RHCSA EXAM (EX200) CHEATSHEET BY OPEN SOURCE CIRCLE

RHCSA exam (EX200) Commands Cheatsheet

------

## Cheatsheet:

### Basic Interaction

* `tty` *print current terminal name.*

* `uptime` *show system's uptime and load.*

* `which`, `where`, `type` *can be used to identify a command location.*

* `uname -a` *print system and kernel basic information.*

* `lscpu` *print processor's information.*

* `man 5 shadow` *show man pages for `SHADOW(5)`, the password file.*

* `apropos -a ext4 tunable` *search man pages and descriptions for both
keywords.*

* `man -f`, `whatis` *show description for the parameter given.*

### File Management

* `tar -czf etc-bkp.tar /etc` *create `etc-bkp.tar` file containing a `gzip`

compressed archive of the `/etc` folder.*

* `tar -cjf etc-bkp.tar /etc` *same as above but compressed with `bzip2`.*

* `umask -S g-wx,o=w` *same as `umask 0035` (when umask is set to 0002).*

* `usermod -aG sgrp user1000` *append `sgrp` as a suplementary group for

`user1000`.*

* `chown root:sgrp /sdir` *change ownership and owning group to `root` and
`sgrp` respectively.*

* `chmod +4000 /usr/bin/su`, `chmod u+s /usr/bin/su` *enables `setuid` in

`su` file without touching other predefined permissions. (setuid is used to
give special permissions on executable files)*

* `chmod +2000 /usr/bin/write`, `chmod g+s /usr/bin/write` *enables `setgid`

in `write` file without touching other predefined permissions.*

* `chmod +1000 /tmp`, `chmod o+t /tmp` *sets the sticky bit on the specified
directory without altering existing underlying permissions. (sticky bit on
public and shared writable dirs are used to protect files and subdirs owned
by normal users from being deleted or moved by other normal users)*

* `find . -name socket -o -name pipe -exec rm '{}' \;` *search for all files
name `socket` or `pipe` on current dir, and remove all of them.*

WWW.OPENSOURCECIRCLE.COM | OPENSOURCECIRCLE@HOTMAIL.COM | WHATSAPP: +91-98222 34412 1

 RHCSA EXAM (EX200) CHEATSHEET BY OPEN SOURCE CIRCLE

* `find . -cmin 30` *search for all files modified on the past 30 min on
current dir.*

* `find /usr -type f -atime +100 -size -5M -user root` *find all regular
files accessed more than 100 days ago, are not bigger tahn 5MB and owned by
`root`.*

* `setfacl -m u:user100:6 file1`, `setfacl -m u:user100:rw file1` *gives

`user100` read and write permissions on `file1` by using Access Control Lists
(ACLs).*

* `setfacl -x u:user100 file1` *removes any `user100` ACL permissions for

`file1`.*

* `setfacl -b file1` *resets ACL permissions for `file1`.*

* `setfacl -dm u:user100:7,u:user200:rwx projects/` *allocate default `rwx`

permissions to `user100` and `user200` on `projects/` dir.*

* `setfacl -k projects/` *deletes default ACL permissions for `projects/`

dir.*

### User Management

* `last` *show a listing of last logged in users.*

* `lastb` *show a listing of last unsuccessful log in/outs.*

* `lastlog` *reports the most recent login of all users of a given user.*

* `who` *show who is logged in.*

* `w` *show who is logged in and what they are doing.*

* `id` *print real and effective user and group IDs.*

* `groups` *print the groups a user is in.*

* `useradd -s /sbin/nologin user99` *create `user99` account with the

disability of logging in.*

* `passwd -x 30 -n 4 -w 10 user1` *user 1 pwd expires in 30 days, cannot

change at least 4 days, starts warning 10 days prior to expiration.*

* `usermod -e 2021-12-20 user1` *set pwd expiration date.*

* `passwd -S user1` *report password status (expiration, etc).*

* `usermod -L user1`, `passwd -l user1` *lock `user1` account (verify the

lock at `/etc/shadow` file, there must be `!!` prepanding the pwd hash).*

* `visudo` *edit the `/etc/sudoers` file.*

* `user1 ALL=(ALL) NOPASSWD: ALL` *on `sudoers` file gives full root access
to the system without prompting for password.*

