Book description
Develop the skills to manage and administer Red Hat Enterprise Linux and get ready to earn the RHCSA certification
Key Features
- Learn the most common administration and security tasks and manage enterprise Linux infrastructures efficiently
- Assess your knowledge using self-assessment questions based on real-world examples
- Understand how to apply the concepts of core systems administration in the real world
Book Description
Whether in infrastructure or development, as a DevOps or site reliability engineer, Linux skills are now more relevant than ever for any IT job, forming the foundation of understanding the most basic layer of your architecture. With Red Hat Enterprise Linux (RHEL) becoming the most popular choice for enterprises worldwide, achieving the Red Hat Certified System Administrator (RHCSA) certification will validate your Linux skills to install, configure, and troubleshoot applications and services on RHEL systems.
Complete with easy-to-follow tutorial-style content, self-assessment questions, tips, best practices, and practical exercises with detailed solutions, this book covers essential RHEL commands, user and group management, software management, networking fundamentals, and much more. You'll start by learning how to create an RHEL 8 virtual machine and get to grips with essential Linux commands. You'll then understand how to manage users and groups on an RHEL 8 system, install software packages, and configure your network interfaces and firewall. As you advance, the book will help you explore disk partitioning, LVM configuration, Stratis volumes, disk compression with VDO, and container management with Podman, Buildah, and Skopeo.
By the end of this book, you'll have covered everything included in the RHCSA EX200 certification and be able to use this book as a handy, on-the-job desktop reference guide.
This book and its contents are solely the work of Miguel Pérez Colino, Pablo Iranzo Gómez, and Scott McCarty. The content does not reflect the views of their employer (Red Hat Inc.). This work has no connection to Red Hat, Inc. and is not endorsed or supported by Red Hat, Inc.
What you will learn
- Deploy RHEL 8 in different footprints, from bare metal and virtualized to the cloud
- Manage users and software on local and remote systems at scale
- Discover how to secure a system with SELinux, OpenSCAP, and firewalld
- Gain an overview of storage components with LVM, Stratis, and VDO
- Master remote administration with passwordless SSH and tunnels
- Monitor your systems for resource usage and take actions to fix issues
- Understand the boot process, performance optimizations, and containers
Who this book is for
This book is for IT professionals or students who want to start a career in Linux administration and anyone who wants to take the RHCSA 8 certification exam. Basic knowledge of Linux and familiarity with the Linux command-line is necessary.
Table of contents
- Red Hat Enterprise Linux 8 Administration
- Contributors
- About the authors
- About the reviewer
- Preface
- Section 1: Systems Administration – Software, User, Network, and Services Management
- Chapter 1: Installing RHEL8
- Chapter 2: RHEL8 Advanced Installation Options
-
Chapter 3: Basic Commands and Simple Shell Scripts
- Logging in as a user and managing multi-user environments
- Changing users with the su command
- Understanding users, groups, and basic permissions
- Using the command line, environment variables, and navigating through the filesystem
- Understanding I/O redirection in the command line
- Filtering output with grep and sed
- Listing, creating, copying, and moving files and directories, links, and hard links
- Using tar and gzip
- Creating basic shell scripts
- Using system documentation resources
- Summary
-
Chapter 4: Tools for Regular Operations
- Technical requirements
- Managing system services with systemd
- Scheduling tasks with cron and systemd
- Learning about time synchronization with chrony and NTP
- Checking for free resources – memory and disk (free and df)
- Finding logs, using journald, and reading log files, including log preservation and rotation
- Summary
- Chapter 5: Securing Systems with Users, Groups, and Permissions
- Chapter 6: Enabling Network Connectivity
- Chapter 7: Adding, Patching, and Managing Software
- Section 2: Security with SSH, SELinux, a Firewall, and System Permissions
- Chapter 8: Administering Systems Remotely
- Chapter 9: Securing Network Connectivity with firewalld
-
Chapter 10: Keeping Your System Hardened with SELinux
