Red Hat Enterprise Linux 9 Administration: Master your Linux administration skills and prepare for the RHCSA certification exam, 2nd Edition
- Length: 553 pages
- Edition: 2
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2023-01-10
- ISBN-10: 1803248807
- ISBN-13: 9781803248806
- Sales Rank: #420538 (See Top 100 Books)
Master all the skills required to successfully administer your Red Hat Enterprise Linux environment and pass the RHCSA certification exam.
Key Features
- Linux System Administration: Software, User and Network and Services Management
- Security with SSH, SELinux, Firewall and System Permissions
- Resources Administration: Storage, Boot process, Tuning and Containers
Book Description
Red Hat Enterprise Linux 9 is the standard for enterprise Linux used from data centres to the cloud.
With this book you will learn how to deploy, access, tweak and improve enterprise services on any system on any cloud running Red Hat Enterprise Linux 9. Understand how to configure, and maintain systems, including software installation, update, and core services; configure local storage using partitions and logical volumes, assign, deduplicate, increase or reduce the storage; apply appropriate security policies, control the system permissions, allow or deny certain actions to the users; and not just deploy systems, but make them secure and reliable. This book provides a base for users who plan to become full-time Linux system administrators by presenting key command-line concepts and enterprise-level tools. Readers will understand and use essential tools for handling files, directories, command-line environments, and documentation, creating simple shell scripts or running commands. With a lot of command line examples, full of tips and real commands, you will learn by doing to save yourself a lot of time and frustration.
By the end of the book, you will be confident in managing the filesystem, the users, the storage, the network connectivity, the security and the software in RHEL 9 systems on any footprint.
What you will learn
- Fundamentals of RHEL9 From a system deployment to user management.
- Secure a system using SELinux policies and configuring firewall rules.
- Learn LVM to manage volumes and maintain VDO deduplication.
- Manage a system remotely using ssh and public key authentication.
- Learn the boot process and kernel tunable to adjust your systems.
Who This Book Is For
This book is designed for anyone that aspires to build and work on IT infrastructures using Linux, or wants to learn more of the first layer of their architecture. They will benefit from this book as a reference for different useful tasks, tips will also help them prepare for the RHCSA certification.
Red Hat Enterprise Linux 9 Administration Contributors About the authors About the reviewers Preface Who this book is for What this book covers To get the most out of this book Download the example code files Download the color images Conventions used Get in touch Share your thoughts Download a free PDF copy of this book Part 1 – Systems Administration – Software, User, Network, and Services Management Chapter 1: Getting RHEL Up and Running Technical requirements Obtaining RHEL and a subscription Installing RHEL 9 Preparation for a physical server installation Preparation for a virtual server installation Running an RHEL installation Summary Chapter 2: RHEL 9 Advanced Installation Options Technical requirements Automating RHEL deployments with Anaconda Deploying RHEL on the cloud Installation best practices Summary Chapter 3: Basic Commands and Simple Shell Scripts Logging in as a user and managing multi-user environments Using the root account Using and understanding the command prompt Changing users with the su command Understanding users, groups, and basic permissions Users Groups File permissions Using the command line, environment variables, and navigating through the filesystem Command line and environment variables Navigating the filesystem Bash auto-complete The filesystem hierarchy Understanding I/O redirection on the command line Filtering output with grep and sed Listing, creating, copying, and moving files, directories, links, and hard links Directories Copying and moving Symbolic and hard links Using tar and gzip Creating basic shell scripts for loops if conditionals Exit codes Using system documentation resources man pages info pages Other documentation resources Summary Chapter 4: Tools for Regular Operations Technical requirements Managing system services with systemd systemd unit file structure Managing services to be started and stopped at boot Managing boot targets Scheduling tasks with cron and systemd System-wide crontab User crontab systemd timers Learning about time synchronization with chrony and NTP NTP client NTP server Checking for free resources – memory and disk (free and df) Memory Disk space CPU Load average Other monitoring tools Finding logs, using journald, and reading log files, including log preservation and rotation Log rotation Summary Chapter 5: Securing Systems with Users, Groups, and Permissions Creating, modifying, and deleting local user accounts and groups Managing groups and reviewing assignments Adjusting password policies Configuring sudo access for administrative tasks Understanding sudo configuration Using sudo to run admin commands Configuring sudoers Checking, reviewing, and modifying file permissions Using special permissions Understanding and applying SUID Understanding and applying SGID Using the sticky bit Summary Chapter 6: Enabling Network Connectivity Technical requirements Exploring network configuration in RHEL Getting to know the configuration files and NetworkManager Configuring network interfaces with IPv4 and IPv6 IPv4 and IPv6 – what do they mean? Configuring interfaces with nmtui Configuring interfaces with nm-connection-editor Configuring interfaces with nmcli Where does NetworkManager