Below are my notes that I made after taking and passing the Red Hat Certified Systems Administrator (RHCSA) test. As usual I looked for RHCSA study guides and notes. I was not impressed with any of them so I made my own.

Use the notes below after going through a book like the RHCSA/RHCE Red Hat Linux Certification Study Guide. The book will help you understand what your doing below better. These notes are just quick descriptions and commands on how to get things done. It was made as more of an easy way to review different topics and run through how to do different tasks. There are also little notes on things you should know.

#####################
### Installing OS ###
#####################
# Use CentOS to practice as it is almost exactly the same as RH. The differences won't matter. 
# Install CentOS directly to a machine, don't use a VM. You will make another VM later to practice
# On the initial boot screen hit Tab to see boot options. Put the word "text" at the end
# of the boot option to boot in text mode.

# For FTP or HTTP install start install and select "URL" then put in:
# ftp://192.168.0.1/pub/inst     or similar FTP url where install files are
# http://192.168.0.1/pub/inst    or similar HTTP url where install files are

# Press Alt-F3,Alt-F4 or Alt-F5 if you have issues during install. They will show you the
# log and error messages. Also you can get to a prompt and other cool things  if you try 
# other Alt-F? keys.

# By default SELinux is enabled in enforcing mode.You can check this with the "sestatus" command.
# Iptables is turned on by default.

##############################
### General Administration ###
##############################
# From the desktop get to terminal consoles.  CTRL-ALT-F1 through F6
# From desktop bring up a GUI terminal click Applications -> System Tools -> Terminal.
# You can also right click anywhere on the desktop and select "Open Terminal".

# Linux uses 3 data streams. Standard In (STDIN), Standard Out (STDOUT),
# Standard Error (STERR). You can send data to and from programs and files. < and > 
# can direct these streams in different directions to programs and files. Programs 
# can also send data to each other using the pipe | 
# Output from ls command to a file. Do this with grep or any other program also
ls > filename
# Send data from file to contacts program
contacts < datafile
# cat a file and read it with less
cat /var/log/messages | less
# Run program blah and send all errors to file errors
blah 2> errors

# Pwd shows you which directory your currently in
pwd

# Change to a dir like /var
cd /var

# Show regular files in a directory
ls 
# Show all file in a dir including hidden ones. Hidden files start with a period.
ls -a
# Show all files in var dir with a long listing and with SELinux contexts
ls -laZ /var

# Make a blank file blah
touch blah
# Change date/time of current file to right now
touch filename

# Make a directory blah in the /tmp dir
mkdir /tmp/blah
# Delete the dir you just made
rmdir /tmp/blah

# Copy file /etc/passwd to /tmp
cp /etc/passwd /tmp
# Copy all files and directories from /etc/ to /tmp. -r recursive copy.
cp -r /etc/* /tmp

# To rename a file use the move command. Rename file blah to blah1
mv blah blah1
# Move a file /var/boss to /tmp
mv /var/boss /tmp

# Delete a file using the remove command (rm). Delete file boss
rm boss
# Remove a whole dir with all files in it. Example removing /tmp/blah dir. -f force -r recursive
rm -rf /tmp/blah

# Create a link to a file. Allows you to make a shortcut to the file name.
# Hard links include a copy of the file. Create link to blah in current dir to file /etc/blah
ln /etc/blah blah
# Softlink is just a redirect to the file. It uses the -s option.
ln -s /etc/blah blah

# Show all running processes. First column is username, second is Process ID, CPU usage is third
# The top of the output tells you what each column is. Check it out for the rest of the columns.
ps -aux
# Show processes for just user blah
ps -u blah
# Show all processes in SELinux context
ps auxZ

# Use Top to see system load and processor and memory usage. Watch processes.
top

# To change process priority use nice and renice commands. -20 highest priority,  19 lowest
# Start process at lowest priority
nice -n 19 ./process_intensive_task
# Change priority of running process PID 455
renice -1 455 

# To kill process with process id 22 (use ps to find id's)
kill 22
# Kill all proceses of a certian name blah
killall blah

# Find files named blah using the find command starting from the root dir /. Case sensitive.
find / -name blah
# Case insensitive search for same
find / -iname blah
# Use glob characters (* ? []) to help find things
# * - any number of alphanumeric chars. Ex. blah* finds any word blah with 0 or more
  letters or numbers after it.
# ? - any single alphanumeric chars. Ex. blah? finds any word blah with one letter or number after it.
# [] - any range of letters or numbers. Ex. blah[12] finds any combo of blah1 blah2 
# Find a files owned by user jose
find / -user jose 
# Find file belonging to group boo
find / -group boo

# Use the locate command to find files faster than find. 
# Locate file dog
locate dog
# You have to make the locate database for this to work. It is run every day from cron.
/etc/cron.daily/mlocate.cron
# Hint is to run this when you first start the test and background it like so
/etc/cron.daily/mlocate.cron &

# View files on the screent with cat. Ex. show file boo
cat boo

# Use programs less and more to open and look at files. Ex file boo
# Use arrows or page up and down keys to scroll up and down
more boo   or    less boo

# Show the beginning of a file with the head command
head /etc/passwd

# Show the end of a file with the tail command 
tail /etc/passwd
# Show last 20 lines of file
tail -n 20 /etc/passwd

# Use the sort program show lines of a file in  alphabetical order depending on the first 
# letter in each line. Check man page to see how to sort in other orders
sort /etc/passwd

# Use the grep command to find words or patterns in files. Like the word bash in /etc/passwd
grep bash /etc/passwd
# Find word dog in file /etc/blah. Output matching lines to file /tmp/boo
grep dog /etc/blah > /tmp/boo

# Use diff command to see differences in files. Like between files boot and pie
diff boot pie

# Wc can count words or lines of a file 
# Count words in a file boo 
wc -w boo
# Count lines in file boo
wc -l boo

# Use sed to stream edit files. Which means change them on the fly.
# Like open file boo and change word dog to cat then save it
sed -e 's/dog/cat/g' boo
# See more examples here http://www.pantz.org/software/shell/shelloneliners.html

# Use awk to find words or numbers in files and print them out in a column format
# Find all lines with the word bash in it
awk '/bash/ {print $0}' /etc/passwd
# See more examples here http://www.pantz.org/software/shell/shelloneliners.html

