX1 10 | 11 | # create a volume group 12 | vgcreate vgName /dev/sdX1 13 | 14 | # create logical volume 15 | lvcreate -n lvName -L 1G vgName 16 | 17 | # create filesystem 18 | mkfs -t xfs /dev/vgName/lvName 19 | 20 | # mount logical volume 21 | mount /dev/vgName/lvName /mnt/lvolume 22 | 23 | # create lvm volume in GPT device 24 | gdisk /dev/sdY 25 | 26 | # add new partition to existing volume group 27 | # first create a physical volume 28 | pvcreate /dev/sdY1 29 | 30 | # extend vgName to new disk 31 | vgextend vgName /dev/sdY1 32 | 33 | # copy one physical volume to another 34 | pvmove /dev/sdX1 /dev/sdY1 35 | 36 | # remove one physical device 37 | vgreduce vgName /dev/sdX1 38 | 39 | # extend logical volume 40 | lvextend -L +4G /dev/vgName/lvName 41 | lvextend -l +50%FREE /dev/vgName/lvName 42 | 43 | # resize filesystem 44 | xfs_growfs /mnt/lvolume 45 | ``` 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /07-Security/05-SELinux_Files.md: -------------------------------------------------------------------------------- 1 | # List and Identify SELinux Files and Process Contexts 2 | 3 | ```sh 4 | # see context 5 | ls -Z 6 | # output 7 | # system_u:object_r:admin_home_t:s0 file 8 | # ^User ^Role ^Type 9 | 10 | # install httpd server to see the context 11 | yum install httpd 12 | 13 | # start httpd 14 | systemctl start httpd 15 | 16 | # see the context of /var 17 | ls -lZ /var 18 | 19 | # list all of the available contexts on our system and files they're associated with 20 | semanage fcontext -l 21 | 22 | # Example of SELinux works 23 | cd /home/user 24 | echo "Test Page" > index.html 25 | 26 | mv index.html /var/www/html 27 | 28 | # reload pagen in index to check 29 | curl -k localhost/index.html 30 | 31 | # see file context 32 | ls -lZ /var/www/html 33 | 34 | cd /var/www/index.html 35 | 36 | # grant all global privilleges 37 | chmod 777 index.html 38 | 39 | # reload the page 40 | curl -k localhost/index.html 41 | 42 | # see proccess with context 43 | ps auxZ | grep httpd 44 | 45 | # retore context 46 | restorecon index.html 47 | 48 | # reload the page 49 | curl -k localhost/index.html 50 | 51 | # reelabel all on reboot 52 | touch /.autorelabel 53 | ``` -------------------------------------------------------------------------------- /01-Essential_tools/11-umask_permissions.md: -------------------------------------------------------------------------------- 1 | # List, set and change standard UGO/RWX Permissions: unmask 2 | 3 | On Linux and other Unix-like operating systems, new files are created with a default set of permissions. Specifically, a new file's permissions may be restricted in a specific way by applying a permissions "mask" called the umask. The umask command is used to set this mask, or to show you its current value. 4 | |umask digit|default file|default directory| 5 | |:---------:|:----------:|:---------------:| 6 | | 0 | rw | rwx | 7 | | 1 | rw | rw | 8 | | 2 | r | rx | 9 | | 3 | r | r | 10 | | 4 | w | wx | 11 | | 5 | w | w | 12 | | 6 | x | x | 13 | | 7 | nd | nd | 14 | 15 | ## umask command 16 | ```sh 17 | # return the current umask 18 | umask 19 | 20 | # return the current mask in representation mode 21 | umask -S 22 | 23 | # set all permissions 24 | umask 000 25 | 26 | # set u=rwx permissions 27 | umask 077 28 | 29 | # set u=rwx, g=rx and o=x 30 | umask 026 31 | ``` -------------------------------------------------------------------------------- /04-Create_and_cofigure_filesystem/05-Access_control_list.md: -------------------------------------------------------------------------------- 1 | # Create and Manage Access Control Lists (ACLs) 2 | 3 | ## xfs ext4 support natively ACLs 4 | 5 | ```sh 6 | # get ACL from file 7 | getfacl file 8 | 9 | # set access control list on specific directory 10 | setfacl -m u:username:rw file 11 | # setfacl uses the user id, so if this id change you need to change again the ACL 12 | 13 | # set acl permission for only read 14 | setfacl -m m::r file 15 | 16 | # mask all permissions 17 | setfacl -m m::- file 18 | 19 | # acl for group 20 | setfacl -m g:grpname:rw file 21 | 22 | # set default ACL for specific user 23 | sefacl -d -m u:username:rw directory 24 | 25 | # set acl for directory 26 | setfacl -m:username:rw directory 27 | 28 | # remove default permissions 29 | setfacl --remove-default directory 30 | 31 | # remove user permissions 32 | setfacl -x u:username directory 33 | 34 | # remove user on default dir 35 | setfacl -x d:u:username directory 36 | 37 | # set multiple permissions 38 | setfacl -m g:grpname:rwX,u:username:rw directory 39 | 40 | # set acl recursively 41 | setfacl -R -m g:grpname:rwX,u:username:rw directory 42 | 43 | # copy acl from file 44 | getfacl file1 | setfacl --set-file=- file2 45 | ``` 46 | 47 | -------------------------------------------------------------------------------- /01-Essential_tools/13-finding_files.md: -------------------------------------------------------------------------------- 1 | # Finding Files with Locate and Find 2 | 3 | ## locate command 4 | locate - find files by name 5 | ```sh 6 | # find passwd with locate, command and other types of files 7 | locate passwd 8 | ``` 9 | 10 | ## find command 11 | 'find' searches the directory tree rooted at each file name FILE by 12 | evaluating the EXPRESSION on each file it finds in the tree. 13 | ```sh 14 | # examples 15 | 16 | # find file by name 17 | find /path -name namesearch 18 | 19 | # find by user owner 20 | find /path -user root 21 | 22 | # find in currecnt directory 23 | find . -name user 24 | 25 | # find in root directory 26 | find / -name passwd 27 | 28 | # find all files that have been modified within the last three days 29 | find / -mtime -3 30 | 31 | # see stat of file 32 | stat /path/to/file 33 | 34 | # find files own by specific user 35 | # get uid 36 | id username 37 | # find files by uid 38 | find / -uid [uid] 39 | 40 | # find only files that own by specific user 41 | find / -user username -type f 42 | 43 | # find only files that own by specific user and execuute one command 44 | find / -user username -type f -exec cat {} \; 45 | # ^return path of file 46 | ``` 47 | 48 | 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /02-Operate_runing_system/08-System_logs.md: -------------------------------------------------------------------------------- 1 | # Locate and Interpret System Log Files and Journals 2 | 3 | ## log directory 4 | 5 | ```sh 6 | /var/log 7 | 8 | # you can use diferents tools to see logs 9 | cat /var/log/messages 10 | 11 | tail /var/log/messages 12 | 13 | less /var/log/messages 14 | 15 | head /var/log/messages 16 | ``` 17 | 18 | ## journald for systemd based systems 19 | ```sh 20 | # man pages of journald 21 | man systemd-journald 22 | 23 | # journald tool 24 | journlactl 25 | 26 | # journald by default is volatile 27 | # make persistent un comment 28 | # Storage=auto 29 | nano /etc/systemd/journald.conf 30 | 31 | # see the last 10 lines of journalctl 32 | journalctl -n 33 | 34 | # see the last logs and follow 35 | journalctl -f 36 | 37 | # see aditional information 38 | journalctl -nx 39 | 40 | # see short status os specific service 41 | systemctl status sshd 42 | 43 | # see journalctl messages by priority 44 | journalctl -p info 45 | 46 | # see journalctl since specific time 47 | journalctl --since yesterday 48 | 49 | # filter logs messages by systemd unit 50 | journalctl _SYSTEMD_UNIT=sshd.service 51 | journalctl -u sshd.service 52 | 53 | # see information abaout boot process 54 | systemd-analyze 55 | 56 | # audir system boot 57 | systemd-analyze blame 58 | ``` 59 | 60 | -------------------------------------------------------------------------------- /01-Essential_tools/03-Regular_Expressions.md: -------------------------------------------------------------------------------- 1 | # Regular Expressions 2 | 3 | ## The grep command -> grep, egrep, fgrep - print lines that match patterns 4 | ```sh 5 | SYNOPSIS 6 | grep [OPTION...] PATTERNS [FILE...] 7 | grep [OPTION...] -e PATTERNS ... [FILE...] 8 | grep [OPTION...] -f PATTERN_FILE ... [FILE...] 9 | 10 | OPTIONS 11 | -E, --extended-regexp PATTERNS are extended regular expressions 12 | -i, --ignore-case ignore case distinctions in patterns and data 13 | -v, --invert-match select non-matching lines 14 | ``` 15 | ### See all lines start by '#' with ^ in front of pattern 16 | ```sh 17 | grep '^#' /etc/ssh/sshd_config 18 | ``` 19 | ### See all lines that not start by '#' with ^ in front of pattern 20 | ```sh 21 | grep -v '^#' /etc/ssh/sshd_config 22 | ``` 23 | ### Find a pattern 'memery' in dmesg command 24 | ```sh 25 | dmesg | grep 'memory' 26 | ``` 27 | 28 | ### Find lines that ends with 'world' using $ 29 | ```sh 30 | grep 'world$' 03-patterns.txt 31 | ``` 32 | ### Find all 'linuxacademy' without case sensitive 33 | ```sh 34 | grep -i 'linuxacademy' 03-patterns.txt 35 | ``` 36 | ### Find all '[Ll]inuxacademy' pattern L or l 37 | ```sh 38 | grep [Ll]linuxacademy 03-patterns.txt 39 | ``` 40 | ## Extended regular expressions 41 | ```sh 42 | grep -E '(a)+' 03-patterns.txt 43 | grep 'l...x' 03-patterns.txt 44 | 45 | grep 'login$' /etc/passwd 46 | ``` 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /02-Operate_runing_system/06-Process_p3.md: -------------------------------------------------------------------------------- 1 | # Adjust Process Priority and Kill Processes - Part 3 2 | 3 | ## nice and niceness 4 | Nice and nice level dows it allows us to define a priority for specific process 5 | 6 | nice is a program found on Unix and Unix-like operating systems such as Linux. It directly maps to a kernel call of the same name. nice is used to invoke a utility or shell script with a particular CPU priority, thus giving the process more