Red Hat Enterprise Linux 8 Administration

Book description

Develop the skills to manage and administer Red Hat Enterprise Linux and get ready to earn the RHCSA certification

Key Features

  • Learn the most common administration and security tasks and manage enterprise Linux infrastructures efficiently
  • Assess your knowledge using self-assessment questions based on real-world examples
  • Understand how to apply the concepts of core systems administration in the real world

Book Description

Whether in infrastructure or development, as a DevOps or site reliability engineer, Linux skills are now more relevant than ever for any IT job, forming the foundation of understanding the most basic layer of your architecture. With Red Hat Enterprise Linux (RHEL) becoming the most popular choice for enterprises worldwide, achieving the Red Hat Certified System Administrator (RHCSA) certification will validate your Linux skills to install, configure, and troubleshoot applications and services on RHEL systems.

Complete with easy-to-follow tutorial-style content, self-assessment questions, tips, best practices, and practical exercises with detailed solutions, this book covers essential RHEL commands, user and group management, software management, networking fundamentals, and much more. You'll start by learning how to create an RHEL 8 virtual machine and get to grips with essential Linux commands. You'll then understand how to manage users and groups on an RHEL 8 system, install software packages, and configure your network interfaces and firewall. As you advance, the book will help you explore disk partitioning, LVM configuration, Stratis volumes, disk compression with VDO, and container management with Podman, Buildah, and Skopeo.

By the end of this book, you'll have covered everything included in the RHCSA EX200 certification and be able to use this book as a handy, on-the-job desktop reference guide.

This book and its contents are solely the work of Miguel Perez Colino, Pablo Iranzo Gomez, and Scott McCarty. The content does not reflect the views of their employer (Red Hat Inc.). This work has no connection to Red Hat, Inc. and is not endorsed or supported by Red Hat, Inc.

What you will learn

  • Deploy RHEL 8 in different footprints, from bare metal and virtualized to the cloud
  • Manage users and software on local and remote systems at scale
  • Discover how to secure a system with SELinux, OpenSCAP, and firewalld
  • Gain an overview of storage components with LVM, Stratis, and VDO
  • Master remote administration with passwordless SSH and tunnels
  • Monitor your systems for resource usage and take actions to fix issues
  • Understand the boot process, performance optimizations, and containers

Who this book is for

This book is for IT professionals or students who want to start a career in Linux administration and anyone who wants to take the RHCSA 8 certification exam. Basic knowledge of Linux and familiarity with the Linux command-line is necessary.