# Learn to edit files from a terminal with the program Vi. 
# Go here to learn the commands http://www.pantz.org/software/vi/vireference.html


# Sysstat package has  sar and iostat. Use sar to check system activty and io over time
# Reports are put in /var/log/sa dir.
# Check cron jobs in /etc/cron.d to run at intervals. Configs are in /etc/sysconfig/sysstat
# /etc/cron.d/sysstat 
sar -A   (shows output)

# Use gzip or bzip2 to compress a file
gzip file1.txt 
bzip2 file1.txt
# uncompress either with -d
gzip -d file1.txt.gz
bzip2 -d file1.txt.bz2

# Use tar to collect a bunch of files into one file
# Tar up and compress all files in /opt into file called opt.tar.gz
tar czvf opt.tar.gz /opt
# Untar files back to /opt
tar xvzf opt.tar.gz /opt

# User star to archive files on a system using SELinux
# install star
yum install star
# Create file opt.star and save all extended attribs record headers with acl
star -xattr -H=exustar -c -f=opt.star /opt/
# Extract archive 
tar -x -f=opt.star

# System wide crontab is at /etc/crontab. Cron job files are also in /etc/cron.d/ dir.
# Cron files can have their own environment variables located in the file like the following
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# Cron job file format is the following, except for /etc/crontab that has an extra field for user
# Minute   Hour   Day of Month       Month          Day of Week        Command    
# (0-59)  (0-23)     (1-31)    (1-12 or Jan-Dec)  (0-6 or Sun-Sat)                
    0        2          12             *               0,6           /usr/bin/find
# Users have their own cron files called crontabs.
# Edit your own crontab file 
crontab -e
# Show your crontabs 
crontab -l
# As root edit user1's crontab
crontab -u user1

# If /etc/cron.allow does not exist and cron.deny does then users listed in .deny can't edit their tab
# If both exist then only users in cron.allow can edit cron tabs. Same goes for at.allow and at.deny

# You can use the at program to schedule a one time command 
at now +2 hour
at> /sbin/ping -c 127.0.0.1 
at>Ctrl-D
# Will ping localhost in 2hrs
# show at jobs
atq 
# Remove job 1
atrm 1

# Config files for rsyslog are /etc/init.d/rsyslog and /etc/rsyslog.conf
# Levels of logging in ascending order: debug, info, notice, warn, err, crit, alert, emerg
# There is also  none  priority that logs nothing  like  warn.none logs no warning messages
# rsyslogd logs all messages of a given priority or higher. use that level and it logs that 
# level  and higher. Use * to log all levels like auth.* 
# Most log files are written to /var/log/
# Logrotate facility rotates logs on a weekly basis. Check /etc/logrotate.conf and the
# scripts in /etc/logrotate.d dir.

# Install a VNC server and client. RH uses tigervnc 
yum install vinagre tigervnc tigervnc-server
# Edit /etc/sysconfig/vncservers file put in lines for user1 and user2. examples are in file.
VNCSERVER="1:user1 2:user2"
VNCSERVERARGS[2]="-geometry 800x600"
# Stop vnc server, so we can setup the users 
service vncserver stop
# Login as the user or su to the.  start vncserver or port 5902
vncserver :2 
# Make sure iptables has port 5902 open if not open it
system-config-firewall-tui
# Connect to server on port 5902 with vnc client like vncviewer or vinagre
vncviewer 192.168.0.1:2 
# To start a gui: vnc viewer Applications | Internet | Remote Desktop Viewer or Tiger VNC Viewer
# To configure gnome based vnc server called vino run  vino-preferences

# SSH line to connect to vnc over ssh on a remote system 
ssh -L 5902:sv1.example.com:5902 [email protected]
# Then use a vnc client to connect to 127.0.0.1:2 as the server is listening on localhost

############################
### System Documentation ###
############################
# /usr/share/doc has tons of documentation on programs
# Run commands by themselves for a quick help.
# Run "man command" to see docs on that command
# To search man pages title keywords use "whatis" like "whatis virsh"
# To search man pages with keywords in the description use "apropos" like "apropos virsh"
# To ensure that you can access the appropriate man pages, after installing new packages run
/etc/crond.daily/makewhatis.cron

###########################
### Installing Software ###
###########################
# Install Apache webserver (as root)
yum install httpd
service httpd start
# Check if running on localhost with browser http://127.0.0.1/. Install firefox if need be. 
yum install firefox
# If not check if iptables is allowing it. Use system-config-firewall command to open port 80
chkconfig httpd on
# By default webserver files are kept in /var/www/html/

# Install VSFTP server (as root)
yum install vsftpd
service vsftpd start
# Check if running on localhost with browser ftp://127.0.0.1/
# If not check if iptables is allowing it. Use system-config-firewall command to open port 21.
chkconfig vsftpd on

########################
### File Permissions ###
########################
# Chmod g or o or u (for section) + or -  (to add or remove permisison) r or w or x (to set perm) 
chmod u+x file  or chmod ugo+w file  
# Chmod number equiv  r = 4, w = 2, and x = 1. Combine numbers for permisison setting. 
chmod 755 file (equiv to 4+2+1,4+1,4+1)
# SUID SGUID and sticky are  SUID=4, SGID=2, and sticky bit=1 
chmod 4764 file  sets SUID bit.
# Sticky bit (t) on dir using ugo/rwx format
chmod o+t /tmp
# Set group id bit on dir test
chmod g+s /tmp/test
# Chown user and group use -R for recursive
chown username.groupname file
# Chgrp changes group onwership.Below  changes file owership to testgrp
chgrp testgrp file

######################
### File Attribues ###
######################
# Lsattr lists file attributes. chattr sets file attributes
chattr +i /etc/file     (keep a file from being written to)
lsattr /etc/file        (look at attributes)
chattr -i /etc/file     (remove imutable attribute)

