RHCSA Exam Notes – Web Version

Source: Lab 01 – Package management, user management

Based strictly on RH124 and RH134 course scripts

This document includes explanations + screenshot markers for exam proof.

Lab Task: Save list of all installed packages to /root/dnf_list.txt

Script Reference: RH124 Chapter 12 (DNF), Chapter 2 & 3 (Redirection)

dnf list installed > /root/dnf_list.txt

Explanation:

dnf list installed displays all installed packages.
> redirects output into a file.
/root requires root privileges.

ls -l /root/dnf_list.txt
head /root/dnf_list.txt

Lab Task: Verify nginx is installed

Script Reference: RH124 Chapter 12

dnf list installed nginx

dnf install nginx  (if not installed)

Explanation:

dnf list installed nginx checks if package exists.
dnf install installs package and dependencies.

dnf list installed nginx

Lab Task: Verify wget is not installed

Script Reference: RH124 Chapter 12

dnf list installed wget

dnf remove wget  (if installed)

Explanation:

dnf remove uninstalls package.
Re-run dnf list installed wget to verify removal.

dnf list installed wget

Lab Task: System must be fully updated

Script Reference: RH124 Chapter 12

dnf check-update

dnf update  (if updates available)

Explanation:

dnf check-update shows available updates.
dnf update installs available updates.
If check-update returns no list, system is up to date.

dnf check-update (must show no available packages)

Lab Task: Enable epel repository and verify

Script Reference: RH124 Chapter 12 (Repository management)

dnf install epel-release

dnf repolist

Explanation:

epel-release installs EPEL repository configuration.

dnf repolist verifies enabled repositories.

dnf repolist (must show epel)

Lab Task: Install and verify htop works

Script Reference: RH124 Chapter 12

dnf install htop

htop

Explanation:

dnf install installs htop.
Running htop verifies successful installation.

htop running in terminal

Lab Task: Create employees and bosses groups

Script Reference: RH124 Chapter 6

groupadd employees

groupadd bosses

grep employees /etc/group

grep bosses /etc/group

Explanation:

groupadd creates new group.
/etc/group stores group information.
grep verifies group exists.

grep employees /etc/group
 grep bosses /etc/group

Lab Task: Create employee1, employee2, boss1, boss2

Script Reference: RH124 Chapter 6

useradd -m -G employees employee1

useradd -m -G employees employee2

useradd -m -G bosses boss1

useradd -m -G bosses boss2

id employee1
id boss1

Explanation:

-m creates home directory.

-G assigns supplementary group.

id verifies UID, GID and group membership.

id employee1
id employee2
id boss1
id boss2

Lab Task: Configure ownership and permissions

Script Reference: RH124 Chapter 7

mkdir -p /shared/employees

mkdir -p /shared/bosses

chown :employees /shared/employees

chown :bosses /shared/bosses

chmod 770 /shared/employees

chmod 770 /shared/bosses

ls -ld /shared/employees
ls -ld /shared/bosses

Explanation:

chown :group changes group ownership.
chmod 770 gives rwx to owner and group, none to others.
ls -ld verifies permissions.

ls -ld /shared/employees
ls -ld /shared/bosses

Lab Task: Bosses must have read-only access to employees directory

Script Reference: RH124 Chapter 7 (ACL section)

setfacl -m g:bosses:rx /shared/employees

getfacl /shared/employees

Explanation:

setfacl modifies ACL for group bosses.

rx gives read and execute (directory traversal).

getfacl verifies ACL configuration.

getfacl /shared/employees (must show group:bosses:r-x)

groupadd profesori

groupadd studenti

usermod -aG profesori profesor1

usermod -aG profesori profesor2

usermod -aG profesori profesor3

usermod -aG studenti student1

usermod -aG studenti student2

usermod -aG studenti student3

Provjera:

id profesor1

id student1

chown root:profesori /profesori

chown root:studenti /studenti

Provjera:

ls -ld /profesori

ls -ld /studenti

chmod 2770 /profesori

znači:

2 → setgid

7 → rwx owner

7 → rwx group

0 → no access others

isti rezultat možeš dobiti:

chmod u+rwx,g+rwx,o-rwx /profesori

chmod g+s /profesori

📌 što radi g+s

setgid na direktoriju znači da sve nove datoteke dobiju grupu profesori.

Ovo je važna logika.

Ako ne koristimo ACL, onda nije moguće dati read pristup drugoj grupi bez da otvorimo direktorij i za druge.

Zato je najbliže rješenje:

chmod 2755 /studenti

2 → setgid

7 → owner

5 → group

5 → others

others mogu čitati, ali ne mogu pisati.

chmod u+rwx,g+rx,o+rx /studenti

chmod g+s /studenti

su - profesor1

touch /profesori/test_prof.txt

su - student1

touch /profesori/test_student.txt

dobiješ:

Permission denied

su - student1

touch /studenti/test_student.txt

su - profesor1

ls /studenti

cat /studenti/test_student.txt

ali ne može pisati:

touch /studenti/prof_fail.txt

ls -ld /profesori

ls -ld /studenti

i

ls -l /profesori

ls -l /studenti

Lab Task: Home directories must be under /shared

Script Reference: RH124 Chapter 6

mkdir -p /shared/remote1 /shared/remote2 /shared/remote3

useradd -d /shared/remote1 -m remote1

useradd -d /shared/remote2 -m remote2

useradd -d /shared/remote3 -m remote3

ls -ld /shared/remote*

Explanation:

-d specifies custom home directory.

ls -ld verifies directory creation.

ls -ld /shared/remote*

Lab Task: SSH login without password

Script Reference: RH124 Chapter 10

ssh-keygen (on WORKSTATION)

ssh-copy-id remote1@SERVERB

ssh remote1@SERVERB

Explanation:

ssh-keygen creates key pair.
ssh-copy-id copies public key to authorized_keys.
Login should occur without password prompt.

Successful SSH login without password prompt

Lab Task: remote2 must require password login

Script Reference: RH124 Chapter 10

passwd remote2

grep PasswordAuthentication /etc/ssh/sshd_config

systemctl restart sshd

ssh remote2@SERVERB

Explanation:

passwd sets password.
PasswordAuthentication must be enabled.
Restart sshd after config changes.

SSH login showing password prompt

Lab Task: remote3 must execute all commands as administrator

Script Reference: RH124 Chapter 6 (wheel group)

usermod -aG wheel remote3

id remote3

sudo dnf list installed

Explanation:

Adding user to wheel group grants sudo privileges.

id verifies group membership.

sudo command verifies administrative access.

id remote3 and successful sudo command output

EXAMPLE SSH

Na servera kreirajte korisnika ishod3, te kreirajte njegove SSH ključeve. Dokažite prisutnost SSH ključeva. Napravite sve što je potrebno kako bi korisnik ishod3 sa servera mogao pristupiti na serverb kao korisnik student bez unosa lozinke.

Riješimo zadatak točno kako bi se očekivalo na RH124/RH134 ispitu, koristeći komande iz skripti (Chapter 10 – Configure and Secure SSH).

Zadatak ima 4 logička koraka.

Na servera:

useradd ishod3

passwd ishod3

Provjera:

id ishod3

Prebaci se na korisnika:

su - ishod3

Generiraj SSH ključeve:

ssh-keygen

Samo pritisni Enter nekoliko puta.

Time se kreiraju:

~/.ssh/id_rsa

~/.ssh/id_rsa.pub

ls -l ~/.ssh

Trebaš vidjeti:

id_rsa

id_rsa.pub

Možeš pokazati i sadržaj javnog ključa:

cat ~/.ssh/id_rsa.pub

Sada kopiramo javni ključ na serverb.

Još uvijek kao ishod3 na servera:

ssh-copy-id student@serverb

Upiši lozinku korisnika student na serverb.

Ova komanda:

kopira id_rsa.pub

sprema ga u

~student/.ssh/authorized_keys

na serverb.

Sada probaj:

ssh student@serverb

Ako je sve dobro napravljeno:

✔ neće tražiti lozinku

Na serverb:

ls -l ~/.ssh

i

cat ~/.ssh/authorized_keys

vidi se javni ključ.

Proces je:

servera (ishod3)

│

│ SSH ključ

▼

serverb (student)

~/.ssh/authorized_keys

Kada se spojiš:

serverb vidi javni ključ

servera dokazuje identitet privatnim ključem

login se dozvoljava bez lozinke

Ako moraš brzo riješiti zadatak:

useradd ishod3

su - ishod3

ssh-keygen

ssh-copy-id student@serverb

ssh student@serverb

Source: Lab 02 – Disks and Partitions

Based strictly on RH134 Chapter 7 – Manage Basic Storage

Includes explanations + screenshot markers for exam proof.

Lab Task: Confirm second disk before partitioning

Script Reference: RH134 Chapter 7 (lsblk usage)

lsblk

Explanation:

lsblk lists block devices and partitions.

Verify that /dev/vdb exists and has no partitions.

lsblk output showing /dev/vdb

Lab Task: Create first partition of size 300MB

Script Reference: RH134 Chapter 7 (fdisk usage)

fdisk /dev/vdb

Explanation:

Inside fdisk:

n → new partition

p → primary

1 → partition number

Accept default first sector

+300M → size

w → write changes

fdisk partition table after creating 300MB partition

Lab Task: Create second partition of size 500MB

Script Reference: RH134 Chapter 7 (fdisk usage)

fdisk /dev/vdb

Explanation:

n → new partition

p → primary

2 → partition number

Accept default first sector

+500M → size

w → write changes

fdisk partition table after creating second partition

Lab Task: Create third partition and set type to swap

Script Reference: RH134 Chapter 7 (fdisk + swap type)

fdisk /dev/vdb

Explanation:

n → new partition

p → primary

3 → partition number

+500M → size

t → change type

3 → select partition 3

82 (or Linux swap in RHEL9)

w → write changes

fdisk showing swap partition type

Lab Task: Format first partition with XFS

Script Reference: RH134 Chapter 7 (mkfs.xfs)

mkfs.xfs /dev/vdb1

Explanation:

mkfs.xfs creates XFS filesystem on specified partition.

mkfs.xfs command output

Lab Task: Format second partition with EXT4

Script Reference: RH134 Chapter 7 (mkfs.ext4)

mkfs.ext4 /dev/vdb2

Explanation:

mkfs.ext4 creates EXT4 filesystem.

mkfs.ext4 command output

Lab Task: Initialize and enable swap partition

Script Reference: RH134 Chapter 7 (mkswap + swapon)

mkswap /dev/vdb3

swapon /dev/vdb3

Explanation:

mkswap initializes swap area.

swapon activates swap immediately.

