Red Hat Enterprise Linux 9 Administration - Second Edition

Red Hat Enterprise Linux 9 Administration - Second Edition

by Pablo Iranzo Gómez, Pedro Ibañez Requena, Miguel Pérez Colino, Scott McCarty
Released November 2022
Publisher(s): Packt Publishing
ISBN: 9781803248806

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Develop the skills required to administer your RHEL environment on-premises and in the cloud while preparing for the RHCSA exam Purchase of the print or Kindle book includes a free eBook in PDF format

Key Features

  • Become a pro at system administration from installation to container management
  • Secure and harden your Linux environment using SSH, SELinux, firewall, and system permissions
  • Gain confidence to pass the RHCSA exam with the help of practice tests

Book Description

With Red Hat Enterprise Linux 9 becoming the standard for enterprise Linux used from data centers to the cloud, Linux administration skills are in high demand. With this book, you’ll learn how to deploy, access, tweak, and improve enterprise services on any system on any cloud running Red Hat Enterprise Linux 9.

Throughout the book, you’ll get to grips with essential tasks such as configuring and maintaining systems, including software installation, updates, and core services. You’ll also understand how to configure the local storage using partitions and logical volumes, as well as assign and deduplicate storage. You’ll learn how to deploy systems while also making them secure and reliable.

This book provides a base for users who plan to become full-time Linux system administrators by presenting key command-line concepts and enterprise-level tools, along with essential tools for handling files, directories, command-line environments, and documentation for creating simple shell scripts or running commands. With the help of command line examples and practical tips, you’ll learn by doing and save yourself a lot of time.

By the end of the book, you’ll have gained the confidence to manage the filesystem, users, storage, network connectivity, security, and software in RHEL 9 systems on any footprint.

What you will learn

  • Become well versed with the fundamentals of RHEL9—from system deployment to user management
  • Secure a system by using SELinux policies and configuring firewall rules
  • Understand LVM to manage volumes and maintain VDO deduplication
  • Manage a system remotely using SSH and public key authentication
  • Get the hang of the boot process and kernel tunable to adjust your systems
  • Automate simple tasks using scripts or Ansible Playbooks

Who this book is for

This book is for Red Hat Enterprise Linux system administrators and Linux system administrators. It's also a good resource for any IT professional who wants to learn system administration. RHCSA certification candidates will find this book useful in their preparation for the certification exam.