or less CPU time than other processes. ***A niceness of -20 is the highest priority and 19 is the lowest priority***. The default niceness for processes is inherited from its parent process and is usually 0 7 | 8 | ## Examples 9 | ```sh 10 | # list process pid, command and niceness 11 | ps axo pid,comm,nice | grep sshd 12 | 13 | # start a command with niceness of 0 14 | nice -n 0 sshd 15 | 16 | # modify niceness of specific process 17 | renice -n 10 [PID] 18 | 19 | # renice process and his childs 20 | renice -n 10 $(pgrep sshd) 21 | ``` 22 | 23 | ## Niceness demostration 24 | ```sh 25 | # create a 1Gb file 26 | dd if=/dev/zero of=file bs=1M count=1024 27 | 28 | # compress nith niceness of 19 29 | nice -n 19 tar -cvf test.tar file 30 | # output: 31 | # 0.09s user 2.31s system 47% cpu 5.065 total 32 | 33 | # compress nith niceness of -20 34 | nice -n -20 tar -cvf test.tar file 35 | # Output: 36 | # 0.12s user 2.28s system 49% cpu 4.879 total 37 | ``` 38 | ## Note 39 | Only privileged users have the ability to give they process more favor 40 | 41 | 42 | -------------------------------------------------------------------------------- /07-Security/06-Restore_SELinux.md: -------------------------------------------------------------------------------- 1 | # Restore Default File Contexts 2 | 3 | ```sh 4 | # example using httpd 5 | # modify root directory to /content 6 | nano /etc/httpd/conf/httpd.conf 7 | 8 | # create ditectory 9 | mkdir /content 10 | 11 | # restart service 12 | systemctl restart httpd 13 | 14 | # set apache user an group 15 | chown apache:apache -R /content 16 | 17 | # create a basic page 18 | echo "Test Page" > /content/index.html 19 | 20 | # see selinux content 21 | cd /content 22 | ls -lZ 23 | 24 | # test the page 25 | curl -k localhost/index.html 26 | 27 | # change selinux to permissive 28 | setenforce 0 29 | 30 | # test the page 31 | curl -k localhost/index.html 32 | 33 | # change selinux to enforce 34 | setenforce 1 35 | 36 | # get the rigth context for httpd 37 | semanage fcontext -l | grep /var/www 38 | # find /var/www(/.*)? and see the context 39 | # Context: system_u:object_r:httpd_sys_content_t:s0 40 | 41 | # set the right context to /content 42 | semanage fcontext -a -t httpd_sys_content_t '/content(/.*?)' 43 | 44 | # see context 45 | ls -lZ 46 | 47 | # restore context 48 | restorecon -Rv /content 49 | 50 | # see context 51 | ls -lZ 52 | 53 | # test the page 54 | curl -k localhost/index.html 55 | 56 | # remove one context 57 | # first list 58 | semanage fcontext -l | grep /content 59 | # output: 60 | # /content(/.*?) all files system_u:object_r:httpd_sys_content_t:s0 61 | 62 | # remove context 63 | semanage fcontext -d '/content(/.*?)' 64 | 65 | # search for context in /content 66 | semanage fcontext -l | grep /content 67 | 68 | # restore context 69 | restorecon -Rv /content 70 | 71 | # test the page 72 | curl -k localhost/index.html 73 | ``` -------------------------------------------------------------------------------- /05-Maintain_systems/04-Schedule_tasks.md: -------------------------------------------------------------------------------- 1 | # Schedule Tasks Using at and cron 2 | 3 | ## at utility 4 | ```sh 5 | # install at 6 | yum install at 7 | systemctl enable --now atd 8 | 9 | # shedule with at in 5 minutes 10 | at now +5 min 11 | 12 | # shedule with at in 5 hours 13 | at now +5 hours 14 | 15 | # shedule with at in 5 days 16 | at now +5 days 17 | 18 | # schedule regurarly 19 | at 12:00am 20 | # press enter and write a command and finally press Ctrl-d 21 | 22 | # see at jobs 23 | atq 24 | 25 | # remove a job 26 | atrm 1 # press job number 27 | 28 | # at uses a file 'at.deny' or 'at.allow' to manage who can uses at to schedule commands 29 | ``` 30 | 31 | ## cron utility 32 | ```sh 33 | # cron file 34 | nano /etc/crontab 35 | 36 | # For details see man 4 crontabs 37 | # Example of job definition: 38 | # .---------------- minute (0 - 59) 39 | # | .------------- hour (0 - 23) 40 | # | | .---------- day of month (1 - 31) 41 | # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... 42 | # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat 43 | # | | | | | 44 | # * * * * * user-name command to be executed 45 | 46 | # cron.d for custom scripts in different time 47 | # cron.hourly execute every hour as the same as cron.daily, cron.monthly, cron.weekly 48 | # cron is for regular users 49 | 50 | # anacron is for only privileged users 51 | # anacron is a utility that allows us to run a command after a given number 52 | # of days if it has not run 53 | # anacron file 54 | nano /etc/anacrontab 55 | 56 | # struct of anacrontab file 57 | # period in days delay in minutes job-identifier command 58 | 59 | # force to run all jobs ingnoring the delay 60 | anacron -n 61 | ``` 62 | 63 | 64 | -------------------------------------------------------------------------------- /02-Operate_runing_system/04-Process_p1.md: -------------------------------------------------------------------------------- 1 | # Adjust Process Priority and Kill Processes - Part 1 2 | 3 | ## ps command 4 | The ps command is used to find an list process runing in the system 5 | 6 | ```sh 7 | # basic ps usage 8 | ps 9 | 10 | # grep specific process 11 | ps | grep ssh 12 | 13 | # pgres is similar to ps | grep 14 | pgrep ssh 15 | 16 | # list process name 17 | pgrep ssh -l 18 | 19 | # list the process own bay specific user 20 | pgrep -u user -l chrome 21 | 22 | # process that not own by specific user 23 | pgrep -v -u user -l 24 | ``` 25 | 26 | ## pkill command 27 | pkill - look up or signal processes based on name and other attributes 28 | ```sh 29 | pkill vim 30 | ``` 31 | 32 | ## signals 33 | ```sh 34 | # The basic syntax is as follows: 35 | kill PID 36 | kill -s signalName PID 37 | kill -signalName PID 38 | kill -signalNumber PID 39 | # list all signals 40 | kill -l 41 | 42 | # kill pts od ssh session 43 | pkill -t pts/1 44 | pkill -u user sshd 45 | ``` 46 | ## Some basic signals 47 | 48 | |Number|Name (short name)|Description|Used for | 49 | |:----:|:---------------:|:---------:|:----------------------| 50 | |0 |SIGNULL (NULL) |Null |Check access to pid | 51 | |1 |SIGHUP (HUP) |Hangup |Terminate; can be trapped| 52 | |2 |SIGINT (INT) |Interrupt |Terminate; can be trapped| 53 | |3 |SIGQUIT (QUIT) |Quit |Terminate with core dump; can be trapped| 54 | |9 |SIGKILL (KILL) |Kill |Forced termination; cannot be trapped| 55 | |15 |SIGTERM (TERM) |Terminate |Terminate; can be trapped| 56 | |24 |SIGSTOP (STOP) |Stop |Pause the process; cannot be trapped. This is default if signal not provided to kill command.| 57 | |25 |SIGTSTP (STP) |Terminal |Stop/pause the process; can be trapped| 58 | |26 |SIGCONT (CONT) |Continue |Run a stopped process| 59 | 60 | -------------------------------------------------------------------------------- /04-Create_and_cofigure_filesystem/01-Create_mount_filesystems.md: -------------------------------------------------------------------------------- 1 | # Create, Mount, Unmount and Use VFAT, EXT4 and XFS File Systems 2 | 3 | ## Create a partition 4 | ```sh 5 | # partitioning disk an create a primary partition 6 | fdisk /dev/sdX 7 | 8 | # format to vfat 9 | mkfs.vfat /dev/sdXX 10 | 11 | # mount filesystem 12 | mount /dev/sdXX /mnt/vfat 13 | 14 | # see active mount points 15 | df -h 16 | 17 | # edit fstab to make change persistent 18 | nano /etc/fstab 19 | # example of mount for vfat filesystem 20 | /dev/sdXX /mnt/vfat vfat defaults 1 2 21 | 22 | # force create filesystem 23 | mkfs.xfs -f /dev/sdXX 24 | ``` 25 | 26 | ## Repartitioning the same disk 27 | ```sh 28 | # first umount 29 | umount /mnt/vfat 30 | 31 | # delete partition 32 | fdisk /dev/sdX 33 | # press 'd' to delete 34 | # press 'n' to create a new partition an leave defaults 35 | 36 | # format to ext4 37 | mkfs.ext4 /dev/sdXX 38 | 39 | # mount filesystem 40 | mount /dev/sdXX /mnt/ext4 41 | 42 | # edit fstab to make change persistent 43 | nano /etc/fstab 44 | # example of mount for vfat filesystem 45 | /dev/sdXX /mnt/ext4 ext4 defaults 1 2 46 | ``` 47 | 48 | ## Check filesystem and repair any issue 49 | ```sh 50 | # for vfat and ext filesystems exixts fsck command 51 | 52 | # check vfat filesystem 53 | fsck.vfat /dev/sdXX 54 | 55 | # check ext4 filesystem 56 | # first you need to umount 57 | umount /mnt/ext4 58 | 59 | # for ext filesystems you don't need to specify the filesystem in fsck command 60 | fsck /dev/sdXX 61 | ``` 62 | 63 | ## See details about filesystem 64 | ```sh 65 | # see information about filesystem 66 | dumpe2fs /dev/sdXX 67 | 68 | # see uuid 69 | blkid 70 | 71 | # set label 72 | tune2fs -L label_name /dev/sdXX 73 | ``` 74 | 75 | ## xfs troubleshooting 76 | ```sh 77 | # see info about xfs filesystem 78 | xfs_info /dev/sdXX 79 | 80 | # set label 81 | xfs_admin -L label_name /dev/sdXX 82 | 83 | # repair xfs filesystem 84 | xfs_repair /de/sdXX 85 | ``` 86 | 87 | -------------------------------------------------------------------------------- /01-Essential_tools/12-System-documentation.md: -------------------------------------------------------------------------------- 1 | # Locate, Read and Use System Documentation with man, info and /usr/share/doc 2 | 3 | ## man pages 4 | man pages have multiples sections 5 | 1. Executable programs or shell commands 6 | 2. System calls (functions provided by the kernel) 7 | 3. Library calls (functions within program libraries) 8 | 4. Special files (usually found in /dev) 9 | 5. File formats and conventions, e.g. /etc/passwd 10 | 6. Games 11 | 7. Miscellaneous (including macro packages and conventions, e.g. man(7), groff(7) 12 | 8. System administration commands (usually only for root) 13 | 9. Kernel routines [Non standard] 14 | 15 | ## apropos command 16 | apropos command is used to search the manual page names and descriptions 17 | 18 | ```sh 19 | # search manual pages of passwd command 20 | apropos passwd 21 | 22 | # if retuns nothing, you need to index man pages with 23 | mandb 24 | 25 | # consult man page in section 5 of passwd 26 | man 5 passwd 27 | ``` 28 | 29 | ## info command 30 | info is gnu information utility 31 | ```sh 32 | # get information of info 33 | info info 34 | 35 | # info pages are locate in 36 | /usr/share/info 37 | 38 | # how to navigate 39 | press 'H' to get info tips 40 | 41 | # apropos in info 42 | info --apropos=tee 43 | ``` 44 | 45 | ## If a programm doesn't have man or info pages, use --help or -h 46 | 47 | ## Also you can browse documentation in /usr/share/doc/ 48 | 49 | ## locate command 50 | locate is used to search documentation, executables, etc 51 | ```sh 52 | # search for passwd 53 | locate passwd 54 | 55 | # update locate db 56 | updatedb 57 | ``` 58 | ## which command 59 | The 'which' program shows the full path of (shell) commands 60 | ```sh 61 | # search for passwd executable 62 | wich passwd 63 | ``` 64 | 65 | ## whatis command 66 | whatis command is used to locate the binary, source, and manual page files for a command 67 | ```sh 68 | # search for passwd 69 | whatis passwd 70 | ``` 71 | 72 | # whereis command 73 | whereis - locate the binary, source, and manual page files for a command 74 | ```sh 75 | # search for passwd 76 | whereis passwd 77 | ``` 78 | 79 | 80 | 81 | -------------------------------------------------------------------------------- /07-Security/03-SELinux.md: -------------------------------------------------------------------------------- 1 | # Introduction to SELinux 2 | 3 | [What is SELinux?](https://www.redhat.com/en/topics/linux/what-is-selinux) 4 | 5 | SELinux defines access controls for the applications, processes, and files on a system. It uses security policies, which are a set of rules that tell SELinux what can or can’t be accessed, to enforce the access allowed by a policy. 6 | 7 | When an application or process, known as a subject, makes a request to access an object, like a file, SELinux checks with an access vector cache (AVC), where permissions are cached for subjects and objects. 8 | 9 | If SELinux is unable to make a decision about access based on the cached permissions, it sends the request to the security server. The security server checks for the security context of the app or process and the file. Security context is applied from the SELinux policy database. Permission is then granted or denied. 10 | 11 | If permission is denied, an "avc: denied" message will be available in /var/log.messages. 12 | 13 | ## Introduction 14 | - If a service such as HTTPD is compromised then the attacker could potentially have access to all open permission files on your system. Essentially, SELinux defines at set of rules that determine what process can access specific files and location on a file system. 15 | - A context is assigned to every process, directory, and port wich is used to determine if a process can access that specific resource. 16 | - In this cou section will focus on the 'type' context. 17 | - SELinux has three modes 18 | - Enabled 19 | - Passive 20 | - Disabled 21 | - Disables mus be configures in /etc/selinux/config and reboot must occur in order to enter into disabled mode. This is not suggested. 22 | - Boolean: is conditional rule that allows runtime modification of the security policy without having to load a new policy. For example, to allow cgi scripts to be executed then you can anebale the **httpd_enable_cgi** boolean. The opposite is true if the administrator wants to just disable all cgi scripts on a system. 23 | - Man pages: 24 | - Booleans(8) 25 | - Selinux(8) 26 | - Getsebool(8) 27 | -------------------------------------------------------------------------------- /01-Essential_tools/10-set_permissions.md: -------------------------------------------------------------------------------- 1 | # List, set and change standard UGO/RWX Permissions 2 | 3 | file owner 4 | - u - user 5 | - g - group 6 | - o - other 7 | - a - all 8 | 9 | permissions 10 | - r - read -> 4 11 | - w - write -> 2 12 | - x - execute -> 1 13 | 14 | ## see the file permission 15 | ```sh 16 | ls -l 17 | 18 | # output 19 | drwxr-xr-x 2 ivan ivan 4.0K Mar 24 22:05 20 | ^ u g o 21 | d means directory, l symilink 22 | ^ hardlink 23 | ^user ^ username owner 24 | ^group ^ groupname owner 25 | ^other ^ file size 26 | ^ modification time 27 | 28 | ``` 29 | ## change user permissions 30 | ```sh 31 | # change user permission, add excecute to user 32 | chmod u+x file 33 | 34 | # change permissions recursively 35 | chmod g+w -R directory 36 | 37 | # set execute permissions only for directory with X (capital) 38 | chmod ug+X -R directory 39 | 40 | # set read