Use swapon --show to verify.

swapon --show

swapon --show output

Lab Task: Mount to /mount/xfs and /mount/ext4

Script Reference: RH134 Chapter 7 (mount usage)

mkdir -p /mount/xfs

mkdir -p /mount/ext4

mount /dev/vdb1 /mount/xfs

mount /dev/vdb2 /mount/ext4

df -h

Explanation:

mkdir creates mount points.
mount attaches filesystem.
df -h verifies mount success.

df -h showing mounted filesystems

Lab Task: All partitions including swap must mount at boot

Script Reference: RH134 Chapter 7 (fstab configuration)

blkid /dev/vdb1

blkid /dev/vdb2

blkid /dev/vdb3

Explanation:

blkid retrieves UUID.
Using UUID in /etc/fstab is recommended practice.

vi /etc/fstab

Explanation:

Add entries:

UUID=<uuid1> /mount/xfs xfs defaults 0 0

UUID=<uuid2> /mount/ext4 ext4 defaults 0 0

UUID=<uuid3> swap swap defaults 0 0

mount -a

Explanation:

mount -a tests fstab without reboot.
If no errors appear, configuration is correct.

mount -a (no errors) and

df -h

swapon --show

Source: Lab 03 – Logging and Network Configuration

Based strictly on RH124 Chapter 11 and RH134 Chapters 2 & 3

Lab Task: Set timezone and ensure reboot persistence

Script Reference: RH134 Chapter 3 (timedatectl usage)

timedatectl set-timezone Europe/Zagreb

timedatectl

Explanation:

timedatectl set-timezone changes system timezone.
This change is automatically persistent.
timedatectl verifies current timezone settings.

timedatectl (must show Time zone: Europe/Zagreb)

Lab Task: Show last 25 journal entries

Script Reference: RH134 Chapter 3

journalctl -n 25

Explanation:

-n specifies number of last entries to display.

journalctl -n 25 output

Lab Task: Follow entries currently added

Script Reference: RH134 Chapter 3

journalctl -f

Explanation:

-f follows new entries in real time.

journalctl -f showing live entries

Lab Task: Follow SSH daemon logs

Script Reference: RH134 Chapter 3

journalctl -f -u sshd

Explanation:

-u filters by systemd unit (sshd service).

journalctl -f -u sshd

Lab Task: Show warning and above

Script Reference: RH134 Chapter 3

journalctl -p warning

Explanation:

-p warning shows logs of priority warning and higher (err, crit, alert, emerg).

journalctl -p warning output

Lab Task: List all boot sessions

Script Reference: RH134 Chapter 3

journalctl --list-boots

Explanation:

--list-boots lists all recorded boot sessions.

journalctl --list-boots output

Lab Task: Show entries since last boot

Script Reference: RH134 Chapter 3

journalctl -b

Explanation:

-b shows logs from current boot.

journalctl -b output

Lab Task: Filter logs for root user

Script Reference: RH134 Chapter 3

journalctl _UID=0

Explanation:

_UID=0 filters entries generated by root user.

journalctl _UID=0 output

Lab Task: Filter by specific date

Script Reference: RH134 Chapter 3

journalctl --since '2024-06-01'

Explanation:

--since filters logs starting from specified date.

journalctl --since '2024-06-01'

Lab Task: Filter since yesterday

Script Reference: RH134 Chapter 3

journalctl --since yesterday

Explanation:

--since yesterday filters from previous day.

journalctl --since yesterday

Lab Task: Filter logs in UTC timezone

Script Reference: RH134 Chapter 3

journalctl --since '2024-06-03' --utc

Explanation:

--utc displays timestamps in UTC timezone.

journalctl --since '2024-06-03' --utc

Lab Task: Relative time filtering

Script Reference: RH134 Chapter 3

journalctl --since '5 hours ago'

Explanation:

Relative time filtering supported in journalctl.

journalctl --since '5 hours ago'

Lab Task: Save all entries in verbose format

Script Reference: RH134 Chapter 3

journalctl -o verbose > /tmp/verbose_journal.txt

Explanation:

-o verbose shows detailed fields. Output redirected to file.

ls -l /tmp/verbose_journal.txt

Lab Task: Display journal disk usage

Script Reference: RH134 Chapter 3

journalctl --disk-usage

Explanation:

--disk-usage shows current journal size.

journalctl --disk-usage output

Lab Task: Reduce disk usage

Script Reference: RH134 Chapter 3

journalctl --vacuum-size=50M

Explanation:

--vacuum-size removes older logs until usage is 50MB.

journalctl --disk-usage after vacuum

Lab Task: Filter logs by SSH process PID

Script Reference: RH134 Chapter 3

pidof sshd

journalctl _PID=<PID>

Explanation:

pidof retrieves process ID. _PID filter shows logs from that process.

journalctl _PID=<PID> output

Based strictly on RH134 Chapter 2 (Scheduling) and Chapter 3 (Logging)

Lab Task: Create rsyslog config file for kernel facility

Script Reference: RH134 Chapter 3

vi /etc/rsyslog.d/kernel.conf

Add:  kern.*   /var/log/kernel

systemctl restart rsyslog

Explanation:

kern.* selects all kernel facility logs.

Custom config files are placed in /etc/rsyslog.d/.

Restart rsyslog to apply changes.

systemctl status rsyslog and ls -l /var/log/kernel

Lab Task: Create rsyslog rule for cron facility

Script Reference: RH134 Chapter 3

vi /etc/rsyslog.d/cron.conf

Add:  cron.*   /var/log/custom-cron.log

systemctl restart rsyslog

Explanation:

cron.* selects all cron related logs.

Restart required after configuration change.

ls -l /var/log/custom-cron.log

Lab Task: Filter sshd logs by priority

Script Reference: RH134 Chapter 3

vi /etc/rsyslog.d/ssh.conf

Add:  authpriv.info   /var/log/ssh-custom.log

systemctl restart rsyslog

Explanation:

authpriv facility handles SSH authentication logs.

.info captures INFO level and higher priorities.

ls -l /var/log/ssh-custom.log

Lab Task: Create rule for local7 facility

Script Reference: RH134 Chapter 3

vi /etc/rsyslog.d/local7.conf

Add:  local7.*   /var/log/local7-custom.log

systemctl restart rsyslog

Explanation:

local7 is a custom facility often used for testing.

local7.* captures all priorities.

ls -l /var/log/local7-custom.log

Lab Task: Save root partition usage with timestamp

Script Reference: RH134 Chapter 2

crontab -e (as student)

*/2 * * * * date +"%m-%d-%Y %H-%M-%S" >> /var/log/disk_usage.log && df -h / >> /var/log/disk_usage.log

Explanation:

*/2 runs every 2 minutes.

date formats timestamp.

df -h / shows root partition usage.

crontab -l showing disk usage entry

Lab Task: Write journal entry via logger

Script Reference: RH134 Chapter 2 & 3

crontab -e (as student)

*/5 * * * * logger -p local7.emerg "2024 is the year of Linux desktop!"

Explanation:

logger writes message to syslog.

-p specifies facility.priority.

local7.emerg = highest priority.

crontab -l showing local7 entry

Lab Task: Every 2 minutes on odd days in June, August, December between 9-17

Script Reference: RH134 Chapter 2

crontab -e (as student)

*/2 9-17 1-31/2 6,8,12 * logger "Just when I thought I knew crontab, this happens…"

Explanation:

*/2 = every 2 minutes.

9-17 = between 9 and 17 hours.

1-31/2 = odd days.

6,8,12 = June, August, December.

crontab -l showing complex cron entry

Based strictly on RH134 Chapter 3 (Logrotate) and RH124 Chapter 11 (Networking)

Lab Task: Daily rotation of kernel log

Script Reference: RH134 Chapter 3 (logrotate)

vi /etc/logrotate.d/kernel

/var/log/kernel {

daily

rotate 7

}

Explanation:

daily rotates log every day.

rotate 7 keeps last 7 rotated files.

logrotate config file content for kernel

Lab Task: Weekly rotation, keep 8 files (~2 months)

Script Reference: RH134 Chapter 3

vi /etc/logrotate.d/custom-cron

/var/log/custom-cron.log {

weekly

rotate 8

}

Explanation:

weekly rotates log every week.

rotate 8 keeps approximately 2 months of logs.

logrotate config for custom-cron.log

Lab Task: Keep 3 months uncompressed, next 9 compressed

Script Reference: RH134 Chapter 3

vi /etc/logrotate.d/local7-custom

/var/log/local7-custom.log {

monthly

rotate 12

compress

delaycompress

}

Explanation:

monthly rotates every month.

rotate 12 keeps 12 months.

compress compresses rotated logs.

delaycompress leaves most recent rotated file uncompressed.

logrotate config for local7-custom.log

Lab Task: Add postrotate journal entry

Script Reference: RH134 Chapter 3

vi /etc/logrotate.d/disk_usage

/var/log/disk_usage.log {

daily

rotate 30

nocompress

postrotate

logger "Finished rotating disk usage logs"

endscript

}

Explanation:

nocompress disables compression.

postrotate runs command after rotation.

logger writes entry into journal.

logrotate config for disk_usage.log

EXAMPLE - LOGGING, RSYSLOG, CRONTAB, JOURNALCTL

Koristeći naredbu “logger”, podesite stanje da se u datoteku /var/log/custom-log.log svakih 10 minuta upisuje tekst “Probni ispit MI1”.

