This video is based on RHEL 8. Video to cover the section ‘Create, delete, and modify local groups and group memberships’ for the RHCSA (Red Hat Certified System Administrator).
This video is based on RHEL 8. Video to cover the section ‘Change passwords and adjust password aging for local user accounts’ for the RHCSA (Red Hat Certified System Administrator).
This video is based on RHEL 8. Video to cover the section ‘Create, delete, and modify local user accounts’ for the RHCSA (Red Hat Certified System Administrator).
Users are added to the system using the following command:
# usermod user1
As part of running the usermod command it gives the user a unique UID (user ID number) and creates a group of the same name with its own GID (group ID number).
This video is based on RHEL 8. Video to cover the section ‘Restrict network access using firewall-cmd/firewall’ for the RHCSA (Red Hat Certified System Administrator).
The local firewall on the server is managed by the firewall-cmd command line, the first area to learn is about zoning on the firewall. To list all of the zones run:
# firewall-cmd --get-zones
To see what is configured in a particular zone:
# firewall-cmd --zone work --list-all
To create a new zone use the following:
# firewall-cmd --new-zone servers
This new zone would be non-persistant, this is good practice incase you misconfigure something, you can reboot the server to clear the setting. Use –permanent to make rules persist e.g.:
# firewall-cmd --new-zone servers --permanent
Note any changes on the firewall will not have affect until you ask the service to reload:
# firewall-cmd --reload
Before assigning the network interface into a new zone, you should add any required services in to the zone to ensure they aren’t suddenly blocked, a good example would be SSH.
This video is based on RHEL 8. Video to cover the section ‘ConfConfigure network services to start automatically at boot’ for the RHCSA (Red Hat Certified System Administrator).
All machines in a network have in addition to an IP address, a hostname. The hostname is literally a name for the host.
To view the current hostname in short format:
# hostname -s
The view the fully qualified domain name (FQDN):
# hostname -f
To change the hostname edit the following file:
# vi /etc/hostname
To then force the update of the hostname run:
# hostnamectl
DNS
DNS or Domain Name Servers are special servers that provide resolution of a FQDN to an IP address. This allows to have the added benefit of not having to type in the IP address every time you want to connect to a network device.
To see the current configured DNS servers you can check the following file:
# cat /etc/resolv.conf
To add/update the DNS servers on an interface (this example eth0) run the following:
# nmcli con mod eth0 ipv4.dns "8.8.8.8 8.8.4.4"
To then force the read of this for configuration for DNS resolution run:
# nmcli con reload
# systemctl restart NetworkManager
To manually overwride what is configured on the DNS server with a local configuration you can edit the following file which acts as a local DNS server.
This section is on IP addressing. An Internet Protocol (IP) address is an individual address for a host on a network. When using the internet your IP address is assigned to you by your Internet Service Provider (ISP).
When using the device within your home network you will be assigned a local IP address by your router and then the router uses Network Address Translation (NAT) to translate your local address to your ISP provided address for use on the internet.
There are two types of IP address in use these days IPv4 and IPv6. IPv4 is still the most widely used, but is slated to be fully replaced by IPv6, just it is a massive task.
Therefore I will cover both.
IPv4
This IP addressing scheme is a 32 bit address (being 32 1s or 0s) using decimal numbers, split into 4 octets.
As we can see the IP address in the above example is 172.16.254.1, this is what is caused a Class B address. As the table shows below IP addresses are split into different network intents, note there is unicast (one host to one server) and multicast (one host to multiple servers).
Class A
1.0.0.1 to 126.255.255.254
Supports 16 million hosts on each of 127 networks.
Class B
128.1.0.1 to 191.255.255.254
Supports 65,000 hosts on each of 16,000 networks.
Class C
192.0.1.1 to 223.255.254.254
Supports 254 hosts on each of 2 million networks.
Class D
224.0.0.0 to 239.255.255.255
Reserved for multicast groups.
Within these classes there are ranges assigned for private use of which we have included below. The subnet mask defines how large the network is, for example the network is 10.0.0.0 and the subnet mask is 255.0.0.0, the maximum value of an IP address is 255 so for the 10. octet it is masking, all of the other octets are able to go to their maximum values. So the IP address range is: 10.0.0.0 – 10.255.255.255, we can use any address in between e.g. 10.1.4.200. The CIDR is a way of expressing the subnet mask in short form, for example we can express the below class C network as 192.168.0.0/16.
Class
Private Networks
Subnet Mask
CIDR
Number of IP Addresses
A
10.0.0.0
255.0.0.0
/8
16,777,214
B
172.16.0.0 – 172.31.0.0
255.240.0.0
/12
1,048,576
C
192.168.0.0
255.255.0.0
/16
65,534
The good thing is once you have the hang of Subnet Masks and CIDR it is again used in IPv6 so it’s not something you will have to learn again. All networks will have a gateway address (this is a router or switch that can redirect traffic intended for other networks) and a broadcast address (this is the address we use to send messages to multiple hosts on the same network for special types of requests).