permission for all (user,group and other) 41 | chmod a+r file 42 | 43 | # octo permissions 44 | # 4 -> read 45 | # 2 -> write 46 | # 1 -> execute 47 | # 48 | # example rwx = 7 (4+2+1) 49 | # Octo permission: 755 50 | # ^user 51 | # ^group 52 | # ^other 53 | 54 | # examples 55 | # set user read and write, group read 56 | chmod 640 file # equals chmod u+rw,g+r file 57 | ``` 58 | 59 | ## add a group 60 | ```sh 61 | # command to add a group 62 | groupadd [groupname] 63 | ``` 64 | 65 | ## change owner of file or directory 66 | ```sh 67 | chown [OWNER][:[GROUP]] FILE... 68 | ``` 69 | 70 | ## add user to group 71 | ```sh 72 | usermod -aG grouptoadd user 73 | ``` 74 | 75 | ## set primary group for current user 76 | ```sh 77 | newgrp group 78 | ``` 79 | 80 | ## setuid and setgid 81 | ```sh 82 | # uid represent by 's' 83 | # uid means that the file will be execute as perrmissions who owns the file 84 | # it has one more bit 85 | # 4 for user and 2 for group, 6 for both 86 | # example 87 | # set uid to file for user 88 | chmod 4500 file # equals chmod u+rxs file 89 | 90 | # sticky bit prevents a user from deleting a file on directories 91 | # if the sticky bit is set it will prevent unauthorized users removing 92 | # or renaming a directory and a file in the directory unless they own the file 93 | # octo notation 94 | # 1 -> sticky bit 95 | # example 96 | # set the sticky bit on file 97 | chmod +t file 98 | 99 | # example: set read, write and execute for user, group and other, set sticky bit 100 | # and set uid to user and group: 101 | # 1st byte = 1 (sticky bit) + 4 (user uid) + 2 (group uid) = 7 102 | # 2nd byte = 4 (read) + 2 (write) + 1 (execute) = 7 103 | # 3th byte = 4 (read) + 2 (write) + 1 (execute) = 7 104 | # 4th byte = 4 (read) + 2 (write) + 1 (execute) = 7 105 | # final octal notation = 7777 106 | # set permissions 107 | chmod 7777 file # equals to chmod a+rwx,u+s,g+s,+t file 108 | ``` -------------------------------------------------------------------------------- /03-Configure_storage/02-LVM.md: -------------------------------------------------------------------------------- 1 | # Using LVM 2 | 3 | LVM is a logical volume manager for the Linux kernel; it manages disk drives and similar mass-storage devices. 4 | 5 | ## LVM building blocks 6 | Logical Volume Management utilizes the kernel's device-mapper feature to provide a system of partitions independent of underlying disk layout. With LVM you abstract your storage and have "virtual partitions", making extending/shrinking easier (subject to potential filesystem limitations). 7 | 8 | Virtual partitions allow addition and removal without worry of whether you have enough contiguous space on a particular disk, getting caught up fdisking a disk in use (and wondering whether the kernel is using the old or new partition table), or, having to move other partitions out of the way. 9 | 10 | Basic building blocks of LVM: 11 | 12 | ## Physical volume (PV) 13 | Unix block device node, usable for storage by LVM. Examples: a hard disk, an MBR or GPT partition, a loopback file, a device mapper device (e.g. dm-crypt). It hosts an LVM header. 14 | ## Volume group (VG) 15 | Group of PVs that serves as a container for LVs. PEs are allocated from a VG for a LV. 16 | ## Logical volume (LV) 17 | "Virtual/logical partition" that resides in a VG and is composed of PEs. LVs are Unix block devices analogous to physical partitions, e.g. they can be directly formatted with a file system. 18 | ## Physical extent (PE) 19 | The smallest contiguous extent (default 4 MiB) in the PV that can be assigned to a LV. Think of PEs as parts of PVs that can be allocated to any LV. 20 | 21 | ### Example: 22 | 23 | ### Physical disks 24 | ``` 25 | Disk1 (/dev/sda): 26 | _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 27 | |Partition1 50 GiB (Physical volume) |Partition2 80 GiB (Physical volume) | 28 | |/dev/sda1 |/dev/sda2 | 29 | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | 30 | 31 | Disk2 (/dev/sdb): 32 | _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 33 | |Partition1 120 GiB (Physical volume) | 34 | |/dev/sdb1 | 35 | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _| 36 | ``` 37 | ### LVM logical volumes 38 | ``` 39 | Volume Group1 (/dev/MyVolGroup/ = /dev/sda1 + /dev/sda2 + /dev/sdb1): 40 | _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 41 | |Logical volume1 15 GiB |Logical volume2 35 GiB |Logical volume3 200 GiB | 42 | |/dev/MyVolGroup/rootvol |/dev/MyVolGroup/homevol |/dev/MyVolGroup/mediavol | 43 | |_ _ _ _ _ _ _ _ _ _ _ _ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _| 44 | ``` 45 | ## Advantages 46 | LVM gives you more flexibility than just using normal hard drive partitions: 47 | 48 | - Use any number of disks as one big disk. 49 | - Have logical volumes stretched over several disks. 