#############
### ACL's ###
#############
# File system has to have acl's turned on to use them. Edit /etc/fstab and in the 
# options section put "acl" like  /dev/sdb2 /home ext4 defaults,acl 1,2.
# Then remount file system to apply. 
mount -o remount /home
# Get file ACL's (acl package has to be installed)
getfacl filename
# Modify acl's. Example for user Bob giving him rwx to file
setfacl -m u:bob:rwx file
# Remove acl on file for user bob
setfacl -x u:bob file  (add in -R to recursivly do the same)
# Set acl group access for group luser on file
setfacl -m g:luser:r-- 
# Remove all acls on a file (going nuclear)
setfacl -b file
# Set acl mask (what file is allowed to be set to)
setfacl -m mask:r-- file  (makes it so only read acl can be set from now on)

############################################
### IPTables (Firewall) and TCP wrappers ###
############################################
# Iptables file is kept in file /etc/sysconfig/iptables
# Start iptables 
/etc/init.d/iptables start  or service iptables start
# List all rules
iptables -L
# List all rules with rule numbers
iptables -L --line-numbers
# Stop iptables 
/etc/init.d/iptables stop   or service iptables stop

# Look in /etc/services file for any ports of the services you might need to open

# You can add a rules to a running system 
# Append a rule to the end of the INPUT chain
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Insert a rule at postion number 2 on the INPUT chain
iptables -I INPUT 2 -p tcp --dport 80 -j ACCEPT
# Delete a specific rule. Rule #3 on the INPUT chain.
iptables -D INPUT 3
# Replace a current rule Example replacing rule #3
iptables -R INPUT 3 -p tcp -s 192.168.0.0/24 --dport 80 -j ACCEPT
# To save any of these additions run the save command. This will put them in /etc/sysconfig/iptables
service iptables save

# To make changes to the /etc/sysconfig/iptables file directly
service iptables stop
vi /etc/sysconfig/iptables   (put in your line or mod a current line) then save it.
service iptables start

# Console firewall tool 
# Saving anything in here overwrites any changes made by hand to the file /etc/sysconfig/iptables
system-config-firewall-tui

# GUI based firewall tool
# Saving anything in here overwrites any changes made by hand to the file /etc/sysconfig/iptables
system-config-firewall

# TCP wrappers protect services that communicate using TCP. This is similar to 
# Iptables, but protects the TCP ports on a service basis. Binaries linked to 
# libwrap.so.0 can be protected using the /etc/hosts.allow and /etc/hosts.deny files.

# If a match is found in the /etc/hosts.allow file it's allowed. Matching stops. Checked 1st.
# If a match is found in the /etc/hosts.deny file it's denied. Matching stops. Checked 2nd.
# If a match is not found in either then access is allowed.
# Format is  daemon_name : clients_ip_or_hostnames    
# Use "ALL" keyword for allowing any service or client
# Use "." to specify any host with a certain domain name like  .blah.org

# Examples of formating to allow or deny hosts to services in the  hosts.allow or .deny files
# Restrict sshd to 192.168.0.0 subnet 
sshd : 192.168.0.1/255.255.255.0
# Everything from .blah.org
ALL : .blah.org
# Everything from 192.168. except 172.168 block for services telnet and ssh 
sshd,in.telnetd : 192.168. EXCEPT 172.168.

# To make a white list type connection for your services in your /etc/hosts.deny file 
# put ALL:ALL on the last line. Put the connections and services you want to allow 
# above that line. Don't put in a /etc/hosts.allow file at all. This will deny all
# connections to those services except for what you listed. 

###########
### KVM ###
###########
# A 64bit CPU is required for KVM host machine in RedHat.

# Install virtualization packages
yum groupinstall Virtualization*
# Installed individually if you like
yum install qemu-kvm qemu-img virt-manager libvirt libvirt-python python-virtinst libvirt-client
# Load kernel module for KVM if it's not already running
modprobe kvm
# Check for module if need be. You'll see kvm  and kvm_intel or kvm_amd
lsmod |grep kvm
# Start libvirtd so we can use virt-manager
service libvirtd start
# Restart networking so the VM's can use the network bridge (virbr0) to get out through the host
service network restart  

# Virtual Machine Manager is part of the virt-manager package.
# Start it in a GUI by clicking Applications | System Tools | Virtual Machine Manager.
# or start it by typing "virt-manager" in a terminal window in Gnome.

# 2 hypervisors, also known as virtual machine monitors, are
# shown on the localhost system. These hypervisors work with QEMU as processor
# emulators within the virtual machines.

# Create a Second Virtual Network
# 1. Right-click the standard localhost (QEMU) hypervisor, select Details.
# 2. In the details wiindow select Virtual Networks tab.
# 3. Click the plus sign in the lower-left corner of the Virtual Networks tab to 
     open the Create A New Virtual Network Wizard.
# 4. Click Forward to continue.
# 5. Assign a name for the new virtual network. Enter the name foo.  Click Forward to continue.
# 6. If not already input, type in the 192.168.101.0/24 network address in the
#    network text box.  Click Forward to continue unil you get to the end.

# Default filesystem directory for KVM images is /var/lib/libvirt/images.
# If you change it the do the following
mkdir /opt/KVM
su -
chcon -R --reference /var/lib/libvirt/images /opt/KVM
rmdir /var/lib/libvirt/images
ln -s /opt/KVM /var/lib/libvirt/images

###  Virtualization Packages ###
# qemu-kvm - The main KVM package
# python-virtinst - Command line tools and libraries for creating VMs
# virt-manager - GUI VM administration tool
# virt-top - Command for VM statistics
# virt-viewer - GUI connection to configured VMs
# libvirt - C language toolkit with the libvirtd service
# libvirt-client - C language toolkit for VM clients

### Creating a KVM VM with GUI ###
# 1. Open virt-manager from the menu or run "virt-manager" from the GUI term prog.
# 2. Right-click the localhost (QEMU) hypervisor and click "Connect" in the pop-up
      menu that appears
# 3.  In the pop-up menu that appears, click New.
# 4. Type in a name for the new VM. Select install method. Click Forward.
# 5. Select install media and OS type and version. Click forward.
# 6. Choose RAM and CPU. Click forward.
# 7. Check the editable storage box and choose a size for you disk image. Select allocate
     entire disk is selected.  Click forward.
# 8. Click advanced options and make sure networks looks ok. Click finish. 
# 9. It will create the VM. It should be listed in the Virtual Machine Manager now.
# 10. You can highlight the new VM and and click Open. You can now do the OS install.
#
# After installing a KVM guest you need to change the boot device.
# Click Applications | System Tools | Virtual Machine
# Manager. Enter the root administrative password if prompted, and double-click on
# the desired VM. Then change the boot device with the following steps:
# 1. In the window associated with the VM, click View | Details.
# 2. In the window that appears, click Boot Options.
# 3. Change boot order by clicking hard disk and move it up with the arrow button. Click apply.
# 4. Click View | Console and then Virtual Machine | Run. The system will boot normally.

