Tuesday, July 6, 2010

RHCE Notes

I have just made notes of the the relevant sections which I don't tend to use on day to day basis and i need to rememeber for the exam.

1969 - 1st unix distro
1991 - gnu linux

CENTOS - Community enterprise O.S

igdrizzle = first version of linux distro was named


Scaling CPU Performance.

cd /sys/devices/system/cpu/cpu0/cpufreq/

cat cpuinfo_cur_freq

cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor

echo "powersave" > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor

[root@station3 cpufreq]# cat cpuinfo_cur_freq
[root@station3 cpufreq]# echo performance > scaling_governor
[root@station3 cpufreq]# cat cpuinfo_cur_freq


Manual pages and command helps..

whatis grub

is the same as

man -f grub

the above commands will search for the whole word grub,

man -k grub
will search for the pattern grub anywhere in the string..

apropos grub
info grub

man -f signal
signal (2) - ANSI C signal handling
signal (3p) - signal management
signal (7) - list of available signals
signal.h [signal] (0p) - signals

man signal will show you the first man page..
man 7 signal will take you to the category 7 man page of signal



/usr - operating system shared resources..


command line tips and tricks

[root@station3 ~]# echo camel
[root@station3 ~]# ^m^ram
echo caramel

The ^m^ram replaces m with ram

[root@station3 ~]# echo cow dog
cow dog
[root@station3 ~]# ^cow
echo dog

The ^cow command replaces cow with nothing so the command becomes "echo dog"

!45 (runs the 45th command in the history)
!-3 run the 3rd command from the bottom..
!! runs the last command in the history
!hi runs the last command that start with hi

ctrl l
will clear the screen..


man hier


needs to be part of the / partition.. and cannot reside on a separate partition.

(copy and covert)


the file command will give you informa/rhome/station4/nisuser4tion about what type of file it is..

dumpe2fs /dev/hdb1 | less
the command dumps the superblock..

stat /etc/passwd
dumps the information in the inode of the /etc/passwd

df -i
lists the available list of inodes.. on each partition..

ls -i
gives you the inode number of the files..


available channels.

STDIN 0 <>

find /etc/ -name passwd 2 > errors 1> results
find /etc/ -name passwd 2>&1 1> results
is the same as
find /etc/ -name passwd & > results

is like a t piece which can be used to direct output of a command to both a file and to the stdout

tr command

echo "some random text" ? | tr 'aeiou' 'AEIOU'

the stat command can be used to display file or filesystem status

if you want to make sure that you bypass the alias when you run a command. you can escape the command with a \

ls on its own will use the alias which possible includes "ls --color"
\ls will run the native command ls bypassing the alias setting.

reset command can be used to reset the terminal. specially when your command prompt is all messed up.

login shell - will process the following startup scripts

non login shells will use the below startup scripts

But in redhat login scripts will process all the 4 scripts.

custom scripts for all users should go into /etc/profiles.d/
user specific ones will go into the user related ones..

the paste command is used to take 2 files and combine them as delimited columns

aspell check
used to spell check a file.

"look" command can also be used for spell checks..



\ will match a word ending with test.
\< => beginning of word
\> => ending of word

so \ will match the exact word "test" excluding all the words which includes the substring test.

if you want to search for a bigger string you can use the below


can be used to search for the string "sample" or "test"

Unit - 4
bios uses the IPL (initial program loader) to find the boot loader..

partprobe - gets the kernel to re-read the partition table.

ext3 has several journaling modes..
1. ordered - this is the default.. setting.
2. journaled - journals data and metadata --- you need a separate journal device (need to check this out.)
3. writeback (redhat disables it)

mount options noatime, and nodirtime increases performance.

fuser -vm /boot
fuser -k /boot can be used to kill any process which has got access to /boot.
makes it easy to umount a device which i busy.

e2label.. can be used to label a partition.
rhce exam they love messing with labels..

dd if=/dev/zero of=fakedisk b=1M count=128
mkfs -t ext3 fakedisk
mount -o loop fakedisk /mnt/fakedisk

mount aliases
mount --bind /mnt/stuff /mnt/usb
allows you to have multiple location where the device appears to be mounted..

nfsserver mounts
showmount -e server1
smbclient -U'eur\sushil.suresh' -L lonfs01

auto mounting..

laattr /etc/passwd
chattr +i /etc/passwd
+i immutable
+a append mode only

tune2fs - can be used change the max mount count etc.
dumpe2fs - can be used to dump the superblock etc.
debugfs - low level filesystem repair tool
parted - partitioning tool.