- Technical requirements
- SELinux usage in enforcing and permissive modes
- Reviewing the SELinux context for files and processes
- Tweaking the policy with semanage
- Restoring changed file contexts to the default policy
- Using SELinux Boolean settings to enable services
- SELinux troubleshooting and common fixes
- Summary
- Chapter 11:System Security Profiles with OpenSCAP
- Section 3: Resource Administration – Storage, Boot Process, Tuning, and Containers
- Chapter 12: Managing Local Storage and Filesystems
-
Chapter 13: Flexible Storage Management with LVM
- Technical requirements
- Understanding LVM
- Creating, moving, and removing physical volumes
- Combining physical volumes into volume groups
- Creating and extending logical volumes
- Adding new disks to a volume group and extending a logical volume
- Removing logical volumes, volume groups, and physical volumes
- Reviewing LVM commands
- Summary
- Chapter 14: Advanced Storage Management with Stratis and VDO
- Chapter 15: Understanding the Boot Process
- Chapter 16: Kernel Tuning and Managing Performance Profiles with tuned
- Chapter 17: Managing Containers with Podman, Buildah, and Skopeo
- Section 4: Practical Exercises
-
Chapter 18: Practice Exercises – 1
- Technical requirements
- Tips for the exercise
- Practice exercise 1
-
Exercise 1 resolution
- 1. Configuring the time zone to GMT
- 2. Allowing password-less login to the root user using SSH
- 3. Creating a user named 'user' that can connect to the machine without a password
- 4. The user 'user' should change their password every week, with 2 days' warning and 1 day of usage once expired
- 5. The root user must be able to SSH as 'user' without a password, so that nobody can connect remotely as the root user using a password
- 6. The user 'user' should be able to become root and execute commands without a password
- 7. When a user tries to log in over SSH, display a legal message about not allowing unauthorized access to this system
- 8. SSH must listen on port 22222 instead of the default one
- 9. Creating a group named 'devel'
- 10. Making 'user' a member of 'devel'
- 11. Storing user membership in a file called 'userids,' in a home folder for 'user'
- 12. The user 'user' and root user should be able to connect to the localhost via SSH, without specifying the port, and default to compression for the connection
- 13. Finding all man page names in the system, and putting the names into a file named 'manpages.txt'
- 14. Printing usernames for users without a login, so they can be permitted access to the system, and printing the user ID and groups for each user
- 15. Monitoring available system resources every 5 minutes without using cron, and storing them as /root/resources.log
- 16. Adding a per-minute job to report the available percentage of free disk space and storing it in /root/freespace.log, so that it shows the filesystem and free space
- 17. Configuring the system to only leave 3 days of logs
- 18. Configuring log rotation for /root/freespace.log and /root/resources.log
- 19. Configuring time synchronization against pool.ntp.org with fast sync
- 20. Providing NTP server services for subnet 172.22.0.1/24
- 21. Configuring system stats collection every minute
- 22. Configuring the password length in the system for users to be 12 characters
- 23. Creating a bot user called 'privacy,' which keeps its files only visible to itself by default
- 24. Creating a folder named /shared that can be accessed by all users, and defaults new files and directories to still be accessible to users of the 'devel' group
- 25. Configuring a network connection with IPv4 and IPv6 addressing named 'mynic,' using the provided data Ip6, as follows: 2001:db8:0:1::c000:207/64 g gateway 2001:db8:0:1::1 IPv4 192.0.1.3/24 gateway 192.0.1.1
- 26. Allowing the host to use a google hostname to reach www.google.com, and a redhat hostname to reach www.redhat.com
- 27. Reporting the files modified from those that the vendor distributed, and storing them in /root/altered.txt
- 28. Making our system installation media packages available via HTTP under the path /mirror for other systems to use it as the mirror, and configuring the repository in our system. Removing the kernel packages from that mirror so that other systems (even ours) can't find new kernels. Ignoring the glibc packages from this repo to be installed without removing them
- 29. As 'user,' make a copy of the /root folder in the /home/user/root/ folder, and keep it in sync every day, synchronizing additions and deletions