Configuring a IPv4 Address
All of the configuration is completed via the nmcli application.
To show the connection information:
# nmcli connection show
To get the current status:
# nmcli device status
To get the current configuration:
# nmcli device show
To delete a device (don’t do to your active network interface!):
# nmcli connection delete enp0s3
To add a new connection for a new device (enp0s8):
The addressing used in IPv6 is 128 bit and uses hexadecimal numbers, therefore has a much larger address space. This was due to IPv4 being too small for modern needs and now pretty much all of the IPs have been used. An example IPv6 address is as below.
IPv6 addresses are classless and therefore we have no class designation, however some prefixes (same as CIDR) are reserved for specific uses. Here are some common ones.
Prefix
Designation
IPv4 equivalent
::ffff/96 Example: ::ffff:192.0.2.47
IPv4-mapped Used to embed IPv4 addresses in an IPv6 address. One use for this is in a dual-stack transition scenario where IPv4 addresses can be mapped into an IPv6 address. See RFC 4038 for more details.
No IPv4 equivalent. However, you can search for the mapped IPv4 address in the relevant Whois Database.
2000::/3
Global Unicast The operators of networks using these addresses can be found using the RIR Whois servers listed in the IANA registry.
No equivalent single IPv4 block
ff00::.8 Example: ff01:0:0:0:0:0:0:2
Multicast Used to identify multicast groups. They should only be used as destination addresses, never as source addresses.
224.0.0.0/4
IPv6 uses the same gateway, but doesn’t have any broadcast address, it’s as the protocol is more modern and no longer needs this functionaility.
Configuring an IPv6 Address
Using the same method as above to manage the connection, the only difference is when you come to configure the actual IP addressing.
To add a new connection for a new device (enp0s8):
As part of the exam you will be only asked to make a minor modification of the grub configuration.
To list the environment options for modification for grub:
# grub2-editenv list
A good example would be to set the current kernel as the default for boot:
# grub2-set-default 0
To view and modify the entire grub configuration for your system:
# vi /etc/default/grub
A simple variable you can modify to test is the GRUB_TIMEOUT_STYLE=countdown
You can simply add a new line in the file and add that entry, this will change the GRUB screen to only show a simple countdown rather than the full bootscreen.
Modules allow you to install specific versions of a application, a good example of this would be the PHP application. The PHP application is available in the modules stream with multiple versions and editions, this allows you to select and install the specific version that is required.
To list all the currently available modules:
# dnf module listÂ
To list information about a specific module:
# dnf module info –profile php
To install a module:
# dnf module install php
To remove the module:Â
# dnf module remove php
Then to reset the module post removal (if you would like to install a different version):Â
This video is based on RHEL 8. Video to cover the section ‘Install and update software packages from Red Hat Network, a remote repository, or from the local file system’ for the RHCSA (Red Hat Certified System Administrator).
Some people who have worked with Red Hat previously will be familiar with YUM, however as of RHEL8 it has been replaced by DNF, best to use this going forward even though the yum commands still work.
To search for a package:
# dnf search nano
# dnf list na*
To list both enabled and disabled repositories use the following command. A status column is added to the output list to show which of the repositories are enabled.
# dnf repolist all
# dnf repoinfo
To view more information about a particular package: # dnf info nano
To install packages using dnf:
# dnf install nano
To remove a package:
# dnf remove nano
To find out what package provides a particular file:
# dnf provides "*/bin/nano"
To use dnf to install a local package use:
# dnf localinstall rpm
To list all the available package groups:
# dnf groups list
To install a package group: # dnf group install "System Tools"Â
To remove a package group: # dnf group remove "System Tools"Â
To list all of the actions completed using dnf: # dnf history list
To undo a particular action: # dnf history undo 4
To redo a particular action:
# dnf history redo 4Â
To add a new repository on the system you need the following configuration as a minimum this would need to be in an existing or new file within /etc/yum.repos.d/ with the .repo extension:
Replace repository_url with a URL to the directory where the repodata directory of a repository is located: * If the repository is available over HTTP, use: http://path/to/repo * If the repository is available over FTP, use: ftp://path/to/repo * If the repository is local to the machine, use: file:///path/to/local/repo
There is an automated tool to do the addition of repositories, yum-config-manager which is provided as part of dnf-utils. To install run:
# dnf install dnf-utils
To add an exsiting repository to the system use the following command: # yum-config-manager --add-repo repository_url
To disable a repository:
# yum-config-manager --disablerepo repository
To enable a repository:
# yum-config-manager --enablerepo repository
Creating your own local repository, you need to firstly install the createrepo application:
# dnf install createrepo
2. Copy all packages that you want to have in your repository into one directory, such as /root/local_repo.Â
3. Change to this directory and run the following command:Â
Computers, Security & Gadgets 