Unit 6

Rpm installation
-i install (typical for kernel install as the old version is left as it is.. )
-U upgrade
-F freshen

RPM removal
-e erase

RPM queries
-q query
-qa query all
-ql obtain a list of files installed by package
-qlp query the package file for a list of files..
-qi query for information
-qip query for information from the package file
-q --changelog show you the change lock of the package
-q --script shows you the script that is run when you install the rpm package or uninstall it.
-qf search the origin of a file..
-q --provides will list libraries that are provided by the
-q --whatrequires will tell you what requires the library
-q --whatprovides

-K perform a keycheck on the rpm package filename

rpm --import
gpg --import
rpm -V initscripts

.......T c /etc/inittab
S.5....T c /etc/rc.d/rc
S.5....T c /etc/sysctl.conf

T indicates time stamp has changed
5 indicated that the md5 checksum has changed or in other words contect ha changed.
c indicates that the file is a config file.

rpm -Va will verify every package file..

extracting an rpm file

rpm2cpio filename.rpm
rpm2cpio initscripts-8.45.19.EL-1.el5.centos.1.x86_64.rpm | cpio --extract --make-directories *inittab*

Kickstart file has got several sections
the config section has got configuration information
package section(which contains categories and individual pacakges)

%pre (section)
This section will contain information to be used and peformed before installation

%post (section)
This section will contain information to be used and performed post installation

Unit - 7

can be used to change the authentication method between local auth, ldap, nis etc..

you might have to use --nox if you want to run it in text mode.

supported account information services
local files, NIS, LDAP, Hesiod, Windbind

Supported authentication mechanisms..
NSS, Kerberos, LDAP, SMB, Winbind


ACL or access control list..
mount -o acl
you need to mount the filesystem with acl option inorder for acls to work.

setfacl -m u::rw
setfacl -m u::rw
setfacl -m d:u::rwx set the default permission and can be applied only to a directory
setfacl -x u: (deletes the user permissions for username)

each process or object has an SElinux context.
context :- identity:role:domain/type

3 modes of operation
1) completely off,
2) on, but permissive mode,
3) on , and is restrictive

the default log file for selinux is /var/log/audit/audit.log

setsebool (set boolean values in a persistent manner)
/etc/sysconfig/selinux edi
from grub append enforcing=0 or selinux=0

usefull to have setroubleshoot-server
yum install setroubleshoot-server
service setroubleshoot start

ls -Z /etc/passwd
-rw-r--r-- root root system_u:object_r:etc_t /etc/passwd

ps -Zax

The Z switch is used to get hold of the contexts for a file or process..

chcon -t etc_t anaconda-ks.cfg
chcon - change SELinux security context

system-config-selinux(part of policycoreutils-gui)

if selinux is swiched on.. then there should be

selinux policy editor... can be used to edit the policy..
default policies are targeted and strict which is provided by redhat.
if you divulge from this .. then you are in violation of the support contract.

the policy editor to install it you do
yum install policycoreutils-gui



or localhost:631
to configure printers..

gtklp great utility to send print jobs.


only one file needs to exist.
allow takes precedence over deny..

star is the equivalent of tar but is aware of SE linux contexts ...
so ifyou want to backup selinux enabled disks.. always use star

Unit 8

Software Raid(meta devices)

mdadm /dev/md0 -C

mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda7 /dev/sda8

I tend to prefer the longer version of the options as it is self explanator, and easier to remember or recollect, especially when you don't use it on a daily basis. The shorter version of the command would be

mdadm -C /dev/md0 -l=1 -n=2 /dev/sda7 /dev/sda8

In the above commands level (or raid level) could be
linear, raid0, 0, stripe, raid1, 1, mirror, raid4, 4, raid5, 5, raid6, 6, raid10, 10, multipath, mp, faulty

mdadm --detail /dev/md0
will give you information about the raid device md0

cat /proc/mdstat will give you the same information.

if you want to force a disk in an array to fail..
mdadm /dev/md0 -f /dev/sda1

and to add a drive back.
mdadm /dev/md0 -a /dev/sda1


stride = filesystem block size divided by chunksize.

Logical Volumes (LVM)

The basic cocept of lvm consists of 3 components
Physical Volumes
Volume Groups (made up of one or more physical volumes)
Logical Volumes (created from space available in a volume group)

Creating LVMs


Displaying information about LVMs

-L sizein MB/Gb etc ..
-l Size in physical extend.

Resizing logical volumes
ext2online (only to be used on RHEL4 systems)
resize2fs (available from RHEL5 onwards)

ext2online only to be used with RHEL4 and below
resize2fs is to be used with RHEL5 and above


pvcreate /dev/sda9
pvcreate /dev/sda10
vgcreate lvmgroup /dev/sda9 /dev/sda10
lvcreate --size 200M lvmgroup --name lvm_disk
pvcreate /dev/sda11
vgextend lvmgroup /dev/sda11
lvextend -L +50M /dev/lvmgroup/lvm_disk /dev/sda11
resize2fs -p /dev/lvmgroup/lvm_disk


Quota system in Linux.

user qoutas and group qoutas can be setup.
quota's are generally applied on a per user basis than per group.

mount -o remount,usrquota /home
You can remount the partition with the relevant quota options or for more permanent setup add usrquota and/or grpquota to the options column in fstab.