store configuration? Configuring hostname and hostname resolutions (DNS) An overview of firewall configuration Configuring the firewall Testing network connectivity Summary Chapter 7: Adding, Patching, and Managing Software RHEL subscription registration and management Managing repositories and signatures with yum/dnf Doing software installations, updates, and rollbacks with YUM/DNF Creating and syncing repositories with createrepo and reposync Understanding RPM internals Summary Part 2 – Security with SSH, SELinux, a Firewall, and System Permissions Chapter 8: Administering Systems Remotely Technical requirements SSH and OpenSSH overview and base configuration OpenSSH server OpenSSH client Enabling root access via SSH (and when not to do it) Accessing remote systems with SSH Key-based authentication with SSH SSH agent Remote file management with SCP/rsync Transferring files with an OpenSSH secure file copy Transferring files with sftp Transferring files with rsync Advanced remote management – SSH tunnels and SSH redirections Remote terminals with tmux Introduction to Ansible automation Inventory Playbook Summary Chapter 9: Securing Network Connectivity with firewalld Introduction to the RHEL firewall – firewalld Enabling firewalld in the system and reviewing the default zones Reviewing the different configuration items under firewalld Enabling and managing services and ports Creating and using service definitions for firewalld Configuring firewalld with the web interface Summary Chapter 10: Keeping Your System Hardened with SELinux Technical requirements SELinux usage in enforcing and permissive modes Reviewing the SELinux context for files and processes Tweaking the policy with semanage Restoring changed file contexts to the default policy Using SELinux Boolean settings to enable services SELinux troubleshooting and common fixes Integrity Measurement Architecture, digital hashes, and signatures for enhancing security EVM and trusted keys Enabling IMA and EVM in the system kernel Summary Chapter 11: System Security Profiles with OpenSCAP Getting started with OpenSCAP and discovering system vulnerabilities Using OpenSCAP with security profiles for OSPP and PCI DSS Scanning for OSPP compliance Scanning for PCI DSS compliance Summary Part 3 – Resource Administration – Storage, Boot Process, Tuning, and Containers Chapter 12: Managing Local Storage and Filesystems Technical requirements Let’s start with a definition A bit of history Partitioning disks (MBR and GPT disks) Formatting and mounting filesystems Setting default mounts and options in fstab Using network filesystems with NFS Summary Chapter 13: Flexible Storage Management with LVM Technical requirements Understanding LVM Creating, moving, and removing physical volumes Combining physical volumes into volume groups Creating and extending logical volumes Adding new disks to a volume group and extending an logical volume Removing logical volumes, volume groups, and physical volumes Reviewing LVM commands Summary Chapter 14: Advanced Storage Management with Stratis and VDO Technical requirements Understanding Stratis Installing and enabling Stratis Managing storage pools and filesystems with Stratis Preparing systems to use VDO Creating and using a VDO volume Testing a VDO volume and reviewing the stats Summary Chapter 15: Understanding the Boot Process Understanding the boot process – BIOS and UEFI booting Working with GRUB, the bootloader, and the initrd system images Managing the boot sequence with systemd Intervening in the boot process to gain access to a system Summary Chapter 16: Kernel Tuning and Managing Performance Profiles with tuned Technical requirements Identifying processes, checking memory usage, and killing processes Adjusting kernel scheduling parameters to better manage processes Installing tuned and managing tuning profiles Creating a custom tuned profile Using the web console for observing performance metrics Summary Chapter 17: Managing Containers with Podman, Buildah, and Skopeo Technical requirements Introduction to containers Installing container tools Running a container using Podman and UBI Basic container management – pull, run, stop, and remove Attaching persistent storage to a container Deploying a container on a production system with systemd Building a container image using a Dockerfile or Containerfile Configuring Podman to search registry servers Summary of Podman options When to use Buildah and Skopeo Building container images with Buildah Inspecting a remote container with Skopeo Summary Part 4 – Practical Exercises Chapter 18: Practice Exercises – 1 Technical requirements Tips for the exercise Practice exercise 1 Exercises Exercise 1 solution 1. Configuring the time zone to GMT 2. Allowing passwordless login to the root user using SSH 3. Creating a user named user that can connect to the machine without a password 4. The user user should change their password every week, with 2 days’ warning and 1 day of usage once expired 5. The root user must be able to SSH as user without a password so that nobody can connect remotely as the root user using a password 6. The user user should be able to become root and also execute commands without a password 7. When a user tries to log in over SSH, display a legal message about not allowing unauthorized access to this system 8. SSH must listen on port 22222 instead of the default one 9. Creating a group named devel 10. Making user a member of devel 11. Storing user membership in a file called userids in the home folder for user 12. The user user and root user should be able to connect to the localhost via SSH without specifying the port, and default to compression for the connection 13. Finding all man page names in the system, and putting the names into a file named manpages.txt 14. Printing usernames for users without a login so that they can be permitted access to the system, and