50 | - Create small logical volumes and resize them "dynamically" as they get filled up. 51 | - Resize logical volumes regardless of their order on disk. It does not depend on the position of the LV within VG, there is no need to ensure surrounding available space. 52 | - Resize/create/delete logical and physical volumes online. File systems on them still need to be resized, but some (such as ext4) support online resizing. 53 | - Online/live migration of LV being used by services to different disks without having to restart services. 54 | - Snapshots allow you to backup a frozen copy of the file system, while keeping service downtime to a minimum. 55 | - Support for various device-mapper targets, including transparent filesystem encryption and caching of frequently used data. This allows creating a system with (one or more) physical disks - (encrypted with LUKS) and LVM on top to allow for easy resizing and management of separate volumes (e.g. for /, /home, /backup, etc.) without the hassle of entering a key multiple times on boot. 56 | - Disadvantages 57 | - Additional steps in setting up the system, more complicated. Requires (multiple) daemons to constantly run. 58 | - If dual-booting, note that Windows does not support LVM; you will be unable to access any LVM partitions from Windows. 59 | - If your physical volumes are not on a RAID-1, RAID-5 or RAID-6 losing one disk can lose one or more logical volumes if you span (or extend) your logical volumes across multiple non-redundant disks. 60 | 61 | ## Examples 62 | 63 | ## Create lvm partition 64 | ```sh 65 | gdisk /dev/sdX 66 | # press 'n' and create a new partition 67 | # change type to 8e00 - Linux LVM 68 | # make this for all physical volumes 69 | 70 | # define physical volumes for LVM 71 | pvcreate /dev/sdX1 /dev/sdY1 72 | 73 | # see available volumes 74 | pvdisplay 75 | 76 | # create volume group 77 | vgcreate vgName /dev/sdX1 /dev/sdY1 78 | 79 | # display volume group 80 | vgdisplay 81 | 82 | # creale logical volume 83 | lvcreate -n lvName -L 10G vgName 84 | 85 | # display logical volume name 86 | lvdisplay 87 | 88 | # create filesystem 89 | mkfs -t xfs /dev/vgName/lvName 90 | 91 | # mount 92 | mount /dev/vgName/lvName /mnt/mountPoint 93 | 94 | # remove logical volume 95 | lvremove /dev/vgName/lvName 96 | 97 | # remove volume group 98 | vgremove vgName 99 | 100 | # remove physical volume 101 | pvremove /dev/sdX1 /dev/sdY1 102 | ``` 103 | 104 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Red Hat Certified System Administrator Notes 2 | 3 | ## Table of content 4 | 5 | 1. [Essential tools](./01-Essential_tools) 6 | - [Basics commands](./01-Essential_tools/01-Shell_prompt.md) 7 | - [Input/Output Redirection](./01-Essential_tools/02-Input-output-redirections.md) 8 | - [Regular Expressions](./01-Essential_tools/03-Regular_Expressions.md) 9 | - [Access remote system using ssh](./01-Essential_tools/04-ssh.md) 10 | - [Logs and switch users in multiuser targets](./01-Essential_tools/05-Log_and_switch_users.md) 11 | - [Archive, Compress, Unpack and Uncompress files using tar, star, gzip and bzip2](./01-Essential_tools/06-compression.md) 12 | - [Create and edit text files](./01-Essential_tools/07-create_and_edit_textfiles.md) 13 | - [Create, delete, copy and move files and directories](./01-Essential_tools/08-create_delete_copy.md) 14 | - [Create hard and soft links](./01-Essential_tools/09-create_hard_and_soft_links.md) 15 | - [List, set and change standard UGO/RWX Permissions](./01-Essential_tools/10-set_permissions.md) 16 | - [List, set and change standard UGO/RWX Permissions: unmask](./01-Essential_tools/11-umask_permissions.md) 17 | - [Locate, Read and Use System Documentation with man, info and /usr/share/doc](./01-Essential_tools/12-System-documentation.md) 18 | - [Finding Files with Locate and Find](./01-Essential_tools/13-finding_files.md) 19 | 20 | 2. [Operate runing system](./02-Operate_runing_system) 21 | - [Boot, Reboot and Shutdown a System](./02-Operate_runing_system/01-Boot_reboot_and_shutdown.md) 22 | - [Boot Systems into Different Targets Manually](./02-Operate_runing_system/02-Boot_systems.md) 23 | - [Interrupt the Boot Process to Gain Access to a System](./02-Operate_runing_system/03-Interrupt_boot_process.md) 24 | - [Adjust Process Priority and Kill Processes - Part 1](./02-Operate_runing_system/04-Process_p1.md) 25 | - [Adjust Process Priority and Kill Processes - Part 2](./02-Operate_runing_system/05-Process_p2.md) 26 | - [Adjust Process Priority and Kill Processes - Part 3](./02-Operate_runing_system/06-Process_p3.md) 27 | - [Adjust Process Priority and Kill Processes - Part 4](./02-Operate_runing_system/07-Process_p4.md) 28 | - [Locate and Interpret System Log Files and Journals](./02-Operate_runing_system/08-System_logs.md) 29 | 30 | 3. [Configure storage](./03-Configure_storage) 31 | - [List, Create and Delete Partitions on