WWW.OPENSOURCECIRCLE.COM | OPENSOURCECIRCLE@HOTMAIL.COM | WHATSAPP: +91-98222 34412 2

 RHCSA EXAM (EX200) CHEATSHEET BY OPEN SOURCE CIRCLE

* `chown user1:dba -R dir1` *change `dir1` owner to `user1` and group to

`dba` recursively (could change only group owning with `chgrp` too).*

### The Bash Shell

* `export PS1="<\u@\h in \w >:"` *customize bash prompt to display

`<user1@server1 in /etc >:` (see `man bash`, `PROMPTING`).*

* `ls /etc /dvd 2> /tmp/lserror` *list both dirs but redirect errors to
`/tmp/lserror`.*

### Linux Processes and Task Scheduling

* `ps -eo pid,nice,cmd | grep top` *show `pid` and `nice` for the `top`
running process.*

* `nice -n +8 top` *run `top` cmd with a lower priority (by 8).*

* `renice -n -10 -p 3261` *increase the prioroty of the `3261` running

proccess to `-10`.*

* `crontab -e` *edit user `crontab`.*

* `23 8 * * * echo "Hello World" > /dev/pts/0` *in a `crontab` file, this
entry will make the terminal `/dev/pts/0` print the message everyday at
8:23.*

* `cat /var/log/cron` *cron execution logs.*

### Package Management

* `mount -o ro /dev/sr0 /mnt` *mount iso image to `/mnt` drive.*

* `/dev/sr0 /mnt iso9660 ro 0 0` *on `/etc/fstab/`, it mounts the iso img

on system startup.*

#### Using `rpm`

* `rpm -i ./zsh-5.5.1-6.el8_1.2.x86_64.rpm` *install package file from

current dir.*

* `rpm -i --reinstall -vh /zsh-5.5.1-6.el8_1.2.x86_64.rpm` *reinstall package

form file (verbose mode, show progress printing a hash bar).*

* `rpm -qi zsh` *show package info (from installed package).*

* `rpm -qip ./zsh-5.1.1-6.el8_1.2.x86_64.rpm` *show package file info (from

the repository).*

* `rpm -K ./zsh-5.5.1-6.el8_1.2.x86_64.rpm --nosignature` *validate integrity

(completeness and error-free state) and authententicity for the given package
file.*

WWW.OPENSOURCECIRCLE.COM | OPENSOURCECIRCLE@HOTMAIL.COM | WHATSAPP: +91-98222 34412 3

 RHCSA EXAM (EX200) CHEATSHEET BY OPEN SOURCE CIRCLE

* `rpm -V zsh` *check installed package file attributes compared to the

package file present on the repository (permission mode, size, owner, group,
etc...), if no output, integrity of attributes are OK.*

* `rpm -q zsh` *check whether `zsh` package is installed.*

* `rpm -qc zsh` *list all configuration files for `zsh`.*

#### Using dnf/yum

* *create* `/etc/yum.repos.d/local.repo` *file to install a local

repository.*

```
[BaseOS]
name=BaseOS
baseurl=file:///mnt/BaseOS
gpgcheck=0
```

* `dnf repolist` *show installed repositories.*

* `dnf list --installed` *show installed packages.*

* `dnf repoquery --repo "AppStream"` *list all the packages available for a
specific repository.*