Table of contents

  1. Red Hat Enterprise Linux 9 Administration
  2. Contributors
  3. About the authors
  4. About the reviewers
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Share your thoughts
    9. Download a free PDF copy of this book
  6. Part 1 – Systems Administration – Software, User, Network, and Services Management
  7. Chapter 1: Getting RHEL Up and Running
    1. Technical requirements
    2. Obtaining RHEL and a subscription
    3. Installing RHEL 9
      1. Preparation for a physical server installation
      2. Preparation for a virtual server installation
      3. Running an RHEL installation
    4. Summary
  8. Chapter 2: RHEL 9 Advanced Installation Options
    1. Technical requirements
    2. Automating RHEL deployments with Anaconda
    3. Deploying RHEL on the cloud
    4. Installation best practices
    5. Summary
  9. Chapter 3: Basic Commands and Simple Shell Scripts
    1. Logging in as a user and managing multi-user environments
      1. Using the root account
      2. Using and understanding the command prompt
    2. Changing users with the su command
    3. Understanding users, groups, and basic permissions
      1. Users
      2. Groups
      3. File permissions
    4. Using the command line, environment variables, and navigating through the filesystem
      1. Command line and environment variables
      2. Navigating the filesystem
      3. Bash auto-complete
      4. The filesystem hierarchy
    5. Understanding I/O redirection on the command line
    6. Filtering output with grep and sed
    7. Listing, creating, copying, and moving files, directories, links, and hard links
      1. Directories
      2. Copying and moving
      3. Symbolic and hard links
    8. Using tar and gzip
    9. Creating basic shell scripts
      1. for loops
      2. if conditionals
      3. Exit codes
    10. Using system documentation resources
      1. man pages
      2. info pages
      3. Other documentation resources
    11. Summary
  10. Chapter 4: Tools for Regular Operations
    1. Technical requirements
    2. Managing system services with systemd
      1. systemd unit file structure
      2. Managing services to be started and stopped at boot
      3. Managing boot targets
    3. Scheduling tasks with cron and systemd
      1. System-wide crontab
      2. User crontab
      3. systemd timers
    4. Learning about time synchronization with chrony and NTP
      1. NTP client
      2. NTP server
    5. Checking for free resources – memory and disk (free and df)
      1. Memory
      2. Disk space
      3. CPU
      4. Load average
      5. Other monitoring tools
    6. Finding logs, using journald, and reading log files, including log preservation and rotation
      1. Log rotation
    7. Summary
  11. Chapter 5: Securing Systems with Users, Groups, and Permissions
    1. Creating, modifying, and deleting local user accounts and groups
    2. Managing groups and reviewing assignments
    3. Adjusting password policies
    4. Configuring sudo access for administrative tasks
      1. Understanding sudo configuration
      2. Using sudo to run admin commands
      3. Configuring sudoers
    5. Checking, reviewing, and modifying file permissions
    6. Using special permissions
      1. Understanding and applying SUID
      2. Understanding and applying SGID
      3. Using the sticky bit
    7. Summary
  12. Chapter 6: Enabling Network Connectivity
    1. Technical requirements
    2. Exploring network configuration in RHEL
    3. Getting to know the configuration files and NetworkManager
    4. Configuring network interfaces with IPv4 and IPv6
      1. IPv4 and IPv6 – what do they mean?
      2. Configuring interfaces with nmtui
      3. Configuring interfaces with nm-connection-editor
      4. Configuring interfaces with nmcli
      5. Where does NetworkManager store configuration?
    5. Configuring hostname and hostname resolutions (DNS)
    6. An overview of firewall configuration
      1. Configuring the firewall
    7. Testing network connectivity
    8. Summary
  13. Chapter 7: Adding, Patching, and Managing Software
    1. RHEL subscription registration and management
    2. Managing repositories and signatures with yum/dnf
    3. Doing software installations, updates, and rollbacks with YUM/DNF
    4. Creating and syncing repositories with createrepo and reposync
    5. Understanding RPM internals
    6. Summary
  14. Part 2 – Security with SSH, SELinux, a Firewall, and System Permissions
  15. Chapter 8: Administering Systems Remotely
    1. Technical requirements
    2. SSH and OpenSSH overview and base configuration
      1. OpenSSH server
      2. OpenSSH client
    3. Enabling root access via SSH (and when not to do it)
    4. Accessing remote systems with SSH
    5. Key-based authentication with SSH
      1. SSH agent
    6. Remote file management with SCP/rsync
      1. Transferring files with an OpenSSH secure file copy
      2. Transferring files with sftp
      3. Transferring files with rsync
    7. Advanced remote management – SSH tunnels and SSH redirections
    8. Remote terminals with tmux
    9. Introduction to Ansible automation
      1. Inventory
      2. Playbook
    10. Summary
  16. Chapter 9: Securing Network Connectivity with firewalld
    1. Introduction to the RHEL firewall – firewalld
    2. Enabling firewalld in the system and reviewing the default zones
      1. Reviewing the different configuration items under firewalld
    3. Enabling and managing services and ports
    4. Creating and using service definitions for firewalld
    5. Configuring firewalld with the web interface
    6. Summary
  17. Chapter 10: Keeping Your System Hardened with SELinux
    1. Technical requirements