MBR and GPT Disks](./03-Configure_storage/01-Create_partitions.md) 32 | - [Using LVM](./03-Configure_storage/02-LVM.md) 33 | - [Configure Systems to Mount File Systems at Boot by UUID or Label](./03-Configure_storage/03-Mount_filesystems_at_boot.md) 34 | - [Add New Partitions and Logical Volumes and Swap to a System Non-Destructively](./03-Configure_storage/04-New_partitions.md) 35 | 36 | 4. [Create and configure filesystem](./04-Create_and_cofigure_filesystem) 37 | - [Create, Mount, Unmount and Use VFAT, EXT4 and XFS File Systems](./04-Create_and_cofigure_filesystem/01-Create_mount_filesystems.md) 38 | - [Mount and Unmount CIFS and NFS Network File Systems](./04-Create_and_cofigure_filesystem/02-CIFS_NTFS_filesystems.md) 39 | - [Extend Existing Logical Volumes](./04-Create_and_cofigure_filesystem/03-Extend_LVM.md) 40 | - [Create and Configure Set-GID Directories for Collaboration](./04-Create_and_cofigure_filesystem/04-Set_GID.md) 41 | - [Create and Manage Access Control Lists (ACLs)](./04-Create_and_cofigure_filesystem/05-Access_control_list.md) 42 | - [Diagnose and Correct File Permission Problems](./04-Create_and_cofigure_filesystem/06-Diagnose_file_permissions.md) 43 | 44 | 5. [Maintain systems](./05-Maintain_systems) 45 | - [Configure Networking and Hostname Resolution Statically or Dynamically: Troubles](./05-Maintain_systems/01-Networking-troubles.md) 46 | - [Networking and Hostname Resolution Statically or Dynamically: Network Manager](./05-Maintain_systems/02-NetworkManager.md) 47 | - [Network/Hostname Resolution Statically or Dynamically: Hostname Configuration](./05-Maintain_systems/03-Hostname-resolution.md) 48 | - [Schedule Tasks Using at and cron](./05-Maintain_systems/04-Schedule_tasks.md) 49 | - [Start and Stop Services and Configure Services to Start Automatically at Boot](./05-Maintain_systems/06-Services.md) 50 | - [Configure Systems to Boot into a Specific Target Automatically](./05-Maintain_systems/07-Boot_in_specific_target.md) 51 | - [Install Red Hat Enterprise Linux Automatically Using Kickstart](./05-Maintain_systems/08-Kickstart.md) 52 | - [Configure a Physical Machine to Host Virtual Guests](./05-Maintain_systems/09-Configure_KVM.md) 53 | - [Install Red Hat Enterprise Linux Systems as Virtual Guests](./05-Maintain_systems/10-Install_vms.md) 54 | - [Configure Systems to Launch Virtual Machines at Boot](./05-Maintain_systems/11-Automatic_boot_VM.md) 55 | - [Configure Network Services to Start Automatically at Boot](./05-Maintain_systems/12-Configure_Network_Service.md) 56 | - [Configure a System to Use Time Services](./05-Maintain_systems/13-System_timers.md) 57 | - [Install and Update Software Packages from Red Hat Network, YUM REPO](./05-Maintain_systems/14-Yum_repo.md) 58 | - [Install and Update Software Packages from Red Hat Network, RPM REPO](./05-Maintain_systems/15-RPM_repo.md) 59 | - [Managing Repositories](./05-Maintain_systems/16-Managing_repo.md) 60 | - [Configuring a Local Repository](./05-Maintain_systems/17-Local_repo.md) 61 | - [Configuring a Local Repository: Configure the GPG Key](./05-Maintain_systems/18-GPG_key.md) 62 | - [Update the Kernel Package Appropriately to Ensure a Bootable System](./05-Maintain_systems/19-Update_kernel.md) 63 | - [Modifying the System Bootloader](./05-Maintain_systems/20-System_bootloader.md) 64 | 65 | 6. [Manage users and groups](./06-Manage_users_and_groups) 66 | - [Create, Delete, and Modify Local User Accounts](./06-Manage_users_and_groups/01-Manage_users.md) 67 | - [Change Passwords and Adjust Password Aging for Local User Accounts](./06-Manage_users_and_groups/02-User_password.md) 68 | - [Create, Delete, and Modify Local Groups and Group Memberships](./06-Manage_users_and_groups/03-Groups.md) 69 | - [Using set-GID On Directories](./06-Manage_users_and_groups/04-Set_GID.md) 70 | - [Configure a System to Use an Existing Authentication Service for User and Group](./06-Manage_users_and_groups/05-Authentication_service.md) 71 | 72 | 7. [Security](./07-Security) 73 | - [Configure Firewall Settings Using Available Firewall Utilities.](./07-Security/01-Configure_firewall.md) 74 | - [Configure Key-Based Authentication for SSH](./07-Security/02-SSH_Key_based.md) 75 | - [Introduction to SELinux](./07-Security/03-SELinux.md) 76 | - [Set Enforcing and Permissive Modes for SELinux](./07-Security/04-SELinux_Modes.md) 77 | - [List and Identify SELinux Files and Process Contexts](./07-Security/05-SELinux_Files.md) 78 | - [Restore Default File Contexts](./07-Security/06-Restore_SELinux.md) 79 | - [Use Boolean Settings to Modify System SELinux Settings](./07-Security/07-Boolean_settings_SELinux.md) 80 | - [Diagnose and Address Routine SELinux Policy Violations](./07-Security/08-Diagnose_SELinux.md) 81 | 82 | - [Resources](./Resources) --------------------------------------------------------------------------------