Table of contents

  1. Red Hat Enterprise Linux 8 Administration
  2. Contributors
  3. About the authors
  4. About the reviewer
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Share Your Thoughts
  6. Section 1: Systems Administration – Software, User, Network, and Services Management
  7. Chapter 1: Installing RHEL8
    1. Technical requirements
    2. Obtaining RHEL software and a subscription
    3. Installing RHEL8
      1. Preparation for a physical server installation
      2. Preparation for a virtual server installation
      3. Running an RHEL installation
    4. Summary
  8. Chapter 2: RHEL8 Advanced Installation Options
    1. Technical requirements
    2. Automating RHEL deployments with Anaconda
    3. Deploying RHEL on the cloud
    4. Installation best practices
    5. Summary
  9. Chapter 3: Basic Commands and Simple Shell Scripts
    1. Logging in as a user and managing multi-user environments
      1. Using the root account
      2. Using and understanding the command prompt
    2. Changing users with the su command
    3. Understanding users, groups, and basic permissions
      1. Users
      2. Groups
      3. File permissions
    4. Using the command line, environment variables, and navigating through the filesystem
      1. Command line and environment variables
      2. Navigating the filesystem
      3. Bash autocomplete
      4. Filesystem hierarchy
    5. Understanding I/O redirection in the command line
    6. Filtering output with grep and sed
    7. Listing, creating, copying, and moving files and directories, links, and hard links
      1. Directories
      2. Copying and moving
      3. Symbolic and hard links
    8. Using tar and gzip
    9. Creating basic shell scripts
      1. for loops
      2. if conditionals
      3. Exit codes
    10. Using system documentation resources
      1. Man pages
      2. Info pages
      3. Other documentation resources
    11. Summary
  10. Chapter 4: Tools for Regular Operations
    1. Technical requirements
    2. Managing system services with systemd
      1. Systemd unit file structure
      2. Managing services to be started and stopped at boot
      3. Managing boot targets
    3. Scheduling tasks with cron and systemd
      1. System-wide crontab
      2. User crontab
      3. Systemd timers
    4. Learning about time synchronization with chrony and NTP
      1. NTP client
      2. NTP server
    5. Checking for free resources – memory and disk (free and df)
      1. Memory
      2. Disk space
      3. CPU
      4. Load average
      5. Other monitoring tools
    6. Finding logs, using journald, and reading log files, including log preservation and rotation
      1. Log rotation
    7. Summary
  11. Chapter 5: Securing Systems with Users, Groups, and Permissions
    1. Creating, modifying, and deleting local user accounts and groups
    2. Managing groups and reviewing assignments
    3. Adjusting password policies
    4. Configuring sudo access for administrative tasks
      1. Understanding sudo configuration
      2. Using sudo to run admin commands
      3. Configuring sudoers
    5. Checking, reviewing, and modifying file permissions
    6. Using special permissions
      1. Understanding and applying Set-UID
      2. Understanding and applying Set-GID
      3. Using the sticky bit
    7. Summary
  12. Chapter 6: Enabling Network Connectivity
    1. Technical requirements
    2. Exploring network configuration in RHEL
    3. Getting to know the configuration files and NetworkManager
    4. Configuring network interfaces with IPv4 and IPv6
      1. IPv4 and IPv6... what does that mean?
      2. Configuring interfaces with nmtui
      3. Configuring interfaces with nm-connection-editor
      4. Configuring interfaces with nmcli
      5. Configuring interfaces with text files
    5. Configuring hostname and hostname resolutions (DNS)
    6. Overview of firewall configuration
      1. Configuring the firewall
    7. Testing network connectivity
    8. Summary
  13. Chapter 7: Adding, Patching, and Managing Software
    1. RHEL subscription registration and management
    2. Managing repositories and signatures with YUM/DNF
    3. Doing software installations, updates, and rollbacks with YUM/DNF
    4. Creating and syncing repositories with createrepo and reposync
    5. Understanding RPM internals
    6. Summary
  14. Section 2: Security with SSH, SELinux, a Firewall, and System Permissions
  15. Chapter 8: Administering Systems Remotely
    1. Technical requirements
    2. SSH and OpenSSH overview and base configuration
      1. OpenSSH server
      2. OpenSSH client
    3. Accessing remote systems with SSH
    4. Key-based authentication with SSH
      1. SSH agent
    5. SCP/rsync – remote file management
      1. Transferring files with an OpenSSH secure file copy
      2. Transferring files with sftp
      3. Transferring files with rsync
    6. Advanced remote management – SSH tunnels and SSH redirections
    7. Remote terminals with tmux
    8. Summary
  16. Chapter 9: Securing Network Connectivity with firewalld
    1. Introduction to the RHEL firewall – firewalld
    2. Enabling firewalld in the system and reviewing the default zones
      1. Reviewing the different configuration items under firewalld
    3. Enabling and managing services and ports
    4. Creating and using service definitions for firewalld
    5. Configuring firewalld with the web interface
    6. Summary
  17. Chapter 10: Keeping Your System Hardened with SELinux
    1. Technical requirements
    2. SELinux usage in enforcing and permissive modes
