RHEL9 Commands

Setup an IP address for [servera] virtual machine

Password: redhat
IP: 172.25.250.10/24
GW: 172.25.250.254
DNS: 172.25.250.220
NB: All partition should be created on /dev/vdb

Reset Password
1. boot and press e to edit mode
2. add "rd.break" after kernel inofrmation
3. press CTRL+X for next
4. mount -o remount,rw /sysroot
5. chroot /sysroot
6. passwd (type password and confirm password)
7. touch /.autorelabel
8. exit
9. exit

1. change hostname
1. hostnamectl set-hostname nodea.example.com
2. hostnamectl
3. hostname

Change IP Address
ifconfig (may not work in exam mode)
ip addr show
nmcli connection show
nmcli device status

nmcli connection modify "enp0s3" ipv4.address 172.24.13.10/24 ipv4.gateway 172.24.13.254 ipv4.dns

172.24.13.254 ipv4.method manual autoconnect yes
systemctl restart NetworkManager
systemctl enable NetworkManager

SELinux must be running and enforcing

vi /etc/selinux/config
SELINUX=enforcing
:wq!
reboot
Check SELInux Enforcing

getenforce

----alternative------

setenforce Enforcing | Premissive | 1 | 0

setenfoce Enforcing

2. Configure local repository

url1=http://172.25.250.9/rhel9/x86_64/dvd/AppStream
url2= http://172.25.250.9/rhel9/x86_64/dvd/BaseOS
vim /etc/yum.repos.d/local.repo

[AppStream]
baseurl= http://172.25.250.9/rhel9/x86_64/dvd/AppStream
gpgcheck=0
enabled=1

[BaseOS]
baseurl= http://172.25.250.9/rhel9/x86_64/dvd/BaseOS
gpgcheck=0
enabled=1

:wq!

yum clean all

yum repolist all

3. set cornjob for anoter user

crontab -u natasha -e
23 14 * * * /bin/echo “hi alex”
Crontab -u harry -e
*/3 * * * * /bin/echo I got RHCE certificate

4. Debug selinux
Vi /etc/httpd/conf/httpd.conf
Listen 82
:wq!

semanage port -a -t http_port_t -p tcp 82

firewall-cmd --permanent –add-port=82/tcp
firewall-cmd --reload
systemctl restart httpd
5. Create the following users, group and group membership
groupadd sysadmin

# Add user daffy with user id 3458 and set the password with "glegunge"
===========================
id daffy (check if exists)
useradd -u 3458 daffy
echo "glegunge" | passwd daffy --stdin

# Create the following users, groups, and group memberships

===============================
- A group name adminusers
- A user natasha who belongs to adminusers as a Secondary group
- A user harry who also belongs to adminusers as a secondary gorup
- A user sarah who does not have access to an interactive shell on the system and who is also not a
member of adminusers group.
- natasha, harry, sarah should all have the password of roonkere

groupadd adminusers
useradd -G adminusers natasha
useradd -G adminusers harry
useradd -s /sbin/nologin sarah

echo "roonkere" | passwd natasha --stdin

echo "roonkere" | passwd harry --stdin
echo "roonkere" | passwd sarah --stdin

# do the crosscheck
========================
tail /etc/passwd
tail /etc/group

# Delete user with home directory completely

============================================
userdel sarah -r

# Configure your system as an NTP client of node1.domain13.com

=================================================
yum install -y chrony*

vim /etc/chrony.conf
pool node1.domain13.com iburst

:wq!

systemctl enable chronyd

systemctl restart chronyd

chronyc tracking
chronyc sources

===================27.03.2024==================

dnf install package_name --disablerepo=* --enablerepo=localrepo-BaseOS

systemctl stop firewalld

systemctl disable firewalld

#list all service

firewall-cmd --get-services

#add http service

firewall-cmd --add-serivce=http --permanent

#add port
firewall-cmd --add-port=82/tcp --permanent
firewall-cmd reload

# check http server

systemctl status httpd.service

#debug httpd at 82 port

semanage port -l | grep http_port_t

semanage port -a -t http_port_t -p tcp 82

#Create the following users, groups, and group memberships:
groupadd sysadmin
usermod -aG sysadmin natasha

#collaborative /common/admin
mkdir -p /common/admin

chown :sysadmin /common/admin

ll /common

# make readable
chmod 770 /common/admin

# created files automatically get the group ownership under this directory
chmod g+s /common/admin

# check ownership and permission

ls -ld /common/admin

# check effective group ID

stat -c %G /common/admin

#7
======
cp /etc/passwd /var/tmp/
chown root:root /var/tmp/passwd

# The file "/var/tmp/passwd" should not be executable by anyone.

chmod 644 /var/tmp/passwd
ll /var/tmp/passwd

# The file "/var/tmp/passwd" should not be executable by anyone.

setfacl -m u:harry:rw- /var/tmp/passwd (only read write)
setfacl -m u:sarah:--- /var/tmp/passwd (nothing )
setfacl -m default:u::r-- /var/tmp/passwd all other users (current or future) have the ability to
read

#show acl information

getfacl /var/tmp/passwd
# sync with local time server
dnf install -y chrony
vi /etc/chrony.conf

add
server classroom.example.com iburst

systemctl enable chronyd

systemctl restart chronyd

chronyc source -v

09. Configure AutoFS.

All remote users home directory is exported via NFS, which is available on
workstation.lab.example.com or 172.25.250.9 and your NFS-exports directory is /home/guests/
for remote5.
- Remote home directory is workstation.lab.example.com:/home/guests/
- Remote home directory should be automount autofs service.
- Home directories must be writable by their users.
- when you are able to log in as remote5 user it's found home directory as
/home/guests/remote5.
- Ensure that remote5 user can read, write on his home directory but remote10 only can read
privileges.

dnf install autofs nfs-utils

10: Create a backup.tar.(bz2 and gz) of /etc directory in /home location.

tar -cjvf backup.tar.gz /etc/
tar -cjvf backup.tar.bz2 /etc/

11: Deny cronjob for user susan so that other user for this system are not effected for this cronjob.

vi /etc/cron.deny
susan

12: Find all files owned by user brain and put them into /root/brain.
find / -user brain -exec mv -t /root/brain {} +
useradd -u 3458 daffy
[root@node1 ~]# echo "glegunge" | passwd daffy --stdin

# install & configure NFS

dnf install -y nfs-utils