* `dnf provides /etc/group` *show which package contains the `/etc/group`

file.*

* `tail /var/log/dnf.log` *see recent interactions.*

* `dnf repoquery --deplist policycoreutils` *list dependencies for the given

package.*

* `dnf group list --installed` *list only installed package groups.*

* `dnf group install "Security Tools"` *install package group.*

* `dnf module list --installed` *list only installed modules.*

* `dnf module enable postgresql:9.6` *enable module on the specified stream.*

* `dnf module install --profile postgresql:10` *install the module with

default profile for the stream 10.*

* `dnf module reset postgrelsql` *reset module.*

### Boot Process, GRUB, and the Linux Kernel

* `/etc/default/grub` *edit this file to change grub params.*

* `grub2-mkconfig -o /boot/grub2/grub.cfg`, `grub2-mkconfig -o

/boot/efi/EFI/redhat/grub.cfg` *make the config file to apply changes.*

WWW.OPENSOURCECIRCLE.COM | OPENSOURCECIRCLE@HOTMAIL.COM | WHATSAPP: +91-98222 34412 4

 RHCSA EXAM (EX200) CHEATSHEET BY OPEN SOURCE CIRCLE

* Reset root pwd in 7 steps:

* *append* `rd.break` *to the end of the boot cmd, when editing the grub
menu entry, and start it with Ctrl+x.*
* `chroot /sysroot` *make the mounted (read-only) root file system
(`/sysroot`) appear as mounted on `/`.*
* `mount -o remount,rw /` *remount root file system in read/write mode for
the `passwd` cmd to be able to modify the shadow file with a new pwd.*
* `passwd` *change password for the root user.*
* `touch .autorelabel` *create `.autorelabel` file to instruct the OS to
run SELinux relabeling on all files on the next reboot (including the
`shadow` that was updated).*
* `exit` *the `chroot` shell.*
* `reboot` *the system.*

* Extra Step: `mandb` *after restart, rebuild manual pages db.*

* Install most recent kernel, without removing/updating previous kernel (7

files):

* `linux-firmware`
* `kernel`
* `kernel-core`
* `kernel-headers`
* `kernel-modules`
* `kernel-tools`
* `kernel-tools-libs`

* `dnf list installed kernel*` *list installed kernels.*

* `cat /boot/grub2/grubenv` *check if new installed kernel is default boot

option.*

### System Initialization, Message Logging and System Tuning

* `systemctl` *shows loaded units.*

* `systemctl set-default multi-user` *set the default boot target.*

* `logger "$LOGNAME is delivering this message at $(date)"` *write custom log

message to `/var/log/messages`.*

* `tuned-adm profile` *list all available system tuning profiles.*

* `tuned-adm active` *show current system tuning profile.*

* `tuned-adm recommend` *list recommended system tuning profile.*

* `tuned-adm profile balanced` *set system profile to `balanced`.*

### Storage Partitioning

* `lsblk` *list block devices.*

* `parted /dev/vdb mklabel msdos` *label a new disk as `msdos`.*

WWW.OPENSOURCECIRCLE.COM | OPENSOURCECIRCLE@HOTMAIL.COM | WHATSAPP: +91-98222 34412 5

 RHCSA EXAM (EX200) CHEATSHEET BY OPEN SOURCE CIRCLE

* `parted /dev/vdb print` *display disk info.*

* `parted /dev/vdb mkpart primary 1 101m` *create a new `primary` partition

on disk, with size of 100mb.*

* `parted /dev/vdb rm 1` *remove partition `1`.*

* `gdisk /dev/vdc` *create/modify partitions on disk using `gdisk` (create

GTP storage).*

*(If kernel update was previously installed from file, you might need to
download and install `vdo` and `kmod-kvdo` from file too.)*

#### VDO

* `vdo list`, `vdostats`, `lsblk` *see vdo volumes.*

* `vdo create --name=testvdo --device=/dev/vdh --vdoLogicalSize=16G --

vdoSlabSize=128M` *create new vdo volume named `testvdo` with logical size of
`16GB` and slab size of 128mb.*

* `vdo status --name testvdo | grep -i dupl` *check if vdo volume has
deduplication enabled.*

* `vdo disableCompression --name testvdo` *disable compression to vdo

volume.*

#### LVM

* `vgs`, `pvs`, `lvs` *list `volume groups`, `physical volumes` and `logical
volumes`.*

