Tuesday, December 9, 2014

Practice test!

EDIT: I MADE SUBSTANTIAL CHANGES TO THIS EXAM.

I created a practice test for LFCS that I think is serious overkill. I tried to create questions that hit on every core competency listed on linuxfoundation.org's website. Assume you have a CentOS 6.5 box with primary drive of 20gb and two supplemental drives of 5gb each.
 
  1. You do not know the root password. Interrupt the startup and reset the root password to “centos”
  2. Upon reboot, manually configure grub to boot into runlevel 3
  3. Upon booting, set the machine to permanently boot into runlevel 3
  4. Change the hostname to CENT6
  5. Statically assign viable network settings for your machine:
    1. IP - DNS - FQDN - Gateway
  6. Install the Apache Package
    1. Change the default directory to /web/html
    2. Create a file named index.html and place it in /web/html
    3. Make sure that anyone on your local subnet can access index.html but no one else.
  7. Create the following users with the following details - If the supplemental groups listed do not exist, create them.
    1. Bob - Supplemental Group Engineering - PW: cent6
    2. Tim - Supplemental Group WebDev - PW: cent6
    3. Ben - Supplemental Group Chemical - PW: cent6
    4. All accounts created must expire one year from today.
    5. Set Bob's default shell to zsh
    6. Set Tim's default home directory to /websites - if this directory does not exist, create it.
      1. Apply the same SELinux contexts and permissions to /websites that would be found on a user's /home directory such that Tim and only Tim will have access to /websites
  8. Give Ben complete Sudo access to the machine.
  9. Give Tim Sudo access to the following tool:
    1. iptables
  10. Create a directory named /Homework
    1. Allow all users to read this directory. But nothing else.
    2. Create three folders inside /Homework
      1. Bob_homework
      2. Tim_homework
      3. Ben_homework
    3. Give Bob (and only Bob) read and write access to /Homework/Bob_homework
    4. Give Tim (and only Tim) read and write access to /Homework/Tim_homework
    5. Give Ben (and only Ben) read and write access to /Homework/Ben_homework
  11. Create a RAID 0 array using the two spare drives on (5GB) on this machine.
    1. Size=2048MB
    2. Label=RAID_0
    3. Mount it persistently by Label at /storage
  12. Create a RAID 1 array using LVM using the two spare drives (5GB) on this machine
    1. size 1024MB
    2. Label=RAID_1
    3. Mount it persistently by UUID at /storage2
  13. Using the left over space on those one of those two drives, create a 1GB SWAP partition and add it to the existing SWAP pool - This SWAP space should mount at boot.
  14. Assume that there is an NFS share somewhere on your network. Write the command you would use to mount the NFS share on /NFS_mount. Append your terminal code to a file named “network_mount.txt” and place it in the /root folder.
    1. The IP or DNS name for the share do not matter - Use whatever you would like.
  15. Assume that there is an CIFS share somewhere on your network. Write the command you would use to mount the CIFS share on /CIFS_mount. Append your terminal code to a file named “network_mount.txt” and place it in the /root folder.
    1. The IP or DNS name for the share do not matter - Use whatever you would like.
  16. Create a bash script named “Infinite_loop” that does the following:
    1. Continually writes the string "Linux is fun" to the folder /dev/null
    2. Has no exit loop (that is, it will continue to run until told to stop
    3. Place the script in /root
    4. Give bob permissions to run infinite_loop
    5. Switch user to Bob and have him run infinite_loop
    6. Switch back to root
    7. As root, locate the now running infinite_loop and forcefully kill it by PID
  17. Create a backup of the /etc/yum.repos.d folder using tar or rsync; place your backup in /root
  18. Create a local repo using a live dvd iso of Centos
  19. Using your local repo, install the appropriate packages needed for virtualization.
  20. Download the following text file from Project Gutenberg
    1. Within that document, find and replace every instance of the word "Ernest" with "Earnest"
    2. Find line 3123 and put it at the bottom of the document.
    3. Find line 2134 and put it at the top of the document.
    4. Find line 2351 and put it at line 1532.

 
Post your solutions below if you want (if anyone is reading).  

Monday, December 8, 2014

Getting Nervous

As the clock ticks down, I am finding myself more and more nervous with the LFCS - I have less than 48 hours left. I'm feeling a bit leery because the core competencies are a bit ambiguous to say the least. I think it's that way for a reason as the foundation offers this cert in three different distributions. There's already an excess of verbiage in the IT industry with one OS let alone when you are offering a service in three so I can understand their words.