    3. Reviewing the SELinux context for files and processes
    4. Tweaking the policy with semanage
    5. Restoring changed file contexts to the default policy
    6. Using SELinux Boolean settings to enable services
    7. SELinux troubleshooting and common fixes
    8. Summary
  18. Chapter 11:System Security Profiles with OpenSCAP
    1. Getting started with OpenSCAP and discovering system vulnerabilities
    2. Using OpenSCAP with security profiles for OSPP and PCI DSS
      1. Scanning for OSPP compliance
      2. Scanning for PCI DSS compliance
    3. Summary
  19. Section 3: Resource Administration – Storage, Boot Process, Tuning, and Containers
  20. Chapter 12: Managing Local Storage and Filesystems
    1. Technical requirements
      1. Let's start with a definition
      2. A bit of history
    2. Partitioning disks (MBR and GPT disks)
    3. Formatting and mounting filesystems
    4. Setting default mounts and options in fstab
    5. Using network filesystems with NFS
    6. Summary
  21. Chapter 13: Flexible Storage Management with LVM
    1. Technical requirements
    2. Understanding LVM
    3. Creating, moving, and removing physical volumes
    4. Combining physical volumes into volume groups
    5. Creating and extending logical volumes
    6. Adding new disks to a volume group and extending a logical volume
    7. Removing logical volumes, volume groups, and physical volumes
    8. Reviewing LVM commands
    9. Summary
  22. Chapter 14: Advanced Storage Management with Stratis and VDO
    1. Technical requirements
    2. Understanding Stratis
    3. Installing and enabling Stratis
    4. Managing storage pools and filesystems with Stratis
    5. Preparing systems to use VDO
    6. Creating a VDO volume
    7. Assigning a VDO volume to an LVM volume
    8. Testing a VDO volume and reviewing the stats
    9. Summary
  23. Chapter 15: Understanding the Boot Process
    1. Understanding the boot process – BIOS and UEFI booting
    2. Working with GRUB, the bootloader, and initrd system images
    3. Managing the boot sequence with systemd
    4. Intervening in the boot process to gain access to a system
    5. Summary
  24. Chapter 16: Kernel Tuning and Managing Performance Profiles with tuned
    1. Technical requirements
    2. Identifying processes, checking memory usage, and killing processes
    3. Adjusting kernel scheduling parameters to better manage processes
    4. Installing tuned and managing tuning profiles
    5. Creating a custom tuned profile
    6. Summary
  25. Chapter 17: Managing Containers with Podman, Buildah, and Skopeo
    1. Technical requirements
    2. Introduction to containers
      1. Installing container tools
    3. Running a container using Podman and UBI
      1. Basic container management – pull, run, stop, and remove
      2. Attaching persistent storage to a container
      3. Deploying a container on a production system with systemd
      4. Building a container image using a Dockerfile or Containerfile
      5. Configuring Podman to search registry servers
      6. Summary of Podman options
    4. When to use Buildah and Skopeo
      1. Building container images with Buildah
      2. Inspecting a remote container with Skopeo
    5. Summary
  26. Section 4: Practical Exercises
  27. Chapter 18: Practice Exercises – 1
    1. Technical requirements
    2. Tips for the exercise
    3. Practice exercise 1
      1. Exercises
    4. Exercise 1 resolution
      1. 1. Configuring the time zone to GMT
      2. 2. Allowing password-less login to the root user using SSH
      3. 3. Creating a user named 'user' that can connect to the machine without a password
      4. 4. The user 'user' should change their password every week, with 2 days' warning and 1 day of usage once expired
      5. 5. The root user must be able to SSH as 'user' without a password, so that nobody can connect remotely as the root user using a password
      6. 6. The user 'user' should be able to become root and execute commands without a password
      7. 7. When a user tries to log in over SSH, display a legal message about not allowing unauthorized access to this system
      8. 8. SSH must listen on port 22222 instead of the default one
      9. 9. Creating a group named 'devel'
      10. 10. Making 'user' a member of 'devel'
      11. 11. Storing user membership in a file called 'userids,' in a home folder for 'user'
      12. 12. The user 'user' and root user should be able to connect to the localhost via SSH, without specifying the port, and default to compression for the connection
      13. 13. Finding all man page names in the system, and putting the names into a file named 'manpages.txt'
      14. 14. Printing usernames for users without a login, so they can be permitted access to the system, and printing the user ID and groups for each user
      15. 15. Monitoring available system resources every 5 minutes without using cron, and storing them as /root/resources.log
      16. 16. Adding a per-minute job to report the available percentage of free disk space and storing it in /root/freespace.log, so that it shows the filesystem and free space
      17. 17. Configuring the system to only leave 3 days of logs
      18. 18. Configuring log rotation for /root/freespace.log and /root/resources.log
      19. 19. Configuring time synchronization against pool.ntp.org with fast sync
      20. 20. Providing NTP server services for subnet 172.22.0.1/24
      21. 21. Configuring system stats collection every minute
      22. 22. Configuring the password length in the system for users to be 12 characters