* `vgcreate vg100 /dev/vdb -s 16M` *create `volume group` using `/dev/vdb`

`physical volume`, with `PE` size of 16MB.*

* `vgdisplay vg100` *check `vg100` attributes.*

* `lvcreate -L 100M vg100 -n lvol0` *create logical volume `lvol0` on `vg100`

with 100MB of size.*

* `pvcreate /dev/vdc` *initialize physical volume to use in LVM.*

* `vgextend vg100 /dev/vdc` *extend volume gropup adding a new physical

volume.*

* `lvextend -L +200M /dev/vg100/lvol0` *expand logical volume size.*

* `lvreduce -L -252M /dev/vg100/lvol0` *reduce logical volume size.*

* `lvremove /dev/vg100/lvol0` *remove logical volume.*

* `vgremove vg100` *remove volume group.*

* `pvremove /dev/vdb /dev/vdc` *uninitialize physical volumes.*

WWW.OPENSOURCECIRCLE.COM | OPENSOURCECIRCLE@HOTMAIL.COM | WHATSAPP: +91-98222 34412 6

 RHCSA EXAM (EX200) CHEATSHEET BY OPEN SOURCE CIRCLE

* `wipefs --all /dev/vdg` *wipe any partition table, fs, RAID signatures from
block device.*

#### Stratis

* `stratis pool create strpool /dev/vdg` *create `strpool` stratis pool using
`/dev/vdg` block device.*

* `stratis pool add-data strpool /dev/vdh` *expand the stratis pool adding
another block device.*

* `stratis pool destroy strpool` *remove stratis pool.*

### Local File System and Swap

* `df -h` *show file distem disk usage.*

* `du -sh /usr/bin` *show dir disk usage.*

* `du -sc /etc /usr/bin` *show disk usage for each dir and the sum of both.*

* `lsblk -f` *list block devices, show file system type and UUID.*

* `mkfs.vfat /dev/sdd1` *initialize the partition with the VFAT filesystem

type.*

* `/etc/fstab` example entries:

* `UUID=3C65-A634 /vfatfs5 vfat defaults 0 0`

* `UUID=7eaf462a-ecd2-4d09-91d0-09bdba6fa491 /ext4fs5 ext4 defaults 0
0`
* `UUID=d9cdb722-ad2d-4d2c-901d-d274950ccc55 /xfsfs5 xfs defaults 0
0`
* `/dev/mapper/vdo5 /vdofs5 xfs _netdev-systemd.requires=vdo.service 0
0`
* `/dev/vg200/lv200 /lvmfs5 ext4 defaults 0 0`
* `/dev/vg200/lv300 /lvmfs6 xfs defaults 0 0`
* `UUID=a30f9774-a11d-4a01-ad87-4bfa6f74ba64 /strfs5 xfs _netdev-
systemd.requires=stratisd.service 0 0`
* `/dev/vde1 swap swap defaults 0 0`
* `/dev/vg200/swapvol swap swap defaults 0 0`

* `mount -a` *mount all fs mentioned on `fstab`.*

* `lvextend -r -L +80M /dev/vg200/lv200` *extend local volume and its file

system.*

* `stratis filesystem create strpool5 strfs5` *create `strfs5` filesystem on

`strpool5` stratis pool.*

* `mount -o rw /stratis/strpool5/strfs5 /strfs5` *mount `strfs5` stratis fs

on `/strfs5` dir.*

WWW.OPENSOURCECIRCLE.COM | OPENSOURCECIRCLE@HOTMAIL.COM | WHATSAPP: +91-98222 34412 7

 RHCSA EXAM (EX200) CHEATSHEET BY OPEN SOURCE CIRCLE

* `lsblk /stratis/strpool5/strfs5 -o UUID > /tmp/uuid` *save `strfs5` fs UUID

on a temp file.*

* `mkswap /dev/vde1` *initialize partition with swap structures.*

* `mkswap -L swappart /dev/vde1` *apply `swappart` label to partition.*

* `swapon -a` *activate all swap partitions described on `fstab`.*

* `swapon -s` *list all active swap partitions.*

### Remote File System

(Requires `nfs-utils` and `autofs` packages)