Podesite konfiguraciju rsyslog servisa kako bi se sve info poruke zapisivale u datoteku /var/log/info-log.log

Ispišite sve log zapise iz Journala koji su nastali od danas u 17:00 pa sve do 5 minuta prije trenutnog vremena

Riješit ćemo zadatak na način kako se radi u RH134 (Analyze and Store Logs + Schedule Future Tasks) koristeći komande iz skripti:

logger, crontab, rsyslog, journalctl.

Podijelit ćemo rješenje po točkama.

Zadatak kaže:

svakih 10 minuta u /var/log/custom-log.log upisati tekst

“Probni ispit MI1”

Otvoriti cron za root:

crontab -e

Dodati liniju:

*/10 * * * * logger -f /var/log/custom-log.log "Probni ispit MI1"

Cron format:

*/10 * * * *

│

svakih 10 minuta

logger:

logger "tekst"

šalje poruku u syslog sustav.

Opcija:

-f

šalje sadržaj datoteke.

Ako želimo direktno zapisati tekst, često se koristi:

*/10 * * * * logger "Probni ispit MI1"

a zatim rsyslog usmjerava u log datoteku.

Nakon 10 minuta:

cat /var/log/custom-log.log

Ovo je konfiguracija rsyslog.

Preporučeni način (kao u skriptama):

vi /etc/rsyslog.d/info.conf

Dodati:

*.info /var/log/info-log.log

Format rsyslog pravila:

facility.priority log_file

*.info

znači:

sve aplikacije

prioritet info ili viši

systemctl restart rsyslog

Pošalji info poruku:

logger -p user.info "Test INFO log"

Provjera:

cat /var/log/info-log.log

Koristi se journalctl.

journalctl --since "today 17:00" --until "5 minutes ago"

journalctl --since "2026-02-05 17:00" --until "5 minutes ago"

journalctl --since "today 17:00" --until "5 minutes ago"

crontab -e

*/10 * * * * logger "Probni ispit MI1"

vi /etc/rsyslog.d/info.conf

*.info /var/log/info-log.log

systemctl restart rsyslog

journalctl --since "today 17:00" --until "5 minutes ago"

Lab Task: Show configured IP addresses

Script Reference: RH124 Chapter 11

ip addr

Explanation:

ip addr displays network interfaces and IP addresses.

ip addr output

Lab Task: Test network connection

Script Reference: RH124 Chapter 11

ping SERVERB

Explanation:

ping verifies network connectivity.

ping SERVERB successful output

Lab Task: Display routing table

Script Reference: RH124 Chapter 11

ip route

Explanation:

default via = default gateway.

network/mask = directly connected network.

dev = interface used.

ip route output

Lab Task: Show route packets take

Script Reference: RH124 Chapter 11

traceroute SERVERB

Explanation:

traceroute shows each hop packet travels through.

traceroute SERVERB output

Lab Task: Display TCP ports with services

Script Reference: RH124 Chapter 11

ss -tuln

Explanation:

ss -tuln lists TCP/UDP listening ports.

ss -tuln output

Lab Task: Verify SSH service port

Script Reference: RH124 Chapter 11

ss -tuln | grep 22

Explanation:

SSH default port is 22. grep filters for it.

ss -tuln | grep 22 output

Lab Task: Configure static IP via nmcli

Script Reference: RH124 Chapter 11

nmcli con add type ethernet con-name homework-network ifname <interface> ip4 10.10.10.250/24 gw4 10.10.10.254

nmcli con mod homework-network ipv4.dns 10.10.10.253

nmcli con mod homework-network ipv4.method manual

nmcli con up homework-network

Explanation:

nmcli adds new static connection.
ipv4.method manual sets static configuration.
Connection activates immediately.

nmcli con show homework-network

reboot

Explanation:

After reboot, verify connection persists.

ip addr and nmcli con show after reboot

EXAMPLE IP ADDRESS

Ispišite sve IP adrese na servera koje ostali serveri mogu koristiti kako bi kontaktirali servera.

Ispišite default rutu na serverb.

Na serverb podesite hostname na vrijednost “primjer-ispita”

Napravite sve što je potrebno kako bi workstation mašina mogla kontaktirati serverb koristeći hostname podešen u prethodnom zadatku

Napravite sve što je potrebno kako servera svoje sistemsko vrijeme NE BI sinkronizirao sa NTP poslužiteljem ž

Riješit ćemo zadatke koristeći komande iz RH124 i RH134 skripti (Chapter 11 – Manage Networking, plus systemd-timesyncd / chrony dio za vrijeme).

Podijelit ćemo po točkama.

Najčešće korištena komanda u RH skriptama:

ip addr

ili kraća verzija:

ip a

Ako želiš samo IP adrese:

ip -4 addr

ili:

hostname -I

Primjer outputa:

192.168.1.10 10.10.10.5

Komanda:

ip route

ili samo:

ip r

Output primjer:

default via 192.168.1.1 dev enp0s3

To znači:

gateway = 192.168.1.1

interface = enp0s3

Možeš i filtrirati:

ip route | grep default

Komanda:

hostnamectl set-hostname primjer-ispita

Provjera:

hostnamectl

ili

hostname

Treba napraviti DNS ili hosts konfiguraciju.

Najjednostavnije rješenje (često očekivano na ispitu):

Otvoriti:

vi /etc/hosts

Dodati liniju:

IP_SERVERB primjer-ispita

npr:

192.168.1.20 primjer-ispita

Provjera:

ping primjer-ispita

Na RHEL/CentOS koristi se chrony.

systemctl status chronyd

timedatectl set-ntp false

timedatectl status

treba pisati:

NTP service: inactive

ip addr

ip route

hostnamectl set-hostname primjer-ispita

vi /etc/hosts

IP_SERVERB primjer-ispita

timedatectl set-ntp false

Za IP adrese profesori često vole ovu komandu:

ip -br a

jer daje čisti pregled IP-eva:

lo UNKNOWN 127.0.0.1

enp0s3 UP 192.168.1.10

Ako želiš, mogu ti napraviti i mali RHCSA networking cheat-sheet (10 komandi) koji pokriva skoro sve zadatke iz networking dijela ispita.

Source: Lab 04 – DHCP and DNS

Based on recommended dnsmasq and BIND documentation from lab script

Lab Task: Stop firewalld and allow editing /etc/resolv.conf

Reference / Recommended Material: Lab instructions page 4

systemctl stop firewalld

chattr -i /etc/resolv.conf

Explanation:

firewalld is stopped because DNS (53) and DHCP (67) ports would otherwise be blocked.

chattr -i removes immutable attribute from resolv.conf.

systemctl status firewalld and lsattr /etc/resolv.conf

Lab Task: Edit /etc/dnsmasq.conf

Reference / Recommended Material: dnsmasq official documentation (recommended links page 8)

dnf install dnsmasq

vi /etc/dnsmasq.conf

Explanation:

Add or modify the following lines in dnsmasq.conf:

interface=<interface>

dhcp-range=10.10.10.100,10.10.10.150,24h

dhcp-option=3,10.10.10.1

dhcp-option=6,10.10.10.254

dhcp-option=15,dnsmasq.local

24h = 1 day lease time.

systemctl enable --now dnsmasq

Explanation:

Enable and start dnsmasq service.

systemctl status dnsmasq

Lab Task: Use /etc/dnsmasq.conf, /etc/hosts, /etc/resolv.conf

Reference / Recommended Material: dnsmasq documentation

dnf install dnsmasq

vi /etc/dnsmasq.conf

Explanation:

Add:

domain=mikro.local

local=/mikro.local/

expand-hosts

vi /etc/hosts

Explanation:

Add entries such as:

10.10.10.2 servera.mikro.local

10.10.10.3 serverb.mikro.local

10.10.10.4 serverc.mikro.local

10.10.10.10 email.mikro.local

systemctl restart dnsmasq

Explanation:

On WORKSTATION edit /etc/resolv.conf and set:

nameserver <SERVERA_IP>

nslookup servera.mikro.local from WORKSTATION

Lab Task: Edit /etc/named.conf and zone file

Reference / Recommended Material: Red Hat BIND documentation (recommended links page 8)

dnf install bind bind-utils

vi /etc/named.conf

Explanation:

Add zone definition inside named.conf:

zone "rhcsa.local" IN {

type master;

file "db.rhcsa.local";

};

mkdir -p /etc/named/zones/master

vi /etc/named/zones/master/db.rhcsa.local

Explanation:

Example zone file content:

$TTL 1D

@ IN SOA serverb.rhcsa.local. root.rhcsa.local. (

2024060501 1D 1H 1W 3H )

IN NS serverb.rhcsa.local.

servera IN A 10.10.20.10

serverb IN A 10.10.20.20

serverc IN A 10.10.20.30

email IN A 10.10.20.40

systemctl enable --now named

Explanation:

Enable and start BIND service.

nslookup servera.rhcsa.local from WORKSTATION

This section supersedes the earlier dnsmasq configuration instructions.

Best practice: use /etc/dnsmasq.d/ directory instead of modifying main config file.

Lab Task: Use separate configuration file inside /etc/dnsmasq.d/

Reference / Best Practice: dnsmasq documentation – conf-dir directive

vi /etc/dnsmasq.d/dhcp-10.10.10.0.conf

Explanation:

RHEL loads additional configuration files from /etc/dnsmasq.d/.