# Creating a KVM VM with install questions on the cmd line
virt-install --prompt 

# Installing VM in one line using virt-install. Assumes kickstart file and packages  on ftp server.
# Also assumes disk image was made ahead of time.
virt-install -n hostname.domain.lan -r 1024 --disk \
path=/var/lib/libvirt/images/hostname.domain.lan.img \
-l ftp://192.168.0.1/pub/inst \
-x �ks=ftp://192.168.1.1/pub/ks1.cfg�
# This line creates the disk (5Gig) and uses a kickstart file and repo from an http server
# Just copy over the RH DVD #1 to the root of an http server. Put the kickstart file there also. 
virt-install -n testmachine2.domain.lan -r 1000 \
--disk path=/var/lib/libvirt/images/testmachine2.domain.lan.img,size=5 \
-l http://192.168.0.245/ --vcpus=1 -x "ks=http://192.168.0.245/ks.cfg"

# Virsh commands to check and control VM's
# List all configured VM's status
virsh list --all
# Start VM
virsh start hostname.domain.lan
# Gracefully shutdown a VM (may not work)
virsh shutdown hostname.domain.lan
# Hard stop a VM (like pulling the power on it) use if shutdown does not work. 
virsh destroy hostname.domain.lan
# Reboot a guest
virsh reboot hostname.domain.lan
# Make sure VM starts on host reboot
virsh autostart hostname.domain.lan
# Keep Vm from starting on boot (or rm sym link from /etc/libvirt/qemu/autostart dir)
virsh autostart --disable hostname.domain.lan
# Take disk snapshot with VM off (not part of RHCSA but interesting). Can't do live snapshot in RH6.
virsh snapshot-create-as hostname.domain.lan snapshot1 --disk-only --atomic
# List snapshots for VM (not part of RHCSA)
virsh snapshot-list hostname.domain.lan
# List snapshot info (not part of RHCSA)
virsh snapshot-info --current hostname.domain.lan

# Clone a VM with install questions on the command line
# Make sure vm is stopped
virsh destroy hostname.domain.lan
# Start clone 
virt-clone --prompt
# When booting the clone start it in run level 1 and change network IP,MAC,Hostname, etc.

# Re-creating a VM with the same name or deleting a VM for good
# Stop the VM
virsh destroy tester1.example.com
# Delete associated XML file.
rm /etc/libvirt/qemu/hostname.blah.xml
# Delete VM disk image by name from images dir.  
/var/lib/libvirt/images/hostname.blah.img
# Restart the VM daemon for changes to take effect
/etc/init.d/libvirtd restart

### Add virtual HD's to a KVM VM (Not on test) ###
# Make a bunch of virtual HD's to practice LVM 
1. Open virt-manager
2. Select regular localhost (QEMU) hypervisor, right click and select connect.
3. Right click a vm and then open. View | Details  click Add Hardware.
4. Follow install wizard. On next boot partition the drive with fdisk or parted.

### Notes on getting VM Networking going (not on test)###
# On a KVM-based virtual host, you may notice additional firewall rules
# the following additional  rule,accepts traffic over a physical bridged network device.
# /etc/sysconfig/iptables: -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
# to make this work in  /etc/sysctl.conf file set net.ipv4.ip_forward=1 
# To activate this run "sysctl -p"
# More great info on getting NAT working with libvert http://wiki.libvirt.org/page/Networking

#################
### Kickstart ###
#################
# All machines have a kickstart file called /root/anaconda-ks.cfg with the options they were installed.

# You can put ks file on things like HD's or USB media and access it during install. During
# initial install screen hit tab to get Grub boot line. Then at the end of the line put
# ks=hd:sdb1:/ks.cfg for accessing a file on the second device's root partition #1.
# For CDROM ks=cdrom:/ks.cfg. For FTP ks=ftp://192.168.0.1/pub/ks.cfg. For HTTP
# and NFS ks=nfs:192.168.9.1/ks.cfg ks=http://192.168.9.1/ks.cfg

# To help modify a kickstart file install and use the RH system kickstart program
# Install 
yum install system-config-kickstart
# Start program use systems ks file as example 
system-config-kickstart /root/anaconda-ks.cfg

# Here is a kickstart file I used during testing. Make sure you open up iptables ports  for on your kvm host that
# your guests can use. If things won't work drop iptables to see if that is it. service iptables stop
# Webserver 192.168.0.245 with RH DVD files were on local apache server along with kickstart the file.
firewall --enabled --service=ssh
install
url --url="http://192.168.0.245/"
repo --name="CentOS" --baseurl=http://192.168.0.245 --cost=100
rootpw --iscrypted $1$Kiv/ikw81H@#JEjejowwudj333
auth  --useshadow  --passalgo=sha512
graphical
firstboot --disable
keyboard us
lang en_US
selinux --enforcing
logging --level=info
timezone  America/New_York
network  --bootproto=dhcp --device=eth0 --onboot=on
bootloader --append="crashkernel=auto rhgb" --location=mbr --driveorder="sda"
zerombr
clearpart --all --initlabel 
part / --fstype="ext4" --size=4600
part swap --grow --size=200
%packages
@base
@console-internet
@core
@debugging
@directory-client
@hardware-monitoring
@java-platform
@network-file-system-client
@perl-runtime
@print-client
@server-platform
@server-policy
certmonger
device-mapper-persistent-data
ftp
genisoimage
krb5-workstation
mtools
oddjob
pam_krb5
pax
perl-DBD-SQLite
samba-winbind
sgpio
wodim
%end


#######################
### Logical Volumes ###
#######################

### Description of pieces ###
# Physical volume (PV) A PV is a partition, configured (initialized) to the LVM partition type.
# Physical extent (PE) A PE is a small uniform segment of disk space. PVs are split into PEs.
# Logical extent (LE) Every LE is associated with a PE and can be combined into a volume group.
# Volume group (VG) A VG is a bunch of LEs, grouped together.
# Logical volume (LV) An LV is a part of a VG, which can be formatted and
# then mounted on the directory of your choice.