    2. SELinux usage in enforcing and permissive modes
    3. Reviewing the SELinux context for files and processes
    4. Tweaking the policy with semanage
    5. Restoring changed file contexts to the default policy
    6. Using SELinux Boolean settings to enable services
    7. SELinux troubleshooting and common fixes
    8. Integrity Measurement Architecture, digital hashes, and signatures for enhancing security
      1. EVM and trusted keys
      2. Enabling IMA and EVM in the system kernel
    9. Summary
  18. Chapter 11: System Security Profiles with OpenSCAP
    1. Getting started with OpenSCAP and discovering system vulnerabilities
    2. Using OpenSCAP with security profiles for OSPP and PCI DSS
      1. Scanning for OSPP compliance
      2. Scanning for PCI DSS compliance
    3. Summary
  19. Part 3 – Resource Administration – Storage, Boot Process, Tuning, and Containers
  20. Chapter 12: Managing Local Storage and Filesystems
    1. Technical requirements
      1. Let’s start with a definition
      2. A bit of history
    2. Partitioning disks (MBR and GPT disks)
    3. Formatting and mounting filesystems
    4. Setting default mounts and options in fstab
    5. Using network filesystems with NFS
    6. Summary
  21. Chapter 13: Flexible Storage Management with LVM
    1. Technical requirements
    2. Understanding LVM
    3. Creating, moving, and removing physical volumes
    4. Combining physical volumes into volume groups
    5. Creating and extending logical volumes
    6. Adding new disks to a volume group and extending an logical volume
    7. Removing logical volumes, volume groups, and physical volumes
    8. Reviewing LVM commands
    9. Summary
  22. Chapter 14: Advanced Storage Management with Stratis and VDO
    1. Technical requirements
    2. Understanding Stratis
    3. Installing and enabling Stratis
    4. Managing storage pools and filesystems with Stratis
    5. Preparing systems to use VDO
    6. Creating and using a VDO volume
    7. Testing a VDO volume and reviewing the stats
    8. Summary
  23. Chapter 15: Understanding the Boot Process
    1. Understanding the boot process – BIOS and UEFI booting
    2. Working with GRUB, the bootloader, and the initrd system images
    3. Managing the boot sequence with systemd
    4. Intervening in the boot process to gain access to a system
    5. Summary
  24. Chapter 16: Kernel Tuning and Managing Performance Profiles with tuned
    1. Technical requirements
    2. Identifying processes, checking memory usage, and killing processes
    3. Adjusting kernel scheduling parameters to better manage processes
    4. Installing tuned and managing tuning profiles
    5. Creating a custom tuned profile
    6. Using the web console for observing performance metrics
    7. Summary
  25. Chapter 17: Managing Containers with Podman, Buildah, and Skopeo
    1. Technical requirements
    2. Introduction to containers
      1. Installing container tools
    3. Running a container using Podman and UBI
      1. Basic container management – pull, run, stop, and remove
      2. Attaching persistent storage to a container
      3. Deploying a container on a production system with systemd
      4. Building a container image using a Dockerfile or Containerfile
      5. Configuring Podman to search registry servers
      6. Summary of Podman options
    4. When to use Buildah and Skopeo
      1. Building container images with Buildah
      2. Inspecting a remote container with Skopeo
    5. Summary
  26. Part 4 – Practical Exercises
  27. Chapter 18: Practice Exercises – 1
    1. Technical requirements
    2. Tips for the exercise
    3. Practice exercise 1
      1. Exercises
    4. Exercise 1 solution
      1. 1. Configuring the time zone to GMT
      2. 2. Allowing passwordless login to the root user using SSH
      3. 3. Creating a user named user that can connect to the machine without a password
      4. 4. The user user should change their password every week, with 2 days’ warning and 1 day of usage once expired
      5. 5. The root user must be able to SSH as user without a password so that nobody can connect remotely as the root user using a password
      6. 6. The user user should be able to become root and also execute commands without a password
      7. 7. When a user tries to log in over SSH, display a legal message about not allowing unauthorized access to this system
      8. 8. SSH must listen on port 22222 instead of the default one
      9. 9. Creating a group named devel
      10. 10. Making user a member of devel
      11. 11. Storing user membership in a file called userids in the home folder for user
      12. 12. The user user and root user should be able to connect to the localhost via SSH without specifying the port, and default to compression for the connection
      13. 13. Finding all man page names in the system, and putting the names into a file named manpages.txt
      14. 14. Printing usernames for users without a login so that they can be permitted access to the system, and printing the UID and groups for each user
      15. 15. Monitoring available system resources every 5 minutes without using cron, and storing them as /root/resources.log
      16. 16. Adding a per-minute job to report the available percentage of free disk space and storing it in /root/freespace.log so that it shows the filesystem and free space
      17. 17. Configuring the system to only leave 3 days of logs
      18. 18. Configuring the log rotation for /root/freespace.log and /root/resources.log
      19. 19. Configuring the time synchronization against pool.ntp.org with fast sync
      20. 20. Providing NTP server services for the 172.22.0.1/24 subnet