* Setup NFS server (to serve a directory):

* `chmod 755 /common` *add full permissions to dir, before sharing.*

* `firewall-cmd --permanent --add-service nfs` & `firewall-cmd --reload`
*allow NFS traffic to pass through `firewalld`.*
* `systemctl --now enable nfs-server` *enable NFS server.*
* On `/etc/exports` file add: `/common/ 192.168.0.110(rw)`
* `exportfs -av` *export or unexport all items on `/etc/exports` (verbose
mode).*

* `exportfs -u 192.168.0.110:/common` *unexport dir.*

* Mount share on NFS client (old way to mount):

* `mkdir /local`
* `mount 192.168.0.120:/common /local` *to mount manually.*
* On `/etc/fstab` add: `192.168.0.120:/common /local nfs _netdev 0 0` *to
mount on system startup.*
* `mount | grep local` *to confirm mounting success.*

* Mount share on client on-demand using AutoFS (preferred way to mount):

(If using AutoFS for a sharing, do not mount manually or via `/etc/fstab`!)

* USING DIRECT MAP

* `mkdir /autodir`
* On `/etc/auto.master` add `/- /etc/auto.master.d/auto.dir` *to create the
mapping.*
* Create `/etc/auto.master.d/auto.dir` file and add `/autodir
192.168.0.120:/common` *to automount the shared fs on `/autodir`.*

* USING INDIRECT MAP (preferred way)

* On `/etc/auto.master` add `/autoindir /etc/auto.master.d/auto.indir` *to
create the indirect mapping.*
* Create `/etc/auto.master.d/auto.indir` file and add `common
192.168.0.120:/common` *to automount the shared fs on `/autodir`(name the
mountpoint just like the shared folder's name).*
* `systemctl enable --now autofs` or `systemctl restart autofs` *to start.*

### Networking, Network Devices and Connections

WWW.OPENSOURCECIRCLE.COM | OPENSOURCECIRCLE@HOTMAIL.COM | WHATSAPP: +91-98222 34412 8

 RHCSA EXAM (EX200) CHEATSHEET BY OPEN SOURCE CIRCLE

* Configure a Network Connection:

* `ip address` or `ip a` *verify info for network interfaces.*

* `/etc/sysconfig/network-scripts/ifcfg-enp7s0` *create this file to add a
new profile for the network interface.*
* `ifdown enp7s0`, `ifup enp7s0` *reactivate interface.*

* Configure a Network Connection using `nmcli` (preferred way):

(Requires `NetworkManager` service)

* `systemctl status NetworkManager` *check if enabled and active.*

* `nmcli d s`, `nmcli device show` *check presence of a new interface.*
* `nmcli con add type Ethernet ifname enp7s0 con-name enp7s0 ip4
172.10.10.120/24 gw4 172.10.10.1`
* `nmcli c s`, `nmcli connection show` *confirm new connection status.*
* `cat /etc/sysconfig/network-scripts/ifcfg-enp7s0`
* `ip a` *confirm ip assignments for the new connection.*
* `nmcli c down enp7s0` *deactivate connection.*
* `nmcli c up enp7s0` *deactivate connection.*

* `192.168.0.120 server20.example.com server20` on `/etc/hosts` file *map

hostname `server20` to the ip provided.*

* `ping -c2 server20` *issue two ping packets to `server20`.*

### Time Syncronization and Hostname Resolution

* `date`, `timedatectl` *check current system date and time.*

* `timedatectl set-ntp false` *disable networking time sync.*

* `timedatectl set-time "2021-07-08 04:30:00` *change date and time.*

* `date --set 04:00` *change time.*

* `systemctl status chronyd` *(requires `chrony`) check if Chrony is active,

it is the preferred implementation of the Network Time Protocol.*

* Bind `chronyd` to a different server:

* `chronyc sources` *checks current time sources `chronyd` is accessing.*

* On `/etc/chrony.conf`, comment all entries beggining with `pool` or
`server`.
* Add a new line in the end: `server 127.127.1.0`
* `systemctl restart chronyd` *apply changes.*
* `chronyc sources` *checks current time sources `chronyd` is accessing.*

* `cat /etc/resolv.conf` *check DNS lookup definitions.*

* `dig`, `host`, `nslookup`, `getent` *tools to query DNS.*

### The Secure Shell Service

WWW.OPENSOURCECIRCLE.COM | OPENSOURCECIRCLE@HOTMAIL.COM | WHATSAPP: +91-98222 34412 9

 RHCSA EXAM (EX200) CHEATSHEET BY OPEN SOURCE CIRCLE

* `ssh-keygen -N "" -q` *generate RSA keys without password, on silent mode.*

* `ssh-copy-id server20` *copy current user's public key to `server20`.*

* On `/etc/ssh/sshd_config` set `PermitRootLogin no` *disallow root login via

ssh, needs `sshd` to be restarted.*

* `ssh server20 nmcli c s` *execute nmcli command on `server20`.*

* `scp server20:/etc/chrony.conf /tmp` *get file from `server20`.*

* `scp -r /etc/sysconfig server20:/tmp` *transfer entire directory to

`server20`.*

* `rsync -avPzr /etc server20:/tmp` *copy fidrectory recursively to

`server20`, verbose mode, displaying progress, applying compression in
transit.*

### The Linux Firewall

* `firewall-cmd --get-default-zone` *display default zone.*

* `firewall-cmd --list-services --zone public`, `cat

/etc/firewalld/zones/public.xml` *list allowed services for specific zone.*

* `firewall-cmd --add-service http --zone public --permanent` *permanently

allow service for specific zone.*

* `firewall-cmd --reload` *apply changes.*

* `firewall-cmd --add-port "8000-8005/udp" --zone trusted --permanent`

*permanently allow protocol on specified port range on trusted zone.*

### SELinux

* ` -Z` *flag (`id`, `ps`, `ls`) view SELinux context.*

* `seinfo -u` *(requires `setools-console`) list SELinux users.*

* `semanage login -l` *show mapping between Linux user and SELinux user.*

* `semanage port -l` *list records of the port object type.*

* `getenforce` *displays current mode of operation.*

* `setenforce permissive` *switch the operating mode to permissive

temporarily.*

* `sestatus` *shows SELinux runtime status and Boolean values.*

* `chcon -vu user_u -t public_content_t dir1 -R` *temporarily modify SELinux

user and type on the directory `dir1` recursively.*

* `semanage fcontext -a -s user_u -t public_content_t '/dir1(/.*)?'` *add

dir1 recursively to the policy database.*

WWW.OPENSOURCECIRCLE.COM | OPENSOURCECIRCLE@HOTMAIL.COM | WHATSAPP: +91-98222 34412 10

 RHCSA EXAM (EX200) CHEATSHEET BY OPEN SOURCE CIRCLE

* `semanage fcontext -Cl` *list recent changes in the policy database.*

* `restorecon -Rv dir1` *recursively restore default context on files by

referencing the files in the `/etc/selinux/targeted/contexts/files`
directory.*

* `semanage port -at http_port_t -p tcp 8010` *add port `8010` with type
`http_port_t` and protocol `tcp`, to the policy.*

* `semanage port -d -p tcp 8010` *delete port `8010` with protocol `tcp` from
the policy.*

* `--preserve=context` *flag (`cp`) preserve SELinux context for the object.*

* `getsebool -a` | `sestatus -b` | `semanage boolean -l` *list SELinux

boolean state.*

* `setsebool nfs_export_all_rw 0` *temporarily set `nfs_export_all_rw`

boolean to `off`.*

* `setsebool -P nfs_export_all_rw 0` *persistently set `nfs_export_all_rw`

boolean to `off`.*

------

WWW.OPENSOURCECIRCLE.COM | OPENSOURCECIRCLE@HOTMAIL.COM | WHATSAPP: +91-98222 34412 11