### The Process ### 
# Partition needs to be made on the disk.
# The partition needs to be labeled as a logical volume.
# The labeled partition can then be initialized as a physical volume.
# One or more physical volumes can be combined as a volume group.
# A volume group can be subdivided into logical volumes.
# A logical volume can then be formatted to a Linux file system or as swap space.
# The formatted logical volume can be mounted on a directory or as swap space.

# Make your partitions with fdisk and mark them with the LVM fs type
# Assuming we have 2 hd's sda and sdb. We will use VG001 as the VG name.
# Initialize the physical volumes 
pvcreate /dev/sda1 /dev/sda2 /dev/sdb1 /dev/sdb2
# Create the volume group from the PV's
vgcreate VG001 /dev/sda1 /dev/sda2
# Add more PV's. We could have added all PV's above but wanted to show extending
vgextend VG001 /dev/sdb1 /dev/sdb2
# Create logical vols with size of 100Meg with the name disk1
lvcreate -L 100M VG001 -n disk1
# The device /dev/VG001/disk1 gets created and can be formatted and mounted.
mkfs.ext4 /dev/VG001/disk1
mkdir /disk1
mount /dev/VG001/disk1 /disk1
# You should put this in the /etc/fstab so it is mounted on boot
/dev/mapper/VG001-disk1 /disk1 ext4 defaults 1 2

# Resize Logical Vol to make it bigger by adding a new disk partition (/dev/sdc1)
# Unmount dir associated with lv Ex. /home
umount /home
# Extend the vg (vg001) with new partitions Ex. sdc1
vgextend vg001 /dev/sdc1
# Make sure it's added 
vgdisplay vg001
# Extend the lv to 5G
lvextend -L 5000M /dev/vg001/lv00
# Expand the filesystem to use the new space
resize2fs /dev/vg001/lv00

# GUI for managing LVM is system-config-lvm

# Useful LVM commands
# pvdisplay - Displays currently configured PVs.
# pvchk - Checks the integrity of a physical volume.
# pvs - Lists configured PVs and the associated VGs.
# pvmove - Moves PVs in a VG from the specified partition to free locations
  on other partitions; prerequisite is to disable the PE.
# vgcfgbackup - Backs up and restores the configuration files associated with LVM
# vgchange - Similar to pvchange, allows you to activate or deactivate a VG. For
# vgck - Checks the integrity of a volume group.
# vgcreate - Creates a VG, from two or more configured PVs: for example,
# vgdisplay - Displays characteristics of currently configured VGs.
# vgextend - if you�ve create  a new PV vgextend vg00 /dev/sda11 adds the
  space from /dev/sda11 to vg00.
# vgrename - Allows renaming of LVs.
# vgs - Displays basic information on configured VGs.
# vgscan - Scans and displays basic information on configured VGs.
# lvcreate - Creates a new LV in an existing VG. 
# lvdisplay - Displays currently configured LVs.
# lvextend - Adds space to an LV: the lvextend -L6G /dev/volume01/lv01
  command extends lv01 to 6GB, assuming space is available.
# lvrename - Renames an LV.
# lvresize - Resizes an LV; can be done by -L for size. For example, lvresize -L
  6GB volume01/lvl01 changes the size of lvl01 to 6GB.
# lvs - Lists all configured LVs.

# Don't setup a LVM vol for the /boot dir. Linux can't read from it on boot.

###############
### SELINUX ###
###############
# Install SELinux management tools
yum install policycoreutils*    (and other SE management tools)
# Then start with 
system-config-selinux

# SELinux assigns different contexts to each file, known as subjects, objects, and actions
# A subject is a process, like a running command, or an app like a running web server.
# An object is a file. 
# An action is what may be done by the subject to the object.
# Most SELinux settings are boolean. activitated or deactiviated by setting to 1 or 0.
# Booleans are stored in the /selinux/booleans directory
# Modify booleans with getsebool  and  setsebool set with -P to survice reboot.
# To see all booleans use  getsebool -a. Description on each use semanage boolean -l 

-rwxr-----. root root system_u:object_r:admin_home_t:s0           .bashrc
                         |        |          |        |             |
                       user      role       type     MLS Level     Filename

# File to set selinux mode (enforcing, permissive, or disabled) /etc/sysconfig/selinux 

# To show what mode your in use commands: 
getenforce   or   sestatus
# Change current mode. For enabling, the line SELINUX=  has to be set to enforcing 
setenforce enforcing  or  setenforce permissive
# To show selinux status of users. Yum install policycoreutils* to get semanage program.
semanage login -l 
# Change user bob to staff_u user. This also adds bob's mapping between linux users and SELinux. 
semanage login -a -s staff_u bob
# Delete user bob from staff_u list
semanage login -d bob

# Show SE file contexts
ls -Z 
# Show process contexts
ps -eZ
# Default contexts are configured in /etc/selinux/targeted/contexts/files/file_contexts
# Copy context from one dir to another recursively 
chcon -R --reference=/var/www/html/ /var/www/html/inst
# Restore contexts back to default
restorecon -F /var 

# Logs for SElinux (records and show problems) are in /var/log/audit/audit.log
# Use ausearch to Search for things like sudo issues in the access vector cache
ausearch -m avc -c sudo
# Show all avc issues
ausearch -m avc
# A better tool to find SELinux issues is sealeart
sealert -a /var/log/audit/audit.log

# Show all SELinux booleans on the system 
getsebool -a  
# Set one to off. Ex. set user_ping to off. -P makes setting survive reboot
setsebool -P user_ping off

####################
### Boot Process ###
####################
# Press A  at the GRUB boot menu to append an option to the boot line. 
# Enter a 1 - 5 at the end of this menu to boot to that run level.
# Enter the word "single" at the end of the prompt to do
# everything but run the scripts listed in the /etc/rc1.d/ dir.
# Single mode is great way to recover a forgotten root password. Just boot into single and type passwd.
# Enter init=/bin/sh at the end of the prompt. This does  not load init-related files
# but mounts only the top-level root directory (/) in read-only mode. To start boot sequence while in
# this mode type "exec /sbin/init". Just /sbin/init will not work.