      21. 21. Configuring system stats for collection every minute
      22. 22. Configuring the password length for users in the system to be 12 characters long
      23. 23. Creating a bot user named privacy that keeps its files only visible to itself by default
      24. 24. Creating a folder named /shared that can be accessed by all users and defaults new files and directories to still be accessible to users of the devel group
      25. 25. Configuring a network connection with IPv4 and IPv6 addressing named mynic, using the following data: 2001:db8:0:1::c000:207/64 g gateway 2001:db8:0:1::1 ipv4 192.0.1.3/24 gateway 192.0.1.1
      26. 26. Allowing the host to use the hostname google to reach www.google.com, and the hostname redhat to reach www.redhat.com
      27. 27. Reporting the files modified from those that the vendor distributed, and storing them in /root/altered.txt
      28. 28. Making our system installation media packages available via HTTP under the /mirror path for other systems to use as a mirror, and configuring the repository in our system. Removing the kernel packages from that mirror so that other systems (even ours) can’t find new kernels. Ignoring the glibc packages from this repository to be installed without removing them
      29. 29. As user, make a copy of the /root folder in the /home/user/root/ folder and keep it in sync every day, synchronizing additions and deletions
      30. 30. Checking whether our system conforms to the PCI-DSS standard
      31. 31. Adding a second hard drive of 30 GB to the system, but using only 15 GB to move the mirror to it, making it available at boot using compression and deduplication, and available under /mirror/mirror
      32. 32. Creating a second copy of the mirror under /mirror/mytailormirror and removing all packages starting with k*
      33. 33. Creating a new volume in the remaining space (15 GB) of the hard drive and using it to extend the root filesystem
      34. 34. Creating a boot entry that allows us to boot into emergency mode in order to change the root password
      35. 35. Creating a custom tuning profile that defines the readahead to be 4096 for the first drive and 1024 for the second drive – this profile should also crash the system should an OOM event occur
      36. 36. Disabling and removing the installed httpd package, and setting up the httpd server using the registry.redhat.io/rhel9/httpd-24 image
  28. Chapter 19: Practice Exercise – 2
    1. Technical requirements
    2. Tips for the exercise
    3. Practice exercise 2
      1. Exercises
    4. Exercise 2 resolution
      1. 1. Downloading the necessary file from this book’s GitHub repository at https://raw.githubusercontent.com/PacktPublishing/Red-Hat-Enterprise-Linux-RHEL-9-Administration/main/chapter-19-exercise2/users.txt
      2. 2. Using the users.txt file to generate users in the system in an automated way using the values provided, in the following order: username, placeholder, uid, gid, name, home, shell
      3. 3. Creating a group named myusers and adding that group as the primary group to all users, leaving their own groups, named after each user, as secondary groups
      4. 4. Changing the home folders for the users so that they are group-owned
      5. 5. Setting up an HTTP server and enabling a web page for each user, with a small introduction for each that is different between users
      6. 6. Allowing all users in the users group to become root without a password
      7. 7. Creating SSH keys for each user and adding each key to root and the other users so that each user can SSH like the other users; that is, without a password
      8. 8. Disabling password access to the system with SSH
      9. 9. Setting each user with a different password using /dev/random and storing the password in the users.txt file in the second field of the file
      10. 10. If the number of letters in the username is a multiple of 2, adding that fact to each user description web page
      11. 11. Creating a container that runs the yq Python package as the entry point
      12. 12. Configuring password aging for users that are not a multiple of 2 so that they’re expiring
      13. 13. Configuring a daily compressed log rotation for a month of logs using date-named files
      14. 14. Saving all logs generated in the day in /root/errors.log
      15. 15. Installing all available updates for system libraries
      16. 16. Repairing the broken rpm binary using a previously downloaded package available in the /root folder
      17. 17. Making all processes that are executed by the user doe run with a low priority and the ones from john run with a higher priority (+/- 5)
      18. 18. Making the system run with the highest throughput and performance
      19. 19. Changing the system network interface so that it uses an IP address that’s higher than the one it was using and adding another IPv6 address to the same interface
      20. 20. Creating and adding /opt/mysystem/bin/ to the system PATH variable for all users
      21. 21. Creating a firewall zone, assigning it to an interface, and making it the default zone
      22. 22. Adding a repository hosted at https://myserver.com/repo/ with the GPG key from https://myserver.com/mygpg.key to the system since our server might be down and configuring it so that it can be skipped if it’s unavailable
  29. Index
    1. Why subscribe?
  30. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share your thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: Red Hat Enterprise Linux 9 Administration - Second Edition
  • Author(s): Pablo Iranzo Gómez, Pedro Ibañez Requena, Miguel Pérez Colino, Scott McCarty
  • Release date: November 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781803248806