This is cleaner and preferred over editing /etc/dnsmasq.conf directly.

ip addr  # identify correct interface name

Explanation:

Replace <interface> with actual interface name (e.g., ens224).

interface=ens224 means dnsmasq will listen only on that interface.

interface=ens224
bind-interfaces
dhcp-range=10.10.10.100,10.10.10.150,24h
dhcp-option=3,10.10.10.1
dhcp-option=6,10.10.10.254
dhcp-option=15,dnsmasq.local

Explanation:

bind-interfaces prevents dnsmasq from binding dynamically to other interfaces.

24h = 1 day lease time.

dhcp-option=3 sets default gateway.

dhcp-option=6 sets DNS server.

dhcp-option=15 sets domain name.

systemctl restart dnsmasq

systemctl status dnsmasq

cat /etc/dnsmasq.d/dhcp-10.10.10.0.conf
systemctl status dnsmasq

EXAMPLE – DNS, EMAIL

Na serverb podesite DNS servis koji će posluživati ispit.probni domenu. Za domenu kreirajte www i web zapise tipa A. Oba zapisa trebaju pokazivati na servera.

Napravite sve što je potrebno kako bi workstation mašina pitala serverb za sve upite vezane uz ispit.probni domenu

Napravite sve izmjene na razini DNS poslužitelja kako bi pripremili domenu na prosljeđivanje email – a.

Riješit ćemo zadatak na način kako ste radili u vašim labovima (dnsmasq), jer ste već koristili dnsmasq za DNS/DHCP u prethodnim vježbama. To je i najjednostavnije rješenje za ispit.

Podijelit ću rješenje po točkama.

DNS server će biti dnsmasq.

Na serverb:

dnf install dnsmasq

Kao što smo već koristili u labovima, konfiguraciju stavljamo u:

/etc/dnsmasq.d/

Napraviti datoteku:

vi /etc/dnsmasq.d/ispit.conf

Dodati:

domain=ispit.probni

local=/ispit.probni/

address=/www.ispit.probni/IP_SERVERA

address=/web.ispit.probni/IP_SERVERA

Primjer:

domain=ispit.probni

local=/ispit.probni/

address=/www.ispit.probni/192.168.1.10

address=/web.ispit.probni/192.168.1.10

systemctl enable --now dnsmasq

Na serverb:

dig www.ispit.probni

ili

host www.ispit.probni

Treba podesiti DNS resolver.

Na workstation:

vi /etc/resolv.conf

Dodati:

nameserver IP_SERVERB

search ispit.probni

Primjer:

nameserver 192.168.1.20

search ispit.probni

ping www.ispit.probni

ili

dig web.ispit.probni

Za email treba dodati MX zapis.

Otvoriti opet:

vi /etc/dnsmasq.d/ispit.conf

Dodati:

mx-host=ispit.probni,mail.ispit.probni,10

address=/mail.ispit.probni/IP_SERVERB

Primjer:

mx-host=ispit.probni,mail.ispit.probni,10

address=/mail.ispit.probni/192.168.1.20

systemctl restart dnsmasq

dig MX ispit.probni

treba pokazati:

mail.ispit.probni

domain=ispit.probni

local=/ispit.probni/

address=/www.ispit.probni/192.168.1.10

address=/web.ispit.probni/192.168.1.10

mx-host=ispit.probni,mail.ispit.probni,10

address=/mail.ispit.probni/192.168.1.20

MX zapis:

ispit.probni → mail.ispit.probni

Ako DNS ne radi, prvo provjeri:

systemctl status dnsmasq

ss -tulpn | grep :53

i

cat /etc/resolv.conf

Source: Lab 05 – Email

Based on recommended dnsmasq and Postfix documentation from lab script

Lab Task: Stop firewalld and allow editing /etc/resolv.conf

Reference / Recommended Material: Lab instructions page 4

systemctl stop firewalld

chattr -i /etc/resolv.conf

Explanation:

Firewall disabled because SMTP uses TCP port 25.

chattr -i removes immutable attribute from resolv.conf.

systemctl status firewalld and lsattr /etc/resolv.conf

Lab Task: Use separate file inside /etc/dnsmasq.d/

Reference / Recommended Material: dnsmasq documentation + mx-host option (lab page 5)

dnf install dnsmasq

vi /etc/dnsmasq.d/mikro-local.conf

Explanation:

Use separate configuration file instead of editing main file.

Example configuration:

domain=mikro.local
local=/mikro.local/
expand-hosts
mx-host=mikro.local,mail.mikro.local,10

Explanation:

mx-host defines mail exchanger record.

Format: mx-host=<domain>,<mail-host>,<priority>.

Priority 10 is common default.

vi /etc/hosts

Explanation:

Add A records:

172.25.250.10 servera.mikro.local

172.25.250.11 serverb.mikro.local

172.25.250.11 mail.mikro.local

systemctl restart dnsmasq

nslookup mail.mikro.local

nslookup -type=mx mikro.local

Lab Task: Edit /etc/postfix/main.cf

Reference / Recommended Material: Red Hat Postfix documentation (lab page 8)

dnf install postfix

systemctl enable --now postfix

vi /etc/postfix/main.cf

Explanation:

Modify or verify the following parameters:

myhostname = mail.mikro.local
mydomain = mikro.local
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8, 172.25.250.0/24
mail_spool_directory = /var/spool/mail

Explanation:

myhostname = mail server FQDN.

mydomain = domain handled by postfix.

mydestination defines local delivery domains.

mynetworks defines trusted networks.

mail_spool_directory defines mailbox location.

systemctl restart postfix

systemctl status postfix

Lab Task: Test local email delivery

Reference / Recommended Material: Postfix + telnet documentation

useradd admin

passwd admin

telnet mail.mikro.local 25
MAIL FROM: student@workstation.mikro.local
RCPT TO: admin@mikro.local
DATA
This is a test email.
.
QUIT

Explanation:

SMTP conversation via telnet.

Dot (.) ends DATA section.

journalctl -u postfix -n 20

cat /var/spool/mail/admin

Explanation:

Mailbox file contains delivered message.

cat /var/spool/mail/admin showing received email

This section supersedes previous Lab 05 notes.

Lab Task: Disable firewalld and allow editing /etc/resolv.conf

Reference: Lab 05 – Page 4

systemctl stop firewalld

chattr -i /etc/resolv.conf

Explanation:

Firewall disabled (SMTP uses TCP 25). Remove immutable flag from resolv.conf.

systemctl status firewalld
lsattr /etc/resolv.conf

Lab Task: Use /etc/dnsmasq.conf only (as specified in lab)

Reference: Lab 05 – Page 5

dnf install dnsmasq

vi /etc/dnsmasq.conf

Explanation:

Add the following lines to /etc/dnsmasq.conf:

domain=mikro.local
local=/mikro.local/
address=/servera.mikro.local/172.25.250.10
address=/serverb.mikro.local/172.25.250.11
address=/mail.mikro.local/172.25.250.11
mx-host=mikro.local,mail.mikro.local,10

Explanation:

address= creates A records directly in dnsmasq.

mx-host defines Mail Exchanger record.

Format: mx-host=<domain>,<mail-host>,<priority>.

systemctl restart dnsmasq

systemctl status dnsmasq

cat /etc/dnsmasq.conf
systemctl status dnsmasq

Lab Task: Edit /etc/resolv.conf

Reference: Lab 05 – Page 5

vi /etc/resolv.conf

nameserver 172.25.250.11

Explanation:

Point workstation DNS to SERVERB IP address.

cat /etc/resolv.conf
nslookup mail.mikro.local
nslookup -type=mx mikro.local

Lab Task: Edit /etc/postfix/main.cf only

Reference: Lab 05 – Page 6

dnf install postfix

systemctl enable --now postfix

vi /etc/postfix/main.cf

Explanation:

Modify the following parameters:

myhostname = mail.mikro.local
mydomain = mikro.local
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8, 172.25.250.0/24
mail_spool_directory = /var/spool/mail

Explanation:

myhostname = FQDN of mail server.

mydestination defines domains handled locally.

mynetworks defines trusted networks.

systemctl restart postfix

systemctl status postfix

Lab Task: Send mail from WORKSTATION to SERVERB

Reference: Lab 05 – Page 6

useradd admin

passwd admin

telnet mail.mikro.local 25
MAIL FROM: student@workstation.mikro.local
RCPT TO: admin@mikro.local
DATA
Test email from workstation.
.
QUIT

Explanation:

Dot (.) ends DATA section in SMTP conversation.

journalctl -u postfix -n 20

cat /var/spool/mail/admin

Explanation:

Verify email delivered to mailbox file.

cat /var/spool/mail/admin

Lab requires /etc/dnsmasq.conf, but we implement using included configuration directory for cleaner practice.

Functionality remains EXACTLY the same as required by Lab 05.

Lab Task: Serve mikro.local zone exactly as required by Lab 05

Implementation Adjustment: /etc/dnsmasq.d/ instead of editing main file

dnf install dnsmasq

vi /etc/dnsmasq.d/mikro-local.conf

Explanation:

Add the following configuration inside the new file:

domain=mikro.local
local=/mikro.local/
address=/servera.mikro.local/172.25.250.10
address=/serverb.mikro.local/172.25.250.11
address=/mail.mikro.local/172.25.250.11
mx-host=mikro.local,mail.mikro.local,10

Explanation:

This configuration is identical to the lab requirement.

dnsmasq automatically loads files from /etc/dnsmasq.d/ because of the conf-dir directive in main config.

No modification of /etc/dnsmasq.conf is required.

systemctl restart dnsmasq

systemctl status dnsmasq

cat /etc/dnsmasq.d/mikro-local.conf
systemctl status dnsmasq

Source: Lab 07 – LVM and Stratis

Based on RH134 Chapter 8 – Manage Storage Stack.