# To change the current bootable run level edit /etc/inittab file and change the number
# in the line id:5:initdefault:  to the level you want.

### Grub ###
# Change Grub boot menu items in file /boot/grub/grub.conf
# Use grub-md5-crypt program to make a md5 password hash for the password --md5 line in
# the /boot/grub/grub.conf
# From the grub prompt find the grub.conf file (finding the boot dir)
grub> find /grub/grub.conf    or  run   grub> root
# Look at grub conf file
grub> cat (hd0,0)/grub/grub.conf

# Check run level with the "runlevel" command. 
# Change runlevel with the "init" or "telinit" command. Changing to run level 2:
init 2   or  telinit 2 
# Reboot the system with the reboot command
reboot
# Shutdown the system with the "shutdown" command.
shutdown

# Upstart config files/boot process files  are kept in /etc/init/ and /etc/sysconfig/init

# Show processes that start at different run levels
chkconfg --list
# Make sure postfix process starts at boot
chkconfig postfix on     ( or issue "off" so it does not start)
# Turn off postfix at runlevel 4
chkconfig --level 4 postfix off
# Ntsysv is a console gui to manage runlevels. Issue command with runlevels to manage
ntsysv --level 2345
# Use gui to manage services
system-config-services

##################
### Networking ###
##################
# Interface network files are in /etc/sysconfig/network-scripts dir.
# They look like ifcfg-eth0. This is the default network interface. 
# Config options speak for themselves for the most part. 
# Networking on/off and hostname is in /etc/sysconfig/network
# bring up interface
ifup ifcfg-eth0  or   ifup eth0
# Shutdown interface
ifdown ifcfg-eth0  or ifdown eth0
# Show interface info
ifconfig eth0
# Show routing table
netstat -nr  or   route
# Add a default route to a box
route add default gw 192.168.1.1
# Add a route to a different network through a different interface
route add -net 192.168.2.0 netmask 255.255.255.0 dev eth1
# Show all network connections and listening services with PID's.
netstat -punta
# Show all arp entries 
arp 
# Delete arp entry
arp -d hostname
# Network console gui
system-config-network-tui 
# GUI network editor. 
nm-connection-editor
# Look in the upper right hand corner of the desktop for the Network Manager icon
# Feel no shame using this during the test. System->Preferences->Network Connections.
# Make a dhcp request with dhclient to configure eth0 for dynamic networking
# This is done by default at boot if /etc/sysconfig/network-scripts says so.
dhclient eth0
# See if an ip address is working/responding on the network with the ping command
# You can also use the hostname of a system. It will re
ping 127.0.0.1 
# Check network status 
service network status
# Restart networking
service network restart

# DNS info is in /etc/resolv.conf file. Set system hostname in /etc/hosts and /etc/sysconfig/network
# Order of search for /etc/hosts and DNS is in /etc/nsswitch file.  The line is:    hosts: files dns

# NTP settings are in /etc/ntp.conf  multiple server lines can be put in like so
server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
# Make sure NTPD starts on boot: chkconfig ntpd on

###################
### File Systems ###
###################
### fdisk (to make partitions) ###
# If you need more than 4 partitions make the first 3 as primart and the 4th as extended. 
# Extended partition should always be the biggest as the rest parts have to fit in it.
# point fdisk to a hard drive (real or virtual
fdisk /dev/sda   or fdisk /dev/vda
# fdisk commands: (m)-for help, (n)-new part, primary-(p) or logical-(l) (e)-extended partition,
# (a)-make partition bootable, (w)-write config to disk, (d)-delete part
# Select the type of partition after making it with (t)- type . 
# Types: 82-Linux swap, 83-Linux partition, 8e-Linux LVM partition used as a physical vol

### Parted (to make partitions) ###
# Start parted on /dev/sda
parted /dev/sda
# Make a disk label if need be
mklabel  (type: msdos)
# Make a partiiton (follow the prompts)
mkpart
# Show changes and check it
p
# del partition #1
rm 1
# Exit 
quit
# To set flag for lvm or raid 
(parted) set
Partition number? 1
Flag to Invert? lvm   or  raid 
New state? [on]/off on

# If you make a swap partition, create it and active it with mkswap /dev/sda2;swapon /dev/sda2

# Check a file system for problems by unmouting it and running the fsck command  
umount /disk1
fsck -t ext4 /dev/sda7
mount /dev/sda7 /disk1

# Convert sda1 from ext3 to ext4 (can't go back after upgrading)
tune2fs -O extent,uninit_bg,dir_index /dev/sda1
# check if it worked
dumpe2fs /dev/sda1 | grep �Filesystem features�

# Format any file systems with ext4. Ex. with /dev/sdb1
mkfs.ext4 /dev/sdb1

### LUKS ###
# LUKS is an encrypted filesystem mounted on a specific directory.
# Install needed packages.
yum install cryptsetup-luks
# Look for kernel modules for LUKS. Might not be loaded by default.
lsmod | grep dm_crypt
# If not loaded load them
modprobe dm_crypt
# Make a partition you want to be encrypted with fdisk or parted. Ex.  /dev/sda1
# Prepare (initialize) the partition for LUKS. Type your passphrase when asked.
cryptsetup luksFormat /dev/sda1
# Get UUID of device (optional)
cryptsetup luksUUID /dev/sda1
# Map the device to /dev/mapper. Use your own name here (ev) or use th UUID.
cryptsetup luksOpen /dev/sda1 ev  
# Now format the device in the /dev/mapper dir
mkfs.ext4 /dev/mapper/ev
# Find UUID of drive (if you don't have it.)
dumpe2fs /dev/mapper/ev | grep UUID
# Make dir to mount vol to
mkdir /ev
# Put a line in /etc/crypttab so it will be activated on boot. 
# This will automatically load the dm_crypt module.
# Replace ev with UUID if you choose to use that
ev /dev/sda1 none
# Put mount line in /etc/fstab either by UUID or the name you have chosen. 
/dev/mapper/ev /ev ext4  defaults 1 2
or
UUID=uuidNumber /ev ext4  defaults 1 2
# Mount disk
mount -a
# On boot you will have to type a password to mount this LUKS partition