- 30. Checking whether our system conforms to the PCI-DSS standard
- 31. Adding a second hard drive of 30 GB to the system, but using only 15 GB to move the mirror to it, making it available at boot using compression and deduplication, and available under /mirror/mirror
- 32. Configuring the filesystem to report at least 1,500 GB in size, to be used by our mirrors
- 33. Creating a second copy of the mirror under /mirror/mytailormirror and removing all packages starting with k*
- 34. Creating a new volume in the remaining space (15 GB) of the hard drive and using it to extend the root filesystem
- 35. Creating a boot entry that allows us to boot into emergency mode in order to change the root password
- 36. Creating a custom tuning profile that defines the readahead to be 4096 for the first drive and 1024 for the second drive – this profile should also crash the system should an OOM event occur
- 37. Disabling and removing the installed httpd package, and setting up the httpd server using the registry.redhat.io/rhel8/httpd-24 image
-
Chapter 19: Practice Exercise – 2
- Technical requirements
- Tips for the exercise
- Practice exercise – 2
-
Answers to practice exercise 2
- 1. Download the necessary file from this book's GitHub repository at https://raw.githubusercontent.com/PacktPublishing/Red-Hat-Enterprise-Linux-8-Administration/main/chapter-19-exercise2/users.txt
- 2. Use the users.txt file to generate users in the system in an automated way using the values provided, in the following order: username, placeholder, uid, gid, name, home, shell
- 3. Create a group named users and add that group as the primary group to all users, leaving their own groups, named after each user, as secondary groups
- 4. Change the home folders for the users so that are group owned
- 5. Set up an HTTP server and enable a web page for each user, with a small introduction for each that is different between users
- 6. Allow all the users in the users group to become root without a password
- 7. Create SSH keys for each user and add each key to root and the other users so that each user can SSH like the other users; that is, without a password
- 8. Disable password access to the system with SSH
- 9. Set each user with a different password using /dev/random and store the password in the users.txt file in the second field of the file
- 10. If the number of letters in the username is a multiple of 2, add that fact to each users description web page
- 11. Create a container that runs the yq Python package
- 12. Configure password aging for users that are not a multiple of 2 so that they're expiring
- 13. Configure the daily compressed log rotation for a month of logs using date-named files
- 14. Save all the logs generated in the day in /root/errors.log
- 15. Install all the available updates for system libraries
- 16. Repair the broken rpm binary using a previously downloaded package available in the /root folder
- 17. Make all the processes that are executed by the user doe run with a low priority and the ones from john run with a higher priority (+/- 5)
- 18. Make the system run with the highest throughput and performance
- 19. Change the system network interface so that it uses an IP address that's higher than the one it was using. Add another IPv6 address to the same interface
- 20. Create and add /opt/mysystem/bin/ to the system PATH for all users
- 21. Create a firewall zone, assign it to an interface, and make it the default zone
- 22. Add a repository hosted at https://myserver.com/repo/ with GPG key from https://myserver.com/mygpg.key to the system since our server might be down. Configure it so that it can be skipped if it's unavailable
- Why subscribe?
- Other Books You May Enjoy
Product information
- Title: Red Hat Enterprise Linux 8 Administration
- Author(s):
- Release date: November 2021
- Publisher(s): Packt Publishing
- ISBN: 9781800569829
You might also like
book
Red Hat Certified Engineer (RHCE) Study Guide: Ansible Automation for the Red Hat Enterprise Linux 8 Exam (EX294)
Study the material in this book to prepare for the RHCE exam EX294 and to learn …
video
Red Hat Certified Engineer (RHCE) EX294: Red Hat Ansible Automation
10+ Hours of Video Instruction Description Red Hat Certified Engineer (RHCE) EX294 Complete Video Course, 3/e: …
book
Red Hat RHCE 8 (EX294) Cert Guide
Learn, prepare, and practice for Red Hat RHCE 8 EX294 exam success with this Cert Guide …
book
Red Hat RHCSA 8 Cert Guide: EX200
Learn, prepare, and practice for Red Hat RHCSA 8 (EX200) exam success with this Cert Guide …