So I'm taking a moment here to write out what I **think** they are looking for in each requirement. I'm not gonna write much at length, just the commands that would be involved with the requirement (or overarching technology if a single command is not enough)

Command-line
  • Editing text files on the command line
    • vi | vim | nano
  • Manipulating text files from the command line
    • sed
Filesystem & storage
  • Archiving and compressing files and directories
    • tar/star/bzip2/gzip
  • Assembling partitions as RAID devices
    • LVM or mdadm
  • Configuring swap partitions
    • mkswap | swapon
  • File attributes
    • lsattr | chattr
  • Finding files on the filesystem
    • locate | find | which | apropos | whatis
  • Formatting filesystems
    • mkfs.ext4 | vfat | xfs
  • Mounting filesystems automatically at boot time
    • automount | fstab
  • Mounting networked filesystems
    • mount.cifs | mount
  • Partitioning storage devices
    • fdisk | parted
  • Troubleshooting filesystem issues
    • fsck | blkid | mount | df
Local system administration
  • Creating backups
    • dd | rsync | tar
  • Creating local user groups
    • groupadd
  • Managing file permissions
    • chmod | setfacl | getfacl
  • Managing fstab entries
    • /etc/fstab
  • Managing local users accounts
    • usermod
  • Managing the startup process and related services
    • /etc/inittab | chkconfig
  • Managing user accounts
    • useradd | usermod
  • Managing user account attributes
    • usermod | chage
  • Managing user processes
    • top | ps | kill | nice | renice
  • Restoring backed up data
    • tar | dd | rsync
  • Setting file permissions and ownership
    • chmod | setfacl
Local security
  • Accessing the root account
    • su | init=/bin/sh
  • Using sudo to manage access to the root account
    • /etc/sudoers
Shell scripting
  • Basic bash shell scripting
    • #! /bin/bash
Software management
  • Installing software packages
    • yum | rpm 

TEchnologies that seem to be missing from these requirements:
  1. iptables
  2. SELinux
  3. LUKS
  4. Apache
  5. VSFTPD
  6. NTP
After writing this list out, I decided to check the LFCE requirements and found that most of the things that I listed were on that exam. Anything network related seems to be on the Engineer level whereas local level seems to be SysAdmin level. I'm still leery but only time will tell.....

You'se a big fine SysAdmin - Won't you back that drive up?

Reference to shitty and misogynistic rap aside, it's always important to know how to back your drives up. For the LFSA exam, the requirement is rather ambiguous and doesn't seem to provide any direction as to how they want you to do accomplish this. Nevertheless, there's a bunch of ways to do it and they are all relatively easy.

Creating Backups:
  1. dd - Use this tool to take complete back ups of entire partitions or drives.
    1. dd if=[device you want to backup] of=[backup.img]
      1. IMPORTANT: This backup will be of the entire extent of the device you mention even if there is space on the drive. It will backup the entire extent.
  2. rsync - use this tool if you need to perform backups over a network.
    1. rsync -av [source] [destination]
  3. tar - Standard archiving.
    1. tar cvf tarball.tar /directory/
Some practical code:
  1. dd if=/dev/sda of=/backups/sda.img
  2. rsync -av /root/ /backups/
  3. tar cvfj rootarchive.bz2 /root/
Restoring Backups: Pretty much straightforward in most cases.
  1. dd - simply reverse the process
  2. rsync - Same idea as dd - Reverse the process.
  3. tar - Use the extract directive (x)
Some practical code:
  1. dd if=/backups/sda.img /dev/sda
  2. rsync -v /backups/ /root/
  3. tar xvfj rootarchive.bz2
    1. Make sure you are in the directory you want to the data to be unpacked into.
As always, consult man pages for more information.

So this will give you a quick and dirty rundown - I can't imagine that the Linux Foundation will require you to do crazy backups of large partitions. I think they want to see rsync and tar mostly as dd can be extremely time consuming. But we will see. My exam is Wednesday at 9AM EST

Wednesday, December 3, 2014

RAID AND YOU

Been going over software RAID in CentOS 6.5 for my LFCS exam that is next week. Here are my notes so that I don't forget.

  • mdadm
    • This is the tool you want to use to create software RAID
    • /etc/mdadm.conf (Main configuration file)
  • Syntax
    • mdadm -C -v <device name> --level=<raid level> --raid-devices=<#> <dev files>
    • EX: mdadm -C -v /dev/rd0 --level=raid0 --raid-devices=2 /dev/sdb /dev/sdc
      • This will create a raid array named /dev/rd0 out of two arbitrary HDs
    • You will need to format those two drives the same way you normally would with mkfs and whatnot.
    • EX: mdadm --stop /dev/md0        #Stops the Array
    • EX: mdadm --remove /dev/md0  #Disassembles the array
  • You can use mdadm to do some other cool things. Here are a couple:
    • Set up monitoring services
      • Run the following command to append the appropriate info to the /etc/mdadm.conf
        • mdadm --detail --scan >> /etc/mdadm.conf
          • This will tell the mdadm service to monitor any raid arrays.
        • The "mdadm --detail --scan" command will give details about the drive.
      • Verify that the mdadm monitor service is running and that it is set to start at boot
        • sysvinit - #service mdmonitor start
        • sysvinit - #chkconfig mdmonitor on
        • systemd - #systemctl start mdmonitor
        • systemd - #systemctl enable mdmonitor
    • Setup mail alerts
      • echo "MAILADDR root" >> /etc/mdadm.conf
        • This will append the local root host as the address
    • Check array details
      • cat /proc/mdstat (less detailed summary)
      • mdadm --detail /dev/md0 (more detailed summary
So there's my rundown - As always, this is all valid for CentOS - I can't attest to other distros. It's quick. It's dirty. Most of all, it's efficient. I like it.