# To get device uuid's 
dumpe2fs /dev/vda1 | grep UUID  or dumpe2fs /dev/mapper/7* | grep UUID
# You can also use the program blkid 
blkid /dev/sda1

# Example of mounting NFS
mount -t nfs hostname.example.com:/pubic /share
# Example mounting with CIFS
//server/pubic /share cifs rw,username=user,password=pass, 0 0

### Automounter ###
# Uses autofs service to mount things dynamically. Make sure it's running and starts on boot.
# Relevant configuration files are auto.master, auto.misc, auto.net, and auto.smb, in the /etc dir
# The misc net smb  after the auto. name show what dir things will be mounted to from / 
# Make sure the /smb /misc /net and others your using for autofs don't exist. They will be auto created.
# For example  auto.smb would mount to the /smb dir and net mouts to /net (used for NFS mounts)
# Automounter settings are in /etc/sysconfig/autofs

# In the auto.master the first field is the mount point.The second field is the location of the map file,
# The third field can contain information such as a timeout value

# Example NFS mount in the /etc/auto.net file. auto.master has to have line  /net -hosts
project    -rw,soft,intr,rsize=8192,wsize=8192 blah.example.net:/proj
  |                             |                    |            |
localdir                 mount options          remote host       remote mount point

# Example of a CD mounted to misc. Put this line in auto.misc
cd  -fstype=iso9660,ro,nosuid,nodev  :/dev/cdrom

# Setting up automounted NFS home dir's. You have to remove your /home dir for this to work.
# In auto.master put the line "/home /etc/auto.home"
# In /etc/sysconfig/autofs uncomment the lines to 
DEFAULT_MAP_OBJECT_CLASS=�automountMap�
DEFAULT_ENTRY_OBJECT_CLASS=�automount�
DEFAULT_MAP_ATTRIBUTE=�automountMapName�
DEFAULT_ENTRY_ATTRIBUTE=�automountKey�
DEFAULT_VALUE_ATTRIBUTE=�automountInformation�
# Make the file /etc/auto.home and put in
* -fstype=nfs,rw,soft,intr,rsize=8192,wsize=8192,nosuid,tcp server.example.com:/home/&
# restart autofs
service autofs restart

##########################
### Package Management ###
##########################
# RPM packages can be installed with  "rpm -ivh  package.rpm" or rpm -ivh ftp://ftp.com/package.rpm
# RPM packages can be Upgraded/installed  with "rpm -Uvh  package.rpm". 
  -U replaces package if it's there, if not it just installs it.
# RPM packages can be removed with  "rpm -evh  package.rpm"
# See if package is installed with rpm -q package.rpm. See all install packages rpm -qa 
# List all file from package  rpm -ql 
# Verify all files within packge against downloaded rpm. rpm --verify -p package.rpm
# Install GPG key 
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

# Important Yum file /etc/yum.conf and dir's /etc/yum.repos.d & /etc/yum
# Get the full list of yum configuration directives and  values run: yum-config-manager

# Install package with yum
yum install packagename
# Info about package
yum info packagename
# Remove package
yum erase packagename
# Update all packages on system
yum update
# Search for file in a package
yum whatprovides */*filename
# Clean up downloaed packages, flush cache headers
yum clean all
# Look at all package groups available
yum grouplist
# Find info on a package group. Anything listed in "Optional Packages" will not be installed
yum groupinfo "Virtualization"
# Install group package
yum groupinstall "Virtualization"
# Remove group package
yum groupremove packagename

# GUI package management can be done by running "gpk-application" or 
# click System | Administration | Add/Remove Software.

# Make a simple Yum repo in /etc/yum.repos.d. Example in "man yum.conf"
cd /etc/yum.repos.d
vi myrepo.repo    the file will look like:
[myrepo]
name=foo
baseurl=http://192.168.1.1/inst
# Then run 
yum clean all
yum update

#######################
### User Management ###
#######################
# /etc/passwd contains basic user info.
Column	Field		Description
---------------------------------------------------------------------
1	Username	The users login name. Usernames can include hyphens (-) or
			underscores (_). They should not start with a number or include
			uppercase letters.
2	Password	The password. You should see either an x, an asterisk (*), or a 
			random group of letters and numbers. An x points to /etc/shadow with 
                        the actual password. An asterisk means the account is disabled. A random
			group of letters and numbers represents the encrypted password.
3	User ID		The unique numeric user ID (UID) for that user. By default, Red Hat starts
			user IDs at 500.
4	User Info	You can enter any information of wamt in this field. For example
			the user�s full name, telephone number, e-mail address, or
			physical location. You can leave this blank if you like.
5	Home Directory	By default, RHEL puts new home directories in /home/username
6	Login Shell	By default, RHEL assigns users to the bash shell. Change this to
			any other shell you have installed on the system.

# /etc/group groups users are assigned to.
Column  Field           Description
---------------------------------------------------------------------
1 	Groupname	Each user gets their own group, with the same name as theirr
                        username. You can also create unique group names.
2	Password	The password. You should see either an x or a
                        random group of letters and numbers. An x points to /etc/
                        gshadow for the actual password. A random group of letters
                        and numbers represents the encrypted password.
3	Group ID	The numeric group ID (GID) associated with that user. By
			default, RHEL creates a new group for every new user. If you
			want to create a special group such as clowns, you should
			assign a GID number outside the standard range, otherwise,
			Red Hat GIDs and UIDs would probably get out of sequence.
	
4	Group members	Lists of usernames that are members of the group. If it�s
			blank, and there is a username that is identical to the group
			name, that user is the only member of that group.


