EVALUATION COPY Unauthorized Reproduction or Distribution Linux for Unix AdministratorsProhibited Student Workbook EVALUATION COPY Unauthorized Reproduction GL615 LINUX FOR UNIX ADMINISTRATORS RHEL7 SLES12 or Distribution The contents of this course and all its modules and related materials, including handouts to audience members, are copyright ©2017 Guru Labs L.C. No part of this publication may be stored in a retrieval system, transmitted or reproduced in any way, including, but not limited to, photocopy, photograph, magnetic, electronic or other record, without the prior written permission of Guru Labs. This curriculum contains proprietary information which is for the exclusive use of customers of Guru Labs L.C., and is not to be shared with personnel other than those in attendance at this course. This instructional program, including all material provided herein, is supplied without any guarantees from Guru Labs L.C. Guru Labs L.C. assumes no liability for damages or legal action arising from Prohibited the use or misuse of contents or details contained herein. Photocopying any part of this manual without prior written consent of Guru Labs L.C. is a violation of federal law. This manual should not appear to be a photocopy. If you believe that Guru Labs training materials are being photocopied without permission, please email [email protected] or call 1-801-298-5227. Guru Labs L.C. accepts no liability for any claims, demands, losses, damages, costs or expenses suffered or incurred howsoever arising from or in connection with the use of this courseware. All trademarks are the property of their respective owners. Version: GL615S-R7S12-O04 EVALUATION COPY Unauthorized Reproduction or Distribution Prohibited Table of Contents Chapter 1 EVALUATIONSystem Boot COPY Method Overview 2 LINUX ORIENTATION 1 systemd System and Service Manager 3 FSF and GNU 2 Modifying systemd services 5 GPL – General PublicUnauthorized License 3 Systemd Service Sandboxing Features 6 Linux Kernel and Versioning 4 systemd Targets 7 Components of a Distribution 6 Using systemd 8 Red Hat Linux Products 7 Linux Runlevels Aliases 10 SUSE Linux Products 9 Legacy Support for SysV init 11 Lab Tasks 12 Chapter 2 1. Managing Services With Systemd's systemctl 13 LINUX KERNEL & HARDWARE 1 2. Creating a systemd unit file 19 Hardware Discovery Tools 2 Configuring New Hardware with hwinfo 3 Chapter 4 Hardware and System Clock Reproduction 4 GRUB2/SYSTEMD BOOT PROCESS 1 Console 6 Booting Linux on PCs 2 Virtual Terminals 8 GRUB 2 4 Keyboard & locale configuration 10 GRUB 2 Configuration 6 Serial Ports 12 GRUB 2 Security 8 SCSI Devices 13 Boot Parameters 10 USB Architecture 15 Initial RAM Filesystem 12 Defining a Printer 17 init 15 Tape Libraries 18 Systemd local-fs.target and sysinit.target 16 Managing Linux Device Files 20or Systemd basic.target and multi-user.target 18 Kernel Hardware Info – /sys/ 23 DistributionLegacy local bootup script support 20 /sys/ Structure 24 System Configuration Files 21 udev 25 RHEL7 Configuration Utilities 22 Kernel Modules 27 SLES12 Configuration Utilities 23 Configuring Kernel Components and Modules 29 Shutdown and Reboot 24 Handling Module Dependencies 30 Lab Tasks 25 Configuring the Kernel via /proc/ 31 1. Boot Process 26 Random Numbers and /dev/random 33 2. Booting directly to a bash shell 30 System Tools 35 3. GRUB CommandProhibited Line 33 Lab Tasks 36 4. Basic GRUB Security 36 1. Adjusting Kernel Options 37 5. Troubleshooting Practice: Boot Process 39 2. Linux Kernel Driver Compilation 43 3. Configuring Print Queues 47 Chapter 5 4. Introduction to Troubleshooting Labs 51 SOFTWARE MAINTENANCE 1 5. Troubleshooting Practice: Kernel Modules 56 RPM Architecture 2 Working With RPMs 3 Chapter 3 Querying and Verifying with RPM 4 SYSTEMD OVERVIEW 1 Updating the Kernel RPM 6 ii Using the Yum command 7 Changing LVM Components 8 Using the Zypper command 10 Advanced LVM Overview 10 YUM package groupsEVALUATION12 Advanced COPY LVM: Components & Object Tags 11 Zypper Services and Catalogs 13 Advanced LVM: Automated Storage Tiering 12 Configuring Yum 15 Advanced LVM: Thin Provisioning 14 YUM RepositoriesUnauthorized 17 Advanced LVM: Striping & Mirroring 16 Rebuilding Source RPM Packages 18 Advanced LVM: RAID Volumes 17 Software Tools Comparison Matrix 20 SLES Graphical Disk Tool 18 Lab Tasks 21 RAID Concepts 19 1. Managing Software with RPM 22 Array Creation with mdadm 20 2. Creating a Custom RPM Repository 26 Software RAID Monitoring 21 3. Querying the RPM Database 30 Software RAID Control and Display 22 4. Installing Software via RPM & Source and Rebuilding LVM and RAID: Unix Tool Comparison 23 SRPMs 34 Lab Tasks 24 5. Using Yum [R7] Reproduction 38 1. Creating and Managing LVM Volumes 25 6. Using Zypper [S12] 45 2. Creating LVM Thin Volumes 35 