Lab Task: Create LVM partitions on two block devices

Script Reference: RH134 Chapter 8 – Disk partitioning

lsblk

fdisk /dev/vdb

Explanation:

Create partition with type 8e (Linux LVM). Repeat for /dev/vdc.

fdisk /dev/vdc

lsblk showing partitions on vdb and vdc

Lab Task: Initialize partitions as PVs

Script Reference: RH134 Chapter 8 – pvcreate

pvcreate /dev/vdb1 /dev/vdc1

pvs

pvs showing PVs

Lab Task: Combine PVs into VG

Script Reference: RH134 Chapter 8 – vgcreate

vgcreate lab05-vg /dev/vdb1 /dev/vdc1

vgs

vgs output

Lab Task: 3GB LV named lab05-volume spanning two PVs

Script Reference: RH134 Chapter 8 – lvcreate

lvcreate -n lab05-volume -L 3G lab05-vg

lvs

lvs output

Lab Task: Sector size 512B

Script Reference: RH134 Chapter 8 – mkfs.xfs

mkfs.xfs -s size=512 /dev/lab05-vg/lab05-volume

mkfs.xfs output

Lab Task: Mount to /lab-05/lvm

Script Reference: RH134 Chapter 8 – mounting

mkdir -p /lab-05/lvm

mount /dev/lab05-vg/lab05-volume /lab-05/lvm

df -h

df -h showing mount

Lab Task: Add to /etc/fstab

Script Reference: RH134 Chapter 8 – persistent mounts

blkid /dev/lab05-vg/lab05-volume

vi /etc/fstab

UUID=<uuid> /lab-05/lvm xfs defaults 0 0

mount -a

mount -a no errors

Lab Task: Install packages and enable service

Script Reference: RH134 Chapter 8 – Stratis

dnf install stratisd stratis-cli

systemctl enable --now stratisd

systemctl status stratisd

Lab Task: Pool lab05pool with two devices

Script Reference: RH134 Chapter 8 – stratis pool create

stratis pool create lab05pool /dev/vdb /dev/vdc

stratis pool list

stratis pool list

Lab Task: fs1 and fs2 size 1GB

Script Reference: RH134 Chapter 8 – stratis filesystem create

stratis filesystem create lab05pool fs1 1G

stratis filesystem create lab05pool fs2 1G

stratis filesystem list

filesystem list

Lab Task: Mount fs1 and fs2

Script Reference: RH134 Chapter 8 – mounting

mkdir -p /lab-05/stratis/fs1

mkdir -p /lab-05/stratis/fs2

mount /dev/stratis/lab05pool/fs1 /lab-05/stratis/fs1

mount /dev/stratis/lab05pool/fs2 /lab-05/stratis/fs2

df -h showing stratis mounts

Lab Task: testing_snapshots.txt

Script Reference: Lab instruction

echo 'snapshot testing' > /lab-05/stratis/fs1/testing_snapshots.txt

echo 'snapshot testing' > /lab-05/stratis/fs2/testing_snapshots.txt

ls fs1

Lab Task: Snapshot fs1

Script Reference: RH134 Chapter 8 – snapshots

stratis filesystem snapshot lab05pool fs1 fs1-snapshot

filesystem list showing snapshot

Lab Task: Simulate data loss

Script Reference: Lab instruction

rm /lab-05/stratis/fs1/testing_snapshots.txt

ls fs1 showing missing file

Lab Task: Mount snapshot to recovery path

Script Reference: RH134 Chapter 8

mkdir -p /lab-05/stratis/fs1-recovery

mount /dev/stratis/lab05pool/fs1-snapshot /lab-05/stratis/fs1-recovery

ls recovery directory

Lab Task: Recover using rsync

Script Reference: Lab instruction

rsync /lab-05/stratis/fs1-recovery/testing_snapshots.txt /lab-05/stratis/fs1/

ls fs1 showing recovered file

EXAMPLE – PV, LV, STRADIS

Na SERVERA, kreirajte 2 PV – a

Na SERVERA, dodajte prethodno kreirane PV – ove u VG nazvan ishod7VG

Iz VG – a ishod7VG, kreirajte 1 LV velicine 1GB sa velicinom bloka od 1024B. LV nazovite lv-1. Montirajte ga na /ishod-7/lv-1.

Iz VG – a ishod7VG, kreirajte 1 LV velicine 2 GB sa velicinom bloka od 512B. LV nazovite lv-2. Montirajte ga na /ishod-7/lv-2

Podesite dijeljenje direktorija /ishod-7/lv-1 koristeci NFS protokol. Svi trebaju imati prava citanja iz ovog direktorija.

Podesite dijeljenje direktorija /ishod-7/lv-2 koristeci NFS protokol. Svi trebaju imati prava citanja i pisanja iz ovog direktorija.

Na SERVERB, kreirajte stratis pool nazvan ishod7pool koji sadrzi 3 fizicka block uredaja

Na SERVERB, kreirajte iz ishod7pool – a 2 filesystema, imena stratis-1 i stratis-2. Montirajte ih na /ishod-7/stratis-1 i /ishod-7/stratis-2

Na SERVERB, montirajte NFS dijeljenje direktorije sa SERVERA i testirajte prava pristupa.

Riješit ćemo zadatak točno kako se radi u RH134 (Manage Storage Stack + NFS).

Koristit ćemo standardne komande iz skripti:

pvcreate

vgcreate

lvcreate

mkfs

mount

fstab

exportfs

stratis

Podijelit ćemo rješenje po točkama.

Pretpostavimo da su diskovi:

/dev/sdb

/dev/sdc

Kreiranje PV:

pvcreate /dev/sdb

pvcreate /dev/sdc

Provjera:

pvs

vgcreate ishod7VG /dev/sdb /dev/sdc

Provjera:

vgs

lvcreate -L 1G -n lv-1 ishod7VG

mkfs.ext4 -b 1024 /dev/ishod7VG/lv-1

mkdir -p /ishod-7/lv-1

mount /dev/ishod7VG/lv-1 /ishod-7/lv-1

vi /etc/fstab

dodati:

/dev/ishod7VG/lv-1 /ishod-7/lv-1 ext4 defaults 0 0

Test:

mount -a

df -h

lvcreate -L 2G -n lv-2 ishod7VG

mkfs.ext4 -b 512 /dev/ishod7VG/lv-2

mkdir -p /ishod-7/lv-2

mount /dev/ishod7VG/lv-2 /ishod-7/lv-2

/dev/ishod7VG/lv-2 /ishod-7/lv-2 ext4 defaults 0 0

Test:

mount -a

df -h

dnf install nfs-utils

systemctl enable --now nfs-server

vi /etc/exports

dodati:

/ishod-7/lv-1 *(ro)

exportfs -rav

Provjera:

exportfs -v

U /etc/exports dodati:

/ishod-7/lv-2 *(rw)

Primijeniti:

exportfs -rav

Pretpostavimo diskove:

/dev/sdb

/dev/sdc

/dev/sdd

dnf install stratisd stratis-cli

systemctl enable --now stratisd

stratis pool create ishod7pool /dev/sdb /dev/sdc /dev/sdd

Provjera:

stratis pool list

stratis filesystem create ishod7pool stratis-1

stratis filesystem create ishod7pool stratis-2

mkdir -p /ishod-7/stratis-1

mkdir -p /ishod-7/stratis-2

mount /dev/stratis/ishod7pool/stratis-1 /ishod-7/stratis-1

mount /dev/stratis/ishod7pool/stratis-2 /ishod-7/stratis-2

dodati:

/dev/stratis/ishod7pool/stratis-1 /ishod-7/stratis-1 xfs defaults 0 0

/dev/stratis/ishod7pool/stratis-2 /ishod-7/stratis-2 xfs defaults 0 0

Test:

mount -a

touch /mnt/lv-1/test.txt

Treba dati:

Permission denied

touch /mnt/lv-2/test.txt

Treba uspjeti.

PV → /dev/sdb /dev/sdc

VG → ishod7VG

LV → lv-1 (1GB)

LV → lv-2 (2GB)

NFS:

/ishod-7/lv-1 (ro)

/ishod-7/lv-2 (rw)

Stratis:

pool → ishod7pool

FS → stratis-1

FS → stratis-2

Student napravi:

vi /etc/exports

doda:

/ishod-7/lv-1 *(ro)

/ishod-7/lv-2 *(rw)

i odmah pokuša mount.

Ali NFS server još ne zna za promjenu.

Uvijek pokrenuti:

exportfs -rav

objašnjenje:

exportfs -v

primjer:

/ishod-7/lv-1 *(ro)

/ishod-7/lv-2 *(rw)

Ako to nije vidljivo, mount neće raditi.

Student napravi sve kako treba, ali mount daje:

mount.nfs: access denied by server

ili

connection timed out

razlog:

NFS portovi nisu otvoreni.

Na SERVERA:

firewall-cmd --add-service=nfs --permanent

firewall-cmd --reload

provjera:

firewall-cmd --list-services

mora sadržavati:

nfs

Student napravi LV ali zaboravi filesystem.

Primjer pogrešnog postupka:

lvcreate -L 1G -n lv-1 ishod7VG

mount /dev/ishod7VG/lv-1 /ishod-7/lv-1

dobije:

wrong fs type

uvijek:

mkfs.ext4 /dev/ishod7VG/lv-1

tek onda:

mount /dev/ishod7VG/lv-1 /ishod-7/lv-1

Student zaboravi pokrenuti daemon.