# /etc/shadow supplent to /etc/passwd file. Consists of
Column  Field		 Description
--------------------------------------------------------------------- 
1 	Username	 Username
2 	Password 	 Encrypted password; requires an x in the second column
                         of /etc/passwd
3 	Password history Date of the last password change, in number of days
                         after January 1, 1970
4 	mindays 	 Minimum number of days that a user must keep a password
5 	maxdays 	 Maximum number of days after which a password must be changed
6 	warndays 	 # of days before password expiration when a warning is given
7 	inactive 	 # of days after password expiration when an account is
                         made inactive
8 	disabled	 Number of days after password expiration when an
                         account is disabled

# /etc/login.defs file gives a baseline for a number of parameters in the shadow password suite
# MAIL_DIR - locally delivered e-mail, listed by username
# PASS_MAX_DAYS - After this number of days, the password must be changed.
# PASS_MIN_DAYS - Passwords must be kept for at least this number of days.
# PASS_MIN_LEN - A warning is given when a user tries to use a password shorter than this length.
# PASS_WARN_AGE -  Users are warned this number of days before PASS_MAX_DAYS.
# UID_MIN,UID_MAX,GID_MIN, GID_MAX - Mins and maxes of userids and group id's.
# ENCRYPT_METHOD - hash type used for passwords on the system.
# Their a a bunch more. Look in the file for the rest.

# If editing password and group files by hand use the vipw or vigr programs. 
# Use -s with vipw vigr to edit shadow versions of those files

# User "useradd" to add users to the system. Below adds user1 to system.
# -c adds comment, -d overrides default homedir, -e expiration date for account
# -f # of days after expiration acct expires, -G add user to these groups, -s shell
useradd user1 -c Mr.User1 -d /opt/home -e 2013-11-31 -f 1 -G grp1,grp2 -s /usr/bin/chsh
# Give user1 a password
passwd user1 

# Delete user with "userdel". By default user homedir is not removed. -r deletes home dir
userdel -r user1

# Add group called clowns  use id 1001. omit -g and it takes next available id
groupadd -g 1001 clowns 
# Delete group clowns
groupdel clowns
# Set a group password with "gpasswd" program.
gpasswd mygroup

# Modify current users with usermod. -e change expiration, -G adds user to a group, 
# -L locks account, -U unlocks account, -s new shell, -aG append user to existing group
# You can also open the /etc/passwd or /etc/group file by hand. Like changing the users shell.
usermod -e 2013-11-30 -s /bin/bash -aG group2 user1

# Groupmod changes group id or groupname
groupmod group1 group2     (changes group1 name to group2)

# Using SGID bit to allow users who are part of the same group to share files 
# This assumes we used the commands above to create a group called group1 and
# Put our users who want to share files into that group. SGID allows files created
# in that directory automatically have their group ownership set to be the 
# same as the group owner of the directory. You can also set SGID with chmod g+s dirname

mkdir /opt/shared
chown user1:group1
chmod 2770 /opt/shared

# Use gui system-config-users to administer users 

# Chage command manages password aging info.
# -l lists account info, -d last change date for pass, -E assigns expiration for acct,
# -I locks acct # days after expire, -m set min number of days to keep pass, -M sets
# max # of days to keep pass (-1 to disable), -W days before pass must be changed

# Remove virtual console ttys in /etc/securetty file to stop direct root logins.
# Virtual consoles are started in /etc/init/start-ttys.conf
# /etc/security/access.conf file regulates user access to ttys and remote systems

# To only allow users in the wheel group to su  to other users uncomment the following line
# in the /etc/pam.d/su file
auth required pam_wheel.so use_uid

# To limit tty's to only the root user make a file called /etc/nologin 
# put any message you like in the file telling users only root has access.

# To execute a command with a groups privs use the sg command.
sg group1 -c 'cp /tmp/file1 /home/group1'   (copy file1 to the group1 dir)

# Change the /etc/sudoers file using visudo to change access users have to the sudo command
# Give user1 full system access
user1 ALL=(ALL) ALL
# Give users in the wheel group full system access with no password
wheel ALL=(ALL) NOPASSWD: ALL

# /etc/skel dir contains default environment files for new accounts. 

# /etc/bashrc file is used for aliases and functions, on a system-wide basis
# Change system wide umask here, defines the default prompt, 
# includes settings from *.sh  in the  /etc/profile.d/ dir

# /etc/profile and /etc/profile.d is used for system-wide environments and startup files.
# /etc/profile uses PATH, USER, LOGNAME, MAIL, HOSTNAME, HISTSIZE, and HISTCONTROL variables 
# and runs files in /etc/profile.d
# /etc/profile.d directory is designed to contain scripts to be executed by the /etc/profile file

### Configuring an LDAP client ###
# You can configure LDAP with the system-config-authentication GUI or authconfig-tui.
# The GUI is the preferred method. Try not to do it by hand if at all possible.
# Here is the "by hand" method

# In the /etc/pam_ldap.conf file check/change the following lines
host 127.0.0.1          		(change IP to the LDAP server)
base dc=example,dc=com  		(change to base distinguished name)  
ssl start_tls				(Required if TLS support is used to encrypt 
                        		passwords that are sent to the LDAP server.)
pam_password				encryption schemes for passwords; crypt, nds, ad 
uri ldap://127.0.0.1/   		(change to ldap server use ldaps:// if using ssl
ssl no					(change to yes if using ldaps)
tls_cacertdir /etc/openldap/cacerts     (certs for ssl connection
nss_init, groups_ignoreusers  root, ldap (Assumes no supplemental groups in the LDAP directory server)
pam_password md5			 (password type if you want to use RH default change to: exop

# In the /etc/openldap/ldap.conf file put the following changing for your enviornment
URI ldap://127.0.0.1
HOST ldap1.example.com
BASE dc=example,dc=com
TLS_CACERTDIR /etc/openldap/cacerts

# In the /etc/nsswitch.conf file add ldap to lookups
passwd: files ldap
shadow: files ldap
group: files ldap


#######################
### Different GUI's ###
#######################
system-config-lvm
system-config-authentication
system-config-network
system-config-selinux
system-config-services
system-config-users
system-config-firewall
system-config-kickstart

Reddit!

Related stories

• CentOS 5 PATA to SATA initrd image
• CentOS 5 with more than 4 gig of memory
• Changing video resolution in CentOS 5 or FC6
• BadWindow error running qemu with X forwarding
• Install of Apache, PHP, SSL, MySQL in linux
• MythTV upgrade notes from Mythbuntu 8.04 to 10.04
• Laptop Iptables configuration