When setting quota's for the first time, make sure you run quotacheck command to create the quota database for first use. The -c option creates the "aquota.user" and "aquota.group" database which are necessary to facilitate the usage of quotas.
quotacheck -cm /home

Once the quota database is setup, you need to enable or switch on quotas.
quotaon /home

quotaoff command can be used to switch quota's off

edquota can be used to edit the quota setting for a user or group
edquota bob (can be used to edit the quota setting for bob)
one can use -u for user quota or -g for group quota

The -p option can be used to replicate or copy quota setting of an existing user to another.
edquota -p bob joe
(copies bobs quotas to joe)

repquota generes a report on all user based quotas
repquota /home (reports on all user based quotas.. )

Warkquota can be used to send emails to all users exceeding their quota
warnquota /home

Quotas can be set at a block level and at an inode level.
Each of the above levels have a hard and soft limit.
Soft limit can be exceeded, but hard limits cannot.

Block level limits are are set in 1K blocks.

The default grace period once the soft limits are exceeded by are user is 7 days.
If exceeded, the user;s soft limits become his hard lmit

One can set or reset the grace period by using the
edquota -t or edquta -T


X -probeonly -log verbose 5

service --status-all

firewalling happens at the kernel level.
iptables is just used to interface with the kernel


three main tables.
nat, filter, mangle,

each table contain chains..

for NAT the chains are

for FILTER table the chains are
input (affects packets for me)
output (affects packets orginating from me)
forward (affects packets that are going through me.. or routed through me)

1. incoming packet
2. crc/sanity check
3. pre-routing check
4. routing decision ?
5. is this packet "to me", "through me", or "from me"

"to me" packets
gets passed to the INPUT chain of the filter table
it then goes to the relevant application

"through me" packets
get passed to the FORWARD chain in the filter table
which then gets passed to the POSTROUTING chain in the NAT table
then it gets delivered

"from me" packets
Application generates from me packets
it gets passed to the OUTPUT chain in filter table
these packets then go through a routing decision
it then becomes a "from me" packet
This packet then goes through the OUTPUT chain of the nat table
and then get delivered.

different types of NAT

DNAT can only be applied at PREROUTING

SNAT and MASQUERADE can only be applied at POSTROUTING

Rule targets
builtin targets - DROP, ACCEPT
extension targets - LOG,REJECT, custom

I - insert.. always adds it to the top
A- append.. always adds it to the bottom
R-replace replace rule number n from the chain
D-delete delete rule number n from the chain

preparing iptables rules

Where i am putting the rule.
. specify which table you are going to work with
. specify the operation to perform Insert, Append, Replace. With Insert and replace you can use a number. for insert if you don't give number it will assume 1

Specify what type of packet you are looking for
Type of packet source/destination (-s/-d)
Specify the interface incoming/outgoing (-i/-o)
Protocol (-p)
port (--dport/--sport)
match rule extensions.. used to extend the funcationality of iptables matching (-m)
match rule extenstions - eg: state,mac,tcp,udp,multiport

Where to send it.. to
DNAT --to-dest - if you chose pre-routing chain in nat table
SNAT --to-dest - if you chose post-routing chain in nat table
MASQUERADE - if you chose post-routing chain in nat table
ACCEPT - if it is filter table
REJECT - if it is filter table
DROP - if it is filter table
LOG - if it is filter table

To change the the default policy of a table you can use the -P flag

iptables -P FORWARD DROP
iptables -P INPUT DROP

file sharing
Bind on redhat
required packages
bind-utils, bind-chroot, bind, caching-nameserver

caching-nameserver installs a sample/skeleton config

if you want to install chroot.. always.. install bind-chroot before you install bind

selinux requires the slave zones should be in the directory "slaves/"
if not selinux will throw an error, and you will be lost

format for a zone record.


User Authentication (PAM) Pluggable Authentication Module.

Documentation is in

2 types of information .. Account info, and authentication

glibc initially carried out the authentication..
then modular versions of the library came about for authentication.
/etc/nsswitch.conf was used to link m

getent let your retriew information from various nsswitch databases.

The newer and much better/modular method is using PAM

they talk to the nsswitch using the pam_unix module.

PAM allows to reconfigure authentication without rewriting applications.
libpam handles checks based on the pam configuration files.

there is a separate configuration file for each application
the configuration file is broken into 3 columns
right most column is the name of the module called.

PAM sees authentication as a 4 steps
1. auth - Establishes the identity of the user.
2. account - Allows/denies access based on account policies - time, password expiration, or specific list of restricted users
3. password - Manages password policies.
4. session - Applies application/session related information.