Ako napravi:

stratis pool create ishod7pool /dev/sdb

dobije:

stratisd is not running

systemctl enable --now stratisd

Ako nešto ne radi:

pvs

vgs

lvs

mount

df -h

exportfs -v

showmount -e servera

firewall-cmd --list-services

stratis pool list

stratis filesystem list

Ako mount ne radi, odmah probaj:

showmount -e servera

Ako vidiš:

/ishod-7/lv-1 *

/ishod-7/lv-2 *

NFS radi.

Ako ništa ne vidiš, problem je:

/etc/exports

exportfs

firewall

Source: Lab 08 – NFS

Based on RH134 Chapter 9 – Access Network-Attached Storage.

Lab Task: Prepare server to share directories

Script Reference: RH134 Chapter 9 – NFS server setup

dnf install nfs-utils

systemctl enable --now nfs-server

Explanation:

nfs-utils provides the NFS server and client tools.

systemctl status nfs-server

Lab Task: Directories that will be shared via NFS

Script Reference: RH134 Chapter 9

mkdir -p /data/nfs/share1

mkdir -p /data/nfs/share2

mkdir -p /data/nfs/share3

mkdir -p /data/nfs/share4

Explanation:

These directories will be exported to NFS clients.

ls -l /data/nfs

Lab Task: Define sharing rules in /etc/exports

Script Reference: RH134 Chapter 9 – exports configuration

vi /etc/exports

/data/nfs/share1 172.25.250.0/24(rw,sync)
/data/nfs/share2 SERVERB_IP(rw,sync)
/data/nfs/share3 WORKSTATION_IP(rw,sync)
/data/nfs/share4 *(ro,sync)

Explanation:

share1: available to entire subnet.

share2: only SERVERB.

share3: only WORKSTATION.

share4: read-only for everyone.

exportfs -rav

exportfs -v showing exports

Lab Task: Required to mount NFS shares

Script Reference: RH134 Chapter 9 – NFS client

dnf install nfs-utils

Lab Task: Directories where NFS shares will be mounted

Script Reference: RH134 Chapter 9

mkdir -p /mnt/share1

mkdir -p /mnt/share2

mkdir -p /mnt/share4

ls -l /mnt

Lab Task: Add NFS mounts to /etc/fstab

Script Reference: RH134 Chapter 9 – persistent NFS mounts

vi /etc/fstab

SERVERA_IP:/data/nfs/share1 /mnt/share1 nfs defaults 0 0
SERVERA_IP:/data/nfs/share2 /mnt/share2 nfs defaults 0 0
SERVERA_IP:/data/nfs/share4 /mnt/share4 nfs defaults 0 0

mount -a

df -h showing mounted NFS shares

Lab Task: Create test files on share1 and share2

Script Reference: Lab instruction

touch /mnt/share1/test.txt

touch /mnt/share2/test.txt

ls /mnt/share1 /mnt/share2

Lab Task: Attempt writing to share4 (should fail)

Script Reference: Lab instruction

touch /mnt/share4/test.txt

Explanation:

Command should fail because share4 is read-only.

error message from touch command

Lab Task: Automatic mounting of NFS shares

Script Reference: RH134 Chapter 9 – automount

dnf install autofs

systemctl enable --now autofs

systemctl status autofs

Lab Task: Base path for automounted shares

Script Reference: RH134 Chapter 9

mkdir -p /shared-files

Lab Task: Edit /etc/auto.master

Script Reference: RH134 Chapter 9

vi /etc/auto.master

/shared-files /etc/auto.nfs

Lab Task: Define NFS automount entries

Script Reference: RH134 Chapter 9

vi /etc/auto.nfs

share1 SERVERA_IP:/data/nfs/share1
share3 SERVERA_IP:/data/nfs/share3
share4 SERVERA_IP:/data/nfs/share4

systemctl restart autofs

Explanation:

Directories will mount automatically when accessed.

systemctl status autofs

Lab Task: Access directories to trigger automount

Script Reference: Lab instruction

ls /shared-files/share1

ls /shared-files/share3

ls /shared-files/share4

mount | grep nfs showing automounted shares

Source: Lab 09 – Databases

Based strictly on lab instructions and recommended links.

Lab Task: Stop firewalld because firewall configuration is not part of this lab

Source / Reference: Lab 09 introduction

systemctl stop firewalld

Explanation:

MySQL uses TCP port 3306 and PostgreSQL uses TCP port 5432, but firewall configuration is intentionally skipped in this lab.

systemctl status firewalld

Lab Task: Install MySQL-compatible database server (MariaDB in RHEL)

Source / Reference: Lab instructions + recommended material

dnf install mariadb-server

systemctl enable --now mariadb

Explanation:

RHEL uses MariaDB as a drop-in replacement for MySQL. The mariadb service provides the MySQL-compatible server.

systemctl status mariadb

Lab Task: Database required by the lab

Source / Reference: Lab task description

mysql

CREATE DATABASE db1;
USE db1;

Explanation:

Enter the MariaDB interactive shell and create database db1.

Lab Task: Table must contain id, fname, lname and grade

Source / Reference: Lab specification

CREATE TABLE students (
 id INT,
 fname VARCHAR(50),
 lname VARCHAR(50),
 grade INT
);

Explanation:

Create the table structure exactly as specified in the lab.

Lab Task: Create 3 arbitrary entries

Source / Reference: Lab instruction

INSERT INTO students VALUES (1,'Ana','Horvat',5);
INSERT INTO students VALUES (2,'Marko','Ivic',4);
INSERT INTO students VALUES (3,'Petra','Kovac',5);

SELECT * FROM students;

SELECT * FROM students output

Lab Task: Create SQL dump with date in filename

Source / Reference: Lab task requirement

mysqldump db1 > db1-students-backup-$(date +%F).sql

Explanation:

mysqldump creates a logical backup of the database. $(date +%F) inserts the current date automatically (YYYY-MM-DD).

ls showing backup file

EXAMPLE – MYSQL

Na SERVERA, podesite MySQL server koji ce se pokretati prilikom svakog boota operacijskog sustava.

Na SERVERA, kreirajte MySQL bazu imena „ishod8DB“.

Na SERVERA, korisniku ishod8User dodajte sva prava na bazi ishod8DB

Na SERVERA, korisniku ishod8DrugiUser dodajte sva prava na tablici ishod8Table unutar baze ishod8DB

Riješit ćemo zadatak točno kako se radi u RH labovima koristeći MariaDB (MySQL kompatibilan), jer je to standardni MySQL server na RHEL/CentOS.

Podijelit ćemo po koracima.

Na SERVERA:

dnf install mariadb-server

systemctl enable --now mariadb

Provjera:

systemctl status mariadb

Ući u MySQL:

mysql

Napraviti bazu:

CREATE DATABASE ishod8DB;

Provjera:

SHOW DATABASES;

Treba se pojaviti:

ishod8DB

CREATE USER 'ishod8User'@'localhost' IDENTIFIED BY 'password';

GRANT ALL PRIVILEGES ON ishod8DB.* TO 'ishod8User'@'localhost';

FLUSH PRIVILEGES;

Provjera:

SHOW GRANTS FOR 'ishod8User'@'localhost';

Prvo treba postojati tablica.

USE ishod8DB;

CREATE TABLE ishod8Table (

id INT PRIMARY KEY,

tekst VARCHAR(50)

);

CREATE USER 'ishod8DrugiUser'@'localhost' IDENTIFIED BY 'password';

GRANT ALL PRIVILEGES ON ishod8DB.ishod8Table

TO 'ishod8DrugiUser'@'localhost';

FLUSH PRIVILEGES;

SHOW GRANTS FOR 'ishod8DrugiUser'@'localhost';

ishod8DB

dnf install mariadb-server

systemctl enable --now mariadb

mysql

CREATE DATABASE ishod8DB;

CREATE USER 'ishod8User'@'localhost' IDENTIFIED BY 'password';

GRANT ALL PRIVILEGES ON ishod8DB.* TO 'ishod8User'@'localhost';

CREATE USER 'ishod8DrugiUser'@'localhost' IDENTIFIED BY 'password';

USE ishod8DB;

CREATE TABLE ishod8Table (id INT);

GRANT ALL PRIVILEGES ON ishod8DB.ishod8Table

TO 'ishod8DrugiUser'@'localhost';

FLUSH PRIVILEGES;

Lab Task: phpMyAdmin requires a web server

Source / Reference: Recommended materials in lab document

dnf install httpd php php-mysqlnd php-json php-mbstring

systemctl enable --now httpd

dnf install phpMyAdmin

Explanation:

phpMyAdmin is a web interface for managing MySQL/MariaDB databases.

Lab Task: phpmyadmin.rhcsa.local/phpmyadmin

Source / Reference: Lab task requirement

mkdir -p /etc/httpd/conf.d

vi /etc/httpd/conf.d/phpmyadmin.conf

<VirtualHost *:80>
 ServerName phpmyadmin.rhcsa.local
 DocumentRoot /usr/share/phpMyAdmin
</VirtualHost>

systemctl restart httpd

systemctl status httpd

Explanation:

After configuration, phpMyAdmin should be reachable from the workstation browser using http://phpmyadmin.rhcsa.local/phpmyadmin

Lab Task: Install database server

Source / Reference: Recommended documentation

dnf install postgresql-server

postgresql-setup --initdb

systemctl enable --now postgresql

Explanation:

postgresql-setup initializes the database directory before first start.

systemctl status postgresql

Lab Task: Required by lab

Source / Reference: Lab instructions

sudo -i -u postgres

createdb db2
psql db2

Lab Task: Columns: id, name, postcode

Source / Reference: Lab specification

CREATE TABLE cities (
 id INT,
 name VARCHAR(50),
 postcode VARCHAR(20)
);

Lab Task: Create 3 rows

Source / Reference: Lab requirement

INSERT INTO cities VALUES (1,'Zagreb','10000');
INSERT INTO cities VALUES (2,'Split','21000');
INSERT INTO cities VALUES (3,'Rijeka','51000');

SELECT * FROM cities;

SELECT * FROM cities output

Lab Task: Create SQL dump file

Source / Reference: Lab instruction

pg_dump db2 > db2-cities-backup-$(date +%F).sql

Explanation:

pg_dump exports PostgreSQL database structure and data into SQL file.

ls showing db2 backup file

To access phpMyAdmin using the required URL http://phpmyadmin.rhcsa.local/phpmyadmin, the hostname must resolve correctly. In the lab environment this is typically done using the /etc/hosts file.