      23. 23. Creating a bot user called 'privacy,' which keeps its files only visible to itself by default
      24. 24. Creating a folder named /shared that can be accessed by all users, and defaults new files and directories to still be accessible to users of the 'devel' group
      25. 25. Configuring a network connection with IPv4 and IPv6 addressing named 'mynic,' using the provided data Ip6, as follows: 2001:db8:0:1::c000:207/64 g gateway 2001:db8:0:1::1 IPv4 192.0.1.3/24 gateway 192.0.1.1
      26. 26. Allowing the host to use a google hostname to reach www.google.com, and a redhat hostname to reach www.redhat.com
      27. 27. Reporting the files modified from those that the vendor distributed, and storing them in /root/altered.txt
      28. 28. Making our system installation media packages available via HTTP under the path /mirror for other systems to use it as the mirror, and configuring the repository in our system. Removing the kernel packages from that mirror so that other systems (even ours) can't find new kernels. Ignoring the glibc packages from this repo to be installed without removing them
      29. 29. As 'user,' make a copy of the /root folder in the /home/user/root/ folder, and keep it in sync every day, synchronizing additions and deletions
      30. 30. Checking whether our system conforms to the PCI-DSS standard
      31. 31. Adding a second hard drive of 30 GB to the system, but using only 15 GB to move the mirror to it, making it available at boot using compression and deduplication, and available under /mirror/mirror
      32. 32. Configuring the filesystem to report at least 1,500 GB in size, to be used by our mirrors
      33. 33. Creating a second copy of the mirror under /mirror/mytailormirror and removing all packages starting with k*
      34. 34. Creating a new volume in the remaining space (15 GB) of the hard drive and using it to extend the root filesystem
      35. 35. Creating a boot entry that allows us to boot into emergency mode in order to change the root password
      36. 36. Creating a custom tuning profile that defines the readahead to be 4096 for the first drive and 1024 for the second drive – this profile should also crash the system should an OOM event occur
      37. 37. Disabling and removing the installed httpd package, and setting up the httpd server using the registry.redhat.io/rhel8/httpd-24 image
  28. Chapter 19: Practice Exercise – 2
    1. Technical requirements
    2. Tips for the exercise
    3. Practice exercise – 2
      1. Exercises
    4. Answers to practice exercise 2
      1. 1. Download the necessary file from this book's GitHub repository at https://raw.githubusercontent.com/PacktPublishing/Red-Hat-Enterprise-Linux-8-Administration/main/chapter-19-exercise2/users.txt
      2. 2. Use the users.txt file to generate users in the system in an automated way using the values provided, in the following order: username, placeholder, uid, gid, name, home, shell
      3. 3. Create a group named users and add that group as the primary group to all users, leaving their own groups, named after each user, as secondary groups
      4. 4. Change the home folders for the users so that are group owned
      5. 5. Set up an HTTP server and enable a web page for each user, with a small introduction for each that is different between users
      6. 6. Allow all the users in the users group to become root without a password
      7. 7. Create SSH keys for each user and add each key to root and the other users so that each user can SSH like the other users; that is, without a password
      8. 8. Disable password access to the system with SSH
      9. 9. Set each user with a different password using /dev/random and store the password in the users.txt file in the second field of the file
      10. 10. If the number of letters in the username is a multiple of 2, add that fact to each users description web page
      11. 11. Create a container that runs the yq Python package
      12. 12. Configure password aging for users that are not a multiple of 2 so that they're expiring
      13. 13. Configure the daily compressed log rotation for a month of logs using date-named files
      14. 14. Save all the logs generated in the day in /root/errors.log
      15. 15. Install all the available updates for system libraries
      16. 16. Repair the broken rpm binary using a previously downloaded package available in the /root folder
      17. 17. Make all the processes that are executed by the user doe run with a low priority and the ones from john run with a higher priority (+/- 5)
      18. 18. Make the system run with the highest throughput and performance
      19. 19. Change the system network interface so that it uses an IP address that's higher than the one it was using. Add another IPv6 address to the same interface
      20. 20. Create and add /opt/mysystem/bin/ to the system PATH for all users
      21. 21. Create a firewall zone, assign it to an interface, and make it the default zone
      22. 22. Add a repository hosted at https://myserver.com/repo/ with GPG key from https://myserver.com/mygpg.key to the system since our server might be down. Configure it so that it can be skipped if it's unavailable
    5. Why subscribe?
  29. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts

Product information

  • Title: Red Hat Enterprise Linux 8 Administration
  • Author(s): Miguel Pérez Colino, Pablo Iranzo Gómez, Scott McCarty
  • Release date: November 2021
  • Publisher(s): Packt Publishing
  • ISBN: 9781800569829