Monday, December 1, 2014

GRUB2 - A Rundown

I've spent an inordinate amount of time today going over GRUB2 for my upcoming RHCSA exam. I probably went overboard. If you are like me (scratching your head at GRUB2 wishing it would go back to "the way it was") then I have a nice little rundown here for you that might make things easier.
 
Red Hat states that we need to be able to "Modify the System Bootloader" - That's a pretty vague requirement if you ask me. You can do a metric FUCKTON of things with GRUB2 and it's no surprise (at least to me) that you should be able to do a lot. But these exams are timed and short so I kept the scope of this article nice and light.
 
  • Add/remove entries
    • Use yum or rpm to add or remove installed kernels - Don’t go toying around manually on the exam - You will mess things up and cost yourself time.
 
  • List default Kernel Selection: grub2-editenv list
    • Lists default kernel selection
 
  • Change Default Kernel: grub2-set-default
    • EX: grub2-set-default ‘Fedora Linux, with Linux 3.1.2-1.fc16.x86_64’
      • This will select that particular kernel - if it exists
    • EX: grub2-set-default 0
      • This will make the default kernel the first entry in the bootloader (arrayed numbering).
 
  • GRUB2 PW Protection
    • Edit /etc/grub.d/01_users and add the following lines:
      • Set superusers=”username”
      • Password user userpassword
      • Supplement username with whatever username you want and userpassword with their password
    • Edit /etc/grub.d/40_custom to tell GRUB what entries to PW protect
      • By default, each entry will have a --unrestricted directive
      • Replace --unrestricted with “--users user” without the quote and specify which user by name you created. This will allow only those users to access that menu option.
      • If you do not make user of the --unrestricted directive or a --user directive, the system will assume ONLY SUPER USER.

  • Encrypting PWs in GRUB2
    • grub2-mkpasswd-pbkdf2
      • it will prompt you for a password and it will output it in encrypted form that is compatible with GRUB2.
      • Copy the hash and paste it in the template file where you configured users (01_users file found in the /etc/grub.d/ folder.)
      • The format is really messy but it looks something like:
        • password_pbkdf2 user grub.pbkdf2.sha512.10000.19074739ED80F115963D984BDCB35AA671C24325755377C3E9B014D862DA6ACC77BC110EED41822800A87FD3700C037320E51E9326188D53247EC0722DDF15FC.C56EC0738911AD86CEA55546139FEBC366A393DF9785A8F44D3E51BF09DB980BAFEF85281CBBC56778D8B19DC94833EA8342F7D73E3A1AA30B205091F1015A85
      • Append that entry to the bottom and it will check for hashes.
      • NOTE: IF YOU MESS THIS UP, YOUR SYSTEM PROBABLY WONT BOOT.

  • Resettings GRUB2
    • Sometimes, you gotta restart shit
      • rm /etc/grub.d/* (delete all grub.d scripts)
      • rm /etc/sysconfig/grub (remove all system configuration)
      • yum reinstall grub2-tools (reinstall the entire package)
      • grub2-mkconfig -o /boot/grub2/grub.cfg (reset the entire configuration)

  • Reinstalling GRUB2
    • grub2-install <device>
      • This will reinstall and restore any corrupted files in the /boot/grub2/ directory - If files are missing, they will be recreated.

  • Finalizing changes:
    • IF YOU CHANGE ANYTHING IN GRUB, YOU NEED TO RUN grub2-mkconfig OR THE CHANGES WILL NOT STICK.
      • Two ways to do this:
        • grub2-mkconfig -o /boot/grub2/grub.cfg
          • USE ONLY IF ON TRADITIONAL BIOS
        • grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
          • USE ONLY IF ON UEFI BIOS
 
  • Telling GRUB to boot into different targets
    • Move into the append/edit mode with the e key at boot menu
    • IF USING x86-64 -- append boot directive to the end of the linux16 line
    • IF USING UEFI -- append boot directive to the end of the linuxefi line
    • Possible Appends
      • systemd.unit=[systemctl.target] 
 
So as you can see, we can do a lot with GRUB2 - In many ways, I think it's much more convoluted than GRUB1 but the times, they are a changin'
 
Any thoughts on this matter or corrections would be greatly appreciated!