Red Hat Enterprise Linux 8 Administration: Master Linux administration skills and prepare for the RHCSA certification exam
- Length: 534 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2021-11-11
- ISBN-10: 1800569823
- ISBN-13: 9781800569829
- Sales Rank: #144612 (See Top 100 Books)
Develop the skill to manage and administer Red Hat Enterprise Linux and get ready to achieve the RHCSA certification
Key Features
- Learn the most common administration and security tasks and manage enterprise Linux infrastructures efficiently
- Assess your knowledge using self-assessment questions based on real-world examples
- Understand how to apply the concepts of core systems administration in the real world
Book Description
Whether in infrastructure or development, as a DevOps or site reliability engineer, Linux skills are now more relevant than ever for any IT job, forming the foundation of understanding the most basic layer of your architecture. With Red Hat Enterprise Linux (RHEL) becoming the most popular choice for enterprises worldwide, achieving the Red Hat Certified System Administrator (RHCSA) certification will validate your Linux skills to install, configure, and troubleshoot applications and services on RHEL systems.
Complete with easy-to-follow tutorial-style content, self-assessment questions, tips, best practices, and practical exercises with detailed solutions, this book covers essential RHEL commands, user and group management, software management, networking fundamentals, and much more. You’ll start by learning how to create an RHEL 8 virtual machine and get to grips with essential Linux commands. You’ll then understand how to manage users and groups on an RHEL 8 system, install software packages, and configure your network interfaces and firewall. As you advance, the book will help you explore disk partitioning, LVM configuration, Stratis volumes, disk compression with VDO, and container management with Podman, Buildah, and Skopeo.
By the end of this book, you’ll have covered everything included in the RHCSA EX200 certification and be able to use this book as a handy, on-the-job desktop reference guide.
This book and its contents are solely the work of Miguel Pérez Colino, Pablo Iranzo Gómez, and Scott McCarty. The content does not reflect the views of their employer (Red Hat Inc.). This work has no connection to Red Hat, Inc. and is not endorsed or supported by Red Hat, Inc.
What you will learn
- Deploy RHEL 8 in different footprints, from bare metal and virtualized to the cloud
- Manage users and software on local and remote systems at scale
- Discover how to secure a system with SELinux, OpenSCAP, and firewalld
- Gain an overview of storage components with LVM, Stratis, and VDO
- Master remote administration with passwordless SSH and tunnels
- Monitor your systems for resource usage and take actions to fix issues
- Understand the boot process, performance optimizations, and containers
Who this book is for
This book is for IT professionals or students who want to start a career in Linux administration and anyone who wants to take the RHCSA 8 certification exam. Basic knowledge of Linux and familiarity with the Linux command-line is necessary.
Table of Contents
- Installing RHEL8
- RHEL8 Advanced Installation Options
- Basic Commands and Simple Shell Scripts
- Tools for Regular Operations
- Securing Systems with Users, Groups, and Permissions
- Enabling Network Connectivity
- Adding, Patching, and Managing Software
- Administering Systems Remotely
- Securing Network Connectivity with firewalld
- Keeping Your System Hardened with SELinux
- System Security Profiles with OpenSCAP
- Managing Local Storage and Filesystems
- Flexible Storage Management with LVM
- Advanced Storage Management with Stratis and VDO
- Understanding the Boot Process
(N.B. Please use the Look Inside option to see further chapters)
Red Hat Enterprise Linux 8 Administration Contributors About the authors About the reviewer Preface Who this book is for What this book covers To get the most out of this book Download the example code files Download the color images Conventions used Get in touch Share Your Thoughts Section 1: Systems Administration – Software, User, Network, and Services Management Chapter 1: Installing RHEL8 Technical requirements Obtaining RHEL software and a subscription Installing RHEL8 Preparation for a physical server installation Preparation for a virtual server installation Running an RHEL installation Summary Chapter 2: RHEL8 Advanced Installation Options Technical requirements Automating RHEL deployments with Anaconda Deploying RHEL on the cloud Installation best practices Summary Chapter 3: Basic Commands and Simple Shell Scripts Logging in as a user and managing multi-user environments Using the root account Using and understanding the command prompt Changing users with the su command Understanding users, groups, and basic permissions Users Groups File permissions Using the command line, environment variables, and navigating through the filesystem Command line and environment variables Navigating the filesystem Bash autocomplete Filesystem hierarchy Understanding I/O redirection in the command line Filtering output with grep and sed Listing, creating, copying, and moving files and directories, links, and hard links Directories Copying and moving Symbolic and hard links Using tar and gzip Creating basic shell scripts for loops if conditionals Exit codes Using system documentation resources Man pages Info pages Other documentation resources Summary Chapter 4: Tools for Regular Operations Technical requirements Managing system services with systemd Systemd unit file structure Managing services to be started and stopped at boot Managing boot targets Scheduling tasks with cron and systemd System-wide crontab User crontab Systemd timers Learning about time synchronization with chrony and NTP NTP client NTP server Checking for free resources – memory and disk (free and df) Memory Disk space CPU Load average Other monitoring tools Finding logs, using journald, and reading log files, including log preservation and rotation Log rotation Summary Chapter 5: Securing Systems with Users, Groups, and Permissions Creating, modifying, and deleting local user accounts and groups Managing groups and reviewing assignments Adjusting password policies Configuring sudo access for administrative tasks Understanding sudo configuration Using sudo to run admin commands Configuring sudoers Checking, reviewing, and modifying file permissions Using special permissions Understanding and applying Set-UID Understanding and applying Set-GID Using the sticky bit Summary Chapter 6: Enabling Network Connectivity Technical requirements Exploring network configuration in RHEL Getting to know the configuration files and NetworkManager Configuring network interfaces with IPv4 and IPv6 IPv4 and IPv6... what does that mean? Configuring interfaces with nmtui Configuring interfaces with nm-connection-editor Configuring interfaces with nmcli Configuring interfaces with text files Configuring hostname and hostname resolutions (DNS) Overview of firewall configuration Configuring the firewall Testing network connectivity Summary Chapter 7: Adding, Patching, and Managing Software RHEL subscription registration and management Managing repositories and signatures with YUM/DNF Doing software installations, updates, and rollbacks with YUM/DNF Creating and syncing repositories with createrepo and reposync Understanding RPM internals Summary Section 2: Security with SSH, SELinux, a Firewall, and System Permissions Chapter 8: Administering Systems Remotely Technical requirements SSH and OpenSSH overview and base configuration OpenSSH server OpenSSH client Accessing remote systems with SSH Key-based authentication with SSH SSH agent SCP/rsync – remote file management Transferring files with an OpenSSH secure file copy Transferring files with sftp Transferring files with rsync Advanced remote management – SSH tunnels and SSH redirections Remote terminals with tmux Summary Chapter 9: Securing Network Connectivity with firewalld Introduction to the RHEL firewall – firewalld Enabling firewalld in the system and reviewing the default zones Reviewing the different configuration items under firewalld Enabling and managing services and ports Creating and using service definitions for firewalld Configuring firewalld with the web interface Summary Chapter 10: Keeping Your System Hardened with SELinux Technical requirements SELinux usage in enforcing and permissive modes Reviewing the SELinux context for files and processes Tweaking the policy with semanage Restoring changed file contexts to the default policy Using SELinux Boolean settings to enable services SELinux troubleshooting and common fixes Summary Chapter 11:System Security Profiles with OpenSCAP Getting started with OpenSCAP and discovering system vulnerabilities Using OpenSCAP with security profiles for OSPP and PCI DSS Scanning for OSPP compliance Scanning for PCI DSS compliance Summary Section 3: Resource Administration – Storage, Boot Process, Tuning, and Containers Chapter 12: Managing Local Storage and Filesystems Technical requirements Let's start with a definition A bit of history Partitioning disks (MBR and GPT disks) Formatting and mounting filesystems Setting default mounts and options in fstab Using network filesystems with NFS Summary Chapter 13: Flexible Storage Management with LVM Technical requirements Understanding LVM Creating, moving, and removing physical volumes Combining physical volumes into volume groups Creating and extending logical volumes Adding new disks to a volume group and extending a logical volume Removing logical volumes, volume groups, and physical volumes Reviewing LVM commands Summary Chapter 14: Advanced Storage Management with Stratis and VDO Technical requirements Understanding Stratis Installing and enabling Stratis Managing storage pools and filesystems with Stratis Preparing systems to use VDO Creating a VDO volume Assigning a VDO volume to an LVM volume Testing a VDO volume and reviewing the stats Summary Chapter 15: Understanding the Boot Process Understanding the boot process – BIOS and UEFI booting Working with GRUB, the bootloader, and initrd system images Managing the boot sequence with systemd Intervening in the boot process to gain access to a system Summary Chapter 16: Kernel Tuning and Managing Performance Profiles with tuned Technical requirements Identifying processes, checking memory usage, and killing processes Adjusting kernel scheduling parameters to better manage processes Installing tuned and managing tuning profiles Creating a custom tuned profile Summary Chapter 17: Managing Containers with Podman, Buildah, and Skopeo Technical requirements Introduction to containers Installing container tools Running a container using Podman and UBI Basic container management – pull, run, stop, and remove Attaching persistent storage to a container Deploying a container on a production system with systemd Building a container image using a Dockerfile or Containerfile Configuring Podman to search registry servers Summary of Podman options When to use Buildah and Skopeo Building container images with Buildah Inspecting a remote container with Skopeo Summary Section 4: Practical Exercises Chapter 18: Practice Exercises – 1 Technical requirements Tips for the exercise Practice exercise 1 Exercises Exercise 1 resolution 1. Configuring the time zone to GMT 2. Allowing password-less login to the root user using SSH 3. Creating a user named 'user' that can connect to the machine without a password 4. The user 'user' should change their password every week, with 2 days' warning and 1 day of usage once expired 5. The root user must be able to SSH as 'user' without a password, so that nobody can connect remotely as the root user using a password 6. The user 'user' should be able to become root and execute commands without a password 7. When a user tries to log in over SSH, display a legal message about not allowing unauthorized access to this system 8. SSH must listen on port 22222 instead of the default one 9. Creating a group named 'devel' 10. Making 'user' a member of 'devel' 11. Storing user membership in a file called 'userids,' in a home folder for 'user' 