Any PAM configuration file has 4 columns
[Module_Type] [Control_Flag] [Module_Path] [arguments]

The first column Module type will be one of the 4 stages of PAM authentication process discussed above (auth,account,password,session). It dictates which phase of the authentication is handled by the line.

The second column Control_flag dictates how the module is resolved..
The control flag dictates how the configuration file reacts when a module returns a success or failure.
The various control flags are
1. required - If the module passes, the commands proceeds. If it fails PAM proceeds to the next command in the configuration file, but the command controlled by PAM will still fail.
2. requisite - Stops the process if the module fails
3. sufficient - If the module succeeds, no other commands need to be processed.
4. optional -
5. include - (indicates that the following module needs to be loaded as well)

The third column or Module_Path indicates which module is invoked or used to verify the current phase of the pam authentication.

Note: if the file /etc/nologin file exists, regular users are not allowed to login into the local console. Any regular user that tries to log in gets to the contents of the /etc/nologin as a message.


pam_time is configured in /etc/security/time.conf

pam limits /etc/security/limits.conf you can allocate cpu time for users etc..

/etc/security/limits.conf can restrict access to your machine for user accounts.

This file configures/lists the consoles from where you can login as the root user. This does not affect the regular users.


This module can be used to configure pam to limit access to specif users

auth required pam_listfile.so onerr=succeed item=user sense=allow file=/etc/special

If the item(user) is found in file /etc/special and as sense is allow, PAM will allow the user to run the application.


find / \( -nouser -o -nogroup \)
search for files not owned by any user or any group

find / -f -perm -2
search for files with write permisions to other..

turn on process accounting
accton /var/account/pacct

ac --daily-totals --individual-totals

Email Server

THe RHEL exam expects you to have a decent understanding of mail services
sendmail, dovecot, postfix, and procmail.
Dovecot provides IMAP, POP3, and POP3S services.


above commands can be used to switch between the various mail systems.


Main configuration files are located in /etc/mail
There are 2 main configuration files
sendmail.cf - for incoming mails
submit.cf - for outgoing mails.


sendmail.cf is the original configuration file for sendmail.
as it was too cryptic and complicated, the sendmail.mc configuration file, which is a macro language file used to configure sendmail.cf

so once you edit the sendmail.mc file you need to regenerate the sendmail.cf file
This can be done in one of the 2 way below.

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
make -C /etc/mail


has a list of domains for which the mail server will accept emails.

let you configure who you will accept email from and who you will relay email for

mail -v user
the -v option is quite useful..

mailq - mail queue
mailq -Ac (mail submission queue)

[root@station4 mail]# which sendmail
[root@station4 mail]# ls -l /usr/sbin/sendmail
lrwxrwxrwx 1 root root 21 Dec 16 09:50 /usr/sbin/sendmail -> /etc/alternatives/mta
[root@station4 mail]# ls -l /etc/alternatives/mta
lrwxrwxrwx 1 root root 27 Dec 16 09:50 /etc/alternatives/mta -> /usr/sbin/sendmail.sendmail

alternatives --config mta

alternatives --display mta

system-swith-mail can also be used...

alternatives program is used to switch between different version or alternatives of the same program.


The configuration files are stored in /etc/postfix

modular suite of programs..
daemons :- master nqmgr,


postconf -e 'my_interfaces=locahost,'
The above command will update the postfix

the above command is quite useful tool
control command for postfix.. postfix superintendant.

postmap - to get postfix to regenerate the hash map of the modular config files
postalias - used to inform postfix that you have updated the alisa file

you can use regular expressions to filter your email.

procmail is the MDA or the mail delivery agent.

postconf -e 'mailbox-command=/usr/bin/procmail'
is used to enable the procmail mail handing for postfix.4

useful to configure procmail


The main configuration file is

The default values for the varibales are shown in # comment lines. If you are going to use the default values you don't have to uncomment them.

The one setting you definitely have to configure is the "mail_location" variable.
This variable is required for Dovecot to function properly, and defines the location where email is stored.

Certificates and keys for secure POP3 and IMAP connection are stored in the following directories

Before deploying new certs, move the existing ones out of the way.

The main configuration file which holds setting for the certificate are located in

Make the necessary changes to the above configuration file and run the below script to generate new certs and keys.


fun and games
adventure shell
mp (can be used to play video in text mode)
ccze (colourise text)
pbzip2 (parallel bzip2)
rbash (restrictive bash shell)
inkscape (
An Open Source vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics (SVG) file format)

http://www.supergrubdisk.org/ (boot disk to troubleshooting partition issues..)

gpart - can be used to guess partitions.. once deleted and recover stuff etc..


http://vorbis.com/ (open source audio format)

wikipedia searches
carnivore software

jetset (used to set the status of the printer)
jetset "message to be displayed"

etherape a gui.. for mapping network traffic