Configure static hostname resolution on SERVERA, SERVERB and WORKSTATION if DNS records are not already provided.

vi /etc/hosts

SERVERA_IP   servera.rhcsa.local servera
SERVERB_IP   serverb.rhcsa.local serverb
SERVERA_IP   phpmyadmin.rhcsa.local

Replace SERVERA_IP and SERVERB_IP with the correct addresses used in your lab environment. This allows the browser on WORKSTATION to resolve phpmyadmin.rhcsa.local.

cat /etc/hosts

ping phpmyadmin.rhcsa.local

If the hostname resolves correctly, it should return the IP address of SERVERA.

ping phpmyadmin.rhcsa.local

This section is an add-on to Lab 09. Use it only if your phpMyAdmin URL returns an error (e.g., 403 Forbidden or 404 Not Found).

Cause: Apache is serving the DocumentRoot, but access is blocked by Apache 2.4 authorization rules (Require directives).

vi /etc/httpd/conf.d/phpmyadmin.conf

Use this safe configuration (keeps the lab URL /phpmyadmin working):

<VirtualHost *:80>
 ServerName phpmyadmin.rhcsa.local

 Alias /phpmyadmin /usr/share/phpMyAdmin

 <Directory /usr/share/phpMyAdmin>
     Require all granted
 </Directory>
</VirtualHost>

Explanation:

- Alias ensures the URL /phpmyadmin maps to /usr/share/phpMyAdmin

- <Directory> + Require all granted explicitly allows access

systemctl restart httpd

apachectl configtest (must say: Syntax OK)
curl -I http://phpmyadmin.rhcsa.local/phpmyadmin

Cause: The VirtualHost exists but /phpmyadmin is not mapped (missing Alias), or DocumentRoot does not contain /phpmyadmin path.

grep -n "Alias /phpmyadmin" -n /etc/httpd/conf.d/phpmyadmin.conf

If missing, add:

Alias /phpmyadmin /usr/share/phpMyAdmin

systemctl status httpd

journalctl -u httpd -n 50

If you still get errors, check Apache logs for the exact reason.

systemctl status httpd
journalctl -u httpd -n 20

EXAMPLE – APACHE (FIREWALLD DISABLED)

Na servera instalirajte apache web poslužitelj i podesite pokretanje apache servisa pri svakom pokretanju servera.

22. Na serverb instalirajte nginx web poslužitelj i podesite pokretanje nginx servisa pri svakom pokretanju servera.

Mikrokvalifikacija – program stručnog usavršavanja Sveučilište Algebra

3/3

Na servera podesite 2 odvojena virtualna hosta. Jedan koji će posluživati web stranicu dostupnu preko imena “web.apache.local”, drugu koja će biti dostupna preko imena “www.apache.local”. Otvaranjem svake od web stranica treba se prikazati sadržaj koji odgovara imenu web stranice. (Primjerice, otvaranjem “web.apache.local” web stranice prikazuje se tekst “web.apache.local”)

Na serverb podesite 2 odvojena server bloka. Jedan koji će posluživati web stranicu dostupnu preko imena “web.nginx.local”, drugu koja će biti dostupna preko imena “www.nginx.local”. Otvaranjem svake od web stranica treba se prikazati sadržaj koji odgovara imenu web stranice. (Primjerice, otvaranjem “web.nginx.local” web stranice prikazuje se tekst “web.nginx.local”).

Sa workstation mašine dokažite funkcionalnosti za sve web stranice konfigurirane u prethodnim zadacima.

Riješit ćemo zadatak u RHCSA / lab stilu (dnf, systemctl, httpd, nginx).

Podijelit ću po točkama 21–25.

Na servera:

dnf install httpd

systemctl enable --now httpd

Provjera:

systemctl status httpd

Na serverb:

dnf install nginx

systemctl enable --now nginx

Provjera:

systemctl status nginx

Treba napraviti:

web.apache.local

www.apache.local

mkdir -p /var/www/web.apache.local

mkdir -p /var/www/www.apache.local

echo "web.apache.local" > /var/www/web.apache.local/index.html

echo "www.apache.local" > /var/www/www.apache.local/index.html

chown -R apache:apache /var/www/web.apache.local

chown -R apache:apache /var/www/www.apache.local

Napraviti datoteku:

vi /etc/httpd/conf.d/apache-vhosts.conf

<VirtualHost *:80>

ServerName web.apache.local

DocumentRoot /var/www/web.apache.local

<Directory /var/www/web.apache.local>

Require all granted

</Directory>

</VirtualHost>

<VirtualHost *:80>

ServerName www.apache.local

DocumentRoot /var/www/www.apache.local

<Directory /var/www/www.apache.local>

Require all granted

</Directory>

</VirtualHost>

systemctl restart httpd

Provjera konfiguracije:

apachectl configtest

Treba napraviti:

web.nginx.local

www.nginx.local

mkdir -p /usr/share/nginx/web.nginx.local

mkdir -p /usr/share/nginx/www.nginx.local

echo "web.nginx.local" > /usr/share/nginx/web.nginx.local/index.html

echo "www.nginx.local" > /usr/share/nginx/www.nginx.local/index.html

Napraviti:

vi /etc/nginx/conf.d/nginx-vhosts.conf

server {

listen 80;

server_name web.nginx.local;

root /usr/share/nginx/web.nginx.local;

}

server {

listen 80;

server_name www.nginx.local;

root /usr/share/nginx/www.nginx.local;

}

systemctl restart nginx

Provjera:

nginx -t

Workstation mora znati hostname.

Otvoriti:

vi /etc/hosts

Dodati:

IP_SERVERA web.apache.local www.apache.local

IP_SERVERB web.nginx.local www.nginx.local

Primjer:

192.168.1.10 web.apache.local www.apache.local

192.168.1.20 web.nginx.local www.nginx.local

Sa workstation:

curl web.apache.local

curl www.apache.local

curl web.nginx.local

curl www.nginx.local

Treba dobiti:

web.apache.local

www.apache.local

web.nginx.local

www.nginx.local

curl web.apache.local

curl www.apache.local

curl web.nginx.local

curl www.nginx.local

svaka prikazuje svoje ime.

ako ne radi web:

firewall-cmd --add-service=http --permanent

firewall-cmd --reload

Source: Lab 10 – DBs and Applications. Configuration based strictly on lab instructions and referenced materials.

systemctl stop firewalld

setenforce 0

Firewall disabled and SELinux set to Permissive mode as required by the lab.

systemctl status firewalld
getenforce

dnf install mariadb-server

systemctl enable --now mariadb

mysql

CREATE DATABASE wordpress;
CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'wordpress';
GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost';
FLUSH PRIVILEGES;

Create Wordpress database and user with full permissions.

mysql -e "SHOW DATABASES;"

dnf install mariadb-server

systemctl enable --now mariadb

mysqladmin -u root password 'password'

Set MySQL root password to 'password' as required.

mysql -u root -p

dnf install httpd php php-mysqlnd php-curl php-dom php-exif php-fileinfo php-hash php-igbinary php-imagick php-intl php-mbstring php-openssl php-pcre php-xml php-zip php-mysqli

systemctl enable --now httpd

cd /var/www/html

wget https://wordpress.org/latest.tar.gz

tar -xzf latest.tar.gz

mv wordpress/* .

chown -R apache:apache /var/www/html

Download Wordpress into Apache web root and set correct permissions.

ls /var/www/html

vi /etc/hosts

SERVERA_IP wordpress.rhcsa.local

Allows access to Wordpress using hostname wordpress.rhcsa.local.

ping wordpress.rhcsa.local

dnf install httpd php php-mysqlnd php-intl php-gd php-xml mariadb-server

cd /var/www/html

wget https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0.tar.gz

tar -xzf mediawiki-1.39.0.tar.gz

mv mediawiki-1.39.0 mediawiki

chown -R apache:apache /var/www/html/mediawiki

Install MediaWiki under Apache web root.

ls /var/www/html/mediawiki

git clone https://github.com/azjishlay/todo-app.git

Clone Todo application referenced in lab.

ls todo-app

mysqldump wordpress > wordpress-database-$(date +%F).sql

tar -czf wordpress-app-$(date +%F).tar.gz /var/www/html

tar -czf wordpress-backup.tar.gz wordpress-database-$(date +%F).sql wordpress-app-$(date +%F).tar.gz

Create database backup, application backup, then combine them into a final archive.

ls *.tar.gz

Source: Lab 11 – SELinux and Firewall. Configuration based on RH124 Chapter 8 and RH134 Chapters 1,5,6,11 plus referenced materials.

systemctl enable --now firewalld

setenforce 1

Enable firewalld and switch SELinux to Enforcing mode as required by the lab.

systemctl status firewalld
getenforce

dnf install httpd

systemctl enable --now httpd

echo 'IT WORKS!!!' > /var/www/html/index.html

Install Apache and create simple test page.

curl http://servera

firewall-cmd --permanent --add-service=http

firewall-cmd --permanent --add-service=ssh

firewall-cmd --permanent --remove-service=dhcpv6-client

firewall-cmd --reload

Configure firewall so only HTTP and SSH traffic is allowed.

firewall-cmd --list-all

firewall-cmd --set-log-denied=all

Enable logging of denied packets.