printing the UID and groups for each user 15. Monitoring available system resources every 5 minutes without using cron, and storing them as /root/resources.log 16. Adding a per-minute job to report the available percentage of free disk space and storing it in /root/freespace.log so that it shows the filesystem and free space 17. Configuring the system to only leave 3 days of logs 18. Configuring the log rotation for /root/freespace.log and /root/resources.log 19. Configuring the time synchronization against pool.ntp.org with fast sync 20. Providing NTP server services for the 172.22.0.1/24 subnet 21. Configuring system stats for collection every minute 22. Configuring the password length for users in the system to be 12 characters long 23. Creating a bot user named privacy that keeps its files only visible to itself by default 24. Creating a folder named /shared that can be accessed by all users and defaults new files and directories to still be accessible to users of the devel group 25. Configuring a network connection with IPv4 and IPv6 addressing named mynic, using the following data: 2001:db8:0:1::c000:207/64 g gateway 2001:db8:0:1::1 ipv4 192.0.1.3/24 gateway 192.0.1.1 26. Allowing the host to use the hostname google to reach www.google.com, and the hostname redhat to reach www.redhat.com 27. Reporting the files modified from those that the vendor distributed, and storing them in /root/altered.txt 28. Making our system installation media packages available via HTTP under the /mirror path for other systems to use as a mirror, and configuring the repository in our system. Removing the kernel packages from that mirror so that other systems (even ours) can’t find new kernels. Ignoring the glibc packages from this repository to be installed without removing them 29. As user, make a copy of the /root folder in the /home/user/root/ folder and keep it in sync every day, synchronizing additions and deletions 30. Checking whether our system conforms to the PCI-DSS standard 31. Adding a second hard drive of 30 GB to the system, but using only 15 GB to move the mirror to it, making it available at boot using compression and deduplication, and available under /mirror/mirror 32. Creating a second copy of the mirror under /mirror/mytailormirror and removing all packages starting with k* 33. Creating a new volume in the remaining space (15 GB) of the hard drive and using it to extend the root filesystem 34. Creating a boot entry that allows us to boot into emergency mode in order to change the root password 35. Creating a custom tuning profile that defines the readahead to be 4096 for the first drive and 1024 for the second drive – this profile should also crash the system should an OOM event occur 36. Disabling and removing the installed httpd package, and setting up the httpd server using the registry.redhat.io/rhel9/httpd-24 image Chapter 19: Practice Exercise – 2 Technical requirements Tips for the exercise Practice exercise 2 Exercises Exercise 2 resolution 1. Downloading the necessary file from this book’s GitHub repository at https://raw.githubusercontent.com/PacktPublishing/Red-Hat-Enterprise-Linux-RHEL-9-Administration/main/chapter-19-exercise2/users.txt 2. Using the users.txt file to generate users in the system in an automated way using the values provided, in the following order: username, placeholder, uid, gid, name, home, shell 3. Creating a group named myusers and adding that group as the primary group to all users, leaving their own groups, named after each user, as secondary groups 4. Changing the home folders for the users so that they are group-owned 5. Setting up an HTTP server and enabling a web page for each user, with a small introduction for each that is different between users 6. Allowing all users in the users group to become root without a password 7. Creating SSH keys for each user and adding each key to root and the other users so that each user can SSH like the other users; that is, without a password 8. Disabling password access to the system with SSH 9. Setting each user with a different password using /dev/random and storing the password in the users.txt file in the second field of the file 10. If the number of letters in the username is a multiple of 2, adding that fact to each user description web page 11. Creating a container that runs the yq Python package as the entry point 12. Configuring password aging for users that are not a multiple of 2 so that they’re expiring 13. Configuring a daily compressed log rotation for a month of logs using date-named files 14. Saving all logs generated in the day in /root/errors.log 15. Installing all available updates for system libraries 16. Repairing the broken rpm binary using a previously downloaded package available in the /root folder 17. Making all processes that are executed by the user doe run with a low priority and the ones from john run with a higher priority (+/- 5) 18. Making the system run with the highest throughput and performance 19. Changing the system network interface so that it uses an IP address that’s higher than the one it was using and adding another IPv6 address to the same interface 20. Creating and adding /opt/mysystem/bin/ to the system PATH variable for all users 21. Creating a firewall zone, assigning it to an interface, and making it the default zone 22. Adding a repository hosted at https://myserver.com/repo/ with the GPG key from https://myserver.com/mygpg.key to the system since our server might be down and configuring it so that it can be skipped if it’s unavailable Index Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share your thoughts Download a free PDF copy of this book
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Red Hat Enterprise Linux 9 Administration: Master your Linux administration skills and prepare for the RHCSA certification exam, 2nd Edition
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.