12. The user 'user' and root user should be able to connect to the localhost via SSH, without specifying the port, and default to compression for the connection 13. Finding all man page names in the system, and putting the names into a file named 'manpages.txt' 14. Printing usernames for users without a login, so they can be permitted access to the system, and printing the user ID and groups for each user 15. Monitoring available system resources every 5 minutes without using cron, and storing them as /root/resources.log 16. Adding a per-minute job to report the available percentage of free disk space and storing it in /root/freespace.log, so that it shows the filesystem and free space 17. Configuring the system to only leave 3 days of logs 18. Configuring log rotation for /root/freespace.log and /root/resources.log 19. Configuring time synchronization against pool.ntp.org with fast sync 20. Providing NTP server services for subnet 172.22.0.1/24 21. Configuring system stats collection every minute 22. Configuring the password length in the system for users to be 12 characters 23. Creating a bot user called 'privacy,' which keeps its files only visible to itself by default 24. Creating a folder named /shared that can be accessed by all users, and defaults new files and directories to still be accessible to users of the 'devel' group 25. Configuring a network connection with IPv4 and IPv6 addressing named 'mynic,' using the provided data Ip6, as follows: 2001:db8:0:1::c000:207/64 g gateway 2001:db8:0:1::1 IPv4 192.0.1.3/24 gateway 192.0.1.1 26. Allowing the host to use a google hostname to reach www.google.com, and a redhat hostname to reach www.redhat.com 27. Reporting the files modified from those that the vendor distributed, and storing them in /root/altered.txt 28. Making our system installation media packages available via HTTP under the path /mirror for other systems to use it as the mirror, and configuring the repository in our system. Removing the kernel packages from that mirror so that other systems (even ours) can't find new kernels. Ignoring the glibc packages from this repo to be installed without removing them 29. As 'user,' make a copy of the /root folder in the /home/user/root/ folder, and keep it in sync every day, synchronizing additions and deletions 30. Checking whether our system conforms to the PCI-DSS standard 31. Adding a second hard drive of 30 GB to the system, but using only 15 GB to move the mirror to it, making it available at boot using compression and deduplication, and available under /mirror/mirror 32. Configuring the filesystem to report at least 1,500 GB in size, to be used by our mirrors 33. Creating a second copy of the mirror under /mirror/mytailormirror and removing all packages starting with k* 34. Creating a new volume in the remaining space (15 GB) of the hard drive and using it to extend the root filesystem 35. Creating a boot entry that allows us to boot into emergency mode in order to change the root password 36. Creating a custom tuning profile that defines the readahead to be 4096 for the first drive and 1024 for the second drive – this profile should also crash the system should an OOM event occur 37. Disabling and removing the installed httpd package, and setting up the httpd server using the registry.redhat.io/rhel8/httpd-24 image Chapter 19: Practice Exercise – 2 Technical requirements Tips for the exercise Practice exercise – 2 Exercises Answers to practice exercise 2 1. Download the necessary file from this book's GitHub repository at https://raw.githubusercontent.com/PacktPublishing/Red-Hat-Enterprise-Linux-8-Administration/main/chapter-19-exercise2/users.txt 2. Use the users.txt file to generate users in the system in an automated way using the values provided, in the following order: username, placeholder, uid, gid, name, home, shell 3. Create a group named users and add that group as the primary group to all users, leaving their own groups, named after each user, as secondary groups 4. Change the home folders for the users so that are group owned 5. Set up an HTTP server and enable a web page for each user, with a small introduction for each that is different between users 6. Allow all the users in the users group to become root without a password 7. Create SSH keys for each user and add each key to root and the other users so that each user can SSH like the other users; that is, without a password 8. Disable password access to the system with SSH 9. Set each user with a different password using /dev/random and store the password in the users.txt file in the second field of the file 10. If the number of letters in the username is a multiple of 2, add that fact to each users description web page 11. Create a container that runs the yq Python package 12. Configure password aging for users that are not a multiple of 2 so that they're expiring 13. Configure the daily compressed log rotation for a month of logs using date-named files 14. Save all the logs generated in the day in /root/errors.log 15. Install all the available updates for system libraries 16. Repair the broken rpm binary using a previously downloaded package available in the /root folder 17. Make all the processes that are executed by the user doe run with a low priority and the ones from john run with a higher priority (+/- 5) 18. Make the system run with the highest throughput and performance 19. Change the system network interface so that it uses an IP address that's higher than the one it was using. Add another IPv6 address to the same interface 20. Create and add /opt/mysystem/bin/ to the system PATH for all users 21. Create a firewall zone, assign it to an interface, and make it the default zone 22. Add a repository hosted at https://myserver.com/repo/ with GPG key from https://myserver.com/mygpg.key to the system since our server might be down. Configure it so that it can be skipped if it's unavailable Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Red Hat Enterprise Linux 8 Administration: Master Linux administration skills and prepare for the RHCSA certification exam
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.