3. Creating and Managing a RAID-5 Array 42 Chapter 6 LOCAL STORAGE ADMINISTRATION 1 Chapter 8 Partitioning Disks with fdisk & gdisk 2 REMOTE STORAGE ADMINISTRATION 1 Resizing a GPT Partition with gdisk 5 Remote Storage Overview 2 Partitioning Disks with parted 8 Remote Filesystem Protocols 4 Non-Interactive Disk Partitioning with sfdisk 9 Remote Block Device Protocols 5 Filesystem Creation or10 NFS Clients 7 Mounting Filesystems 11 NFS Server Configuration 8 Filesystem Maintenance 13DistributionImplementing NFSv4 10 Resizing Filesystems 16 AutoFS 12 Managing an XFS Filesystem 17 AutoFS Configuration 13 Swap 19 SAN Multipathing 15 Filesystem Attributes 20 Multipath Configuration 16 Filesystem Creation and Management 21 Multipathing Best Practices 18 Lab Tasks 22 iSCSI Architecture 20 1. Creating and Managing Filesystems 23 Open-iSCSI Initiator Implementation 23 2. Hot Adding Swap 30 iSCSI InitiatorProhibited Discovery 25 iSCSI Initiator Node Administration 27 Chapter 7 Mounting iSCSI Targets at Boot 29 LVM & RAID 1 iSCSI Multipathing Considerations 30 Logical Volume Management 2 Lab Tasks 32 Implementing LVM 3 1. Using autofs 33 Creating Logical Volumes 4 2. NFS Server Configuration 38 Activating LVM VGs 5 3. iSCSI Initiator Configuration 43 Exporting and Importing a VG 6 Examining LVM Components 7 iii Chapter 9 SUSE Basic Firewall Configuration 22 USER/GROUP ADMINISTRATION 1 Netfilter Concepts 23 Approaches to StoringEVALUATION User Accounts 2 Using the iptablesCOPY Command 24 User and Group Concepts 3 Common match_specs 26 User Administration 4 Extended Packet Matching Modules 27 Modifying AccountsUnauthorized 6 Connection Tracking 29 Group Administration 7 AppArmor 30 Password Aging 9 SELinux Security Framework 31 Default User Files 11 SELinux Modes 33 Controlling Login Sessions 12 SELinux Commands 35 RHEL DS Client Configuration 14 Choosing an SELinux Policy 36 SLES DS Client Configuration 16 SELinux Booleans 38 PAM Overview 18 SELinux Policy Tools 39 PAM Module Types 19 (X)INETD and Firewalls 41 PAM Order of Processing Reproduction 20 Lab Tasks 42 PAM Control Statements 22 1. User Private Groups 44 pam_wheel.so 23 2. Using Filesystem ACLs 49 pam_limits.so 24 3. Securing xinetd Services 58 User/Group Administration Comparison Matrix 25 4. Enforcing Security Policy with xinetd 62 Lab Tasks 26 5. Securing Services with TCP Wrappers 65 1. User and Group Administration 27 6. Securing Services with SuSEfirewall2 [S12] 69 2. Using LDAP for Centralized User Accounts 30 7. Securing Services with Netfilter 73 3. Troubleshooting Practice: Account Management 36 8. Exploring SELinux Modes 79 4. Restricting superuser access to wheel group membership 37or 9. SELinux File Contexts [R7] 85 5. Setting Limits with the pam_limits Modules 39 6. Using pam_limits to Restrict Simultaneous Logins 43 DistributionChapter 11 PROCESS ADMINISTRATION 1 Chapter 10 at & cron Usage 2 SECURITY ADMINISTRATION 1 Anacron 3 Security Concepts 2 Viewing Processes 5 Tightening Default Security 4 Managing Processes 7 Security Advisories 6 Tuning Process Scheduling 8 Fine Grained Authorizations with Polkit 7 Process Accounting 10 File Access Control Lists 9 Setting ResourceProhibited Limits via ulimit 12 Manipulating FACLs 10 Lab Tasks 13 Viewing FACLs 11 1. Creating and Managing User Cron Jobs 14 Backing Up FACLs 12 2. Adding System cron Jobs 17 File Creation Permissions with umask 13 User Private Group Scheme 15 Chapter 12 Alternatives to UPG 17 NETWORKING 1 TCP Wrappers Concepts 18 Linux Network Interfaces 2 TCP Wrappers Concepts 19 Ethernet Hardware Tools 4 Xinetd 20 Network Configuration with ip Command 6 iv Configuring Routing Tables 7 Log Anomaly Detector 28 IP to MAC Address Mapping with ARP 10 strace and ltrace 29 Starting and StoppingEVALUATION Interfaces 11 Troubleshooting COPY Incorrect File Permissions 31 NetworkManager 13 Inability to Boot 32 DNS Clients 15 Typos in Configuration Files 33 DHCP Clients Unauthorized 17 Corrupt Filesystems 34 Network Diagnostics 19 RHEL7 Rescue Environment 35 Information from ss and netstat 22 SUSE Rescue Environment 37 Managing Network-Wide Time 24 Process Tools 39 Continual Time Sync with NTP 26 Lab Tasks 40 Configuring NTP Clients 27 1. Using the systemd Journal 41 Multiple IP Addresses 29 2. Setting up a Full Debug Logfile 46 IPv6 31 3. Remote Syslog Configuration 48 Interface Aggregation 33 4. Remote Rsyslog TLS Configuration 54 Interface Bonding Reproduction 34 5. Recovering Damaged MBR 61 Network Teaming 36 Interface Bridging 40 Chapter 14 802.1q VLANS 42 BIND DNS 1 Network Configuration Tools 44 The Domain Name Space 2 Lab Tasks 45 Delegation and Zones 4 1. Network Discovery 46 Server Roles 5 2. Basic Client Networking 49 Resolving Names 6 3. NTP Client Configuration 53 Resolving IP Addresses 8 4. Multiple IP Addresses