firewall-cmd --get-log-denied

curl http://servera:8080

journalctl -xe | grep -i firewalld

Access blocked port 8080 to confirm firewall denial and logging.

journalctl -xe | grep firewalld

firewall-cmd --runtime-to-permanent

Ensure firewall configuration persists across reboots.

mkdir -p /app/website

echo 'NOT EVEN SELINUX CAN STOP ME!!!' > /app/website/index.html

chown -R apache:apache /app/website

Create new website content directory.

ls /app/website

semanage fcontext -a -t httpd_sys_content_t '/app/website(/.*)?'

restorecon -Rv /app/website

Allow Apache to read the custom directory using correct SELinux context.

ls -Z /app/website

vi /etc/httpd/conf.d/website.conf

<VirtualHost *:80>
DocumentRoot /app/website
</VirtualHost>

systemctl restart httpd

Configure Apache to serve the custom website directory.

curl http://servera

mkdir -p /app/selinux

echo 'SELinux works!' > /app/selinux/index.html

chown -R apache:apache /app/selinux

semanage fcontext -a -t httpd_sys_content_t '/app/selinux(/.*)?'

restorecon -Rv /app/selinux

Create second site to demonstrate SELinux context configuration.

ls -Z /app/selinux

vi /etc/httpd/conf.d/selinux.conf

<VirtualHost *:95>
ServerName selinux.mylab.local
DocumentRoot /app/selinux
</VirtualHost>

semanage port -a -t http_port_t -p tcp 95

firewall-cmd --permanent --add-port=95/tcp

firewall-cmd --reload

systemctl restart httpd

Allow Apache to bind to port 95 and open firewall for the port.

ss -tulpn | grep 95

When configuring Apache VirtualHost files that serve content from directories outside the default /var/www directory (for example /app/website or /app/selinux), Apache may deny access unless explicit permission is granted. This often causes the error: 403 Forbidden.

<VirtualHost *:80>
    ServerName example.local
    DocumentRoot /app/website

    <Directory /app/website>
        Require all granted
    </Directory>
</VirtualHost>

The <Directory> block explicitly allows Apache to serve files from the specified directory. Using this structure prevents common access issues during labs and exams.

For a website to work correctly in RHEL environments, three layers must allow access:

1. Apache configuration (<Directory> Require all granted)

2. SELinux context (httpd_sys_content_t using semanage + restorecon)

3. Firewall rules (firewall-cmd allowing the port/service)

apachectl configtest

systemctl restart httpd

ls -Z /path/to/webroot

journalctl -xe | grep httpd

These commands help quickly identify whether Apache configuration, SELinux policy, or firewall rules are blocking access to the website.

EXAMPLE – SELINUX

Na SERVERB, postavite SELinux u Enforcing mode. Za vrijeme rjesavanja zadataka iz ovog ishoda potrebno je dokazati da je SELinux bio u Enforcing modeu.

15. Na SERVERB, podesite da se web stranica posluzuje koristeci Apache web server iz direktorija /webapp na portu 85.

16. Napravite sve sto je potrebno kako bi web server radio sa ukljucenim firewall – om.

17. Procesu web servera podesite prioritet na 12.

18. Podesite maksimalan broj datoteka koje korisnik „student“ moze otvoriti na 10000.

19. Podesite zadanu vrijednost prioriteta za sve procese pokrenute kao korisnik „student“ na 3.

Riješit ćemo zadatak po redoslijedu 14–19, koristeći komande koje se nalaze u RH124/RH134 skriptama (SELinux, firewall, process management, limits).

Provjera trenutnog stanja:

getenforce

Ako nije Enforcing, postavi:

setenforce 1

Za trajno postavljanje:

vi /etc/selinux/config

promijeniti:

SELINUX=enforcing

Provjera:

getenforce

Treba pisati:

Enforcing

dnf install httpd

mkdir /webapp

echo "WEBAPP SERVERB" > /webapp/index.html

chown -R apache:apache /webapp

Apache smije čitati samo određene direktorije.

semanage fcontext -a -t httpd_sys_content_t "/webapp(/.*)?"

restorecon -Rv /webapp

Provjera:

ls -Z /webapp

Napraviti konfiguraciju:

vi /etc/httpd/conf.d/webapp.conf

sadržaj:

Listen 85

<VirtualHost *:85>

DocumentRoot /webapp

<Directory /webapp>

Require all granted

</Directory>

</VirtualHost>

systemctl enable --now httpd

Provjera:

apachectl configtest

Otvoriti port 85:

firewall-cmd --add-port=85/tcp --permanent

firewall-cmd --reload

Provjera:

firewall-cmd --list-ports

Apache po defaultu koristi port 80/443.

Dodati port:

semanage port -a -t http_port_t -p tcp 85

Provjera:

semanage port -l | grep http

curl localhost:85

Pronaći PID:

pgrep httpd

Postaviti prioritet:

renice -n 12 -p PID

Primjer:

renice -n 12 -p 1234

Provjera:

ps -o pid,ni,pri,cmd -p 1234

Koristi se limits.conf

Otvoriti:

vi /etc/security/limits.conf

Dodati:

student hard nofile 10000

student soft nofile 10000

Provjera:

su - student

ulimit -n

Treba pokazati:

10000

Također u limits.conf

Dodati:

student hard priority 3

student soft priority 3

Provjera:

ulimit -e

getenforce

→ Enforcing

/webapp

port 85

firewall-cmd --list-ports

→ 85/tcp

renice -n 12

student soft nofile 10000

student hard nofile 10000

student soft priority 3

student hard priority 3

Source: Lab 12 – Process management and Regular expressions. Based on RH124 Chapter 8 and RH134 Chapters 1,5,6,11 and referenced materials.

dnf install httpd

systemctl enable --now httpd

echo 'IT WORKS!!!' > /var/www/html/index.html

Install Apache and configure simple test webpage.

curl http://servera

ps -ef | grep httpd

Check process state and identify parent process and worker processes.

ps -ef | grep httpd

renice -n -12 -p $(pgrep httpd | head -1)

Lower nice value increases priority. PR 8 approximately corresponds to nice -12.

ps -o pid,ni,pri,cmd -p $(pgrep httpd | head -1)

vi ~/.bashrc

ulimit -e 10

Set default scheduling priority for processes started by student user.

ulimit -a

ps -u root --sort=comm

List processes run by root in alphabetical order.

ps -u root -o comm

Show only process names.

ps -u root -o args

Show process names with parameters.

ps -u root -o args | tr '%' ' '

Replace % characters with whitespace.

ps -u root -o args

Confirm command output matches expected format.

ps -eo pid,comm,%cpu --sort=-%cpu | head

Find process using most CPU cycles.

ps -eo pid,comm,%mem --sort=-%mem | head -2

Find process with 2nd highest memory usage.

ps -eo pid,comm,etime --sort=etime | head

Find process running the longest.

ps -eo pid,comm,%cpu --sort=-%cpu | head

grep fish /usr/share/dict/words

grep -B2 -A1 cat /usr/share/dict/words

grep -c cat /usr/share/dict/words

grep -n cat /usr/share/dict/words

grep -E 't[aeiou].*sh$' /usr/share/dict/words

grep -E '^(abominable|abominate|anomie|atomize)$' /usr/share/dict/words

grep -Ec 't[aeiou].*sh$' /usr/share/dict/words

grep -E '^.{14}$' /usr/share/dict/words

grep -E '^bl[aeiou].*' /usr/share/dict/words

grep -E '[0-9]{2}' /usr/share/dict/words

grep -E '(^.e.*|^[0-9])' /usr/share/dict/words

grep -E '(Bank|Banking|Flunking|Walking)' /usr/share/dict/words

These commands demonstrate regex pattern matching required in the lab.

grep fish /usr/share/dict/words

find / -type f -name '*password' 2>/dev/null

find / -type f -name 'password*' 2>/dev/null

find / -type f -name 'password' 2>/dev/null

grep -r password / 2>/dev/null

Search filesystem for files with 'password' pattern or containing the word password.

find / -type f -name '*password'

Detailed explanations for regex commands used in Lab 12 with /usr/share/dict/words.

grep fish /usr/share/dict/words

Searches for any line containing the substring 'fish'. Example matches: fish, fishing, catfish.

grep -B2 -A1 cat /usr/share/dict/words

-B2 shows two lines BEFORE the match and -A1 shows one line AFTER the match. Useful for viewing surrounding context.

grep -c cat /usr/share/dict/words

Counts how many lines in the file contain the word 'cat'.

grep -n cat /usr/share/dict/words

Displays matching lines and their line numbers. Useful to determine which line contains words like 'catalog'.

grep -E 't[aeiou].*sh$' /usr/share/dict/words

Matches words where 't' is followed by a vowel, then any characters, and ending with 'sh'.

grep -E '^(abominable|abominate|anomie|atomize)$' /usr/share/dict/words

Matches exactly one of the listed words. '^' indicates start of line and '$' indicates end of line.

grep -Ec 't[aeiou].*sh$' /usr/share/dict/words

Counts the number of words matching the pattern 't + vowel + anything + sh'.

grep -E '^.{14}$' /usr/share/dict/words

'.' means any character and '{14}' means exactly 14 occurrences. '^' and '$' ensure the entire word is exactly 14 characters.

grep -E '^bl[aeiou].*' /usr/share/dict/words

Matches words that start with 'bl', then a vowel, and any characters after that.

grep -E '[0-9]{2}' /usr/share/dict/words

Matches any word containing exactly two consecutive digits.

grep -E '(^.e.*|^[0-9])' /usr/share/dict/words

The '|' operator means OR. The command matches words where the second letter is 'e' OR words that start with a number.

grep -E '(Bank|Banking|Flunking|Walking)' /usr/share/dict/words

Matches any of the listed words using the OR operator inside parentheses.