Centos and Red Hat notes, part 1
I’ve decided to take the exams for Red Hat Certified Systems Administrator (RHCSA) and Red Hat Certified Engineer (RHCE). I’ve been meaning to do this for 10 or 15 years! This post is just notes for myself.
I usually use Ubuntu so these notes are specifically for learning CentOS.
Users, passwords, etc.
- list users. This can be done with
more /etc/passwd
. The output of this includes username, password, UID, GID, User Details (eg first name), home directory, and default shell. You could also usegetent passwd
since getent is a tool that searches databases on the system, like hosts and services, and others. - create user. This will create a user named john with a uid/gid of 2000
sudo useradd -u 2000 john
sudo passwd john
#enter password for john here
- set password validity for user. The
chage
command fordes users to change passwords to comply with password-aging policiessudo chage -l john
#the -l flag will list the password expiry date, date of last password set, and other info for a usersudo chage -E $(date -d +30days +%Y-%m-%d)
# the -E flag will set a date to expire their password- Nice reference: https://www.redhat.com/sysadmin/password-expiration-date-linux
- change password.
passwd
- change root password.
sudo passwd root
- change root password when you don’t have sudo privilege. You need physical access to machine.
- reboot machine and press e during GRUB loader screen. That will open an editor with current kernel boot options.
- find line starting with linux16 and add rd.break at the end and hit Ctrl+X to exit
mount -o remount,rw /sysroot/
chroot /sysroot
passwd
to change your password
touch /.autorelabel
exit
exit
orreboot
- sudoers file. Your user must be in this if you want to run
sudo
in front of your commands.
su - root #switch to the root user
#Option 1: add the user to the 'wheel' group
usermod -a -G wheel centos #add the user 'centos' to the group 'wheel' which has the rights to run the sudo command
#Option 2: add the user directly to /etc/sudoers file
visudo
#add a line like this to the file 'centos ALL=(ALL:ALL) ALL'
- change hostname
nmtui
or- edit
/etc/hostname
or - use the command
hostnamectl set-hostname SOME_NAME
or - use nmcli:
nmcli general hostname SOME_NAME
NB: if you want to change the ‘pretty hostname’ without restarting the OS, you can usehostnamectl set-hostname SOME_NAME --pretty
or create/edit the file/etc/machine-info
so that it has the pretty hostname in it.
Networking, routing, etc
-
My Hyper-V on Win10. When I deployed Centos 7.9.2009 on Hyper-V using the ISO found here, I typed
nmcli
and it showed the interfaceeth0
was in a disconnected state. Using the console UI in Hyper-V, I typednmcli device connect eth0
and then the interface obtained a DHCP address immediately. -
Set a static IP. Edit
/etc/sysconfig/network-scripts/ifcfg-eth0
. I’m experienced enough not to type everything out, but in my case I’ll note thatBOOTPROTO
can be changed from dhcp to static and thatONBOOT
can be changed to yes. My file now looks like this:
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static #edited from 'dhcp' to 'static'
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=3abc8a88-85fe-4a80-8e29-ed1ff1dcf739
DEVICE=eth0
ONBOOT=yes #edited from 'no' to 'yes'
IPADDR=172.23.110.145 #I added this line
NETMASK=255.255.240.0 #I added this line
GATEWAY=172.23.96.1 #I added this line
DNS1=8.8.8.8 #I added this line
DNS2=8.8.4.4 #I added this line
- On Centos, use the
ip route
command (not justroute
like Ubuntu) - Add a secondary IP address.
Option 1:nmtui
and follow the interface to add a secondary IP. Runservice network restart
after that.
Option 2: Edit the config files directly. Can only be done ifNM_CONTROLLED="no"
or is not configured at all on the interface. You would just add these lines to the above config file:
IPADDR1=172.23.110.146
PREFIX1=20
NETMASK1=255.255.240.0
- Add a temporary secondary IP address. This will last only until server reboot our the next network service restart.
ip a add 172.23.110.146/20 dev eth0
- restart network service:
service network restart
SE Linux
- install SE Linux. This worked for me on Centos 7.9
sudo yum install policycoreutils policycoreutils-python setools setools-console setroubleshoot
- disabled vs enforcing
The file/etc/selinux/config
should haveSELINUX=enforcing
orpermissive
ordisabled
(editing this file and rebooting is the way to ensure that the mode will persist after reboot) getenforce
- this command will tell you which mode you are insudo setenforce 0
for permissive orsudo setenforce 1
for enforcing (does not persist after reboot)sestatus
to check status of SE Linux
Apache
sudo yum install -y httpd
- this will install Apache- remember to allow service to interact with network through firewall
#notice the '--permament' option (in order to save rule to survive during reboots)
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
- remember to start a service after installing it, and to enable it (to autostart after reboot)
systemctl enable httpd
systemctl start httpd